CSE 467 Exam 1 Multi Choice P2

Issued as RFC 2104, __________ has been chosen as the mandatory-to-implement MAC for IP Security. A.HMAC B.DSS C.RSA D.SHA-3

A. HMAC

__________ allows an issuer to access regional and national networks that connect point of sale devices and bank teller machines worldwide. A.EFT B.ATF C.BTM D.POS

A.EFT

The _________ scheme has reigned supreme as the most widely accepted and implemented approach to public-key encryption. A.RSA B.HMAC C.SHA-1 D.MD5

A.RSA

The DSS makes use of the _________ and presents a new digital signature technique, the Digital Signature Algorithm (DSA). A.SHA-1 B.HMAC C.RSA D.XOR

A.SHA-1

_________ are analogous to a burglar guessing a safe combination by observing how long it takes to turn the dial from number to number. A.Timing attacks B.Digital standards C.Ciphers D.Mathematical attacks

A.Timing attacks

A __________ type of attack exploits properties of the RSA algorithm. A.chosen ciphertext B.mathematical C.timing D.brute-force

A.chosen ciphertext

A __________ is when an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path. A.client attack B.Trojan horse attack C.host attack D.eavesdropping attack

A.client attack

Although the _________ attack is a serious threat, there are simple countermeasures that can be used such as constant time calcs, random delays or blinding computations. A.timing B.mathematical C.none of the above D.chosen ciphertext

A.timing

SHA-1 produces a hash value of _______ bits. A. 256 B. 160 C. 384 D. 180

B. 160

The National Institute of Standards and Technology has published Federal Information Processing Standard FIPS PUB 186, known as the __________. A.MAC B.DSS C.MD5 D.XOR

B.DSS

__________ systems identify features of the hand, including shape, and lengths and widths of fingers. A.Palm print B.Hand geometry C.Fingerprint D.Signature

B.Hand geometry

_________ attacks have several approaches, all equivalent in effort to factoring the product of two primes. A.Timing B.Mathematical C.Brute-force D.Chosen ciphertext

B.Mathematical

__________ defines user authentication as "the process of verifying an identity claimed by or for a system entity". A.RFC 2493 B.RFC 4949 C.RFC 2328 D.RFC 2298

B.RFC 4949

A ________ attack involves trying all possible private keys. A.chosen ciphertext B.brute-force C.timing D.mathematical

B.brute-force

Each individual who is to be included in the database of authorized users must first be __________ in the system. A.identified B.enrolled C.verified D.authenticated

B.enrolled

A __________ attack involves an adversary repeating a previously captured user response. A.Trojan horse B.replay C.client D.eavesdropping

B.replay

Recognition by fingerprint, retina, and face are examples of __________. A.token authentication B.static biometrics C.face recognition D.dynamic biometrics

B.static biometrics

The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords. A.proactive password checking B.user education C.reactive password checking D.computer-generated password

B.user education

The principal attraction of __________ compared to RSA is that it appears to offer equal security for a far smaller bit size, thereby reducing processing overhead. A.MD5 B.Diffie-Hellman C.ECC D.none of the above

C.ECC

The most common means of human-to-human identification are __________. A.signatures B.retinal patterns C.facial characteristics D.fingerprints

C.facial characteristics

A __________ is a password guessing program. A.password salt B.password biometric C.password cracker D.password hash

C.password cracker

A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords. A.user education B.proactive password checking C.reactive password checking D.computer-generated password

C.reactive password checking

Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the ___________. A.authentication step B.identification step C.verification step D.corroboration step

C.verification step

In 2005, NIST announced the intention to phase out approval of _______ and move to a reliance on the other SHA versions by 2010. A.SHA-256 B. SHA-512 C. SHA-2 D. SHA-1

D. SHA-1

The __________ uses an algorithm that is designed to provide only the digital signature function and cannot be used for encryption or key exchange. A.ECC B.XOR C.RSA D.DSS

D.DSS

___________ was the first published public-key algorithm. A.RSA B.NIST C.RC4 D.Diffie-Hellman

D.Diffie-Hellman

To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol. A.eavesdropping B.denial-of-service C.Trojan horse D.challenge-response

D.challenge-response

A __________ is directed at the user file at the host where passwords, token passcodes, or biometric templates are stored. A.eavesdropping attack B.denial-of-service attack C.client attack D.host attack

D.host attack

An institution that issues debit cards to cardholders and is responsible for the cardholder's account and authorizing transactions is the _________. A.processor B.cardholder C.auditor D.issuer

D.issuer

The _________ attack exploits the common use of a modular exponentiation algorithm in RSA encryption and decryption, but can be adapted to work with any implementation that does not run in fixed time. A.mathematical B.brute-force C.chosen ciphertext D.timing

D.timing