Chapter 11 - Authentication And Account Management

Question 1

Authentication

Answer 1

Proving that a user is genuine, and not an imposter.

Question 2

Authentication credentials

Answer 2

1) what he has
2) what he is
3) what he knows
4) where he is
5) what he does

Question 3

Online attack

Answer 3

An attempt to enter different passwords at the login prompt until the right password is guessed.

Question 4

Offline attack

Answer 4

Stealing a message digest database and cracking it offline.

Question 5

NTLM (New Technology LAN Manager) hash

Answer 5

A hash used by modern Microsoft Windows operating systems for creating password digests.

Question 6

Pass the hash attack

Answer 6

An attack in which the user sends the hash to the remote system to then be authenticated on an NTLM system.

Question 7

Mask attack

Answer 7

A more targeted brute force attack that uses placeholders for characters in certain positions of the password.

Question 8

Rule attack

Answer 8

Conducts a statistical analysis on the stolen passwords that is then used to create a mask to break the largest number of passwords.

Question 9

Dictionary attack

Answer 9

A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.

Question 10

Rainbow tables

Answer 10

Large pre-generated data sets of encrypted passwords used in password attacks.

Question 11

Key stretching

Answer 11

A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest.

Question 12

2 popular key stretching password hash algorithms

Answer 12

1) bcrypt

2) PBKDF2

Question 13

Multifactor authentication

Answer 13

Using more than one type of authentication credential.

Question 14

Security token

Answer 14

A means of authentication based on a token that the user has.

Question 15

Hardware security token

Answer 15

A small device (usually one that can be affixed to a keychain) with a window display.

Question 16

Software security token

Answer 16

Software stored in a general-purpose device like a laptop computer or smartphone.

Question 17

Time-based one-time password (TOTP)

Answer 17

A one-time password that changes after a set period.

Question 18

HMAC-based one-time password (HOTP)

Answer 18

A one-time password that changes when a specific event occurs.

Question 19

Smart card

Answer 19

A card that contains an integrated circuit chip that can hold information used as part of the authentication process.

Question 20

Proximity card

Answer 20

A contactless card that does not require physical contact with the card itself for authentication.

Question 21

Common access card (CAC)

Answer 21

A U.S department of defense (DoD) smart card used for identification of active-duty and reserve military personnel along with civilian employees and special contractors.

Question 22

Personal Identity Verification (PIV)

Answer 22

A U.S government standard for smart cards that covers all government employees.

Question 23

Standard biometrics

Answer 23

Using fingerprints or other unique physical characteristics of a persons face, hands, or eyes for authentication.

Question 24

Retinal scanner

Answer 24

A device that uses the human retina as a biometric identifier.

Question 25

Fingerprint scanner

Answer 25

A device that uses fingerprints as a biometric identifier.

Question 26

Iris scanner

Answer 26

Using a standard computer webcam to map the unique characteristic of the iris for authentication.

Question 27

Facial recognition

Answer 27

A biometric authentication that is becoming increasingly popular in smartphones that views the users face.

Question 28

Cognitive biometrics

Answer 28

Relates to the perception, thought process, and understanding of the user.

Question 29

Behavioral biometrics

Answer 29

Authentication that is based on actions that the user is uniquely qualified to perform, or something you do.

Question 30

Keystroke dynamics

Answer 30

A type of behavioral biometrics which attempts to recognize a users unique typing rhythm.

Question 31

Geolocation

Answer 31

A type of authentication based on where the user is located, or somewhere you are. It is the identification of the location of a person or object using technology.

Question 32

Federation

Answer 32

Single sign-on for networks owned by different organizations, also called federated identity management (FIM)

Question 33

Single sign-on (SSO)

Answer 33

Using one authentication credential to access multiple accounts or applications.

Question 34

Credential management

Answer 34

Managing the login credentials such as passwords in user accounts.

Question 35

Group policy

Answer 35

A preferred approach is to assign privileges by group instead of individually.