Systems Security Certified Practitioner – SSCP – Question0083 - Systems Security Certified Practitioner

Which of the following choices describe a Challenge-response tokens generation?

A. A workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIN.
B. A workstation or system that generates a random login id that the user enters when prompted along with the proper PIN.
C. A special hardware device that is used to generate ramdom text in a cryptography system.
D. The authentication mechanism in the workstation or system does not determine if the owner should be authenticated.

Correct Answer: A

Explanation:

Challenge-response tokens are: -A workstation or system generates a random challenge string and the owner enters the string into the token along with the proper PIN. -The token generates a response that is then entered into the workstation or system. -The authentication mechanism in the workstation or system then determines if the owner should be authenticated. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 136-137).