Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

BYU-i CIT270 2021 > Module 12 > Flashcards

Module 12 Flashcards

1
Q

lya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?

  • Shibboleth
  • NTLM
  • Open ID
  • OAuth
A

Correct. OAuth is a federation system technology that is an open source federation framework that can support the development of authorization protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?

  • Custom attack
  • Hybrid attack
  • Brute force attack
  • Dictionary attack
A

Correct. A brute force attack is the slowest yet most thorough type.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which human characteristic is NOT used for biometric identification?

  • Height
  • Iris
  • Retina
  • Fingerprint
A

Correct. Height cannot be used for biometric identification because many people share the same height.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of these creates a format of the candidate password to significantly reduce the time needed to crack a password?

  • Rainbow
  • Pass the hash
  • Overlay
  • Mask
A

Mask

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is NOT an MFA using a smartphone?

  • Automated phone call
  • SMS text message
  • Biometric gait analysis
  • Authentication app
A

Correct. Gait analysis requires more technology than a smartphone to measure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is an authentication system that uses UDP over TCP?

  • TACACS+
  • Shibboleth
  • OAuth
  • RADIUS
A

Correct. RADIUS uses UDP as the transport protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

While analyzing a security breach, you found the attacker followed these attack patterns:

The attacker initially tried the commonly used password “passw0rd” on all enterprise user accounts and then started trying various intelligible words like “passive,” “partner,” etc.

Which of the following attacks was performed by the attacker?

  • Initially, a dictionary attack and then a rule attack.
  • Initially, a brute force attack and then a dictionary attack.
  • Initially, a password spraying attack and then a brute force attack.
  • Initially, a brute force attack and then a password spraying attack.
A

Correct. Initially, the attacker performed a password spraying attack by trying the same password on different accounts. Then, they tried a dictionary attack by trying different intelligible words to crack the password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The following statements regarding centralized administration concepts are presented to you in an interview in which only one of them is correct. Which of these is correct?

  • Extensible authentication protocol is a framework to transport authentication protocols.
  • Directory service is an XML standard that allows secure web domains to exchange user authentication and authorization data.
  • A RADIUS client can be defined as a desktop or a wireless laptop requesting authentication.
  • The transport protocol used by RADIUS is TCP.
A

Correct. The extensible authentication protocol (EAP) is a framework that is used to transport authentication protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following human characteristic is used for authentication?

  • Height
  • Breathing pattern
  • Facial expression
  • Veins
A

Correct. Vein images in a user’s palm or finger can be used for authentication and are identified through a vein-scanning tablet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You are asked to choose a secure authentication method other than a username and password for the employees to access your enterprise’s database. Which of the following should you choose?

  • Security key authentication
  • Smart card authentication
  • Gait recognition
  • Facial recognition
A

Correct. Security keys can authenticate a user with one tap and provide suitable security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An attacker collected many usernames from a website and tried to login into the accounts using the password “passw0rd”. What type of attack was this?

  • Password spraying
  • Pass the hash attack
  • Brute force attack
  • Password phishing
A

Correct. Password spraying attacks try commonly used passwords on different user accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In an interview, you were asked to crack a password and told that the password is a commonly used word. Which of the following methods should you apply?

  • You should perform a rule attack.
  • You should perform a dictionary attack.
  • You should perform skimming.
  • You should perform a brute force attack.
A

You should perform a dictionary attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is an authentication system that issues a ticket after verifying the credentials by which you can authenticate other services?

  • RADIUS
  • SAML
  • Kerberos
  • TACACS+
A

Correct. After successful authentication, Kerberos issues a ticket that allows other services to be accessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In a multifactor authentication-enabled facility, you are asked the following question: “What type of food was served on your child’s first birthday?” Which of the following is the authentication method used here?

  • Behavioral biometrics
  • Security key authentication
  • Cognitive biometrics
  • Physiological biometrics
A

Correct. Cognitive biometrics is related to the perception, thought process, and understanding of the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In an interview, you were asked to choose the least vulnerable password from the following list. Which of the following should you choose?

  • n2(f!%^*%:(r)!#$
  • # International$
  • earthwaterforesttreemanworldkid
  • honesty
A

Correct. This is less complex, but it is the lengthiest password, making it less vulnerable than the others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which attack uses one or a small number of commonly used passwords to attempt to log in to several different user accounts?

  • Online brute force attack
  • Role attack
  • Offline brute force attack
  • Password spraying attack
A

Correct. A password spraying attack uses one or a small number of commonly used passwords (Password1 or 123456) and then uses this same password when trying to log in to several different user accounts. Because this targeted guess is spread across many different accounts instead of attempting multiple password variations on a single account, it is much less likely to raise any alarms or lock out the user account from too many failed password attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following is an authentication credential used to access multiple accounts or applications?

  • Federal login
  • Identification authentication
  • Credentialization
  • Single sign-on
A

Correct. One application of federation is single sign-on (SSO) or using one authentication credential to access multiple accounts or applications. SSO holds the promise of reducing the number of usernames and passwords that users must memorize.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How is the Security Assertion Markup Language (SAML) used?

  • It is no longer used because it has been replaced by LDAP.
  • It serves as a backup to a RADIUS server.
  • It is an authenticator in IEEE 802.1x.
  • It allows secure web domains to exchange user authentication and authorization data.
A

Correct. Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. This allows a user’s login credentials to be stored with a single identity provider instead of being stored on each web service provider’s server.

19
Q

In an interview, you are asked to compare the following statements regarding different authentication concepts and identify the correct statement. Which of the following statements is correct?

  • Physiological biometrics is relating to the way in which the mind functions.
  • A HMAC-based one-time password (HOTP) changes after a set period of time.
  • A person’s vein can be used to uniquely authenticate an individual.
  • A windowed token displays a static code.
A

Correct. A person’s vein can be used for authentication.

20
Q

You are a cyber forensic specialist, and you are asked to retrieve the password of an employee account suspected of being an imposter. As you are provided with the enterprise’s strong password policy, which of the following methods will be the easiest for you to use when retrieving the password?

  • Brute force attack
  • Hybrid attack
  • Rule attack
  • Dictionary attack
A

Correct. Since you know the password policy, conducting a rule attack can retrieve the password easily.

21
Q

Which of the following is a hardware-based solution for password security?

  • Salts
  • Password key
  • Password digest
  • Password vault
A

Correct. Password keys serve as hardware-based password managers.

22
Q

In a security review meeting, you proposed using a windowed token with a time-based one-time password (TOTP) to authenticate enterprise employees, and you were asked to explain the working of TOTP.

Which of the following should be your reply?

  • With a windowed token with TOTP, a one-time code is generated by the server. The server sends the code to the windowed token. The user enters the code. The user gets authenticated for the correct code.
  • With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using a variant of the specific algorithm. The user enters the code. The user is authenticated if the codes match.
  • With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using the same algorithm. The user enters the code generated by the windowed token. The user is authenticated if the codes match.
  • With a windowed token with TOTP, a one-time code is generated by the windowed token. The windowed token sends the code to the server. The user enters the code generated by the windowed token. The user gets an authentication for the correct code.
A

With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using the same algorithm. The user enters the code generated by the windowed token. The user is authenticated if the codes match.

23
Q

Which of the following best describes a preimage attack?

  • Cracking picture-based passwords
  • Cracking the password by trying all possible alphanumeric combinations
  • Embedding password-logging malware in an image file
  • Comparing a known digest with an unknown digest
A

Correct. Preimage attack refers to comparing a known digest with an unknown digest.

24
Q

Which of the following is the Microsoft version of EAP?

a. EAP-MS
b. AD-EAP
c. PAP-Microsoft
d. MS-CHAP

A

d. MS-CHAP

25
Q

Which of the following is NOT used for authentication?

a. Somewhere you are
b. Something you exhibit
c. Something you can do
d. Something you can find

A

d. Something you can find

26
Q

How is key stretching effective in resisting password attacks?

a. It takes more time to generate candidate password digests.
b. It requires the use of GPUs.
c. It does not require the use of salts.
d. The license fees are very expensive to purchase and use it.

A

a. It takes more time to generate candidate password digests.

27
Q

Which of these is NOT a reason that users create weak passwords?

a. A lengthy and complex password can be difficult to memorize.
b. A security policy requires a password to be changed regularly.
c. Having multiple passwords makes it hard to remember all of them.
d. The length and complexity required force users to circumvent creating strong passwords.

A

d. The length and complexity required force users to circumvent creating strong passwords.

28
Q
  1. Fernando is explaining to a colleague how a password cracker works. Which of the following is a valid statement about password crackers?
    a. Most states prohibit password crackers unless they are used to retrieve a lost password.
    b. Due to their advanced capabilities, they require only a small amount of computing power.
    c. A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken.
    d. Password crackers differ as to how candidates are created.
A

d. Password crackers differ as to how candidates are created.

29
Q

Why are dictionary attacks successful?

a. Password crackers using a dictionary attack require less RAM than other types of password crackers.
b. They link known words together in a “string” for faster processing.
c. Users often create passwords from dictionary words.
d. They use pregenerated rules to speed up the processing.

A

c. Users often create passwords from dictionary words.

30
Q

Which of these attacks is the last-resort effort in cracking a stolen password digest file?

a. Hybrid
b. Mask
c. Rule list
d. Brute force

A

d. Brute force

31
Q

Which of the following should NOT be stored in a secure password database?

a. Iterations
b. Password digest
c. Salt
d. Plaintext password

A

d. Plaintext password

32
Q

Which of the following is NOT an MFA using a smartphone?

a. Authentication app
b. Biometric gait analysis
c. SMS text message
d. Automated phone call

A

b. Biometric gait analysis

33
Q

Which of the following is an authentication credential used to access multiple accounts or applications?

a. Single sign-on
b. Credentialization
c. Identification authentication d. Federal login

A

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials — for example, a name and password — to access multiple applications.

34
Q

What is a disadvantage of biometric readers?

a. Speed
b. Cost
c. Weight
d. Standards

A

b. Cost

35
Q

Pablo has been asked to look into security keys that have a feature of a key pair that is “burned” into the security key during manufacturing time and is specific to a device model. What feature is this?

a. Authorization
b. Authentication
c. Attestation
d. Accountability

A

c. Attestation

36
Q

Which one-time password is event driven?

a. HOTP
b. TOTP
c. ROTP
d. POTP

A

a. HOTP

37
Q

_____ biometrics is related to the perception, thought processes, and understanding of the user.
Group of answer choices

Standard

Intelligent

Cognitive

Behavioral

A

Cognitive

38
Q

Windows picture password belongs to which of the following?

Group of answer choices

Physiological biometrics

Behavioral biometrics

Cognitive biometrics

Psychological biometrics

A

Cognitive biometrics

39
Q

Which of the following is a motherboard chip that provides cryptographic services?

Group of answer choices

Hardware security module

Trusted platform module

Security key

Windowed token

A

Trusted platform module

40
Q

You are working as a security expert in an e-commerce enterprise. Your company recently decided on a short-term collaboration with a small business named BuyMe, and the following issue arose. Whenever your customers purchase any product from BuyMe, the e-commerce website redirects them to the BuyMe website, asking for additional authentication. This results in customers abandoning their purchases. To solve this issue, both enterprises agree to use a single authentication process wherein the users, once logged in to your website, can purchase from BuyMe without additional steps.

How should you implement this without storing the customers’ credentials on the BuyMe server?

Group of answer choices

Use SAML

Use TACACS+

Use Using Kerberos authentication

Use RADIUS authentication

A

Use SAML

41
Q

In an interview, you were asked to explain the steps involved in a successful authentication by a RADIUS server. How should you answer?

Group of answer choices

The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network.

The supplicant prompts the user for the credentials. On entering the credentials, the supplicant sends a request to the access point (AP). The AP then sends an authentication request to the RADIUS server.
If verified, the server sends an authentication acknowledgment to the AP. The user is then authorized to join the network.

The access point (AP) prompts the user for credentials. On entering the credentials, the AP sends a request to the supplicant. The supplicant sends an authentication request to the RADIUS server.
If verified, the server sends an authentication acknowledgment to the AP. The user is then authorized to join the network.

The access point (AP) sends a request to the supplicant. The supplicant prompts the user for the credentials. On entering the credentials, the supplicant sends an authentication request to the RADIUS server. If verified, the server sends an authentication acknowledgment to the supplicant, and the user is authorized to join the network.

A

The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network.

42
Q

In a multifactor authentication-enabled facility, you are asked the following question: “What type of food was served on your child’s first birthday?” Which of the following is the authentication method used here?

Group of answer choices

Security key authentication

Physiological biometrics

Behavioral biometrics

Cognitive biometrics

A

Cognitive biometrics

43
Q

Which of the following authentication methods belongs in the “something you have” category?

Group of answer choices

Security key

Gait recognition

Keystroke dynamics

Picture password

A

Security key

BYU-i CIT270 2021 (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions