Multi-factor Authentication: Levels Of Assurance! Trivia Quiz

16 Questions | Total Attempts: 67

SettingsSettingsSettings
Please wait...
Multi-factor Authentication: Levels Of Assurance! Trivia Quiz

When you are willing to buy a very good or use some information, you need to have some levels of assurance on its authenticity and effectiveness. If you consider something to be risky, you will require high levels of assurance. How knowledgeable are you when it comes to different levels of assurance? Take this test and find out!


Questions and Answers
  • 1. 
    PIV is abbreviated for?
    • A. 

      Personal Identity Validation

    • B. 

      Personalized Issuance Verification

    • C. 

      Personal Identity Verification

    • D. 

      Personalized Identity Validation

  • 2. 
    How is the progress of HSPD-12 measured by OMB?
    • A. 

      Quarterly FISMA reports

    • B. 

      Annual FISMA reports

    • C. 

      Monthly FISMA reports

    • D. 

      A wish and a prayer

  • 3. 
    NIST SP 800-63 defines how many levels of assurance?
    • A. 

      Level 1, Level 2, Level 3

    • B. 

      What is Level of Assurance?

    • C. 

      Level 1, Level 2, Level 3, Level 4

    • D. 

      Level 1, Level 2, Level 3, Level 4, Level 5

  • 4. 
    What is the difference between Level of Assurance 3 and Level of Assurance 4?
    • A. 

      Level 3 tokens can be software based, but Level 4 has to be hardware based

    • B. 

      Level 3 can be single factor, but Level 4 has to be multi factor

    • C. 

      Level 3 does not require background check, but Level 4 requires background check

    • D. 

      Level 3 does not have a picture, but Level 4 requires a picture

  • 5. 
    Which publication describes the specifications of a PIV card?
    • A. 

      FIPS 199

    • B. 

      SP 800-63

    • C. 

      SP 800-57

    • D. 

      FIPS 201-2

  • 6. 
    What are the FY 2016 goals for Strong Authentication as required by OMB?
    • A. 

      85% for standard users, 100% for privileged users

    • B. 

      75% for standard users, 100% for privileged users

    • C. 

      70% for standard users, 100% for privileged users

    • D. 

      100% for standard users, 100% for privileged users

  • 7. 
    Uncleared contractors are excluded from DOE scope based on "risk assessment" according to which DOE policy?
    • A. 

      Michael Johnson's email from 9/3/15

    • B. 

      DOE O 403.7

    • C. 

      MFA Implementation Plan

    • D. 

      DOE O 206.2

  • 8. 
    According to the latest DOE MFA Implementation Plan, what Levels of Assurance are acceptable to reach the OMB goals?
    • A. 

      PIV where possible, Level 4 desired, Level 3 where Level4/PIV is not possible

    • B. 

      PIV only, because that is what HSPD-12 requires

    • C. 

      Any Level 4

    • D. 

      Any Level 3 or above

  • 9. 
    What is an example of a Level 4 token?
    • A. 

      PIV, PIV-I, CIV

    • B. 

      PIV, PIV-I

    • C. 

      PIV is the only Level 4 token

    • D. 

      Whatever Margarita approves for DOE

  • 10. 
    How is the MFA implementation managed at DOE?
    • A. 

      Through the ICAM/MFA Implementation Working Group

    • B. 

      Through the ICAM IPT

    • C. 

      By Ken Calabrese

    • D. 

      By Donald Trump, because he wants to make MFA great again

  • 11. 
    DOE is pursuing MFA implementation at which level of the technology stack?
    • A. 

      Application through User Based Enforcement

    • B. 

      System through User Based Enforcement

    • C. 

      Network through Machine Based Enforcement

    • D. 

      ???

  • 12. 
    What is the link between the MFA implementation and the Segment Architecture?
    • A. 

      The MFA credentials within DOE need to be able to authenticate through the services defined in the Segment Architecture

    • B. 

      MFA is unrelated to the Segment Architecture

    • C. 

      MFA is a segment in the Segment Architecture

    • D. 

      What Segment Architecture?

  • 13. 
    What is the difference between PIV and PIV-I?
    • A. 

      PIV-I does not require background check

    • B. 

      PIV is Level 4 Assurance, but PIV-I is not

    • C. 

      PIV is a hardware token, but PIV-I is a software token

    • D. 

      What's for lunch?

  • 14. 
    Which of the following credentials is fully FIPS 201 compliant?
    • A. 

      PIV

    • B. 

      PIV, PIV-I

    • C. 

      PIV, PIV-I, CIV

    • D. 

      All Level 4 credentials are FIPS 201 compliant

  • 15. 
    Can you combine credentials to get to Level 3 assurance?
    • A. 

      No

    • B. 

      Yes

  • 16. 
    Can you combine credentials to get to Level 4 assurance?
    • A. 

      No

    • B. 

      Yes