CIS4360 Intro to Computer Security: Midterm 1

Ace your homework & exams now with Quizwiz!

Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity.

Integrity

Combined one byte at a time with the plaintext stream using the XOR operation, a __________ is the output of the pseudorandom bit generator.

Keystream

An example of __________is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.

Masquerade

An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized user

Masquerade

__________is a procedure that allows communicating parties to verify that received or stored messages are authentic.

Message Authentication

_________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

Privacy

Digital signatures and key management are the two most important applications of ________ encryption.

Public-Key

A _____assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information.

Risk

A _______is any action that compromises the security of information owned by an organization.

Security Attack

A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources

Security Policy

A _____________ processes the input elements continuously, producing output one element at a time.

Stream cipher

Also referred to as single-key encryption, the universal technique for providing confidentiality for transmitted or stored data is _______

Symmetric Encryption

Data contained in an information system; or a service provided by a system; or a system capability; a facility tat houses system operations and equipment

System Resource (Asset)

_____________is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

Traffic Padding

A message authentication code is a small block of data generated by a secret key and appended to a message.

True

Attacks are threats carried out

True

Brute-force attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

True

Computer Security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them.

True

Computer security is a protection of the integrity, availability and confidentiality of information system resources

True

In the context of security our concern is with the vulnerabilities of system resources.

True

Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system.

True

Symmetric encryption is used primarily to provide confidentiality

True

System Availability assures that systems work promptly and service is not denied to authorized users

True

The advantage of a stream cipher is that it is faster than block ciphers.

True

The first step in devising security services and mechanisms is to develop a security policy.

True

The secret key is input to the encryption algorithm.

True

X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications.

True

IF the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to

Use Longer Keys

A circumstance that results in control of system services or functions by an unauthorized entity.

Usurpation

Replay, masquerade, modification of messages, and denial of service are example of

active attacks

A _______is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence.

attack

An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a

attack

A loss of _____ is the unauthorized disclosure of information

confidentiality

A ____________is any means taken to deal with a security attack

countermeasure

A _________ attack attempts to disable a user authentication service by flooding the service with numerous authentication attempts.

denial-of-service

The assets of a computer system can be categorized as (4 things)

hardware, software, communication lines and networks, and data.

A ______ is an attempt to learn or make use of information from the system that does not affect system resources.

passive attack

Release of message contents and traffic analysis are two types of

passive attacks

Security implementation involves four complementary courses of action:

prevention, detection, response, and recovery

A _________ stream is one that is unpredictable without knowledge of the input key and which has an apparently random character.

pseudorandom

In public key encryption, the __________ is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption.

public and private key

The OSI security architecture focuses on (3 things)

security attacks, mechanisms, and services

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is

vulnerability

DES takes a plaintext block of 64 bits and a key of ______ bits to produce a ciphertext block of 64 bits.

56

-The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity - Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes

Accountability

verifying that users are who they say they are each input arriving at the system came from a trusted source

Authenticity (under Integrity)

A loss of __________ is the disruption of access to or use of information or an information system.

Availability

ensuring timely and reliable access to and use of information

Availability

A _________ is to try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

Brute-Force Attack

______ is the scrambled message produced as output

Ciphertext

Messages are destroyed/deleted/read/ modified/delayed/recorded/duplicated fabricated

Communication Lines Threat

__________is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.

Computer security

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information

Confidentiality

Vulnerabilities (3 types)

Corrupted (loss of Integrity) Leaky (loss of confidentiality) Unavailable or slow (loss of availability)

A __________ attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

Cryptanalytic

The most important symmetric algorithms, all of which are block ciphers, are (3 of them)

DES (Data encryption standard), Triple DES, and AES (Advancted encryption standard)

The assurance that data received are exactly as sent by an authorized entity is

Data Integrity

Files are deleted, unauthorized analysis or reading is performed.

Data threat

The _______ algorithm takes the ciphertext and the secret key and produces the original plaintext.

Decryption

The __________prevents or inhibits the normal use or management of communications facilities.

Denial Of Service

attempts to disable a user authentication service by flooding the service with numerous authentication attempts

Denial-of-Service

(Contingency planning) is a functional area that primarily requires computer security technical measures.

FALSE access control; identification & authentication; system & communication protection; and system & information integrity functional areas that primarily require management controls and procedures include: awareness & training; audit & accountability; certification, accreditation, & security assessments; CONTINGENCY PLANNING; maintenance; physical & environmental protection; planning; personnel security; risk assessment; and systems & services acquisition

Privacy ensures that information and programs are changed only in a specified and authorized manner.

False (Confidentiality)

On average, _____ of all possible keys must be tried in order to achieve success with a brute-force attack.

Half


Related study sets

SST: Europeans Reach the Americas

View Set

WGU D053-Contemporary Topics and the Influence on Healthcare Today

View Set

8.3.10 Wireless Defenses Section Quiz

View Set

Chapter 19: Nursing Management of Pregnancy at Risk: Pregnancy-Related Complications

View Set

InterComm Ch. 9-12 - Quiz Questions & Material

View Set

PSYCH- issues and debates, free will vs determinism & nature vs nurture

View Set