Chapter 7 Textbook Questions

Which access control scheme uses flexible policies that can combine attributes? A. ABAC B. RB-RBAC C. MAC D. DAC

A. ABAC

Which of the following would a threat actor use last in attacks on a password digest? A. Brute force attack B. Custom wordlist C. Dictionary attack D. Dictionary attack using rules

A. Brute force attack

What type of biometrics is related to the perception, thought processes, and understanding of the user? A. Cognitive biometrics B. Standard biometrics C. Intelligence biometrics D. Behavioral biometrics

A. Cognitive biometrics

Which of the following is NOT true about LDAP? A. It makes it possible for almost any application running on virtually any computer platform to obtain directory information. B. It is an open protocol. C. It is the protocol or communication process that enables users to access a network resource through a directory service. D. It cannot be used with SSO.

A. It makes it possible for almost any application running on virtually any computer platform to obtain directory information.

How is SAML used? A. It serves as a backup to a directory server. B. It allows secure web domains to exchange user authentication and authorization data. C. It is an authenticator in IEEE 802.1x. D. It is no longer used because it has been replaced by LDAP.

A. It serves as a backup to a directory server.

How is key stretching effective in resisting password attacks? A. It takes more time to generate candidate password digests. B. It requires the use of GPUs. C. It does not require the use of salts. D. The license fees are very expensive to purchase for use.

A. It takes more time to generate candidate password digests.

Imka has been asked to recommend a federation system technology that is an open source federation framework and can support the development of authorization protocols. Which of these technologies would she recommend? A. OAuth B. Open ID C. Shibboleth D. NTLM

A. OAuth

After a recent security breach, Lerato is investigating how the breach occurred. After examining log files, she discovered that the threat actor had used the same password on several different user accounts. What kind of attack was this? A. Password spraying attack B. Online brute force attack C. Offline brute force attack D. Dictionary attack

A. Password spraying attack

Which of the following is an authentication credential used to access multiple accounts or applications? A. SSO B. Credentialization C. Identification authentication D. Federal login

A. SSO

Which of the following is NOT true about OTPs? A. They are displayed on security keys. B. An OTP can typically be used only once or for a limited period of time. C. They are dynamic and not static. D. There are two types of OTPs: TOTPs and HOTPs.

A. They are displayed on security keys.

Which of the following is NOT true about a rule attack? A. A rule attack conducts a statistical analysis on the stolen passwords. B. Rule attacks are considered low-outcome attacks. C. The results of a rule attack are used to create a mask of the format of the candidate password. D. Using a mask will significantly reduce the time needed to crack a password.

B. Rule attacks are considered low-outcome attacks.

Which of the following elements is NOT true about passwords? A. The weakness of passwords is based on human memory. B. The most effective passwords are short but complex. C. For the highest level of security, each account should have a unique password. D. The security of passwords is based on human memory.

B. The most effective passwords are short but complex.

Mpho has been asked to look into security keys that have a feature of a key pair that is "burned" into the security key during manufacturing time and is specific to a device model. What feature is this? A. Authorization B. Authentication C. Attestation D. Accountability

C. Attestation

Which of the following is NOT true about password expiration? A. Both NIST and Microsoft no longer support it. B. It is not recommended for security. C. It should be set to at least one day. D. It is the point in time when a password is no longer valid.

C. It should be set to at least one day.

Which of the following is the least secure method for sending an authentication code? A. Authentication app B. Windowed token C. SMS text D. MFA push

C. SMS text

Amahle is researching elements that can prove authenticity. Which of the following is based on unique biological characteristics? A. Something you exhibit B. Something you have C. Something you are D. Something about you

C. Something you are

Why are dictionary attacks successful? A. Password crackers using a dictionary attack require less RAM than other types of password crackers. B. They link known words together in a "string" for faster processing. C. Users often create passwords from dictionary words. D. They use pregenerated rules to speed up the processing.

C. Users often create passwords from dictionary words.

Noxolo is researching human characteristics for biometric identification. Which of the following would she not find used for biometric identification? A. Retina B. Iris C. Weight D. Fingerprint

C. Weight

Which of these is NOT a key stretching algorithm? A. Argon2 B. bcrypt C. PBKDF2 D. MD5

D. MD5

Kholwa is explaining to her colleague how a password cracker works. Which of the following is a true statement about password crackers? A. Most states prohibit password crackers unless they are used to retrieve a lost password. B. Due to their advanced capabilities, they require only a small amount of computing power. C. A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken. D. Password crackers differ as to how candidates are created.

D. Password crackers differ as to how candidates are created.