.png){kind=logo}
PDF Download
CS4451 MODULE 7 EXAM QUESTIONS
Actual Qs and Ans Expert-Verified Explanation
This Exam contains:
-Guarantee passing score -30 Questions and Answers -format set of multiple-choice -Expert-Verified Explanation Question 1: A threat actor is building a computer for use in brute-force attacks. Which of the following is the attacker most likely to consider highly desirable?
Answer:
A system with multiple powerful GPUs.Question 2: Which of the following statements are true regarding physiological biometrics?Select two.
Answer:
In some cases, retinal patterns may change during a person's lifetime.It is more difficult to imitate cognitive biometrics than physiological biometrics.Question 3: Alexandria works at a secure installation that requires a special ID card with her picture to gain access. An officer at the gate needs to scan the ID card before allowing employees to enter the installation. One day she forgets her card. However, since the officer recognizes her, the officer lets her pass through the gate. Which of the following elements, if any, did the officer violate (not enforce)?
Answer:
Something you have
Question 4: Which of the following are likely reasons why Attaqui, a threat actor, prefers to use password spraying attacks when targeting accounts? Select two.
Answer:
It is less likely to raise any alarms.It will not lock out the user account Question 5: Divya logs in to her online bank account using a username and password, then proceeds to transfer money from one bank account to another. What likely safeguards has the bank implemented to secure her login credentials?
Answer:
A digest of the current password Divya set is stored for comparison.Question 6: Which of the following areas should Jochebed's company address to ensure they are following sound practices relative to passwords? Select all that apply.
Answer:
Age Reuse Length Question 7: Viraa works at a virology lab that requires her to place her hand on a specialized "medical" device to scan certain genetic characteristics before being granted access. Which of the following is being used to prove her authenticity?
Answer:
Something you exhibit Question 8: A threat actor gains access to a system by compromising a user's account. The threat actor is then able to execute programs with the permissions of the subject whose account was compromised. This represents a weakness of which access control scheme?
Answer:
DAC Question 9: Which of the following statements accurately describes the differences or similarities between a brute-force attack and a dictionary attack? Select two.
Answer:
Dictionary attacks are successful due to poor password policies.A dictionary attack is a variation of an offline brute-force attack.
Question 10: Conrad stores multiple passwords in a user vault file that is protected by one strong password. Features include enhanced encryption and requiring a secret key file to be present when entering the master password to open the vault. Which of the following is Conrad using?
Answer:
Password manager Question 11: Navana is responsible for implementing a cognitive biometric system to authenticate users at her company. Which one of the following elements will employees need to possess to log in successfully?
Answer:
Something you are Question 12: A security team at a research company determines they are going to use the following mask because it provides the highest probability of success: u?l?l?l?l?d?d?d? Which of the following is the research team most likely trying to achieve?
Answer:
To determine the most common password(s) based on the mask.Question 13: A security engineer needs to implement password authentication on a highly specialized system. A requirement is that if two different users specify the same password, the stored digests will not be the same. How can this be accomplished?
Answer:
Implement salting to make dictionary and brute-force attacks more difficult.Question 14: Zarak is researching methods of authentication that do not rely on passwords. He comes across a novel alternative called passkeys. Which of the following accurately describes its characteristics? Select two.
Answer:
It uses multifactor authentication.It stores authentication information in hardware.Question 15: Which of the following describes true statements regarding the process of uncovering passwords using a high-outcome password cracker?
Answer:
It compares an existing database of hashes with hashes in the stolen password file.
Question 16: A security audit firm recommends using a technology that will help protect password digests at a corporation. Their recommendation will dramatically reduce the efficiency of password cracking endeavors should the password digest ever be stolen. Which of the following reflects what the security audit firm may have recommended? Select two.
Answer:
Argon2 Key stretching Question 17: An experienced threat actor manages to steal a password digest with 4 million entries. Their plan is to use a methodical series of password attack tools to try to crack as many passwords as possible but none of the passwords are available in plaintext. Which of the following will most likely be the next attack tool they will use?
Answer:
Dictionary attack Question 18: The letter I in IAM deals with which of the following items? Select two.
Answer:
Identity proofing Authentication Question 19: An organization has been using a password management system/vault for their employees. However, they are concerned because they believe it is susceptible to malware.Which of the following is a possible solution to help minimize the concern?
Answer:
Use a hardware password key.Question 20: Yvon logs into a B2B system that uses SAML as one of its components to authenticate users. Which of the following is used to digitally sign Yvon's username?
Answer:
Asymmetric cryptography Question 21: A mid-sized company requires users to log in using an OTP sent to their smartphone in an SMS text. However, their plan is to replace the current system of authentication and provide everyone with a security key. What would motivate the company to take this action?
Answer:
Because security keys do not generate OTPs.
.png)