ISM 4323 Quiz Module 12 Authentication
It is just not possible to guess a person's Twitter account password. True False
False
An attacker collected many usernames from a website and tried to login into the accounts using the password "passw0rd". What type of attack was this? Password spraying Pass the hash attack Password phishing Brute force attack
Password spraying
You are a cyber forensic specialist, and you are asked to retrieve the password of an employee account suspected of being an imposter. As you are provided with the enterprise's strong password policy, which of the following methods will be the easiest for you to use when retrieving the password? Dictionary attack Rule attack Brute force attack Hybrid attack
Rule attack
Which of the following authentication methods belongs in the "something you have" category? Keystroke dynamics Picture password Security key Gait recognition
Security key
You should use two factor authentication. True False
True
Which of the following human characteristic is used for authentication? Veins Breathing pattern Height Facial expression
Veins
In an interview, you are asked to compare the following statements regarding different authentication concepts and identify the correct statement. Which of the following statements is correct? a) A person's vein can be used to uniquely authenticate an individual. b) A windowed token displays a static code. c) Physiological biometrics is relating to the way in which the mind functions. d) A HMAC-based one-time password (HOTP) changes after a set period of time.
a) A person's vein can be used to uniquely authenticate an individual.
While analyzing a security breach, you found the attacker followed these attack patterns: The attacker initially tried the commonly used password "passw0rd" on all enterprise user accounts and then started trying various intelligible words like "passive," "partner," etc. Which of the following attacks was performed by the attacker? a) Initially, a password spraying attack and then a brute force attack. b) Initially, a brute force attack and then a dictionary attack. c) Initially, a brute force attack and then a password spraying attack. d) Initially, a dictionary attack and then a rule attack.
a) Initially, a password spraying attack and then a brute force attack.
In an interview, you were asked to explain the steps involved in a successful authentication by a RADIUS server. How should you answer? a) The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network. b) The supplicant prompts the user for the credentials. On entering the credentials, the supplicant sends a request to the access point (AP). The AP then sends an authentication request to the RADIUS server.If verified, the server sends an authentication acknowledgment to the AP. The user is then authorized to join the network. c) The access point (AP) sends a request to the supplicant. The supplicant prompts the user for the credentials. On entering the credentials, the supplicant sends an authentication request to the RADIUS server. If verified, the server sends an authentication acknowledgment to the supplicant, and the user is authorized to join the network. d) The access point (AP) prompts the user for credentials. On entering the credentials, the AP sends a request to the supplicant. The supplicant sends an authentication request to the RADIUS server.If verified, the server sends an authentication acknowledgment to the AP. The user is then authorized to join the network.
a) The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network.
In an interview, you were asked to choose the least vulnerable password from the following list. Which of the following should you choose? earthwaterforesttreemanworldkid honesty n2(f!%^*%:(r)!#$ #International$
earthwaterforesttreemanworldkid
