GIAC Exam GSNA Topic 5 Question 70 Discussion

An event-based token, by its nature, has a long life span. They work on the one-time password principle and so once used, the next

password is generated. Often the user has a button to press to receive this new code via either a token or via an SMS message. All

CRYPTOCard's tokens are event-based rather than time-based.

Answer C is incorrect. Bluetooth tokens are often combined with a USB token, and hence work in both a connected and a disconnected

state. Bluetooth authentication works when closer than 32 feet (10 meters). If the Bluetooth is not available, the token must be inserted into

a USB input device to function.

Answer A is incorrect. Virtual tokens are a new concept in multi-factor authentication first introduced in 2005 by security company

Sestus. Virtual tokens work by sharing the token generation process between the Internet website and the user's computer and have the

advantage of not requiring the distribution of additional hardware or software. In addition, since the user's device is communicating directly

with the authenticating website, the solution is resistant to man-in-the-middle attacks and similar forms of online fraud.

Answer D is incorrect. Single sign-on software tokens are used by the multiple, related, but independent software systems. Some

types of single sign-on (SSO) solutions, like enterprise single sign-on, use this token to store software that allows for seamless authentication

and password filling. As the passwords are stored on the token, users need not remember their passwords and therefore can select more

secure passwords, or have more secure passwords assigned.