CAS-003 Question #265: Real Exam Question with Answer & Explanation

The correct answer is D: HOTP. The question states that the HMAC counter-based codes and are valid until they are used. These are "one-time" use codes. HOTP is an HMAC-based one-time password (OTP) algorithm. HOTP can be used to authenticate a user in a system via an authentication server. Also, if some more s

Question

ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise. The tokens have a set of HMAC counter-based codes and are valid until they are used. Which of the following types of authentication mechanisms does this statement describe?

Options

ATOTP
BPAP
CCHAP
DHOTP

Explanation

The question states that the HMAC counter-based codes and are valid until they are used. These are "one-time" use codes. HOTP is an HMAC-based one-time password (OTP) algorithm. HOTP can be used to authenticate a user in a system via an authentication server. Also, if some more steps are carried out (the server calculates subsequent OTP value and sends/displays it to the user who checks it against subsequent OTP value calculated by his token), the user can also authenticate the validation server. Both hardware and software tokens are available from various vendors. Hardware tokens implementing OATH HOTP tend to be significantly cheaper than their competitors based on proprietary algorithms. Some products can be used for strong passwords as well as OATH HOTP. Software tokens are available for (nearly) all major mobile/smartphone platforms.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice