Multi-factor Authentication: Levels Of Assurance! Trivia Quiz

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Avidita
A
Avidita
Community Contributor
Quizzes Created: 1 | Total Attempts: 304
Questions: 16 | Attempts: 304

SettingsSettingsSettings
Multi-factor Authentication: Levels Of Assurance! Trivia Quiz - Quiz

When you are willing to buy a very good or use some information, you need to have some levels of assurance on its authenticity and effectiveness. If you consider something to be risky, you will require high levels of assurance. How knowledgeable are you when it comes to different levels of assurance? Take this test and find out!


Questions and Answers
  • 1. 

    PIV is abbreviated for?

    • A.

      Personal Identity Validation

    • B.

      Personalized Issuance Verification

    • C.

      Personal Identity Verification

    • D.

      Personalized Identity Validation

    Correct Answer
    C. Personal Identity Verification
    Explanation
    PIV is abbreviated for Personal Identity Verification. This term refers to the process of verifying an individual's identity through various means, such as biometric data, smart cards, and personal identification numbers. PIV is commonly used in government and corporate settings to ensure secure access to sensitive information and facilities.

    Rate this question:

  • 2. 

    How is the progress of HSPD-12 measured by OMB?

    • A.

      Quarterly FISMA reports

    • B.

      Annual FISMA reports

    • C.

      Monthly FISMA reports

    • D.

      A wish and a prayer

    Correct Answer
    A. Quarterly FISMA reports
    Explanation
    The progress of HSPD-12 is measured by OMB through Quarterly FISMA reports. These reports provide a comprehensive overview of the implementation and effectiveness of HSPD-12, allowing OMB to assess the progress made on a quarterly basis. This ensures that any issues or challenges can be identified and addressed promptly, and that the goals and objectives of HSPD-12 are being met consistently. Annual or monthly reports may not provide the same level of detail and frequency of assessment as the quarterly reports, making them less suitable for measuring progress effectively.

    Rate this question:

  • 3. 

    NIST SP 800-63 defines how many levels of assurance?

    • A.

      Level 1, Level 2, Level 3

    • B.

      What is Level of Assurance?

    • C.

      Level 1, Level 2, Level 3, Level 4

    • D.

      Level 1, Level 2, Level 3, Level 4, Level 5

    Correct Answer
    C. Level 1, Level 2, Level 3, Level 4
    Explanation
    NIST SP 800-63 defines four levels of assurance, which are Level 1, Level 2, Level 3, and Level 4. These levels of assurance provide a framework for evaluating and determining the strength of an authentication process. Each level has specific requirements and criteria that must be met to achieve that level of assurance.

    Rate this question:

  • 4. 

    What is the difference between Level of Assurance 3 and Level of Assurance 4?

    • A.

      Level 3 tokens can be software based, but Level 4 has to be hardware based

    • B.

      Level 3 can be single factor, but Level 4 has to be multi factor

    • C.

      Level 3 does not require background check, but Level 4 requires background check

    • D.

      Level 3 does not have a picture, but Level 4 requires a picture

    Correct Answer
    A. Level 3 tokens can be software based, but Level 4 has to be hardware based
    Explanation
    Level of Assurance 3 and Level of Assurance 4 differ in terms of the type of tokens used. Level 3 tokens can be software-based, meaning they can be implemented using software applications or programs. On the other hand, Level 4 tokens have to be hardware-based, which means they require physical devices or tokens for authentication. This distinction highlights the varying levels of security and assurance provided by each level, with Level 4 requiring a higher level of security due to the hardware-based authentication method.

    Rate this question:

  • 5. 

    Which publication describes the specifications of a PIV card?

    • A.

      FIPS 199

    • B.

      SP 800-63

    • C.

      SP 800-57

    • D.

      FIPS 201-2

    Correct Answer
    D. FIPS 201-2
    Explanation
    FIPS 201-2 is the correct answer because it is a publication that specifically describes the specifications of a Personal Identity Verification (PIV) card. FIPS 199, SP 800-63, and SP 800-57 are not publications that focus on the specifications of a PIV card.

    Rate this question:

  • 6. 

    What are the FY 2016 goals for Strong Authentication as required by OMB?

    • A.

      85% for standard users, 100% for privileged users

    • B.

      75% for standard users, 100% for privileged users

    • C.

      70% for standard users, 100% for privileged users

    • D.

      100% for standard users, 100% for privileged users

    Correct Answer
    A. 85% for standard users, 100% for privileged users
    Explanation
    In FY 2016, the goals for Strong Authentication as required by OMB are to achieve 85% compliance for standard users and 100% compliance for privileged users. This means that 85% of standard users should be using strong authentication methods, while all privileged users should be using strong authentication methods.

    Rate this question:

  • 7. 

    Uncleared contractors are excluded from DOE scope based on "risk assessment" according to which DOE policy?

    • A.

      Michael Johnson's email from 9/3/15

    • B.

      DOE O 403.7

    • C.

      MFA Implementation Plan

    • D.

      DOE O 206.2

    Correct Answer
    D. DOE O 206.2
    Explanation
    According to DOE O 206.2, uncleared contractors are excluded from DOE scope based on "risk assessment." This policy outlines the criteria and procedures for assessing and managing risk within the Department of Energy. It is likely that this policy includes guidelines for determining the level of risk associated with contractors who have not been cleared, and as a result, they are excluded from the scope of work to mitigate potential risks.

    Rate this question:

  • 8. 

    According to the latest DOE MFA Implementation Plan, what Levels of Assurance are acceptable to reach the OMB goals?

    • A.

      PIV where possible, Level 4 desired, Level 3 where Level4/PIV is not possible

    • B.

      PIV only, because that is what HSPD-12 requires

    • C.

      Any Level 4

    • D.

      Any Level 3 or above

    Correct Answer
    A. PIV where possible, Level 4 desired, Level 3 where Level4/PIV is not possible
    Explanation
    The acceptable Levels of Assurance to reach the OMB goals, according to the latest DOE MFA Implementation Plan, are PIV where possible, Level 4 desired, and Level 3 where Level 4/PIV is not possible. This means that if it is feasible, PIV should be used as the preferred level of assurance. However, if PIV is not possible, Level 4 is desired. And if Level 4/PIV is not possible, Level 3 can be used as an alternative.

    Rate this question:

  • 9. 

    What is an example of a Level 4 token?

    • A.

      PIV, PIV-I, CIV

    • B.

      PIV, PIV-I

    • C.

      PIV is the only Level 4 token

    • D.

      Whatever Margarita approves for DOE

    Correct Answer
    A. PIV, PIV-I, CIV
    Explanation
    The correct answer is PIV, PIV-I, CIV. These are examples of Level 4 tokens. PIV stands for Personal Identity Verification, PIV-I stands for PIV Interoperable, and CIV stands for Commercial Identity Verification. These tokens are used for authentication and access control in various government and commercial applications.

    Rate this question:

  • 10. 

    How is the MFA implementation managed at DOE?

    • A.

      Through the ICAM/MFA Implementation Working Group

    • B.

      Through the ICAM IPT

    • C.

      By Ken Calabrese

    • D.

      By Donald Trump, because he wants to make MFA great again

    Correct Answer
    A. Through the ICAM/MFA Implementation Working Group
    Explanation
    The MFA implementation at DOE is managed through the ICAM/MFA Implementation Working Group. This group is responsible for overseeing the implementation of MFA (Multi-Factor Authentication) within the organization. They likely develop and enforce policies and procedures related to MFA, coordinate with different departments or teams to ensure consistent implementation, and provide guidance and support to ensure the successful adoption of MFA across the DOE.

    Rate this question:

  • 11. 

    DOE is pursuing MFA implementation at which level of the technology stack?

    • A.

      Application through User Based Enforcement

    • B.

      System through User Based Enforcement

    • C.

      Network through Machine Based Enforcement

    • D.

      ???

    Correct Answer
    C. Network through Machine Based Enforcement
    Explanation
    The correct answer is Network through Machine Based Enforcement because MFA (Multi-Factor Authentication) implementation at this level of the technology stack involves enforcing authentication and security measures at the network level, using machines to enforce these measures. This means that authentication and security protocols are implemented and enforced at the network level, ensuring that only authorized machines are allowed access to the system.

    Rate this question:

  • 12. 

    What is the link between the MFA implementation and the Segment Architecture?

    • A.

      The MFA credentials within DOE need to be able to authenticate through the services defined in the Segment Architecture

    • B.

      MFA is unrelated to the Segment Architecture

    • C.

      MFA is a segment in the Segment Architecture

    • D.

      What Segment Architecture?

    Correct Answer
    A. The MFA credentials within DOE need to be able to authenticate through the services defined in the Segment Architecture
    Explanation
    The correct answer is that the MFA credentials within DOE need to be able to authenticate through the services defined in the Segment Architecture. This means that the MFA implementation must align with the architecture framework and utilize the services provided by the Segment Architecture for authentication purposes.

    Rate this question:

  • 13. 

    What is the difference between PIV and PIV-I?

    • A.

      PIV-I does not require background check

    • B.

      PIV is Level 4 Assurance, but PIV-I is not

    • C.

      PIV is a hardware token, but PIV-I is a software token

    • D.

      What's for lunch?

    Correct Answer
    A. PIV-I does not require background check
    Explanation
    PIV-I stands for Personal Identity Verification-Interoperable. It is a form of PIV that is designed for non-federal entities. PIV, on the other hand, is the standard form of Personal Identity Verification used by federal employees and contractors. One of the main differences between PIV and PIV-I is that PIV-I does not require a background check. This means that individuals can obtain a PIV-I credential without undergoing the same level of scrutiny as those obtaining a PIV credential.

    Rate this question:

  • 14. 

    Which of the following credentials is fully FIPS 201 compliant?

    • A.

      PIV

    • B.

      PIV, PIV-I

    • C.

      PIV, PIV-I, CIV

    • D.

      All Level 4 credentials are FIPS 201 compliant

    Correct Answer
    A. PIV
    Explanation
    The correct answer is PIV. PIV stands for Personal Identity Verification, which is a credential that is fully compliant with the Federal Information Processing Standards (FIPS) 201. This means that it meets all the requirements and specifications outlined in the FIPS 201 standard for secure and reliable identification and authentication of federal employees and contractors. PIV-I and CIV are also mentioned as options, but the question asks for the credential that is fully compliant, and PIV is the only option that meets this requirement.

    Rate this question:

  • 15. 

    Can you combine credentials to get to Level 3 assurance?

    • A.

      No

    • B.

      Yes

    Correct Answer
    B. Yes
    Explanation
    It is possible to combine credentials to achieve Level 3 assurance. Level 3 assurance typically requires multiple factors of authentication, such as something you know (password), something you have (smart card), and something you are (biometric). By combining these different types of credentials, it is possible to achieve the higher level of assurance required for Level 3.

    Rate this question:

  • 16. 

    Can you combine credentials to get to Level 4 assurance?

    • A.

      No

    • B.

      Yes

    Correct Answer
    A. No
    Explanation
    Combining credentials cannot lead to Level 4 assurance. Level 4 assurance requires strong authentication methods, such as multifactor authentication, which cannot be achieved by simply combining credentials. It involves multiple layers of verification to ensure a higher level of security and trust. Therefore, the correct answer is "No."

    Rate this question:

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.