Chapter 9: Practice Test 1 409
- A. The modulo function is the remainder value left over after an integer division operation
takes place. - C. A hybrid authentication service can provide authentication services both in the cloud
and on-premises, ensuring that service outages due to interrupted links are minimized. An
onsite service would continue to work during an Internet outage but would not allow the
e-commerce website to authenticate. A cloud service would leave the corporate location
offline. Outsourcing authentication does not indicate whether the solution is on- or off-
premise and thus isn’t a useful answer. - C. Federation links identity information between multiple organizations. Federating with
a business partner can allow identification and authorization to occur between them,
making integration much easier. Single sign-on would reduce the number of times a user
has to log in but will not facilitate the sharing of identity information. Multifactor can
help secure authentication, but again doesn’t help integrate with a third party. Finally, an
identity as a service provider might provide federation but doesn’t guarantee it. - B. Security Assertion Markup Language (SAML) is frequently used to integrate cloud
services and provides the ability to make authentication and authorization assertions.
Active Directory integrations are possible but are less common for cloud service providers,
and RADIUS is not typically used for integrations like this. Service Provisioning Markup
Language (SPML) is used to provision users, resources, and services, not for authentication
and authorization. - B. Rainbow tables use precomputed password hashes to conduct cracking attacks against
password files. They may be frustrated by the use of salting, which adds a specified
value to the password prior to hashing, making it much more difficult to perform
precomputation. Password expiration policies, password complexity policies, and user
education may all contribute to password security, but they are not direct defenses against
the use of rainbow tables. - C. A honeypot is a decoy computer system used to bait intruders into attacking.
A honeynet is a network of multiple honeypots that creates a more sophisticated
environment for intruders to explore. A pseudoflaw is a false vulnerability in a system
that may attract an attacker. A darknet is a segment of unused network address space that
should have no network activity and, therefore, may be easily used to monitor for illicit
activity. - C. The crossover error rate (CER) is the point where both the false acceptance rate and
the false rejection rate cross. CER and ERR, or equal error rate, mean the same thing and
are used interchangeably. - The factors match to the types as follows:
A. A PIN: Type 1.
B. A token: Type 2.
C. A fingerprint: Type 3.
D. A password: Type 1.
E. A smartcard: Type 2.