Chapter 7: Cybersecurity & Encryption

Which of the following are true statements about digital certificates in Web browsers? |. Digital certificates are used to verify the ownership of encrypted keys used in secured communication. ||. Digital certificates are used to verify that the connection to a Web site is fault tolerant. A I only B II only C I and II D Neither I nor II

A I only

Which of the following is a true statement about the use of public key encryption in transmitting messages? A Public key encryption enables parties to initiate secure communications through an open medium, such as the Internet, in which there might be eavesdroppers. B Public key encryption is not considered a secure method of communication because a public key can be intercepted. C Public key encryption only allows the encryption of documents containing text; documents containing audio and video must use a different encryption method. D Public key encryption uses a single key that should be kept secure because it is used for both encryption and decryption.

A Public key encryption enables parties to initiate secure communications through an open medium, such as the Internet, in which there might be eavesdroppers.

Which of the following best explains how symmetric encryption algorithms are typically used? A Symmetric encryption uses a single key that should be kept secret. The same key is used for both encryption and decryption of data. B Symmetric encryption uses a single key that should be made public. The same key is used for both encryption and decryption of data. C Symmetric encryption uses two keys that should both be kept secret. One key is used for encryption, and the other is used for decryption. D Symmetric encryption uses two keys. The key used for encryption should be made public, but the key used for decryption should be kept secret.

A Symmetric encryption uses a single key that should be kept secret. The same key is used for both encryption and decryption of data.

Which of the following is an example of symmetric encryption? A Evy buys a locked box that operates using two different codes. When the first code is entered, a slot opens that allows a message to be put in the box. When the second code is entered, the door to the box opens. Evy gives the first code to her friends so they can leave messages for her and keeps the second code to herself so that she is the only one who can retrieve the messages. B Finn and Gwen develop a system that maps each letter of the alphabet to a unique symbol using a secret key. Finn uses the key to write a message to Gwen where each letter is replaced with the corresponding symbol. Gwen uses the key to map each symbol back to the original letter. C Hannah writes a message to send to Isabel and hides the message under a rock behind the soccer field. Hannah gives Isabel the exact location of the rock so that only Isabel can find the message. D Juan writes a message to send to Kelly and slides the message through a slot in the front of Kelly's locker. Juan knows that Kelly has not shared her locker combination with anyone, so no one other than Kelly will be able to read the message.

B Finn and Gwen develop a system that maps each letter of the alphabet to a unique symbol using a secret key. Finn uses the key to write a message to Gwen where each letter is replaced with the corresponding symbol. Gwen uses the key to map each symbol back to the original letter.

An Internet user has a need to send private data to another user. Which of the following provides the most security when transmitting private data? A Certifying the data with a Creative Commons license before sending it B Sending the data using a high-bandwidth connection C Sending the data using public-key encryption D Sending the data using redundant routing

C Sending the data using public-key encryption

A user unintentionally installs keylogging software on a computer. Which of the following is an example of how the keylogging software can be used by an unauthorized individual to gain access to computing resources? A The software gives an unauthorized individual remote access to the computer, allowing the individual to search the computer for personal information. B The software installs a virus on the computer and prompts the user to make a payment to the unauthorized individual to remove the virus. C The software prompts the user to enter personal information to verify the user's identity. This personal information is recorded and transmitted to an unauthorized individual. D The software records all user input on the computer. The recorded information is transmitted to an unauthorized individual, who analyzes it to determine the user's login passwords.

D The software records all user input on the computer. The recorded information is transmitted to an unauthorized individual, who analyzes it to determine the user's login passwords.

A city's police department has installed cameras throughout city streets. The cameras capture and store license plate data from cars driven and parked throughout the city. The authorities use recorded license plate data to identify stolen cars and to enforce parking regulations. Which of the following best describes a privacy risk that could occur if this method of data collection is misused? A The cameras may not be able to read license plates in poor weather conditions. B Local business owners could lose customers who are unwilling to park in the city. C Traffic personnel who work for the city could lose their jobs if their services are no longer needed. D The vehicle location data could be used to monitor the movements of city residents.

D The vehicle location data could be used to monitor the movements of city residents.

Which of the following best explains how devices and information can be susceptible to unauthorized access if weak passwords are used? A Unauthorized individuals can deny service to a computing system by overwhelming the system with login attempts. B Unauthorized individuals can exploit vulnerabilities in compression algorithms to determine a user's password from their decompressed data. C Unauthorized individuals can exploit vulnerabilities in encryption algorithms to determine a user's password from their encryption key. D Unauthorized individuals can use data mining and other techniques to guess a user's password.

D Unauthorized individuals can use data mining and other techniques to guess a user's password.

A Web site uses several strategies to prevent unauthorized individuals from accessing user accounts. Which of the following is NOT an example of multifactor authentication? A Each employee for a company is issued a USB device that contains a unique token code. To log into a company computer, an employee must insert the USB device into the computer and provide a correct password. B After logging into an account from a new device, a user must enter a code that is sent via e-mail to the e-mail address on file with the account. C In order to log into an account, a user must provide both a password and a fingerprint that is captured using the user's device. D When a user enters an incorrect password more than two times in a row, the user is locked out of the account for 24 hours.

D When a user enters an incorrect password more than two times in a row, the user is locked out of the account for 24 hours.

In public key cryptography, the sender uses the recipient's public key to encrypt a message. Which of the following is needed to decrypt the message? A The sender's public key B The sender's private key C The recipient's public key D The recipient's private key

D The recipient's private key

Many cryptographic protocols are susceptible to "man-in-the-middle attacks." One version of this attack starts as follows: First, suppose that Bob tries to send Alice his public key. During transmission, this message is instead intercepted by Mallory. Then, Mallory sends her own public key to Alice, but pretends it is from Bob. What is the most likely outcome from this type of attack? a. Alice encrypts her secret message using Mallory's public key (which she believes is Bob's). Mallory can then intercept and decrypt this secret message using her private key, even though the message was intended for Bob. b. Alice uses Mallory's public key (which she believes is Bob's) as a shared secret for symmetric key cryptography. Mallory can use this symmetric key to decrypt Alice's secret message, even though this message was intended for Bob. c. Alice sends her secret message to Bob in plaintext, which Mallory then intercepts and reads. Mallory now knows Alice's secret message that was intended for Bob. d. Alice encrypts her own private key using Mallory's public key (which she believes is Bob's). Next, Alice sends her encrypted private key to Bob, but Mallory intercepts it. Now Mallory can now decrypt all messages encrypted with Alice's public key.

a. Alice encrypts her secret message using Mallory's public key (which she believes is Bob's). Mallory can then intercept and decrypt this secret message using her private key, even though the message was intended for Bob.

Which of the following has contributed to the rise of "Big Data"? I. The increasing ability for companies, governments, and individuals to collect, store, share, and process large data sets. II. The development of machine learning algorithms that can analyze and identify patterns in large data sets. III. The increasing availability of large data sets available to data scientists for study, whether they are proprietary corporate property or available through open data initiatives. a. I, II, and III b. I and III c. I and II d. I only

a. I, II, and III

Which of the following is a drawback of symmetric key encryption? a. Symmetric key encryption requires a shared key between the two parties that want to communicate. b. Symmetric key encryption is slower than asymmetric key encryption. c. Symmetric key encryption only works if both parties generate a public and private key. d. Symmetric key encryption is vulnerable to brute force attacks even with very large key sizes.

a. Symmetric key encryption requires a shared key between the two parties that want to communicate.

An Internet user wants to transfer funds between two accounts at a banking website such as www.chase.com. Which of the following cybersecurity measures best ensures that the Internet user has successfully connected to www.chase.com rather than a malicious imposter? a. The banking website should employ a trusted certificate authority to issue a digital certificate that validates the bank's ownership of the domain name and encryption keys. In the Internet user's web browser, there is green text that says "JP Morgan Chase" which displays a digital certificate when it is clicked on. b. The banking website should use the TLS protocol to allow the Internet user to send encrypted traffic back and forth between the client and server. In the Internet user's web browser, the website shows https://www.chase.com in green. c. The Internet user selects a unique password for logging into the banking website that is over 13 characters long, consists of a random sequence of letters and numbers, and does not contain any dictionary words. This way, the password is not vulnerable to a brute force attack. d. The Internet user sets up a local firewall on his/her home network, sets up a secure password on his/her home router, and makes sure to regularly run security and firmware updates on all computers and networking devices in his/her local area network.

a. The banking website should employ a trusted certificate authority to issue a digital certificate that validates the bank's ownership of the domain name and encryption keys. In the Internet user's web browser, there is green text that says "JP Morgan Chase" which displays a digital certificate when it is clicked on.

When an Internet user sees a green lock and the letters "https" in the URL bar of his or her web browser, this means that the web browser and server are communicating securely using TLS (Transport Layer Security). When the connection is first established, the client and server first use a "TLS handshake" to establish a shared secret (key exchange) for use with a block cipher. What type of cryptographic protocol is most likely to be used during a "TLS handshake"? a. asymmetric key cryptography b. Caesar cipher c. symmetric key cryptography d. substitution cipher

a. asymmetric key cryptography

A programmer is writing a program that is meant to process data sets. Which of the following is most likely to negatively affect the ability of the program to process an extremely large data set? a. Writing an algorithm with fixed memory requirements that do not vary with the size of the data set. b. How much additional processing power is needed for each additional entry in the data set. c. The source of the data in the data set (such as a proprietary corporate data set or a publicly-available open data set). d. The number of lines of code in the program that processes the data set.

b. How much additional processing power is needed for each additional entry in the data set.

Which of the following is false regarding key size in modern, strong encryption algorithms? a. Using a purely brute force attack on a 257-bit encryption key takes, on average, about twice as many steps as it would for a 256-bit encryption key. b. Asymmetric key encryption algorithms depend on math problems that are easy in one direction, but are hard to reverse for a large enough key size. c. Increasing the length of an encryption key is impractical because it takes exponentially longer to encrypt/decrypt messages with a negligible increase in security. d. Since computers have historically doubled in computational power every 18 months, encryption keys have had to get longer to remain resistant to brute force attacks.

c. Increasing the length of an encryption key is impractical because it takes exponentially longer to encrypt/decrypt messages with a negligible increase in security.

Which of the following has the least potential for compromising a computer user's personal privacy? a. Setting up a home WiFi network without changing the default administrator account password on your router. b. Communicating in plaintext over an unsecured, public WiFi connection at a local coffee shop. c. Posting your public key from an asymmetric key encryption algorithm on a public website. d. Using the same username and password for multiple websites.

c. Posting your public key from an asymmetric key encryption algorithm on a public website.

A computer scientist is creating an ecommerce website where customers can purchase antique holiday sweaters and Santa hats. Select the precaution that is most likely to protect the sensitive data of customers. a. Create an online form for users to complete their purchases. Allow customers to choose whether to complete their purchase over http or https. b. Store the usernames and passwords of customers in plaintext in an online database. c. Require users to make purchases over https, and encrypt all customer payment information that gets stored in the company's database. d. Require customers to make purchases by sending an email with their order, shipping address, billing address, and credit card information.

c. Require users to make purchases over https, and encrypt all customer payment information that gets stored in the company's database.

Which of the following protocols is used to establish secure communications between a client and web server? a. IP b. TCP c. TLS d. HTTP

c. TLS

Which of the following two options are mostly likely to be an attempt at a phishing attack? Select two answers. a. Your bank sends you an email alerting you about suspicious activity on your account. The bank asks you to stop into a local branch to verify your identity and fill out an affidavit confirming that the suspicious purchases were not made by you. b. Your credit card company calls you on your cell phone and asks you to verify a gasoline purchase you made earlier in the day. The customer service agent asks you to verify your identity by providing your name and the last four digits of your credit card number. c. While browsing a social media website, you see a post that appears to be created by a friend. The post says that the first fifty people to click on the link will win a $500 prize. You must enter your bank account information to claim the prize. d. An email that says it is from PayPal asks you to verify your payment information by clicking on a link. The website you are directed to looks almost identical to PayPal's website, but there is not a green lock or "https" in the URL bar.

c. While browsing a social media website, you see a post that appears to be created by a friend. The post says that the first fifty people to click on the link will win a $500 prize. You must enter your bank account information to claim the prize. d. An email that says it is from PayPal asks you to verify your payment information by clicking on a link. The website you are directed to looks almost identical to PayPal's website, but there is not a green lock or "https" in the URL bar.

What precaution is most likely to protect an individual's privacy in a large data set collected by a social media website? a. Aggregating and storing a large data set that consists of identifiable information about individuals on a local webserver that is password protected. b. Asking users to agree to a Privacy Policy and Terms of Service that explains how their data will be used and distributed to third-party data brokers. c. Exporting the data set from the web server and storing it as a .csv file on a local hard drive. d. Anonymizing the data set by removing personally identifiable information and associations from it.

d. Anonymizing the data set by removing personally identifiable information and associations from it.

Suppose that Alice wants to send a secure message to Bob. In what order should she complete the following steps if she wants to use asymmetric and symmetric key cryptography together in order to send a secure message? I. Alice uses a symmetric key (shared secret) to encrypt her secret message, which she then sends to Bob. Bob uses the symmetric key (shared secret) to decrypt the secret message. II. Alice uses her private key to decrypt Bob's encrypted message, the plaintext of which contains a symmetric key (shared secret). III. Alice generates a public and a private key, and then she shares her public key with Bob. IV. Bob uses Alice's public key to encrypt a symmetric key (shared secret), and then sends this encrypted message to Alice. a. I, II, III, IV b. III, I, II, IV c. III, IV, I, II d. III, IV, II, I

d. III, IV, II, I

A computer scientist in Boston receives a draft of a research paper from a colleague who lives in Shanghai, but the paper is password protected because it contains sensitive information. What type of cryptographic protocol is best suited for sharing this password? a. Caesar cipher b. transposition cipher c. symmetric key cryptography d. asymmetric key cryptography

d. asymmetric key cryptography