Chapter 11

Question 1

Discuss the types of shortcuts that users take to help them recall their passwords.

Answer 1

two types:

1) create weak passwords
2) reusing the same passwords

Question 2

A retina scanner has become the most common type of standard biometrics.

(T/F)

Answer 2

False

Question 3

Which of the following account lockout policy settings determines the number of failed login attempts before a lockout occurs?

a) administrator lockout threshold
b) system lockout threshold
c) account lockout threshold
d) user lockout threshold

Answer 3

c) account lockout threshold

Question 4

Which of the following options prevents a logon after a set number of failed logon attempts within a specificed period and can also specify the length of time that the lockout is in force?

a) password lockout
b) logon lock
c) password lock
d) logon lockout

Answer 4

a) password lockout

Question 5

Which of the following accounts is a user account that is created explicitly to provide a security context for services running on a server?

a) priviliged account
b) shared account
c) service account
d) system account

Answer 5

c) service account

Question 6

Describe how rainbow table works.

Answer 6

Rainbow tables are designed to make password attacks easier. They do this by creating a large pregenerated data set of candidate digests.

Question 7

Name the advantages to using rainbow tables.

Answer 7

1) can be used repeatedly
2) are must fastert than dictionary attacks
3) amount of memory needed on the attacking machine is greatly reduced

Question 8

Brute force attacks can be very slow because every character combination must be generated.

(T/F)

Answer 8

True

Question 9

A US Dept. of Defense smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:

a) Creditential Validation Card (CVC)
b) Common Access Card (CAC)
c) Identify Validation Card (IVC)
d) Personal Credential Card (PCC)

Answer 9

b) Common Access Card (CAC)

Question 10

Passwords provide strong protection.

(T/F)

Answer 10

False

Question 11

A hardware security token is typically a small device with a window display.

(T/F)

Answer 11

True

Question 12

Which authentication factor is based on a unique talent that a user possesses?

a. What you have
b. What you are
c. What you do
d. What you know

Answer 12

c. What you do

Question 13

Which of these is NOT a characteristic of a weak password?

a. A common dictionary word
b. A long password
c. Using personal information
d. Using a predictable sequence of characters

Answer 13

b. A long password

Question 14

Each of the following accounts should be prohibited EXCEPT:

a. Shared accounts
b. Generic accounts
c. Privileged accounts
d. Guest accounts

Answer 14

c. Privileged accounts

Question 15

Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?

a. OAuth
b. Open ID Connect
c. Shibboleth
d. NTLM

Answer 15

a. OAuth

Question 16

How is key stretching effective in resisting password attacks?

a. It takes more time to generate candidate password digests.
b. It requires the use of GPUs.
c. It does not require the use of salts.
d. The license fees are very expensive to purchase and use it.

Answer 16

a. It takes more time to generate candidate password digests.

Question 17

Which of these is NOT a reason why users create weak passwords?

a. A lengthy and complex password can be difficult to memorize.
b. A security policy requires a password to be changed regularly.
c. Having multiple passwords makes it hard to remember all of them.
d. Most sites force users to create weak passwords even though they do not want to.

Answer 17

d. Most sites force users to create weak passwords even though they do not want to.

Question 18

What is a hybrid attack?

a. An attack that uses both automated and user input
b. An attack that combines a dictionary attack with a mask attack
c. A brute force attack that uses special tables
d. An attack that slightly alters dictionary words

Answer 18

b. An attack that combines a dictionary attack with a mask attack

Question 19

A TOTP token code is generally valid for what period of time?

a. Only while the user presses SEND
b. For as long as it appears on the device
c. For up to 24 hours
d. Until an event occurs

Answer 19

b. For as long as it appears on the device

Question 20

What is a token system that requires the user to enter the code along with a PIN called?

a. Single-factor authentication system
b. Token-passing authentication system
c. Dual-prong verification system
d. Multifactor authentication system

Answer 20

d. Multifactor authentication system

Question 21

Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel?

a. Personal Identity Verification (PIV) card
b. Secure ID Card (SIDC)
c. Common Access Card (CAC)
d. Government Smart Card (GSC)

Answer 21

c. Common Access Card (CAC)

Question 22

Which of the following should NOT be stored in a secure password database?

a. Iterations
b. Password digest
c. Salt
d. Plaintext password

Answer 22

d. Plaintext password

Question 23

Creating a pattern of where a user accesses a remote web account is an example of which of the following?

a. Keystroke dynamics
b. Geolocation
c. Time-Location Resource Monitoring (TLRM)
d. Cognitive biometrics

Answer 23

b. Geolocation

Question 24

Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?

a. Dictionary attack
b. Hybrid attack
c. Custom attack
d. Brute force attack

Answer 24

d. Brute force attack

Question 25

Which human characteristic is NOT used for biometric identification?

a. Retina
b. Iris
c. Height
d. Fingerprint

Answer 25

c. Height

Question 26

_____ biometrics is related to the perception, thought processes, and understanding of the user.

a. Cognitive
b. Standard
c. Intelligent
d. Behavioral

Answer 26

a. Cognitive

Question 27

Using one authentication credential to access multiple accounts or applications is known as _____.

a. single sign-on
b. credentialization
c. identification authentication
d. federal login

Answer 27

a. single sign-on

Question 28

What is a disadvantage of biometric readers?

a. Speed
b. Cost
c. Weight
d. Standards

Answer 28

b. Cost

Question 29

Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password?

a. Rainbow attack
b. Mask attack
c. Rule attack
d. Pass the hash attack

Answer 29

b. Mask attack

Question 30

Why should the account lockout threshold not be set too low?

a. It could decrease calls to the help desk.
b. The network administrator would have to reset the account manually.
c. The user would not have to wait too long to have her password reset.
d. It could result in denial of service (DoS) attacks.

Answer 30

d. It could result in denial of service (DoS) attacks.

Question 31

Which one-time password is event-driven?

a. HOTP
b. TOTP
c. ROTP
d. POTP

Answer 31

a. HOTP