assignment quiz module 12 authentication

• Find Flashcards
• Why It Works
• Tutors & resellers
• Content partnerships
• Teachers & professors
• Employee training

Brainscape's Knowledge Genome TM

Entrance exams, professional certifications.

• Foreign Languages
• Medical & Nursing

Humanities & Social Studies

Mathematics, health & fitness, business & finance, technology & engineering, food & beverage, random knowledge, see full index.

Cybersecurity > Security Module 12 > Flashcards

Security Module 12 Flashcards

Which of the following does not take into consideration upper and lowercase letters during the cryptographic function?

LAN Manager hash

Which of the following is a secure methodology when using a password?

Never writing a password down

How do keystroke dynamics determine whether to authenticate an individual or not?

With dwell and flight time

Which of the following is NOT a hash?

How would a user view a list of non-keyboard characters?

Via charmap.exe

What device can be used to create an OTP?

Microsoft implemented the use of multiple password policies within one domain starting with which version of Windows?

Windows Server 2008

An attacker is least likely to use which password discovery method when compromising a strong password?

Brute-force

In respect to security, why is it better to use password management applications to store passwords rather than utilizing a web browser function?

Application store passwords in a user vault file

Which of the following is the fastest, most efficient offline password cracking technique

Rainbow Tables

Why would an administrator resort to key stretching algorithms as opposed to general-purpose algorithms such as MD5?

Key stretching algorithms are slower

Which of the following is a true statement about salts?

Salts can change identical passwords

Which of the following authentication methods are prone to errors?

Standard biometrics

Single sign-on allows users to authenticate across multiple networks and requires what to function?

Which of the following authentication method combinations is an example of multifactor authentication?

TOTP, password, and a username

What does Open Authorization rely on to function and share resources across sites?

Token credentials

Which of the following is considered the strongest password?

L*^dns22Oik

How does Windows manage credentials in an Active Directory environment?

With password setting objects

How is an HMAC-based OTP different from a TOTP?

HMAC requires an event to change values

Authentication factores or credentials assist in verifying which of the following?

Genuine identity

Cybersecurity (73 decks)

• Threat Model
• First Look Into Computer Parts And Tools
• Computer Parts and Tools ( Part 2)
• Working Inside Desktop Computers and Laptops
• All About MotherBoards
• All About Motherboards ( Part 2)
• More review
• More Review Part 2
• Review : Review
• Chapter 5 Homework
• Intro to Networking
• Intro to Networking 2
• Intro to Networkig 3
• Intro to Networking 4
• Intro To Networking 5
• Basics Of Device Driver Types
• Features of a Linux system
• The Command Line
• Managing Rights
• Advance Networking
• The Linux Directory
• Introduction to Security
• Linux Module 2
• Linux Module 3
• Linux Module 4
• Security Module 3
• Security Module 4
• Security Module 5
• Security Module 6
• Security Module 9
• Security Module 10
• Linux Module 5 : Interactive Quiz
• Security Module 11
• Security+ Random Questions 1
• Security+ Random Questions 2
• Security+ Random Questions 3
• CompTia Security + Post-Assessment
• Post-Assessment 2
• Post Assessment 3
• Post-Assessment 4
• Post-Assessment 5
• Post-Assessment 6
• Linux+ Midterm 1
• Linux+ Midterm 2
• Linux Midterm 3
• Security Module 2
• Security Module 7
• Security Module 8
• Security Module 12
• Ethical Hacking 1
• Ethical Hacking 1 Quiz
• Ethical Hacking 2
• Ethical Hacking 3
• Ethical hacking 4
• Ethical Hacking 5
• Ethical Hacking 6
• Ethical Hacking 7
• Ethical Hacking 8
• Ethical Hacking 9
• Ethical Hacking 10
• Linux module 9
• Linux Module 10
• Chapter 9 Quiz
• Linux Module 11
• Ethical Hacking 12a
• Ethical 12b
• Identify File Types
• Corporate Training
• Teachers & Schools
• Android App
• Help Center
• Law Education
• All Subjects A-Z
• All Certified Classes
• Earn Money!

Studied by 0 people

Module 12 Review Sheet

Review Sheet for Quiz on Module 12

For each of the following, write the correct answer below each question.

What is a basic authentication technology that uses one authentication credential to access multiple accounts or applications?

 Single Sign On (SSO)

What type of biometrics is being able to select 10 points of interest in a Windows Picture Password is an example of 

 Picture Password 

What are the three security measures which make up the AAA framework? 

 authentication, authorization, and accounting 

What is a removable external cryptographic device that includes an onboard random number generator and key storage facility?

 Hardware security module (HSM)

What is an Ethernet protocol that provides port-based Network Access Control with both wireless and wired networks?  

 IEEE 802.1X

Which type of one time password is “event-driven” and changes when a specific event occurs, such as entering a PIN?  

 HMAC one time password (HTOP)

List two techniques used by threat actors to capture information from smart cards.

 card cloning 

A framework for transporting authentication protocols instead of the authentication protocol itself? It defines the format of the messages and uses four types of packets. 

 Authentication Framework Protocols (EAP) 

What factor of authentication would a push notification on a cell phone be an example of?  

Authentication app  

What is the authentication service developed by Cisco that is commonly used on UNIX devices?  

 Terminal Access Controller Access Control System + (TACACS+)

List three operating systems which support Kerberos.

 Apple macos 

What is a large pre-generated data set of candidate digests that is used to crack passwords?  

 Rainbow Tables 

List two predictable patterns users tend to use when trying to create stronger passwords.

 Appending 

 Replacing 

Which authentication protocol uses an encrypted challenge message that only the client can decrypt as additional security. 

 Challenge Handshake Authentication Protocol (CHAP) 

Which type of biometrics authenticates by the normal actions a user performs?  

 behavioral biometrics

What type of attack tries every possible combination of letters, numbers, and characters to create encrypted passwords which are then matched against the stolen hash file?  

 Brute Force Attack 

List the three main TYPES of authentication factors.  

 something you know 

 something you have  

 something you are 

What is a specialized authentication smart card that is issued by the US Department of Defense?  

 Common Access Card (CAC)

What is an older authentication protocol that does not include encryption, but sends authentication information in the clear?  

What is a method of authentication that uses a standard computer microphone to identify users based on the unique characteristics of a person’s voice?  

 voice recognition 

What is the authentication service originally designed in 1992 for remote dial-in access to a corporate network, but now functions to provide access to both wired and wireless LANs?  

What is the term for known digests that are created by password crackers?  

 candidates 

What is the authentication system developed at MIT that uses both encryption and authentication for security?  

What is the type of attack that conducts a statistical analysis on the stolen passwords that is used to create a mask to break the largest number of passwords?  

 rule attack 

What is the type of biometrics that uses a person’s unique physical characteristics for authentication? 

 Physiological biometrics 

Would a security question you choose in advance for password recovery be an example of static KBA or dynamic KBA? 

 Static KBA 

What is an example of behavioral biometrics that is based on the way someone types?  

 keystroke dynamics 

What is a measure of the likelihood that an unauthorized user will be falsely accepted based on biometrics?  

 false acceptance rate (FAR) 

Which type of authentication device provides attestation in addition to authentication?  

 security keys 

What is a method of authentication that uses landmarks called nodal points on human faces for authentication?  

 facial recognition 

What is the type of password attack where the attacker creates digests of common dictionary words and compares against a stolen digest file?  

 dictionary attacks 

What does MFA stand for?  

multi factor authentication  

What is an XML standard that allows secure web domains to exchange user authentication and authorization data?  

 Security Assertion Markup Language (SAML) 

What is the type of biometrics that relates to perception, thought process, and understanding of the user?  

 cognitive biometrics 

List three examples of physiological biometric factors that can be used for authentication.

 fingerprint 

 voice print 

What is a random string of characters added to the user’s cleartext password before it is hashed? 

What is a credit-card-sized plastic card that holds information to be used as part of the authentication process?  

 smart card 

What does EAP stand for?

 Extensible Authentication Protocol 

What is a measure of the likelihood that an authorized user will be rejected by a biometric input system?  

False rejection rate (FRR)  

List an example of behavioral biometrics that can be used for authentication

What is the type of biometrics that authenticates by normal actions the user performs?  

 behavioral biometrics 

What does CHAP stand for?  

 Challenge Handshake Authentication Protocol 

List three different companies that offer online password vaults? 

What is the type of attack where an attacker selects one or a few common passwords and then enters the same password when trying to login to several user accounts? 

Password Spraying  

What is the target for a biometric system where the FAR and FRR are reduced to equal levels to obtain the optimal level of accuracy? 

 Crossover error rate (CER) 

What is the most critical factor in choosing a strong password? 

Give an example of two methods of authentication that when combined would be considered MFA? 

 Password, and thumbprint 

Which authentication service uses unencrypted messages?  

What does Kerberos provide a client with that lets them authenticate to other devices without needing to re-authenticate?  

 Kerberos service ticket 

What is stored for comparison in a login database when using biometric factors for authentication?  

 a mathematical representation of your biometric data 

Can analyzing a person’s gait be a form of biometric authentication?  (Yes or No)

What two additional security features does Cisco’s XTACACS provide in addition to authentication?  

 accounting and auditing 

List three different key stretching algorithms. 

List two ways someone’s location may be provided as an extra attribute for authentication.

IP address and  GPS location

If you granted a phone app federated access to your Google Drive, what could it do with files in your Google Drive?  

 see, edit, and delete  

Which of the following is a more secure method of authentication: an iris scanner or a retinal scanner?  

 Retinal scanner 

What does KBA stand for?  

 Knowledge-based authentication 

What is the known weakness to MS-CHAP?  

 uses DES encryption which is easy to bruteforce

What is the first in the sequence of password attack tools attackers would use to crack password hashes?  

 custom wordlist 

List the four different types of packets used with EAP?  

 Request, response, success, and failure 

Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401) by Mike Meyers

Get full access to Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401) and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Understanding Authorization

We discussed authorization in Modules 3 and 11 , but in this module, we’ll go more in depth, detailing the concepts of authorization and how they relate to supporting the authorization processes. We will also look at access control models, which define how organizations frame and implement authorization.

Authorization Concepts

In Module 3 , you learned that authorization is a distinct part of the process of identification, authentication, authorization, and accountability. To recap, identification involves presenting credentials to a system. Authentication is the process of validating those credentials against a centralized database, to ensure that the user is who they say they are. Authorization takes it ...

Get Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

You're signed out

Sign in to ask questions, follow content, and engage with the Community

• Canvas Instructor
• Instructor Guide
• How do I set up multi-factor authentication for my...
• Subscribe to RSS Feed
• Printer Friendly Page
• Report Inappropriate Content

How do I set up multi-factor authentication for my user account as an instructor?

in Instructor Guide

Note: You can only embed guides in Canvas courses. Embedding on other sites is not supported.

Community Help

View our top guides and resources:.

To participate in the Instructurer Community, you need to sign up or log in: