TRUE/FALSE QUESTIONS:

1.    Symmetric encryption is used primarily to provide confidentiality

2.    Two of the most important applications of public-key encryption are digital signatures and key management.

3.    Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

4.    The secret key is input to the encryption algorithm.

5.    Triple DES takes a plaintext block of 64 bits and a key of 56 bits to produce a ciphertext block of 64 bits.

6.    Modes of operation are the alternative techniques that have been developed to increase the security of symmetric block encryption for large sequences of data.

 

MULTIPLE CHOICES QUESTIONS

7.    Which of the following ciphers is/are symmetric?

A.  DES                                                           C.  DES, Skytale and Caesar’s cipher

B.  DES & Skytale                                          D.  DES, Skytale, Caesar cipher and RSA

 

8.    Which algorithm provides for key distribution but does not provide encryption or nonrepudiation?

A.  Diffie-Hellman                                           C.  RSA

B. ElGamal                                                     D.  Elliptic Curve Crypto System (ECC)

 

9.    Which type of cipher operates in real time on a single character or single bits of data

A.  Block                                                         C.  Stream

B.  Rolling                                                        D.  Continuous

 

10.  Which of the following is not one of the three types of access control?

            A.  Administrative                                            C.  Technical

            B.  Personnel                                                  D.  Physical

 

11.  Which of the following is not one of the three types of user authentication?

            A.  Something you remember                                    C.  Something you are

            B.  Something you know                                D.  Something you have

 

12.  What is the weakest form of authentication?

      A.  Password                                                   C.  Facial Recognition

B.  Retina Scans                                             D.  Tokens

 

13.  Which of the following is not one of the primary categories of access control methods?

A.  Discretionary                                             C. Role-based

B. Mandatory                                                  D.  Delegated

 

14.  Auditing is a __________ method of access control.

            A.  Preventive                                                 C. Administrative

            B. Technical                                                    D.  Physical

 

15.  _________ is the granting of a right or permission to a system entity to access a system resource.

      A.  Authorization                                              C.  Authentication

      B.  Control                                                       D.  Monitoring

 

16.  A bank teller most likely fall under __________ access control.

      A.  Discretionary                                             C.  Role-based

      B. Mandatory                                                  D.  Rule-based

 

17.  __________ is the easiest and most common way of password attack used by pick off insecure passwords.

      A.  Hybrid                                                        C.  Brute-force

      B. Dictionary                                                   D.  Man-in-the middle

 

18.  _____is not an example of single-sign-on service.

      A.  RADIUS                                                    C.  SESAME

B. Kerberos                                                     D.  CryptoKnight

 

19.  ________is the most time-intensive time of password attack to attempt.

      A.  Hybrid                                                        C.  Brute-force

B. Plin-text                                                      D.  Man-in-the middle

 

20.  Which of the following protocols transmits user names and passwords in clear-text

      A.  SSH                                                           C.  Telnet

B.  HTTPS                                                      D.  TFTP

 

21.  The failure to check the size of input stream deatined to temporary storage by programs could lead to__________

A.    Failover                                                     C. Buffer overflow

B.    Backdoor                                                  D. Maintenance hook

 

22.  In addition to message authentication, a message digest also provides:

            A.  Data integrity                                             C.  Data confidentiality

B.  Data availability                                         D.  All of the above

 

23.  Which security model prevents a user from directly accessing data stored in the computer?

      A.  Biba                                                           C.  Bell-LaPadula

B. Clark-Wilson                                               D.  Brewer Nash

 

24.  What document is similar to a standard but provides only broad guidance and recommendations?

      A.  Policies                                                      C.  Procedures

B. Guidelines                           D.  Baselines

 

25.  Which of the followings can be used to protect confidentiality?

      A.  CCTV                                                        C.  checksums

B. Encryption                          D.  RAID

 

26.  Jennifer has just downloaded a game form a peer-to-peer network. Although the game did seem to install, his computer now seems to act strangely. Her mouse now moves around by itself, URLs are opening without her assistance, and her webcam keeps turning itself on. Which of the following has happened?

A.    A Trojan horse was installed

B.    A logic bomb was installed

C.   A DDoS client was installed

D.   An email virus was installed

 

27.  Which of the following is considered a connection-oriented protocol?

a.    ICMP

b.    UDP

c.    TCP

d.    ARP

 

28.  Nickolas waited until his victim established a connection with the organization’s FTP connection. Then Nickolas executed a program that allowed him to take over the established session. What type of attack has taken place?

a.    Spoofing

b.    Session hijacking

c.    Password attack

d.    ARP redirection

 

29.  Which of the following is not a denial-of-service attack?

a.    Exploiting a flaw in a program to consume 100 percent of the CPU

b.    Sending malformed packets to a system, causing it to freeze

c.    Performing a brute-force attack against a known user account

d.    Sending thousands of emails to a single address

 

30.  Which one of the following cannot be achieved by a symmetric cryptosystem?

a.    Nonrepudiation

b.    Confidentiality

c.    Availability

d.    Key distribution

Answer Table