Security+ Ch 12 Authentication and Account Management

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

c. what you do

1. Which authentication factor is based on a unique talent that a user possesses? a. what you have b. what you are c. what you do d. what you know

b. Common Access Card (CAC)

10. Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel? a. Personal Identity Verification (PIV) card b. Common Access Card (CAC) c. Government Smart Card (GSC) d. Secure ID Card (SIDC)

a. behavioral

11. Keystroke dynamics is an example of which type of biometrics? a. behavioral b. resource c. cognitive d. adaptive

a. Cognitive

15. ___________ biometrics is related to the perception, thought processes, and understanding of the user. a. Cognitive b. Standard c. Intelligent d. Behavioral

c. single sign-on

16. Using one authentication credential to access multiple accounts or applications is known as _____. a. credentialization b. identification authentication c. single sign-on d. federal login

a. cost

17. What is a disadvantage of biometric readers? a. cost b. speed c. size d. standards

a. OAuth

18. Which single sign-on (SSO) technology depends on tokens? a. OAuth b. CardSpace c. OpenID d. All SSO technologies use tokens.

d. It could result in denial of service (DoS) attacks.

19. Why should the account lockout threshold not be set too low? a. It could decrease calls to the help desk. b. The network administrator would have to reset the account manually. c. The user would not have to wait too long to have her password reset. d. It could result in denial of service (DoS) attacks.

a. HOTP

20. Which one-time password is event-driven? a. HOTP b. TOTP c. ROTP d. POTP

a. OAuth

22. What federated identity management (FIM) relies on token credentials? a. OAuth b. OpenID c. Windows Live d. OpenPass

d. protocol analyzer

23. Passwords that are transmitted can be captured by what type of software? a. application analyzer b. system analyzer c. function analyzer d. protocol analyzer

c. Standard biometrics

24. What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face? a. Cognitive biometrics b. Reactive biometrics c. Standard biometrics d. Affective biometrics

d. MD5

28. Which hashing algorithm below is used with NTLMv2's Hashed Message Authentication Code? a. SHA1 b. SHA256 c. MD4 d. MD5

b. Single Sign On

29. The use of one authentication credential to access multiple accounts or applications is referred to as? a. Individual Sign On b. Single Sign On c. Unilateral Sign On d. Federated Sign On

a. pre-image attack

3. Which attack is an attempt to compare a known digest to an unknown digest? a. pre-image attack b. birthday attack c. configuration attack d. SNIP attack

a. Common Access Card (CAC)

30. A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called: a. Common Access Card (CAC) b. Identity Validation Card (IVC) c. Credential Validation Card (CVC) d. Personal Credential Card (PCC)

c. LM (LAN Manager) hash

4. Which of these algorithms is the weakest for creating password digests? a. SHA-1 b. MD-5 c. LM (LAN Manager) hash d. NTLM (New Technology LAN Manager) hash

a. geolocation

12. Creating a pattern of where a user accesses a remote web account is an example of ___________. a. geolocation b. Time-Location Resource Monitoring (TLRM) c. keystroke dynamics d. cognitive biometrics

d. OpenID

13. Which of these is a decentralized open-source FIM that does not require specific software to be installed on the desktop? a. Windows Live ID b. SSO Login Resource (SSO-LR) c. Windows CardSpace d. OpenID

c. weight

14. Which human characteristic is NOT used for biometric identification? a. retina b. face c. weight d. fingerprint

b. a long password

2. Which of these is NOT a characteristic of a weak password? a. a common dictionary word b. a long password c. using personal information d. using a predictable sequence of characters

b. Brute force

21. What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file? a. Space division b. Brute force c. Known ciphertext d. Known plaintext

a. It takes more time to generate candidate password digests.

5. How is key stretching effective in resisting password attacks? a. It takes more time to generate candidate password digests. b. It requires the use of GPUs. c. It does not require the use of salts. d. The license fees are very expensive to purchase and use it.

d. Most sites force users to create weak passwords even though they do not want to.

6. Which of these is NOT a reason why users create weak passwords? a. A lengthy and complex password can be difficult to memorize. b. A security policy requires a password to be changed regularly. c. Having multiple passwords makes it hard to remember all of them. d. Most sites force users to create weak passwords even though they do not want to.

d. an attack that slightly alters dictionary words

7. What is a hybrid attack? a. an attack that uses both automated and user input b. an attack that combines a dictionary attack with an online guessing attack c. a brute force attack that uses special tables d. an attack that slightly alters dictionary words

a. for as long as it appears on the device

8. A TOTP token code is valid ___________. a. for as long as it appears on the device b. for up to 24 hours c. only while the user presses SEND d. until an event occurs

d. multifactor authentication system

9. What is a token system that requires the user to enter the code along with a PIN called? a. single-factor authentication system b. token-passing authentication system c. dual-prong verification system d. multifactor authentication system

a. Rainbow tables

25. The use of what item below involves the creation of a large pregenerated data set of candidate digests? a. Rainbow tables b. Randomized character list c. Word list d. Cascade tables

c. Cognitive biometrics

26. Which type of biometrics is based on the perception, thought process, and understanding of the user? a. Standard biometrics b. Reactive biometrics c. Cognitive biometrics d. Affective biometrics

a. human memory

27. What is the center of the weakness of passwords? a. human memory b. encryption technology c. handshake technology d. human reliability


Ensembles d'études connexes

Nursing Care Related to Assessment of a Pregnant Family. CH11

View Set

CS370 Midterm 1 Study Guide Terms

View Set

Child, Partner, and Elder Violence

View Set

Insurance Exam - Missed questions

View Set

Accounting - Financial Accounting: Information for Decisions - Wild 9e Introducting Financial Statements

View Set