- Find Flashcards
- Why It Works
- Tutors & resellers
- Content partnerships
- Teachers & professors
- Employee training
Brainscape's Knowledge Genome TM
Entrance exams, professional certifications.
- Foreign Languages
- Medical & Nursing
Humanities & Social Studies
Mathematics, health & fitness, business & finance, technology & engineering, food & beverage, random knowledge, see full index.
Cybersecurity > Security Module 12 > Flashcards
Security Module 12 Flashcards
Which of the following does not take into consideration upper and lowercase letters during the cryptographic function?
LAN Manager hash
Which of the following is a secure methodology when using a password?
Never writing a password down
How do keystroke dynamics determine whether to authenticate an individual or not?
With dwell and flight time
Which of the following is NOT a hash?
How would a user view a list of non-keyboard characters?
Via charmap.exe
What device can be used to create an OTP?
Microsoft implemented the use of multiple password policies within one domain starting with which version of Windows?
Windows Server 2008
An attacker is least likely to use which password discovery method when compromising a strong password?
Brute-force
In respect to security, why is it better to use password management applications to store passwords rather than utilizing a web browser function?
Application store passwords in a user vault file
Which of the following is the fastest, most efficient offline password cracking technique
Rainbow Tables
Why would an administrator resort to key stretching algorithms as opposed to general-purpose algorithms such as MD5?
Key stretching algorithms are slower
Which of the following is a true statement about salts?
Salts can change identical passwords
Which of the following authentication methods are prone to errors?
Standard biometrics
Single sign-on allows users to authenticate across multiple networks and requires what to function?
Which of the following authentication method combinations is an example of multifactor authentication?
TOTP, password, and a username
What does Open Authorization rely on to function and share resources across sites?
Token credentials
Which of the following is considered the strongest password?
L*^dns22Oik
How does Windows manage credentials in an Active Directory environment?
With password setting objects
How is an HMAC-based OTP different from a TOTP?
HMAC requires an event to change values
Authentication factores or credentials assist in verifying which of the following?
Genuine identity
Cybersecurity (73 decks)
- Threat Model
- First Look Into Computer Parts And Tools
- Computer Parts and Tools ( Part 2)
- Working Inside Desktop Computers and Laptops
- All About MotherBoards
- All About Motherboards ( Part 2)
- More review
- More Review Part 2
- Review : Review
- Chapter 5 Homework
- Intro to Networking
- Intro to Networking 2
- Intro to Networkig 3
- Intro to Networking 4
- Intro To Networking 5
- Basics Of Device Driver Types
- Features of a Linux system
- The Command Line
- Managing Rights
- Advance Networking
- The Linux Directory
- Introduction to Security
- Linux Module 2
- Linux Module 3
- Linux Module 4
- Security Module 3
- Security Module 4
- Security Module 5
- Security Module 6
- Security Module 9
- Security Module 10
- Linux Module 5 : Interactive Quiz
- Security Module 11
- Security+ Random Questions 1
- Security+ Random Questions 2
- Security+ Random Questions 3
- CompTia Security + Post-Assessment
- Post-Assessment 2
- Post Assessment 3
- Post-Assessment 4
- Post-Assessment 5
- Post-Assessment 6
- Linux+ Midterm 1
- Linux+ Midterm 2
- Linux Midterm 3
- Security Module 2
- Security Module 7
- Security Module 8
- Security Module 12
- Ethical Hacking 1
- Ethical Hacking 1 Quiz
- Ethical Hacking 2
- Ethical Hacking 3
- Ethical hacking 4
- Ethical Hacking 5
- Ethical Hacking 6
- Ethical Hacking 7
- Ethical Hacking 8
- Ethical Hacking 9
- Ethical Hacking 10
- Linux module 9
- Linux Module 10
- Chapter 9 Quiz
- Linux Module 11
- Ethical Hacking 12a
- Ethical 12b
- Identify File Types
- Corporate Training
- Teachers & Schools
- Android App
- Help Center
- Law Education
- All Subjects A-Z
- All Certified Classes
- Earn Money!
Studied by 0 people
Module 12 Review Sheet
Review Sheet for Quiz on Module 12
For each of the following, write the correct answer below each question.
What is a basic authentication technology that uses one authentication credential to access multiple accounts or applications?
Single Sign On (SSO)
What type of biometrics is being able to select 10 points of interest in a Windows Picture Password is an example of
Picture Password
What are the three security measures which make up the AAA framework?
authentication, authorization, and accounting
What is a removable external cryptographic device that includes an onboard random number generator and key storage facility?
Hardware security module (HSM)
What is an Ethernet protocol that provides port-based Network Access Control with both wireless and wired networks?
IEEE 802.1X
Which type of one time password is “event-driven” and changes when a specific event occurs, such as entering a PIN?
HMAC one time password (HTOP)
List two techniques used by threat actors to capture information from smart cards.
card cloning
A framework for transporting authentication protocols instead of the authentication protocol itself? It defines the format of the messages and uses four types of packets.
Authentication Framework Protocols (EAP)
What factor of authentication would a push notification on a cell phone be an example of?
Authentication app
What is the authentication service developed by Cisco that is commonly used on UNIX devices?
Terminal Access Controller Access Control System + (TACACS+)
List three operating systems which support Kerberos.
Apple macos
What is a large pre-generated data set of candidate digests that is used to crack passwords?
Rainbow Tables
List two predictable patterns users tend to use when trying to create stronger passwords.
Appending
Replacing
Which authentication protocol uses an encrypted challenge message that only the client can decrypt as additional security.
Challenge Handshake Authentication Protocol (CHAP)
Which type of biometrics authenticates by the normal actions a user performs?
behavioral biometrics
What type of attack tries every possible combination of letters, numbers, and characters to create encrypted passwords which are then matched against the stolen hash file?
Brute Force Attack
List the three main TYPES of authentication factors.
something you know
something you have
something you are
What is a specialized authentication smart card that is issued by the US Department of Defense?
Common Access Card (CAC)
What is an older authentication protocol that does not include encryption, but sends authentication information in the clear?
What is a method of authentication that uses a standard computer microphone to identify users based on the unique characteristics of a person’s voice?
voice recognition
What is the authentication service originally designed in 1992 for remote dial-in access to a corporate network, but now functions to provide access to both wired and wireless LANs?
What is the term for known digests that are created by password crackers?
candidates
What is the authentication system developed at MIT that uses both encryption and authentication for security?
What is the type of attack that conducts a statistical analysis on the stolen passwords that is used to create a mask to break the largest number of passwords?
rule attack
What is the type of biometrics that uses a person’s unique physical characteristics for authentication?
Physiological biometrics
Would a security question you choose in advance for password recovery be an example of static KBA or dynamic KBA?
Static KBA
What is an example of behavioral biometrics that is based on the way someone types?
keystroke dynamics
What is a measure of the likelihood that an unauthorized user will be falsely accepted based on biometrics?
false acceptance rate (FAR)
Which type of authentication device provides attestation in addition to authentication?
security keys
What is a method of authentication that uses landmarks called nodal points on human faces for authentication?
facial recognition
What is the type of password attack where the attacker creates digests of common dictionary words and compares against a stolen digest file?
dictionary attacks
What does MFA stand for?
multi factor authentication
What is an XML standard that allows secure web domains to exchange user authentication and authorization data?
Security Assertion Markup Language (SAML)
What is the type of biometrics that relates to perception, thought process, and understanding of the user?
cognitive biometrics
List three examples of physiological biometric factors that can be used for authentication.
fingerprint
voice print
What is a random string of characters added to the user’s cleartext password before it is hashed?
What is a credit-card-sized plastic card that holds information to be used as part of the authentication process?
smart card
What does EAP stand for?
Extensible Authentication Protocol
What is a measure of the likelihood that an authorized user will be rejected by a biometric input system?
False rejection rate (FRR)
List an example of behavioral biometrics that can be used for authentication
What is the type of biometrics that authenticates by normal actions the user performs?
behavioral biometrics
What does CHAP stand for?
Challenge Handshake Authentication Protocol
List three different companies that offer online password vaults?
What is the type of attack where an attacker selects one or a few common passwords and then enters the same password when trying to login to several user accounts?
Password Spraying
What is the target for a biometric system where the FAR and FRR are reduced to equal levels to obtain the optimal level of accuracy?
Crossover error rate (CER)
What is the most critical factor in choosing a strong password?
Give an example of two methods of authentication that when combined would be considered MFA?
Password, and thumbprint
Which authentication service uses unencrypted messages?
What does Kerberos provide a client with that lets them authenticate to other devices without needing to re-authenticate?
Kerberos service ticket
What is stored for comparison in a login database when using biometric factors for authentication?
a mathematical representation of your biometric data
Can analyzing a person’s gait be a form of biometric authentication? (Yes or No)
What two additional security features does Cisco’s XTACACS provide in addition to authentication?
accounting and auditing
List three different key stretching algorithms.
List two ways someone’s location may be provided as an extra attribute for authentication.
IP address and GPS location
If you granted a phone app federated access to your Google Drive, what could it do with files in your Google Drive?
see, edit, and delete
Which of the following is a more secure method of authentication: an iris scanner or a retinal scanner?
Retinal scanner
What does KBA stand for?
Knowledge-based authentication
What is the known weakness to MS-CHAP?
uses DES encryption which is easy to bruteforce
What is the first in the sequence of password attack tools attackers would use to crack password hashes?
custom wordlist
List the four different types of packets used with EAP?
Request, response, success, and failure
Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401) by Mike Meyers
Get full access to Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401) and 60K+ other titles, with a free 10-day trial of O'Reilly.
There are also live events, courses curated by job role, and more.
Understanding Authorization
We discussed authorization in Modules 3 and 11 , but in this module, we’ll go more in depth, detailing the concepts of authorization and how they relate to supporting the authorization processes. We will also look at access control models, which define how organizations frame and implement authorization.
Authorization Concepts
In Module 3 , you learned that authorization is a distinct part of the process of identification, authentication, authorization, and accountability. To recap, identification involves presenting credentials to a system. Authentication is the process of validating those credentials against a centralized database, to ensure that the user is who they say they are. Authorization takes it ...
Get Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
Don’t leave empty-handed
Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.
It’s yours, free.
Check it out now on O’Reilly
Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.
You're signed out
Sign in to ask questions, follow content, and engage with the Community
- Canvas Instructor
- Instructor Guide
- How do I set up multi-factor authentication for my...
- Subscribe to RSS Feed
- Printer Friendly Page
- Report Inappropriate Content
How do I set up multi-factor authentication for my user account as an instructor?
in Instructor Guide
Note: You can only embed guides in Canvas courses. Embedding on other sites is not supported.
Community Help
View our top guides and resources:.
To participate in the Instructurer Community, you need to sign up or log in:
IMAGES
VIDEO
COMMENTS
Study with Quizlet and memorize flashcards containing terms like Which of the following is NOT an MFA using a smartphone? a. SMS text message b. Automated phone call c. Authentication app d. Biometric gait analysis, Which of the following is NOT used for authentication? a. Something you can find b. Something you exhibit c. Somewhere you are d. Something you can do, Which of these attacks is ...
Study Module 12 - Authentication Q flashcards from Kathryn Cox's class online, or in Brainscape's iPhone or Android app. Learn faster with spaced repetition.
Cybersecurity > Security Module 12 > Flashcards. 1. Q. Which of the following does not take into consideration upper and lowercase letters during the cryptographic function? A. LAN Manager hash. 2. Q. Which of the following is a secure methodology when using a password?
Authentication in information security is the process of ensuring that the person or system desiring access to resources is authentic and not an imposter. In this module, you study authentication and the secure management techniques that enforce authentication.
View Chapter 12.docx from CIST 2602 at Gwinnett Technical College. Chapter 12 Module 12 Authentication and Authorization Implementation Techniques Lab 4. Which of the following is considered as the
Learn more about Module 12 Review Sheet - Review Sheet for Quiz on Module 12 For ea...}
In this module, you will complete the following exercises:Exercise 1 - Using Directory Services to Administer User and Group AccountsExercise 2 - Authenticat...
Study with Quizlet and memorize flashcards containing terms like How is the Security Assertion Markup Language (SAML) used? a. It is an authenticator in IEEE 802.1x. b. It is no longer used because it has been replaced by LDAP. c. It allows secure web domains to exchange user authentication and authorization data. d. It serves as a backup to a RADIUS server., Which of the following is the ...
In Module 3, you learned that authorization is a distinct part of the process of identification, authentication, authorization, and accountability. To recap, identification involves presenting credentials to a system.
On Studocu you find all the lecture notes, summaries and study guides you need to pass your exams with better grades.
Study with Quizlet and memorize flashcards containing terms like Your enterprise's network requires more administration every day. You are tasked with setting up a centralized server so that authentication and authorization can be centrally managed while enhancing security. Which of the following methods should you choose?, Which of the following best describes a windowed token?, Which of the ...
CompTIA Security+ Guide to Network Security Fundamentals Module 12: Authentication
View Test prep - Quiz #12 - Chapter 12_ Authentication and Account Management_ CET4663-16Spring 0W59 from CET 4663 at University of Central Florida. Quiz#12Chapter12 ...
Lab-4-Applying User Authentication and Access Controls applying user authentication and access controls (4e) fundamentals of information systems security,
12. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?
Study with Quizlet and memorize flashcards containing terms like Which of the following terms describes the process of allowing access to different resources? A. Authorization B. Authentication C. Accountability D. Identification, Which of the following states that users should be given only the level of access needed to perform their duties? A. Separation of duties B. Accountability C ...
Notes authentication, authorization, and accounting authentication, authorization, and accounting to be an effective security professional, you need to
a) The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network. In an interview, you are asked ...
To verify multi-factor authentication via text message, enter your phone number [1] and select your carrier [2]. This is the number where your multi-factor verification code will be sent. Once you have set up your new phone number, or selected an existing phone number, click the Send button [3]. Your mobile device will receive a verification code.
Test your knowledge of networking threats, assessments, and defenses with these chapter 8 practice questions from Cyber Security Fundamentals.
Module 12 - Application Layer Services Quiz Answers. Jun 6, 2023 Last Updated: Jun 6, 2023 Networking Essentials No Comments. 1. A new employee is attempting to configure a cell phone to connect to the email server of the company. Which port number should be selected when using the POP3 protocol to access messages stored on the email server?
A. Network topology B. Hard drive contents C. Remote logging and monitoring data D. RAM 3. You are a cybersecurity administrator and have identified a suspicious account in your enterprise network. Which of the following is the best practice for handling such accounts?