W10: Authentication
Which of the following best describes skimming? Capturing information from the magnetic stripe of a smartcard Altering the condition of a secure key by using hardware Altering the condition of a secure key by using software Intercepting the OTP to gain unauthorized access
Capturing information from the magnetic stripe of a smartcard
Windows picture password belongs to which of the following? Physiological biometrics Psychological biometrics Cognitive biometrics Behavioral biometrics
Cognitive biometrics
Your enterprise recently approved using fingerprint scanners to authenticate employees who access restricted areas. You are assigned to conduct a study on how secure fingerprint authentication is. Which of the following should you report? Fingerprint scanning is the safest available authentication method. Fingerprint scanners have the highest false rejection rate among other authentication methods. Fingerprint scanners have the lowest false acceptance rate among other authentication methods. Fingerprint scanners can be used for trickery in rare cases.
Fingerprint scanners can be used for trickery in rare cases.
Ram's enterprise is hosting a web app that requires authentication. Recently, the password digest files of other enterprises were stolen, and the attackers cracked the passwords with ease. As such, Ram was asked to implement additional security measures for the web app's passwords. Which of the following methods should Ram apply? He should add salts to the hashes. He should use a password key. He should use Key stretching. He should use a password vault.
He should use Key stretching.
Sam is working as a cybersecurity expert. An enterprise that manages nuclear powerplants approached Sam's company to install an authentication facility for its employees when they access the nuclear plant. The enterprise is demanding multifactor authentication with high security, lowest false acceptance rate, and lowest false rejection rates.Which of the following authentication methods should Sam apply? PIN and gait recognition PIN and face recognition PIN and password PIN and fingerprint scanner
PIN and gait recognition
Which of the following is a hardware-based solution for password security? Salts Password key Password vault Password digest
Password key
The following data is being used for a password attack: "?u ?l ?l ?l ?l ?d ?d ?d ?d."Which of the following types of attack is this? Brute force attack Dictionary attack Rule attack Password spraying
Rule attack
You are working as a security expert in an e-commerce enterprise. Your company recently decided on a short-term collaboration with a small business named BuyMe, and the following issue arose. Whenever your customers purchase any product from BuyMe, the e-commerce website redirects them to the BuyMe website, asking for additional authentication. This results in customers abandoning their purchases. To solve this issue, both enterprises agree to use a single authentication process wherein the users, once logged in to your website, can purchase from BuyMe without additional steps.How should you implement this without storing the customers' credentials on the BuyMe server? Use SAML Use RADIUS authentication Use TACACS+ Use Using Kerberos authentication
Use SAML
You want to implement an authentication method so that different password attacks, like dictionary attacks, brute force attacks, etc., will not result in unauthorized access to the web application hosted by your enterprise. You want to do this by not using any specialized hardware or making any changes to the user's activity during the authentication process. Which of the following methods should you apply? You should implement fingerprint authentication. You should implement iris scanning. You should implement keystroke dynamics. You should implement facial recognition.
You should implement keystroke dynamics.
_________________ biometrics is related to the perception, thought processes, and understanding of the user. a. Cognitive b. Standard c. Intelligent d. Behavioral
a. Cognitive
Which one-time password is event driven? a. HOTP b. TOTP c. ROTP d. POTP
a. HOTP
How is key stretching effective in resisting password attacks? a. It takes more time to generate candidate password digests. b. It requires the use of GPUs. c. It does not require the use of salts. d. The license fees are very expensive to purchase and use it.
a. It takes more time to generate candidate password digests.
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? a. OAuth b. Open ID c. Shibboleth d. NTLM
a. OAuth
Which of the following is an authentication credential used to access multiple accounts or applications? a. Single sign-on b. Credentialization c. Identification authentication d. Federal login
a. Single sign-on
Which of the following is NOT an MFA using a smartphone? a. Authentication app b. Biometric gait analysis c. SMS text message d. Automated phone call
b. Biometric gait analysis
What is a disadvantage of biometric readers? a. Speed b. Cost c. Weight d. Standards
b. Cost
Pablo has been asked to look into security keys that have a feature of a key pair that is "burned" into the security key during manufacturing time and is specific to a device model. What feature is this? a. Authorization b. Authentication c. Attestation d. Accountability
c. Attestation
Which human characteristic is NOT used for biometric identification? a. Retina b. Iris c. Height d. Fingerprint
c. Height
Which attack uses one or a small number of commonly used passwords to attempt to log in to several different user accounts? a. Online brute force attack b. Offline brute force attack c. Password spraying attack d. Role attack
c. Password spraying attack
Why are dictionary attacks successful? a. Password crackers using a dictionary attack require less RAM than other types of password crackers. b. They link known words together in a "string" for faster processing. c. Users often create passwords from dictionary words. d. They use pregenerated rules to speed up the processing.
c. Users often create passwords from dictionary words.
Which of these attacks is the last-resort effort in cracking a stolen password digest file? a. Hybrid b. Mask c. Rule list d. Brute force
d. Brute force
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? a. Dictionary attack b. Hybrid attack c. Custom attack d. Brute force attack
d. Brute force attack
Which of the following is the Microsoft version of EAP? a. EAP-MS b. AD-EAP c. PAP-Microsoft d. MS-CHAP
d. MS-CHAP
Fernando is explaining to a colleague how a password cracker works. Which of the following is a valid statement about password crackers? a. Most states prohibit password crackers unless they are used to retrieve a lost password. b. Due to their advanced capabilities, they require only a small amount of computing power. c. A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken. d. Password crackers differ as to how candidates are created.
d. Password crackers differ as to how candidates are created.
Which of the following should NOT be stored in a secure password database? a. Iterations b. Password digest c. Salt d. Plaintext password
d. Plaintext password
How is the Security Assertion Markup Language (SAML) used? a. It serves as a backup to a RADIUS server. b. It allows secure web domains to exchange user authentication and authorization data. c. It is an authenticator in IEEE 802.1x. d. It is no longer used because it has been replaced by LDAP.
b. It allows secure web domains to exchange user authentication and authorization data.
Which of these creates a format of the candidate password to significantly reduce the time needed to crack a password? a. Rainbow b. Mask c. Rule d. Pass the hash
b. Mask
Which of the following is NOT used for authentication? a. Somewhere you are b. Something you exhibit c. Something you can do d. Something you can find
d. Something you can find
Which of these is NOT a reason that users create weak passwords? a. A lengthy and complex password can be difficult to memorize. b. A security policy requires a password to be changed regularly. c. Having multiple passwords makes it hard to remember all of them. d. The length and complexity required force users to circumvent creating strong passwords.
d. The length and complexity required force users to circumvent creating strong passwords.
In an interview, you were asked to choose the least vulnerable password from the following list. Which of the following should you choose? honesty n2(f!%^*%:(r)!#$ #International$ earthwaterforesttreemanworldkid
earthwaterforesttreemanworldkid
