Intro to Network Security sixth ed chapter 11

C. What you do

1. Which authentication factor is based on a unique talent that a user possesses? A. What you have B. What you are C. What you do D. What you know

C. Common Access Card (CAC)

10. Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel? A. Personal Identity Verification (PIV) card B. Secure ID Card (SIDC) C. Common Access Card (CAC) D. Government Smart Card (GSC)

PBKDF2

A popular key stretching password hash algorithm.

somewhere you are

Authentication based on where the user is located.

rainbow tables

Large pregenerated data sets of encrypted passwords used in password attacks.

retinal scanner

Large pregenerated data sets of encrypted passwords used in password attacks.

disabled

Making an account inactive inactive.

credential management

Managing the login credentials such as passwords in user accounts.

federation

Single sign-on for networks owned by different organizations, also called federated identity management (FIM).

software security token

Software stored on a general-purpose device like a laptop computer or smartphone.

offline attack

Stealing a message digest database and cracking it offline.

false acceptance rate (FAR)

The Frequency at which imposters are accepted as genuine.

crossover error rate (CER)

The biometric error rate in which the FAR and FRR are equal over the size of the population.

false rejection rate (FRR)

The frequency that legitimate users are rejected when using biometric authentication.

password recovery

The policies for recovering a password in the event a user forgets a password.

iris scanner

Using a standard computer webcam to map the unique characteristic of the iris for authentication.

standard biometrics

Using fingerprints or other unique physical characteristics of a person's face, hands, or eyes for authentication.

multifactor authentication

Using more than one type of authentication credential.

single sign-on (SSO)

Using one authentication credential to access multiple accounts or applications.

voice recognition

Using the unique characteristics of a person's voice for authentication.

D. Plaintext password

11. Which of the following should NOT be stored in a secure password database? A. Iterations B. Password digest C. Salt D. Plaintext password

B. Geolocation

12. Creating a pattern of where a user accesses a remote web account is an example of which of the following? A. Keystroke dynamics B. Geolocation C. Time-Location Resource Monitoring (TLRM) D. Cognitive biometrics

D. Brute force attack

13. Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? A. Dictionary attack B. Hybrid attack C. Custom attack D. Brute force attack

C. Height

14. Which human characteristic is NOT used for biometric identification? A. Retina B. Iris C. Height D. Fingerprint

A. Cognitive

15. _____ biometrics is related to the perception, thought processes, and understanding of the user. A. Cognitive B. Standard C. Intelligent D. Behavioral

A. single sign-on

16. Using one authentication credential to access multiple accounts or applications is known as _____. A. single sign-on B. credentialization C. identification authentication D. federal login

B. Cost

17. What is a disadvantage of biometric readers? A. Speed B. Cost C. Weight D. Standards

B. Mask attack

18. Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password? A. Rainbow attack B. Mask attack C. Rule attack D. Pass the hash attack

D. It could result in denial of service (DoS) attacks.

19. Why should the account lockout threshold not be set too low? A. It could decrease calls to the help desk. B. The network administrator would have to reset the account manually. C. The user would not have to wait too long to have her password reset. D. It could result in denial of service (DoS) attacks.

B. A long password

2. Which of these is NOT a characteristic of a weak password? A. A common dictionary word B. A long password C. Using personal information D. Using a predictable sequence of characters

A. HOTP

20. Which one-time password is event-driven? A. HOTP B. TOTP C. ROTP D. POTP

C. Privileged accounts

3. Each of the following accounts should be prohibited EXCEPT: A. Shared accounts B. Generic accounts C. Privileged accounts D. Guest accounts

A. OAuth

4. Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? A. OAuth B. Open ID Connect C. Shibboleth D. NTLM

A. It takes more time to generate candidate password digests.

5. How is key stretching effective in resisting password attacks? A. It takes more time to generate candidate password digests. B. It requires the use of GPUs. C. It does not require the use of salts. D. The license fees are very expensive to purchase and use it.

D. Most sites force users to create weak passwords even though they do not want to.

6. Which of these is NOT a reason why users create weak passwords? A. A lengthy and complex password can be difficult to memorize. B. A security policy requires a password to be changed regularly. C. Having multiple passwords makes it hard to remember all of them. D. Most sites force users to create weak passwords even though they do not want to.

facial recognition

A biometric authentication that is becoming increasingly popular on smartphones that views the user's face.

fingerprint scanner

A device that uses fingerprints as a biometric identifier.

transitive trust

A two-way relationship that is automatically created between parent and child domains in a Microsoft Active Directory forest.

something you have

A type of authentication credential based on the approved user having a specific item in his or her possession.

service account

A user account that is created explicitly to provide a security context for services running on a server.

password history

An account enforcement pol-icy that determines how many days a new pass-word must be kept before the user can change it.

password expiration

An account enforcement policy that determines how many days a password can be used before the user is required to change it.

password complexity

An account enforcement policy that determines passwords must meet complexity requirements.

authentication

Proving that a user is genuine, and not an imposter.

B. An attack that combines a dictionary attack with a mask attack

7. What is a hybrid attack? A. An attack that uses both automated and user input B. An attack that combines a dictionary attack with a mask attack C. A brute force attack that uses special tables D. An attack that slightly alters dictionary words

B. For as long as it appears on the device

8. A TOTP token code is generally valid for what period of time? A. Only while the user presses SEND B. For as long as it appears on the device C. For up to 24 hours D. Until an event occurs

D. Multifactor authentication system

9. What is a token system that requires the user to enter the code along with a PIN called? A. Single-factor authentication system B. Token-passing authentication system C. Dual-prong verification system D. Multifactor authentication system

common access card (CAC)

A U.S. Department of Defense (DoD) smart card used for identification of active-duty and reserve military personnel along with civilian employees and special contractors.

Personal Identity Verification (PIV)

A U.S. government standard for smart cards that covers all government employees.

smart card

A card that contains an integrated circuit chip that can hold information used as part of the authentication process.

proximity card

A contactless card that does not require physical contact with the card itself for authentication.

Shibboleth

A federation technology open source software package for designing single sign-on (SSO).

Open ID Connect

A federation technology that provides user authentication information.

NTLM (New Technology LAN Manager) hash

A hash used by modern Microsoft Windows operating systems for creating password digests.

security token

A means of authentication based on a token that the user has.

time-based one-time password (TOTP)

A one-time password that changes after a set period.

HMAC-based one-time password (HOTP)

A one-time password that changes when a specific event occurs.

brute force attack

A password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file.

dictionary attack

A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.

key stretching

A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest.

bcrypt

A popular key stretching password hash algorithm.

group policy

A preferred approach is to assign privileges by group instead of individually.

password

A secret combination of letters, numbers, and/or characters that only the user should have knowledge of.

hardware security token

A small device (usually one that can be affixed to a keychain) with a window display.

password length

An account enforcement policy that determines the minimum password length.

password reuse

An account enforcement policy that determines the number of unique new passwords a user must use before an old password can be reused.

password lockout

An account enforcement policy that prevents a logon after a set number of failed logon attempts within a specified period and can also specify the length of time that the lockout is in force.

guest account

An account given to temporary users.

generic account

An account not tied to a specific person.

shared account

An account used by more than one user.

privileged account

An account which powerful rights, privileges, and permissions are granted so that a user could perform nearly any action.

pass the hash

An attack in which the user sends the hash to the remote system to then be authenticated on an NTLM system.

online attack

An attempt to enter different passwords at the login prompt until the right password is guessed.

something you are

An authentication method based on the features and characteristics of the individual.

OAuth

An open source federation framework.

something you do

Authentication based on actions that the user is uniquely qualified to perform.

something you know

Authentication based on something the user knows but no one else knows.