Question 1

Public key algorithms are useful in the exchange of conventional encryption keys.
 True
 False

Question 2
Public key algorithms are based on mathematical functions rather than on simple operations
on bit patterns.
 True
 False

Question 3
Public key cryptography is __________ .
bit patterned
one key
symmetric
asymmetric
Question 4
The key exchange protocol is vulnerable to a man-in-the-middle attack because it does not
authenticate the participants.
 True
 False

Question 5
The key used in conventional encryption is typically referred to as a _________ key.
secondary
primary
cipher
secret
Question 6
Because of the mathematical properties of the message authentication code function it is less
vulnerable to being broken than encryption.
 True
 False

Question 7
Secure Hash Algorithms with hash value lengths of 256, 384, and 512 bits are collectively
known as _________ .
SHA-
0
SHA-
3
SHA-
2
SHA-
1
Question 8
The two important aspects of encryption are to verify that the contents of the message have
not been altered and that the source is authentic.
 True
 False
Question 9
"It is easy to generate a code given a message, but virtually impossible to generate a message
given a code" describes the __________ hash function property.
second preimage resistant
preimage resistant
strong collision resistant
collision resistant
Question 10
The private key is known only to its owner.
 True
 False

Question 11
The purpose of a ___________ is to produce a "fingerprint" of a file, message, or other block of data.

hash function

public key

message authentication

cipher encryption

Question 12
The strength of a hash function against brute-force attacks depends solely on the length of the
hash code produced by the algorithm.
 True
 False

Question 13
It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). A hash function
with this property is referred to as __________ .
collision resistant
preimage resistant
one-way
weak collision resistant
Question 14
__________ is a procedure that allows communicating parties to verify that received
messages are authentic.
ECB
Message authentication
Passive attack
Encryption
Question 15
Based on the use of a mathematical construct known as the elliptic curve and offering equal
security for a far smaller bit size, __________ has begun to challenge RSA.
DSS
TCB
RIPE-160
 ECC
Question 16
Even in the case of complete encryption there is no protection of confidentiality because any
observer can decrypt the message by using the sender's public key.
 True
 False

Question 17
The purpose of the _________ algorithm is to enable two users to exchange a secret key
securely that then can be used for subsequent encryption of messages and depends on the
difficulty of computing discrete logarithms for its effectiveness.
Diffie-Hellman
RSA
DSS
Rivest-Adleman
Question 18
The __________ property protects against a sophisticated class of attack known as the
birthday attack.
preimage resistant
one-way
collision resistant
second preimage resistant
Question 19
The most important hash function is ________ .
MA
C
SHA
OW
H
ECB
Question 20
If the message includes a _________ the receiver is assured that the message has not been
delayed beyond that normally expected for network transit.
sequence number
shared key
error detection code
timestamp
Question 21
The main advantage of HMAC over other proposed hash based schemes is that HMAC can
be proven secure, provided that the embedded hash function has some reasonable
cryptographic strengths.
 True
 False

Question 22
The most widely accepted and implemented approach to public-key encryption, _________ is
a block cipher in which the plaintext and ciphertext are integers between 0 and n - 1 for some
n.
MD
5
RSA
SHA
CTR
Question 23
The readable message or data that is fed into the algorithm as input is the __________ .

ciphertext

plaintext

encryption algorithm

private key

Question 24
Cryptographic hash functions generally execute slower in software than conventional
encryption algorithms such as DES.
 True
 False

Question 25
Private key encryption is used to produce digital signatures which provide an enhanced form
of message authentication.
 True
 False

Question 26
In addition to providing authentication, a message digest also provides data integrity and
performs the same function as a frame check sequence.
 True
 False

Question 27
In the ECB mode of encryption if an attacker reorders the blocks of ciphertext then each
block will still decrypt successfully, however, the reordering may alter the meaning of the
overall data sequence.
 True
 False

Question 28
The security of the Diffie-Hellman key exchange lies in the fact that, while it is relatively
easy to calculate exponentials modulo a prime, it is very easy to calculate discrete logarithms.
 True
 False

Question 29
________ protects against passive attacks (eavesdropping).
Obfuscation
Encryption
 SCR
Message authentication
Question 30
Message encryption alone provides a secure form of authentication.
 True
 False
Question 1
The automated key distribution approach provides the flexibility and dynamic characteristics
needed to allow a number of users to access a number of servers and for the servers to
exchange data with each other.
 True
 False

Question 2
__________ is a centralized, automated approach to provide enterprise wide access to
resources by employees and other authorized individuals, with a focus of defining an identity
for each user, associating attributes with the identity, and enforcing a means by which a user
can verify identity.
Registration authority
Federated managing authority
Identity management
PKIX management
Question 3
A random value to be repeated to assure that the response is fresh and has not been replayed
by an opponent is the __________ .
nonce
option
rtime
realm
Question 4
A _________ is a key used between entities for the purpose of distributing session keys.
permanent key
key distribution center
symmetric key
session relay key
Question 5
The principal underlying standard for federated identity is the Security Assertion Markup
Language (SAML) which defines the exchange of security information between online
business partners.
 True
 False

Question 6
The ticket-granting ticket is encrypted with a secret key known only to the authentication
server and the ticket granting server.
 True
 False

Question 7
In order to prevent an opponent from capturing the login ticket and reusing it to spoof the
TGS, the ticket includes a __________ indicating the date and time at which the ticket was
issued.
validation
certificate
timestamp
 realm
Question 8
Federated identity management is a concept dealing with the use of a common identity
management scheme across multiple enterprises and numerous applications and supporting
many thousands, even millions, of users.
 True
 False

Question 9
A ___________ is a service or user that is known to the Kerberos system and is identified by
its principal name.
Kerberos key
Kerberos ticket
Kerberos principal
Kerberos realm
Question 10
A session key is destroyed at the end of a session.
 True
 False

Question 11
Encryption in version 4 makes use of a nonstandard mode of DES known as ___________ .
KDC
CBC
PCB
C
PKI
Question 12
It is not necessary for a certification authority to maintain a list of certificates issued by that
CA that were not expired but were revoked.
 True
 False

Question 13
Kerberos version 4 requires the use of a(n) ____________ .
IP address
Ethernet link address
ISO network address
MAC address

Question 14
Used in most network security applications, the __________ standard has become universally
accepted for formatting public-key certificates.
IETF
X.90
5
PKIX
X.50
9
Question 15
Kerberos relies exclusively on asymmetric encryption and makes use of public key
encryption.
 True
 False

Question 16
For symmetric encryption to work the two parties to an exchange must share the same key,
and that key must be protected from access by others.
 True
 False

Question 17
If an opponent captures an unexpired service granting ticket and tries to use it they will be
denied access to the corresponding service.
 True
 False

Question 18
The _________ extension lists policies that the certificate is recognized as supporting,
together with optional qualifier information.
policy mappings
directory attribute
certificate policies
authority key identifier
Question 19
An __________ manages the creation and maintenance of attributes such as passwords and
biometric information.
attribute service
authenticator
identity provider
authorizing agent
Question 20
If the lifetime stamped on a ticket is very short (e.g., minutes) an opponent has a greater
opportunity for replay.
 True
 False

Question 21
User certificates generated by a CA need special efforts made by the directory to protect them
from being forged.
 True
 False

Question 22
X.509 is based on the use of public-key cryptography and digital signatures.
 True
 False
Question 23
One of the major roles of public-key encryption is to address the problem of key distribution.
 True
 False

Question 24
Once the authentication server accepts the user as authentic it creates an encrypted
_________ which is sent back to the client.
password
key
access code
ticket
Question 25
_________ are entities that obtain and employ data maintained and provided by identity and
attribute providers, which are often used to support authorization decisions and to collect
audit information.
Federations
Principals
CAs
Data Consumers
Question 26
Containing the hash code of the other fields encrypted with the CA's private key, the
__________ covers all of the other fields of the certificate and includes the signature
algorithm identifier.
extension
signature
issuer unique identifier
subject unique identifier
Question 27
Kerberos version 4 did not fully address the need to be of general purpose.
 True
 False

Question 28
The __________ knows the passwords of all users and stores these in a centralized database
and also shares a unique secret key with each server.
authentication server
key distribution server
management server
ticket server
Question 29
It is not required for two parties to share a secret key in order to communicate securely with
conventional encryption.
 True
 False

Question 30
In order to solve the problem of minimizing the number of times that a user has to enter a
password and the problem of a plaintext transmission of the password a __________ server is
used.
ticket granting
password ciphering
access code
authentication