Module 12 - Authentication Q

Question 1

You are a cyber forensic specialist, and you are asked to retrieve the password of an employee account suspected of being an imposter. As you are provided with the enterprise’s strong password policy, which of the following methods will be the easiest for you to use when retrieving the password?

Answer 1

Rule attack

Since you know the password policy, conducting a rule attack can retrieve the password easily

Question 2

Which of the following best describes a preimage attack?

Answer 2

Comparing a known digest with an unknown digest

Preimage attack refers to comparing a known digest with an unknown digest

Question 3

Which of the following best describes skimming?

Answer 3

Capturing information from the magnetic stripe of a smartcard

Skimming refers to capturing information from the magnetic stripe of a smart card to clone the smartcard

Question 4

An attacker collected many usernames from a website and tried to login into the accounts using the password “passw0rd”. What type of attack was this?

Answer 4

Password spraying

Password spraying attacks try commonly used passwords on different user accounts

Question 5

While analyzing a security breach, you found the attacker followed these attack patterns:

The attacker initially tried the commonly used password “passw0rd” on all enterprise user accounts and then started trying various intelligible words like “passive,” “partner,” etc.

Which of the following attacks was performed by the attacker?

Answer 5

Initially, a password spraying attack and then a brute force attack

Initially, the attacker performed a password spraying attack by trying the same password on different accounts. Then, they tried a dictionary attack by trying different intelligible words to crack the password

Question 6

Which of the following human characteristic is used for authentication?

Answer 6

Veins

Vein images in a user’s palm or finger can be used for authentication and are identified through a vein-scanning tablet

Question 7

Your enterprise recently approved using fingerprint scanners to authenticate employees who access restricted areas. You are assigned to conduct a study on how secure fingerprint authentication is. Which of the following should you report?

Answer 7

Fingerprint scanners can be used for trickery in rare cases

Fingerprint scanners can be used for trickery by collecting an authorized person’s fingerprint and applying it effectively in the scanner

Question 8

In a multifactor authentication-enabled facility, you are asked the following question: “What type of food was served on your child’s first birthday?” Which of the following is the authentication method used here?

Answer 8

Cognitive biometrics

Cognitive biometrics is related to the perception, thought process, and understanding of the user

Question 9

You want to implement an authentication method so that different password attacks, like dictionary attacks, brute force attacks, etc., will not result in unauthorized access to the web application hosted by your enterprise. You want to do this by not using any specialized hardware or making any changes to the user’s activity during the authentication process. Which of the following methods should you apply?

Answer 9

You should implement keystroke dynamics

Keystroke dynamics analyze the user’s keystrokes to authenticate the user. This allows multifactor authentication without using specialized hardware

Question 10

Sam is working as a cybersecurity expert. An enterprise that manages nuclear powerplants approached Sam’s company to install an authentication facility for its employees when they access the nuclear plant. The enterprise is demanding multifactor authentication with high security, lowest false acceptance rate, and lowest false rejection rates.

Which of the following authentication methods should Sam apply?

Answer 10

PIN and gait recognition

Gait recognition cannot be tricked, so the false acceptance and false rejection rates are low

Question 11

In an interview, you were asked to crack a password and told that the password is a commonly used word. Which of the following methods should you apply?

Answer 11

You should perform a dictionary attack

Dictionary attacks use common words from the dictionary to crack passwords

Question 12

You are asked to choose a secure authentication method other than a username and password for the employees to access your enterprise’s database. Which of the following should you choose?

Answer 12

Security key authentication

Security keys can authenticate a user with one tap and provide suitable security

Question 13

The following data is being used for a password attack: “?u ?l ?l ?l ?l ?d ?d ?d ?d.”
Which of the following types of attack is this?

Answer 13

Rule attack

In a rule attack, password format masks such as “?u ?l ?l ?l ?l ?d ?d ?d ?d” are created to crack the passwords in the above-mentioned scenario

Question 14

Which of the following can protect a password digest from attackers?

Answer 14

Argon2

Argon2 is a key stretching algorithm that can also add salts to provide optimum security for password digests

Question 15

Which of the following is a hardware-based solution for password security?

Answer 15

Password key

Password keys serve as hardware-based password managers

Question 16

You want to manage your passwords for different accounts to optimally secure passwords from compromise. Which of the following password management methods should you use?

Answer 16

Password key

Since a password key is a hardware-based password management tool, it provides optimum security to the password

Question 17

Ram’s enterprise is hosting a web app that requires authentication. Recently, the password digest files of other enterprises were stolen, and the attackers cracked the passwords with ease. As such, Ram was asked to implement additional security measures for the web app’s passwords. Which of the following methods should Ram apply?

Answer 17

He should use Key stretching

Key stretching will slow down the password cracking, even if the password digest is compromised

Question 18

Which of the following is an authentication system that issues a ticket after verifying the credentials by which you can authenticate other services?

Answer 18

Kerberos

After successful authentication, Kerberos issues a ticket that allows other services to be accessed

Question 19

You are working as a security expert in an e-commerce enterprise. Your company recently decided on a short-term collaboration with a small business named BuyMe, and the following issue arose. Whenever your customers purchase any product from BuyMe, the e-commerce website redirects them to the BuyMe website, asking for additional authentication. This results in customers abandoning their purchases. To solve this issue, both enterprises agree to use a single authentication process wherein the users, once logged in to your website, can purchase from BuyMe without additional steps.

How should you implement this without storing the customers’ credentials on the BuyMe server?

Answer 19

Use SAML

Simple assertion markup language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data so that the credentials from your e-commerce servers can be temporarily transferred to the BuyMe server for authentication

Question 20

Windows picture password belongs to which of the following?

Answer 20

Cognitive biometrics

Windows picture password is a cognitive biometric, or knowledge-based authentication, method

Question 21

In an interview, you are asked to compare the following statements regarding different authentication concepts and identify the correct statement. Which of the following statements is correct?

Answer 21

A person’s vein can be used to uniquely authenticate an individual

A person’s vein can be used for authentication

Question 22

The following statements regarding centralized administration concepts are presented to you in an interview in which only one of them is correct. Which of these is correct?

Answer 22

Extensible authentication protocol is a framework to transport authentication protocols

The extensible authentication protocol (EAP) is a framework that is used to transport authentication protocols

Question 23

In a security review meeting, you proposed using a windowed token with a time-based one-time password (TOTP) to authenticate enterprise employees, and you were asked to explain the working of TOTP.

Which of the following should be your reply?

Answer 23

With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using the same algorithm. The user enters the code generated by the windowed token. The user is authenticated if the codes match

Both the windowed token and the authentication server generate the code by using the same algorithm and time, and the user must enter the code within a short time frame. If the code entered by the user matches, the user is authenticated

Question 24

You are working as a security admin in an enterprise. While you were analyzing different password attacks, you found that whenever an individual user’s password gets cracked, another user with the same password residing in the same password digest file also has their account compromised. How should you prevent this from happening in the future?

Answer 24

You should add salt to the passwords before hashing

Adding salt will make every password unique

Question 25

Which of the following authentication methods belongs in the “something you have” category?

Answer 25

Security key

Security keys are hardware devices that users physically possess

Question 26

Which of the following is an authentication system that uses UDP over TCP?

Answer 26

RADIUS

RADIUS uses UDP as the transport protocol

Question 27

How does the single sign-on enhance secure authentication?

Answer 27

Implementing a single sign-on will reduce the number of passwords needing to be remembered

When single sign-on is used, only a smaller number of passwords need to be remembered and can set different complex passwords for different services

Question 28

Which of the following is a motherboard chip that provides cryptographic services?

Answer 28

Trusted platform module

The trusted platform module (TPM) is a chip on a computer’s motherboard that provides cryptographic services

Question 29

In an interview, you were asked to choose the least vulnerable password from the following list. Which of the following should you choose?

Answer 29

earthwaterforesttreemanworldkid

This is less complex, but it is the lengthiest password, making it less vulnerable than the others

Question 30

In an interview, you were asked to explain the steps involved in a successful authentication by a RADIUS server. How should you answer?

Answer 30

The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network

These are the steps involved in a successful authentication by a RADIUS server