IS 577 - Chapter 10
A token code is valid _______. A. for as long as it appears on the device B. for up to 1 hour C. only for the user who possesses the device D. if it is longer than 8 characters
a
Each of the following is a step in creating a strong password except _______. A. use a short password so the computer can process it more quickly B. avoid using phonetic words C. do not use sequences D. do not use personal information
a
Which of the following attacks on passwords requires the attacker to have physical access to the computer to insert a USB flash drive? A. Resetting B. Capturing C. Social engineering D. Online guessing
a
Which of the following is NOT a flaw in standard operating systems? A. Operating systems by default use the principle of least privilege. B. Operating systems are complex programs with millions of lines of code that make vulnerabilities extremely difficult to recognize. C. Operating systems do not isolate applications from each another so that one application that is compromised can impact the entire computer. D. Operating systems cannot create a trusted path between users and applications.
a
Which single sign-on (SSO) technology depends upon tokens? A. OAuth B. CardSpace C. OpenID D. All SSO technologies use tokens.
a
Which technique would prevent an attacker from China from logging into a user's account at 4:00AM? A. Computer footprinting B. OpenAuthorization C. Cognitive biometrics D. Internet Throttling
a
Which of the following human characteristics cannot be used for biometric identification? A. face B. weight C. fingerprint D. retina
b
A disadvantage of biometric readers is _______. A. speed B. size C. cost D. standards
c
A token system that requires the user to enter the code along with a PIN is called a _______. A. single-factor authentication system B. dual-prong verification system C. multi-factor authentication system D. token-passing authentication system
c
Each of the following is a type of authentication credential except _______. A. what you have B. what you are C. what you discover D. what you know
c
Using one authentication credential to access multiple accounts or applications is known as _______. A. credentialization B. identification authentication C. single sign-on D. federal login
c
What is a hybrid attack? A. An attack that combines a dictionary attack with an online guessing attack B. A brute force attack that uses special tables C. An attack that slightly alters dictionary words D. An attack that uses both automated and user input
c
_____ is a decentralized open source FIM that does not require specific software to be installed on the desktop. A. SSO Login Resource (SSO-LR) B. Windows CardSpace C. OpenID D. Windows Live ID
c
A _____ is a U.S. Department of Defense (DoD) smart card that is used for identification for active-duty and reserve military personnel. A. Personal Identity Verification (PIV) card B. Government Smart Card (GSC) C. Secure ID Card (SIDC) D. Common Access Card (CAC)
d
An operating system that is designed to be secure by controlling critical parts of it to limit access from attackers and administrators is a _______. A. secure OS B. trustworthy OS C. managed OS D. trusted OS
d
Creating a pattern of when and from where a user accesses a remote Web account is an example of ________. A. Time-Location Resource Monitoring (TLRM) B. keystroke dynamics C. cognitive biometrics D. computer footprinting
d
Keystroke dynamics is an example of _____ biometrics. A. resource B. cognitive C. adaptive D. behavioral
d
Which of the following is not a reason why users create weak passwords? A. A lengthy and complex password can be difficult to memorize. B. A security policy requires a password to be changed regularly. C. Having multiple passwords makes it hard to remember all of them. D. Most sites force users to create weak passwords although they do not want to.
d
Why should the account lockout threshold not be set too low? A. It could decrease calls to the help desk. B. Because the network administrator would then have to manually reset the account. C. So the user would not have to wait too long to have their password reset. D. It could result in denial of service (DoS) attacks.
d
_____ biometrics is related to the perception, thought processes, and understanding of the user. A. Standard B. Intelligent C. Behavioral D. Cognitive
d
