Chapter 12

What technology allows users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site?

OAuth

What type of attack involves an attacker stealing a file containing password digests and comparing the digests with digests created by the attacker?

Offline Cracking

​Select below the decentralized open-source FIM that does not require specific software to be installed on the desktop:

OpenID

The use of what item below involves the creation of a large pre-generated data set of candidate digests?

Rainbow tables

What can be used to increase the strength of hashed passwords?​

Salt

​What federated identity management (FIM) relies on token credentials?

​OAuth

​What type of one-time password (OTP) changes after a set time period?

​Time-based one-time password (TOTP)

​A list of the available nonkeyboard characters can be seen in Windows by opening what utility?

​charmap.exe

What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file?

Brute force

Cognitive biometrics

Cognitive biometrics

Which term below describes the time it takes for a key to be pressed and then released?

Dwell time

The use of a single authentication credential

Identity management

The use of one authentication credential to access multiple accounts or applications is referred to as?

Single Sign On

What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face?

Standard biometrics

What is the center of the weakness of passwords?

human memory

What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters?

hybrid

A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:

password

Passwords that are transmitted can be captured by what type of software?

protocol analyzer

​A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:

​Common Access Card (CAC)

​Which hashing algorithm below is used with NTLMv2's Hashed Message Authentication Code?

​MD5