Upgrade to remove ads
Only $35.99/year

ch. 12

Terms in this set (20)

How is the Security Assertion Markup Language (SAML) used?

It allows secure web domains to exchange user authentication and authorization data.

It is an authenticator in IEEE 802.1x.

It is no longer used because it has been replaced by LDAP.

It serves as a backup to a RADIUS server.
It allows secure web domains to exchange user authentication and authorization data.
It is an authenticator in IEEE 802.1x.
It is no longer used because it has been replaced by LDAP.
It serves as a backup to a RADIUS server.
Which of the following is the Microsoft version of EAP?

EAP-MS
AD-EAP
PAP-Microsoft
MS-CHAP
EAP-MS
AD-EAP
PAP-Microsoft
MS-CHAP
Which of the following is NOT used for authentication?

Something you can find
Something you can do
Something you exhibit
Somewhere you are
Something you can find
Something you can do
Something you exhibit
Somewhere you are
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?

NTLM
OAuth
Shibboleth
Open ID
NTLM
OAuth
Shibboleth
Open ID
How is key stretching effective in resisting password attacks?

It requires the use of GPUs.

It does not require the use of salts.

It takes more time to generate candidate password digests.

The license fees are very expensive to purchase and use it.
It requires the use of GPUs.
It does not require the use of salts.
It takes more time to generate candidate password digests.
The license fees are very expensive to purchase and use it.
Which of these is NOT a reason that users create weak passwords?

The length and complexity required force users to circumvent creating strong passwords.
A security policy requires a password to be changed regularly.
A lengthy and complex password can be difficult to memorize.
Having multiple passwords makes it hard to remember all of them.
The length and complexity required force users to circumvent creating strong passwords.
A security policy requires a password to be changed regularly.
A lengthy and complex password can be difficult to memorize.
Having multiple passwords makes it hard to remember all of them.
Fernando is explaining to a colleague how a password cracker works. Which of the following is a valid statement about password crackers?

Due to their advanced capabilities, they require only a small amount of computing power.

A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken.

Most states prohibit password crackers unless they are used to retrieve a lost password.

Password crackers differ as to how candidates are created.
Due to their advanced capabilities, they require only a small amount of computing power.

A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken.

Most states prohibit password crackers unless they are used to retrieve a lost password.

Password crackers differ as to how candidates are created.
Which attack uses one or a small number of commonly used passwords to attempt to log in to several different user accounts?

Offline brute force attack
Role attack
Online brute force attack
Password spraying attack
Offline brute force attack
Role attack
Online brute force attack
Password spraying attack
Why are dictionary attacks successful?

They use pregenerated rules to speed up the processing.

Password crackers using a dictionary attack require less RAM than other types of password crackers.

They link known words together in a "string" for faster processing.

Users often create passwords from dictionary words.
They use pregenerated rules to speed up the processing.
Password crackers using a dictionary attack require less RAM than other types of password crackers.
They link known words together in a "string" for faster processing.
Correct! Users often create passwords from dictionary words.
Which of these attacks is the last-resort effort in cracking a stolen password digest file?

Hybrid
Rule list
Brute force
Mask
Hybrid
Rule list
Correct! Brute force
Mask
Which of the following should NOT be stored in a secure password database?

Plaintext password
Password digest
Iterations
Salt
Plaintext password
Password digest
Iterations
Salt
Which of the following is NOT an MFA using a smartphone?

SMS text message
Automated phone call
Biometric gait analysis
Authentication app
SMS text message
Automated phone call
Correct! Biometric gait analysis
Authentication app
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?

Hybrid attack
Correct! Brute force attack
Custom attack
Dictionary attack
Hybrid attack
Correct! Brute force attack
Custom attack
Dictionary attack
Which human characteristic is NOT used for biometric identification?

Fingerprint
Height
Retina
Iris
Fingerprint
Height
Retina
Iris
_____ biometrics is related to the perception, thought processes, and understanding of the user.

Cognitive
Behavioral
Intelligent
Standard
Cognitive
Behavioral
Intelligent
Standard
Which of the following is an authentication credential used to access multiple accounts or applications?

Single sign-on
Credentialization
Identification authentication
Federal login
Single sign-on
Credentialization
Identification authentication
Federal login
What is a disadvantage of biometric readers?

Speed
Weight
Cost
Standards
Speed
Weight
Cost
Standards
Which of these creates a format of the candidate password to significantly reduce the time needed to crack a password?

Overlay
Pass the hash
Rainbow
Mask
Overlay
Pass the hash
Rainbow
Mask
Pablo has been asked to look into security keys that have a feature of a key pair that is "burned" into the security key during manufacturing time and is specific to a device model. What feature is this?

Authentication
Authorization
Accountability
Attestation
Authentication
Authorization
Accountability
Attestation
Which one-time password is event driven?

HOTP
POTP
ROTP
TOTP
HOTP
POTP
ROTP
TOTP
Students also viewed