IS-Ch12
A. Protocol analyzer B. Function analyzer C. Protocol analyzer D. Application analyzer E. System analyze
Passwords that are transmitted can be captured by what type of software? A. Protocol analyzer
A. Salt B. Key stretching C. Double hashing D. Crypting
What can be used to increase the strength of hashed passwords? A. Salt
A. Token B. Biometric detail C. Password D. Challenge
A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a: C. Password
Dictionary
A(n) ____________________ attack begins with the attacker creating encrypted versions of common dictionary words, and then comparing them against those in a stolen password file.
A. It takes more time to generate candidate password digests B. It requires the use of GPUs C. It does not require the use of salts D. The license fees are very expensive to purchase and use it
How is key stretching effective in resisting password attacks? A. It takes more time to generate candidate password digests
A. Federated Sign On B. Unilateral Sign On C. Single Sign On D. Individual Sign On
The use of one authentication credential to access multiple accounts or applications is referred to as? C. Single Sign On
A. Rainbow tables B. Word list C. Randomized character list D. Cascade tables
The use of what item below involves the creation of a large pregenerated data set of candidate digests? A. Rainbow tables
True
Token credentials can be revoked at any time by the user without affecting other token credentials issued to other sites.(T/F)
False
Using a rainbow table to crack a password requires three steps: Creation of the table, comparing the table to known hash values, and decrypting the password.(T/F)
A. An attack that slightly alters dictionary words B. An attack that uses both automated and user input C. An attack that combines a dictionary attack with an online guessing attack D. A brute force attack that uses special tables
What is a hybrid attack? A. An attack that slightly alters dictionary words
A. Standard biometrics B. Reactive biometrics C. Affective biometrics D. Cognitive biometrics
What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face? A. Standard biometrics
A. Offline cracking B. Hash replay C. Token replay D. Online cracking
What type of attack involves an attacker stealing a file containing password digests and comparing the digests with digests created by the attacker? A. Offline cracking
A. Standard biometrics B. Cognitive biometrics C. Affective biometrics D. Reactive biometric
Which type of biometrics is based on the perception, thought process, and understanding of the user? B. Cognitive biometrics
A. Personal Credential Card (PCC) B. Credential Validation Card (CVC) C. Common Access Card (CAC) D. Identity Validation Card (IVC)
A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called: C. Common Access Card (CAC)
A. charlist.exe B. listchar.exe C. charmap.exe D. chardump.exe
A list of the available nonkeyboard characters can be seen in Windows by opening what utility? C. charmap.exe