Question

Question 1: An account requiring a password, PIN, and smart card is an example of three-factor authentication? Explain your answer.

Question 2: Explain the concepts of Onboarding, Background Checks, Offboarding, Shared Authority, Job rotation, Least Privilege.

Question 3: How does OTP protect against password guessing or sniffing attacks?

Question 4: Based on your understanding, explain some practices how you can implement secure network design. Elaborate your answer.

Question 5: An important consideration in designing a security system is to determine how users receive rights or permissions. Briefly explain the following models of access controls:

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

Mandatory Access Control (MAC)

Attribute-Based Access Control (ABAC)

Rule-Based Access Control (RBAC)

Question 6: What is the difference between locked and disabled accounts?

Answer 1

Three-factor authentication involves using three distinct forms of verification. Onboarding, job rotation, and access control models like DAC and RBAC are integral to organizational security. OTPs provide a unique, one-time code improving security over traditional passwords, and secure network design practices are important in protecting against vulnerabilities.

Step-by-step explanation:

An account requiring a password, PIN, and smart card is indeed an example of three-factor authentication. This is because it uses three different methods to verify a user's identity: something you know (password), something you have (smart card), and something you are (biometric verification via PIN).

Onboarding is the process of integrating a new employee into a company, Background Checks are a review of a potential employee's history, Offboarding is the process of removing an employee from a company, Shared Authority involves multiple individuals sharing control over a process, Job Rotation is the practice of moving employees between different tasks or jobs to reduce risks and improve skills, and Least Privilege is a security principle that gives users only the access they need to perform their job functions.

One-Time Passwords (OTPs) protect against password guessing and sniffing attacks by providing a unique password that is only valid for a single session or transaction.

Implementing secure network design practices can include: using firewalls, segregating networks, implementing intrusion detection systems, encrypting data in transit, and using secure routing protocols.

Access control models dictate how users receive rights or permissions:

• Discretionary Access Control (DAC) allows the data owner to control who can access their information.
• Role-Based Access Control (RBAC) assigns permissions based on the user's role within the organization.
• Mandatory Access Control (MAC) controls access based on fixed security attributes, like clearance levels.
• Attribute-Based Access Control (ABAC) grants access based on a set of policies and attributes of users, resources, and the environment.
• Rule-Based Access Control (RBAC), often confused with Role-Based, uses rules that trigger access permissions based on certain conditions.

Locked accounts temporarily prevent a user from accessing their account, typically after several failed login attempts, while disabled accounts permanently revoke access and are usually a result of policy decisions or employment termination.