Sec 200 Chapter 11 & 12

¡Supera tus tareas y exámenes ahora con Quizwiz!

Five elements that can prove the genuineness of a user: what you know, what you have, what you are, what you do, and where you are.

Authentication factors,

A popular key stretching password hash algorithm

Bcrypt​

What technology allows users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site?

OAuth

User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?

Orphaned

Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?

RADIUS

he use of what item below involves the creation of a large pregenerated data set of candidate digests?

Rainbow tables

elect below the access control model that uses access based on a user's job function within an organization:

Role Based Access Control

When using Role Based Access Control (RBAC), permissions are assigned to:

Roles

Which access control model can dynamically assign roles to subjects based on a set of defined rules?

Rule Based Access Control

​A random string that is used in hash algorithms.

Salt,

​A hash used by modern Microsoft Windows operating systems for creating password digests

​NTLM (New Technology LAN Manager) hash,

​What federated identity management (FIM) relies on token credentials?

​OAuth

Select below the decentralized open-source FIM that does not require specific software to be installed on the desktop:

​OpenID

What can be used to increase the strength of hashed passwords?​

​Salt

​The practice of requiring that processes should be divided between two or more individuals

​Separation of duties,

Using one authentication credential to access multiple accounts or applications

​Single sign-on

​A list of the available nonkeyboard characters can be seen in Windows by opening what utility?

​charmap.exe

o assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?

Account expiration

The process of setting a user's account to expire

Account expiration,

A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n)

ACL

What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file?

Brute force

A password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file.​

Brute force attack,

The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?

DAP

Entries within a Directory Information Base are arranged in a tree structure called the

DIT

A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file

Dictionary attack​,

Which access control model is considered to be the least restrictive?

Discretionary Access Control

The least restrictive access control model in which the owner of the object has total control over it.

Discretionary access control (DAC)​,

The second version of the Terminal Access Control Access Control System (TACACS) authentication service

Extended TACACS (XTACACS),

The use of a single authentication credential that is shared across multiple networks is called:

Identity management

The act of movinng individuals from one job responsibility to another.

Job rotation​,

Select below the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users:

Kerberos

A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest.

Key stretching​,

An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content.

LDAP

What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information?

LDAP injection

Providing only the minimum amount of privileges necessary to perform a job or function

Least privilege​,

What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?

Mandatory Access Control

The most restrictive access control model, typically found in military settings in which security is of supreme importance.

Mandatory access control (MAC),

A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as

Separation of duties

The use of one authentication credential to access multiple accounts or applications is referred to as?

Single Sign On

What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face?

Standard biometrics

What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?

TACACS

The current version of the Terminal Access Control Access Control System (TACACS) authentication service

TACACS+,

Limitation imposed as to when a user can log in to a system or access resources.

Time-of-day restriction,

​A small device that can be affixed to a keychain with a window display that shows a code to be used for authentication

Token

What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?

access control model

During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?

authentication request

In a UAC prompt, what color is used to indicate the lowest level of risk?

gray

What is the center of the weakness of passwords?

human memory

What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters?

hybrid

What type of attack involves an attacker stealing a file containing password digests and comparing the digests with digests created by the attacker?

offline cracking

The action that is taken by a subject over an object is called a(n):

operation

A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:

password

Passwords that are transmitted can be captured by what type of software?

protocol analyzer

A user or a process functioning on behalf of the user that attempts to access an object is known as the

subject

​A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:

​Common Access Card (CAC)

What type of one-time password (OTP) changes after a set time period?

​HMAC-Based one-time password (HOTP)

A password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly mispelling words, or including special characters

​Hybrid attack

Which hashing algorithm below is used with NTLMv2's Hashed Message Authentication Code?

​MD5


Conjuntos de estudio relacionados

Chapter 59: Concepts of Care for Patients With Diabetes Mellitus

View Set

Ch 8 - DNA: The Chemical Nature of the Gene

View Set

Care for Patients with Problems of the Central Nervous System: The Brain (39).

View Set

Sociology 121: Chapter 15- Religion

View Set