GIAC
GSEC · Question #120
GSEC Question #120: Real Exam Question with Answer & Explanation
The correct answer is C. Two-Factor. Because RFID cards can be cloned, relying solely on 'something you have' is insufficient; adding a second authentication factor ensures the presenter of a card is the legitimate employee and not someone using a cloned credential.
Question
Your CIO has found out that it is possible for an attacker to clone your company's RFID (Radio Frequency ID) based key cards. The CIO has tasked you with finding a way to ensure that anyone entering the building is an employee. Which of the following authentication types would be the appropriate solution to this problem?
Options
- AMandatory Access Controls
- BBell-LaPadula
- CTwo-Factor
- DTACACS
Explanation
Because RFID cards can be cloned, relying solely on 'something you have' is insufficient; adding a second authentication factor ensures the presenter of a card is the legitimate employee and not someone using a cloned credential.
Common mistakes.
- A. Mandatory Access Controls (MAC) is a data access policy model that enforces label-based permissions on information objects and subjects; it governs data confidentiality, not physical building entry authentication.
- B. Bell-LaPadula is a formal confidentiality model governing read/write rules for classified data based on security labels; it has no relevance to physical access authentication or RFID card cloning.
- D. TACACS (Terminal Access Controller Access Control System) is a network device authentication and authorization protocol used for managing administrative access to routers and switches, not for controlling physical building entry.
Concept tested. Two-factor authentication to counter cloned physical credentials
Community Discussion
No community discussion yet for this question.