A technician wants to implement a dual factor authentication system that will enable the
organization to authorize access to sensitive systems on a need-to-know basis. Which of the
following should be implemented during the authorization stage?
A.
Biometrics
B.
Mandatory access control
C.
Single sign-on
D.
Role-based access control
I must be way off base! But why would “Biometrics” be the answer to an authorization question? Isn’t “B” the right choice for the “need-to-know” authorization?
The key here is where it says, “Dual Factor” which refers to multiple points of authentication (I.E Username and password, with a token or biometrics).
Mandatory Access Control, also known as MAC is an access control policy.
You are definitely correct that MAC is the “need to know” but the words “Dual Factor” is what makes it biometrics in this case. This is actually a tough question and you made me think it was B too.
Thank you for your insight, Danny. I am thinking now, to accept “A” as the answer, I need to accept that authentication is part of the “authorization stage”. I don’t recall any documentation on these stages… perhaps this calls for more research on my part. If I find something, I will post it here.
V/R,
Kimo