CITC 2374 Chapter 6

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

We need to create a three-factor authentication system. The system already uses a USB device that is unlocked with the user's fingerprint. Which of the following can we add to implement three separate factors?

A PIN entered via a built-in PIN pad

Bob lives at home during the summer. His little brother, Tom, is fascinated by computers and with everything his big brother does. Tom loves to watch Bob log in to his summer job's remote site and do things. Tom often goes into Bob's room and looks through his things. Given this, which authentication technique—by itself—resists the risk of Tom masquerading as Bob?

A memorized, hard-to-guess password

Which of the following most effectively resists a trial-and-error guessing attack? All sizes are in terms of decimal digits.

A passive authentication token with a 9-digit base secret

What does authentication do?

Associates an individual with an identity

Kevin wants to attack Bob's computing resources. He is motivated at the "stealth" level. Which of the following attacks might Bob face? Select all that apply.

Borrow Bob's one-time password token Search for written copies of Bob's passwords

Short Answer: The average attack space estimates the number of guesses required before success is

Likely

The phrases below describe types of authentication factors. Match the type of authentication factor with its description.

Memorized information like a password - Something you know A biometric measurement - [don't know] An object containing a base secret, like the magnetic stripe on a cash card - [don't know]

We are trying to protect a household computer. We have implemented password-based authentication to protect sensitive data. Which levels of attacker motivation can this authentication typically protect against in this situation? Select all that apply.

No motivation Scant motivation Stealth motivation

There are three types of tokens; which of the following is not a correct type?

Offensive tokens

Which of the following authentication techniques are vulnerable to sniffing attacks that replay the sniffed credential? Select all that apply.

Passwords Passive tokens Biometric readers

In a password system, the total number of possible passwords is called the:

Search space

Are base secrets the same as credentials?

Some base secrets are also credentials, while others are not.

Here is a list of features of various authentication tokens. Indicate all that are true for one-time password tokens.

Some tokens use a built-in clock to generate nonces. Some tokens use a built-in counter to generate nonces The authentication credential and the base secret are always identical

The following are fundamental strategies for authenticating people on computer systems,

Something you make

An attack that blocks access to a system by other users is called:

Denial of service

True or False? Average attack space measures the time until success is cretain.

False

True or False? Biometrics are a favored form of authentication, as they are immune to sniffing attacks.

False

True or False? Biometrics have a fault tolerance of 0.

False

True or False? Entropy refers to the strength of a password system.

False

True or False? Offline attacks are easily detected.

False

True or False? Passive tokens are favored, as they are immune to sniffing attacks.

False

True or False? SHA-1024 is the latest hash algorithm.

False

True or False? True randomness is easily achieved with the random function of an application like Excel.

False

True or False? USB tokens are weak because if the public key becomes lost or stolen, the private key can be derived from it.

False

True or False? When selecting a password, random collections of letters contain far less entropy than written words.

False

True or False? When you are biased in selecting a password, you choose your password from the entire search space.

False

Two factor authentication is using two passwords

False

Your fingerprint is a "something you have" factor.

False

The phrases below describe types of tokens. Match the type of token with its description.

Transmits credentials that vary according to an unpredictable challenge from the computer - [don't know] Transmits different credentials based on an internal clock or counter - [don't know] Transmits the same credential every time - [don't know]

Section 6.1.2 describes doorknob-rattling attacks. This is most similar to which of the following attacks?

Trial and error

True or False? Authentication associates an individual with an identity.

True

In a password system, increasing the work factor results in which of the following? Select all that apply.

Increases the length of the password Increases the size of the character set from which users choose passwords

True or False? Credit reports are a treasured target among identity thieves

True

True or False? Dictionary attacks differ from trial and error attacks because dictionary attacks focus on likely passwords.

True

True or False? Keyloggers can be hardware or software based.

True

True or False? Low-hanging fruit refers to the easiest targets in an attack.

True

True or False? The one-way hash is a cryptographic function.

True

True or False? When an attacker is attacking a password system, the average attack space estimates the number of guesses required before success is likely.

True

True or False? When the fault tolerance goes up, so do the false positives.

True

An authentication system that requires the user to provide two different passwords and a fingerprint scan is an example of:

Two-factor authentication

We need to create a three-factor authentication system. The system already requires the user's fingerprint and memorized password. Which of the following can we add to implement three separate factors?

[don't know]

Biometric scanners are often connected by [ BLANK ] this poses a security risk, as sniffed credentials can be fed down this line.

BLANK = [don't know]


Kaugnay na mga set ng pag-aaral

Lesson 116 - Box Fill and Series Circuits (Master Bedroom) Quiz

View Set

System Analysis and Design (Unit 1: System Analysis Fundamentals, Lesson 3: Systems Development Tools and Lesson 4:)

View Set

Maternal Child Nursing Theory - Chapter 25: Growth and development of the Preschool-aged Child: 3 to 6 years

View Set