cna 210 chapter 12

If you are trying to find another person who has the same birthday as you, then you must ask how many people, to have a 50 percent chance that at least one of them shares your birthday.

253

The token generates code from algorithm how often?

30 to 60 seconds

common access card (CAC)

A U.S. Department of Defense (DoD) smart card used for identification of active-duty and reserve military personnel along with civilian employees and special contractors.

Personal Identity Verification (PIV)

A U.S. government standard for smart cards that covers all government employees.

smart card

A card that contains an integrated circuit chip that can hold information used as part of the authentication process.

LM (LAN Manager) hash

A cryptographic function found in older Microsoft Windows operating systems used to fingerprint data.

NTLM (New Technology LAN Manager) hash

A hash used by modern Microsoft Windows operating systems for creating password digests.

HMAC-based one-time password (HOTP)

A one-time password that changes when a specific event occurs.

brute force attack

A password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file.

dictionary attack

A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.

hybrid attack

A password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters.

key stretching

A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest.

PBKDF2

A popular key stretching password hash algorithm.

bcrypt

A popular key stretching password hash algorithm.

salt

A random string that is used in hash algorithms.

password

A secret combination of letters, numbers, and/or characters that only the user should have knowledge of.

token

A small device that can be affixed to a keychain with a window display that shows a code to be used for authentication.

transitive trust

A two-way relationship that is automatically created between parent and child domains in a Microsoft Active Directory Forest.

_____ biometrics is related to the perception, thought processes, and understanding of the user. a. Cognitive b. Standard c. Intelligent d. Behavioral

A. Cognitive

Which one-time password is event-driven? a. HOTP b. TOTP c. ROTP d. POTP

A. HOTP

How is key stretching effective in resisting password attacks? a. It takes more time to generate candidate password digests. b. It requires the use of GPUs. c. It does not require the use of salts. d. The license fees are very expensive to purchase and use it.

A. It takes more time to generate candidate password digests.

Which single sign-on (SSO) technology depends on tokens? a. OAuth b. CardSpace c. OpenID d. All SSO technologies use tokens.

A. OAuth

Keystroke dynamics is an example of which type of biometrics? a. behavioral b. resource c. cognitive d. adaptive

A. behavioral

What is a disadvantage of biometric readers? a. cost b. speed c. size d. standards

A. cost

A TOTP token code is valid _____. a. for as long as it appears on the device b. for up to 24 hours c. only while the user presses SEND d. until an event occurs

A. for as long as it appears on the device

Creating a pattern of where a user accesses a remote web account is an example of _____. a. geolocation b. Time-Location Resource Monitoring (TLRM) c. keystroke dynamics d. cognitive biometrics

A. geolocation

Which attack is an attempt to compare a known digest to an unknown digest? a. pre-image attack b. birthday attack c. configuration attack d. SNIP attack

A. pre-image attack

pre-image attack

An attack in which one known digest is compared to an unknown digest.

birthday attack

An attack that searches for any two digests that are the same.

one-time password (OTP)

An authentication code that can be used only once or for a limited period of time.

username

An identifier of a user logging into a system.

The ____ attack will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters such as @, $, !, or %.

Answer: hybrid

A(n) ____ is a secret combination of letters, numbers, and/or characters that only the user should know.

Answer: password

This Combines letters, numbers, and punctuation (character sets) by appending one character set with another so add number after letters (caitlin1 or cheer99) or add character sets in sequence letters+punctuation+number (amanda.7)

Appending

behavioral biometrics

Authenticating a user by the unique actions that the user performs.

cognitive biometrics

Authenticating a user through the perception, thought process, and understanding of the user.

Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel? a. Personal Identity Verification (PIV) card b. Common Access Card (CAC) c. Government Smart Card (GSC) d. Secure ID Card (SIDC)

B. Common Access Card (CAC)

Which of these is NOT a characteristic of a weak password? a. a common dictionary word b. a long password c. using personal information d. using a predictable sequence of characters

B. a long password

Which of these algorithms is the weakest for creating password digests? a. SHA-1 b. MD-5 c. LM (LAN Manager) hash d. NTLM (New Technology LAN Manager) hash

C. LM (LAN Manager) hash

Using one authentication credential to access multiple accounts or applications is known as _____. a. credentialization b. identification authentication c. single sign-on d. federal login

C. single sign-on

Which human characteristic is NOT used for biometric identification? a. retina b. face c. weight d. fingerprint

C. weight

Which authentication factor is based on a unique talent that a user possesses? a. what you have b. what you are c. what you do d. what you know

C. what you do

Once created, rainbow tables has significant advantages what are they?

Can be used repeatedly for attacks on other passwords Rainbow tables are much faster than dictionary attacks Amount of memory needed on attacking machine is greatly reduced

Credential Management: Good Techniques include what?

Change passwords frequently Do not reuse old passwords Never write password down Have unique password for each account Do not allow computer to automatically sign into account or record a password so login not necessary Do not enter passwords on public access computers or while using an unencrypted wireless network

Disadvantages of Standard Biometrics include what?

Cost of hardware scanning devices Readers not foolproof Reject authorized users Accept unauthorized users Errors are mainly due to many facial or hand characteristics that must be scanned and then compared

Steps for using a rainbow table include?

Creating the table Using the table to crack a password

Why should the account lockout threshold not be set too low? a. It could decrease calls to the help desk. b. The network administrator would have to reset the account manually. c. The user would not have to wait too long to have her password reset. d. It could result in denial of service (DoS) attacks.

D. It could result in denial of service (DoS) attacks.

Which of these is NOT a reason why users create weak passwords? a. A lengthy and complex password can be difficult to memorize. b. A security policy requires a password to be changed regularly. c. Having multiple passwords makes it hard to remember all of them. d. Most sites force users to create weak passwords even though they do not want to.

D. Most sites force users to create weak passwords even though they do not want to.

Which of these is a decentralized open-source FIM that does not require specific software to be installed on the desktop? a. Windows Live ID b. SSO Login Resource (SSO-LR) c. Windows CardSpace d. OpenID

D. OpenID

What is a hybrid attack? a. an attack that uses both automated and user input b. an attack that combines a dictionary attack with an online guessing attack c. a brute force attack that uses special tables d. an attack that slightly alters dictionary words

D. an attack that slightly alters dictionary words

What is a token system that requires the user to enter the code along with a PIN called? a. single-factor authentication system b. token-passing authentication system c. dual-prong verification system d. multifactor authentication system

D. multifactor authentication system

General observations regarding creating passwords are what?

Do not use passwords that consist of dictionary words or phonetic words Do not repeat characters (xxx) or use sequences (abc, 123, qwerty) Do not use birthdays, family member names, pet names, addresses, or any personal information Do not use short passwords; strong password should be minimum of 15 characters in length

Keystroke Dynamics Uses two unique typing variables what are they?

Dwell time Flight time

authentication factors

Five elements that can prove the genuineness of a user: what you know, what you have, what you are, what you do, and where you are.

Authentication that interprets a user's physical whereabouts is known as __________

Geolocation

These Specialized password hash algorithms intentionally designed be slower to limit ability of attacker to crack passwords because requires significantly more time to create each candidate digest.

Key stretching

What are examples of Behavioral biometrics?

Keystroke dynamics Voice recognition

rainbow tables

Large pregenerated data sets of encrypted passwords used in password attacks.

Salt advantages are what?

Make dictionary attacks and brute force attacks for cracking large number of passwords much slower Limit impact of rainbow tables

Passwords Weaknesses include what?

Most effective passwords are long and complex but difficult for users to memorize and then accurately recall when needed Users must remember passwords for many different accounts Each account password should be unique Many security policies mandate that passwords expire after set period of time, forcing users to repeatedly memorize new passwords

Microsoft Windows group password settings are what?

Password Policy Settings Account Lockout Policy

Four primary defenses against password attacks include what?

Password complexity Credential management Password hashing algorithms Salts

Automated brute force attack program parameters include what?

Password length Character set Language Pattern Skips

A Dictionary attack that uses set of dictionary words and compares it with stolen digests when one known digest (dictionary word) compared to an unknown digest (stolen digest) is what?

Pre-image attack

authentication

Proving that a user is genuine, and not an imposter

A Zero used instead of letter o (passw0rd), digit 1 for letter i (denn1s), or dollar sign for s (be$tfriend) is an example of what?

Replacing

An Attacker gains physical access to computer and resets password, this is an example of what?

Resetting

Random string used in password hash algorithms is known as what?

Salt

federated identity management (FIM) (or federation)

Single sign-on for networks owned by different organizations.

Attacks on Passwords include what?

Social engineering Capturing Resetting

Token Advantages include what?

Standard passwords are static and do not change unless user forced to create new password Tokens produce dynamic passwords that change frequently User might not know if an attacker has stolen her password If token is stolen, become obvious and steps could be taken immediately to disable account

NTLMv2

The current version of the New Technology LAN Manager hash.

geolocation

The identification of the location of a person or object using technology.

These are Typically small device (usually one that can be affixed to keychain) with window display

Tokens

standard biometrics

Using fingerprints or other unique physical characteristics of a person's face, hands, or eyes for authentication.

multifactor authentication

Using more than one type of authentication credential.

single sign-on (SSO)

Using one authentication credential to access multiple accounts or applications.

single-factor authentication

Using one type of authentication credential.

How can you demonstrate to be genuine or authentic?

What you have (Example: key fob to lock your car) What you are (Example: facial characteristics recognized by health club attendant) What you know (Example: combination to health club locker) Where you are (Example: on a restricted military base) What you do (Example: record number of pushups)

The Active Directory Domain Service policy that can block a login after a specified number of failed logins over a specified time period is named: ___________________.

account lockout

Two popular key stretching password hash algorithms are what?

bcrypt and PBKDF2

This attack is slightly different, in that the search is for any two digests that are the same

birthday attack

Attackers attempt to discover the passwords by comparing the stolen digests with their own digests that they have created, these are called what?

candidates

Keylogger, protocol analyzer, Man-in-the-middle and replay attacks are examples of what?

capturing

This attack begins with the attacker creating digests of common dictionary words as candidates and then comparing them against those in a stolen digest file.

dictionary

True or False: Cognitive biometrics is considered to be much more difficult for the user to remember.

false

A Variation of dictionary attack that combines dictionary attack with brute force attack

hybrid attack

What is the weakness of Open ID?

it depends on URL identifier routing to correct server, which depends on domain name server (DNS) that may have its own security weaknesses

During this kind of attack,One-way hash algorithm creates a unique digital fingerprint digest when password first created.

offline cracking

With this, attackers steal the file of password digests and load that file onto their own computers.

offline cracking

time-based one-time password (TOTP)

one-time password that changes after a set period of time.

____ is a decentralized open source FIM that does not require specific software to be installed on the desktop.

openid

These are the most common type of authentication today

passwords

A dictionary attack that uses a set of dictionary words and compares it with the stolen digests is known as what?

pre-image attack

This is a compressed representation of cleartext passwords that are related and organized in a sequence (called a chain).

rainbow table

Fingerprint scanners have 2 types what are they?

static and dynamic

OAuth is an open-source service that authenticates a user on multiple sites using __________ credentials.

token

True or False: A token is typically a small device (usually one that can be affixed to a keychain) with a window display.

true

True or False: Windows Live ID was originally introduced by Microsoft in 1999 as .NET Passport.

true

Within a group of only 23 people, there is a 50 percent chance that two will share the same birthday(true/false)?

true