Lecture 7

Question 1

What are the two types of authentication in multifactor authentication (MFA)?

Answer 1

What a user knows and what a user has.

Question 2

Fill in the blank: Passwords are the most common type of IT _______.

Answer 2

[authentication]

Question 3

What are the weaknesses associated with passwords?

Answer 3

• Weak human memory
• Limited number of items memorized
• Difficulty in memorizing long, complex passwords
• Requirement for unique passwords across accounts

Question 4

True or False: Passwords should be simple and easy to remember.

Answer 4

False

Question 5

What is password spraying?

Answer 5

An attack that selects one or a few common passwords and enters the same password for multiple user accounts.

Question 6

What is a brute force attack?

Answer 6

An attack method where every possible combination of characters is tried against a stolen hash file.

Question 7

What is the difference between online and offline brute force attacks?

Answer 7

• Online: Continuously attacks the same account
• Offline: Uses a stolen hash file

Question 8

Describe a rule attack.

Answer 8

Analyzes stolen passwords to create a mask that can crack the largest number of passwords.

Question 9

What is a dictionary attack?

Answer 9

An attack that compares digests of common dictionary words against a stolen digest file.

Question 10

What are rainbow tables?

Answer 10

Pregenerated data sets of candidate digests that can be used repeatedly and are faster than dictionary attacks.

Question 11

What is multifactor authentication (MFA)?

Answer 11

Authentication using more than one type of authentication credential.

Question 12

What is a smart card?

Answer 12

A card that holds information used as part of the authentication process.

Question 13

What does OTP stand for in security contexts?

Answer 13

[One-Time Password]

Question 14

What are the two types of one-time passwords (OTPs)?

Answer 14

• Time-based one-time password (TOTP)
• HMAC-based one-time password (HOTP)

Question 15

List some unique physical characteristics used in physiological biometrics.

Answer 15

• Fingerprints
• Retina patterns
• Vein structure
• Gait
• Voice characteristics
• Iris patterns
• Facial landmarks

Question 16

What are the disadvantages of biometric systems?

Answer 16

• Cost of specialized hardware
• False acceptance and rejection rates
• Potential for being tricked
• Privacy concerns

Question 17

What is cognitive biometrics?

Answer 17

Authentication based on perception, thought processes, and understanding of the user.

Question 18

What is keystroke dynamics?

Answer 18

A type of behavioral biometrics that recognizes a user’s typing rhythm.

Question 19

What is the role of salts in password security?

Answer 19

A random string added to a password before hashing to slow down dictionary and brute force attacks.

Question 20

What is key stretching?

Answer 20

A method that makes password hash algorithms intentionally slower to enhance security.

Question 21

What is Single Sign-On (SSO)?

Answer 21

Using one authentication credential to access multiple accounts or applications.

Question 22

What is RADIUS?

Answer 22

Remote Authentication Dial In User Service, an industry standard for remote dial-in access to a corporate network.

Question 23

What does SAML stand for?

Answer 23

[Security Assertion Markup Language]

Question 24

What is the Extensible Authentication Protocol (EAP)?

Answer 24

A framework for transporting authentication protocols, designed to be more secure than previous methods.

Question 25

What is the Extensible Authentication Protocol (EAP)?

Answer 25

A framework for transporting authentication protocols.

Question 26

What protocols did EAP serve as a more secure alternative to?

Answer 26

* Challenge-Handshake Authentication Protocol (CHAP) * Microsoft version of CHAP (MS-CHAP) * Password Authentication Protocol (PAP)

Question 27

What types of packets does EAP define?

Answer 27

* Request * Response * Success * Failure

Question 28

How many categories can authentication credentials be classified into?

Answer 28

Five categories.

Question 29

List the five categories of authentication credentials.

Answer 29

* What you know * What you have * What you are * What you do * Where you are

Question 30

Why do passwords provide weak protection?

Answer 30

They rely on human memory.

Question 31

What type of attacks do most password attacks today use?

Answer 31

Offline attacks.

Question 32

What is a dictionary attack?

Answer 32

An attack that begins with creating digests of common dictionary words compared with those in a stolen password file.

Question 33

What is a hardware token?

Answer 33

A small device that generates a code from an algorithm once every 30 to 60 seconds.

Question 34

What does biometrics rely on for authentication?

Answer 34

The characteristics of an individual.

Question 35

What are examples of biometrics?

Answer 35

* Standard biometrics * Cognitive biometrics

Question 36

What does behavioral biometrics authenticate?

Answer 36

Normal actions the user performs.

Question 37

What is a method for protecting stored digests?

Answer 37

Adding a salt.

Question 38

What is a salt in the context of stored digests?

Answer 38

A random string used in hash algorithms.

Question 39

What is single sign-on (SSO)?

Answer 39

A method that allows a single username and password to gain access to all accounts.

Question 40

What can different services provide in terms of authentication?

Answer 40

Different methods of authentication.

Question 41

What does the CIA triad stand for?

Answer 41

Confidentiality, Integrity, Availability

Question 42

What are the major types of mobile devices?

Answer 42

* Tablets * Smartphones * Wearables * Portable computers * Web-based computers

Question 43

What are common connectivity methods for mobile devices?

Answer 43

* Cellular * Wi-Fi * Infrared * USB connections

Question 44

What does BYOD stand for?

Answer 44

Bring Your Own Device

Question 45

What are the benefits of the BYOD model?

Answer 45

* Management flexibility * Cost savings * Increased employee performance * Simplified IT infrastructure * Reduced internal service

Question 46

What are common mobile device vulnerabilities?

Answer 46

* Physical security risks * Limited updates * Location tracking * Unauthorized recording

Question 47

Fill in the blank: Mobile devices can access untrusted content through _______.

Answer 47

SMS, MMS, QR codes

Question 48

What is remote wiping?

Answer 48

Erasing sensitive data stored on a lost or stolen mobile device

Question 49

What are the key features of mobile device management (MDM) tools?

Answer 49

* Remote management * Application management * Content management * Unified endpoint management

Question 50

What is an embedded system?

Answer 50

Computer hardware and software contained within a larger system designed for a specific function

Question 51

What are some examples of specialized systems?

Answer 51

* Digital smart meters * Medical systems * Aircraft systems * Industrial control systems

Question 52

What is the Internet of Things (IoT)?

Answer 52

Connecting any device to the Internet for the purpose of sending and receiving data

Question 53

True or False: A smart meter requires annual servicing to maintain accuracy.

Answer 53

False

Question 54

What are the constraints that affect the security of embedded systems?

Answer 54

* Power limitations * Low processing capabilities * Lack of advanced security features in network protocols * Inability to patch vulnerabilities * Resource-intensive cryptography

Question 55

What is a field-programmable gate array (FPGA)?

Answer 55

A hardware chip that can be programmed by the user to carry out one or more logical operations

Question 56

What is the purpose of segment storage in mobile device security?

Answer 56

Separates business data from personal data to avoid privacy issues

Question 57

Fill in the blank: The device can generate an alarm even if it is on _______.

Answer 57

mute

Question 58

What is the role of Mobile Application Management (MAM)?

Answer 58

Managing application distribution and access control

Question 59

What are the advantages of smart meters over analogue meters?

Answer 59

* Daily data transmission * Tamper alerts * Emergency communication capabilities

Question 60

What is the function of a virtual desktop infrastructure (VDI)?

Answer 60

Stores sensitive applications and data on a remote server accessed through a smartphone

Question 61

What is tethering in the context of mobile devices?

Answer 61

Using a mobile device with an active Internet connection to share that connection with other devices

Question 62

What are small devices optimized for?

Answer 62

Very low levels of power ## Footnote This optimization limits their ability to perform strong security measures.

Question 63

What is a limitation of small devices regarding processing capabilities?

Answer 63

Low processing capabilities restrict complex security measures ## Footnote This is due to their size.

Question 64

What is the impact of simplified network protocols in device design?

Answer 64

Lack advanced security features ## Footnote This is done to simplify connecting devices to networks.

Question 65

What are the resource requirements for cryptography?

Answer 65

Significant processing and storage capacities ## Footnote These are required for encryption and decryption tasks.

Question 66

What is a common issue with device updates?

Answer 66

Few devices have the capacity for being updated ## Footnote This is critical for addressing exposed security vulnerabilities.

Question 67

Why do most devices lack authentication features?

Answer 67

To keep costs at a minimum ## Footnote This is a common design choice among manufacturers.

Question 68

What is a limitation of many devices regarding remote security updates?

Answer 68

Not all devices have long-range capabilities ## Footnote This restricts access to necessary updates.

Question 69

What is the primary concern of most developers when creating devices?

Answer 69

Making products as inexpensive as possible ## Footnote This often results in the omission of security protections.

Question 70

What does 'implied trust' mean in device design?

Answer 70

Assumes all other devices or users can be trusted ## Footnote This leads to the design of devices without security features.

Question 71

What are examples of weak default credentials?

Answer 71

* Usernames: root, admin, support * Passwords: admin, 888888, default, 123456, 54321, password ## Footnote These are often simple and well known.

Question 72

What have many industry-led initiatives attempted to address?

Answer 72

Security vulnerabilities in IoT and embedded devices ## Footnote However, these initiatives were scattered and not comprehensive.

Question 73

What legislation was introduced in the U.S. Senate in May 2019?

Answer 73

The Internet of Things (IoT) Cybersecurity Improvement Act of 2019 ## Footnote This act aims to improve security on connected devices.

Question 74

What did California and Oregon pass regarding IoT security?

Answer 74

State laws addressing IoT security ## Footnote These laws went into effect in January 2020.

Question 75

What do the laws require for connected devices?

Answer 75

Equipped with reasonable security features ## Footnote This is appropriate for the nature and function of the device.

Question 76

What are some types of mobile devices?

Answer 76

* Tablet computers * Smartphones * Wearable technology devices ## Footnote These are a few examples of mobile devices.

Question 77

What is a characteristic of portable computers?

Answer 77

Resemble standard desktop computers ## Footnote They are designed for mobility.

Question 78

What is cellular telephony used for?

Answer 78

Connecting mobile devices to networks ## Footnote It divides the coverage area into cells.

Question 79

What does BYOD stand for?

Answer 79

Bring Your Own Device ## Footnote This allows users to use personal mobile devices for business purposes.

Question 80

What is the CYOD model?

Answer 80

Choose Your Own Device ## Footnote Employees select from a limited list of approved devices.

Question 81

What should users consider when setting up a mobile device?

Answer 81

Security ## Footnote Initial setup is crucial for protecting the device.

Question 82

What do mobile device management (MDM) tools do?

Answer 82

Allow remote management of devices by an organization ## Footnote This is important for enterprise security.

Question 83

What does mobile application management (MAM) cover?

Answer 83

Application management ## Footnote It focuses on managing applications on mobile devices.

Question 84

What does a mobile content management (MCM) system provide?

Answer 84

Content management to mobile devices used by employees ## Footnote This is essential in enterprise environments.

Question 85

How can embedded and specialized devices be classified?

Answer 85

Into several categories ## Footnote This classification helps in understanding their functions and security needs.

Question 86

What is a significant issue regarding security in embedded systems?

Answer 86

Lacking security can result in a wide range of attacks ## Footnote This makes them vulnerable to exploitation.