var quiz = {
	questions : [
		{
			text : 'Which of the following is NOT one of the three basic types of password cracking tests that can be automated with tools?',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'Brute force.',
				'Hybrid.',
				'Brutus.',
				'Dictionary.'
			],
			answer : 2,
			score : 1,
			expandedAnswer : 'Brutus is a password cracking tool that can perform both dictionary attacks and brute force attacks where passwords are randomly generated from a given character. Brutus can crack the multiple authentication types, HTTP (Basic authentication, HTML Form/CGI), POP3, FTP, SMB and Telnet.',
			moreInfo : 'For more on password cracking, read our tip on <a href="http://searchsecuritychannel.techtarget.com/generic/0,295582,sid97_gci1236496,00.html" target="_blank">ethical hacking tools and techniques</a>.'
		},
		{
			text : 'Which of the following is considered a strong authentication method for identifying users, customers and partners?',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'Tokens.',
				'Smart cards.',
				'Biometrics.',
				'All of the above.'
			],
			answer : 3,
			score : 1,
			expandedAnswer : 'Tokens, smart cards, biometrics and certificates all offer stronger ways of identifying users, customers and partners. Each has its strengths and weaknesses, and costs can be anywhere from $1 to $35 per user. As a result, companies must weigh the costs with the benefits and understand that each solution doesn\'t necessarily provide surefire security.',
			moreInfo : 'Find out your options when it comes to <a href= "http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1228339,00.html" target="_blank">two-factor authentication</a> in this access control tip.'
		},
		{
			text : 'Why are OTP tokens considered a valuable two-factor authentication method?',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'Because they convert fingerprints into a series of data points that mathematically represent the fingerprint.',
				'Because they contain a small microcontroller attached to an electrically erasable, programmable read-only memory chip.',
				'Because an attacker will not have enough time to guess the PIN number to gain access.',
				'OTP tokens are not a valuable two-factor authentication method.'
			],
			answer : 2,
			score : 1,
			expandedAnswer : 'OTP tokens generate new PIN numbers every 30 to 60 seconds and can be used in addition to static user IDs and passwords to log on to a website. The idea is that if the static credentials are stolen, say, in a phishing attack, the malicious user would still have to guess the PIN to gain access. But since the time window is too short to guess the PIN, it would be nearly impossible to break in.',
			moreInfo : 'Learn about <a href= "http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1228354,00.html" target="_blank">one-time password tokens and FFIEC compliance</a>.'
		},
		{
			text : 'How often should passwords expire?',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'At least once a month.',
				'At least once a year.',
				'At least once every six months.',
				'At least once every 90 days.'
			],
			answer : 3,
			score : 1,
			expandedAnswer : 'Passwords should be changed every 45 to 90 days and should be different every time. They shouldn\'t be changed just by incrementing a number at the end or by adding a new character. A password like "bobsmith14" shouldn\'t be allowed to be changed to "bobsmith15" at the next go-around. And, of course, like Sarbanes-Oxley, no names of kids or family members, or any dictionary words, should be allowed. ',
			moreInfo : 'For more on password security, visit SearchSecurity.com\'s tip on <a href= " http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1274371,00.html" target="_blank">password compliance requirements</a>.'
		},
		{
			text : 'In an IIS directory, what does the Directory tab enable a user to do?',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'Enter the properties dialog box of the website or subfolder you wish to control.',
				'Configure whether a user can browse the directory, view/change files and access the files\' source code.',
				'Configure how your customers\' Web servers authenticate a user\'s identity.',
				'All of the above.'
			],
			answer : 1,
			score : 1,
			expandedAnswer : '',
			moreInfo : 'Read up on how to <a href= "http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1240859,00.html" target="_blank">configure IIS Web server permissions to protect customer data</a>.'
		},
		{
			text : 'What does the FFIEC directive describe as acceptable two-factor authentication systems?',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'A user ID and password used with a smart card reader.',
				'A one-time password token used with a finger print scanner.',
				'An ATM card with a PIN.',
				'Out-of-band authentication.'
			],
			answer : 3,
			score : 1,
			expandedAnswer : 'The FFIEC\'s directive describes out-of-band authentication, mutual authentication and Internet Protocol Address location as acceptable two-factor authentication systems. This confuses the issue, since these aren\'t authentication systems, let alone two-factor ones. These systems don\'t verify users. They check for fraudulent transactions, verify the identity of the bank to the online customer, or confirm the user is logging on from their own computer -- in other words, they verify the computer, rather than the user.',
			moreInfo : 'Learn more about <a href= "http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1228088,00.html" target="_blank">FFIEC directives for two-factor authentication</a>.'
		},
		{
			text : 'Which two-factor authentication option converts a fingerprint into a series of data points that mathematically represent the fingerprint, but cannot be used to re-create the fingerprint?',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'Biometrics.',
				'Tokens.',
				'Certificates.',
				'Smart cards.'
			],
			answer : 0,
			score : 1,
			expandedAnswer : 'The biometric software typically converts the fingerprint into a series of data points that mathematically represent the fingerprint, but cannot be used to re-create the fingerprint. Vendors vary widely in their implementation of this measurement process. The crossover error rate is a good measure of accuracy of the reader/software combination, but the readers themselves can be susceptible to errors.',
			moreInfo : 'Learn the <a href= "http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1228312,00.html" target="_blank">pros and cons of biometrics</a> as a two-factor authentication option in this tip.'
		},
		{
			text : 'Although it is a strong style of authentication, setup and maintenance costs make this authentication very expensive. ',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'Biometrics.',
				'Tokens.',
				'Certificates.',
				'Smart cards.'
			],
			answer : 2,
			score : 1,
			expandedAnswer : 'Certificates tend to be a stronger style of authentication, but come at a much higher cost. The infrastructure typically required in an enterprise (servers, hierarchical certificate server domain deployment and personnel) is pricey to set up and maintain. Third-party vendor-managed services help, but this authentication is still more expensive than most others.',
			moreInfo : 'Find out what types of organizations benefit best from using certificates in this tip on <a href= "http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1228314,00.html" target="_blank">two-factor authentication and certificates</a>.'
		},
		{
			text : 'This type of two-factor authentication contains a small microcontroller attached to an electrically erasable, programmable read-only memory chip. ',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'Biometrics.',
				'Tokens.',
				'Certificates.',
				'Smart cards.'
			],
			answer : 3,
			score : 1,
			expandedAnswer : 'A smart card looks like a credit card but contains a small microcontroller attached to an electrically erasable, programmable read-only memory chip. Smart card chip connection is via direct physical contact with a smart card reader, which can be attached to a PC. New-generation smart cards also have a math coprocessor integrated with the microcontroller chip that can quickly perform complex encryption routines.',
			moreInfo : 'In this tip on two-factor authentication, you\'ll learn what you need to know before <a href= " http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1228310,00.html" target="_blank">deploying smart cards</a>.'
		},
		{
			text : 'Which variety of token choices tends to be the most cost-effective and versatile?',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'USB tokens.',
				'Random number generator key fobs.',
				'Software tokens.',
				'None of the above.'
			],
			answer : 0,
			score : 1,
			expandedAnswer : 'Among the token choices, the USB tends to be the most cost-effective and versatile. The USB reader is standard equipment on today\'s PCs, so a separate reader is not required as it is for other two-factor authentication methods such as smart cards. Unlike random number generators like RSA Security\'s SecurID, USB tokens provide storage for various certificates and logon credentials, making them more flexible.',
			moreInfo : 'Learn the pros and cons of <a href= "http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1228296,00.html" target="_blank">two-factor authentication and tokens</a>.'
		}
	]
};