Chapter 11 Flashcards
Discuss the types of shortcuts that users take to help them recall their passwords.
two types:
1) create weak passwords
2) reusing the same passwords
A retina scanner has become the most common type of standard biometrics.
(T/F)
False
Which of the following account lockout policy settings determines the number of failed login attempts before a lockout occurs?
a) administrator lockout threshold
b) system lockout threshold
c) account lockout threshold
d) user lockout threshold
c) account lockout threshold
Which of the following options prevents a logon after a set number of failed logon attempts within a specificed period and can also specify the length of time that the lockout is in force?
a) password lockout
b) logon lock
c) password lock
d) logon lockout
a) password lockout
Which of the following accounts is a user account that is created explicitly to provide a security context for services running on a server?
a) priviliged account
b) shared account
c) service account
d) system account
c) service account
Describe how rainbow table works.
Rainbow tables are designed to make password attacks easier. They do this by creating a large pregenerated data set of candidate digests.
Name the advantages to using rainbow tables.
1) can be used repeatedly
2) are must fastert than dictionary attacks
3) amount of memory needed on the attacking machine is greatly reduced
Brute force attacks can be very slow because every character combination must be generated.
(T/F)
True
A US Dept. of Defense smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:
a) Creditential Validation Card (CVC)
b) Common Access Card (CAC)
c) Identify Validation Card (IVC)
d) Personal Credential Card (PCC)
b) Common Access Card (CAC)
Passwords provide strong protection.
(T/F)
False
A hardware security token is typically a small device with a window display.
(T/F)
True
Which authentication factor is based on a unique talent that a user possesses?
a. What you have
b. What you are
c. What you do
d. What you know
c. What you do
Which of these is NOT a characteristic of a weak password?
a. A common dictionary word
b. A long password
c. Using personal information
d. Using a predictable sequence of characters
b. A long password
Each of the following accounts should be prohibited EXCEPT:
a. Shared accounts
b. Generic accounts
c. Privileged accounts
d. Guest accounts
c. Privileged accounts
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?
a. OAuth
b. Open ID Connect
c. Shibboleth
d. NTLM
a. OAuth
How is key stretching effective in resisting password attacks?
a. It takes more time to generate candidate password digests.
b. It requires the use of GPUs.
c. It does not require the use of salts.
d. The license fees are very expensive to purchase and use it.
a. It takes more time to generate candidate password digests.
Which of these is NOT a reason why users create weak passwords?
a. A lengthy and complex password can be difficult to memorize.
b. A security policy requires a password to be changed regularly.
c. Having multiple passwords makes it hard to remember all of them.
d. Most sites force users to create weak passwords even though they do not want to.
d. Most sites force users to create weak passwords even though they do not want to.
What is a hybrid attack?
a. An attack that uses both automated and user input
b. An attack that combines a dictionary attack with a mask attack
c. A brute force attack that uses special tables
d. An attack that slightly alters dictionary words
b. An attack that combines a dictionary attack with a mask attack
A TOTP token code is generally valid for what period of time?
a. Only while the user presses SEND
b. For as long as it appears on the device
c. For up to 24 hours
d. Until an event occurs
b. For as long as it appears on the device
What is a token system that requires the user to enter the code along with a PIN called?
a. Single-factor authentication system
b. Token-passing authentication system
c. Dual-prong verification system
d. Multifactor authentication system
d. Multifactor authentication system
Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel?
a. Personal Identity Verification (PIV) card
b. Secure ID Card (SIDC)
c. Common Access Card (CAC)
d. Government Smart Card (GSC)
c. Common Access Card (CAC)
Which of the following should NOT be stored in a secure password database?
a. Iterations
b. Password digest
c. Salt
d. Plaintext password
d. Plaintext password
Creating a pattern of where a user accesses a remote web account is an example of which of the following?
a. Keystroke dynamics
b. Geolocation
c. Time-Location Resource Monitoring (TLRM)
d. Cognitive biometrics
b. Geolocation
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?
a. Dictionary attack
b. Hybrid attack
c. Custom attack
d. Brute force attack
d. Brute force attack
