Understanding Password Security & Attacks: Brute Force, Dictionary, Hybrid & More, Exams of Computer Security

Download Understanding Password Security & Attacks: Brute Force, Dictionary, Hybrid & More and more Exams Computer Security in PDF only on Docsity! CompTIA® Security+ Guide to Network Security Fundamentals - Chapter 12 - Authentication and Account Management authentication - Answer>>Proving that a user is genuine, and not an imposter. authentication factors - Answer>>Five elements that can prove the genuineness of a user: what you know, what you have, what you are, what you do, and where you are. bcrypt - Answer>>A popular key stretching password hash algorithm. behavioral biometrics - Answer>>Authenticating a user by the unique actions that the user performs. birthday attack - Answer>>An attack that searches for any two digests that are the same. brute force attack - Answer>>A password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file. cognitive biometrics - Answer>>Authenticating a user through the perception, thought process, and understanding of the user. common access card or CAC - Answer>>A U.S. Department of Defense (DoD) smart card used for identification of active-duty and reserve military personnel along with civilian employees and special contractors. dictionary attack - Answer>>A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file. federated identity management or FIM or federation - Answer>>Single sign-on for networks owned by different organizations. geolocation - Answer>>The identification of the location of a person or object using technology. HMAC-based one-time password or HOTP - Answer>>A one-time password that changes when a specific event occurs. hybrid attack - Answer>>A password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters. key stretching - Answer>>A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest. LM or LAN Manager hash - Answer>>A cryptographic function found in older Microsoft Windows operating systems used to fingerprint data. multifactor authentication - Answer>>Using more than one type of authentication credential. NTLM or New Technology LAN Manager hash - Answer>>A hash used by modern Microsoft Windows operating systems for creating password digests. NTLMv2 - Answer>>The current version of the New Technology LAN Manager hash. one-time password or OTP - Answer>>An authentication code that can be used only once or for a limited period of time. LM or LAN Manager hash - Answer>>Which of these algorithms is the weakest for creating password digests? a. SHA-1 b. MD-5 c. LM (LAN Manager) hash d. NTLM (New Technology LAN Manager) hash It takes more time to generate candidate password digests. - Answer>>How is key stretching effective in resisting password attacks? a. It takes more time to generate candidate password digests. b. It requires the use of GPUs. c. It does not require the use of salts. d. The license fees are very expensive to purchase and use it. Most sites force users to create weak passwords even though they do not want to. - Answer>>Which of these is NOT a reason why users create weak passwords? a. A lengthy and complex password can be difficult to memorize. b. A security policy requires a password to be changed regularly. c. Having multiple passwords makes it hard to remember all of them. d. Most sites force users to create weak passwords even though they do not want to. an attack that slightly alters dictionary words - Answer>>What is a hybrid attack? a. an attack that uses both automated and user input b. an attack that combines a dictionary attack with an online guessing attack c. a brute force attack that uses special tables d. an attack that slightly alters dictionary words for as long as it appears on the device - Answer>>A TOTP token code is valid _____. a. for as long as it appears on the device b. for up to 24 hours c. only while the user presses SEND d. until an event occurs multifactor authentication system - Answer>>What is a token system that requires the user to enter the code along with a PIN called? a. single-factor authentication system b. token-passing authentication system c. dual-prong verification system d. multifactor authentication system Common Access Card or CAC - Answer>>Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel? a. Personal Identity Verification (PIV) card b. Common Access Card or CAC c. Government Smart Card (GSC) d. Secure ID Card (SIDC) behavioral - Answer>>Keystroke dynamics is an example of which type of biometrics? a. behavioral b. resource c. cognitive d. adaptive geolocation - Answer>>Creating a pattern of where a user accesses a remote web account is an example of _____. a. geolocation b. Time-Location Resource Monitoring (TLRM) c. keystroke dynamics d. cognitive biometrics OpenID - Answer>>Which of these is a decentralized open-source FIM that does not require specific software to be installed on the desktop? a. Windows Live ID b. SSO Login Resource (SSO-LR) c. Windows CardSpace d. OpenID weight - Answer>>Which human characteristic is NOT used for biometric identification? a. retina b. face c. weight d. fingerprint Cognitive - Answer>>_____ biometrics is related to the perception, thought processes, and understanding of the user. a. Cognitive b. Standard c. Intelligent d. Behavioral Account Lockout Policy - Answer>>The Active Directory Domain Service policy that can block a login after a specified number of failed logins over a specified time period is named: ___________________. 1. Somewhere you are - location 2. Something you have - token 3. Something you are - fingerprint 4. Something you know - password 5. Something you do - pushups - Answer>>What are the five elements known as authentication factors that you can use to demonstrate that you are authentic? Temporal authentication or time based authentication - Answer>>What is a sixth element that may be used to demonstrate you're authentic that isn't discussed in this book but was previously discussed in other classes. appending - Answer>>When users combine letters, numbers, and punctuation or character sets, they do it in a pattern. Users typically add one character set with another set or sets. Most often they only add a number after letters such as password1. replacing - Answer>>Users also use an alternative character in predictable patterns. Generally a zero is used instead of the letter o (passw0rd), the digit 1 for the letter i (denn1s), or a dollar sign for an s (be$tfriend). social engineering - Answer>>A means of gathering information for an attack by relying on the weaknesses of individuals. capturing - Answer>>Ways of copying passwords. A keylogger on a computer can copy the passwords that are entered on the keyboard. While passwords are in transit, man-in-the-middle and replay attacks can be used. A protocol analyzer also can copy transmissions that contain passwords. resetting - Answer>>If an attacker can gain physical access to a user's computer, they can erase the existing password and change it to a new password. These programs require that the computer be rebooted from a drive that usually contains a version of a different operating system along with the password reset program. offline cracking - Answer>>Attackers steal the file of password digests and load that file onto their own computers. They can then attempt to discover the passwords by comparing the stolen digests with their own digests that they have created, called candidates. message digest or hash - Answer>>When a password is created, a one-way hash algorithm creates a unique digital fingerprint output of the password. This output is then stored instead of the original cleartext password. candidates - Answer>>With offline cracking, attackers steal the file of password digests and load that file onto their own computers. They can then attempt to discover the passwords by comparing the stolen digests with their own digests that they have created, called ____________. nonkeyboard characters - Answer>>Also known as special characters, these characters are created by holding down the ALT key while simultaneously typing a number on the numeric keypad. They do not appear on the keyboard, thus extending the number of possible keys beyond 95. password length - Answer>>The minimum and maximum lengths of the passwords to be generated such as a range from 1-15 can be entered. character set - Answer>>This is the set of letters, symbols, and characters that make up the password. Because not all systems accept the same character set for passwords, if characters can be eliminated from the character set, this will dramatically increase the speed of the attack. pattern - Answer>>If any part of the password is known, a pattern can be entered to reduce the number of passwords generated. A question mark (?) can replace one symbol and an asterisk (*) can replace multiple symbols. skips - Answer>>Because most passwords are wordlike combinations of letters, some brute force attack programs can be set to skip nonsensical combinations of characters so that only passwords such as elmosworld and carkeys are created. chain - Answer>>A rainbow table is a compressed representation of cleartext passwords that are related and organized in a sequence called a ___________. root - Answer>>Most passwords consist of a ________, not necessarily a dictionary word but generally "pronounceable" along with an attachment. attachment - Answer>>An ending suffix about 90 percent of the time or a prefix about 10 percent, that combines with a root to make up a password. password management applications - Answer>>Programs that let a users create and store multiple strong passwords in a single user "vault" file that is protected by one strong master password. Users can retrieve individual passwords as needed by opening the user file, thus freeing the user from the need to memorize multiple passwords. cryptographic one-way function or OWF - Answer>>Instead of encrypting the password with another key, the password itself is the key. static fingerprint scanner - Answer>>Requires the user to place the entire thumb or finger on a small oval window on the scanner. The scanner takes an optical "picture" of the fingerprint and compares it with the fingerprint image on file. dynamic fingerprint scanner - Answer>>A fingerprint scanner that has a small slit or opening and works with capacitive technology.