Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CS 336 MidTerm

2018 Midterm Review, built from previous quizzes.

QuestionAnswer
The assurance that data received are exactly as sent by an authorized entity is called __________. data integrity
A(n) __________ is an action, device, procedure, or technique that reduces or eliminates a risk, a vulnerability, or an attack by eliminating it, preventing it, or minimizing the harm it can cause. countermeasure
Question: In the referred context, CIA stands for [C], [I], and [A]. Notes: Please answer using title-caps (first letter of each word in uppercase and the rest in lowercase). Please answer using the correct spelling. Confidentiality Integrity Availability
As categorized in the textbook, a successful corruption attack would directly result in a threat consequence of ___________. disruption
A(n) _________ is an unauthorized attempt to learn information from a system such that system resources are not affected. passive attack
_____________ is defined as a practice in which multiple privilege attributes are required to achieve access to a restricted or controlled resource. Under this principle, access privileges must be well classified and separated. Dual Factor Authorization
assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Privacy
The __________________ principle states that access privileges should be distributed across a system, in such a way as to minimize the likeliness that all privileges would be compromised or misused at once. Separation of privilege
A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy is a(n) __________. vulnerability
_____________ implies that security mechanisms should not unduly interfere with the work of users Psychological acceptability
In addition to the CIA basic concepts, we have the AAA concepts. Please give the answers to three of the three AAA concepts as described by the textbookauthor: Accountability Authentication Authorization
The _____________ principle states that access decisions should be made based on positively verifying permission to access rather than verifying the lack of prohibition to access (exclusion). Fail-safe default
The __________________ principle states that the design and implementation of a secure system must minimize the amount of shared functions and interactions between system actors (such as users or processes) needed in order to implement security. Least common mechanism
The __________________ principle, states that multiple, and ideally independent, security mechanisms shall be stacked or overlapped in order to protect resources. Doing this would help prevent the unauthorized use of a resource. Layering
As categorized in the textbook, a successful masquerade attack would directly result in a threat consequence of ___________. deception
The __________________ principle states that actors (such as users or processes) must operate at all times with the level of privilege needed (to carry on their tasks) but no more (or higher). As an Least privilege
The __________________ principle states that each and all attempts to access a resource must be checked by the access control mechanism before that access is granted Complete mediation
A _________ attack would directly hamper the normal use or management of communication or data assets. denial of service
The _____________ principle states that the design of security measures for a system should be as simple as possible, of course, while still implementing the necessary security requirements. Economy of Mechanism
As categorized in the textbook, a successful exposure attack would directly result in a threat consequence of ___________. Unauthorized disclosure
A loss of _________ is the unauthorized disclosure of information. confidentiality
The __________________ principle states that the design of security mechanisms, and the implementation whenever possible, should be open to scrutiny and verification by as many expert parties as possible Open design
An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is called a(n) __________. attack
The __________________ principle states that the design and implementation of a secure system must not excessively interfere with the work of users and rules and procedures must be acceptable by end-users in order to maximize compliance. Psychological acceptability
As categorized in the textbook, a successful misappropriation attack would directly result in a threat consequence of ___________. usurpation
Please write the complete and expanded name of the act passed by congress in 1974 that established fair practices to regulate the information that the federal government collects and maintains about individuals Privacy Act
DMCA stands for: Digital Millennium Copyright Act
In the United States, and other countries that subscribe to the Berne convention, authored works must necessarily be registered with the respective Copyright Office in order to be afforded the protections given by Copyright laws. False
Please write the abbreviated name of the act passed by congress and signed by Bill Clinton in 1996 which established special protections to ensure the privacy of individually identifiable health information. HIPAA
Please write the complete and expanded title or the abbreviation name of the act passed by congress in 2001 in reaction to terrorist attacks in the United States (especially the 9-11 attacks). Notes: USA Patriot Act
Which are the legal options, in the U.S., that may be used to protect applications and data? Trade Secrets Copyrights Trademarks Patents
Please write the abbreviated name of the act passed by congress and signed by President Gerald Ford in 1974 which established special protections to ensure adequate privacy of educational records. FERPA
Trade secret protection would a valid protection mechanism that organizations and individuals may use to protect software and data assets. True
Assume the following scenario: a university research physicist discovers a new law of thermodynamics that applies to certain gases under certain special conditions. In this case, the researcher's discovery is likley patentable False
United States: Federal Law: Business confidentiality protection. Please write the complete name of the act passed by congress in 1996 which outlawed: Economic Espionage Act
Which was the first state in the U.S. that passed state laws mandating the notification of computer security breaches affecting or compromising personal data? California
The three types of patents that can be obtained are [U] patents, [D] patents, and [P] patents. Utility Design Plant
The USA PATRIOT Act was voted by congress soon after the attacks of September 11 of 2011. False
Act passed by congress and signed by President Lyndon B. Johnson in 1966 that established the 'right to know' for individuals with respect to the information collected and kept by the federal government about them. Freedom of Information Act
A software company would adequately protect its business if it filed for copyright protection for a small piece of source code that is considered essential to its business and that it is also extremely interested in ensuring trade secret protection for. False
Under the DMCA, it is not a crime to disable or bypass technological measures built into a digital object because it is considered FAIR USE. False
Act passed by congress in 1999 which removed barriers in financial markets with respect to mergers of insurance and banking companies and also added mandatory implementation of policies. Gramm-Leach-Bliley Act
Act passed by congress in 1966 that allows and regulates the partial or full disclosure of documents controlled by the U.S. government. Under this law any citizen may request a government office to release, after sanitizing, documents. U.S. Freedom of Information
The DMCA of 1998 states that digital objects cannot be protected by copyright and must be protected by other legal means False
Patents rights are granted until the inventor deceases. False
_____________ attacks are one of the two categories of attacks or techniques used to break encryption. Brute Force
One of the main differences between symmetric and asymmetric encryption is that most asymmetric cryptosystems use 3 different keys: a public shared key, and encryption key, and a decryption key. False
_____________ is the act of searching for flaws in an encryption algorithm or its implementation in order to break the encryption. Cryptanalysis
The scrambled message resulting from applying encryption to an original message is called the __________ ciphertext
Assume that Bob has a valid message m and sends this message to Alice after encrypting it using RSA with Alice's public key. Then Alice can be sure of the ____________ of the message. confidentiality
Symmetric encryption may be used to ensure Confidentiality only (from CIA-AAA). False
We say that a hash function is strong collision resitant, or sometimes simply collision resitant, if and only if for any given message x it is computationally infeasable to find a message y, with y different than x, and such that H(x) = H(y). False
We say that a hash function is one-way or pre-image resistant if and only if for any given message x it is computationally infeasable to find a message y, with y different than x, and such that H(x) = H(y). False
The effective key size for the DES symmetric encryption algorithm is _____ bits. 56
Symmetric encryption does not necessarily require the use of a shared secret key in order to ensure Confidentiality. False
Assume that Bob has a valid message m and sends this message to Alice after encrypting it using RSA with Bob's private key. Then Alice can be sure that the message is ____________ and _____________ . integral (only Bob could have created the message) authentic
The key sizes (in bits) that may be used used for encryption and decryption in the AES symmetric encryption algorithm are [a], [b], and [c] bits, respectively. Notes 128 192 256
The final received message after being decrypted on the receiver side called the __________. plaintext
The size of the block used for encryption and decryption for the AES symmetric encryption algorithm is _____ bits 128
Question: When using a transposition or permutation operation we move one symbol, byte, word, or unit into a different place within the new message or state being created with respect to it's original position in the source message or the input state. True
In AES the input key is expanded into an array of 64 32-bit words False
How long, in bits, is the key length used by the simple DES cipher? 56
Encryption can be classified into the following two categories: symmetric and parasymmetric. False
The art and science of uncovering patterns in encrypted text and/or flaws in algorithms in order to break the encryption or improve the encryption algorithms is called cryptography. False
Please select the options below that correspond to stages within one standard round (not the first or final round) of encryption in AES. Mix Columns Add Round Key Substitute Bytes Shift Rows
During the AES encryption stage of Shift Rows: the first row of the state block is shifted 0 1 2 3
Two different basic building blocks of cryptosystems are substitution and transposition (also called permutation). True
In cryptography, we call ciphertext the encrypted version of a message. True
Question: How long, in bits, is the effective key length when using the Triple-DES cipher with K1=K3? 112
The number of columns shifted, for each row, in the corresponding AES encryption stage is indicated by the S-Box encryption table False
In cryptography, we call plaintext the decrypted version of a message. True
Cryptanalytic attacks on modern ciphers can be classified into categories depending upon the availability of encrypted and decrypted information available to the attacker. Ciphertext only Known Plaintext Chosen Plaintext Chosen Ciphertext Chosen Text
Cryptography and cryptanalysis are branches cryptology. True
we call cipher an encryption algorithm True
: When using substitution we move one symbol, byte, word or unit of the input into a different place within the output. False
Encryption can be classified into the following two categories: symmetric and asymmetric True
In symmetric encryption two symmetrically diffrerent keys are used: one for encryption and one for decryption. False
In cryptography, we call plaintext the encrypted version of a message. False
Is it mathematically possible for Alice and Bob to agree on a secret number without ever speaking the number? True
Two numbers are relatively prime if and only if they have no common factors (except 1 of course). True
What are the techniques that may be used to adequately implement Message Authentication. Hash function and then asymmetric encryption with the private key of the sender to encrypt the resulting hash only. MAC with a shared secret key. Hash function and symmetric encryption with a shared secret key to encrypt the resulting hash only.
What is the underlying "difficult" problem in which the RSA cryptosystem relies on, in order to avoid eavesdroppers from breaking the system? Number Factorization in Modular Fields
In the RSA cryptosystem if user A encrypts a message with the public key of user B then only user B can decrypt the message by using its own public key. False
What is the underlying "difficult" problem in which the Diffie-Hellman Key Exchange protocol relies on, in order to avoid eavesdroppers from discovering the secret key? Calculation of Discrete Logarithms in Modular Fields
In the RSA cryptosystem both of the following equations are true: P = D ( k_priv , E ( k_pub , P ) ) P = D ( k_pub , E ( k_pub , P ) ) False
In the RSA cryptosystem, as described by the textbook, the pair (e,n) is the public key, and the number e is chosen to be relatively prime to (p * q). False
The Euler's Totient function Phi ( n ) gives us the number of positive integers less than n that are relatively prime to p. False
In the RSA cryptosystem if user A encrypts a message with the public key of user B then only user B can successfully decrypt the message by using its own private key. True
In the RSA cryptosystem we use the property that ( P e ) d = P . False
In the RSA cryptosystem, as described by the textbook, the pair (e,n) is the public key, and the pair (d,n) is the private key. True
Assume that Bob has a valid message m and sends this message to Alice after encrypting it using RSA with Alice's public key. Then Alice can be sure of the ____________ of the message confidentiality
Created by: 306706040061204