Skip to content

Page416

Chapter 6: Domain 5: Identity and Access Management

  1. What type of password-cracking attack will always be successful?
    A. Brute Force
    B. Dictionary
    C. Hybrid
    D. Rainbow Table

Correct Answer and Explanation: A. Answer A is correct; brute force attacks are always successful, given enough time.

Incorrect Answers and Explanations: B, C, and D. Answers B, C, and D are incorrect. Dictionary attacks will only crack passwords that exist in a dictionary or word list. Hybrid attacks append, prepend, or alter characters in words from a dictionary. A rainbow table uses pre-computed hashes. Not all rainbow tables are complete, and rainbow tables are less effective against salted hashes.

  1. What is the difference between password cracking and password guessing?
    A. They are the same
    B. Password guessing attempts to log into the system; password cracking attempts to determine a password used to create a hash
    C. Password guessing uses salts; password cracking does not
    D. Password cracking risks account lockout, password guessing does not

Correct Answer and Explanation: B. Answer B is correct; password cracking relies on cracking the hash of a password; password guessing attempts to log into a system.

Incorrect Answers and Explanations: A, C, and D. A is incorrect: Password guessing is not the same as password cracking. C is incorrect because salts are a password-cracking issue, not a password-guessing issue. D is incorrect: password guessing risks account lockout.

  1. Two users on the same system have the same password, but different hashes are stored in the /etc/shadow file. What is the most likely reason the hashes are different?
    A. The usernames are different, so the hashes will be different
    B. Use of multiple hashing algorithms
    C. Use of rainbow tables
    D. Use of salts

Correct Answer and Explanation: D. Answer D is correct; a salt is a random number that is hashed along with the user’s password, making it highly unlikely that two users with the same password would also have the same hash.

Incorrect Answers and Explanations: A, B, and C. Answers A, B, and C are incorrect. Different usernames will have no impact on password hashes on most systems. The use of multiple hashing algorithms on the same system is possible, but unlikely. Rainbow tables are not used to create hashes; they act as a database that contains the hashed output for most or all possible passwords.

  1. What authentication method exposes the password in cleartext?
    A. CHAP
    B. Kerberos
    C. PAP
    D. SESAME

Correct Answer and Explanation: C. Answer C is correct; the Password Authentication Protocol (PAP) exposes the password in plaintext on the network.

Incorrect Answers and Explanations: A, B, and D. Answers A, B, and D are incorrect. CHAP, Kerberos and SESAME do not expose the cleartext password.

  1. What are the main differences between retina scans and iris scans?
    A. Retina scans are not invasive and iris scans are
    B. Iris scans invade a person’s privacy and retina scans do not
    C. Iris scans change depending on the person’s health, retina scans are stable
    D. Retina scans change depending on the person’s health, iris scans are stable

Correct Answer and Explanation: D. Answer D is correct; the blood vessels in the retina may change depending on certain health conditions.

Incorrect Answers and Explanations: A, B, and C. A is incorrect because retina scans are invasive—they can relay user health information. B is incorrect because iris scans are not invasive. C is incorrect because iris scans remain (comparatively) stable regarding the general health of the user attempting access.