Q71: Match the security methods with its description.

Question 71: Match the following:

1. Phishing
2. Authentication
3. Authorization
4. Accounting

 

i. Using passwords, one-time tokens, digital signatures.

ii. IP address filtering.

iii. Directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

iv. Keeping track of network resource consumption.

 

Options:

1. a-i, b-ii, c-iii, d-iv
2. a-iv, b-ii, c-iii, d-i
3. a-i, b-iv, c-ii, d-iii
4. a-iii, b-i, c-ii, d-iv

Solution: The correct answer is option 4. Phishing is a security attack, whereas on the other hand, AAA (Authentication, Authorization and Accounting) are to ensure security and are part of security architecture for distributed systems.

Q26: Why is password stored as hash?

Question #26: Usually passwords in our systems are not stored as it is, but only their hash is stored. If PW is the password, then f(PW) is stored which is not invertible. What do you think is the intention behind this?

Options:

A)     So that some malicious user doesn’t change the password file.

B)      So that some malicious can’t see password in some text file as PW can’t be obtained from f(PW).

C)      So that some malicious user can’t guess the password.

D)     None of the above

 

Solution:

By storing hash instead of password, malicious user can still change the hash file, thereby indirectly changing password if it has root access. But it won’t be able to see the password and hash is not invertible back to password. Hence, the correct answer is option B.