Quiz: Module 12 Authentication
Which of the following is an authentication credential used to access multiple accounts or applications? a. Federal login b. Identification authentication c. Single sign-on d. Credentialization
Single sign-on One application of federation is single sign-on (SSO) or using one authentication credential to access multiple accounts or applications. SSO holds the promise of reducing the number of usernames and passwords that users must memorize.
Which of the following is the Microsoft version of EAP? a. AD-EAP b. EAP-MS c. MS-CHAP d. PAP-Microsoft
MS-CHAP EAP was created as a more secure alternative than the weak Challenge-Handshake Authentication Protocol (CHAP), and the Microsoft version of CHAP is MS-CHAP.
Which of the following is NOT an MFA using a smartphone? a. SMS text message b. Automated phone call c. Authentication app d. Biometric gait analysis
Biometric gait analysis Gait analysis requires more technology than a smartphone to measure.
Which of these attacks is the last-resort effort in cracking a stolen password digest file? a. Rule list b. Mask c. Brute force d. Hybrid
Brute force As the slowest attack, a brute force attack is the last resort.
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? a. Brute force attack b. Dictionary attack c. Custom attack d. Hybrid attack
Brute force attack A brute force attack is the slowest yet most thorough type.
_____ biometrics is related to the perception, thought processes, and understanding of the user. a. Standard b. Intelligent c. Behavioral d. Cognitive
Cognitive Cognitive biometrics is considered to be much easier for the user to remember because it is based on the user's life experiences. This also makes it more difficult for an attacker to imitate. Cognitive biometrics is also called knowledge-based authentication.
How is the Security Assertion Markup Language (SAML) used? a. It serves as a backup to a RADIUS server. b. It is an authenticator in IEEE 802.1x. c. It is no longer used because it has been replaced by LDAP. d. It allows secure web domains to exchange user authentication and authorization data.
It allows secure web domains to exchange user authentication and authorization data. Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. This allows a user's login credentials to be stored with a single identity provider instead of being stored on each web service provider's server.
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? a. Open ID b. NTLM c. OAuth d. Shibboleth
OAuth OAuth is a federation system technology that is an open source federation framework that can support the development of authorization protocols.
Which attack uses one or a small number of commonly used passwords to attempt to log in to several different user accounts? a. Password spraying attack b. Offline brute force attack c. Role attack d. Online brute force attack
Password spraying attack A password spraying attack uses one or a small number of commonly used passwords (Password1 or 123456) and then uses this same password when trying to log in to several different user accounts. Because this targeted guess is spread across many different accounts instead of attempting multiple password variations on a single account, it is much less likely to raise any alarms or lock out the user account from too many failed password attempts.
Which of the following should NOT be stored in a secure password database? a. Plaintext password b. Iterations c. Salt d. Password digest
Plaintext password Passwords should never be stored in plaintext.
Which of the following is NOT used for authentication? a. Something you can find b. Something you exhibit c. Somewhere you are d. Something you can do
Something you can find Something you can find is not used for authentication.
Which one-time password is event driven? a. ROTP b. POTP c. HOTP d. TOTP
HOTP Instead of changing after a set number of seconds, an HMAC-based one-time password (HOTP) password is "event driven" and changes when a specific event occurs, such as when a user enters a personal identification number (PIN) on the token's keypad, which triggers the token to create a random code.
Which human characteristic is NOT used for biometric identification? a. Height b. Fingerprint c. Iris d. Retina
Height Height cannot be used for biometric identification because many people share the same height.
Which of these is NOT a reason that users create weak passwords? a. A lengthy and complex password can be difficult to memorize. b. A security policy requires a password to be changed regularly. c. Having multiple passwords makes it hard to remember all of them. d. The length and complexity required force users to circumvent creating strong passwords.
The length and complexity required force users to circumvent creating strong passwords. Length and complexity do not force users to circumvent creating strong passwords.
How is key stretching effective in resisting password attacks? a. It takes more time to generate candidate password digests. b. It requires the use of GPUs. c. The license fees are very expensive to purchase and use it. d. It does not require the use of salts.
It takes more time to generate candidate password digests. Using general-purpose hash algorithms like MD5 and SHA is not considered secure for creating digests because these hashing algorithms are designed to create a digest as quickly as possible. The fast speed of general-purpose hash algorithms works in an attacker's favor. When an attacker is creating candidate digests, a general-purpose hashing algorithm can rapidly create a very large number of passwords for matching purposes. A more secure approach for creating password digests is to use a specialized password hash algorithm that is intentionally designed to be slower.
Which of these creates a format of the candidate password to significantly reduce the time needed to crack a password? a. Rainbow b. Overlay c. Pass the hash d. Mask
Mask A mask can reduce the time needed to crack a password by creating a format.
Why are dictionary attacks successful? a. They use pregenerated rules to speed up the processing. b. Password crackers using a dictionary attack require less RAM than other types of password crackers. c. They link known words together in a "string" for faster processing. d. Users often create passwords from dictionary words.
Users often create passwords from dictionary words. Because users often create passwords from dictionary words, this makes the attack successful.
Pablo has been asked to look into security keys that have a feature of a key pair that is "burned" into the security key during manufacturing time and is specific to a device model. What feature is this? a. Accountability b. Authentication c. Attestation d. Authorization
Attestation Attestation is a key pair that is "burned" into the security key during manufacturing and is specific to a device model. It can be used to cryptographically prove that a user has a specific model of device when it is registered.
What is a disadvantage of biometric readers? a. Cost b. Weight c. Speed d. Standards
Cost Biometric readers can be very expensive.
Fernando is explaining to a colleague how a password cracker works. Which of the following is a valid statement about password crackers? a. Password crackers differ as to how candidates are created. b. Most states prohibit password crackers unless they are used to retrieve a lost password. c. A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken. d. Due to their advanced capabilities, they require only a small amount of computing power.
Password crackers differ as to how candidates are created. These programs create known digests (called candidates) and then compare them against the stolen digests. When a match occurs, then the attacker knows the underlying password. Password crackers differ as to how these candidates are created.
