Last Updated on March 10, 2022 by Admin 3

SSCP : System Security Certified Practitioner (SSCP) : Part 39

  1. Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level?

    • The Bell-LaPadula model
    • The information flow model
    • The noninterference model
    • The Clark-Wilson model

    Explanation:

    The goal of a noninterference model is to strictly separate differing security levels to assure that higher-level actions do not determine what lower-level users can see. This is in contrast to other security models that control information flows between differing levels of users, By maintaining strict separation of security levels, a noninterference model minimizes leakages that might happen through a covert channel.

    The model ensures that any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level.
    It is not concerned with the flow of data, but rather with what a subject knows about the state of the system. So if an entity at a higher security level performs an action, it can not change the state for the entity at the lower level.
    The model also addresses the inference attack that occurs when some one has access to some type of information and can infer(guess) something that he does not have the clearance level or authority to know.

    The following are incorrect answers:

    The Bell-LaPadula model is incorrect. The Bell-LaPadula model is concerned only with confidentiality and bases access control decisions on the classfication of objects and the clearences of subjects.

    The information flow model is incorrect. The information flow models have a similar framework to the Bell-LaPadula model and control how information may flow between objects based on security classes. Information will be allowed to flow only in accordance with the security policy.

    The Clark-Wilson model is incorrect. The Clark-Wilson model is concerned with change control and assuring that all modifications to objects preserve integrity by means of well-formed transactions and usage of an access triple (subjet – interface – object).

    References:

    CBK, pp 325 – 326
    AIO3, pp. 290 – 291
    AIOv4 Security Architecture and Design (page 345)
    AIOv5 Security Architecture and Design (pages 347 – 348)
    https://en.wikibooks.org/wiki/Security_Architecture_and_Design/Security_Models#Noninterference_Models

  2. What is the main focus of the Bell-LaPadula security model?

    • Accountability
    • Integrity
    • Confidentiality
    • Availability
    Explanation:

    The Bell-LaPadula model is a formal model dealing with confidentiality.

    The Bell–LaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g.”Top Secret”), down to the least sensitive (e.g., “Unclassified” or “Public”).

    The Bell–LaPadula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model which describes rules for the protection of data integrity. In this formal model, the entities in an information system are divided into subjects and objects.

    The notion of a “secure state” is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby inductively proving that the system satisfies the security objectives of the model. The Bell–LaPadula model is built on the concept of a state machine with a set of allowable states in a computer network system. The transition from one state to another state is defined by transition functions.

    A system state is defined to be “secure” if the only permitted access modes of subjects to objects are in accordance with a security policy. To determine whether a specific access mode is allowed, the clearance of a subject is compared to the classification of the object (more precisely, to the combination of classification and set of compartments, making up the security level) to determine if the subject is authorized for the specific access mode.

    The clearance/classification scheme is expressed in terms of a lattice. The model defines two mandatory access control (MAC) rules and one discretionary access control (DAC) rule with three security properties:

    The Simple Security Property – a subject at a given security level may not read an object at a higher security level (no read-up).

    The -property (read “star”-property) – a subject at a given security level must not write to any object at a lower security level (no write-down). The -property is also known as the Confinement property.
    The Discretionary Security Property – use of an access matrix to specify the discretionary access control.

    The following are incorrect answers:

    Accountability is incorrect. Accountability requires that actions be traceable to the user that performed them and is not addressed by the Bell-LaPadula model.

    Integrity is incorrect. Integrity is addressed in the Biba model rather than Bell-Lapadula.
    Availability is incorrect. Availability is concerned with assuring that data/services are available to authorized users as specified in service level objectives and is not addressed by the Bell-Lapadula model.

    References:

    CBK, pp. 325-326
    AIO3, pp. 279 – 284
    AIOv4 Security Architecture and Design (pages 333 – 336)
    AIOv5 Security Architecture and Design (pages 336 – 338)

    Wikipedia at https://en.wikipedia.org/wiki/Bell-La_Padula_model

  3. Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of the strong star property?

    • It allows “read up.”
    • It addresses covert channels.
    • It addresses management of access controls.
    • It allows “write up.”
    Explanation:

    Bell–LaPadula Confidentiality Model10 The Bell–LaPadula model is perhaps the most well-known and significant security model, in addition to being one of the oldest models used in the creation of modern secure computing systems. Like the Trusted Computer System Evaluation Criteria (or TCSEC), it was inspired by early U.S. Department of Defense security policies and the need to prove that confidentiality could be maintained. In other words, its primary goal is to prevent disclosure as the model system moves from one state (one point in time) to another.

    When the strong star property is not being used it means that both the property and the Simple Security Property rules would be applied.

    The Star (*) property rule of the Bell-LaPadula model says that subjects cannot write down, this would compromise the confidentiality of the information if someone at the secret layer would write the object down to a confidential container for example.

    The Simple Security Property rule states that the subject cannot read up which means that a subject at the secret layer would not be able to access objects at Top Secret for example.

    You must remember: The model tells you about are NOT allowed to do. Anything else would be allowed. For example within the Bell LaPadula model you would be allowed to write up as it does not compromise the security of the information. In fact it would upgrade it to the point that you could lock yourself out of your own information if you have only a secret security clearance.

    The following are incorrect answers because they are all FALSE:

    “It allows read up” is incorrect. The “simple security” property forbids read up.
    “It addresses covert channels” is incorrect. Covert channels are not addressed by the Bell-LaPadula model.
    “It addresses management of access controls” is incorrect. Management of access controls are beyond the scope of the Bell-LaPadula model.

    Reference(s) used for this question:
    Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 17595-17600). Auerbach Publications. Kindle Edition.

  4. Which of the following access control models is based on sensitivity labels?

    • Discretionary access control
    • Mandatory access control
    • Rule-based access control
    • Role-based access control
    Explanation:

    Access decisions are made based on the clearance of the subject and the sensitivity label of the object.

    Example: Eve has a “Secret” security clearance and is able to access the “Mugwump Missile Design Profile” because its sensitivity label is “Secret.” She is denied access to the “Presidential Toilet Tissue Formula” because its sensitivity label is “Top Secret.”

    The other answers are not correct because:

    Discretionary Access Control is incorrect because in DAC access to data is determined by the data owner. For example, Joe owns the “Secret Chili Recipe” and grants read access to Charles.

    Role Based Access Control is incorrect because in RBAC access decsions are made based on the role held by the user. For example, Jane has the role “Auditor” and that role includes read permission on the “System Audit Log.”

    Rule Based Access Control is incorrect because it is a form of MAC. A good example would be a Firewall where rules are defined and apply to anyone connecting through the firewall.

    References:

    All in One third edition, page 164.
    Official ISC2 Guide page 187.

  5. Which access control model is also called Non Discretionary Access Control (NDAC)?

    • Lattice based access control
    • Mandatory access control
    • Role-based access control
    • Label-based access control
    Explanation:

    RBAC is sometimes also called non-discretionary access control (NDAC) (as Ferraiolo says “to distinguish it from the policy-based specifics of MAC”). Another model that fits within the NDAC category is Rule-Based Access Control (RuBAC or RBAC). Most of the CISSP books use the same acronym for both models but NIST tend to use a lowercase “u” in between R and B to differentiate the two models.

    You can certainly mimic MAC using RBAC but true MAC makes use of Labels which contains the sensitivity of the objects and the categories they belong to. No labels means MAC is not being used.

    One of the most fundamental data access control decisions an organization must make is the amount of control it will give system and data owners to specify the level of access users of that data will have. In every organization there is a balancing point between the access controls enforced by organization and system policy and the ability for information owners to determine who can have access based on specific business requirements. The process of translating that balance into a workable access control model can be defined by three general access frameworks:

    Discretionary access control
    Mandatory access control
    Nondiscretionary access control

    A role-based access control (RBAC) model bases the access control authorizations on the roles (or functions) that the user is assigned within an organization. The determination of what roles have access to a resource can be governed by the owner of the data, as with DACs, or applied based on policy, as with MACs.

    Access control decisions are based on job function, previously defined and governed by policy, and each role (job function) will have its own access capabilities. Objects associated with a role will inherit privileges assigned to that role. This is also true for groups of users, allowing administrators to simplify access control strategies by assigning users to groups and groups to roles.
    There are several approaches to RBAC. As with many system controls, there are variations on how they can be applied within a computer system.

    There are four basic RBAC architectures:

    1. Non-RBAC: Non-RBAC is simply a user-granted access to data or an application by traditional mapping, such as with ACLs. There are no formal “roles” associated with the mappings, other than any identified by the particular user.

    2. Limited RBAC: Limited RBAC is achieved when users are mapped to roles within a single application rather than through an organization-wide role structure. Users in a limited RBAC system are also able to access non-RBAC-based applications or data. For example, a user may be assigned to multiple roles within several applications and, in addition, have direct access to another application or system independent of his or her assigned role. The key attribute of limited RBAC is that the role for that user is defined within an application and not necessarily based on the user’s organizational job function.

    3. Hybrid RBAC: Hybrid RBAC introduces the use of a role that is applied to multiple applications or systems based on a user’s specific role within the organization. That role is then applied to applications or systems that subscribe to the organization’s role-based model. However, as the term “hybrid” suggests, there are instances where the subject may also be assigned to roles defined solely within specific applications, complimenting (or, perhaps, contradicting) the larger, more encompassing organizational role used by other systems.

    4. Full RBAC: Full RBAC systems are controlled by roles defined by the organization’s policy and access control infrastructure and then applied to applications and systems across the enterprise. The applications, systems, and associated data apply permissions based on that enterprise definition, and not one defined by a specific application or system.
    Be careful not to try to make MAC and DAC opposites of each other — they are two different access control strategies with RBAC being a third strategy that was defined later to address some of the limitations of MAC and DAC.

    The other answers are not correct because:

    Mandatory access control is incorrect because though it is by definition not discretionary, it is not called “non-discretionary access control.” MAC makes use of label to indicate the sensitivity of the object and it also makes use of categories to implement the need to know.

    Label-based access control is incorrect because this is not a name for a type of access control but simply a bogus detractor.
    Lattice based access control is not adequate either. A lattice is a series of levels and a subject will be granted an upper and lower bound within the series of levels. These levels could be sensitivity levels or they could be confidentiality levels or they could be integrity levels.

    Reference(s) used for this question:

    All in One, third edition, page 165.
    Ferraiolo, D., Kuhn, D. & Chandramouli, R. (2003). Role-Based Access Control, p. 18.

    Ferraiolo, D., Kuhn, D. (1992). Role-Based Access Controls. http://csrc.nist.gov/rbac/Role_Based_Access_Control-1992.html

    Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Access Control ((ISC)2 Press) (Kindle Locations 1557-1584). Auerbach Publications. Kindle Edition.
    Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Access Control ((ISC)2 Press) (Kindle Locations 1474-1477). Auerbach Publications. Kindle Edition.

  6. Which of the following is NOT part of the Kerberos authentication protocol?

    • Symmetric key cryptography
    • Authentication service (AS)
    • Principals
    • Public Key
    Explanation:

    There is no such component within kerberos environment. Kerberos uses only symmetric encryption and does not make use of any public key component.

    The other answers are incorrect because :

    Symmetric key cryptography is a part of Kerberos as the KDC holds all the users’ and services’ secret keys.
    Authentication service (AS) : KDC (Key Distribution Center) provides an authentication service

    Principals : Key Distribution Center provides services to principals , which can be users , applications or network services.
    References: Shon Harris , AIO v3 , Chapter – 4: Access Control , Pages : 152-155.

  7. Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity?

    • Discretionary Access Control
    • Mandatory Access Control
    • Sensitive Access Control
    • Role-based Access Control
    Explanation:

    Data owners decide who has access to resources based only on the identity of the person accessing the resource.

    The following answers are incorrect :

    Mandatory Access Control : users and data owners do not have as much freedom to determine who can access files. The operating system makes the final decision and can override the users’ wishes and access decisions are based on security labels.

    Sensitive Access Control : There is no such access control in the context of the above question.
    Role-based Access Control : uses a centrally administered set of controls to determine how subjects and objects interact , also called as non discretionary access control.

    In a mandatory access control (MAC) model, users and data owners do not have as much freedom to determine who can access files. The operating system makes the final decision and can override the users’ wishes. This model is much more structured and strict and is based on a security label system. Users are given a security clearance (secret, top secret, confidential, and so on), and data is classified in the same way. The clearance and classification data is stored in the security labels, which are bound to the specific subjects and objects. When the system makes a decision about fulfilling a request to access an object, it is based on the clearance of the subject, the classification of the object, and the security policy of the system. The rules for how subjects access objects are made by the security officer, configured by the administrator, enforced by the operating system, and supported by security technologies
    Reference : Shon Harris , AIO v3 , Chapter-4 : Access Control , Page : 163-165

  8. What is the difference between Access Control Lists (ACLs) and Capability Tables?

    • Access control lists are related/attached to a subject whereas capability tables are related/attached to an object.
    • Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.
    • Capability tables are used for objects whereas access control lists are used for users.
    • They are basically the same.
    Explanation:

    Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject. For example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user’s posession of a capability (or ticket) for the object. It is a row within the matrix.

    To put it another way, A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL.

    CLEMENT NOTE:

    If we wish to express this very simply:

    Capabilities are attached to a subject and it describe what access the subject has to each of the objects on the row that matches with the subject within the matrix. It is a row within the matrix.
    ACL’s are attached to objects, it describe who has access to the object and what type of access they have. It is a column within the matrix.

    The following are incorrect answers:

    “Access control lists are subject-based whereas capability tables are object-based” is incorrect.
    “Capability tables are used for objects whereas access control lists are used for users” is incorrect.

    “They are basically the same” is incorrect.
    References used for this question:

    CBK, pp. 191 – 192
    AIO3 p. 169

  9. What can be defined as a table of subjects and objects indicating what actions individual subjects can take upon individual objects?

    • A capacity table
    • An access control list
    • An access control matrix
    • A capability table
    Explanation:

    The matrix lists the users, groups and roles down the left side and the resources and functions across the top. The cells of the matrix can either indicate that access is allowed or indicate the type of access. CBK pp 317 – 318.

    AIO3, p. 169 describes it as a table if subjects and objects specifying the access rights a certain subject possesses pertaining to specific objects.
    In either case, the matrix is a way of analyzing the access control needed by a population of subjects to a population of objects. This access control can be applied using rules, ACL’s, capability tables, etc.

    “A capacity table” is incorrect.

    This answer is a trap for the unwary — it sounds a little like “capability table” but is just there to distract you.

    “An access control list” is incorrect.

    “It [ACL] specifies a list of users [subjects] who are allowed access to each object” CBK, p. 188 Access control lists (ACL) could be used to implement the rules identified by an access control matrix but is different from the matrix itself.

    “A capability table” is incorrect.

    “Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject. For example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user’s posession of a capability (or ticket) for the object.” CBK, pp. 191-192. To put it another way, as noted in AIO3 on p. 169, “A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL.”

    Again, a capability table could be used to implement the rules identified by an access control matrix but is different from the matrix itself.

    References:

    CBK pp. 191-192, 317-318
    AIO3, p. 169

  10. Which access model is most appropriate for companies with a high employee turnover?

    • Role-based access control
    • Mandatory access control
    • Lattice-based access control
    • Discretionary access control
    Explanation:

    The underlying problem for a company with a lot of turnover is assuring that new employees are assigned the correct access permissions and that those permissions are removed when they leave the company.

    Selecting the best answer requires one to think about the access control options in the context of a company with a lot of flux in the employee population. RBAC simplifies the task of assigning permissions because the permissions are assigned to roles which do not change based on who belongs to them. As employees join the company, it is simply a matter of assigning them to the appropriate roles and their permissions derive from their assigned role. They will implicitely inherit the permissions of the role or roles they have been assigned to. When they leave the company or change jobs, their role assignment is revoked/changed appropriately.

    Mandatory access control is incorrect. While controlling access based on the clearence level of employees and the sensitivity of obects is a better choice than some of the other incorrect answers, it is not the best choice when RBAC is an option and you are looking for the best solution for a high number of employees constantly leaving or joining the company.

    Lattice-based access control is incorrect. The lattice is really a mathematical concept that is used in formally modeling information flow (Bell-Lapadula, Biba, etc). In the context of the question, an abstract model of information flow is not an appropriate choice. CBK, pp. 324-325.

    Discretionary access control is incorrect. When an employee joins or leaves the company, the object owner must grant or revoke access for that employee on all the objects they own. Problems would also arise when the owner of an object leaves the company. The complexity of assuring that the permissions are added and removed correctly makes this the least desirable solution in this situation.

    References

    Alll in One, third edition page 165
    RBAC is discussed on pp. 189 through 191 of the ISC(2) guide.

  11. What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?

    • A capability table
    • An access control list
    • An access control matrix
    • A role-based matrix
    Explanation:

    “It [ACL] specifies a list of users [subjects] who are allowed access to each object” CBK, p. 188

    A capability table is incorrect. “Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject. For example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user’s posession of a capability (or ticket) for the object.” CBK, pp. 191-192. The distinction that makes this an incorrect choice is that access is based on posession of a capability by the subject.

    To put it another way, as noted in AIO3 on p. 169, “A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL.”

    An access control matrix is incorrect. The access control matrix is a way of describing the rules for an access control strategy. The matrix lists the users, groups and roles down the left side and the resources and functions across the top. The cells of the matrix can either indicate that access is allowed or indicate the type of access. CBK pp 317 – 318.

    AIO3, p. 169 describes it as a table if subjects and objects specifying the access rights a certain subject possesses pertaining to specific objects.

    In either case, the matrix is a way of analyzing the access control needed by a population of subjects to a population of objects. This access control can be applied using rules, ACL’s, capability tables, etc.

    A role-based matrix is incorrect. Again, a matrix of roles vs objects could be used as a tool for thinking about the access control to be applied to a set of objects. The results of the analysis could then be implemented using RBAC.

    References:

    CBK, Domain 2: Access Control.
    AIO3, Chapter 4: Access Control

  12. The Terminal Access Controller Access Control System (TACACS) employs which of the following?

    • a user ID and static password for network access
    • a user ID and dynamic password for network access
    • a user ID and symmetric password for network access
    • a user ID and asymmetric password for network access
    Explanation:
    For networked applications, the Terminal Access Controller Access Control System (TACACS) employs a user ID and a static password for network access.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44.
  13. Which type of password provides maximum security because a new password is required for each new log-on?

    • One-time or dynamic password
    • Congnitive password
    • Static password
    • Passphrase
    Explanation:
    “one-time password” provides maximum security because a new password is required for each new log-on.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.
  14. What is called a password that is the same for each log-on session?

    • “one-time password”
    • “two-time password”
    • static password
    • dynamic password
    Explanation:
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.
  15. What is called the verification that the user’s claimed identity is valid and is usually implemented through a user password at log-on time?

    • Authentication
    • Identification
    • Integrity
    • Confidentiality
    Explanation:
    Authentication is verification that the user’s claimed identity is valid and is usually implemented through a user password at log-on time.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.
  16. Which one of the following factors is NOT one on which Authentication is based?

    • Type 1. Something you know, such as a PIN or password
    • Type 2. Something you have, such as an ATM card or smart card
    • Type 3. Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan
    • Type 4. Something you are, such as a system administrator or security administrator
    Explanation:

    Authentication is based on the following three factor types:

    Type 1. Something you know, such as a PIN or password
    Type 2. Something you have, such as an ATM card or smart card
    Type 3. Something you are (Unique physical characteristic), such as a fingerprint or retina scan

    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.
    Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 132-133).

  17. In Synchronous dynamic password tokens:

    • The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).
    • The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).
    • The unique password is not entered into a system or workstation along with an owner’s PIN.
    • The authentication entity in a system or workstation knows an owner’s secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window.
    Explanation:

    Synchronous dynamic password tokens:

    – The token generates a new password value at fixed time intervals (this password could be the time of day encrypted with a secret key).
    – the unique password is entered into a system or workstation along with an owner’s PIN.
    – The authentication entity in a system or workstation knows an owner’s secret key and PIN, and the entity verifies that the entered password is valid and that it was entered during the valid time window.

    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37.

  18. Which of the following choices describe a Challenge-response tokens generation?

    • A workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIN.
    • A workstation or system that generates a random login id that the user enters when prompted along with the proper PIN.
    • A special hardware device that is used to generate ramdom text in a cryptography system.
    • The authentication mechanism in the workstation or system does not determine if the owner should be authenticated.
    Explanation:
    Challenge-response tokens are:
    – A workstation or system generates a random challenge string and the owner enters the string into the token along with the proper PIN.
    – The token generates a response that is then entered into the workstation or system.
    – The authentication mechanism in the workstation or system then determines if the owner should be authenticated.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37.
    Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 136-137).
  19. What is called a sequence of characters that is usually longer than the allotted number for a password?

    • passphrase
    • cognitive phrase
    • anticipated phrase
    • Real phrase
    Explanation:
    A passphrase is a sequence of characters that is usually longer than the allotted number for a password.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, page 37.
  20. Which of the following would be true about Static password tokens?

    • The owner identity is authenticated by the token
    • The owner will never be authenticated by the token.
    • The owner will authenticate himself to the system.
    • The token does not authenticates the token owner but the system.
    Explanation:

    Password Tokens
    Tokens are electronic devices or cards that supply a user’s password for them. A token system can be used to supply either a static or a dynamic password. There is a big difference between the static and dynamic systems, a static system will normally log a user in but a dynamic system the user will often have to log themselves in.

    Static Password Tokens:
    The owner identity is authenticated by the token. This is done by the person who issues the token to the owner (normally the employer). The owner of the token is now authenticated by “something you have”. The token authenticates the identity of the owner to the information system. An example of this occurring is when an employee swipes his or her smart card over an electronic lock to gain access to a store room.

    Synchronous Dynamic Password Tokens:
    This system is a lot more complex then the static token password. The synchronous dynamic password tokens generate new passwords at certain time intervals that are synched with the main system. The password is generated on a small device similar to a pager or a calculator that can often be attached to the user’s key ring. Each password is only valid for a certain time period, typing in the wrong password in the wrong time period will invalidate the authentication. The time factor can also be the systems downfall. If a clock on the system or the password token device becomes out of synch, a user can have troubles authenticating themselves to the system.

    Asynchronous Dynamic Password Tokens:
    The clock synching problem is eliminated with asynchronous dynamic password tokens. This system works on the same principal as the synchronous one but it does not have a time frame. A lot of big companies use this system especially for employee’s who may work from home on the companies VPN (Virtual private Network).

    Challenge Response Tokens:
    This is an interesting system. A user will be sent special “challenge” strings at either random or timed intervals. The user inputs this challenge string into their token device and the device will respond by generating a challenge response. The user then types this response into the system and if it is correct they are authenticated.

    Reference(s) used for this question:

    http://www.informit.com/guides/content.aspx?g=security&seqNum=146
    and
    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37.