21 Questions
What is the primary purpose of using a salt value in password hashing?
To prevent duplicate passwords and make offline dictionary attacks more difficult
What is the main benefit of password hashing in terms of password security?
It prevents cybercriminals from getting access to the passwords file
What type of attack is made more difficult by the use of hashed passwords and salt values?
Offline dictionary attack
What is the primary function of the ID in discretionary access control?
To determine the privileges accorded to the user
What is the purpose of designing a hash algorithm to be slow to execute?
To thwart attacks
What is a common type of password vulnerability?
Exploiting multiple password use
What is the primary purpose of using salt values in password hashing?
To make precomputation impractical due to vast number of possible hash values
Why are shorter password lengths more susceptible to cracking?
Because they have fewer possible combinations
What type of attack is an attacker planning when using a rainbow table?
Rainbow table attack
What is the purpose of a password file access control?
To deny access to encrypted passwords
What is the primary goal of proactive password checking?
To eliminate guessable passwords while allowing users to select a memorable password
What type of authentication uses objects possessed by users for authentication purposes?
Token-based authentication
What is a disadvantage of using SMS-based one-time passwords for authentication?
It requires mobile coverage to receive SMS
What is a type of attack that involves intercepting messages using a fake mobile tower or attacking SS7 signaling protocol?
Eavesdropping attack
What is a characteristic of mobile authentication apps?
Implements a one-time password generator
What is a disadvantage of using biometric authentication?
It is technically complex and expensive
What is a type of attack that involves an adversary attempting to learn a password by some sort of attack that involves physical proximity?
Eavesdropping attack
What is a common defense against password guessing attacks?
Hashing and protecting the password database
What is a type of attack that involves an adversary repeating a previously captured user response?
Replay attack
What is a type of attack that involves an application or physical device masquerading as an authentic application or device?
Trojan horse attack
What is a type of attack that involves an adversary attempting to disable a user authentication service by flooding the service with numerous authentication attempts?
Denial-of-Service attack
Learn about password vulnerabilities and security techniques, including offline dictionary attacks, workstation hijacking, and exploiting user mistakes.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
