This is the process of determining whether someone or something is, in fact, who or what it is declared to be.
Conditional access
Authentication
Identification
Anonymizer
Authorization
In the original description, the Diffie-Hellman exchange by itself does not provide ____ of the communicating parties and is thus vulnerable to a man-in-the-middle attack
Password
Two factor authentication
Security token
Why would reusing a ticket as a replay attack is Kerberos not be successful?
The tickets are encrypted
The tickets are digitally signed
The tickets are used a token
The tickets are time stamped
What is Man in the middle attack?
The attackers catch our employee in the middle of them and start applying physical pressure on them
The attacker (man) hides inside (in the middle of) a crowd to sneak past the guards and cameras
The hacker jacks in a network and records all the information sent over the network
What is encryption strength is based on? Please select the best answer
The strength of the algorithm, the length of the key, and the secrecy of the key
The length of the key, the type of algorithm, and the strength of the key
The privacy of the key, the length of the algorithm, and the strength of the key
The strength of the key, the length of the algorithm, and the privacy of the key
One form of ‘something you have’ is the _____ and USB tokens
Fingerprint
Tokens
Digital signatures
The process based on some physical, genetic, or otherwise human characteristic that cannot be duplicated is also known as (Please select the best answer)
Password authentication
Physical authentication
Fingerprint authentication
Biometric authentication
What is a good way to make users in a network safer in the internet
Get a slow connection so they cannot download too much
Deny all internet access
All of the above
None of the above
Set up a filtering proxy server so you can check all the incoming traffic
When an attacker captures part of a communication and later sends the communication segment to the server whilst pretending to be the user it is known as a
It is known as the Man in the middle attack
It is known as the TCP/IP spoofing attack
It is known as the Back door attack
It is known as the Replay attack
In which of the following attack does the attacker capture a portion of the communication between two parties, modifies it, and inserts
Man-in-the-middle attack
Spoofing
Sniffing
Denial-of-service
A password represents
Something you have
Something you are
Something you know
List the main aspects of information security: I. Confidentiality II. Integrity III. Availability IV. Consistency
I-III-IV
I-III
I-II-III
I only
II-III-IV
Which of the following describes the challenge-response
A workstation or system that generates a random challenge string that the user enters when prompted along with the proper PIN (Personal Identification Number)
A workstation or system that generates a random ID that the user enters when prompted along with the proper PIN (Personal Identification Number)
A special hardware device that is used to generate random text in a cryptography system
The authentication mechanism in the workstation or system does not determine if the owner should be authenticated.
Consider the Diffie-Hellman scheme with a common prime p=7 and primitive root (generator) g=3 if the user A has private key XA = 3, what is A’s public key RA?
6
8
9
16
Suppose Bob wants to send a secret message to Alice using public key cryptography. Then Bob should
Encrypt the message with Alice’s public key and send Alice the message
Encrypt the message with Alice’s private key and send the encrypted message to Alice
Encrypt the message with his public key and send Alice the message
Encrypt the message with his private key and send the encrypted message to Alice
Suppose Bob wants to send Alice a digital signature for the message m. To create the digital signature
Bob applies a hash function to m and then encrypts the result with his private key
Bob applies a hash function to m and then encrypts the result with his public key
Bob applies a hash function to m and then encrypts the result with Alice’s public key
Bob encrypts m with his private key and then applies a hash function to the result
Suppose Alice receives from Bob a message m along with a digital signature for the message m. To verify that the message was not changed and that Bob indeed sent the message, Alice
Applies Bob's public key to the digital signature, applies the has function to m, and compares the results of the two operations;
Applies Bob's public key to the digital signature, then a de-hashing function to the result. She then compares the results of this last operation with the message m;
Applies a de-hashing function to the digital signature and compare the result to m;
No correct answer;
Suppose a CA contains Bob's certificate, which binds Bob's public key to Bob. This certificate is signed with
The CA's private key
Bob’s public key
The CA's public key
Bob’s private key
A well designed and configured ____ is like having a single point of entry into your building with a security guard at the door allowing only authorized personnel into the building.
Network Adapter
Antivirus Software
Intrusion Detection System
Firewall
Which security action should be finished before access is given to the network?
Identification and authorization
Identification and authentication
Authentication and authorization
Authentication and password
Which of the following types of encryption would BEST to use for a large amount of data?
Asymmetric
Symmetric
RSA
Hash
Which statement correctly describes the difference between a secure cipher and a secure hash?
A hash produces a variable output for any input size; a cipher does not.
A cipher can be reversed; a hash cannot.
A cipher produces the same size output for any input size; a hash does not.
This is a trial and error method used to decode encrypted data through exhaustive effort rather than employing intellectual strategies.
Decryption
Cryptanalysis
Cryptography
Brute force cracking
Making sure that the data has not been changed unintentionally, due to an accident or malice, is:
Auditability
Availability
Integrity
Confidentiality
Which of the following appears when an asset of the system become lost, unavailable or unusable?
Interception
Interruption
Interpretation
Modification
Fabrication
Show incorrect kind of threats
Bock cipher maps each plaintext block to :
Same length cipher text block
Different length cipher text block
The same letter
No answer
What is vulnerability?
A weakness in the security system
A Method which uses flaws to have more access, privileges or resources to the system
A method which used to eliminate or reduce threats
A kind of auth to system
A(n) _____ application monitors all incoming and outgoing network traffic and block unauthorized packets from getting through
Antivirus
Intrusion Detection System (IDS)
Personal Firewall
Network Monitor
What is assumed by cipher in cryptography ?
Algorithm for performing encryption and decryption
Encrypted message
None of mentioned
Raw message
All of mentioned
What is assumed by ciphertext in cryptography?
What is assumed by plaintext in cryptography?
In cryptography, what is key?
Info used to cipher, known only to sender and receiver
Algorithm for transforming plaintext to ciphertext
Recovering plaintext from ciphertext
Converting plaintext to ciphertext
What is cryptoanalysis?
Study of principles/methods deciphering ciphertext without knowing key
In asymmetric key cryptography, the public key for decryption is kept by:
Sender
Receiver
Sender and receiver
Everyone in the network
All the connected devices to the network
Which of these are threats against to modern computer?
Network attacks, firewall and worms
Viruses, worms and encryption
Network attacks, viruses and worms
Viruses, network encryptions and worms
How the industry solves the threats ?
Firewall, IDS, Kerberos, blogs
IDS, firewall, authentication, policies
Virus, worms, attacks, web-sites
Network attacks, IDS, worms, virus
Which one of the following algorithm is not used in asymmetric key cryptography?
RSA algorithm
Diffle-Hellman algorithm
DES algorithm
DSA algorithm
In cryptography, the order of the order of the letters in a message in rearranged by
Transpositionalcip ciphers
substitution ciphers
All kinds of the ciphers
None of the mentioned
What is data encryption standard (DES)?
Block cipher
stream cipher
bit cipher
none of the mentioned
Cryptanalysis is used:
To find some insecurity in cryptographic scheme
to increase the speed
to encrypt the data
Cryptographic hash function takes an arbitrary block of data and returns
Fixed site bit string
variable size bit string
both of the mentioned
A substitution cipher substitutions one symbol with
Keys
Others
Multi Parties
Single Party
An asymmetric-key(or public key ) cipher uses
1 key
2 key
3 key
4 key
In the computer industry the “What you have” method is use of?
Passwords
Smart cards
Digital certificates’
A smartcard represents
Convert one symbol of plaintext immediately into a symbol of cipher text (example:Caesar cipher)
Encryption
Plaintext
stream ciphers
Interruption is
Asset lost, unusable, unavailable
Unauthorized access
Unauthorized change, tamper of data
Ex. Unauthorized add data to a DB
Modification is
Which are the examples of DEFENCE?
Firewalls, router access control list, spam filters, virus scanners
Employee communication, policy on company Intranet
Audit logs, intrusion detection system, network traffic monitoring
Which are the examples of DETERRENCE?
Which are the examples of DETECTION?
What is encryption?
Is the process of encoding a message so that its meaning is not obvious
Is the reverse process, transforming an encrypted message back into its normal, original form
Is the process of preventing any attacks from the hackers
In password protection, this is a random string of data or number used to modify a password hash
Nonce
Ssl
One time password
Secret key
Public key
Using public key cryptography suppose Bob wants to send a secret message to Alice and Alice wants to be sure that the message was indeed sent by Bob. Then Bob should:
Encrypt the message with his private key, encrypt the result with Ailce’s public key and then send Alice the message
• Encrypt the message with his private key , encrypt yhe result with alices’ private key, and then send Alicce the message
• Encrypt the message with his public key, encrypt the result with Alice’s public key, and then send Alice the message
Cipher can be reversed, hash cannot
A hash can be reversed, a cipher cannot
A hash production a variable output fot any input size, a cipher does not
A cipher produces the same size output for any input size, a hash does not
This is a trial and error method used to decode encrypted data through exhaustive effort rather than employing intellectual strategies
• Brute force cracking
• Decryption
• Cryptoanalysis
• Cryptography
A well designed and configured _____ is like having single point of entry into your building with a security guard at the door allowing only authorized personnel into the building
Network adapter
Antivirus software
Intrusion detection system
Suppose a CA contains Bob’s certificate, which binds Bob’s public key to Bob. This certificate is signed with
The CA’s private key
Bobs public key
The CAs public key
Bobs private key
Suppose Alice receives from Bob a message m with digital signature for one message m. To verify that the message was not changed and that Bob indeed sent the message, Alice
Applies Bob’s public key to the digital signature applies to the hash function to m, and compares the results of the two operations.
Applies bobs public key to the digital signature, then a de-hashing function to the result. She then compares the result of this operation with the message m
Applies a de-hashing function to the digital signature and compares the result m
No correct answer
