Chapter 11 Flashcards

1
Q

Which authentication factor is based on a unique talent that a user possesses?

What you have

What you are

What you do

What you know

A

What you do

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a hybrid attack?

An attack that uses both automated and user input

An attack that combines a dictionary attack with a mask attack

A brute force attack that uses special tables

An attack that slightly alters dictionary words

A

An attack that combines a dictionary attack with a mask attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Each of the following accounts should be prohibited EXCEPT:

Shared accounts

Generic accounts

Privileged accounts

Guest accounts

A

Privileged accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Ilya has been asked to recommend a federation system technology that is an open-source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?

OAuth

Open ID Connect

Shibboleth

NTLM

A

OAuth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How is key stretching effective in resisting password attacks?

It takes more time to generate candidate password digests.

It requires the use of GPUs.

It does not require the use of salts.

The license fees are very expensive to purchase and use it.

A

It takes more time to generate candidate password digests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of these is NOT a reason why users create weak passwords?

A lengthy and complex password can be difficult to memorize.

A security policy requires a password to be changed regularly.

Having multiple passwords makes it hard to remember all of them.

Most sites force users to create weak passwords even though they do not want to.

A

Most sites force users to create weak passwords even though they do not want to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A TOTP token code is generally valid for what period of time?

Only while the user presses SEND

For as long as it appears on the device

For up to 24 hours

Until an event occurs

A

For as long as it appears on the device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a token system that requires the user to enter the code along with a PIN called?

Single-factor authentication system

Token-passing authentication system

Dual-prong verification system

Multifactor authentication system

A

Multifactor authentication system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel?

Personal Identity Verification (PIV) card

Secure ID Card (SIDC)

Common Access Card (CAC)

Government Smart Card (GSC)

A

Common Access Card (CAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Creating a pattern of where a user accesses a remote web account is an example of which of the following?

Keystroke dynamics

Geolocation

Time-Location Resource Monitoring (TLRM)

Cognitive biometrics

A

Geolocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?

Dictionary attack

Hybrid attack

Custom attack

Brute force attack

A

Brute force attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which human characteristic is NOT used for biometric identification?

Retina

Iris

Height

Fingerprint

A

Height

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

___ biometrics is related to the perception, thought processes, and understanding of the user.

Cognitive

Standard

Intelligent

Behavioral

A

Cognitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Using one authentication credential to access multiple accounts or applications is known as ___.

single sign-on

credentialization

identification authentication

federal login

A

single sign-on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a disadvantage of biometric readers?

Speed

Cost

Weight

Standards

A

Cost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password?

Rainbow attack

Mask attack

Rule attack

Pass the hash attack

A

Mask attack

17
Q

Which one-time password is event-driven?

HOTP

TOTP

ROTP

POTP

A

HOTP (HMAC-based OTP)

18
Q

Why should the account lockout threshold not be set too low?

It could decrease calls to the help desk.

The network administrator would have to reset the account manually.

The user would not have to wait too long to have her password reset.

It could result in denial of service (DoS) attacks.

A

It could result in denial of service (DoS) attacks

19
Q

What is a hybrid attack?

An attack that uses both automated and user input

An attack that combines a dictionary attack with a mask attack

A brute force attack that uses special tables

An attack that slightly alters dictionary words

A

An attack that combines a dictionary attack with a mask attack

20
Q

Which of the following should NOT be stored in a secure password database?

Iterations

Password digest

Salt

Plaintext password

A

Plaintext password