Midterm

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following authentication techniques are vulnerable to sniffing attacks that replay the sniffed credential? Select all that apply.

1. passwords 2. passive tokens 3. biometric readers

If we combine "10101" with "01011" using Exclusive Or, which result do we get?

11110 (opposites generate a 1, same generates a 0)

SHA-1 produces a hash value of __________ bits.

160

When we place crypto in different protocol layers, we often balance two important properties:

Application transparency and network transparency

What does authentication do?

Associates an individual with an identity

In 2008, researchers at Princeton University demonstrated techniques to retrieve RAM contents after the computer had been powered off. They then extracted drive encryption keys from RAM and used them to decrypt an encrypted drive. This is called a(n):

Cold-boot attack

Which of the following security protections is used to prevent passive attacks?

Confidentiality

Alice transmits a message to Bob using a stream cipher. During transmission, an error causes a single bit in the ciphertext to change. How does this affect the decrypted message?

The decrypted message contains a 1-bit error in the same location.

The video stored on DVDs is encrypted. Where do we get the key to decrypt the DVD when we play it?

The key is stored in the player.

After encrypting a plaintext file and saving its ciphertext in a new file, what should the file encryption program do next? Select the safest alternative.

The program writes zeroes over the every data block in the plaintext file.

The language that's the foundation of most web pages is:

Hypertext Markup Language (HTML)

Volume encryption protects data on a computer against:

Theft

Secure Sockets Layer (SSL) has been replaced by:

Transport Layer Security (TLS)

A DVD player handles all key management.

True

The process of transforming an existing key into a new one is called:

Self-rekeying

The following are fundamental strategies for authenticating people on computer systems, except:

Something you make

An encryption algorithm that uses the same key for both encryption and decryption is:

Symmetric

A good hash function has the property that "the results of applying the function to a large set of inputs will produce outputs that are evenly distributed and apparently random".

True

A hash function that satisfies the properties of variable input size, fixed output size, efficiency, preimage resistant, second preimage resistant and collision resistance is referred to as a strong hash function.

True

A network attack in which someone forges network traffic would be considered an active attack.

True

After encrypting a plaintext file, it should actively erase the plaintext file's context and save the encryption.

True

An encryption application program, from a user's point of view, protects a file with a memorized password.

True

Browsers often store the cookies in individual files, each named for the server that owns the cookie. Whenever the browser visits a particular server, it includes the cookies received from that server.

True

Changing a single bit of a block cipher's input affects the entire output block.

True

Crypto techniques originally focused on confidentiality.

True

Dictionary attacks differ from trial and error attacks because dictionary attacks focus on likely passwords.

True

Eavesdropping without interfering with communications would be considered a passive attack.

True

Hash functions can be used for intrusion and virus detections.

True

If a certificate authority is not in a web browser's built-in list, then the browser cannot verify the certificate's digital signature and thus cannot tell if the certificate is legitimate.

True

It can be shown that some form of birthday attack will succeed against any hash scheme involving the use of cipher block chaining without a secret key, provided that either the resulting hash code is small enough or that a larger hash code can be decomposed into independent subcodes.

True

Keystroke loggers can be hardware or software based.

True

SQL supports queries to search and extract data from the database, plus other operations to add or update data in the database.

True

Self-rekeying transforms an existing encryption key into a new one using a pseudorandom number generator.

True

The Advanced Encryption Standard (AES) is stronger than the Data Encryption Standard (DES).

True

The one-way hash is a cryptographic function.

True

The way to measure the resistance of a hash algorithm to cryptanalysis is to compare its strength to the effort required for a brute-force attack.

True

Virtually all cryptographic hash functions involve the iterative use of a compression function.

True

When an attacker is attacking a password system, the average attack space estimates the number of guesses required before success is likely.

True

You can wrap a secret key with RSA.

True

An authentication system that requires the user to provide two different passwords and a fingerprint scan is an example of:

Two-factor authentication

Virtual private networking is used primarily for encrypting:

a connection between two sites across the internet.

Managing a website's subject matter and files and constructing web pages can be accomplished with:

a content management system

An attack that tricks a database management system into interpreting part of an entered password as an SQL expression is called:

command injection

To manage the site's contents and construct web pages, most modern sites use:

content management systems

Access control protects data on a computer against:

hostile users

A message authentication code is also known as a __________ hash function.

keyed

When encrypting data with a block cipher, each repetition is called a:

round

Encryption can help protect volumes in all of the following situations, except:

to prevent physical damage to a hard drive

The type of cipher that rearranges the text of a message is called:

transposition

File encryption protects data on a computer against all of the following, except:

trojan crypto

The principal application of IPsec is:

virtual private networking

A decryption procedure requires two inputs. Select all that apply.

1. ciphertext 2 key

Which of the following are true of client-side scripts? Select all that apply.

1. Appear as short procedures embedded in an HTML page 2. Are interpreted by browsers 3. Can be exploited by viruses and trojans

Which of the following are risks associated specifically with running scripts in a user's browser? Select all that apply.

1. Cross Site Scripting 2. Malicious script that damages client side resources

In a password system, increasing the work factor results in which of the following? Select all that apply.

1. Increases the size of the character set from which users choose passwords. 2. Increases the length of the password

Which of the following qualities of a good encryption algorithm apply to AES today? Select all that apply.

1. No practical weaknesses 2. Explicitly designed for encryption 3. Available for analysis 4. Security does not rely on its secrecy 5. Subjected to analysis

The steps below describe how to use an encryption program. Arrange the steps in their proper order.

1. Select file to encrypt 2. Provide the key to encrypt the file 3. The program encrypts the file and saves the encrypted copy 4. The program erases the plaintext version of the file and erases the key from RAM

Here is a list of features of various authentication tokens. Indicate all that are true for one-time password tokens.

1. Some tokens use a built-in counter to generate nonces. 2. Some tokens use a built-in clock to generate nonces. 3. The token contains a base secret.

Which of the following are true about a one-time pad? Select all that apply.

1. Theoretically impossible to crack 2. Uses a random stream of bits for its key stream

Bob and Kevin are both using crypto to communicate with other people. Bob doesn't want Kevin eavesdropping on his messages, and vice versa. They each need to choose algorithms and keys. Which of the following choices will protect one from eavesdropping by the other? Select all that apply.

1. Use different algorithms and different keys. 2. Use the same algorithm and different keys

Which of the following network protocols typically provide application transparency? Select all that apply.

1. Wi-Fi Protected Access 2. IPSec

Which of the following software can encrypt individual files? Select all that apply.

1. Windows built-in encryption 2. PKZIP 3. PGP

We need to create a three-factor authentication system. The system already uses a USB device that is unlocked with the user's fingerprint. Which of the following can we add to implement three separate factors?

A PIN entered via a built-in PIN pad

______ systematically stores data in a structured manner.

A database

We need to create a three-factor authentication system. The system already requires the user's fingerprint and memorized password. Which of the following can we add to implement three separate factors?

A procedure that requires the user's cell phone.

Bob needs to deploy an efficient block cipher. He has a choice between 128-bit AES and Triple DES using three different keys. Which of the following statements is most accurate about these choices?

AES is more efficient than triple DES and it provides better security

We have an operating system that includes built-in file encryption. When we consider the layers of system software, where does the file encryption reside?

Between the file system and the application layer

The effort required for a collision resistant attack is explained by a mathematical result referred to as the ___________ .

Birthday paradox

To provide both encryption and integrity protection, WPA2 uses AES encryption with:

CCM mode

__________ receives GET, POST, and other HTTP requests and returns a web page in response.

Content management system software

The principal purpose of a hash function is __________ .

Data integrity

An attack that blocks access to a system by other users is called:

Denial of service

Every valid public-key certificate contains a(n):

Digital Signature

Average attack space measures the time until success is certain.

False

Basic HTTP is a stateful protocol.

False

Biometrics are a favored form of authentication, as they are immune to sniffing attacks.

False

Biometrics have a fault tolerance of 0.

False

In HTTP tunneling, some protocols travel inside HTTP traffic.

False

In manual keying, two encryption keys are produced for each cryptonet or communicating pair and those keys are distributed to the appropriate endpoints.

False

Offline attacks are easily detected.

False

Passive tokens are favored, as they are immune to sniffing attacks.

False

Public-key certificates do not carry a range of effective dates, which means a certificate can be set to never expire.

False

Structured Query Language (SQL) is a front-end, object-oriented interface for databases.

False

Two factor authentication is using two passwords.

False

When you are biased in selecting a password, you choose your password from the entire search space.

False

Your fingerprint is a "something you have" factor.

False (something you are)

A protocol that establishes security associations (SAs) between a pair of hosts is:

Internet Key Exchange (IKE)

The __________ resistance guarantees that it is impossible to find an alternative message with the same hash value as a given message.

Second pre-image

In typical applications, does SSL provide application transparency?

No, because the SSL software is traditionally integrated into the application software package and is not supported unless the application specifically provides it.

An initialization vector is most similar to which of the following?

Nonce

There are three types of tokens; which of the following is not a correct type?

Offensive tokens

Requirements for a cryptographic hash function include ___________ which is the one-way property.

Pre-image resistance

__________ are measures of the number of potential collisions for a given hash value.

Preimages

We use cryptography to apply all of the following protections to network traffic, except:

Reliability

In a password system, the total number of possible passwords is called the:

Search space

Two users can construct a shared secret by sharing Diffie-Hellman private keys.

WPA2 with AES

__________ is when a search for malware in the HTML and other files returned to browsers by Web servers.

Web traffic scanning


Ensembles d'études connexes

Compensation and Benefits, Topics 1-3

View Set

Irene Gold part 2 everything but general dx

View Set

Project Management Final Ch. 1-12

View Set

70-483 Debug applications and implement security

View Set

Chapter 3 - Ebusiness: Electronic Business Value

View Set

YSaaaหลักพื้นฐานความมั่นคง

View Set

Med Surg. Gastrointestinal & Renal Care

View Set