nerdexam
EC-Council

312-50V10 · Question #212

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

The correct answer is C. An authentication system that creates one-time passwords that are encrypted with secret keys.. A counter-based authentication system describes HOTP (HMAC-based One-Time Password), which generates a new OTP each time by hashing a shared secret key with an incrementing counter value.

Information Security and Ethical Hacking Fundamentals

Question

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

Options

  • AA biometric system that bases authentication decisions on behavioral attributes.
  • BA biometric system that bases authentication decisions on physical attributes.
  • CAn authentication system that creates one-time passwords that are encrypted with secret keys.
  • DAn authentication system that uses passphrases that are converted into virtual passwords.

How the community answered

(21 responses)
  • B
    5% (1)
  • C
    95% (20)

Why each option

A counter-based authentication system describes HOTP (HMAC-based One-Time Password), which generates a new OTP each time by hashing a shared secret key with an incrementing counter value.

AA biometric system that bases authentication decisions on behavioral attributes.

Behavioral biometric systems authenticate users based on dynamic patterns such as keystroke dynamics or gait analysis, not one-time passwords.

BA biometric system that bases authentication decisions on physical attributes.

Physical biometric systems authenticate using static physical traits such as fingerprints or iris scans, unrelated to OTP generation.

CAn authentication system that creates one-time passwords that are encrypted with secret keys.Correct

HOTP (RFC 4226) is a counter-based OTP scheme where the client and server share a secret key and maintain a synchronized counter. Each authentication request increments the counter and applies HMAC-SHA1 to the counter plus the secret key to produce a one-time password, which is discarded after use and cannot be replayed.

DAn authentication system that uses passphrases that are converted into virtual passwords.

Passphrase-to-virtual-password systems describe cognitive password schemes or certain legacy password transformations, not counter-synchronized OTP generation.

Concept tested: HOTP counter-based one-time password authentication

Source: https://www.rfc-editor.org/rfc/rfc4226

Topics

#OTP#counter-based authentication#HOTP#one-time passwords

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice