MIS Midterm CH 12

Pablo has been asked to look into security keys that have a feature of a key pair that is "burned" into the security key during manufacturing time and is specific to a device model. What feature is this? a. Authorization b. Authentication c. Attestation d. Accountability

Attestation

Which of the following is NOT an MFA using a smartphone? a. Authentication app b. Biometric gait analysis c. SMS text message d. Automated phone call

Biometric gait analysis

Which of these attacks is the last-resort effort in cracking a stolen password digest file? a. Hybrid b. Mask c. Rule list d. Brute force

Brute force

Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? a. Dictionary attack b. Hybrid attack c. Custom attack d. Brute force attack

Brute force attack

What is a disadvantage of biometric readers? a. Speed b. Cost c. Weight d. Standards

Cost

Which one-time password is event driven? a. HOTP b. TOTP c. ROTP d. POTP

HOTP

Which human characteristic is NOT used for biometric identification? a. Retina b. Iris c. Height d. Fingerprint

Height

How is the Security Assertion Markup Language (SAML) used? a. It serves as a backup to a RADIUS server. b. It allows secure web domains to exchange user authentication and authorization data. c. It is an authenticator in IEEE 802.1x. d. It is no longer used because it has been replaced by LDAP.

It allows secure web domains to exchange user authentication and authorization data.

How is key stretching effective in resisting password attacks? a. It takes more time to generate candidate password digests. b. It requires the use of GPUs. c. It does not require the use of salts. d. The license fees are very expensive to purchase and use it.

It takes more time to generate candidate password digests.

Which of the following is the Microsoft version of EAP? a. EAP-MS b. AD-EAP c. PAP-Microsoft d. MS-CHAP

MS-CHAP

Which of these creates a format of the candidate password to significantly reduce the time needed to crack a password? a. Rainbow b. Mask c. Rule d. Pass the hash

Mask

Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? a. OAuth b. Open ID c. Shibboleth d. NTLM

OAuth

Fernando is explaining to a colleague how a password cracker works. Which of the following is a valid statement about password crackers? a. Most states prohibit password crackers unless they are used to retrieve a lost password. b. Due to their advanced capabilities, they require only a small amount of computing power. c. A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken. d. Password crackers differ as to how candidates are created.

Password crackers differ as to how candidates are created.

Which attack uses one or a small number of commonly used passwords to attempt to log in to several different user accounts? a. Online brute force attack b. Offline brute force attack c. Password spraying attack d. Role attack

Password spraying attack

Which of the following is NOT used for authentication? a. Somewhere you are b. Something you exhibit c. Something you can do d. Something you can find

Something you can find

Which of these is NOT a reason that users create weak passwords? a. A lengthy and complex password can be difficult to memorize. b. A security policy requires a password to be changed regularly. c. Having multiple passwords makes it hard to remember all of them. d. The length and complexity required force users to circumvent creating strong passwords.

The length and complexity required force users to circumvent creating strong passwords.

Why are dictionary attacks successful? a. Password crackers using a dictionary attack require less RAM than other types of password crackers. b. They link known words together in a "string" for faster processing. c. Users often create passwords from dictionary words. d. They use pregenerated rules to speed up the processing.

Users often create passwords from dictionary words.

_________________ biometrics is related to the perception, thought processes, and understanding of the user. a. Cognitive b. Standard c. Intelligent d. Behavioral

Cognitive

Which of the following should NOT be stored in a secure password database? a. Iterations b. Password digest c. Salt d. Plaintext password

Plaintext password

Which of the following is an authentication credential used to access multiple accounts or applications? a. Single sign-on b. Credentialization c. Identification authentication d. Federal login

Single sign-on