cna 210 chapter 12
If you are trying to find another person who has the same birthday as you, then you must ask how many people, to have a 50 percent chance that at least one of them shares your birthday.
253
The token generates code from algorithm how often?
30 to 60 seconds
common access card (CAC)
A U.S. Department of Defense (DoD) smart card used for identification of active-duty and reserve military personnel along with civilian employees and special contractors.
Personal Identity Verification (PIV)
A U.S. government standard for smart cards that covers all government employees.
smart card
A card that contains an integrated circuit chip that can hold information used as part of the authentication process.
LM (LAN Manager) hash
A cryptographic function found in older Microsoft Windows operating systems used to fingerprint data.
NTLM (New Technology LAN Manager) hash
A hash used by modern Microsoft Windows operating systems for creating password digests.
HMAC-based one-time password (HOTP)
A one-time password that changes when a specific event occurs.
brute force attack
A password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file.
dictionary attack
A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.
hybrid attack
A password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters.
key stretching
A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest.
PBKDF2
A popular key stretching password hash algorithm.
bcrypt
A popular key stretching password hash algorithm.
salt
A random string that is used in hash algorithms.
password
A secret combination of letters, numbers, and/or characters that only the user should have knowledge of.
token
A small device that can be affixed to a keychain with a window display that shows a code to be used for authentication.
transitive trust
A two-way relationship that is automatically created between parent and child domains in a Microsoft Active Directory Forest.
_____ biometrics is related to the perception, thought processes, and understanding of the user. a. Cognitive b. Standard c. Intelligent d. Behavioral
A. Cognitive
Which one-time password is event-driven? a. HOTP b. TOTP c. ROTP d. POTP
A. HOTP
How is key stretching effective in resisting password attacks? a. It takes more time to generate candidate password digests. b. It requires the use of GPUs. c. It does not require the use of salts. d. The license fees are very expensive to purchase and use it.
A. It takes more time to generate candidate password digests.
Which single sign-on (SSO) technology depends on tokens? a. OAuth b. CardSpace c. OpenID d. All SSO technologies use tokens.
A. OAuth
Keystroke dynamics is an example of which type of biometrics? a. behavioral b. resource c. cognitive d. adaptive
A. behavioral
What is a disadvantage of biometric readers? a. cost b. speed c. size d. standards
A. cost
A TOTP token code is valid _____. a. for as long as it appears on the device b. for up to 24 hours c. only while the user presses SEND d. until an event occurs
A. for as long as it appears on the device
Creating a pattern of where a user accesses a remote web account is an example of _____. a. geolocation b. Time-Location Resource Monitoring (TLRM) c. keystroke dynamics d. cognitive biometrics
A. geolocation
Which attack is an attempt to compare a known digest to an unknown digest? a. pre-image attack b. birthday attack c. configuration attack d. SNIP attack
A. pre-image attack
pre-image attack
An attack in which one known digest is compared to an unknown digest.
birthday attack
An attack that searches for any two digests that are the same.
one-time password (OTP)
An authentication code that can be used only once or for a limited period of time.
username
An identifier of a user logging into a system.
The ____ attack will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters such as @, $, !, or %.
Answer: hybrid
A(n) ____ is a secret combination of letters, numbers, and/or characters that only the user should know.
Answer: password
This Combines letters, numbers, and punctuation (character sets) by appending one character set with another so add number after letters (caitlin1 or cheer99) or add character sets in sequence letters+punctuation+number (amanda.7)
Appending
behavioral biometrics
Authenticating a user by the unique actions that the user performs.
cognitive biometrics
Authenticating a user through the perception, thought process, and understanding of the user.
Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel? a. Personal Identity Verification (PIV) card b. Common Access Card (CAC) c. Government Smart Card (GSC) d. Secure ID Card (SIDC)
B. Common Access Card (CAC)
Which of these is NOT a characteristic of a weak password? a. a common dictionary word b. a long password c. using personal information d. using a predictable sequence of characters
B. a long password
Which of these algorithms is the weakest for creating password digests? a. SHA-1 b. MD-5 c. LM (LAN Manager) hash d. NTLM (New Technology LAN Manager) hash
C. LM (LAN Manager) hash
Using one authentication credential to access multiple accounts or applications is known as _____. a. credentialization b. identification authentication c. single sign-on d. federal login
C. single sign-on
Which human characteristic is NOT used for biometric identification? a. retina b. face c. weight d. fingerprint
C. weight
Which authentication factor is based on a unique talent that a user possesses? a. what you have b. what you are c. what you do d. what you know
C. what you do
Once created, rainbow tables has significant advantages what are they?
Can be used repeatedly for attacks on other passwords Rainbow tables are much faster than dictionary attacks Amount of memory needed on attacking machine is greatly reduced
Credential Management: Good Techniques include what?
Change passwords frequently Do not reuse old passwords Never write password down Have unique password for each account Do not allow computer to automatically sign into account or record a password so login not necessary Do not enter passwords on public access computers or while using an unencrypted wireless network
Disadvantages of Standard Biometrics include what?
Cost of hardware scanning devices Readers not foolproof Reject authorized users Accept unauthorized users Errors are mainly due to many facial or hand characteristics that must be scanned and then compared
Steps for using a rainbow table include?
Creating the table Using the table to crack a password
Why should the account lockout threshold not be set too low? a. It could decrease calls to the help desk. b. The network administrator would have to reset the account manually. c. The user would not have to wait too long to have her password reset. d. It could result in denial of service (DoS) attacks.
D. It could result in denial of service (DoS) attacks.
Which of these is NOT a reason why users create weak passwords? a. A lengthy and complex password can be difficult to memorize. b. A security policy requires a password to be changed regularly. c. Having multiple passwords makes it hard to remember all of them. d. Most sites force users to create weak passwords even though they do not want to.
D. Most sites force users to create weak passwords even though they do not want to.
Which of these is a decentralized open-source FIM that does not require specific software to be installed on the desktop? a. Windows Live ID b. SSO Login Resource (SSO-LR) c. Windows CardSpace d. OpenID
D. OpenID
What is a hybrid attack? a. an attack that uses both automated and user input b. an attack that combines a dictionary attack with an online guessing attack c. a brute force attack that uses special tables d. an attack that slightly alters dictionary words
D. an attack that slightly alters dictionary words
What is a token system that requires the user to enter the code along with a PIN called? a. single-factor authentication system b. token-passing authentication system c. dual-prong verification system d. multifactor authentication system
D. multifactor authentication system
General observations regarding creating passwords are what?
Do not use passwords that consist of dictionary words or phonetic words Do not repeat characters (xxx) or use sequences (abc, 123, qwerty) Do not use birthdays, family member names, pet names, addresses, or any personal information Do not use short passwords; strong password should be minimum of 15 characters in length
Keystroke Dynamics Uses two unique typing variables what are they?
Dwell time Flight time
authentication factors
Five elements that can prove the genuineness of a user: what you know, what you have, what you are, what you do, and where you are.
Authentication that interprets a user's physical whereabouts is known as __________
Geolocation
These Specialized password hash algorithms intentionally designed be slower to limit ability of attacker to crack passwords because requires significantly more time to create each candidate digest.
Key stretching
What are examples of Behavioral biometrics?
Keystroke dynamics Voice recognition
rainbow tables
Large pregenerated data sets of encrypted passwords used in password attacks.
Salt advantages are what?
Make dictionary attacks and brute force attacks for cracking large number of passwords much slower Limit impact of rainbow tables
Passwords Weaknesses include what?
Most effective passwords are long and complex but difficult for users to memorize and then accurately recall when needed Users must remember passwords for many different accounts Each account password should be unique Many security policies mandate that passwords expire after set period of time, forcing users to repeatedly memorize new passwords
Microsoft Windows group password settings are what?
Password Policy Settings Account Lockout Policy
Four primary defenses against password attacks include what?
Password complexity Credential management Password hashing algorithms Salts
Automated brute force attack program parameters include what?
Password length Character set Language Pattern Skips
A Dictionary attack that uses set of dictionary words and compares it with stolen digests when one known digest (dictionary word) compared to an unknown digest (stolen digest) is what?
Pre-image attack
authentication
Proving that a user is genuine, and not an imposter
A Zero used instead of letter o (passw0rd), digit 1 for letter i (denn1s), or dollar sign for s (be$tfriend) is an example of what?
Replacing
An Attacker gains physical access to computer and resets password, this is an example of what?
Resetting
Random string used in password hash algorithms is known as what?
Salt
federated identity management (FIM) (or federation)
Single sign-on for networks owned by different organizations.
Attacks on Passwords include what?
Social engineering Capturing Resetting
Token Advantages include what?
Standard passwords are static and do not change unless user forced to create new password Tokens produce dynamic passwords that change frequently User might not know if an attacker has stolen her password If token is stolen, become obvious and steps could be taken immediately to disable account
NTLMv2
The current version of the New Technology LAN Manager hash.
geolocation
The identification of the location of a person or object using technology.
These are Typically small device (usually one that can be affixed to keychain) with window display
Tokens
standard biometrics
Using fingerprints or other unique physical characteristics of a person's face, hands, or eyes for authentication.
multifactor authentication
Using more than one type of authentication credential.
single sign-on (SSO)
Using one authentication credential to access multiple accounts or applications.
single-factor authentication
Using one type of authentication credential.
How can you demonstrate to be genuine or authentic?
What you have (Example: key fob to lock your car) What you are (Example: facial characteristics recognized by health club attendant) What you know (Example: combination to health club locker) Where you are (Example: on a restricted military base) What you do (Example: record number of pushups)
The Active Directory Domain Service policy that can block a login after a specified number of failed logins over a specified time period is named: ___________________.
account lockout
Two popular key stretching password hash algorithms are what?
bcrypt and PBKDF2
This attack is slightly different, in that the search is for any two digests that are the same
birthday attack
Attackers attempt to discover the passwords by comparing the stolen digests with their own digests that they have created, these are called what?
candidates
Keylogger, protocol analyzer, Man-in-the-middle and replay attacks are examples of what?
capturing
This attack begins with the attacker creating digests of common dictionary words as candidates and then comparing them against those in a stolen digest file.
dictionary
True or False: Cognitive biometrics is considered to be much more difficult for the user to remember.
false
A Variation of dictionary attack that combines dictionary attack with brute force attack
hybrid attack
What is the weakness of Open ID?
it depends on URL identifier routing to correct server, which depends on domain name server (DNS) that may have its own security weaknesses
During this kind of attack,One-way hash algorithm creates a unique digital fingerprint digest when password first created.
offline cracking
With this, attackers steal the file of password digests and load that file onto their own computers.
offline cracking
time-based one-time password (TOTP)
one-time password that changes after a set period of time.
____ is a decentralized open source FIM that does not require specific software to be installed on the desktop.
openid
These are the most common type of authentication today
passwords
A dictionary attack that uses a set of dictionary words and compares it with the stolen digests is known as what?
pre-image attack
This is a compressed representation of cleartext passwords that are related and organized in a sequence (called a chain).
rainbow table
Fingerprint scanners have 2 types what are they?
static and dynamic
OAuth is an open-source service that authenticates a user on multiple sites using __________ credentials.
token
True or False: A token is typically a small device (usually one that can be affixed to a keychain) with a window display.
true
True or False: Windows Live ID was originally introduced by Microsoft in 1999 as .NET Passport.
true
Within a group of only 23 people, there is a 50 percent chance that two will share the same birthday(true/false)?
true