For the following quiz questions:
· MA indicates the question has multiple correct answers
· MC indicates the question has a single best correct answer
Quiz 2:
MA Q2.1 Which of the following are user authentication actions? (Select all that apply)
A. Identifying user permissions
B. Registering a user's access to the system
C. Validating a user's asserted identity via entry of a password
D. Validating a user's asserted identity via the matching of the user's fingerprint against a set of stored fingerprint images.
MA Q2.2 Wnich of the following statements correctly describe encryption?. (Select all that apply)
A. Only a private key can decrypt something encrypted with its corresponding public key and only a public key can decrypt something encrypted with its corresponding private key
B. A public key can decrypt messages encrypted by a public key, and a private key can decrypt messages encrypted by a private key.
C. When Node A encrypts a message using Key Z and sends the message to Node B, and Node B decrypts that message using Key Z, this is known as symmetric encryption.
D. A hash algorithm appropriate for security must produce a fixed length output value, and the algorithm should be reversible, so that it is possible to retrieve the input when the output from the hash algorithm is known.
E. One way to ensure that an encryption algorithm is immune to chosen cipher-text attacks is to ensure that the output from the algorithm is always the same length as the input.
MA Q2.3 Which of the following statements is correct regarding Kerberos based authentication? (Select all that apply)
A. The user only authenticates with the server which provides the requested application service
B. Different secret keys are used when:
a client communicates with the authentication server (AS),
a client communicates with the ticket-granting server (TGS), and
a client communicates with the server which performs the services.
C. The primary role of a ticket granting server (TGS) is to perform a variety of services for the end user.
D. Successful Kerberos based authentication causes the TGS to issue a ticket containing a temporary secret key that is only valid for a specific time period which the user's client application presents to the application server (which also receives a copy of this temporary secret key) to let the application server know the client is authorized to use the application service.
MC Q2.4 What type of encryption keys does a PKI use for verifying the authenticity of digital certificates?
A. Digital Tokens
B. None of the other answers are correct
C. Symmetric Keys
D. Asymmetric Keys
MA Q2.5 Which of the following is a security service provided to the receiver by asymmetrically encrypting a message digest using a private key prior to sending the message? (Select all that apply)
A. Peer-entity authentication
B. Authorization
C. Data-origin authentication
D. Non-repudiation of sender
E. Data Confidentiality
F. User authentication
G. Information Integrity
H. Non-repudiation of receiver
I. Data Integrity
MC Q2.6 Of the following hash algorithms, which have had their classification called into question as being cryptographically secure?
A. MD5 and SHA-1
B. SHA-256 and HMAC-MD5
C. SHA-512 and HMAC-SHA1
D. SHA-256 and SHA-512
MA Q2.7 Which of the following mechanisms must be used to provide data integrity? (Select all that apply)
A. Use a shared secret key when generating a message digest of a clear-text message and then transmitting both the clear-text message and digest.
B. Using a shared secret key when symmetrically encrypting a message digest of a clear-text message and then transmitting both the clear-text message and the symmetrically encrypted digest.
C. Using a shared secret key when asymmetrically encrypting a message digest of a clear-text message and then transmitting both the clear-text message and the asymmetrically encrypted digest.
D. Using a private key when asymmetrically encrypting a message digest of a clear-text message and then transmitting both the clear-text message and the asymmetrically encrypted digest.
E. Use a public key when generating a message digest of a clear-text message and then transmitting both the clear-text message and digest.
F. Use a private key when generating a message digest of a clear-text message and then transmitting both the clear-text message and digest.
MA Q2.8 Which of the following statements correctly describes ITU X.509 digital certificates? (Select all that apply)
A. Each certificate has an issuer name field; however, the data in that field is unreliable and cannot be trusted.
B. A certificate is valid for a specific period of time, and that period begins the first time the certificate is used.
C. When a certificate is revoked, the same certificate is re-issued by the authority with the revoked field marked as "true".
D. When an ITU-T x.509 digital certificate is used correctly, it ensures that the correct public key is cryptographically linked with the identity to whom the public key belongs
E. An X.509 digital certificate needs to be revoked if the subject, to which the certificate applies to, is unable to decrypt the corresponding private key?
MA Q2.9 The process of mutual authentication involves which of the following? (Select all that apply)
A. A user authenticating, receiving a ticket, and then authenticating to a service.
B. A user authenticating to a system via a challenge-response protocol and the system authenticating to the user via the same challenge-response protocol.
C. A user authenticating to two systems at the same time
D. A user authenticating to a server and then to a process
MC Q2.10 Which of the following is an effective mechanism for creating a cipher-text version of a private key for secure storage in a 'smart-card', thumb/usb drive or on a hard disk?
A. Symmetrically encrypt the clear-text private key using a secret key that is the digest output from a cryptographically secure hash algorithm which used a passphrase as input to the algorithm.
B. Symmetrically encrypt the clear-text private key using a secret key that is the digest output from a cryptographically secure hash algorithm which used a password as input to the algorithm.
C. Asymmetrically encrypt the clear-text private key using a secret key that is the digest output from a cryptographically secure hash algorithm which used a passphrase as input to the algorithm.
D. Symmetrically encrypt the clear-text private key using a public key that is the digest output from a cryptographically secure hash algorithm which used a password as input to the algorithm.
MA Q2.11 Which of the following statements correctly describe trust domains? (Select all that apply)
A. If node A trusts node B, then node B always trusts node A.
B. All nodes in the same trust domain must trust each other.
C. If Node A and Node B are in the same trust domain, either node can expect the other node to comply with the same security policies.
D. Nodes inside of a trust domain can connect to nodes outside of that trust domain.
E. If Node A is outside a trust domain, and it connects to Node B which is inside a trust domain, Node B cannot trust Node A.
MA Q2.12 Which of the following can be considered subjects? (Select all that apply)
A. Data files
B. Computer users
C. A USB removable ‘thumb’ drive
D. Application programs (such as a web browser)
E. Computer disk drive
F. Network cables
G. Principals
MC Q2.13 Which of the following is a security service provided by passwords?
A. Peer-entity authentication
B. Authorization
C. Data-origin authentication
D. Non-repudiation of sender
E. Data Confidentiality
F. User authentication
G. Information Integrity
H. Non-repudiation of receiver
I. Data Integrity
MC Q2.14 Which of the following are a security service provided to the message receiver by asymmetrically encrypting a message using a public key prior to transmitting the message?
A. Peer-entity authentication
B. Authorization
C. Data-origin authentication
D. Non-repudiation of sender
E. Data Confidentiality
F. User authentication
G. Information Integrity
H. Non-repudiation of receiver
I. Data Integrity
MA Q2.15 Select all statements that correctly describe information integrity as a goal of security? (Select all that apply)
A. To maintain information integrity, programmers should develop both on development systems and on production systems.
B. If an organization wishes to maintain information integrity, the duties of its critical functions should be separated among different employees.
C. When the data in a system is modified, only on rare occasions and by unauthorized individuals, that system has information integrity.
D. There is no need to log user actions and events in a properly secured system.
E. One way an organization can help maintain information integrity is to require specific employees to use specific processes which cannot be changed or avoided without detection.
MA Q2.16 Which of the following are security services provided to the message receiver by symmetrically encrypting a message prior to transmission? (Select all that apply)
A. Peer-entity authentication
B. Authorization
C. Data-origin authentication
D. Non-repudiation of sender
E. Data Confidentiality
F. User authentication
G. Information Integrity
H. Non-repudiation of receiver
I. Data Integrity
MA Q2.17 Which of the following are security services provided to the receiver by symmetrically encrypting a message digest and then sending the clear-text message and symmetrically encrypted digest? (Select all that apply)
A. Peer-entity authentication
B. Authorization
C. Data-origin authentication
D. Non-repudiation of sender
E. Data Confidentiality
F. User authentication
G. Information Integrity
H. Non-repudiation of receiver
I. Data Integrity
MC Q2.18 What type of attack attempts all possible solutions?
A. Dictionary
B. Brute force
C. Man-in-the-middle
D. Spoofing
MC Q2.19 The scenario shown below most closely represents which type of authentication?
A. Challenge-Response Based Authentication
B. Private/Public Key Based Authentication
C. Simple symmetric Key Based Authentication
D. Diffie-Hellmann Based Authentication
E. Kerberos Based Authentication
MC Q2.20 What does authentication mean?
A. Registering a user
B. Identifying a user
C. Validating a user’s identity
D. Authorizing a user for access