




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This exam covers key concepts of MFA including authentication methods (SMS, biometrics, tokens), identity verification, access control, risk mitigation, and implementation best practices. Candidates gain the skills to secure digital systems and prevent unauthorized access.
Typology: Exams
1 / 120
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1: What is Multi-Factor Authentication (MFA)? A. A process that requires only a username for access B. A security system that requires more than one method of authentication from independent categories of credentials C. A single password-based authentication system D. A network monitoring tool Correct: B Explanation: Multi-Factor Authentication (MFA) requires users to provide multiple verification methods, combining something you know, something you have, or something you are, increasing security over single-factor methods. Question 2: Which of the following best describes a primary benefit of MFA? A. Reduces the need for passwords B. Makes systems more vulnerable to brute-force attacks C. Adds an extra layer of security by requiring multiple forms of authentication
D. Eliminates the need for user training Correct: C Explanation: MFA adds an extra layer of security by requiring the user to present two or more authentication factors, which significantly reduces the risk of unauthorized access. Question 3: Which of these is NOT considered a factor in Multi-Factor Authentication? A. Something you know B. Something you have C. Something you eat D. Something you are Correct: C Explanation: The main factors in MFA are something you know (password), something you have (token), and something you are (biometrics). Something you eat is not a recognized authentication factor.
Explanation: MFA can prevent unauthorized access even if a password is compromised, as additional verification is required. Question 6: “Something you know” as an authentication factor typically refers to: A. A hardware token B. A password or PIN C. A fingerprint D. A mobile phone Correct: B Explanation: “Something you know” refers to knowledge-based credentials such as passwords, PINs, or answers to security questions. Question 7: A smart card used for authentication is an example of which MFA factor? A. Something you know B. Something you have C. Something you are D. Something you do
Correct: B Explanation: A smart card is a physical device the user possesses, fitting the “something you have” category. Question 8: Fingerprint scanning is an example of which authentication factor? A. Something you have B. Something you know C. Something you are D. Something you do Correct: C Explanation: Biometric authentication like fingerprint scanning is classified as “something you are.” Question 9: Behavioral biometrics in MFA refers to: A. Physical characteristics such as facial features B. Patterns of behavior such as typing speed C. The presence of a mobile device D. The use of a strong password
Correct: A Explanation: Knowledge-based factors include information the user knows, such as answers to security questions. Question 12: OTP sent via SMS is an example of: A. Knowledge-based factor B. Possession-based factor C. Inheritance-based factor D. Location-based factor Correct: B Explanation: An OTP sent via SMS is something the user has, specifically their registered mobile device. Question 13: A hardware token is best described as: A. A password generator embedded in physical device B. A biometric scanner C. An online account D. A network firewall Correct: A
Explanation: Hardware tokens are physical devices that generate one- time passwords for authentication. Question 14: Google Authenticator is an example of which type of MFA factor? A. Biometric B. Possession-based software token C. Knowledge-based D. Location-based Correct: B Explanation: Google Authenticator is a mobile app that generates OTPs, representing a possession-based software token. Question 15: Which biometric is commonly used in MFA systems? A. Temperature B. Fingerprints C. Eye color D. Blood type Correct: B
Explanation: Device fingerprinting identifies a device using its hardware and software configuration as an authentication factor. Question 18: Which is the correct sequence for a typical MFA authentication process? A. Enter password → Provide second factor → Access granted B. Enter username → Access granted C. Enter password → Access granted D. Enter password → Enter username → Access granted Correct: A Explanation: A typical MFA process requires entering a password (first factor), then a second factor (e.g., OTP), before access is granted. Question 19: Time-based One-Time Password (TOTP) works by: A. Generating passwords based on the current time and a shared secret B. Sending passwords via postal mail C. Asking security questions D. Using static passwords Correct: A
Explanation: TOTP generates temporary codes using an algorithm that combines the current time and a shared secret key. Question 20: HMAC-based One-Time Password (HOTP) differs from TOTP in that: A. HOTP uses a counter, while TOTP uses time B. HOTP is biometric-based C. HOTP is only for physical tokens D. HOTP requires geolocation Correct: A Explanation: HOTP uses a counter that increments with each use, whereas TOTP is time-based. Question 21: Push notification authentication is characterized by: A. Sending an approval request to a user’s registered device B. Sending an email with a link C. Asking a security question D. Requiring a hardware token Correct: A
Correct: A Explanation: Federated Identity Management enables users to authenticate across organizations or domains, and MFA enhances its security. Question 24: SAML, OAuth, and OpenID Connect are: A. Authentication and authorization protocols commonly used with MFA B. Types of hardware tokens C. Biometric standards D. Encryption algorithms Correct: A Explanation: These protocols support secure authentication and authorization, often integrating MFA for added security. Question 25: FIDO2 and WebAuthn are standards that: A. Enable passwordless authentication with strong security B. Only support SMS authentication C. Are obsolete protocols D. Are used for antivirus software
Correct: A Explanation: FIDO2 and WebAuthn provide strong, passwordless authentication mechanisms, often leveraging biometrics or security keys. Question 26: PKI standards such as PIV and CAC are related to: A. Smartcard-based authentication B. Email encryption only C. Password management D. Token expiration Correct: A Explanation: Personal Identity Verification (PIV) and Common Access Card (CAC) are smartcard standards used for secure authentication. Question 27: When planning for MFA implementation, the first step should be: A. Assessing security needs and risk levels B. Installing hardware tokens immediately C. Disabling all current authentication
B. Require all users to use hardware tokens C. Ignore usability concerns D. Use password-only authentication Correct: A Explanation: Adaptive authentication tailors security requirements to the risk profile, minimizing impact on users while maintaining security. Question 30: User education in MFA is important because: A. Users must understand how to use and recover MFA methods B. It eliminates the need for authentication C. It increases system vulnerabilities D. It replaces technical controls Correct: A Explanation: Educating users ensures proper adoption and usage, reducing errors and support incidents. Question 31: Regulatory standards like GDPR, HIPAA, and PCI-DSS often require: A. Strong authentication mechanisms, including MFA
B. Only single-factor authentication C. No authentication D. Hardware tokens exclusively Correct: A Explanation: Many regulations mandate strong authentication, including the use of MFA, to protect sensitive data. Question 32: MFA helps organizations achieve compliance by: A. Reducing the risk of unauthorized access to sensitive data B. Replacing encryption C. Eliminating security policies D. Disabling user accounts Correct: A Explanation: MFA strengthens access control, helping organizations meet regulatory requirements for data protection. Question 33: Which attack specifically targets SMS-based MFA? A. SIM swapping B. Phishing
D. Avoiding token expiration Correct: A Explanation: Encryption and secure transmission protect OTPs from being intercepted during delivery. Question 36: Regular updates and patches to MFA tools are necessary to: A. Address vulnerabilities and improve security B. Reduce system performance C. Disable new features D. Increase compatibility issues Correct: A Explanation: Frequent updates ensure that security flaws are fixed and that the MFA system remains robust. Question 37: SMS-based OTPs are considered less secure because: A. They can be intercepted via SIM-swapping and phishing B. They require expensive hardware C. They are difficult to use
D. They use biometrics Correct: A Explanation: SMS OTPs are vulnerable to interception and redirection, making them a weaker form of MFA. Question 38: Biometric authentication weaknesses include: A. Potential for spoofing and privacy concerns B. Unlimited accuracy C. Being unchangeable D. Always requiring internet access Correct: A Explanation: Biometrics can be spoofed and raise privacy issues, requiring additional safeguards. Question 39: Token lifecycle management is important because: A. Lost, stolen, or expired tokens can create security gaps B. Tokens never expire C. Only passwords matter D. Token management is automatic