Domain 6 Security

Biometrics is based on biological attributes. Biometrics is a strong form of authentication because each person has unique characteristics. When these unique characteristics are used for authentication, they are more reliable and stronger than the best passwords. For example, no two people have the exact same fingerprint or retina pattern.

Systems and accounts that need extra security often require multifactor authentication, generally from two or more types. This simply means you have to authenticate yourself two or more times to gain access to a system. Since a PIN is type 1 authentication and a smart card is type 2 authentication, these two would be considered multifactor authentication.

Since passwords and passphrases are both type 1, they would not amount to multifactor authentication.

Since security tokens and smartphones are both type 2, they would not amount to multifactor authentication.

Since fingerprints and retinal scans are both type 3, they would not amount to multifactor authentication.

Site redundancy provides a complete duplicate of another location's computers and data. This is useful in the case of a major catastrophe, such as an earthquake or tornado, away from your main business location.

Replication is a data redundancy strategy where data is copied to a different physical location. This strategy works well in the case of a major catastrophe, such as an earthquake or tornado.

Power redundancy protects against service or data loss due to a power outage. However, if servers are destroyed during a natural disaster, power redundancy does not help to recover critical data.

Redundant Array of Independent Disks (RAID) is designed to store a duplicate of the same data on two or more disks simultaneously. If one disk fails, the data can still be accessed by using one of the other disks. However, this fault tolerance strategy does not address a natural disaster in which the entire RAID array is destroyed.

A data center is an area used to store and share such things as computer systems, applications, and data. However, during a natural disaster, a data center can be completely or partially destroyed.

Type 1 authentication (something you know) is by far the most common authentication type and includes security questions.

Type 2 authentication (something you have) does not include security questions.

Type 3 authentication (something you are) does not include security questions.

Single sign-on authentication is a method for logging into one system to gain access to other related systems. It is not a type of authentication and does not focus on security questions.

A VPN establishes a secure communications tunnel over a public network to a secure network. Using a VPN would provide secure transmission of the data.

The following do not secure the transmission of data over a public network:

Single sign-on is a method of authenticating with one system to gain access to other related systems.

Multifactor authentication requires two or more evidences of authentication, usually of different types.

Mandatory Access Control (MAC) is a type of access control that historically was associated with multilevel security and military systems and may use a security clearance to restrict access to resources.

When you create or modify access control lists (ACLs) and policies, it's best to practice the principle of least privilege. This principle states that users only be given the access that they need to do their specific tasks and nothing more.

Type 3 authentication requires that you use something you are in order to authenticate (such as a fingerprint). It is not a process of granting access rights to company resources.

Accounting is the process of keeping track of user activity while attached to a system. It is not a process of granting access rights to company resources.

Non-repudiation is a method for making sure that a user cannot deny having performed a certain action. It does not focus on granting access rights to company resources.