A question about identification and authentication

a3590166a3590166 Member Posts: 14 ■□□□□□□□□□
Could anyone explain for me why the answer to the following question is D? I think identification is to claim who your are and authentication is to prove that. Thanks.

Identity proofing occurs during which phase of identification and authentication?
A. Testing
B. Verification
C. Authentication
D. Identification
Answer: D

Comments

  • DarrilDarril Member Posts: 1,588
    This directly relates to this objective: 3.8 Explain the difference between identification and authentication (identity proofing).

    Identity proofing is done during the identification phase prior to issuing credentials. In other words, an administrator doesn't just create an account for a user without knowing who that user is. Identification may have been provided to the HR department when the person was hired or someone else, but some identification was provided. This prevents Hacker Harry from calling up and asking for an account to be created that gives him access to the network.

    After the account is created, credentials are provided for authentication.

    HTH,

    Darril Gibson
    Author: CompTIA Security+: Get Certified Get Ahead

    Security+ Blog
    Security Plus: Get Certified Get Ahead

    Security+ Tip of day Tweets
    twitter.com/DarrilGibson
    a3590166 wrote: »
    Could anyone explain for me why the answer to the following question is D? I think identification is to claim who your are and authentication is to prove that. Thanks.

    Identity proofing occurs during which phase of identification and authentication?
    A. Testing
    B. Verification
    C. Authentication
    D. Identification
    Answer: D
  • a3590166a3590166 Member Posts: 14 ■□□□□□□□□□
    Thanks for the explanation. Does this conflict with the following question?

    Which of the following is the difference between identification and authentication of a user?
    A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system.
    B. Identification tells who the user is and authentication proves it.
    C. Identification proves who the user is and authentication is used to keep the users data secure.
    D. Identification proves who the user is and authentication tells the user what they are allowed to do.
    Answer: B
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    a3590166 wrote: »
    Thanks for the explanation. Does this conflict with the following question?

    Which of the following is the difference between identification and authentication of a user?
    A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system.
    B. Identification tells who the user is and authentication proves it.
    C. Identification proves who the user is and authentication is used to keep the users data secure.
    D. Identification proves who the user is and authentication tells the user what they are allowed to do.
    Answer: B

    I think it compliments the former question. When you first get hired on to a company Indentification would be like a SSN, a background check, etc. Authentication would be like signing on to you machine at work with the correct username/password. They aren't the same thing really.
  • a3590166a3590166 Member Posts: 14 ■□□□□□□□□□
    knwminus wrote: »
    I think it compliments the former question. When you first get hired on to a company Indentification would be like a SSN, a background check, etc. Authentication would be like signing on to you machine at work with the correct username/password. They aren't the same thing really.

    Maybe I mis-interpret your explanation but it looks like your answer is A instead of B.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    a3590166 wrote: »
    Maybe I mis-interpret your explanation but it looks like your answer is A instead of B.

    I'd say B as well. What does your book say?
  • a3590166a3590166 Member Posts: 14 ■□□□□□□□□□
    knwminus wrote: »
    I'd say B as well. What does your book say?

    B is correct. Before seeing the first question I asked, I choose B too. After knowing the answer to that and your explanation (Authentication would be like signing on to you machine at work with the correct username/password.), I'm confused. Why is A not correct?
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    a3590166 wrote: »
    B is correct. Before seeing the first question I asked, I choose B too. After knowing the answer to that and your explanation (Authentication would be like signing on to you machine at work with the correct username/password.), I'm confused. Why is A not correct?

    Because Authentication is not authorization. That comes after that. Keeping the same anaolgy it would be like this:

    I log into my machine with the correct username/password (authentication)
    I am able to view a mailbox a shared mailbox in Outlook (authorization)
    I know this wasn't a good example but the point I am trying to make is you can be Authenticated without being authorized but you can't be authorized without being authenticated. Say this:

    Question 1:
    You log into a website, it prompts you for a username and password. You put in your username and password and it fails. Which one of the two just failed: Authentication or Authorization?

    Question 2:
    You log into a website, it prompts you for a username and password. You put in your info, it says you do not have access to this restricted area. Which one of the two failed: Authentication or Authorization?
  • a3590166a3590166 Member Posts: 14 ■□□□□□□□□□
    knwminus wrote: »
    Question 1:
    You log into a website, it prompts you for a username and password. You put in your username and password and it fails. Which one of the two just failed: Authentication or Authorization?

    Question 2:
    You log into a website, it prompts you for a username and password. You put in your info, it says you do not have access to this restricted area. Which one of the two failed: Authentication or Authorization?

    1. Authentication
    2. Authorization

    Still confused about identification and authentication.icon_sad.gif
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    In a simple example of using a username and password to access webmail, think of identification as the username and authentication as the password and the process of verifying that that password belongs to that user.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    dynamik wrote: »
    In a simple example of using a username and password to access webmail, think of identification as the username and authentication as the password and the process of verifying that that password belongs to that user.

    +1 I agree. Btw read Darrils book Amazon.com: CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide (9781439236369): Darril Gibson: Books

    For kicks last night I was reading about some of the things you were talking about, It explains everything very clearly. Also the font is fantastic (very important if you read alot).
  • DarrilDarril Member Posts: 1,588
    a3590166 wrote: »
    1. Authentication
    2. Authorization

    Still confused about identification and authentication.icon_sad.gif

    What do you think the definitions are then? Forget the questions, (especially if they don't include explanations) but instead see if you can define the following terms using the information people have posted here and any other resources you have:
    • Identification
    • Authentication
    • Authorization
    Sometimes when you try to write things out in your own words, the concepts become clear. If things don't click, post your definitions here and people can provide input to help clarify your definitions.

    Knwminus, thanks for the shout out .

    Darril Gibson
    Author: CompTIA Security+: Get Certified Get Ahead

    Security+ Blog
    Security Plus: Get Certified Get Ahead

    Security+ Tip of day Tweets
    twitter.com/DarrilGibson
  • a3590166a3590166 Member Posts: 14 ■□□□□□□□□□
    Darril wrote: »
    What do you think the definitions are then? Forget the questions, (especially if they don't include explanations) but instead see if you can define the following terms using the information people have posted here and any other resources you have:
    • Identification
    • Authentication
    • Authorization
    Sometimes when you try to write things out in your own words, the concepts be
    • Identification: Say who your are like providing user name
    • Authentication: Proving you are who you claim like providing password
    • Authorization: Grant access to some resources after passing authentication

    I still think questions matter because they make me think more about the definitions.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    a3590166 wrote: »
    I still think questions matter because they make me think more about the definitions.

    Absolutely. However, keep in mind that the quality of questions will vary greatly, especially amongst free ones. Don't get hung up on a poorly written question.
  • a3590166a3590166 Member Posts: 14 ■□□□□□□□□□
    dynamik wrote: »
    Absolutely. However, keep in mind that the quality of questions will vary greatly, especially amongst free ones. Don't get hung up on a poorly written question.

    I believe these questions are from Security+ exam.
  • DarrilDarril Member Posts: 1,588
    a3590166 wrote: »
    • Identification: Say who your are like providing user name
    • Authentication: Proving you are who you claim like providing password
    • Authorization: Grant access to some resources after passing authentication
    I still think questions matter because they make me think more about the definitions.

    Yes, the questions matter but they become easier to answer once you understand the concepts. I see where you're combining identification and authentication, but they are separate topics.

    Identification (in this context) is related to identity prooofing, proving who you are before you are given credentials. This blog talks about it a little more: Security Plus: Get Certified Get Ahead: Identity proofing

    Authentication is proving who you are with credentials such as a username and password, smart card and PIN, or biometrics. This blog talks about the three factors of authentication: Security Plus: Get Certified Get Ahead: Three Factors of Authentication.

    You're right on target with authorization.

    HTH,

    Darril Gibson
    Author: CompTIA Security+: Get Certified Get Ahead

    Security+ Blog
    Security Plus: Get Certified Get Ahead

    Security+ Tip of the Day
    twitter.com/DarrilGibson
Sign In or Register to comment.