Lesson 12 Exam

You are a cyber forensic specialist, and you are asked to retrieve the password of an employee account suspected of being an imposter. As you are provided with the enterprise's strong password policy, which of the following methods will be the easiest for you to use when retrieving the password?

Rule attack

Which of the following best describes a preimage attack?

Comparing a known digest with an unknown digest

Which of the following best describes skimming?

Capturing information from the magnetic stripe of a smartcard

An attacker collected many usernames from a website and tried to login into the accounts using the password "passw0rd". What type of attack was this?

Password spraying

While analyzing a security breach, you found the attacker followed these attack patterns:

The attacker initially tried the commonly used password "passw0rd" on all enterprise user accounts and then started trying various intelligible words like "passive," "partner," etc.

Which of the following attacks was performed by the attacker?

Initially, a password spraying attack and then a dictionary attack.

Which of the following human characteristic is used for authentication?

Veins

Your enterprise recently approved using fingerprint scanners to authenticate employees who access restricted areas. You are assigned to conduct a study on how secure fingerprint authentication is. Which of the following should you report?

Fingerprint scanners can be used for trickery in rare cases.

In a multifactor authentication-enabled facility, you are asked the following question: "What type of food was served on your child's first birthday?" Which of the following is the authentication method used here?

Cognitive biometrics

You want to implement an authentication method so that different password attacks, like dictionary attacks, brute force attacks, etc., will not result in unauthorized access to the web application hosted by your enterprise. You want to do this by not using any specialized hardware or making any changes to the user's activity during the authentication process. Which of the following methods should you apply?

You should implement keystroke dynamics.

Sam is working as a cybersecurity expert. An enterprise that manages nuclear powerplants approached Sam's company to install an authentication facility for its employees when they access the nuclear plant. The enterprise is demanding multifactor authentication with high security, lowest false acceptance rate, and lowest false rejection rates.

Which of the following authentication methods should Sam apply?

PIN and gait recognition

In an interview, you were asked to crack a password and told that the password is a commonly used word. Which of the following methods should you apply?

You should perform a dictionary attack.

You are asked to choose a secure authentication method other than a username and password for the employees to access your enterprise's database. Which of the following should you choose?

Security key authentication

The following data is being used for a password attack: "?u ?l ?l ?l ?l ?d ?d ?d ?d."
Which of the following types of attack is this?

Rule attack

Which of the following can protect a password digest from attackers?

Argon2

Which of the following is a hardware-based solution for password security?

Password key

You want to manage your passwords for different accounts to optimally secure passwords from compromise. Which of the following password management methods should you use?

Password key

Ram's enterprise is hosting a web app that requires authentication. Recently, the password digest files of other enterprises were stolen, and the attackers cracked the passwords with ease. As such, Ram was asked to implement additional security measures for the web app's passwords. Which of the following methods should Ram apply?

He should use Key stretching.

Which of the following is an authentication system that issues a ticket after verifying the credentials by which you can authenticate other services?

Kerberos

You are working as a security expert in an e-commerce enterprise. Your company recently decided on a short-term collaboration with a small business named BuyMe, and the following issue arose. Whenever your customers purchase any product from BuyMe, the e-commerce website redirects them to the BuyMe website, asking for additional authentication. This results in customers abandoning their purchases. To solve this issue, both enterprises agree to use a single authentication process wherein the users, once logged in to your website, can purchase from BuyMe without additional steps.

How should you implement this without storing the customers' credentials on the BuyMe server?

Use SAML

Windows picture password belongs to which of the following?

Cognitive biometrics

In an interview, you are asked to compare the following statements regarding different authentication concepts and identify the correct statement. Which of the following statements is correct?

A person's vein can be used to uniquely authenticate an individual.

The following statements regarding centralized administration concepts are presented to you in an interview in which only one of them is correct. Which of these is correct?

Extensible authentication protocol is a framework to transport authentication protocols.

In a security review meeting, you proposed using a windowed token with a time-based one-time password (TOTP) to authenticate enterprise employees, and you were asked to explain the working of TOTP.

Which of the following should be your reply?

With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using the same algorithm. The user enters the code generated by the windowed token. The user is authenticated if the codes match.

You are working as a security admin in an enterprise. While you were analyzing different password attacks, you found that whenever an individual user's password gets cracked, another user with the same password residing in the same password digest file also has their account compromised. How should you prevent this from happening in the future?

You should add salt to the passwords before hashing.

Which of the following authentication methods belongs in the "something you have" category?

Security key

Which of the following is an authentication system that uses UDP over TCP?

RADIUS.

How does the single sign-on enhance secure authentication?

Implementing a single sign-on will reduce the number of passwords needing to be remembered.

Which of the following is a motherboard chip that provides cryptographic services?

Trusted platform module

In an interview, you were asked to choose the least vulnerable password from the following list. Which of the following should you choose?

earthwaterforesttreemanworldkid

In an interview, you were asked to explain the steps involved in a successful authentication by a RADIUS server. How should you answer?

The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network.