An analyst is documenting the user interaction process associated with the login prompts in an application structure, the user enters a username and a one-time
password, which was previously emailed to the user. Next, the user enters a PIN and is then allowed into the dashboard of the application to modify account details.
In this scenario, which of the following steps immediately precedes the authorization process?
A.
Accessing the account
B.
Entering the username
C.
Receiving the one-time password
D.
Submitting the PIN
The wording of the question is misleading – I knew the PIN was used for the authorization step. The question asks: what “immediately precedes the authorization process”? The answer is the authentication process – you must always authenticate before you are authorized for access on objects. So I thought the answer should be entering the username and one-time password – which is the authentication process. It might be clearer to reword the question and ask “Is the PIN used for the authentication or authorization process?”.
0
0
D is correct.
A is useless answer.
B is identification.
C is trick answer, that’s is for first authentication.
D is correct, that is second authentication with PIN and automatic give authorization for that account.
You don’t have authorization with first authentication(with one-time password)
0
0