120 Chapter 5 ■ dentity and Access Management (Domain 5)I
- The financial services company that Susan works for provides a web portal for its users.
When users need to verify their identity, the company uses information from third-party
sources to ask questions based on their past credit reports, such as “Which of the follow-
ing streets did you live on in 2007?” What process is Susan’s organization using?
A. Identity proofing
B. Password verification
C. Authenticating with Type 2 authentication factor
D. Out-of-band identity proofing
7 7. The United States (U.S.) government CAC is an example of what form of Type 2 authenti-
cation factor?
A. A token
B. A biometric identifier
C. A smart card
D. A PIV- What authentication technology can be paired with OAuth to perform identity verification
and obtain user profile information using a RESTful API?
A. SAML
B. Shibboleth
C. OpenID Connect
D. Higgins - Jim has Secret clearance and is accessing files that use a mandatory access control scheme
to apply the Top Secret, Secret, Confidential, and Unclassified label scheme. What classifi-
cation levels of data can he access, provided that he has a valid need-to-know?
A. Top Secret and Secret
B. Secret, Confidential, and Unclassified
C. Secret data only
D. Secret and Unclassified - The security administrators at the company that Susan works for have configured the
workstation she uses to allow her to log in only during her work hours. What type of
access control best describes this limitation?
A. Constrained interface
B. Context-dependent control
C. Content-dependent control
D. Least privilege