IT Security: Defense against the digital dark arts. Week3: AAA Security (Not Roadside Assistance | 27 Question and Answers (A+ guide solution)

How is authentication different from authorization? - authentication is verifying an identity, authorization is verifying access to a resource; Authentication is proving that an entity is who they claim to be, while authorization is determining whether or not that entity is permitted to access resources. What are some characteristics of a strong password? Check all that apply, - is at least eight characters long includes numbers and special characters; A strong password should contain a mix of character types and cases, and should be relatively long -- at least eight characters, but preferably more. In a multi-factor authentication scheme, a password can be thought of as: - something you know; Since a password is something you memorize, it's something you know when talking about multi-factor authentication schemes. What are some drawbacks to using biometrics for authentication? Check all that apply. - there are potential privacy concerns biometric authentication is difficult or impossible to change if compromised; If a biometric characteristic, like your fingerprints, is compromised, your option for changing your "password" is to use a different finger. This makes "password" changes limited. Other biometrics, like iris scans, can't be changed if compromised. If biometric authentication material isn't handled securely, then identifying information about the individual can leak or be stolen. In what way are U2F tokens more secure than OTP generators? - they're resistant to phishing attacks; With one-time-password generators, the one-time password along with the username and password can be stolen through phishing. On the flip side, U2F authentication is impossible to phish, given the public key cryptography design of the authentication protocol. What elements of a certificate are inspected when a certificate is verified? Check all that apply. - "not valid before" date