Part 12 Flashcards
How is the Security Assertion Markup Language (SAML) used?
It allows secure web domains to exchange user authentication and authorization data.
Which of the following is the Microsoft version of EAP?
EAP-MS
AD-EAP
PAP-Microsoft
MS-CHAP
MS-CHAP
Which of the following is NOT used for authentication?
Somewhere you are
Something you exhibit
Something you can do
Something you can find
Something you can find
IIya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend
OAuth
OpenID
Shibboleth
NTLM
OAuth
How is key stretching effective in resisting password attacks?
It takes more time to generate candidate password digests.
Which of these is NOT a reason to create weak passwords
A lengthy and complex password can be difficult to memorize.
A security policy requires a password to be changed regularly
Having multiple passwords makes it hard to remember all of them
The length and complexity required force users to circumvent creating strong passwords.
The length and complexity required force users to circumvent creating strong passwords.
Fernando is explaining to a colleague how a password cracker works. Which of the following is a valid statement about password crackers?
Most states prohibit password crackers unless they are used to retrieve a lost password
Due to the advanced capabilities, they require only a small amount of computing power.
A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken.
A password cracker differ as to how candidates are created.
A password cracker differ as to how candidates are created.
Which attack uses one or a small number of commonly used passwords to attempt to log in to several different user accounts?
Password spraying attack
Why are dictionary attacks successful?
Users often create passwords from dictionary words
Which of these attacks is the last-resort effort in cracking a stolen password digest file? Hybrid Mask Rule List Brute Force
Brute force
Which of the following should NOT be stored in a secure password database? Iterations Password digest Salt Plaintext password
Plaintext password
Which of the following is NOT an MFA using smartphone? Authentication app Biometric gait analysis SMS text message Automated phone call
Biometric gait analysis
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? Dictionary attack Hybrid attack Custom attack Brute Force attack
Brute force attack
Which human characteristic is NOT used for biometric identification?
Height
____ biometric is related to the perception, thought processes, and understanding of the user.
Cognitive
