AID 413 Data Security

Tutorial 09
Mcq

1. What is the primary goal of user authentication?

a) Encrypting data
b) Granting access rights
c) Verifying identity
d) Improving hardware security
2. In the analogy, authentication is compared to a passport, and authorization
is compared to a...
a) Ticket
b) Visa
c) ID card
d) License
Explanation: Authentication ensures identity (like a passport), while
authorization grants access rights (like a visa).
3. Which protocol is the least secure for authentication?
a) Kerberos
b) PAP
c) CHAP
d) EAP
Explanation: PAP transmits credentials in plaintext, making it vulnerable to
eavesdropping and replay attacks.
4. What is the primary security improvement of CHAP over PAP?
a) Encrypted transmission
b) Use of certificates
c) Three-way handshake
d) Biometric verification
Explanation: CHAP uses a three-way handshake to ensure credentials are
not transmitted directly.
5. Which protocol uses a flexible framework to support multiple authentication
methods?
a) Kerberos
b) PAP
c) EAP
d) CHAP
Explanation: EAP (Extensible Authentication Protocol) can support passwords,
certificates, biometrics, etc.
6. In which type of authentication are passwords sent in plaintext over the network?
a) Kerberos
 b) CHAP
c) PAP
d) EAP
Explanation: PAP transmits credentials in plaintext, posing security risks.
7. Which type of user authentication is most secure?
a) Single-Factor Authentication
b) Two-Factor Authentication
c) Multi-Factor Authentication
d) Password-only Authentication
Explanation: MFA combines multiple independent factors, making it harder to
compromise.
8. Which attack involves reusing captured credentials to gain unauthorized access?
a) Man-in-the-Middle attack
b) Replay attack
c) Phishing attack
d) Dictionary attack
Explanation: Replay attacks involve reusing intercepted authentication data.
9. Which biometric method is categorized as “Something You Are”?
a) Passwords
b) Fingerprint recognition
c) Smart cards
d) Location tracking
Explanation: Biometrics like fingerprints represent "Something You Are."
10. What does Single Sign-On (SSO) provide?
a) Multi-factor authentication
b) Centralized password storage
c) One-time authentication for multiple services
d) Identity proofing
Explanation: SSO allows users to log in once and access multiple systems without re-
authenticating.
11. What does the term "digital identity" refer to?
a) A physical token used for authentication
b) An attribute or set of attributes describing a subject in a digital service
c) A password stored in an encrypted format
d) A one-time code generated for authentication
Explanation: The unique representation of a subject engaged in an online transaction

The representation consists of an attribute or set of attributes that uniquely describe a

subject within a given context of a digital service

12. Why is the use of timestamps in authentication exchanges beneficial?

 a) It encrypts user data
b) It prevents replay attacks
c) It eliminates the need for session keys
d) It provides multi-factor authentication
13. What is one characteristic of Single Sign-On (SSO)?
a) Increases password management complexity
b) Requires multiple authentications for each service
c) Simplifies access to multiple services with one authentication
d) Only works with biometric factors
Explanation: SSO reduces the need for repeated logins across services.

Essay Questions

1. Discuss the principles of user authentication and the key factors

involved.
The process of determining whether some user or some application or
process acting on behalf of a user is, in fact, who or what it declares itself to
be.
Factors:
• Something You Know: Passwords, PINs.
• Something You Have: Tokens, smart cards, or mobile phones.
• Something You Are: Biometrics like fingerprint, iris, or facial recognition.
• Somewhere You Are: Location-based authentication.
• Something You Do: Behavioral analysis, such as typing patterns or mouse
movements.
2. Explain the functioning and security improvements of CHAP over PAP.
CHAP uses a three-way handshake to authenticate without transmitting
passwords in plaintext, unlike PAP.
3. How does Kerberos handle authentication across untrusted networks?
Kerberos uses a centralized Key Distribution Center (KDC) to issue encrypted
tickets for mutual authentication without sharing plaintext credentials.
4. Analyze the risks of replay attacks and methods to counter them.
Replay attacks involve reusing captured authentication data. Techniques like
nonces, timestamps, and sequence numbers mitigate these attacks.
5. Mention different types of authentication.
Single-Factor Authentication (SFA): Relies on one method (e.g., password).
Two-Factor Authentication (2FA): Combines two methods (e.g., password and
OTP).
Multi-Factor Authentication (MFA): Uses two or more factors.

6. How do modern protocols like EAP enhance authentication flexibility?

EAP is a flexible authentication framework that supports multiple
authentication methods like passwords, certificates, smart cards, and
biometrics.