312-50V10 · Question #212
Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?
The correct answer is C. An authentication system that creates one-time passwords that are encrypted with secret keys.. A counter-based authentication system describes HOTP (HMAC-based One-Time Password), which generates a new OTP each time by hashing a shared secret key with an incrementing counter value.
Question
Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?
Options
- AA biometric system that bases authentication decisions on behavioral attributes.
- BA biometric system that bases authentication decisions on physical attributes.
- CAn authentication system that creates one-time passwords that are encrypted with secret keys.
- DAn authentication system that uses passphrases that are converted into virtual passwords.
How the community answered
(21 responses)- B5% (1)
- C95% (20)
Why each option
A counter-based authentication system describes HOTP (HMAC-based One-Time Password), which generates a new OTP each time by hashing a shared secret key with an incrementing counter value.
Behavioral biometric systems authenticate users based on dynamic patterns such as keystroke dynamics or gait analysis, not one-time passwords.
Physical biometric systems authenticate using static physical traits such as fingerprints or iris scans, unrelated to OTP generation.
HOTP (RFC 4226) is a counter-based OTP scheme where the client and server share a secret key and maintain a synchronized counter. Each authentication request increments the counter and applies HMAC-SHA1 to the counter plus the secret key to produce a one-time password, which is discarded after use and cannot be replayed.
Passphrase-to-virtual-password systems describe cognitive password schemes or certain legacy password transformations, not counter-synchronized OTP generation.
Concept tested: HOTP counter-based one-time password authentication
Source: https://www.rfc-editor.org/rfc/rfc4226
Topics
Community Discussion
No community discussion yet for this question.