Security Chapter 12

OpenID is an example of a web-based federated identity management (FIM) system.​ True False

Which term below describes the time it takes for a key to be pressed and then released? Dwell time Lead time Sync time Show time

What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face? Cognitive biometrics Reactive biometrics Standard biometrics Affective biometrics

What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters? brute force hash replay network replay hybrid

​A list of the available nonkeyboard characters can be seen in Windows by opening what utility? ​charmap.exe ​charlist.exe ​chardump.exe ​listchar.exe

​A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called: ​Common Access Card (CAC) ​Identity Validation Card (IVC) ​Credential Validation Card (CVC) ​Personal Credential Card (PCC)

A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a: token password biometric detail challenge

Token credentials can be revoked at any time by the user without affecting other token credentials issued to other sites. True False

The use of one authentication credential to access multiple accounts or applications is referred to as? Individual Sign On Single Sign On Unilateral Sign On Federated Sign On

Geolocation is the identification of the location of a person or object using technology, and can be used as part of an authentication method.​ True False

What is the center of the weakness of passwords? human memory encryption technology handshake technology human reliability

What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file? Space division Brute force Known ciphertext Known plaintext

Passwords provide strong protection. True False

The use of a single authentication credential that is shared across multiple networks is called: Access management Authorization management Identity management Risk management

What technology allows users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site? OpenAuth OAuth SAML Kerberos

Using a rainbow table to crack a password requires three steps: Creation of the table, comparing the table to known hash values, and decrypting the password. True False

​What federated identity management (FIM) relies on token credentials? ​OAuth ​OpenID ​Windows Live ​OpenPass

Passwords that are transmitted can be captured by what type of software? application analyzer system analyzer function analyzer protocol analyzer

​Select below the decentralized open-source FIM that does not require specific software to be installed on the desktop: ​OAuth ​OpenID ​Windows Live ID ​OpenPass

The use of what item below involves the creation of a large pregenerated data set of candidate digests? Rainbow tables Randomized character list Word list Cascade tables

Using one authentication credential to access multiple accounts or applications

Five elements that can prove the genuineness of a user: what you know, what you have, what you are, what you do, and where you are.

A small device that can be affixed to a keychain with a window display that shows a code to be used for authentication.

A password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file.

A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest

A popular key stretching password hash algorithm.

A random string that is used in hash algorithms.

A password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly mispelling words, or including special characters.

A hash used by modern Microsoft Windows operating systems for creating password digests.

A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file..