Created by Shantal K Green
over 4 years ago
|
||
Question | Answer |
PASSWORD POLICY | A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. |
PASSWORD COMPLEXITY | Account lockout is a feature of password security in Windows 2000 and later that disables a user account when a certain number of failed logons occur due to wrong passwords within a certain interval of time |
PASSWORD LENGTH | A minimum length of eight characters with a limit of anywhere from 16 to 64 characters or possibly even higher; The inclusion of both uppercase and lowercase letters with case sensitivity; The use of at least one number; and. The use of at least one special character. |
PASSWORD HISTORY | Password history determines the number of unique new passwords that have to be associated with and used by a user before an old password can be reused again. This enables administrators to enhance security by ensuring that old passwords are not reused continually |
MINIMUM AND MAXIMUM PASSWORD AGES | The Maximum password age policy setting determines the period of time (in days) that a password can be used before the system requires the user to change it. ... If Maximum password age is set to 0, Minimum password age can be any value between 0 and 998 days. |
PASSWORDS ENFORCED BY USING GROUP POLICIES | In group policy editor, you can set min and max pw length & ages, history, complexity, and store them using reversible encryption. |
PASSWORD ATTACK METHODS | BRUTE FORCE ATTACK DICTIONARY ATTACK PHISHING RAINBOW TABLE ATTACK KEYLOGGER CREDENTIAL STUFFING PASSWORD SPRAYING PASSWORD RESET TOOL |
CREDENTIAL STUFFING | Hackers use lists of stolen usernames and passwords in combination on various accounts, automatically trying over and over until they hit a match. |
PASSWORD SPRAYING | Tries thousands if not millions of accounts at once with a few commonly used passwords. |
KEYLOGGER | Install a program on users’ endpoints to track all of a users’ keystrokes. |
RAINBOW TABLE ATTACK | Compiles a list of pre-computed hashes. It already has the mathematical answers for all possible password combinations for common hash algorithms |
PHISHING | Disguise their phishing attacks as unsuspecting emails posing as legitimate and known services. From these emails, hackers take users to fake login pages disguised as the legitimate service. |
DICTIONARY ATTACK | Employ a program which cycles through common words |
BRUTE FORCE ATTACK | A hacker uses a computer program to login to a user’s account with all possible password combinations. |
PASSWORD RESET PROCEDURES | The local administrator password should be reset every 180 days for greater security and the service account password should be reset at least once a year during maintenance time. |
DOMAIN USER ACCOUNT PASSWORDS | A domain user is one whose username and password are stored on a domain controller rather than the computer the user is logging into. When you log in as a domain user, the computer asks the domain controller what privileges are assigned to you. |
Want to create your own Flashcards for free with GoConqr? Learn more.