Institute Of Electrical And Electronics Engineers IEEE Quiz

Weight cannot be used for biometric identification because it is not a unique and consistent characteristic that can reliably distinguish individuals. Unlike face, fingerprint, and retina, weight can change over time due to various factors such as diet, exercise, and health conditions. Therefore, it is not a suitable biometric trait for identification purposes.

Biometric readers have the disadvantage of being costly. This means that implementing and maintaining these readers can be expensive for individuals or organizations. The cost includes not only the initial purchase of the biometric reader but also any additional expenses for installation, training, and regular maintenance. This can make it difficult for some individuals or organizations to afford and adopt biometric readers, limiting their accessibility and usage.

The given answer is "use a short password so the computer can process it more quickly". This is because using a short password makes it easier for hackers to guess or crack the password. A strong password should be long and complex, including a combination of uppercase and lowercase letters, numbers, and special characters. This makes it more difficult for hackers to guess or use automated programs to crack the password.

With the development of IEEE 802.1x port security, the authentication server RADIUS has seen even greater usage. RADIUS (Remote Authentication Dial-In User Service) is a widely used protocol that provides centralized authentication, authorization, and accounting management for users who connect and access network resources. As IEEE 802.1x port security has become more prevalent, the need for a robust and scalable authentication server like RADIUS has increased, making it the correct answer in this context.

A hash is not decrypted but is only used for comparison purposes. A hash function takes an input and produces a fixed-size string of characters, which is the hash value. It is a one-way function, meaning it cannot be reversed to obtain the original input. Hashes are commonly used in computer systems to verify the integrity of data or passwords by comparing the generated hash with a stored hash. Therefore, a hash is not decrypted but serves as a reference for comparison.

HMAC (Hashed Message Authentication Code) is a cryptographic algorithm that encrypts a hash with a shared secret key. It is commonly used for data integrity and authentication purposes in various protocols and systems. HMAC combines the input data with the secret key using a hash function to generate a unique hash value. This hash value can then be used to verify the integrity and authenticity of the data.

The given answer, "what you discover," is the correct answer because it does not fit the definition of an authentication credential. Authentication credentials are typically something that a person possesses or knows, such as a password, a smart card, or a fingerprint. "What you discover" does not fall into this category and therefore does not qualify as an authentication credential.

The given answer "Stop loss" is not a basic security protection that cryptography can provide. Cryptography primarily focuses on ensuring confidentiality by encrypting information, integrity by detecting any unauthorized modifications, and authenticity by verifying the identity of the sender or receiver. "Stop loss" is not directly related to these security protections and is more commonly associated with financial risk management.

Single sign-on refers to the practice of using one set of authentication credentials (such as username and password) to access multiple accounts or applications. This eliminates the need for users to remember multiple login credentials and simplifies the authentication process. With single sign-on, users can authenticate once and gain access to multiple systems or applications without the need to re-enter their credentials.

The principle known as "least privilege" in access control means that each user should only be given the minimal amount of privileges necessary for that person to perform their job function. This principle ensures that users have access only to the resources and actions that are essential for their specific tasks, reducing the risk of unauthorized access or misuse of privileges. By limiting privileges to the minimum required, organizations can enhance security and mitigate the potential impact of a compromised user account.

A user account that has not been accessed for a lengthy period of time is called a dormant account. This term is used to describe an account that has been inactive and unused for an extended period. It implies that the account is currently not in use and may require reactivation or deletion.

Keystroke dynamics is an example of behavioral biometrics because it involves analyzing an individual's unique typing patterns and rhythms. It focuses on the behavioral aspect of how a person types, including factors such as typing speed, keystroke duration, and the intervals between keystrokes. By analyzing these behavioral patterns, keystroke dynamics can be used as a biometric authentication method to verify a person's identity.

RSA is considered the most secure asymmetric cryptographic algorithm because of its strong security features and widespread adoption. It is based on the mathematical difficulty of factoring large prime numbers, making it resistant to attacks. RSA is widely used for secure communication, digital signatures, and encryption. MEC-2, MD-17, and SHA-2 are not asymmetric cryptographic algorithms and therefore not as secure as RSA.

Setting the account lockout threshold too low could result in denial of service (DoS) attacks. This is because if the threshold is set too low, even a small number of unsuccessful login attempts can trigger the account lockout, effectively denying access to legitimate users. Attackers can exploit this by intentionally attempting multiple incorrect logins, causing legitimate users to be locked out of their accounts. Therefore, it is important to set the threshold at an appropriate level to balance security and usability.

RSA is an asymmetric encryption algorithm that uses prime numbers. It relies on the difficulty of factoring large composite numbers into their prime factors. The security of RSA encryption is based on the assumption that factoring large numbers is a computationally difficult problem. The algorithm uses the public key for encryption and the private key for decryption, making it suitable for secure communication and data transmission over untrusted networks.

An access control list (ACL) is a set of permissions that is attached to an object. It specifies which users or groups are granted access to the object and what level of access they have. It is a commonly used method for controlling access to resources in computer systems and networks.

The given answer states that most sites force users to create weak passwords although they do not want to. This is not a reason why users create weak passwords. Users may create weak passwords for various reasons, such as finding it difficult to memorize a lengthy and complex password, having multiple passwords to remember, or being required to change passwords regularly due to a security policy.

Computer footprinting is the technique that would prevent an attacker from China from logging into a user's account at 4:00AM. Computer footprinting involves gathering information about a computer system, such as its IP address, operating system, and software, in order to identify and track potential attackers. By monitoring and analyzing the footprint left by the attacker's computer, security measures can be put in place to block unauthorized access attempts, including those from specific geographical locations like China.

Cognitive biometrics refers to the use of biometric data related to the user's perception, thought processes, and understanding. It involves analyzing and measuring cognitive functions such as attention, memory, and problem-solving abilities. This type of biometrics focuses on understanding how the user thinks and processes information, rather than physical characteristics like fingerprints or facial features. By studying cognitive biometrics, systems can gain insights into the user's mental state and tailor experiences accordingly.

The Trusted Platform Module (TPM) provides cryptographic services in hardware instead of software. This means that the TPM has its own dedicated hardware chip that performs cryptographic operations, such as encryption and decryption, rather than relying on software-based implementations. This hardware-based approach offers enhanced security as it is more resistant to attacks and tampering compared to software-based solutions.

An LDAP injection attack is a type of attack where an attacker constructs LDAP statements using user inputs to manipulate the database or retrieve unauthorized information. This type of attack can exploit vulnerabilities in the application's input validation mechanisms and can result in unauthorized access to sensitive data or modification of the database contents.

The AAA elements in network security refer to authentication, authorization, and accounting. These elements are crucial for ensuring the security of network resources. Authentication involves controlling access to network resources by verifying the identity of users. Authorization is the process of enforcing security policies and determining what actions users are allowed to perform. Accounting involves auditing usage and keeping track of user activities. However, determining user need (analyzing) is not a part of the AAA elements in network security. This means that it is not directly related to the process of authentication, authorization, and accounting in network security.

A digital signature is a cryptographic technique used to verify the authenticity and integrity of a message. It ensures that the message has not been tampered with during transmission and can be trusted. It also verifies the identity of the sender, providing non-repudiation, meaning the sender cannot deny sending the message. However, it does not have the capability to verify the receiver's identity or authenticity. Therefore, the correct answer is "verify the receiver."

The Microsoft Windows LAN Manager hash is weaker than NTLMv2. This is because the LAN Manager hash is an older and less secure password hashing algorithm used by Microsoft Windows operating systems. NTLMv2, on the other hand, is an improved and more secure version of the NTLM authentication protocol, providing stronger protection against password cracking and other security threats.

Implicit deny in access control means that if a condition is not explicitly met, access is to be rejected. This means that unless a user is specifically granted access to a resource, they are automatically denied access by default. Implicit deny acts as a safeguard, ensuring that only authorized individuals are granted access to sensitive information or resources.

Discretionary Access Control (DAC) is the least restrictive access control model because it allows the owner of a resource to determine who can access it and what actions they can perform on it. In DAC, access control decisions are based on the identity and privileges of individual users or groups. This model provides flexibility and user autonomy, as it allows users to grant or revoke access to their resources. In contrast, Mandatory Access Control (MAC) and Rule Based Access Control (RBAC) are more restrictive, as access decisions are based on predefined rules and policies, while RBAC is a more advanced model that assigns access based on roles.

The correct answer is "for as long as it appears on the device." This means that the token code remains valid as long as it is visible or displayed on the device. Once it is no longer visible, it is no longer considered valid.

Computer footprinting refers to the process of tracking and recording the activities and behaviors of a user on a computer or network. In this scenario, creating a pattern of when and from where a user accesses a remote Web account involves monitoring and recording the user's login times and locations. This information can be used to establish a unique footprint for the user, which can be helpful for security purposes, such as detecting any suspicious or unauthorized access attempts.

A custodian is responsible for periodically reviewing security settings and maintaining records of access by users. They ensure that the appropriate security measures are in place and monitor user activity to ensure compliance with security protocols. The custodian plays a crucial role in maintaining the integrity and confidentiality of the system by regularly reviewing and updating security settings and keeping accurate records of user access.

Hashing is a process that converts data into a fixed-size string of characters. It is commonly used to ensure the integrity of data. When data is hashed, any change in the data will result in a different hash value. By comparing the hash values before and after transmission or storage, one can verify if the data has been tampered with or not. Therefore, integrity is a protection provided by hashing.

Rule Based Access Control (RBAC) is a method of access control that dynamically assigns roles to subjects based on rules. This means that instead of manually assigning permissions to individual users, RBAC automatically assigns roles to users based on their job function or other criteria. This approach is considered efficient and scalable, as it allows for easy management of access control in large organizations with numerous users and complex permissions requirements. It is a widely used and effective approach in today's security systems.

A token system that requires the user to enter the code along with a PIN is called a multi-factor authentication system. This is because it combines two factors, something the user knows (the PIN) and something the user has (the token code), to verify the user's identity. By requiring multiple factors, it adds an extra layer of security compared to single-factor authentication systems.

NTRUEncrypt uses lattice-based cryptography, which is believed to be more resistant to attacks from quantum computers. Quantum computers have the potential to break traditional public-key encryption algorithms like ECC and RSA, but lattice-based cryptography, such as NTRUEncrypt, offers a promising alternative that is thought to be more secure against quantum computing attacks. Therefore, NTRUEncrypt is the correct answer as it aligns with the given explanation.

Separation of duties is a principle that ensures that no single individual has complete control over a process or system. By dividing processes between two or more individuals, it helps to prevent fraud, errors, and abuse of power. This ensures that there is a system of checks and balances in place, as different individuals are responsible for different aspects of a process. This helps to increase accountability and reduce the risk of unauthorized actions or mistakes.

RIPEMD is a hash function that utilizes two separate and independent parallel chains of computation. These chains process the input data separately and generate intermediate hash values. At the end of the process, the intermediate hash values from both chains are combined to produce the final hash value. This approach increases the security and robustness of the hash function, making it resistant to attacks and collisions.

OAuth is the correct answer because it is an SSO technology that relies on tokens. When a user tries to access a resource from a service provider, OAuth allows them to authenticate with their credentials from an identity provider. The identity provider then issues a token to the user, which can be used to access the requested resource without having to provide credentials again. This token acts as proof of authentication and authorization, allowing the user to access multiple services without sharing their credentials with each one.

Resetting passwords typically requires physical access to the computer or device in order to perform the necessary actions to reset the password. This could involve inserting a USB flash drive or using other physical means to gain access to the system. Therefore, the correct answer is "Resetting".

OpenID is a decentralized open source FIM (Federated Identity Management) that allows users to log in to multiple websites using a single set of credentials. Unlike other options listed, OpenID does not require any specific software to be installed on the desktop. This makes it convenient for users as they can access their accounts from any device with an internet connection without the need for additional installations.

LDAP stands for Lightweight Directory Access Protocol. It is the version of the X.500 standard that runs on a personal computer over TCP/IP. LDAP is a protocol used to access and manage directory information services. It provides a lightweight and efficient way to query and modify directory data, making it suitable for use on personal computers.

When a user enters her username, it corresponds to the identification action in access control. Identification is the process of verifying the identity of a user by providing a unique identifier, such as a username. This step is important in access control as it allows the system to recognize and differentiate between different users. Once the user is identified, further actions such as authentication and authorization can take place to determine the user's privileges and access rights.

In the Mandatory Access Control (MAC) model, every subject and object is assigned a label. This label is used to determine the level of access or permissions that a subject has over an object. The label acts as a security mechanism, ensuring that only authorized subjects can access or modify objects based on their assigned labels.

A trusted OS is an operating system that is designed with security measures in place to control critical parts of the system, limiting access from both attackers and administrators. This ensures that only authorized individuals are able to access and modify sensitive components, reducing the risk of unauthorized access or malicious activities. By being "trusted," the OS instills confidence in its ability to protect the system and maintain its integrity.

A RADIUS authentication server requires that the supplicant be authenticated first. The supplicant refers to the client device or user that is attempting to gain access to the network. Before the authentication server grants access, it verifies the identity of the supplicant to ensure that it is authorized to connect to the network. This is a common practice in network security to prevent unauthorized access and protect the integrity of the network.

Mandatory Access Control (MAC) is a model where the end user does not have the ability to change any security settings. In this model, access to resources is determined by the system administrator or security policy, rather than being discretionary. This ensures that the user cannot modify or override the security settings, providing a higher level of control and protection for sensitive information or resources.

Group Policy is a Microsoft Windows feature that allows centralized management and configuration of computers and remote users who are using Active Directory. It enables administrators to define and enforce settings and restrictions for users and computers within a network. With Group Policy, administrators can control various aspects such as security settings, software installation, desktop configurations, and more. This helps in maintaining consistency and security across the network by ensuring that all computers and users adhere to the defined policies.

Kerberos is an authentication protocol that is available as a free download and can be run on various operating systems such as Microsoft Windows 7/Vista, Windows Server 2008, Apple Mac OS X, and Linux. It provides secure authentication for client-server applications and ensures that only authorized users can access network resources.

Hashing would not be used in encrypting and decrypting e-mail attachments. Hashing is a one-way function that converts data into a fixed-size string of characters, which is used for verifying data integrity or comparing data. However, when encrypting and decrypting e-mail attachments, a different process is used, such as symmetric or asymmetric encryption algorithms, to ensure data confidentiality and privacy. Hashing is not suitable for this purpose as it does not provide the ability to retrieve the original data.

Plaintext refers to the data that is inputted into an encryption algorithm before it is encrypted. It is the original, readable form of the data that is to be protected. Once the encryption algorithm is applied, the plaintext is transformed into ciphertext, which is the encrypted form of the data.

When Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, he needs to use Alice's public key to encrypt the message. This is because asymmetric cryptography uses a pair of keys - a public key for encryption and a private key for decryption. Alice's public key is meant to be shared with others, allowing them to encrypt messages that only Alice can decrypt using her private key. Therefore, Bob needs to use Alice's public key to ensure that only Alice can read the message.

The correct answer is Common Access Card (CAC). This smart card is issued by the U.S. Department of Defense and is used for identification purposes by active-duty and reserve military personnel. It allows access to secure facilities and computer networks, and contains personal information and digital certificates to authenticate the cardholder's identity. The CAC is an essential tool for military personnel to prove their identity and gain access to various resources within the Department of Defense.