Which of the following is the MOST secure network access control procedure to adopt when using a
callback device?
A.
The user enters a userid and PIN, and the device calls back the telephone number that
corresponds to the userid.
B.
The user enters a userid, PIN, and telephone number, and the device calls back the telephone
number entered.
C.
The user enters the telephone number, and the device verifies that the number exists in its
database before calling back.
D.
The user enters the telephone number, and the device responds with a challenge.
Explanation:
Usually a request for a username and password takes place and the NAS may hang up the call in
order to call the user back at a predefined phone number. This is a security activity that is used to try
and ensure that only authenticated users are given access to the network and it reverse the long
distance charges back to the company…However, this security measure can be compromised if
someone implements call forwarding. – Shon Harris All-in-one CISSP Certification Guide pg 463