Question 11 (2 points)

How does iterating the HMAC (Hash-based Message Authentication Code) computation process help defend against attacks?

Question 11 options:

	It makes the HMAC output harder to reverse-engineer.
	It makes the HMAC output more resistant to Rainbow table attacks.
	It encrypts the message being authenticated.
	It slows down password cracking attacks.

Question 12 (2 points)

The more iterations (HMAC) that are done, the less it takes to authenticate a user, but the more secure the algorithm will be.

Question 12 options:

	True
	False

Question 13 (2 points)

A hacker was able to execute certain operations on your systems and modify the audit trail so that her actions were hidden. This compromises which important cybersecurity objective ?

(Refer to the CIA triad! Enter the full word without space)

Question 13 options:

Question 14 (3 points)

Link the example to the authentication scheme

Question 14 options:

123	Ownership
123	Inherence
123	Knowledge

1.	Smart card
2.	Fingerprint
3.	Physical address

Question 15 (3 points)

Match the definition to its corresponding hash function

Question 15 options:

123	If a hash function h produced a hash value z, then it should be a difficult process to find any input value x that hashes to z.
123	If a hash function h for an input x produces hash value h(x), then it should be difficult to find any other input value y such that h(y) = h(x).
123	For a hash function h, it is hard to find any two different inputs x and y such that h(x) = h(y).

1.	Pre-Image Resistance
2.	Second Pre-Image Resistance
3.	Collision Resistance

Question 16 (4 points)

Map the definition to the corresponding concept of access control:

Question 16 options:

1234	is ensuring the actions performed by a user are traceable to prove responsibility.
1234	is the process of an entity communicating its claimed identity to another entity.
1234	is the process of specifying user access rights and privileges.
1234	is the process of proving a claimed identity.

1.	Audit trail
2.	Authentication
3.	Authorization
4.	Identification

Question 17 (2 points)

An unauthorized employee modified the payroll system to give himself a raise, which cybersecurity mechanism would be most likely to address the threat ?

Question 17 options:

	access control
	encryption
	audit logs
	privacy

Question 18 (2 points)

A manager denied responsibility for the unauthorized access of another employee's computer, which cybersecurity mechanism would be most likely to address the threat ?

Question 18 options:

	access control
	encryption
	audit logs
	privacy

Question 19 (2 points)

Strong authentication refers to any form of authentication that goes beyond simply requiring a traditional password but instead relies on other passwordless authentication methods.

Question 19 options:

	True
	False