Chapter 3: Review Questions

Question 1

What is the most common form of authentication that is most likely to be entered incorrectly?

Answer 1

Passwords are one of the most common ways of authenticating a user and they are the most to be inserted incorrectly.

Question 2

When I purchase a new wireless access point, what should I do first?

Answer 2

Need an answer.

Question 3

What is password history?

Answer 3

The list of passwords that the users used for their respective account.

Question 4

How can I prevent someone from reusing the same password?

Answer 4

You can enforce a group policy that either enforces password history or password reuse. This will force the user to use whatever number of passwords indicated by the policy before they can reuse it.

Question 5

Explain what format a complex password takes.

Answer 5

The following four formats can be used to increase the password complexity:

• Lowercase
• Uppercase
• Numbers
• Special Characters Not Used in Programming

Question 6

How can I prevent a hacker from inserting a password multiple times?

Answer 6

Need an Answer

Question 7

What type of factor authentication is a smart card?

Answer 7

Something You Have

Question 8

How many factors is it if I have a password, PIN, and date of birth?

Answer 8

Only one: Something You Know

Question 9

What is biometric authentication?

Answer 9

Something You Are

Question 10

What authentication method can be used by two third parties that participate in a joint venture?

Answer 10

Federation Services

Question 11

What is an XML-based authentication protocol

Answer 11

When two companies need to exchange the extended attribute information, they use an XML-based authentication, which i used to pass the credentials between Company A and Company B. Security Assertion Mark-up Language (SAML).

Question 12

What is Shibboleth?

Answer 12

This is an open source federation service product that uses SAML authentication. It is used in a small federation service environment. It can use cookies as well.

Question 13

What protocol is used to store and search for Active Directory objects?

Answer 13

LDAP

Question 14

What is the format of a distinguished name for a user called Fred who works in the IT department for a company with a domain called Company A that is a dotcom?

Answer 14

CN= Fred, OU=IT department, DC=CompanyA, DC=com

Question 15

What authentication factor uses tickets, timestamps, and updated sequence numbers and is used to prevent replay attacks?

Answer 15

Kerberos

Question 16

What is a Ticket Granting Ticket (TGT) session?

Answer 16

This is where a user sends their credentials (Username and password, or it could be a smart card and PIN) to a domain controller that starts the authentication process and, when it has been confirmed, will send back a Service Ticket that has a 10-hour lifespan.

Question 17

What is single sign-on? Give two examples.

Answer 17

Need an Answer

Question 18

How can I prevent a pass-the-hash attack?

Answer 18

Kerberos prevents the pass-the-hash attacks because it uses tickets to verify authentication.

Question 19

Give an example of when you would use Open ID Connect.

Answer 19

If I am signing into my Brainscape account, it asks me if I want to sign in using my Apple Account credentials; this is an example of Open ID Connect.

Question 20

Name two AAA servers and the ports associated with them.

Answer 20

Radius and TACACS+. Radius authentication uses UDP port 1812. TACACS+ TCP port 49 for authentication.

Question 21

What is the purpose of a VPN solution?

Answer 21

A VPN allows someone to remote access a corporate network through the internet.

Question 22

Why should we never use PAP authentication?

Answer 22

It is because the passwords are transmitted in clear text.

Question 23

What type of device is an iris scanner?

Answer 23

It is a biometric device

Question 24

What could be two drawbacks of using facial recognition?

Answer 24

Lighting and the need to look straight at the camera every time you had to use facial recognition.

Question 25

What is Type II in biometric authentication and why is it a security risk?

Answer 25

Type II in biometric authentication is where unauthorized individuals are accepted by biometrics and allows them access to data. This is a security risk because people who don’t have the clearance are gaining access to resources they shouldn’t have.

Question 26

What is used for accounting in an AAA server?

Answer 26

RADIUS Clients and it uses UDP port 1813.

Question 27

What is a time-limited password?

Answer 27

Need an Answer.