Chapter 6

Ace your homework & exams now with Quizwiz!

Which type of password attack is used on weak passwords and compares a hashed value of the passwords to the system password file to find a match? Brute-force attack Dictionary attack Social engineering attack Rainbow table attack

Dictionary attack

True or False? The four central components of access control are users, resources, actions, and features. True False

False The four central components of access control are users, resources, actions, and RELATIONSHIP.

True or False? A smart card is an example of a logical access control. True False

False A smart card is an example of a PHYSICAL access control.

True or False? An authentication, authorization, and accounting (AAA) server, such as Remote Authentication Dial-In User Service (RADIUS), is a type of decentralized access control. True False

False An authentication, authorization, and accounting (AAA) server, such as Remote Authentication Dial-In User Service (RADIUS), is a type of CENTRALIZED access control.

True or False? Authentication by characteristics/biometrics is based on something you have, such as a smart card, a key, a badge, or either a synchronous or asynchronous token. True False

False Authentication by OWNERSHIP is based on something you have, such as a smart card, a key, a badge, or either a synchronous or asynchronous token.

True or False? Passphrases are less secure than passwords. True False

False Passphrases are MORE secure than passwords.

True or False? The number of failed logon attempts that trigger an account action is called an audit logon event. True False

False The number of failed logon attempts that trigger an account action is called the THRESHOLD. Audit logon events provide you with a record of when every user logs on or off a computer.

Keisha is a network administrator. She wants a cloud-based service that will allow her to load operating systems on virtual machines and manage them as if they were local servers. What service is Keisha looking for? Remote Authentication Dial-In User Service (RADIUS) Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS)

Infrastructure as a Service (IaaS)

Which type of authentication includes smart cards? Location Action Knowledge Ownership

Ownership

What is an example of a logical access control? Password Key for a lock Access card Fence

Password

What is an example of two-factor authentication (2FA)? Token and smart card PIN and password Smart card and personal identification number (PIN) Password and security questions

Smart card and personal identification number (PIN)

True or False? Authentication by action is based on something you do, such as typing. True False

True

True or False? Authentication by knowledge is based on something the user knows, such as a password, passphrase, or personal identification number (PIN). True False

True

True or False? Common methods used to identify a user to a system include username, smart card, and biometrics. True False

True

True or False? Physically disabled users might have difficulty with biometric system accessibility, specifically with performance-based biometrics. True False

True

The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control. CPU security kernel memory coprocessor

security kernel

Devaki is evaluating different biometric systems. She understands that users might not want to subject themselves to retinal scans due to privacy concerns. Which concern of a biometric system is she considering? Acceptability Dynamism Accuracy Reaction time

Acceptability

Lincoln is a network security specialist. He is updating the password policy for his company's computing infrastructure. His primary method of improving password policy involves lowering the chance that an attacker can compromise and use the password before it expires. What does he do? Requires all passwords to contain at least eight alphanumeric characters Mandates that no password includes words common in an English dictionary Enables a 30-day password change policy Forbids a password being changed to any of the previous 10 passwords listed in the password history

Enables a 30-day password change policy

True or False? Voice pattern biometrics are accurate for authentication because voices cannot easily be replicated by computer software. True False

False Voice patterns biometrics are not accurate for authentication because voices can be too easily replicated by computer software and accuracy can be further diminished by background noise.

Wen is a network engineer. For several months, he has been designing a system of controls to allow and restrict access to network assets based on various methods and information. He is currently configuring the authentication method. What does this method do? Determines how actions can be traced to an individual Grants or denies a requestor access and what they can do on a network Answers the question "who is asking to access the asset?" Verifies that requestors are who they claim to be

Verifies that requestors are who they claim to be


Related study sets

Sales Comparison Approach - Final Exam

View Set

PMP Exam Chapter 7 Cost Management

View Set

Chapter 19b: Change of Direction and Agility Training

View Set

Ch. 24 Retirement and Estate Planning

View Set

APES Toxins, Toxicology, Bioaccumulation & Biomagnification (Unit 8)

View Set