Chapter 11 Flashcards
Which authentication factor is based on a unique talent that a user possesses?
What you have
What you are
What you do
What you know
What you do
What is a hybrid attack?
An attack that uses both automated and user input
An attack that combines a dictionary attack with a mask attack
A brute force attack that uses special tables
An attack that slightly alters dictionary words
An attack that combines a dictionary attack with a mask attack
Each of the following accounts should be prohibited EXCEPT:
Shared accounts
Generic accounts
Privileged accounts
Guest accounts
Privileged accounts
Ilya has been asked to recommend a federation system technology that is an open-source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?
OAuth
Open ID Connect
Shibboleth
NTLM
OAuth
How is key stretching effective in resisting password attacks?
It takes more time to generate candidate password digests.
It requires the use of GPUs.
It does not require the use of salts.
The license fees are very expensive to purchase and use it.
It takes more time to generate candidate password digests.
Which of these is NOT a reason why users create weak passwords?
A lengthy and complex password can be difficult to memorize.
A security policy requires a password to be changed regularly.
Having multiple passwords makes it hard to remember all of them.
Most sites force users to create weak passwords even though they do not want to.
Most sites force users to create weak passwords even though they do not want to.
A TOTP token code is generally valid for what period of time?
Only while the user presses SEND
For as long as it appears on the device
For up to 24 hours
Until an event occurs
For as long as it appears on the device
What is a token system that requires the user to enter the code along with a PIN called?
Single-factor authentication system
Token-passing authentication system
Dual-prong verification system
Multifactor authentication system
Multifactor authentication system
Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel?
Personal Identity Verification (PIV) card
Secure ID Card (SIDC)
Common Access Card (CAC)
Government Smart Card (GSC)
Common Access Card (CAC)
Creating a pattern of where a user accesses a remote web account is an example of which of the following?
Keystroke dynamics
Geolocation
Time-Location Resource Monitoring (TLRM)
Cognitive biometrics
Geolocation
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?
Dictionary attack
Hybrid attack
Custom attack
Brute force attack
Brute force attack
Which human characteristic is NOT used for biometric identification?
Retina
Iris
Height
Fingerprint
Height
___ biometrics is related to the perception, thought processes, and understanding of the user.
Cognitive
Standard
Intelligent
Behavioral
Cognitive
Using one authentication credential to access multiple accounts or applications is known as ___.
single sign-on
credentialization
identification authentication
federal login
single sign-on
What is a disadvantage of biometric readers?
Speed
Cost
Weight
Standards
Cost