Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CS 336 MidTerm
2018 Midterm Review, built from previous quizzes.
| Question | Answer |
|---|---|
| The assurance that data received are exactly as sent by an authorized entity is called __________. | data integrity |
| A(n) __________ is an action, device, procedure, or technique that reduces or eliminates a risk, a vulnerability, or an attack by eliminating it, preventing it, or minimizing the harm it can cause. | countermeasure |
| Question: In the referred context, CIA stands for [C], [I], and [A]. Notes: Please answer using title-caps (first letter of each word in uppercase and the rest in lowercase). Please answer using the correct spelling. | Confidentiality Integrity Availability |
| As categorized in the textbook, a successful corruption attack would directly result in a threat consequence of ___________. | disruption |
| A(n) _________ is an unauthorized attempt to learn information from a system such that system resources are not affected. | passive attack |
| _____________ is defined as a practice in which multiple privilege attributes are required to achieve access to a restricted or controlled resource. Under this principle, access privileges must be well classified and separated. | Dual Factor Authorization |
| assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. | Privacy |
| The __________________ principle states that access privileges should be distributed across a system, in such a way as to minimize the likeliness that all privileges would be compromised or misused at once. | Separation of privilege |
| A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy is a(n) __________. | vulnerability |
| _____________ implies that security mechanisms should not unduly interfere with the work of users | Psychological acceptability |
| In addition to the CIA basic concepts, we have the AAA concepts. Please give the answers to three of the three AAA concepts as described by the textbookauthor: | Accountability Authentication Authorization |
| The _____________ principle states that access decisions should be made based on positively verifying permission to access rather than verifying the lack of prohibition to access (exclusion). | Fail-safe default |
| The __________________ principle states that the design and implementation of a secure system must minimize the amount of shared functions and interactions between system actors (such as users or processes) needed in order to implement security. | Least common mechanism |
| The __________________ principle, states that multiple, and ideally independent, security mechanisms shall be stacked or overlapped in order to protect resources. Doing this would help prevent the unauthorized use of a resource. | Layering |
| As categorized in the textbook, a successful masquerade attack would directly result in a threat consequence of ___________. | deception |
| The __________________ principle states that actors (such as users or processes) must operate at all times with the level of privilege needed (to carry on their tasks) but no more (or higher). As an | Least privilege |
| The __________________ principle states that each and all attempts to access a resource must be checked by the access control mechanism before that access is granted | Complete mediation |
| A _________ attack would directly hamper the normal use or management of communication or data assets. | denial of service |
| The _____________ principle states that the design of security measures for a system should be as simple as possible, of course, while still implementing the necessary security requirements. | Economy of Mechanism |
| As categorized in the textbook, a successful exposure attack would directly result in a threat consequence of ___________. | Unauthorized disclosure |
| A loss of _________ is the unauthorized disclosure of information. | confidentiality |
| The __________________ principle states that the design of security mechanisms, and the implementation whenever possible, should be open to scrutiny and verification by as many expert parties as possible | Open design |
| An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is called a(n) __________. | attack |
| The __________________ principle states that the design and implementation of a secure system must not excessively interfere with the work of users and rules and procedures must be acceptable by end-users in order to maximize compliance. | Psychological acceptability |
| As categorized in the textbook, a successful misappropriation attack would directly result in a threat consequence of ___________. | usurpation |
| Please write the complete and expanded name of the act passed by congress in 1974 that established fair practices to regulate the information that the federal government collects and maintains about individuals | Privacy Act |
| DMCA stands for: | Digital Millennium Copyright Act |
| In the United States, and other countries that subscribe to the Berne convention, authored works must necessarily be registered with the respective Copyright Office in order to be afforded the protections given by Copyright laws. | False |
| Please write the abbreviated name of the act passed by congress and signed by Bill Clinton in 1996 which established special protections to ensure the privacy of individually identifiable health information. | HIPAA |
| Please write the complete and expanded title or the abbreviation name of the act passed by congress in 2001 in reaction to terrorist attacks in the United States (especially the 9-11 attacks). Notes: | USA Patriot Act |
| Which are the legal options, in the U.S., that may be used to protect applications and data? | Trade Secrets Copyrights Trademarks Patents |
| Please write the abbreviated name of the act passed by congress and signed by President Gerald Ford in 1974 which established special protections to ensure adequate privacy of educational records. | FERPA |
| Trade secret protection would a valid protection mechanism that organizations and individuals may use to protect software and data assets. | True |
| Assume the following scenario: a university research physicist discovers a new law of thermodynamics that applies to certain gases under certain special conditions. In this case, the researcher's discovery is likley patentable | False |
| United States: Federal Law: Business confidentiality protection. Please write the complete name of the act passed by congress in 1996 which outlawed: | Economic Espionage Act |
| Which was the first state in the U.S. that passed state laws mandating the notification of computer security breaches affecting or compromising personal data? | California |
| The three types of patents that can be obtained are [U] patents, [D] patents, and [P] patents. | Utility Design Plant |
| The USA PATRIOT Act was voted by congress soon after the attacks of September 11 of 2011. | False |
| Act passed by congress and signed by President Lyndon B. Johnson in 1966 that established the 'right to know' for individuals with respect to the information collected and kept by the federal government about them. | Freedom of Information Act |
| A software company would adequately protect its business if it filed for copyright protection for a small piece of source code that is considered essential to its business and that it is also extremely interested in ensuring trade secret protection for. | False |
| Under the DMCA, it is not a crime to disable or bypass technological measures built into a digital object because it is considered FAIR USE. | False |
| Act passed by congress in 1999 which removed barriers in financial markets with respect to mergers of insurance and banking companies and also added mandatory implementation of policies. | Gramm-Leach-Bliley Act |
| Act passed by congress in 1966 that allows and regulates the partial or full disclosure of documents controlled by the U.S. government. Under this law any citizen may request a government office to release, after sanitizing, documents. | U.S. Freedom of Information |
| The DMCA of 1998 states that digital objects cannot be protected by copyright and must be protected by other legal means | False |
| Patents rights are granted until the inventor deceases. | False |
| _____________ attacks are one of the two categories of attacks or techniques used to break encryption. | Brute Force |
| One of the main differences between symmetric and asymmetric encryption is that most asymmetric cryptosystems use 3 different keys: a public shared key, and encryption key, and a decryption key. | False |
| _____________ is the act of searching for flaws in an encryption algorithm or its implementation in order to break the encryption. | Cryptanalysis |
| The scrambled message resulting from applying encryption to an original message is called the __________ | ciphertext |
| Assume that Bob has a valid message m and sends this message to Alice after encrypting it using RSA with Alice's public key. Then Alice can be sure of the ____________ of the message. | confidentiality |
| Symmetric encryption may be used to ensure Confidentiality only (from CIA-AAA). | False |
| We say that a hash function is strong collision resitant, or sometimes simply collision resitant, if and only if for any given message x it is computationally infeasable to find a message y, with y different than x, and such that H(x) = H(y). | False |
| We say that a hash function is one-way or pre-image resistant if and only if for any given message x it is computationally infeasable to find a message y, with y different than x, and such that H(x) = H(y). | False |
| The effective key size for the DES symmetric encryption algorithm is _____ bits. | 56 |
| Symmetric encryption does not necessarily require the use of a shared secret key in order to ensure Confidentiality. | False |
| Assume that Bob has a valid message m and sends this message to Alice after encrypting it using RSA with Bob's private key. Then Alice can be sure that the message is ____________ and _____________ . | integral (only Bob could have created the message) authentic |
| The key sizes (in bits) that may be used used for encryption and decryption in the AES symmetric encryption algorithm are [a], [b], and [c] bits, respectively. Notes | 128 192 256 |
| The final received message after being decrypted on the receiver side called the __________. | plaintext |
| The size of the block used for encryption and decryption for the AES symmetric encryption algorithm is _____ bits | 128 |
| Question: When using a transposition or permutation operation we move one symbol, byte, word, or unit into a different place within the new message or state being created with respect to it's original position in the source message or the input state. | True |
| In AES the input key is expanded into an array of 64 32-bit words | False |
| How long, in bits, is the key length used by the simple DES cipher? | 56 |
| Encryption can be classified into the following two categories: symmetric and parasymmetric. | False |
| The art and science of uncovering patterns in encrypted text and/or flaws in algorithms in order to break the encryption or improve the encryption algorithms is called cryptography. | False |
| Please select the options below that correspond to stages within one standard round (not the first or final round) of encryption in AES. | Mix Columns Add Round Key Substitute Bytes Shift Rows |
| During the AES encryption stage of Shift Rows: the first row of the state block is shifted | 0 1 2 3 |
| Two different basic building blocks of cryptosystems are substitution and transposition (also called permutation). | True |
| In cryptography, we call ciphertext the encrypted version of a message. | True |
| Question: How long, in bits, is the effective key length when using the Triple-DES cipher with K1=K3? | 112 |
| The number of columns shifted, for each row, in the corresponding AES encryption stage is indicated by the S-Box encryption table | False |
| In cryptography, we call plaintext the decrypted version of a message. | True |
| Cryptanalytic attacks on modern ciphers can be classified into categories depending upon the availability of encrypted and decrypted information available to the attacker. | Ciphertext only Known Plaintext Chosen Plaintext Chosen Ciphertext Chosen Text |
| Cryptography and cryptanalysis are branches cryptology. | True |
| we call cipher an encryption algorithm | True |
| : When using substitution we move one symbol, byte, word or unit of the input into a different place within the output. | False |
| Encryption can be classified into the following two categories: symmetric and asymmetric | True |
| In symmetric encryption two symmetrically diffrerent keys are used: one for encryption and one for decryption. | False |
| In cryptography, we call plaintext the encrypted version of a message. | False |
| Is it mathematically possible for Alice and Bob to agree on a secret number without ever speaking the number? | True |
| Two numbers are relatively prime if and only if they have no common factors (except 1 of course). | True |
| What are the techniques that may be used to adequately implement Message Authentication. | Hash function and then asymmetric encryption with the private key of the sender to encrypt the resulting hash only. MAC with a shared secret key. Hash function and symmetric encryption with a shared secret key to encrypt the resulting hash only. |
| What is the underlying "difficult" problem in which the RSA cryptosystem relies on, in order to avoid eavesdroppers from breaking the system? | Number Factorization in Modular Fields |
| In the RSA cryptosystem if user A encrypts a message with the public key of user B then only user B can decrypt the message by using its own public key. | False |
| What is the underlying "difficult" problem in which the Diffie-Hellman Key Exchange protocol relies on, in order to avoid eavesdroppers from discovering the secret key? | Calculation of Discrete Logarithms in Modular Fields |
| In the RSA cryptosystem both of the following equations are true: P = D ( k_priv , E ( k_pub , P ) ) P = D ( k_pub , E ( k_pub , P ) ) | False |
| In the RSA cryptosystem, as described by the textbook, the pair (e,n) is the public key, and the number e is chosen to be relatively prime to (p * q). | False |
| The Euler's Totient function Phi ( n ) gives us the number of positive integers less than n that are relatively prime to p. | False |
| In the RSA cryptosystem if user A encrypts a message with the public key of user B then only user B can successfully decrypt the message by using its own private key. | True |
| In the RSA cryptosystem we use the property that ( P e ) d = P . | False |
| In the RSA cryptosystem, as described by the textbook, the pair (e,n) is the public key, and the pair (d,n) is the private key. | True |
| Assume that Bob has a valid message m and sends this message to Alice after encrypting it using RSA with Alice's public key. Then Alice can be sure of the ____________ of the message | confidentiality |
Created by:
306706040061204
Popular Computers sets