The three internationally recognized factors of authentication are:

A port scan is a common reconnaissance technique used by attackers. They systematically check for open ports on your systems to identify potential vulnerabilities that can be exploited. An IDS is designed to detect this type of probing activity.

A digital certificate, issued by a Certificate Authority, is like a digital passport. It contains information like the owner's name, the public key, the certificate's expiration date, and the digital signature of the CA, which vouches for the certificate's authenticity.

This is a highly targeted form of spear phishing known as BEC or CEO fraud. The attacker uses social engineering, impersonation, and a sense of urgency to trick an employee into bypassing normal security procedures and making an unauthorized financial transaction.

A firewall acts as a critical barrier between a trusted internal network and an untrusted external network, such as the internet. It works by monitoring and controlling incoming and outgoing network traffic based on predetermined security rules. Firewalls can be implemented as dedicated hardware appliances or as software running on a server or individual computer, making them a versatile tool for preventing unauthorized access and mitigating various cyber threats.

A basic packet-filtering firewall makes its decisions based on information in the network and transport layer headers, such as source and destination IP addresses, ports, and the protocol type (TCP, UDP, ICMP).

An IDS is a passive monitoring tool, like a security camera. It watches network traffic and system logs, and if it detects something suspicious that matches a known attack signature or an anomaly, it generates an alert for a security administrator to investigate.

This question describes the 'Possession' authentication factor. This factor validates a user's identity based on a physical item they possess, such as a smartphone (for software tokens or push notifications), a hardware security key (like a YubiKey), a smart card, or a one-time password (OTP) token. These items are typically unique to the user and are required to complete the authentication process. Let's look at why the other options are incorrect: * **Knowledge (Something you know)** refers to information only the user should know, like a password, PIN, or security question answer. * **Inherence (Something you are)** refers to biometric factors, such as fingerprints, facial recognition, or iris scans. * **Location (Somewhere you are)** is an additional context-aware authentication factor that verifies the user's geographical position, often used in conjunction with other factors, but it's not one of the primary 'Something you know/have/are' categories.

Salting is a crucial security measure for password storage. By adding a unique salt to each password before hashing, it ensures that two users with the same password will have different hashes. This prevents attackers from using pre-computed "rainbow tables" to crack the hashes.

Shoulder surfing is the act of looking over someone's shoulder to see what they are typing. This makes knowledge-based factors like passwords and PINs, which must be visibly entered, the most vulnerable to this type of attack.