20 Flashcards
Which of the following passwords is the most complex?
** G$L3tU8wY@z **
It has 3 of the character groups in it
An account policy setting that forces users to come up with a new password every time they are required to change their old password is called:
Password history
Which of the account policy settings prevents users from reusing old passwords?
Password history
Which of the following account management security measures narrows down a user’s computer access to specified hours?
Login time restrictions
Which of the account policies listed below provides a countermeasure against malicious users attempting to determine an account password by trial and error?
Account lockout
The term “Password vault” refers to a credential manager program that stores usernames and passwords in an encrypted form. Password vault requires a single master password for accessing a number of different passwords used for different websites or services.
True
Which of the following answers refer(s) to (an) example(s) of physical authentication token(s)? (Select all that apply)
- RFID badge
- Password key
- Key fob
- Smart card
During a password reminder procedure the system asks security question that covers personal details that should be known only to the user (e.g. user’s favorite holiday destination). This type of authentication method is an example of:
** KBA **
Knowledge-based authentication
The difference between static KBA and dynamic KBA is that in the case of static KBA authentication process relies on pre-determined security questions and answers chosen in advance by the user during the account creation process. On the other hand, setting up dynamic KBA does not require user input, i.e. users are not asked to choose security questions during the account creation process. Instead, dynamic KBA relies on various public and private data sources that pertain to the user which makes it a more secure authentication method.
True
Challenge Handshake Authentication Protocol (CHAP) is a remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking.
True
Which of the answers listed below refers to an obsolete authentication protocol that sends passwords in cleartext?
** PAP **
The authentication protocol that sends passwords in cleartext and is considered obsolete and insecure is PAP, which stands for Password Authentication Protocol. PAP transmits the password in plaintext, making it vulnerable to eavesdropping and interception.
What are the characteristic features of RADIUS?
- Primarily used for network access
- Combines authentication and authorization
- Encrypts only the password in the access-request packet
802.1X is an IEEE standard for implementing:
Port-based NAC
An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login on only one of the components is known as:
** SSO **
Single sign-on (SSO)
Which of the answers listed below refers to an XML-based markup language for exchanging authentication and authorization data?
** SAML **
The XML-based markup language for exchanging authentication and authorization data is SAML, which stands for Security Assertion Markup Language. SAML is commonly used in single sign-on (SSO) and identity federation scenarios to enable secure authentication and authorization between different domains, applications, or organizations. It allows for the exchange of assertions (security information) in a standardized XML format, facilitating trust and interoperability between systems and services.