CSE 467 Exam 1 Multi Choice P2
Issued as RFC 2104, __________ has been chosen as the mandatory-to-implement MAC for IP Security. A.HMAC B.DSS C.RSA D.SHA-3
A. HMAC
__________ allows an issuer to access regional and national networks that connect point of sale devices and bank teller machines worldwide. A.EFT B.ATF C.BTM D.POS
A.EFT
The _________ scheme has reigned supreme as the most widely accepted and implemented approach to public-key encryption. A.RSA B.HMAC C.SHA-1 D.MD5
A.RSA
The DSS makes use of the _________ and presents a new digital signature technique, the Digital Signature Algorithm (DSA). A.SHA-1 B.HMAC C.RSA D.XOR
A.SHA-1
_________ are analogous to a burglar guessing a safe combination by observing how long it takes to turn the dial from number to number. A.Timing attacks B.Digital standards C.Ciphers D.Mathematical attacks
A.Timing attacks
A __________ type of attack exploits properties of the RSA algorithm. A.chosen ciphertext B.mathematical C.timing D.brute-force
A.chosen ciphertext
A __________ is when an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path. A.client attack B.Trojan horse attack C.host attack D.eavesdropping attack
A.client attack
Although the _________ attack is a serious threat, there are simple countermeasures that can be used such as constant time calcs, random delays or blinding computations. A.timing B.mathematical C.none of the above D.chosen ciphertext
A.timing
SHA-1 produces a hash value of _______ bits. A. 256 B. 160 C. 384 D. 180
B. 160
The National Institute of Standards and Technology has published Federal Information Processing Standard FIPS PUB 186, known as the __________. A.MAC B.DSS C.MD5 D.XOR
B.DSS
__________ systems identify features of the hand, including shape, and lengths and widths of fingers. A.Palm print B.Hand geometry C.Fingerprint D.Signature
B.Hand geometry
_________ attacks have several approaches, all equivalent in effort to factoring the product of two primes. A.Timing B.Mathematical C.Brute-force D.Chosen ciphertext
B.Mathematical
__________ defines user authentication as "the process of verifying an identity claimed by or for a system entity". A.RFC 2493 B.RFC 4949 C.RFC 2328 D.RFC 2298
B.RFC 4949
A ________ attack involves trying all possible private keys. A.chosen ciphertext B.brute-force C.timing D.mathematical
B.brute-force
Each individual who is to be included in the database of authorized users must first be __________ in the system. A.identified B.enrolled C.verified D.authenticated
B.enrolled
A __________ attack involves an adversary repeating a previously captured user response. A.Trojan horse B.replay C.client D.eavesdropping
B.replay
Recognition by fingerprint, retina, and face are examples of __________. A.token authentication B.static biometrics C.face recognition D.dynamic biometrics
B.static biometrics
The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords. A.proactive password checking B.user education C.reactive password checking D.computer-generated password
B.user education
The principal attraction of __________ compared to RSA is that it appears to offer equal security for a far smaller bit size, thereby reducing processing overhead. A.MD5 B.Diffie-Hellman C.ECC D.none of the above
C.ECC
The most common means of human-to-human identification are __________. A.signatures B.retinal patterns C.facial characteristics D.fingerprints
C.facial characteristics
A __________ is a password guessing program. A.password salt B.password biometric C.password cracker D.password hash
C.password cracker
A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords. A.user education B.proactive password checking C.reactive password checking D.computer-generated password
C.reactive password checking
Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the ___________. A.authentication step B.identification step C.verification step D.corroboration step
C.verification step
In 2005, NIST announced the intention to phase out approval of _______ and move to a reliance on the other SHA versions by 2010. A.SHA-256 B. SHA-512 C. SHA-2 D. SHA-1
D. SHA-1
The __________ uses an algorithm that is designed to provide only the digital signature function and cannot be used for encryption or key exchange. A.ECC B.XOR C.RSA D.DSS
D.DSS
___________ was the first published public-key algorithm. A.RSA B.NIST C.RC4 D.Diffie-Hellman
D.Diffie-Hellman
To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol. A.eavesdropping B.denial-of-service C.Trojan horse D.challenge-response
D.challenge-response
A __________ is directed at the user file at the host where passwords, token passcodes, or biometric templates are stored. A.eavesdropping attack B.denial-of-service attack C.client attack D.host attack
D.host attack
An institution that issues debit cards to cardholders and is responsible for the cardholder's account and authorizing transactions is the _________. A.processor B.cardholder C.auditor D.issuer
D.issuer
The _________ attack exploits the common use of a modular exponentiation algorithm in RSA encryption and decryption, but can be adapted to work with any implementation that does not run in fixed time. A.mathematical B.brute-force C.chosen ciphertext D.timing
D.timing
