A technician wants to implement a dual factor authentication system that will enable the
organization to authorize access to sensitive systems on a need-to-know basis. Which of the
following should be implemented during the authorization stage?
A.
Biometrics
B.
Mandatory access control
C.
Single sign-on
D.
Role-based access control
I must be way off base! But why would “Biometrics” be the answer to an authorization question? Isn’t “B” the right choice for the “need-to-know” authorization?
0
0
The key here is where it says, “Dual Factor” which refers to multiple points of authentication (I.E Username and password, with a token or biometrics).
Mandatory Access Control, also known as MAC is an access control policy.
You are definitely correct that MAC is the “need to know” but the words “Dual Factor” is what makes it biometrics in this case. This is actually a tough question and you made me think it was B too.
0
0
Thank you for your insight, Danny. I am thinking now, to accept “A” as the answer, I need to accept that authentication is part of the “authorization stage”. I don’t recall any documentation on these stages… perhaps this calls for more research on my part. If I find something, I will post it here.
V/R,
Kimo
0
0
I have to disagree and correct me if I’m wrong. I think the biometrics part of the question is designed to throw the tester off. It claims the admin wants to apply dual factor authentication, but it doesn’t give you two options of auth to choose from. What is the other factor of auth the user will be using?
Since the actual question part of the question is about authorization, not authentication and Authentication – involves verifying who the person says he/she is, through biometrics or a username/password, and Authorization – involves checking resources that the user is authorized to access or modify via defined roles or claims, we can conclude the answer will be about authorization, not authentication.
We don’t apply biometrics in the authorization stage, we apply biometrics in the authentication stage; we apply permissions in the authorization stage, as the question asks.
0
0