CSS 1008 Chapter 10

Which of the following is one of the most popular symmetric algorithms of recent years? A: AES B: RSA C: DES D: IPsec

A: AES

Which of the following provides confidentiality? A: Encryption B: Decryption C: Hashing D: Key management

A: Encryption

Which of the following tasks is part of the disposal phase of the SDLC? A: Authorization B: Conducting risk assessment C: Archiving information and sanitization of media D: Adding hardware and software

C: Archiving information and sanitization of media

Which of the following is a component of PKI? A: Certification authority B: Registration authority C: Client nodes D: All of the above

D: All of the above

Which of the following statements about asymmetric key cryptography is true? A: Asymmetric key cryptography uses one shared key. B: Asymmetric key cryptography is also called private key cryptography. C: Asymmetric key cryptography uses two keys called public keys. D: Asymmetric key cryptography is also called public key cryptography.

D: Asymmetric key cryptography is also called public key cryptography.

Public key cryptography uses which of the following? A: A shared key B: A public key C: A private key D: Both a public and a private key

D: Both a public and a private key

Which of the following is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted? A: NIST B: GLBA C: MITRE D: OWASP

D: OWASP

Identification of compliance requirements is done during which of the following phases of the SDLC? A: Initiation B: Development/acquisition C: Implementation/assessment D: Operations/maintenance

A: Initiation

Which of the following is a hybrid of a beta and a final release version of a software product? A: Release candidate B: Alpha phase C: General availability D: Go live

A: Release candidate

Which of the following issues and maintains digital certificates? A: Registration authority B: Certification authority C: Public key infrastructure D: Client nodes

B: Certification authority

Which of the following is the most common web application security flaw? A: Failure to validate output B: Failure to validate input C: Dynamic data validation D: Static data validation

B: Failure to validate input

Symmetric key cryptography uses which of the following? A: One public key B: One shared key C: Two public keys D: One public and one private key

B: One shared key

Which of the following components of PKI performs the administrative functions, including verifying the identity of users and organizations requesting a digital certificate? A: Certification authority B: Registration authority C: Client nodes D: Digital certificate

B: Registration authority

Which of the following is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization? A: ISO B: SAMM C: OWASP D: SDLC

B: SAMM

Which of the following provides a standardized process for all phases of any system development or acquisition effort? A: COTS B: SDLC C: NIST D: CIA

B: SDLC

Which of the following is used to associate a public key with an identity? A: Encryption B: Digital hash C: Digital certificate D: Digital signature

C: Digital certificate

Which of the following is the process of creating a numeric value that represents the original text? A: Encryption B: Decryption C: Hashing D: Key management

C: Hashing

Which of the following is not a best practice for cryptographic key management? A: Keys should be transmitted and stored by secure means. B: Keys should be properly destroyed when their lifetime ends. C: Keys should be presented in clear text. D: Key values should be random, and the full spectrum of the keyspace should be used.

C: Keys should be presented in clear text.

In which phase of the SDLC are systems and products in place and operating, enhancements and/or modifications to the system are being developed and tested, and hardware and software components are added or replaced? A: Initiation B: Development/acquisition C: Operations/maintenance D: Implementation/assessment

C: Operations/maintenance

Which of the following statements about symmetric key cryptography is not true? A: Symmetric key cryptography uses one shared key. B: Symmetric algorithms can provide confidentiality. C: Symmetric algorithms can provide nonrepudiation and authenticity. D: Symmetric key cryptography uses a single secret key.

C: Symmetric algorithms can provide nonrepudiation and authenticity.