[02/Vitim/08]

Questions and Answers

Which of the following statements is true about resetting the SQL API key in Flow.BI?

• Multiple SQL keys can be generated for each user. (correct)
• The API key is stored in clear text.
• The generated SQL user name can be changed.
• Support can restore the key if it is lost.

What should you do upon generating a new SQL API key in Flow.BI?

• Do not note down the key.
• Share the key with support for safekeeping.
• Change the generated SQL user name.
• Delete the existing key. (correct)

What is the maximum number of SQL keys that can be generated for a user in Flow.BI?

• Two
• Unlimited
• One (correct)
• None

True or false: Flow.BI stores the API key in clear text.

False (B)

True or false: Support can restore the API key in Flow.BI.

False (B)

True or false: It is possible to change the generated SQL user name in Flow.BI.

False (B)

Match the following actions in Flow.BI with their corresponding descriptions:

Reset the SQL API key = Delete the existing key and create a new one Generate a new SQL API key = Note down the key and secure it Change the generated SQL user name = Not possible Support's ability to restore the API key = Not possible

Match the following statements about Flow.BI with their corresponding actions:

Flow.BI stores the API key in clear text = False Only one SQL key per user is possible = True It is possible to change the generated SQL user name = False Support can restore the API key = False

Match the following limitations in Flow.BI with their corresponding features:

Maximum number of SQL keys per user = One Ability to change the generated SQL user name = Not possible Support's ability to restore the API key = Not possible Storage of API key in clear text = Not done

Match the following reasons for not storing user passwords in plain text with their corresponding descriptions:

Security = If a website's database is breached, hackers will have access to all of the users' passwords in plain text. Compliance = Many regulations, such as PCI DSS and HIPAA, require websites to store user passwords securely. Usability = Users are more likely to reuse passwords across different websites if they don't have to remember them all. Password Hashing = A one-way function that converts a password into a hash that cannot be reversed.

Match the following potential consequences of storing passwords in plain text with their descriptions:

Account Takeovers = Users are more likely to reuse passwords across different websites if they don't have to remember them all. Data Breach = If a website's database is breached, hackers will have access to all of the users' passwords in plain text. Personal Information Theft = Hackers can log in to the users' accounts and steal their personal information. Unauthorized Access to Other Websites = Hackers can use the passwords to gain access to other websites and services.

Match the following terms related to password security with their corresponding definitions:

Password Hashing = A one-way function that converts a password into a hash that cannot be reversed. Data Breach = Occurs when a website's database is breached and hackers gain access to users' passwords in plain text. Account Takeovers = Can happen if users reuse passwords across different websites and one of the websites is breached. Compliance = Many regulations, such as PCI DSS and HIPAA, require websites to store user passwords securely.

Match the following password storage methods with their level of security:

Plain Text = Not considered to be a secure storage method. Password Hashing = Converts a password into a hash that cannot be reversed, providing a higher level of security. Encryption = Can be reversed with the decryption key, so it is not as secure as password hashing. Salting = Adding a random value to the password before hashing, making it more difficult to crack.

Match the following terms related to password security with their corresponding actions:

Data Breach = Occurs when a website's database is breached and hackers gain access to users' passwords in plain text. Account Takeovers = Can happen if users reuse passwords across different websites and one of the websites is breached. Password Hashing = A one-way function that converts a password into a hash that cannot be reversed. Compliance = Websites must meet certain regulations, such as PCI DSS and HIPAA, to store user passwords securely.

Match the following terms related to password security with their corresponding level of risk:

Plain Text = Highest level of risk, as passwords are easily readable if a data breach occurs. Password Hashing = Lowest level of risk, as even if a data breach occurs, the passwords are not readable. Encryption = Moderate level of risk, as it can be reversed with the decryption key. Salting = Increases the level of security, but the risk depends on the strength of the salt value.

Match the following terms related to password security with their corresponding actions:

Data Breach = Occurs when a website's database is breached and hackers gain access to users' passwords in plain text. Account Takeovers = Can happen if users reuse passwords across different websites and one of the websites is breached. Password Hashing = A one-way function that converts a password into a hash that cannot be reversed. Compliance = Websites must meet certain regulations, such as PCI DSS and HIPAA, to store user passwords securely.

Match the following terms related to password security with their corresponding level of risk:

Plain Text = Highest level of risk, as passwords are easily readable if a data breach occurs. Password Hashing = Lowest level of risk, as even if a data breach occurs, the passwords are not readable. Encryption = Moderate level of risk, as it can be reversed with the decryption key. Salting = Increases the level of security, but the risk depends on the strength of the salt value.

Match the following terms related to password security with their corresponding descriptions:

Data Breach = Occurs when a website's database is breached and hackers gain access to users' passwords in plain text. Account Takeovers = Can happen if users reuse passwords across different websites and one of the websites is breached. Password Hashing = A one-way function that converts a password into a hash that cannot be reversed. Compliance = Websites must meet certain regulations, such as PCI DSS and HIPAA, to store user passwords securely.

Which of the following is a reason why websites should not store user passwords in plain text?

It is not compliant with regulations like PCI DSS and HIPAA. (A)

What is a password hashing algorithm?

A function that converts a password into a hash that cannot be reversed. (D)

Why do hackers target websites that store passwords in plain text?

To steal users' personal information. (D)

What happens if a website's database is breached and passwords are stored in plain text?

Hackers will have access to all of the users' passwords in plain text. (D)

What should websites use instead of storing passwords in plain text?

Password hashing algorithms. (C)

What is the purpose of comparing the hash of a user's entered password to the hash stored in the database?

To authenticate the user. (D)

Why do users tend to reuse passwords across different websites?

To avoid the hassle of remembering multiple passwords. (B)

What is the main advantage of using a password hashing algorithm to store passwords?

Even if a hacker breaches the database, they will not be able to read the users' passwords. (B)

What is the role of compliance regulations like PCI DSS and HIPAA in password storage?

They require websites to store user passwords securely. (A)

True or false: Storing passwords in plain text is considered a secure storage method.

False (B)

True or false: Password hashing algorithms convert passwords into hashes that can be reversed.

False (B)

True or false: If a website's database is breached, hackers will have access to users' passwords in plain text.

True (A)

True or false: Compliance regulations like PCI DSS and HIPAA require websites to store user passwords securely.

True (A)

True or false: Users are more likely to reuse passwords if they don't have to remember them all.

True (A)

True or false: Websites should use a password hashing algorithm to store passwords securely.

True (A)

True or false: A password hashing algorithm is a one-way function.

True (A)

True or false: The purpose of comparing the hash of a user's entered password to the hash stored in the database is to authenticate the user.

True (A)

True or false: If a hacker breaches a website's database, they will be able to read the users' passwords if they are stored using a password hashing algorithm.

False (B)