[CCCure CISSP] Access control ques

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Access control ques

maazsq
Good day everyone!

Another question

Q: If a bank allows sign in with username, password and a one time code that is sent to user's mobile phone; what is it called?
a) Something a user has
b) Something a user is
c) Something a user knows
d) All of the above

I am thinking the answer is (a) - just wanted to confirm and know your thoughts.

Thanks,
Maaz

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Access control ques

sathishkumar arumugam

Maaz,

You are right, something a user has.

On 3 Feb 2014 22:50, "maazsq" <[hidden email]> wrote:
Good day everyone!

Another question

Q: If a bank allows sign in with username, password and a one time code that is sent to user's mobile phone; what is it called?
a) Something a user has
b) Something a user is
c) Something a user knows
d) All of the above

I am thinking the answer is (a) - just wanted to confirm and know your thoughts.

Thanks,
Maaz

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Access control ques

nrasool
I agree also, A) as the best answer.

On Mon, Feb 3, 2014 at 12:23 PM, sathishkumar arumugam <[hidden email]> wrote:

Maaz,

You are right, something a user has.

On 3 Feb 2014 22:50, "maazsq" <[hidden email]> wrote:
Good day everyone!

Another question

Q: If a bank allows sign in with username, password and a one time code that is sent to user's mobile phone; what is it called?
a) Something a user has
b) Something a user is
c) Something a user knows
d) All of the above

I am thinking the answer is (a) - just wanted to confirm and know your thoughts.

Thanks,
Maaz

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org




--
Nabil Rasool
_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Access control ques

Faizal Ahamed
In reply to this post by maazsq

Maaza

Yes "user has"

Thanks & Regards

T.M.Faizal Ahamed

sent from samsung S3 on Docomo

On 3 Feb 2014 22:50, "maazsq" <[hidden email]> wrote:
Good day everyone!

Another question

Q: If a bank allows sign in with username, password and a one time code that is sent to user's mobile phone; what is it called?
a) Something a user has
b) Something a user is
c) Something a user knows
d) All of the above

I am thinking the answer is (a) - just wanted to confirm and know your thoughts.

Thanks,
Maaz

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Access control ques

Marouane
In reply to this post by maazsq
Your thinking is right. Although the first part of the question was trying to lure someone to think about "something you know" like username/passwords. In CISSP, always concentrate on what the question is really saying. Most of the time the background of the questions is confusing ... Hence, a code that is sent to your device is "something that you have"

Marouane


On Mon, Feb 3, 2014 at 12:19 PM, maazsq <[hidden email]> wrote:
Good day everyone!

Another question

Q: If a bank allows sign in with username, password and a one time code that is sent to user's mobile phone; what is it called?
a) Something a user has
b) Something a user is
c) Something a user knows
d) All of the above

I am thinking the answer is (a) - just wanted to confirm and know your thoughts.

Thanks,
Maaz

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Access control ques

Ali Khalfan
how is a password "something a user has" ? I get one time code sent over
the phone, but password?

Marouane wrote:

> Your thinking is right. Although the first part of the question was
> trying to lure someone to think about "something you know" like
> username/passwords. In CISSP, always concentrate on what the question is
> really saying. Most of the time the background of the questions is
> confusing ... Hence, a code that is sent to your device is "something
> that you have"
>
> Marouane
>
>
> On Mon, Feb 3, 2014 at 12:19 PM, maazsq <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Good day everyone!
>
>     Another question
>
>     *Q: If a bank allows sign in with username, password and a one time
>     code that is sent to user's mobile phone; what is it called?*
>     a) Something a user has
>     b) Something a user is
>     c) Something a user knows
>     d) All of the above
>
>     I am thinking the answer is *(a)* - just wanted to confirm and know
>     your thoughts.
>
>     Thanks,
>     Maaz
>
>     _______________________________________________
>     You can find the list archive at:
>     http://cissp-study.3965.n7.nabble.com/
>
>     CISSPstudy mailing list
>     [hidden email] <mailto:[hidden email]>
>
>     To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
>     http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
>
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Access control ques

nrasool
I like to think of it this way. Since a one time code is sent to a token, what is this ?  Something a user has.  Think of the phone as a token, since the one time code is being sent to the phone, so the phone is doing exactly what a token does.  Therefore, it is something you have.
 
Nabil
On Mon, Feb 3, 2014 at 2:21 PM, Ali Khalfan <[hidden email]> wrote:
how is a password "something a user has" ? I get one time code sent over
the phone, but password?

Marouane wrote:
> Your thinking is right. Although the first part of the question was
> trying to lure someone to think about "something you know" like
> username/passwords. In CISSP, always concentrate on what the question is
> really saying. Most of the time the background of the questions is
> confusing ... Hence, a code that is sent to your device is "something
> that you have"
>
> Marouane
>
>
> On Mon, Feb 3, 2014 at 12:19 PM, maazsq <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Good day everyone!
>
>     Another question
>
>     *Q: If a bank allows sign in with username, password and a one time
>     code that is sent to user's mobile phone; what is it called?*
>     a) Something a user has
>     b) Something a user is
>     c) Something a user knows
>     d) All of the above
>
>     I am thinking the answer is *(a)* - just wanted to confirm and know
>     your thoughts.
>
>     Thanks,
>     Maaz
>
>     _______________________________________________
>     You can find the list archive at:
>     http://cissp-study.3965.n7.nabble.com/
>
>     CISSPstudy mailing list
>     [hidden email] <mailto:[hidden email]>
>
>     To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
>     http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
>
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



--
Nabil Rasool
_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Access control ques

Marouane
In reply to this post by Ali Khalfan
That's not what I said :) - See my previous comment again. In other words:

- Something you know: passwords (first part of the question) -
- Something you have: code sent to a mobile device or smart card, token,  etc .. (the actual question and what it is looking for)

Marouane


On Mon, Feb 3, 2014 at 2:21 PM, Ali Khalfan <[hidden email]> wrote:
how is a password "something a user has" ? I get one time code sent over
the phone, but password?

Marouane wrote:
> Your thinking is right. Although the first part of the question was
> trying to lure someone to think about "something you know" like
> username/passwords. In CISSP, always concentrate on what the question is
> really saying. Most of the time the background of the questions is
> confusing ... Hence, a code that is sent to your device is "something
> that you have"
>
> Marouane
>
>
> On Mon, Feb 3, 2014 at 12:19 PM, maazsq <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Good day everyone!
>
>     Another question
>
>     *Q: If a bank allows sign in with username, password and a one time
>     code that is sent to user's mobile phone; what is it called?*
>     a) Something a user has
>     b) Something a user is
>     c) Something a user knows
>     d) All of the above
>
>     I am thinking the answer is *(a)* - just wanted to confirm and know
>     your thoughts.
>
>     Thanks,
>     Maaz
>
>     _______________________________________________
>     You can find the list archive at:
>     http://cissp-study.3965.n7.nabble.com/
>
>     CISSPstudy mailing list
>     [hidden email] <mailto:[hidden email]>
>
>     To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
>     http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
>
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Access control ques

Ali Khalfan
Oh I see, so 'it' in this case refers to "a one time code that is sent
to user's mobile phone" and not "username, password and a one time code
that is sent to user's mobile phone" ...not sure how much this question
is testing knowledge or semantics  :)



Marouane wrote:

> That's not what I said :) - See my previous comment again. In other words:
>
> - Something you know: passwords (first part of the question) -
> - Something you have: code sent to a mobile device or smart card,
> token,  etc .. (the actual question and what it is looking for)
>
> Marouane
>
>
> On Mon, Feb 3, 2014 at 2:21 PM, Ali Khalfan <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     how is a password "something a user has" ? I get one time code sent over
>     the phone, but password?
>
>     Marouane wrote:
>     > Your thinking is right. Although the first part of the question was
>     > trying to lure someone to think about "something you know" like
>     > username/passwords. In CISSP, always concentrate on what the
>     question is
>     > really saying. Most of the time the background of the questions is
>     > confusing ... Hence, a code that is sent to your device is "something
>     > that you have"
>     >
>     > Marouane
>     >
>     >
>     > On Mon, Feb 3, 2014 at 12:19 PM, maazsq <[hidden email]
>     <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >     Good day everyone!
>     >
>     >     Another question
>     >
>     >     *Q: If a bank allows sign in with username, password and a one
>     time
>     >     code that is sent to user's mobile phone; what is it called?*
>     >     a) Something a user has
>     >     b) Something a user is
>     >     c) Something a user knows
>     >     d) All of the above
>     >
>     >     I am thinking the answer is *(a)* - just wanted to confirm and
>     know
>     >     your thoughts.
>     >
>     >     Thanks,
>     >     Maaz
>     >
>     >     _______________________________________________
>     >     You can find the list archive at:
>     >     http://cissp-study.3965.n7.nabble.com/
>     >
>     >     CISSPstudy mailing list
>     >     [hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>
>     >
>     >     To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the
>     link below:
>     >     http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>     >
>     >
>     >
>     >
>     > _______________________________________________
>     > You can find the list archive at:
>     > http://cissp-study.3965.n7.nabble.com/
>     >
>     > CISSPstudy mailing list
>     > [hidden email] <mailto:[hidden email]>
>     >
>     > To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
>     > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>     >
>
>     _______________________________________________
>     You can find the list archive at:
>     http://cissp-study.3965.n7.nabble.com/
>
>     CISSPstudy mailing list
>     [hidden email] <mailto:[hidden email]>
>
>     To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
>     http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
>
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Access control ques

Nandj
A.. is the most suitable choice.
Since Type-II .. 'something the user has', ..is implied strong authentication - Type-I:something user know & Type-II something user has.. So password is prerequisite and the OTP string generated on his mobile is type-II authentication.
 
 


 
On Tue, Feb 4, 2014 at 1:20 AM, Ali Khalfan <[hidden email]> wrote:
Oh I see, so 'it' in this case refers to "a one time code that is sent
to user's mobile phone" and not "username, password and a one time code
that is sent to user's mobile phone" ...not sure how much this question
is testing knowledge or semantics  :)



Marouane wrote:
> That's not what I said :) - See my previous comment again. In other words:
>
> - Something you know: passwords (first part of the question) -
> - Something you have: code sent to a mobile device or smart card,
> token,  etc .. (the actual question and what it is looking for)
>
> Marouane
>
>
> On Mon, Feb 3, 2014 at 2:21 PM, Ali Khalfan <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     how is a password "something a user has" ? I get one time code sent over
>     the phone, but password?
>
>     Marouane wrote:
>     > Your thinking is right. Although the first part of the question was
>     > trying to lure someone to think about "something you know" like
>     > username/passwords. In CISSP, always concentrate on what the
>     question is
>     > really saying. Most of the time the background of the questions is
>     > confusing ... Hence, a code that is sent to your device is "something
>     > that you have"
>     >
>     > Marouane
>     >
>     >
>     > On Mon, Feb 3, 2014 at 12:19 PM, maazsq <[hidden email]
>     <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >     Good day everyone!
>     >
>     >     Another question
>     >
>     >     *Q: If a bank allows sign in with username, password and a one
>     time
>     >     code that is sent to user's mobile phone; what is it called?*
>     >     a) Something a user has
>     >     b) Something a user is
>     >     c) Something a user knows
>     >     d) All of the above
>     >
>     >     I am thinking the answer is *(a)* - just wanted to confirm and
>     know
>     >     your thoughts.
>     >
>     >     Thanks,
>     >     Maaz
>     >
>     >     _______________________________________________
>     >     You can find the list archive at:
>     >     http://cissp-study.3965.n7.nabble.com/
>     >
>     >     CISSPstudy mailing list
>     >     [hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>
>     >
>     >     To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the
>     link below:
>     >     http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>     >
>     >
>     >
>     >
>     > _______________________________________________
>     > You can find the list archive at:
>     > http://cissp-study.3965.n7.nabble.com/
>     >
>     > CISSPstudy mailing list
>     > [hidden email] <mailto:[hidden email]>
>     >
>     > To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
>     > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>     >
>
>     _______________________________________________
>     You can find the list archive at:
>     http://cissp-study.3965.n7.nabble.com/
>
>     CISSPstudy mailing list
>     [hidden email] <mailto:[hidden email]>
>
>     To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
>     http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
>
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org