Domain 1
Access Control
1. For intrusion detection and prevention system capabilities, stateful protocol analysis uses which of the following?
Blacklists
Whitelists
Threshold
Program code viewing
a. 1 and 2
b. 1, 2, and 3
c. 3 only
d. 1, 2, 3, and 4
1. d. Stateful protocol analysis (also known as deep packet inspection) is the process of comparing predetermined profiles of generally accepted definitions of benign protocol activity for each protocol state against observed events to identify deviations. Stateful protocol analysis uses blacklists, whitelists, thresholds, and program code viewing to provide various security capabilities.
A blacklist is a list of discrete entities, such as hosts or applications that have been previously determined to be associated with malicious activity. A whitelist is a list of discrete entities, such as hosts or applications known to be benign. Thresholds set the limits between normal and abnormal behavior of the intrusion detection and prevention systems (IDPS). Program code viewing and editing features are established to see the detection-related programming code in the IDPS.
2. Electronic authentication begins with which of the following?
a. Token
b. Credential
c. Subscriber
d. Credential service provider
2. c. An applicant applies to a registration authority (RA) to become a subscriber of a credential service provider (CSP) and, as a subscriber, is issued or registers a secret, called a token, and a credential (public key certificate) that binds the token to a name and other attributes that the RA has verified. The token and credential may be used in subsequent authentication events.
3. In the electronic authentication process, who performs the identity proofing?
a. Subscriber
b. Registration authority
c. Applicant
d. Credential service provider
3. b. The RA performs the identity proofing after registering the applicant with the CSP. An applicant becomes a subscriber of the CSP.
4. In electronic authentication, which of the following provides the authenticated information to the relying party for making access control decisions?
a. Claimant/subscriber
b. Applicant/subscriber
c. Verifier/claimant
d. Verifier/credential service provider
4. d. The relying party can use the authenticated information provided by the verifier/CSP to make access control decisions or authorization decisions. The verifier verifies that the claimant is the subscriber/applicant through an authentication protocol. The verifier passes on an assertion about the identity of the subscriber to the relying party. The verifier and the CSP may or may not belong to the same identity.
5. In electronic authentication, an authenticated session is established between which of the following?
a. Claimant and the relying party
b. Applicant and the registration authority
c. Subscriber and the credential service provider
d. Certifying authority and the registration authority
5. a. An authenticated session is established between the claimant and the relying party. Sometimes the verifier is also the relying party. The other three choices are incorrect because the correct answer is based on facts.
6. Under which of the following electronic authentication circumstances does the verifier need to directly communicate with the CSP to complete the authentication activity?
a. Use of a digital certificate
b. A physical link between the verifier and the CSP
c. Distributed functions for the verifier, relying party, and the CSP
d. A logical link between the verifier and the CSP
6. b. The use of digital certificates represents a logical link between the verifier and the CSP rather than a physical link. In some implementations, the verifier, relying party, and the CSP functions may be distributed and separated. The verifier needs to directly communicate with the CSP only when there is a physical link between them. In other words, the verifier does not need to directly communicate with the CSP for the other three choices.
7. In electronic authentication, who maintains the registration records to allow recovery of registration records?
a. Credential service provider
b. Subscriber
c. Relying party
d. Registration authority
7. a. The CSP maintains registration records for each subscriber to allow recovery of registration records. Other responsibilities of the CSP include the following:
The CSP is responsible for establishing suitable policies for renewal and reissuance of tokens and credentials. During renewal, the usage or validity period of the token and credential is extended without changing the subscribers identity or token. During reissuance, a new credential is created for a subscriber with a new identity and/or a new token.
The CSP is responsible for maintaining the revocation status of credentials and destroying the credential at the end of its life. For example, public key certificates are revoked using certificate revocation lists (CRLs) after the certificates are distributed. The verifier and the CSP may or may not belong to the same entity.
The CSP is responsible for mitigating threats to tokens and credentials and managing their operations. Examples of threats include disclosure, tampering, unavailability, unauthorized renewal or reissuance, delayed revocation or destruction of credentials, and token use after decommissioning.
The other three choices are incorrect because the (i) subscriber is a party who has received a credential or token from a CSP, (ii) relying party is an entity that relies upon the subscribers credentials or verifiers assertion of an identity, and (iii) registration authority (RA) is a trusted entity that establishes and vouches for the identity of a subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).
8. Which of the following is used in the unique identification of employees and contractors?
a. Personal identity verification card token
b. Passwords
c. PKI certificates
d. Biometrics
8. a. It is suggested that a personal identity verification (PIV) card token is used in the unique identification of employees and contractors. The PIV is a physical artifact (e.g., identity card or smart card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, or digitized fingerprint).
The other three choices are used in user authenticator management, not in user identifier management. Examples of user authenticators include passwords, tokens, cryptographic keys, personal identification numbers (PINs), biometrics, public key infrastructure (PKI) certificates, and key cards. Examples of user identifiers include internal users, external users, contractors, guests, PIV cards, passwords, tokens, and biometrics.
9. In electronic authentication, which of the following produces an authenticator used in the authentication process?
a. Encrypted key and password
b. Token and cryptographic key
c. Public key and verifier
d. Private key and claimant
9. b. The token may be a piece of hardware that contains a cryptographic key that produces the authenticator used in the authentication process to authenticate the claimant. The key is protected by encrypting it with a password.
The other three choices cannot produce an authenticator. A public key is the public part of an asymmetric key pair typically used to verify signatures or encrypt data. A verifier is an entity that verifies a claimants identity. A private key is the secret part of an asymmetric key pair typically used to digitally sign or decrypt data. A claimant is a party whose identity is to be verified using an authentication protocol.