A technician wants to implement a dual factor authentication system that will enable the
organization to authorize access to sensitive systems on a need-to-know basis. Which of the
following should be implemented during the authorization stage?
A.
Biometrics
B.
Mandatory access control
C.
Single sign-on
D.
Role-based access control
Shouldn’t this be B.? Biometrics would apply to authentication stage and not authorization stage.
Confusing question…
Authentication = login + password (who you are)
Authorization = permissions (what you are allowed to do).. So it can’t be A.
IT can be B/D as both are authorization..
Ah this is a bit of tricky question, the correct answer is A. Granted it is a poorly worded question. If you carefully read the question its not asking about authorization at all. Its asking about dual factor authentication. Biometrics will provide dual factor authentication.
Biometric and another type of authentication.
A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis.
This is a statement followed by a period.
Which of the following should be implemented during the authorization stage? This a question, as it is followed by a question mark.
The “question” is very straight forward, when I carefully read it, it asks about the authorization stage.
“Which of the following should be implemented during the authorization stage?”
In chapter 2 of CompTIA Security+ SY0-401 Study Guide by Darril Gibson, “need to know” access is described under Mandatory Access Control, ans B
Also dual factor authentication is not limited to biometrics, it could just as easily be pin and smart card; something you know and something you have.