Chapter 12
_____ biometrics is related to the perception, thought processes, and understanding of the user. A) Cognitive B) Standard C) Intelligent D) Behavioral
Cognitive
Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel? A) Personal Identity Verification (PIV) card B) Common Access Card (CAC) C) Government Smart Card (GSC) D) Secure ID Card (SIDC)
Common Access Card (CAC)
Why should the account lockout threshold not be set too low? A) It could decrease calls to the help desk. B) The network administrator would have to reset the account manually. C) The user would not have to wait too long to have her password reset. D) It could result in denial of service (DoS) attacks.
It could result in denial of service (DoS) attacks.
How is key stretching effective in resisting password attacks? A) It takes more time to generate candidate password digests. B) It requires the use of GPUs. C) It does not require the use of salts. D) The license fees are very expensive to purchase and use it.
It takes more time to generate candidate password digests.
Which of the following does not take into consideration upper and lowercase letters during the cryptographic function? A) PBKDF2 B) LAN Manager hash C) NTLM D) HMAC
LAN Manager hash
Which of these algorithms is the weakest for creating password digests? A) SHA-1 B) MD-5 C) LM (LAN Manager) hash D) NTLM (New Technology LAN Manager) hash
LM (LAN Manager) hash
Which of these is NOT a reason why users create weak passwords? A) A lengthy and complex password can be difficult to memorize. B) A security policy requires a password to be changed regularly. C) Having multiple passwords makes it hard to remember all of them. D) Most sites force users to create weak passwords even though they do not want to.
Most sites force users to create weak passwords even though they do not want to.
Which single sign-on (SSO) technology depends on tokens? A) OAuth B) CardSpace C) OpenID D) All SSO technologies use tokens
OAuth
Which of these is a decentralized open-source FIM that does not require specific software to be installed on the desktop? A) Windows Live ID B) SSO Login Resource (SSO-LR) C) Windows CardSpace D) OpenID
OpenID
Which of the following is the fastest, most efficient offline password cracking technique? A) Brute Force B) Hybrid Attack C) Rainbow tables D) Dictionary Attack
Rainbow tables
Which of the following is a true statement about salts? A) Salts modify hash algorithms B) Salts can change identical passwords C) Salts should not be random D) Salts eliminate the possibility of a brute force attack
Salts can change identical passwords
Which of the following authentication method combinations is an example of multifactor authentication? A) Geolocation and voice recognition B) TOTP, password, and a username C) Voice recognition and keystroke dynamics D) Smart card and an OTP
TOTP, password, and a username
What does Open Authorization rely on to function and share resources across sites? A) Identification management B) Username and password C) Token credentials D) Token identification objects
Token credentials
Which of these is NOT a characteristic of a weak password? A) a common dictionary word B) a long password C) using personal information D) using a predictable sequence of characters
a long password
What is a hybrid attack? A) an attack that uses both automated and user input B) an attack that combines a dictionary attack with an online guessing attack C) a brute force attack that uses special tables D) an attack that slightly alters dictionary words
an attack that slightly alters dictionary words
Keystroke dynamics is an example of which type of biometrics? A) behavioral B) resource C) cognitive D) adaptive
behavioral
What is a disadvantage of biometric readers? A) cost B) speed C) size D) standards
cost
A TOTP token code is valid _____. A) for as long as it appears on the device B) for up to 24 hours C) only while the user presses SEND D) until an event occurs
for as long as it appears on the device
Creating a pattern of where a user accesses a remote web account is an example of _____. A) geolocation B) Time-Location Resource Monitoring (TLRM) C) keystroke dynamics D) cognitive biometrics
geolocation
What is the center of the weakness of passwords? A) human memory B) encryption technology C) handshake technology D) human reliability
human memory
What is a token system that requires the user to enter the code along with a PIN called? A) single-factor authentication system B) token-passing authentication system C) dual-prong verification system D) multifactor authentication system
multifactor authentication system
Which attack is an attempt to compare a known digest to an unknown digest? A) pre-image attack B) birthday attack C) configuration attack D) SNIP attack
pre-image attack
Authentication factors or credentials assist in verifying which of the following? A) Employee is committing fraud B) Performance of an individual C) Quality of the employee D) Genuine identity
Genuine identity
Using one authentication credential to access multiple accounts or applications is known as _____. A) credentialization B) identification authentication C) single sign-on D) federal login
single sign-on
Which human characteristic is NOT used for biometric identification? A) retina B) face C) weight D) fingerprint
weight
Which authentication factor is based on a unique talent that a user possesses? A) what you have B) what you are C) what you do D) what you know
what you do
What federated identity management (FIM) relies on token credentials? A) OAuth B) OpenID C) Windows Live D) OpenPass
OAuth
Select below the decentralized open-source FIM that does not require specific software to be installed on the desktop: A) OAuth B) OpenID C) Windows Live ID D) OpenPass
OpenID
What type of one-time password (OTP) changes after a set time period? A) HMAC-Based one-time password (HOTP) B) Period-based one-time password (POTP) C) Time-based one-time password (TOTP) D) Interval-based one-time password (IOTP)
HMAC-Based one-time password (HOTP)
Which one-time password is event-driven? A) HOTP B) TOTP C) ROTP D) POTP
HOTP
