Quiz 11 Review
Which of these is NOT a characteristic of a weak password?
A long password
What is a hybrid attack?
An attack that combines a dictionary attack with a mask attack
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?
Brute force attack
Why should the account lockout threshold not be set too low?
It could result in denial of service (DoS) attacks.
How is key stretching effective in resisting password attacks?
It takes more time to generate candidate password digests.
Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password?
Mask attack
Which of these is NOT a reason why users create weak passwords?
Most sites force users to create weak passwords even though they do not want to.
What is a token system that requires the user to enter the code along with a PIN called?
Multifactor authentication system
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?
OAuth
Which of the following should NOT be stored in a secure password database?
Plaintext password
Each of the following accounts should be prohibited EXCEPT:
Privileged accounts
Which authentication factor is based on a unique talent that a user possesses?
What you do
Using one authentication credential to access multiple accounts or applications is known as _____.
single sign-on
_____ biometrics is related to the perception, thought processes, and understanding of the user.
Cognitive
Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel?
Common Access Card (CAC)
Which human characteristic is NOT used for biometric identification?
Height
What is a disadvantage of biometric readers?
Cost
A TOTP token code is generally valid for what period of time?
For as long as it appears on the device
Creating a pattern of where a user accesses a remote web account is an example of which of the following?
Geolocation
Which one-time password is event-driven?
HOTP