Chapter 12
What technology allows users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site?
OAuth
What type of attack involves an attacker stealing a file containing password digests and comparing the digests with digests created by the attacker?
Offline Cracking
Select below the decentralized open-source FIM that does not require specific software to be installed on the desktop:
OpenID
The use of what item below involves the creation of a large pre-generated data set of candidate digests?
Rainbow tables
What can be used to increase the strength of hashed passwords?
Salt
What federated identity management (FIM) relies on token credentials?
OAuth
What type of one-time password (OTP) changes after a set time period?
Time-based one-time password (TOTP)
A list of the available nonkeyboard characters can be seen in Windows by opening what utility?
charmap.exe
What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file?
Brute force
Cognitive biometrics
Cognitive biometrics
Which term below describes the time it takes for a key to be pressed and then released?
Dwell time
The use of a single authentication credential
Identity management
The use of one authentication credential to access multiple accounts or applications is referred to as?
Single Sign On
What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face?
Standard biometrics
What is the center of the weakness of passwords?
human memory
What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters?
hybrid
A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:
password
Passwords that are transmitted can be captured by what type of software?
protocol analyzer
A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:
Common Access Card (CAC)
Which hashing algorithm below is used with NTLMv2's Hashed Message Authentication Code?
MD5