CSS 1008 Chapter 10
Which of the following is one of the most popular symmetric algorithms of recent years? A: AES B: RSA C: DES D: IPsec
A: AES
Which of the following provides confidentiality? A: Encryption B: Decryption C: Hashing D: Key management
A: Encryption
Which of the following tasks is part of the disposal phase of the SDLC? A: Authorization B: Conducting risk assessment C: Archiving information and sanitization of media D: Adding hardware and software
C: Archiving information and sanitization of media
Which of the following is a component of PKI? A: Certification authority B: Registration authority C: Client nodes D: All of the above
D: All of the above
Which of the following statements about asymmetric key cryptography is true? A: Asymmetric key cryptography uses one shared key. B: Asymmetric key cryptography is also called private key cryptography. C: Asymmetric key cryptography uses two keys called public keys. D: Asymmetric key cryptography is also called public key cryptography.
D: Asymmetric key cryptography is also called public key cryptography.
Public key cryptography uses which of the following? A: A shared key B: A public key C: A private key D: Both a public and a private key
D: Both a public and a private key
Which of the following is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted? A: NIST B: GLBA C: MITRE D: OWASP
D: OWASP
Identification of compliance requirements is done during which of the following phases of the SDLC? A: Initiation B: Development/acquisition C: Implementation/assessment D: Operations/maintenance
A: Initiation
Which of the following is a hybrid of a beta and a final release version of a software product? A: Release candidate B: Alpha phase C: General availability D: Go live
A: Release candidate
Which of the following issues and maintains digital certificates? A: Registration authority B: Certification authority C: Public key infrastructure D: Client nodes
B: Certification authority
Which of the following is the most common web application security flaw? A: Failure to validate output B: Failure to validate input C: Dynamic data validation D: Static data validation
B: Failure to validate input
Symmetric key cryptography uses which of the following? A: One public key B: One shared key C: Two public keys D: One public and one private key
B: One shared key
Which of the following components of PKI performs the administrative functions, including verifying the identity of users and organizations requesting a digital certificate? A: Certification authority B: Registration authority C: Client nodes D: Digital certificate
B: Registration authority
Which of the following is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization? A: ISO B: SAMM C: OWASP D: SDLC
B: SAMM
Which of the following provides a standardized process for all phases of any system development or acquisition effort? A: COTS B: SDLC C: NIST D: CIA
B: SDLC
Which of the following is used to associate a public key with an identity? A: Encryption B: Digital hash C: Digital certificate D: Digital signature
C: Digital certificate
Which of the following is the process of creating a numeric value that represents the original text? A: Encryption B: Decryption C: Hashing D: Key management
C: Hashing
Which of the following is not a best practice for cryptographic key management? A: Keys should be transmitted and stored by secure means. B: Keys should be properly destroyed when their lifetime ends. C: Keys should be presented in clear text. D: Key values should be random, and the full spectrum of the keyspace should be used.
C: Keys should be presented in clear text.
In which phase of the SDLC are systems and products in place and operating, enhancements and/or modifications to the system are being developed and tested, and hardware and software components are added or replaced? A: Initiation B: Development/acquisition C: Operations/maintenance D: Implementation/assessment
C: Operations/maintenance
Which of the following statements about symmetric key cryptography is not true? A: Symmetric key cryptography uses one shared key. B: Symmetric algorithms can provide confidentiality. C: Symmetric algorithms can provide nonrepudiation and authenticity. D: Symmetric key cryptography uses a single secret key.
C: Symmetric algorithms can provide nonrepudiation and authenticity.
