A threat actor is building a computer for use in brute-force attacks. Which of the following is the attacker most likely to consider highly desirable?

A system with multiple powerful GPUs.

A system with a hard drive with a lot of storage capacity.

A system with multiple powerful CPUs.

A system with a very fast internet connection.

Which of the following statements accurately describes the differences or similarities between a brute-force attack and a dictionary attack? Select two.

a. Dictionary attacks are successful due to poor password policies.

e. A dictionary attack is a variation of an offline brute-force attack.

b. Brute force is an offline attack whereas a dictionary attack is an online attack.

c. A dictionary attack compares plaintext whereas a brute-force attack compares hash values.

d. A dictionary attack uses a much wider range of candidate digests than a dictionary attack.

A calculating attacker manages to obtain the password digest from a department store. The attacker then proceeds to engage in a type of attack known as credential stuffing. How can you protect yourself against this type of attack?

Do not use the same password on multiple accounts.

Do not use a password that contains characters or patterns similar to the username.

Do not use a password that can be uncovered by a mask based on statistical analysis.

Change your password at least once a month.

A security team at a research company determines they are going to use the following mask because it provides the highest probability of success: u?l?l?l?l?d?d?d? Which of the following is the research team most likely trying to achieve?

To determine the most common password(s) based on the mask.

To conduct and research a rule attack based on the mask.

To determine the type of characters in a password digest.

To determine the most common length of passwords in a password digest.

Shivo's login credentials to log into work have been stolen. As a result, he is continuously receiving SMS text messages from the MFA app on his phone. Shivo thinks it might be an MFA fatigue attack but is not sure. What should he do?

Login to his account and change the password immediately.

Accept the MFA push notification and then change the password.

A mid-sized company requires users to log in using an OTP sent to their smartphone in an SMS text. However, their plan is to replace the current system of authentication and provide everyone with a security key. What would motivate the company to take this action?

Because security keys do not generate OTPs.

Because it requires a physical connection and does not rely on wireless technology.

Because security keys are based on something that you know.

The authentication codes transmitted by a security key are more secure than OTPs.

How is a TOTP different from an HOTP? Select two.

An HOTP changes when a specific event occurs.

They both require the most steps to complete the authentication process.

The timer interval in a TOTP is configurable but on an HOTP it resets on an hourly basis.

A TOTP uses a software token whereas an HOTP uses a hardware token.

A TOTP is more secure than an HOTP.

Pooma is researching the viability of implementing keystroke dynamics to authenticate users. She writes a report highlighting some of the benefits. Which of the following statements is she most likely to include in the report as well as consider in the implementation plan? Select two.

No additional steps are required beyond entering the username and password.

It requires no specialized hardware.

The required security key is linked to the keyboard, making security breaches extremely difficult.

It only requires a specialized keyboard that is not too expensive.

It is widely used and very effective.

A security engineer needs to implement password authentication on a highly specialized system. A requirement is that if two different users specify the same password, the stored digests will not be the same. How can this be accomplished?

Implement salting to make dictionary and brute-force attacks more difficult.

Use a different asymmetrical encryption key for each user.

Use SHA instead of MD5 as the hashing algorithm to create the digest.

Use peppering techniques that slightly modify the password hashing function.

An organization has been using a password management system/vault for their employees. However, they are concerned because they believe it is susceptible to malware. Which of the following is a possible solution to help minimize the concern?

Use a strengthening strategy called peppering.

Use a secure software password manager.

Which of the following areas should Jochebed's company address to ensure they are following sound practices relative to passwords? Select all that apply.

At least eight characters with a high degree of complexity

Zarak is researching methods of authentication that do not rely on passwords. He comes across a novel alternative called passkeys. Which of the following accurately describes its characteristics? Select two.

It uses multifactor authentication.

It stores authentication information in hardware.

It is a USB device that unlocks a specific piece of hardware.

If MAC is more restrictive than DAC, why does Windows include the use of DAC when granting access?

Because it first checks any requests against MIC and, if they pass, it then checks DAC.

Because Windows' version of DAC includes SIDs and integrity levels on every object.

Because it first checks any requests against MAC and, if they pass, it then checks DAC.

Because Windows assigns users, processes, and devices a privilege label in its DAC implementation.

Because Windows uses a highly secure version of DAC that provides the needed level of protection.

Which of the following statements accurately describes the differences or similarities between RB-RBAC and ABAC? Select two.

The RB-RBAC scheme can dynamically assign roles to subjects based on a set of rules.

ABAC uses flexible policies that can combine attributes.

RB-RBAC rules can be formatted using an If-Then-Else structure.

Both RBAC and RB-RBAC rules can be modified by users under very specific circumstances.

An access control list (ACL) is a set of permissions (authorizations) that is attached to an object. This list specifies who is allowed to access an object and what operations they can perform on it. When a user requests to perform an operation on an object, the system checks the ACL for an approved entry to decide if the operation is allowed. Using ACLs is not efficient because the ACL for each file, process, or resource must be checked every time the resource is accessed. Which of the following best describes the main function of an Access Control List (ACL)?

It specifies who can access an object and what operations they can perform.

It encrypts data stored on a device.

It monitors network traffic for suspicious activity.

It provides backup for system files.

Mod 07 Identity and Access Management (IAM)

Authored by willie reynolds

Instructional Technology

Vocational training

Used 2+ times

Mod 07 Identity and Access Management (IAM)

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

33 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Alexandria works at a secure installation that requires a special ID card with her picture to gain access. An officer at the gate needs to scan the ID card before allowing employees to enter the installation. One day she forgets her card. However, since the officer recognizes her, the officer lets her pass through the gate. Which of the following elements, if any, did the officer violate (not enforce)?

Someone you know

Something you have

Something you exhibit

Something you present

The officer did not violate any of these.

Answer explanation

The officer violated 'Something you have' by allowing Alexandria to enter without her ID card, which is the required item for access. Her recognition by the officer does not substitute for the physical ID.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Viraa works at a virology lab that requires her to place her hand on a specialized "medical" device to scan certain genetic characteristics before being granted access. Which of the following is being used to prove her authenticity?

Something you exhibit

Something you have

Something you are

Someone you are

Answer explanation

The correct choice is 'Something you exhibit' because Viraa's hand scan involves biometric data, which is a physical characteristic she exhibits, proving her identity for access.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

The letter I in IAM deals with which of the following items? Select two.

Availability

Accounting

Authentication

Authorization

Identity proofing

Answer explanation

In IAM, the 'I' stands for Identity, which encompasses Authentication (verifying user identity) and Identity proofing (establishing the legitimacy of the identity). These are key components in managing access and security.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Divya logs in to her online bank account using a username and password, then proceeds to transfer money from one bank account to another. What likely safeguards has the bank implemented to secure her login credentials?

The username and password are combined and then a hash is created.

A digest of the current password Divya set is stored for comparison.

The password is encrypted with a strong encryption algorithm.

It uses the PIN as the private key to encrypt the password.

The password is stored in plaintext in a very secure repository.

Answer explanation

The bank likely stores a digest of Divya's password for comparison, which enhances security by not keeping the actual password. This method protects her credentials against unauthorized access.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

A security professional is analyzing passwords. What two observations can the analyst make regarding the following password: L0nd0nbr1dge!3

The variety of character sets indicates the user employed a good password policy.

It exhibits characteristics of predictable patterns found among passwords.

It is a strong password because it contains at least eight characters.

It is a relatively weak password.

Answer explanation

The password 'L0nd0nbr1dge!3' shows predictable patterns, such as substituting 'o' with '0' and 'i' with '1', making it weaker. Despite having a mix of characters, its predictability contributes to its overall weakness.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Attaqui, a threat actor, prefers to use password spraying for which of the following likely reasons?

It avoids account lockouts by trying a few passwords on many accounts.

It is faster than brute force attacks on a single account.

It is less likely to be detected by security systems.

It requires less technical skill than other attack methods.

Answer explanation

Attaqui uses password spraying to avoid account lockouts, as this method tests a few common passwords across many accounts, reducing the risk of triggering security measures that lock accounts after multiple failed attempts.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following describes true statements regarding the process of uncovering passwords using a high-outcome password cracker?

The notion of high outcome is only possible when passwords are stored in plaintext.

It applies reverse-engineering techniques to uncover passwords based on entries in digest files.

It uses an online brute-force approach to cycle through combinations of characters to find a match.

It compares an existing database of hashes with hashes in the stolen password file.

Answer explanation

The correct choice states that a high-outcome password cracker compares an existing database of hashes with those in a stolen password file, effectively using precomputed hash values to uncover passwords.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

20 questions

Math Review

Quiz

•

3rd Grade

15 questions

Fast food

Quiz

•

7th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

19 questions

Classifying Quadrilaterals

Quiz

•

3rd Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

10 questions

Identify Fractions, Mixed Numbers & Improper Fractions

Quiz

•

3rd - 4th Grade

Mod 07 Identity and Access Management (IAM)

The officer violated 'Something you have' by allowing Alexandria to enter without her ID card, which is the required item for access. Her recognition by the officer does not substitute for the physical ID.

Viraa works at a virology lab that requires her to place her hand on a specialized "medical" device to scan certain genetic characteristics before being granted access. Which of the following is being used to prove her authenticity?

The correct choice is 'Something you exhibit' because Viraa's hand scan involves biometric data, which is a physical characteristic she exhibits, proving her identity for access.

The letter I in IAM deals with which of the following items? Select two.

In IAM, the 'I' stands for Identity, which encompasses Authentication (verifying user identity) and Identity proofing (establishing the legitimacy of the identity). These are key components in managing access and security.

Divya logs in to her online bank account using a username and password, then proceeds to transfer money from one bank account to another. What likely safeguards has the bank implemented to secure her login credentials?

The bank likely stores a digest of Divya's password for comparison, which enhances security by not keeping the actual password. This method protects her credentials against unauthorized access.

A security professional is analyzing passwords. What two observations can the analyst make regarding the following password: L0nd0nbr1dge!3

The password 'L0nd0nbr1dge!3' shows predictable patterns, such as substituting 'o' with '0' and 'i' with '1', making it weaker. Despite having a mix of characters, its predictability contributes to its overall weakness.

Attaqui, a threat actor, prefers to use password spraying for which of the following likely reasons?

Attaqui uses password spraying to avoid account lockouts, as this method tests a few common passwords across many accounts, reducing the risk of triggering security measures that lock accounts after multiple failed attempts.

Which of the following describes true statements regarding the process of uncovering passwords using a high-outcome password cracker?

The correct choice states that a high-outcome password cracker compares an existing database of hashes with those in a stolen password file, effectively using precomputed hash values to uncover passwords.

A threat actor is building a computer for use in brute-force attacks. Which of the following is the attacker most likely to consider highly desirable?

A system with multiple powerful GPUs is highly desirable for brute-force attacks because GPUs can perform many calculations simultaneously, significantly speeding up the process compared to CPUs.

Which of the following statements accurately describes the differences or similarities between a brute-force attack and a dictionary attack? Select two.

Choice a is correct as dictionary attacks exploit weak passwords. Choice e is also correct because a dictionary attack is indeed a type of offline brute-force attack, using a predefined list of potential passwords.

A calculating attacker manages to obtain the password digest from a department store. The attacker then proceeds to engage in a type of attack known as credential stuffing. How can you protect yourself against this type of attack?

Using the same password across multiple accounts increases vulnerability. If one account is compromised, attackers can access others. Therefore, using unique passwords for each account is crucial to protect against credential stuffing.

Access all questions and much more by creating a free account

Popular Resources on Wayground