Module 2 ITN 262 QUIZ chapter 6
Bob lives at home during the summer. His little brother, Tom, is fascinated by computers and with everything his big brother does. Tom loves to watch Bob log in to his summer job's remote site and do things. Tom often goes into Bob's room and looks through his things. Given this, which authentication technique—by itself—resists the risk of Tom masquerading as Bob?
A memorized, hard-to-guess password
Which of the following most effectively resists a trial-and-error guessing attack? All sizes are in terms of decimal digits.
A passive authentication token with a 9-digit base secret
We need to create a three-factor authentication system. The system already requires the user's fingerprint and memorized password. Which of the following can we add to implement three separate factors?
A procedure that requires the user's cell phone
We need to create a three-factor authentication system. The system already uses a USB device that is unlocked with the user's fingerprint. Which of the following can we add to implement three separate factors?
A process that requires the user's cell phone
What does authentication do?
Associates an individual with an identity
Kevin wants to attack Bob's computing resources. He is motivated at the "stealth" level. Which of the following attacks might Bob face? Select all that apply.
Borrow Bob's one-time password token Search for written copies of Bob's passwords
We are trying to protect a household computer. We have implemented password-based authentication to protect sensitive data. Which levels of attacker motivation can this authentication typically protect against in this situation? Select all that apply.
No motivation Scant motivation Stealth motivation
There are three types of tokens; which of the following is not a correct type?
Offensive tokens
The phrases below describe types of tokens. Match the type of token with its description.
One-time password token: Transmits different credentials based on an internal clock or counter Passive token: Transmits the same credential every time Challenge-response token: Transmits credentials that vary according to an unpredictable challenge from the computer
In a password system, the total number of possible passwords is called the:
Search space
Are base secrets the same as credentials?
Some base secrets are also credentials, while others are not.
The phrases below describe types of authentication factors. Match the type of authentication factor with its description.
Something you are : Biometric measurement Something you know: Memorized information like a password Something you have: An object containing a base secret, like the magnetic stripe on a cash card
True or False? Biometrics and tokens are a good choice for a household environment.
False
True or False? Biometrics are a favored form of authentication, as they are immune to sniffing attacks.
False
True or False? Biometrics have a fault tolerance of 0.
False
True or False? Entropy refers to the strength of a password system.
False
True or False? Offline attacks are easily detected.
False
True or False? Passive tokens are favored, as they are immune to sniffing attacks.
False
True or False? SHA-1024 is the latest hash algorithm.
False
True or False? True randomness is easily achieved with the random function of an application like Excel.
False
True or False? Two factor authentication is using two passwords
False
True or False? USB tokens are weak because if the public key becomes lost or stolen, the private key can be derived from it.
False
True or False? When selecting a password, random collections of letters contain far less entropy than written words.
False
True or False? When you are biased in selecting a password, you choose your password from the entire search space.
False
True or False? Your fingerprint is a "something you have" factor.
False
Biometric scanners are often connected by ________; this poses a security risk, as sniffed credentials can be fed down this line.
Tokens
Section 6.1.2 describes doorknob-rattling attacks. This is most similar to which of the following attacks?
Trial and error
True or False? A strong threat is willing to spend money, but not willing to leave evidence.
True
True or False? Authentication associates an individual with an identity.
True
In a password system, increasing the work factor results in which of the following? Select all that apply.
Increases the size of the character set from which users choose passwords Increases the length of the password
True or False? Credit reports are a treasured target among identity thieves.
True
True or False? Dictionary attacks differ from trial and error attacks because dictionary attacks focus on likely passwords.
True
True or False? Keyloggers can be hardware or software based.
True
True or False? Low-hanging fruit refers to the easiest targets in an attack.
True
True or False? Never choose a password with a strong personal association.
True
True or False? The one-way hash is a cryptographic function.
True
True or False? When an attacker is attacking a password system, the average attack space estimates the number of guesses required before success is likely.
True
True or False? When the fault tolerance goes up, so do the false positives.
True
True or False? Average attack space measures the time until success is certain.
false
An extreme threat is _________ motivated and is _________ to leave evidence.
highly, willing
The average attack space estimates the number of guesses required before success is ________.
likely
The following are fundamental strategies for authenticating people on computer systems, except:
something you make.
An authentication system that requires the user to provide two different passwords and a fingerprint scan is an example of:
two-factor authentication.
An attack that blocks access to a system by other users is called:
denial of service.
Which of the following authentication techniques are vulnerable to sniffing attacks that replay the sniffed credential? Select all that apply.
Biometric readers Passwords Passive tokens
Here is a list of features of various authentication tokens. Indicate all that are true for one-time password tokens.
The authentication credential and the base secret are always identical. Some tokens use a built-in counter to generate nonces. Some tokens use a built-in clock to generate nonces.
