Which of the following is the most reliable authentication method for remote access?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
A Synchronous token generates a one-time password that is only valid for a short period of time.
Once the password is used it is no longer valid, and it expires if not entered in the acceptable time frame.
The following answers are incorrect: Variable callback system.
Although variable callback systems are more flexible than fixed callback systems, the system assumes the identity of the individual unless two-factor authentication is also implemented.By itself, this method might allow an attacker access as a trusted user.
Fixed callback system.
Authentication provides assurance that someone or something is who or what he/it is supposed to be.
Callback systems authenticate a person, but anyone can pretend to be that person.
They are tied to a specific place and phone number, which can be spoofed by implementing call-forwarding.
Combination of callback and Caller ID.The caller ID and callback functionality provides greater confidence and auditability of the caller's identity.By disconnecting and calling back only authorized phone numbers, the system has a greater confidence in the location of the call.However, unless combined with strong authentication, any individual at the location could obtain access.
The following reference(s) were/was used to create this question: Shon Harris AIO v3 p.
140, 548 - ISC2 OIG 2007 p.
152-153, 126-127
Of the given authentication methods for remote access, the most reliable option is the synchronous token (B).
Synchronous tokens generate a unique one-time password (OTP) at fixed intervals, usually every 30 seconds. The OTP is synchronized between the token and the authentication server, allowing for secure authentication of remote access attempts. This method of authentication provides a strong level of security as it is based on something the user has (the token) and something they know (their password).
Variable callback systems (A) and fixed callback systems (C) involve a phone-based authentication method. In a callback system, the user initiates the remote access attempt and the system calls back a pre-registered phone number to verify the user's identity. In a fixed callback system, the callback phone number is always the same. In a variable callback system, the phone number used for the callback changes each time.
While callback systems can provide a certain level of security, they are not as reliable as synchronous tokens. For example, if an attacker has compromised the user's phone or the phone line itself, they could potentially intercept the callback and gain access. In addition, callback systems are susceptible to social engineering attacks, where an attacker convinces the user to provide them with the callback code.
Combining callback and caller ID (D) can provide an additional layer of security, but it is still not as reliable as a synchronous token. Caller ID spoofing and other forms of caller ID manipulation are possible, and social engineering attacks can still be effective.
In conclusion, the most reliable authentication method for remote access is the synchronous token, as it provides a strong level of security based on something the user has and something they know.