Module 2 ITN 262 QUIZ chapter 6

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Bob lives at home during the summer. His little brother, Tom, is fascinated by computers and with everything his big brother does. Tom loves to watch Bob log in to his summer job's remote site and do things. Tom often goes into Bob's room and looks through his things. Given this, which authentication technique—by itself—resists the risk of Tom masquerading as Bob?

A memorized, hard-to-guess password

Which of the following most effectively resists a trial-and-error guessing attack? All sizes are in terms of decimal digits.

A passive authentication token with a 9-digit base secret

We need to create a three-factor authentication system. The system already requires the user's fingerprint and memorized password. Which of the following can we add to implement three separate factors?

A procedure that requires the user's cell phone

We need to create a three-factor authentication system. The system already uses a USB device that is unlocked with the user's fingerprint. Which of the following can we add to implement three separate factors?

A process that requires the user's cell phone

What does authentication do?

Associates an individual with an identity

Kevin wants to attack Bob's computing resources. He is motivated at the "stealth" level. Which of the following attacks might Bob face? Select all that apply.

Borrow Bob's one-time password token Search for written copies of Bob's passwords

We are trying to protect a household computer. We have implemented password-based authentication to protect sensitive data. Which levels of attacker motivation can this authentication typically protect against in this situation? Select all that apply.

No motivation Scant motivation Stealth motivation

There are three types of tokens; which of the following is not a correct type?

Offensive tokens

The phrases below describe types of tokens. Match the type of token with its description.

One-time password token: Transmits different credentials based on an internal clock or counter Passive token: Transmits the same credential every time Challenge-response token: Transmits credentials that vary according to an unpredictable challenge from the computer

In a password system, the total number of possible passwords is called the:

Search space

Are base secrets the same as credentials?

Some base secrets are also credentials, while others are not.

The phrases below describe types of authentication factors. Match the type of authentication factor with its description.

Something you are : Biometric measurement Something you know: Memorized information like a password Something you have: An object containing a base secret, like the magnetic stripe on a cash card

True or False? Biometrics and tokens are a good choice for a household environment.

False

True or False? Biometrics are a favored form of authentication, as they are immune to sniffing attacks.

False

True or False? Biometrics have a fault tolerance of 0.

False

True or False? Entropy refers to the strength of a password system.

False

True or False? Offline attacks are easily detected.

False

True or False? Passive tokens are favored, as they are immune to sniffing attacks.

False

True or False? SHA-1024 is the latest hash algorithm.

False

True or False? True randomness is easily achieved with the random function of an application like Excel.

False

True or False? Two factor authentication is using two passwords

False

True or False? USB tokens are weak because if the public key becomes lost or stolen, the private key can be derived from it.

False

True or False? When selecting a password, random collections of letters contain far less entropy than written words.

False

True or False? When you are biased in selecting a password, you choose your password from the entire search space.

False

True or False? Your fingerprint is a "something you have" factor.

False

Biometric scanners are often connected by ________; this poses a security risk, as sniffed credentials can be fed down this line.

Tokens

Section 6.1.2 describes doorknob-rattling attacks. This is most similar to which of the following attacks?

Trial and error

True or False? A strong threat is willing to spend money, but not willing to leave evidence.

True

True or False? Authentication associates an individual with an identity.

True

In a password system, increasing the work factor results in which of the following? Select all that apply.

Increases the size of the character set from which users choose passwords Increases the length of the password

True or False? Credit reports are a treasured target among identity thieves.

True

True or False? Dictionary attacks differ from trial and error attacks because dictionary attacks focus on likely passwords.

True

True or False? Keyloggers can be hardware or software based.

True

True or False? Low-hanging fruit refers to the easiest targets in an attack.

True

True or False? Never choose a password with a strong personal association.

True

True or False? The one-way hash is a cryptographic function.

True

True or False? When an attacker is attacking a password system, the average attack space estimates the number of guesses required before success is likely.

True

True or False? When the fault tolerance goes up, so do the false positives.

True

True or False? Average attack space measures the time until success is certain.

false

An extreme threat is _________ motivated and is _________ to leave evidence.

highly, willing

The average attack space estimates the number of guesses required before success is ________.

likely

The following are fundamental strategies for authenticating people on computer systems, except:

something you make.

An authentication system that requires the user to provide two different passwords and a fingerprint scan is an example of:

two-factor authentication.

An attack that blocks access to a system by other users is called:

denial of service.

Which of the following authentication techniques are vulnerable to sniffing attacks that replay the sniffed credential? Select all that apply.

Biometric readers Passwords Passive tokens

Here is a list of features of various authentication tokens. Indicate all that are true for one-time password tokens.

The authentication credential and the base secret are always identical. Some tokens use a built-in counter to generate nonces. Some tokens use a built-in clock to generate nonces.


Set pelajaran terkait

Community health exam 1 test bank

View Set

Domain 2.0 Percipio Network+ Practice Test

View Set

Worksheet 33.1: Nature and Classification of Corporations

View Set

CC 302 Module 4 Practice and Graded Quizzes

View Set

Contract Law - Contractual Capacity

View Set