Lecture 2

Question 1

What are the two steps of authentication?

Answer 1

Identification and authentication

Question 2

What are the four means of authenticating user identity based on?

Answer 2

• Something the individual knows
• Something the individual possesses
• Something the individual is
• Something the individual does

Question 3

What is the role of the username/login ID?

Answer 3

Determines that the user is authorized to access the system.
Determines the user’s privileges.

Question 4

What is the role of the password?

Answer 4

Confirms that the user is really who they claim they are.
Establishes trust and allows access to the resource.

Question 5

What does an exhaustive search (brute force) password attack do?

Answer 5

It tries all possible combinations of valid symbols, up to a certain length.

Question 6

What does an intelligent search password attack do?

Answer 6

It searches through a restricted name space, e.g., try passwords that are somehow associated with a user such as name, names of friends or relatives, car brand, phone numbers, etc.

Question 7

True or false. Is a dictionary attack an example of an intelligent search?

Answer 7

TRUE

Question 8

Name at least 3 password attack methods

Answer 8

Dictionary attack
Brute force attack
Password spoofing attack
Sniffing and key loggers attack
Shoulder surfing attack