Q01. Which password attack needs you to be at your safe place after having stolen password file? a) Workstation hijacking b)ExploitingusermistakeQ02.WhichoneisNOTcorrectaboutusingsaltvalueinpassword-basedauthentication?d)Offlinedictionaryattack c) Online system brute force attack a) Salt value is entered by user along the username and password value while registering to the system b) Salt value will increase the password address space making brute force attack much harder c) If two different users use same password, salt value prevents this fact to be discovered by users d) If password files for two different systems are captured, it prevents to see if one user used same password in both systems Q03. Which analysis approach will be more capable of detecting a new attack type that is not introduced to the Intrusion system? a) Signature/heuristic detection b) Malware detection c) Anomaly detection d) Host-based Intrusion Detection Q04. Which one bigger?(question has two options) a) Offline dictionary table b) Rainbow table Q05. Which one is not a preventive measure against rainbow table attack ? a) using a shadow password file b) Paying attention to access rights to system directories and files c) Decreasing bandwidth of the Institution at night d) Using longer sait values Q06. System does not put very strict rules on password choosing in password change/select phase. The system administrator tries to break the user passwords using word dictionaries (containing weak passwords) and force those users to change passwords whose password could be cracked with a specified number of trials. This checking done in non-busy hours of the system. Which approach is this? a) Complex password policy c) proactive password policy b) Reactive password policy d) rule enforcement policy