Which credential is a password valid for one session and expires afterward?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which credential is a password valid for one session and expires afterward?

Explanation:
The concept being tested is ephemeral, single-use credentials. A one-time password is generated specifically to be valid for a single login session and then becomes invalid—either after that use or after a very short time window. This makes it ideal for preventing replay of credentials stolen in transit, since even if someone captures it, it can’t be reused for another session. OTPS can come from hardware tokens, authenticator apps, or message delivery like SMS, and they’re typically time-based or event-based to enforce the single-use limitation. In contrast, static passwords, smart cards, or security keys are not inherently single-use per session, and passwordless refers to a method of authentication rather than a credential type that expires after one session.

The concept being tested is ephemeral, single-use credentials. A one-time password is generated specifically to be valid for a single login session and then becomes invalid—either after that use or after a very short time window. This makes it ideal for preventing replay of credentials stolen in transit, since even if someone captures it, it can’t be reused for another session. OTPS can come from hardware tokens, authenticator apps, or message delivery like SMS, and they’re typically time-based or event-based to enforce the single-use limitation. In contrast, static passwords, smart cards, or security keys are not inherently single-use per session, and passwordless refers to a method of authentication rather than a credential type that expires after one session.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy