OpenID is an example of a web-based federated identity management (FIM) system. |
True |
Passwords provide strong protection. |
False |
Geolocation is the identification of the location of a person or object using technology, and can be used as part of an authentication method. |
true |
Using a rainbow table to crack a password requires three steps: Creation of the table, comparing the table to known hash values, and decrypting the password. |
False |
What federated identity management (FIM) relies on token credentials? |
OAuth |
What technology allows users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site? |
OAuth |
Select below the decentralized open-source FIM that does not require specific software to be installed on the desktop: |
OpenID |
What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file? |
Brute force |
Which term below describes the time it takes for a key to be pressed and then released? |
dwell time |
What type of one-time password (OTP) changes after a set time period? |
Time-based one-time password (TOTP) |
What can be used to increase the strength of hashed passwords? |
salt |
What kind of biometrics utilizes a person’s unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person’s face? |
Standard biometrics |
Which hashing algorithm below is used with NTLMv2’s Hashed Message Authentication Code? |
MD5 |
The use of a single authentication credential that is shared across multiple networks is called: |
identity management |
Passwords that are transmitted can be captured by what type of software? |
protocol analyzer |
A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a: |
a: password |
A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called: |
Common Access Card (CAC) |
What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters? |
hybrid |
What is the center of the weakness of passwords? |
human memory |
A list of the available nonkeyboard characters can be seen in Windows by opening what utility? |
charmap.exe |
The use of one authentication credential to access multiple accounts or applications is referred to as? |
Single Sign On |
What type of attack involves an attacker stealing a file containing password digests and comparing the digests with digests created by the attacker? |
offline cracking |
Which type of biometrics is based on the perception, thought process, and understanding of the user? |
Cognitive biometrics |
The use of what item below involves the creation of a large pregenerated data set of candidate digests? |
Rainbow tables |
Using one authentication credential to access multiple accounts or applications. |
Single Sign On |
Five elements that can prove the genuineness of a user: what you know, what you have, what you are, what you do, and where you are. |
authentication factors |
A small device that can be affixed to a keychain with a window display that shows a code to be used for authentication. |
token |
A password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file. |
brute force attack |
A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest. |
key stretching |
A popular key stretching password hash algorithm |
bcrypt |
A random string that is used in hash algorithms. |
salt |
A password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly mispelling words, or including special characters. |
hybrid attack |
A hash used by modern Microsoft Windows operating systems for creating password digests. |
NTLM (New Technology LAN Manager) hash |
A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file. |
dictionary attack |
SEC110_ Chapter 12
Share This
Unfinished tasks keep piling up?
Let us complete them for you. Quickly and professionally.
Check Price