Chapter 12

Question 1

A secret combination of letters, numbers, and/or characters that only the user should have knowledge
of, is known as a:

Answer 1

Password

Question 2

What is the center of the weakness of passwords?

Answer 2

Human memory

Question 3

Passwords that are transmitted can be captured by what type of software?

Answer 3

Protocol analyzer

Question 4

What type of attack involves an attacker stealing a file containing password digests and comparing the
digests with digests created by the attacker?

Answer 4

Offline cracking

Question 5

What type of attack involves using every possible combination of letters, numbers, and characters to
create candidate digests that are then matched against those in a stolen digest file?

Answer 5

Brute force

Question 6

What variation of a dictionary attack involves a dictionary attack combined with a brute force attack,
and will slightly alter dictionary words by adding numbers to the end of the password, spelling words
backward, slightly misspelling words, or including special characters?

Answer 6

Hybrid

Question 7

The use of what item below involves the creation of a large pregenerated data set of candidate digests?

Answer 7

Rainbow tables

Question 8

What kind of biometrics utilizes a person’s unique physical characteristics for authentication, such as
fingerprints or unique characteristics of a person’s face?

Answer 8

Standard biometrics

Question 9

Which term below describes the time it takes for a key to be pressed and then released?

Answer 9

Dwell time

Question 10

Which type of biometrics is based on the perception, thought process, and understanding of the user?

Answer 10

Cognitive

Question 11

The use of a single authentication credential that is shared across multiple networks is called:

Answer 11

Identity management

Question 12

The use of one authentication credential to access multiple accounts or applications is referred to as?

Answer 12

Single sign on

Question 13

What technology allows users to share resources stored on one site with a second site without
forwarding their authentication credentials to the other site?

Answer 13

OAuth

Question 14

Select below the decentralized open-source FIM that does not require specific software to be installed
on the desktop:

Answer 14

OpenID

Question 15

What federated identity management (FIM) relies on token credentials?

Answer 15

OAuth

Question 16

A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and
reserve military personnel along with civilian employees and special contractors is called:

Answer 16

Common Access Card (CAC)

Question 17

What can be used to increase the strength of hashed passwords?

Answer 17

Salt

Question 18

A list of the available nonkeyboard characters can be seen in Windows by opening what utility?

Answer 18

charmap.exe

Question 19

Which hashing algorithm below is used with NTLMv2’s Hashed Message Authentication Code?

Answer 19

MD5

Question 20

What type of one-time password (OTP) changes after a set time period?

Answer 20

Time-based one-time password (TOTP)