Professional Documents
Culture Documents
Final ICS MCQ 3 UNITS
Final ICS MCQ 3 UNITS
Explanation: The different vulnerabilities of the Transport layer are mishandling of undefined,
poorly defined, Vulnerability that allow “fingerprinting” & other enumeration of host
information, Overloading of transport-layer mechanisms etc. Unauthorized network access is an
example of physical layer vulnerability.
Explanation: Vulnerabilities of session layer of the OSI model are spoofing and hijacking of
data based on failed authentication attempts, weak or non-existent authentication mechanisms,
and the passing of session-credentials allowing intercept and unauthorized use.
3. Failed sessions allow brute-force attacks on access credentials. This type of attacks are done
in which layer of the OSI model? [BL1]
a) Physical layer
b) Data-link Layer
c) Session layer
d) Presentation layer
Explanation: Session identification may be subject to spoofing may lead to data leakage which
depends on failed authentication attempts and allow hackers to allow brute-force attacks on
access credentials.
Explanation: Transmission mechanisms can be subject to spoofing & attacks based on skilled
modified packets. This type of attacks is done in the transport layer of the OSI model.
Explanation: Application design flaws may bypass security controls, inadequate security controls
as well as logical bugs in programs may be by chance or on purpose be used for crashing
programs. These all are part of application layer vulnerability.
Explanation: Very complex application security controls can be an example of application layer
vulnerability. Inadequate security controls, as well as logical bugs in programs, are some other
examples of such type.
12. Which of the following comes under the advantage of dictionary attack? [BL3]
a) Time-consuming
b) Moderate efficient
c) Very fast
d) Complex to carry-out
13. The hybrid attack is a combination of dictionary attack followed by inserting entropy
& performs brute force. [BL1]
a) True
b) False
Explanation: A hybrid attack is a combination of both brute force attack & dictionary attack. So,
while a dictionary attack would comprise a wordlist of passwords, the brute force attack would
be functional for each possible password in the given list.
Explanation: A brute force is the simplest process of gaining access to any password-protected
system. It tries a variety of combinations of usernames & passwords again and again until it
cracks it or password matches. But it is comparatively slow.
16. A attack one of the simplest processes of gaining access to any password-
protected system. [BL1]
a) Clickjacking
b) Brute force
c) Eavesdropping
d) Waterhole
Explanation: A brute force is the simplest process of gaining access to any password-protected
system. It tries a variety of combinations of usernames & passwords again and again until it
cracks it or password matches.
17. attack is a combination of Dictionary attack & brute force attack. [BL2]
a) Syllable
b) Syllabi
c) Database
d) Phishing
Explanation: Syllable attack is a combination of Dictionary attack & brute force attack.
This technique may be implemented when the password is a non-existing word and attacker
tries some techniques to crack it.
18. Attackers can use the _ when he/she gets some information or hint
regarding password he/she wants to crack. [BL3]
a) Syllable attack
b) Rule-based attack
c) Offline attack
d) Hybrid attack
Explanation: Attackers can use the rule-based attack when he/she gets some information or hint
regarding password he/she wants to crack. Examples of such scenarios are like: hacker knows
about the type of password, or size or what type of data it might contain.
20. are based on dictionary attack techniques where the dictionary attack is
mixed with some numerals and special symbols. [BL1]
a) Syllable attack
b) Rule-based attack
c) Offline attack
d) Hybrid attack
Explanation: Hybrid attack is a type of offline attack which is based on dictionary attack
methods. In such types of attacks, the dictionary attack is mixed with some numerals and special
symbols.
21. Which of the following is not an example of non-technical attack techniques? [BL3]
a) Shoulder surfing
b) Keyboard sniffing
c) Phishing
d) Social engineering
Explanation: In the non-technical type of attacks, it is not required to have any technical
knowledge to attack your target victim. Examples of such types of attacks are shoulder surfing,
keyboard sniffing, and social engineering.
Explanation – Proxy servers exist to act as an intermediary between the hacker and the target
and servces to keep the hacker anonymous tot he network.
23. What type of symmetric key algorithm using a streaming cipher to encrypt
information? [BL3]
A. RC4
B. Blowfish
C. SHA
D. MD5
24. Which of the following is not a factor in securing the environment against an attack
on security? [BL3]
Explanation – All of the answers are factors supporting the exploitation or prevention of an
attack. The business strategy may provide the motivation for a potential attack, but by itself will
not influence the outcome.
25. What type of attack uses a fraudulent server with a relay address? [BL2]
A. NTLM
B. MITM
C. NetBIOS
D. SMB
Explanation – MITM (Man in the Middle) attacks create a server with a relay address. It is used
in SMB relay attacks.
26. What port is used to connect to the Active Directory in Windows 2000? [BL1]
A. 80
B. 445
C. 139
D. 389
Explanation – The Active Directory Administration Tool used for a Windows 2000 LDAP
client uses port 389 to connect to the Active Directory service.
Explanation – Steganography is the right answer and can be used to hide information in
pictures, music, or videos.
28. Which phase of hacking performs actual attack on a network or system? [BL3]
A. Reconnaissance
B. Maintaining Access
C. Scanning
D. Gaining Access
Explanation – In the process of hacking, actual attacks are performed when gaining access, or
ownership, of the network or system. Reconnaissance and Scanning are information gathering
steps to identify the best possible action for staging the attack. Maintaining access attempts to
prolong the attack.
29. Attempting to gain access to a network using an employee’s credentials is called the
mode of ethical hacking. [BL3]
A. Local networking
B. Social engineering
C. Physical entry
D. Remote networking
Explanation – Local networking uses an employee’s credentials, or access rights, to gain access
to the network. Physical entry uses credentials to gain access to the physical IT infrastructure.
30. Which Federal Code applies the consequences of hacking activities that disrupt subway
transit systems? [BL3]
Explanation – The Cyber Security Enhancement Act 2002 deals with life sentences for hackers
who recklessly endanger the lives of others, specifically transportation systems.
31. Which of the following is not a typical characteristic of an ethical hacker? [BL3]
Explanation – Each answer has validity as a characteristic of an ethical hacker. Though having
the highest security clearance is ideal, it is not always the case in an organization.
32. What is the proper command to perform an Nmap XMAS scan every 15seconds? [BL3]
Explanation – SX is used to identify a xmas scan, while sneaky performs scans 15 seconds apart.
33. What type of rootkit will patch, hook, or replace the version of system call in order to
hide information? [BL3]
Explanation – Library leve rootkits is the correct answer. Kerel level focuses on replaceing
specific code while application level will concentrate on modifying the behavior of the
application or replacing application binaries. The type, system level, does not exist for rootkits.
Explanation – DoS attacks force systems to stop responding by overloading the processing of
the system.
35. What are some of the most common vulnerabilities that exist in a network or system? [BL3]
Explanation – Linux is an open source code and considered to have greater security than the
commercial Windows environment. Balancing security. Ease of use and functionality can open
vulnerabilities that already exist. Manufacturer settings, or default settings, may provide basic
protection against hacking threats, but need to change to provide advance support. The unused
features of application code provide an excellent opportunity to attack and cover the attack.
A. SYN-ACK-FIN
B. SYN-SYN ACK-ACK
C. SYN-ACK
D. SYN-SYN-ACK
Explanation – A three-handed connection of TCP will start with a SYN packet followed by a
SYN-ACK packet. A final ACK packet will complete the connection.
A. DNSlookup
B. Whois
C. Nslookup
D. IP Network Browser
38. Which ports should be blocked to prevent null session enumeration? [BL2]
A. Availability
B. Confidentiality
C. Integrity
D. Authentication
Explanation – IP address spoofing is detectable by comparing TTL values of the actual and
spoofed IP addresses
Explanation – A ping sweep is intended to identify live systems. Once an active system is found
on the network, other information may be distinguished, including location. Open ports and
firewalls.
A. 22
B. 80
C. 20
D. 23
44. Which of the following will allow footprinting to be conducted without detection? [BL1]
A. PingSweep
B. Traceroute
C. War Dialers
D. ARIN
Explanation – ARIN is a publicly accessible database, which has information that could be
valuable. Because it is public, any attempt to obtain information in the database would go
undetected.
45. Performing hacking activities with the intent on gaining visibility for an unfair situation
is called . [BL1]
A. Cracking
B. Analysis
C. Hacktivism
D. Exploitation
A. Information gathering
B. Cracking passwords
C. Escalating privileges
D. Covering tracks
Explanation – Passwords are a key component to access a system, making cracking the
password the most important part of system hacking.
A. TCP
B. XMAS
C. IDLE
D. NULL
A. Passive stack
B. Active stack
C. Passive banner grabbing
D. Scanned
A. Spamming
B. Identify Theft
C. Impersonation
D. Scanning
Explanation – HTTP Tunneling is used to bypass the IDS and firewalls present on a network.
51. Which Nmap scan is does not completely open a TCP connection? [BL3]
Explanation – Also known as a “half-open scanning,” SYN stealth scan will not complete a full
TCP connection.
52. What protocol is the Active Directory database based on? [BL1]
A. LDAP
B. TCP
C. SQL
D. HTTP
Explanation – Hackers can identify services running on a system by the open ports that are
found.
Explanation – The three types of accepted scans are port, network, and vulnerability.
A. Spyware
B. Shoulder surfing
C. Trojan
D. Social engineering
Explanation – Keyloggers are a form of hardware or software spyware installed between the
keyboard and operating system.
Explanation – Hybrid attacks do crack passwords that are created with replaced characters of
dictionary type words.
A. Shared key
B. LEAP
C. TKIP
D. AES
59. What is the best statement for taking advantage of a weakness in the security of an
IT system? [BL3]
A. Threat
B. Attack
C. Exploit
D. Vulnerability
A. ICANN
B. ARIN
C. APNIC
D. DNS
Explanation – Who utilizes the Internet Corporation for Assigned Names and Numbers.
61. Having individuals provide personal information to obtain a free offer provided through
the Internet is considered what type of social engineering? [BL3]
A. Web-based
B. Human-based
C. User-based
D. Computer-based
Explanation – Whether using email, a fake website, or popup to entice the used, obtaining
information from an individual over the Internet is a computer-based type of social engineering
64. The Certificate_request Massage Includes Two Parameters, One Of Which Is- [BL3]
A. Certificate_extension
B. Certificate_creation
C. Certificate_exchange
D. Certificate_type
65. In The Handshake Protocol Which Is The Message Type First Sent Between Client
And Server ? [BL3]
A. Server_hello
B. Client_hello
C. Hello_request
D. Certificate_request
66. Which Of The Following Is An Independent Malicious Program That Need Not Any
Host Program? [BL2]
A. Trap Doors
B. Trojan Horse
C. Virus
D. Worm
68. Which Of The Following Is Not A Factor In Securing The Environment Against An
Attack On Security? [BL2]
A. The System Configuration
B. The Business Strategy Of The Company
C. The Education Of The Attacker
D. The Network Architecture
70. What Type Of Rootkit Will Patch, Hook, Or Replace The Version Of System Call In
Order To Hide Information? [BL2]
A. Library Level Rootkits
B. Kernel Level Rootkits
C. System Level Rootkits
D. Application Level Rootkits
75. Performing Hacking Activities With The Intent On Gaining Visibility For An
Unfair Situation Is Called . [BL1]
A. Cracking
B. Analysis
C. Hacktivism
D. Exploitation
80. Which Of The Following Malicious Program Do Not Replicate Automatically? [BL2]
A. Trojan Horse
B. Virus
C. Worm
D. Zombie
2. Monoalphabetic ciphers are stronger than Polyalphabetic ciphers because frequency analysis
is tougher on the former. [BL1]
a) True
b) False
Answer: b
Explanation: Monoalphabetic ciphers are easier to break because they reflect the
frequency of the original alphabet.
3. Choose from among the following cipher systems, from best to the worst, with respect to
ease of decryption using frequency analysis. [BL1]
a) Random Polyalphabetic, Plaintext, Playfair
b) Random Polyalphabetic, Playfair, Vignere
c) Random Polyalphabetic, Vignere, Playfair, Plaintext
d) Random Polyalphabetic, Plaintext, Beaufort, Playfair
Answer: c
Explanation: Random Polyalphabetic is the most resistant to frequency analysis, followed by
Vignere, Playfair and then Plaintext.
8. The S-Box is used to provide confusion, as it is dependent on the unknown key. [BL1]
a) True
b) False
Answer: a
Explanation: The S-Box is used to provide confusion, as it is dependent on the unknown key.
The P-Box is fixed, and there is no confusion due to it, but it provides diffusion.
9. This is an example of
Answer: b
Explanation: The figure is the Feistel Cipher Structure.
a) 1 and 3
b) 2 and 3
c) 3 and 4
d) 2 and 4
Answer: b
Explanation: Increase in any of the above 4 leads to slowing of the cipher algorithm i.e. more
computational time will be required.
14. In the DES algorithm, although the key size is 64 bits only 48bits are used for the
encryption procedure, the rest are parity bits. [BL1]
a) True
b) False
Answer: b
Explanation: 56 bits are used, the rest 8 bits are parity bits.
15. In the DES algorithm the round key is bit and the Round Input is [BL1]
bits.
a) 48, 32
b) 64,32
c) 56, 24
d) 32, 32
Answer: a
Explanation: The round key is 48 bits. The input is 32 bits.
16. In the DES algorithm the Round Input is 32 bits, which is expanded to 48 bits via
. [BL1]
a) Scaling of the existing bits
b) Duplication of the existing bits
c) Addition of zeros
d) Addition of ones
Answer: a
Explanation: The round key is 48 bits. The input is 32 bits. This input is first expanded to 48
bits (permutation plus an expansion), that involves duplication of 16 of the bits.
18. The number of unique substitution boxes in DES after the 48 bit XOR operation are [BL1]
a) 8
b) 4
c) 6
d) 12
Answer: a
Explanation: The substitution consists of a set of 8 S-boxes, each of which accepts 6 bits as
input and produces 4 bits as output.
19. In the DES algorithm the 64 bit key input is shortened to 56 bits by ignoring every 4th
bit. [BL2]
a) True
b) False
Answer: b
Explanation: Every 8th bit is ignored to shorten the key length.
20. During decryption, we use the Inverse Initial Permutation (IP-1) before the IP. [BL2]
a) True
b) False
Answer: a
Explanation: IP-1 is the first step and the last step is IP during decryption.
21. The number of tests required to break the DES algorithm are
[BL2] a) 2.8×1014
b) 4.2×109
c) 1.84×1019
d) 7.2×1016
Answer: d
Explanation: There are 256 keys =7.2×1016.
22. The number of tests required to break the Double DES algorithm are
[BL2] a) 2112
b) 2111
c) 2128
d) 2119
Answer: b
Explanation: For Double DES key is 2112 bits, should require 2111 tests to break.
23. How many keys does the Triple DES algorithm use? [BL2]
a) 2
b) 3
c) 2 or 3
d) 3 or 4
Answer: c
Explanation: For Triple DES we can either have 2 or 3 keys.
Using two keys: c = Ek1(Dk2(Ek1(m)))
Using three keys: c = Ek3(Ek2(Ek1(m))).
24. In triple DES, the key size is and meet in the middle attack takes tests to break the
key. [BL2]
a) 2192 ,2112
b) 2184,2111
c) 2168,2111
d) 2168,2112
Answer: d
Explanation: The key size is 2168 and meet in the middle attack takes 2112 tests to break.
25. Using Differential Crypt-analysis, the minimum computations required to decipher the
DES algorithm is [BL2]
a) 256
b) 243
c) 255
d) 247
Answer: d
Explanation: Differential Crypt-analysis requires only 247 computations to decipher the DES
algorithm.
26. Using Linear Crypt-analysis, the minimum computations required to decipher the
DES algorithm is [BL2]
a) 248
b) 243
c) 256
d) 264
Answer: b
Explanation: Linear Crypt-analysis requires only 243 computations to decipher the DES
algorithm.
28. AES uses a bit block size and a key size of bits. [BL2]
a) 128; 128 or 256
b) 64; 128 or 192
c) 256; 128, 192, or 256
d) 128; 128, 192, or 256
Answer: d
Explanation: It uses a 128-bit block size and a key size of 128, 192, or 256 bits.
30. The 4×4 byte matrices in the AES algorithm are called [BL2]
a) States
b) Words
c) Transitions
d) Permutations
Answer: a
Explanation: The matrices are called states.
31. In AES the 4×4 bytes matrix key is transformed into a keys of size . [BL2]
a) 32 words
b) 64 words
c) 54 words
d) 44 words
Answer: d
Explanation: In AES the 4×4 bytes matrix key is transformed into a keys of size 44 bytes.
32. How many similar rounds are there in AES-128 algorithm [BL2]
a) 2 pair of 5 similar rounds
b) 9
c) 8
d) 10
Answer: b
Explanation: In the AES-128 there are 9 similar rounds
33. How many different rounds are there in AES-128 algorithm [BL2]
a) every alternate
b) the last
c) the first and last
d) no
Answer: b
Explanation: In the AES-128 the last round is different.
34. Which of the 4 operations are false for each round in the AES algorithm [BL2]
i) Substitute Bytes
ii) Shift Columns
iii) Mix Rows
iv) XOR Round Key
a) i) only
d) only iv)
Answer: b
Explanation: AES rounds involve substitute bytes, shift rows, mix columns and addition of
round key.
35. There is an addition of round key before the start of the AES round algorithms. [BL3]
a) True
b) False
Answer: a
Explanation: In AES the final round contains only three transformations, and there is an initial
single transformation (Add Round Key) before the first round which can be considered Round
0. Each transformation takes 4×4 matrixes as input and produces a 4×4 matrix as output.
36. How many computation rounds does the simplified AES consists of? [BL3]
a) 5
b) 2
c) 8
d) 10
Answer: b
Explanation: The simplified AES has only 2 rounds of computation.
37. On comparing AES with DES, which of the following functions from DES does not have
an equivalent AES function? [BL3]
a) f function
b) permutation p
c) swapping of halves
d) xor of subkey with function f
Answer: c
Explanation: There is no equivalent to swapping of halves in the AES algorithm.
38. What is the block size in the Simplified AES algorithm? [BL3]
a) 8 bits
b) 40 bits
c) 16 bits
d) 36 bits
Answer: b
Explanation: The block size for the AES algorithm is 16 bits.
41. How many step functions do Round 1 and 2 each have in S-AES? [BL3]
a) 4 and 3
b) Both 4
c) 1 and 4
d) 3 and 4
Answer: a
Explanation: Round 1 has four step functions whereas Round 2 has three step functions.
42. For a key 25D5 and PT input A479 what is the output we obtain after the “add round
key” function? [BL3]
a) F34D
b) 81AC
c) 79DF
d) 327D
Answer: b
Explanation: Simply apply XOR to the state matrix PT with the key matrix to obatain the output
which in this case is 81AC.
43. The output of the previous question, on passing through “nibble substitution” gets us
the output. [BL3]
a) 3267
b) 1344
c) 64C0
d) CA37
Answer: c
Explanation: 81AC after passing through the “nibble substitution” round produces an
output 64C0. A corresponding substitution is referred to in this step.
44. How many round keys are generated in the AES algorithm? [BL3]
a) 11
b) 10
c) 8
d) 12
Answer: a
Explanation: 11 round keys are generated. One for each of the 10 rounds and one of the
initial permutations (Round 0).
45. How many modes of operation are there in in DES and AES? [BL1]
a) 4
b) 3
c) 2
d) 5
Answer: d
Explanation: DES has 5 modes of operation.
46. Which one of the following modes of operation in DES is used for operating short
data? [BL2]
a) Cipher Feedback Mode (CFB)
b) Cipher Block chaining (CBC)
c) Electronic code book (ECB)
d) Output Feedback Modes (OFB)
Answer: c
Explanation: The Electronic code book mode is used for operating on short data as the same key
is used for each block. Thus repetitions in Plain Text lead to repetitions in Cipher Text.
47. Which of the following is false for ECB mode of operation [BL2]
i) The Plain text is broken into blocks of size 128 bytes
ii) Blocks can be swapped, repeated, replaced without recipient noticing
iii) Good for short data
iv) Encryption of each block is done separately using a randomly generated key for each block
a) i) only
c) i) and iv)
Answer: c
Explanation: Block size is 64 bits. The same Key is used for each block.
Answer: d
Explanation: The first block in CBC mode uses an IV.
49. There is a dependency on the previous ‘s’ bits in every stage in CFB mode. Here ‘s’ can
range from . [BL1]
a) 8-16 bits
b) 8-32 bits
c) 4-16 bits
d) 8-48 bits
Answer: b
Explanation: The range of the output of each stage of the cipher system is 8-32 bits for a 64 bit
system.
50. In OFB Transmission errors do not propagate: only the current ciphertext is affected,
since keys are generated “locally”. [BL3]
a) True
b) False
Answer: a
Explanation: Yes, transmission errors do not propagate in OFB mode because of the locally
generated key.
51. Which mode of operation has the worst “error propagation” among the following? [BL3]
a) OFB
b) CFB
c) CBC
d) ECB
Answer: d
Explanation: The ECB or electronic code book mode of operation propagates the most errors. A
single bit error is carried onto the next block and so on.
52. Which of the following modes of operation does not involve feedback? [BL3]
a) ECB
b) CBC
c) CTR
d) OFB
Answer: a
Explanation: Electronic code book does not involve feedback.
53. Confusion hides the relationship between the ciphertext and the plaintext. [BL1]
a) True
b) False
Answer: b
Explanation: Confusion hides the relationship between the ciphertext and the key.
54. The S-Box is used to provide confusion, as it is dependent on the unknown key. [BL1]
a) True
b) False
Answer: a
Explanation: The S-Box is used to provide confusion, as it is dependent on the unknown key.
The P-Box is fixed, and there is no confusion due to it, but it provides diffusion.
57. Which one of the following algorithm is not used in asymmetric-key cryptography? [BL3]
a) rsa algorithm
b) diffie-hellman algorithm
c) electronic code book algorithm
d) dsa algorithm
Answer: c
Explanation: Electronic code book algorithm is a block cipher method in which each block of
text in an encrypted message corresponds to a block of data. It is not feasible for block sizes
smaller than 40 bits.
58. In cryptography, the order of the letters in a message is rearranged by . [BL3]
a) transposition ciphers
b) substitution ciphers
c) both transposition ciphers and substitution ciphers
d) quadratic ciphers
Answer: a
Explanation: In transposition ciphers, the order of letters in a plaintext message is shuffled using a
pre-defined method. Some of such ciphers are Rail fence cipher and Columnar transposition.
73. In public key cryptography, a key that decrypts the message. [BL3]
a. public key
b. unique key
c. private key
d. security key
Answer: c
75. Encryption standard that is selected by the US government to replace DES. [BL3]
a. AES
b. BES
c. CES
d. DES
Answer: a
Explanation :AES is Advanced Encryption Standard. It was selected by the US
government. It is used to replace DES
78. Using Differential Crypt-analysis, the minimum computations required to decipher the
DES algorithm is- [BL3]
a. 2^56
b. 2^43
c. 2^55
d. 2^47
Answer: d
Explanation : Differential Crypt-analysis requires only 247 computations to decipher the DES
algorithm.
81. Which of the following ciphered text would have NOT used transposition cipher
for encryption of the plain text “CIPHER”? [BL3]
a) EPIHRC
b) EHIPCR
c) DTIPRC
d) HRIPEC
Answer: c
Explanation: We know that transposition cipher encrypts the plain text by shuffling the letters of
the plain text. So out of the given options, only “DTIPRC” does not have the same set of letters
as “CIPHER”.
82. Which of the following cipher is formed by applying columnar transposition cipher
twice? [BL3]
a) Rail Fence cipher
b) Route cipher
c) Double transposition cipher
d) One time pad
Answer: c
Explanation: Double transposition cipher is formed by applying columnar transposition cipher
twice. For the purpose of encryption, we may use the same key twice or we can use two
different keys.
84. What will be the encrypted text corresponding to plain text “CLASSIFIED” using
columnar transposition cipher with a keyword as “GAMES”? [BL3]
a) LFDSIASECI
b) SECIAISDFL
c) CILFAISESD
d) LFSECIAISD
Answer: d
Explanation: For encrypting using columnar cipher we have to arrange the letters of the plain
text in a table which has the same number of columns as the letters of the keyword. Then the
letters of the keyword are arranged in alphabetical order and we read along each column.
31425
GAMES
CLASS
IFIED
So the ciphered text will be “IFSECIAISD”.
85. Which of the following statement is not true regarding columnar transposition cipher? [BL3]
a) it is a weak cipher
b) probability of error is high while deciphering
c) it cannot be combined with other ciphers
d) it is a traditional symmetric cipher
Answer: c
Explanation: Although columnar transposition cipher is a weak cipher in itself. But it can be
combined with other substitution ciphers so as to improve its security. The probability of error
remains high while decoding columnar cipher as it is a lengthy process.
87. Which of the following correctly defines poly alphabetic cipher? [BL3]
a) substitution based cipher which uses multiple substitution at different positions
b) a substitution based cipher which uses fixed substitution over entire message
c)a transposition based cipher which uses multiple substitution at different positions
d) a transposition based cipher which uses fixed substitution over entire message
Answer: a
Explanation: Poly alphabetic cipher is a type of substitution cipher. It uses multiple substitution
at different positions in order to cipher the plain text.
88. Poly alphabetic cipher harder to decipher than mono alphabetic cipher. [BL3]
a) true
b)false
Answer: a
Explanation:Mono alphabetic ciphers can be decoded by using the method frequency analysis.
But in poly alphabetic cipher each symbol of plain text is replaced by a different cipher text
regardless of its occurrence. This makes it very difficult to be decoded by using frequency
analysis.
89. In which of the following cipher the plain text and the ciphered text do not have the
same number of letters? [BL3]
a) affine cipher
b) hill cipher
c) columnar cipher
d) additive cipher
Answer: b
Explanation: In transposition cipher and mono alphabetic cipher the number of letters remains
the same in ciphered and deciphered text. But in poly alphabetic cipher the number of letters are
different. So here as hill cipher is the only poly alphabetic cipher so it will be the answer.
90. Which of the following properties are the characteristic properties of a block
cipher technique which differs from stream cipher? [BL2]
a. Avalanche effect
b. Completeness
c. Both a. and b.
d. None of the above
Answer: c.
Explanation:Avalanche effect and Completeness are the two characteristic properties of Block
ciphers which differ them from stream ciphers.
91. What is the length of the cryptographic key used in the Data Encryption Standard
(DES) cryptosystem? [BL1]
a) 56 bits
b)128 bits
c) 192 bits
d). 256 bits
Answer: a
Explanation: DES uses a 56-bit key. This is considered one of the major weaknesses of this
cryptosystem.
92. What type of cipher relies upon changing the location of characters within a message
to achieve confidentiality? [BL3]
a) Stream cipher
b) Transposition cipher
c) Block cipher
d) Substitution cipher
Answer: b
Explanation: Transposition ciphers use a variety of techniques to reorder the characters within a
message.
93. Which one of the following is a cryptographic goal that cannot be achieved by a secret
key cryptosystem? [BL3]
a. Nonrepudiation
b. Confidentiality
c. Availability
d. Integrity
Answer: a
Explanation: Nonrepudiation requires the use of a public key cryptosystem to prevent users
from falsely denying that they originated a message.
95. Which one of the following cipher types operates on large pieces of a message rather
than individual characters or bits of a message? [BL3]
a. Stream cipher
b. Caesar cipher
c. Block cipher
d. ROT3 cipher
Answer: c
Explanation: Block ciphers operate on message “chunks” rather than on individual characters or
bits. The other ciphers mentioned are all types of stream ciphers that operate on individual bits or
characters of a message.
96. What is the minimum number of cryptographic keys required for secure two-way
communications in symmetric key cryptography? [BL3]
a. One
b. Two
c. Three
d. Four
Answer: a
Explanation: Symmetric key cryptography uses a shared secret key. All communicating
parties utilize the same key for communication in any direction.
97. What is the minimum number of cryptographic keys required for secure two-way
communications in asymmetric key cryptography? [BL3]
a. One
b. Two
c. Three
d. Four
Answer: d
Explanation: In asymmetric (public key) cryptography, each communicating party must have a
pair of public and private keys. Therefore, two-way communication between parties requires a
total of four cryptographic keys (a public and private key for each user).
98. Which one of the following Data Encryption Standard (DES) operating modes can be
used for large messages with the assurance that an error early in the encryption/decryption
process won't spoil results throughout the communication? [BL3]
a. Cipher Block Chaining (CBC)
b. Electronic Codebook (ECB)
c. Cipher Feedback (CFB)
d. Output Feedback (OFB)
Answer: d
Explanation:Cipher Block Chaining and Cipher Feedback modes will carry errors throughout
the entire encryption/decryption process. Electronic Codebook (ECB) operation is not suitable
for large amounts of data. Output Feedback (OFB) mode does not allow early errors to interfere
with future encryption/decryption.
99. The caesar cipher is a cipher that has a key of 3 . [BL3]
a. Transposition
b. Additive
c. shift
d. None of the above
Answer: c
Explanation: The Caesar cipher is named after Julius Caesar, who, according to Suetonius, used
it with a shift of three (A becoming D when encrypting, and D becoming A when decrypting) to
protect messages of military significance.
a) Malware Analysis
b) Exploit writing
c) Reverse engineering
d) Cryptography
Explanation: Cryptography is the process or mechanism used for converting ordinary plain text
into garbled non-human readable text & vice-versa. It is a means of storing & transmitting
information in a specific format so that only those for whom it is planned can understand or
process it.
4. Cryptographic algorithms are based on mathematical algorithms where these algorithms use
for a secure transformation of data. [BL1]
a) secret key
b) external programs
c) add-ons
d) secondary key
Explanation: When plain text is converted to unreadable format through some algorithms, that
type of text is termed as cipher text. Cryptographic algorithms are based on mathematical
algorithms where these algorithms use the secret key for a secure transformation of data.
a) 5
b) 4
c) 3
d) 2
Explanation: Cryptography can be divided into two types. These are classic cryptography &
modern cryptography. Using these techniques, users can secure their information from
illegitimate ones.
6. Data which is easily readable & understandable without any special algorithm or method is
called . [BL1]
a) cipher-text
b) plain text
c) raw text
d) encrypted text
Explanation: The means of storing or sending data in a specific format so that only intended
users can process it is called cryptography. Data which is easily readable & understandable
without any special algorithm or method is called plain text.
a) cipher-text
b) raw text
c) clear-text
d) encrypted text
Explanation: Data which is easily readable & understandable without any special algorithm
or method is called plain text or clear-text. This text is not secured and can be readable by
anyone who is not even a legitimate user.
8. There are types of cryptographic techniques used in general. [BL1]
a) 2
b) 3
c) 4
d) 5
Explanation: There are three types of cryptographic techniques used in general. These are
Symmetric Key cryptography, public key cryptography, and Hash functions based cryptography.
a) secret-key
b) public key
c) protected key
d) primary key
Explanation: The various cryptographic techniques are symmetric Key cryptography, public key
cryptography, and Hash functions based cryptography. Conventional cryptography is also
known as secret-key cryptography or symmetric-key encryption.
a) Modern
b) Classic
c) Asymmetric
d) Latest
Explanation: Cryptography can be divided into two types. These are classic cryptography &
modern cryptography. Classic cryptography deals with traditional characters, i.e., letters & digits
directly.
12. cryptography operates on binary-bit series and strings. [BL2]
a) Modern
b) Classic
c) Traditional
d) Primitive
Explanation: Cryptography can be divided into two types. These are classic cryptography &
modern cryptography. Modern cryptography operates on binary-bit series and strings.
13. cryptography has always been focussing on the concept of ‘security through
obscurity’. [BL2]
a) Modern
b) Asymmetric
c) Classic
d) Latest
Explanation: Cryptography can be divided into two types. These are classic cryptography &
modern cryptography. Classic cryptography deals with traditional characters, i.e., letters & digits
directly. It is based on the concept of ‘security through obscurity’.
a) Modern
b) Classic
c) Traditional
d) Primitive
Explanation: There are 2 types of cryptography – classic cryptography & modern cryptography.
Modern cryptography operates on binary-bit series and strings. It is based on publicly known
mathematically designed algorithms to encrypt the information.
15. Which is the key exchange algorithm used in CipherSuite parameter? [BL2]
a) RSA
b) Fixed Diffie-Hellman
c) Ephemeral Diffie-Hellman
d) Any of the mentioned
Explanation: We can use either of the following for the CipherSuite key exchange-
i) RSA
ii) Fixed Diffie-Hellman
iii) Ephemeral Diffie-Hellman
iv) Anonymous Diffie-Hellman
v) Fortezza.
16.The certificate message is required for any agreed-on key exchange method except
. [BL2]
a) Ephemeral Diffie-Hellman
b) Anonymous Diffie-Hellman
c) Fixed Diffie-Hellman
d) RSA
Explanation: The certificate message is required for any agreed-on key exchange method except
Anonymous Diffie-Hellman.
17. In the Phase 2 of the Handshake Protocol Action, the step server_key_exchange is
not needed for which of the following cipher systems? [BL2]
a) Fortezza
b) Anonymous Diffie-Hellman
c) Fixed Diffie-Hellman
d) RSA
Explanation: The Fixed Diffie-Helmann does not require the server_key_exchange step in the
handshake protocol. [BL2]
a) MD5
b) SHA-2
c) SHA-1
d) Does not use hash algorithm
Explanation: The DSS signature uses SHA-1.
a) MD5
b) SHA-1
c) MD5 and SHA-1
d) None of the mentioned.
Explanation: The MD5 and SHA-1 hash is concatenated together and the then encrypted with the
server’s private key.
20. The certificate_request massage includes two parameters, one of which is—- . [BL2]
a) certificate_extension
b) certificate_creation
c) certificate_exchange
d) certificate_type
Explanation: The certificate_request massage includes two parameters :certificate_type and
certificate_authorities.
21. What is the general equation for elliptic curve systems? [BL3]
22. In the Singular elliptic curve, the equation x^3+ax+b=0 does roots. [BL3]
23. How many real and imaginary roots does the equation y2=x3-1 have —-------. [BL3]
a) 2 real, 1 imaginary
b) all real
c) all imaginary
d) 2 imaginary, 1 real
Explanation: On solving the equation we get 2 imaginary and 1 real root.
24. How many real and imaginary roots does the equation y2=x3-4x have —----. [BL3]
a) 2 real, 1 imaginary
b) all real
c) all imaginary
d) 2 imaginary, 1 real
Explanation: On solving the equation we get all real roots.
25. In the elliptic curve group defined by y2= x3- 17x + 16 over real numbers, what is P + Q if P
= (0,-4) and Q = (1, 0)? [BL3]
a) (15, -56)
b) (-23, -43)
c) (69, 26)
d) (12, -86)
Explanation: P=(x1, y1)= (0,-4)
Q=(x2, y2)= (1,0)
From the Addition formulae:
λ= (0-(-4)) / (1-0) = 4
x3= = 16 – 0 – 1 = 15 and
y3= 4(0 – 15) –(-4) = -56
Thus R=P + Q = (15, -56).
26. In the elliptic curve group defined by y2= x3- 17x + 16 over real numbers, what is 2P if P
= (4, 3.464)? [BL3]
a) (12.022, -39.362)
b) (32.022, 42.249)
c) (11.694, -43.723)
d) (43.022, 39.362)
Explanation: From the Doubling formulae:
a) True
b) False
Explanation: ECC does follow associative property.
28. “In ECC, the inverse of point P =(x1, y1) is Q = (-x1, y1). “ [BL3]
a) True
b) False
Explanation: The inverse of point P =(x1, y1) is Q =(x1, -y1).
29. In the RSA algorithm, we select 2 random large values ‘p’ and ‘q’. Which of the following
is the property of ‘p’ and ‘q’? [BL3]
a) (p)/(q)
b) (p)(q)
c) (p-1)(q-1)
d) (p+1)(q+1)
31. In RSA, we select a value ‘e’ such that it lies between 0 and Ф(n) and it is relatively prime
to Ф(n). [BL3]
a) True
b) False
Explanation: gcd(e, Ф(n))=1; and 1 < e < Ф(n).
32. For p = 11 and q = 19 and choose e=17. Apply RSA algorithm where message=5 and find
the cipher text. [BL3]
a) C=80
b) C=92
c) C=56
d) C=23
Explanation: n = pq = 11 × 19 = 209.
33. For p = 11 and q = 19 and choose d=17. Apply RSA algorithm where Cipher
message=80 and thus find the plain text. [BL3]
a) 54
b) 43
c) 5
d) 24
Explanation: n = pq = 11 × 19 = 209.
C=Me mod n ; C=517 mod 209 ; C = 80 mod 209.
34. Perform encryption on the following PT using RSA and find the CT. p = 3; q = 11; M = 5.
[BL3]
a) 28
b) 26
c) 18
d) 12
35. Perform encryption on the following PT using RSA and find the CT. p = 5; q = 11; M = 9
[BL3]
a) 43
b) 14
c) 26
d) 37
Explanation: n = 55; f(n) = 40; d = 27; C = 14.
36. Perform encryption on the following PT using RSA and find the CT. p = 7; q = 11; M = 8
[BL3]
a) 19
b) 57
c) 76
d) 59
Explanation: n = 77; f(n) = 60; d = 53; C = 57.
37. Perform encryption on the following PT using RSA and find the CT. p = 11; q = 13; M =
7 [BL3]
a) 84
b) 124
c) 106
d) 76
Explanation: n = 143; f(n) = 120; d = 11; C = 106.
38. Perform encryption on the following PT using RSA and find the CT. p = 17; q = 31; M = 2
[BL3]
a) 254
b) 423
c) 128
d) 523
Explanation: n = 527; f(n) = 480; d = 343; C = 128.
39. Perform encryption on the following PT using RSA and find the CT. n = 35; e = 5; C = 10.
What is the plaintext (use RSA) ? [BL3]
a) 3
b) 7
c) 8
d) 5
Explanation: Use RSA system to decrypt and get PT = 5.
40. For each the Kerberos Key Distribution Center (KDC) maintains a database of the
realm’s principal and the principal’s associated “secret keys”. [BL3]
a) key
b) realm
c) document
d) none of the mentioned
Explanation: Principals belong to administrative units called realms.
41. Which one of the following is not a public key distribution? [BL3]
a) Public-Key Certificates
b) Hashing Certificates
c) Publicly available directories
d) Public-Key authority
Explanation: Hashing certificates is some I just made up. It doesn’t exist noob.
44. Which of the following public key distribution systems is most secure? [BL3]
a) Public-Key Certificates
b) Public announcements
c) Publicly available directories
d) Public-Key authority
Explanation: Public certificates are the most secure key distribution/management systems right
now.
a) i) and ii)
b) iii) and iv)
c) i) and iv)
d) iv) only
Explanation: Public announcements and Public Certificates involve the use of timestamps.
46. Which of these systems use timestamps as an expiration date? [BL3]
a) Public-Key Certificates
b) Public announcements
c) Publicly available directories
d) Public-Key authority
48. Publicly Available directory is more secure than which other system? [BL2]
a) Public-Key Certificates
b) Public announcements
c) Public-Key authority
d) None of the mentioned
Explanation: Publicly Available directory is more secure than Public announcements.
49. The subject unique identifier of the X.509 certificates was added in which version? [BL2]
a) 1
b) 2
c) 3
d) 4
Explanation: The subject unique identifier was added in the 2nd version.
50. Which of the following is not an element/field of the X.509 certificates? [BL2]
a) Issuer Name
b) Serial Modifier
c) Issuer unique Identifier
d) Signature
Explanation: Serial Modifier is not an element/field of the X.509 certificates.
51. Certificates generated by X that are the certificates of other CAs are Reverse
Certificates. [BL2]
a) True
b) False
Explanation: The statement is true. Certificates of X generated by other CAs are
forward certificates.
53. When a hash function is used to provide message authentication, the hash function value
is referred to as . [BL1]
a) Message Field
b) Message Digest
c) Message Score
d) Message Leap
Explanation: A hash function providing message authentication is referred to as massage digest.
55. The main difference in MACs and digital signatures is that, in digital signatures the
hash value of the message is encrypted with a user’s public key. [BL2]
a) True
b) False
Explanation: The main difference in MACs and digital signatures is that, in digital signatures the
hash value of the message is encrypted with a user’s private key.
56. Which one of the following is not an application hash function? [BL2]
a) One-way password file
b) Key wrapping
c) Virus Detection
d) Intrusion detection
Explanation: Key wrapping is a separate algorithm and not an application of hash fuctions.
57. Basically, in SHA-512, the message is divided into blocks of size bits for the hash
computation. [BL3]
a. 1024
b. 512
c. 256
d. 1248
Explanation:
As we study, the message is divided into blocks of size 1024 bits, and the output produced is a
512-bit message digest and uses the 512-bit buffer till 80 rounds.
58. Which of the following are used to create a message digest by the network security
protocols? [BL3]
a. RSA
b. SHA-1
c. DES
d. MD5
Explanation:
59. What is the output of the N 1024-bit blocks from the Nth stage in this SHA? [BL1]
a. 512 bits
b. 1024 bits
c. N x 1024bits
d. N x 512 bits
Explanation:
We know that when we use SHA 512 we take 1024 bit plaintext into this algorithm and get the
output as 512 bit which is fixed.
60. What does the output of a cryptographic hash function mean? [BL1]
Explanation:
The output of a cryptographic hash function means as a fixed set of bits, derived from one-way
mathematical operations.
66. The certificate message is required for any agreed-on key exchange method except . [BL3]
a. Ephimeral Diffie Hellman
b. Anonymous Diffie Hellman
c. Fixed Diffie hellman
d. RSA
69. What is the size of the RSA signature hash after the MD5 and SHA-1 processing? [BL2]
a. 42 bytes
b. 32 bytes
c. 36 bytes
d. 48 bytes
Explanation: The size is 36 bytes after MD5 and SHA-1 processing
70. The certificate_request massage includes two parameters, one of which is- [BL2]
a. certificate_extension
b. certificate_creation
c. certificate_exchange
d. certificate_type
Explanation: The certificate_request massage includes two parameters :certificate_type and
certificate_authorities.
71. ensures the integrity and security of data that are passing over a
network. [BL2]
a) Firewall
b) Antivirus
c) Pentesting Tools
d) Network-security protocols
Explanation: The methods and processes in securing network data from unauthorized content
extraction are controlled by network-security protocols.
73. Which is the 3rd phase of operation in the IEEE 802.11i Protocol? [BL3]
a. Protected Data Transfer[BL3]
b. Discovery
c. Authentication
d. Key Management
Explanation: Key management is the 3rd Phase of operation in the IEEE 802.11i Protocol.
75. In public key cryptosystem keys are used for encryption and decryption. [BL1]
a) Same
b) Different
c) Encryption Keys
d) None of the mentioned
Explanation: In conventional cryptosystem, same keys are used for encryption and decryption
where as in public key cryptosystem different keys are used
77. Public key cryptosystem uses same key for both encryption and decryption. [BL3]
a) True
b) False
Answer: b
Explanation: Public key cryptosystem uses different keys for encryption and decryption.
84. In the RSA public key cryptosystem, which one of the following numbers will always
be largest? [BL1]
a). e
b) n
c) p
d) q
Answer : b.
Explanation: The number n is generated as the product of the two large prime numbers p and q.
Therefore, n must always be greater than both p and q. Furthermore, it is an algorithm constraint
that e must be chosen such that e is smaller than n. Therefore, in RSA cryptography n is always
the largest of the four variables shown in the options to this question.
85. Which cryptographic algorithm forms the basis of the El Gamal cryptosystem? [BL1]
a. RSA
b. Diffie-Hellman
c. 3DES
d. IDEA
Answer :B.
Explanation: The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key
exchange protocol to support the encryption and decryption of messages.
86. If Richard wants to send an encrypted message to Sue using a public key
cryptosystem, which key does he use to encrypt the message? [BL3]
a. Richard's public key
b. Richard's private key
c. Sue's public key
d. Sue's private key
Explanation: Richard must encrypt the message using Sue's public key so that Sue can decrypt it
using her private key. If he encrypted the message with his own public key, the recipient would
need to know Richard's private key to decrypt the message. If he encrypted it with his own
private key, any user could decrypt the message using Richard's freely available public key.
Richard could not encrypt the message using Sue's private key because he does not have access
to it. If he did, any user could decrypt it using Sue’s freely available public key.
87. Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The
company plans to convert from RSA to an elliptic curve cryptosystem. If it wishes to
maintain the same cryptographic strength, what ECC key length should it use? [BL3]
a. 160 bits
b. 512 bits
c. 1,024 bits
d. 2,048 bits
Answer : a.
Explanation: The elliptic curve cryptosystem requires significantly shorter keys to achieve
encryption that would be the same strength as encryption achieved with the RSA encryption
algorithm. A 1,024- bit RSA key is cryptographically equivalent to a 160-bit elliptic curve
cryptosystem key.
88. Which one of the following message digest algorithms is considered flawed and should
no longer be used? [BL2]
a. SHA-1
b. MD2
c. MD4
d. MD5
Answer : C.
Explanation: The MD4 algorithm has documented flaws that produce collisions, rendering it
useless as a hashing function for secure cryptographic applications.
89. Which one of the following message digest algorithms is the current U.S.
government standard in use by secure federal information processing systems? [BL2]
a. SHA-1
b. MD2
c MD4
d. MD5
Explanation: SHA-1 is the current U.S. government standard, as defined in the Secure Hashing
Standard (SHS), also known as Federal Information Processing Standard (FIPS) 180. Several
newer algorithms (such as SHA-256, SHA-384, and SHA-512) are being considered to replace
SHA-1 and make it cryptographically compatible with the stronger Advanced Encryption
Standard.
90. Richard received an encrypted message sent to him from Sue. Which key should he use
to decrypt the message? [BL3]
a. Richard's public key
b. Richard's private key
c. Sue's public key
d. Sue's private key.
Explanation: Sue would have encrypted the message using Richard’s public key. Therefore,
Richard needs to use the complementary key in the key pair, his private key, to decrypt the
message.
91. Richard would like to digitally sign a message he’s sending to Sue so that Sue can be sure
the message came from him without modification while in transit. Which key should he use to
encrypt the message digest? [BL3]
a. Richard's public key
b. Richard's private key
c. Sue's public key
d. Sue's private key.
Explanation: Richard should encrypt the message digest with his own private key. When Sue
receives the message, she will decrypt the digest with Richard’s public key and then compute the
digest herself. If the two digests match, she can be assured that the message truly originated from
Richard
92. Which one of the following algorithms is not supported by the Digital Signature
Standard? [BL3]
a. Digital Signature Algorithm
b. RSA
c. El Gamal DSA
d. Elliptic Curve DSA
Explanation: The Digital Signature Standard allows federal government use of the Digital
Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing
function to produce secure digital signatures.
93. Which International Telecommunications Union (ITU) standard governs the creation
and endorsement of digital certificates for secure electronic communication? [BL3]
a. X.500
b. X.509
c. X.900
d. X.905
Explanation: X.509 governs digital certificates and the public key infrastructure (PKI). It
defines the appropriate content for a digital certificate and the processes used by certificate
authorities to generate and revoke certificates.
94. What is the major disadvantage of using certificate revocation lists? [BL3]
a. Key management
b. Latency
c. Record keeping
d. Vulnerability to brute force attacks
Explanation: Certificate revocation lists (CRLs) introduce an inherent latency to the certificate
expiration process due to the time lag between CRL distributions.
95. The standard used in digital certificates that defines its structure, fields, and values is [BL3]
a. kerberos
b. End-to-end encryption
c. X.509
d. none of the above
Explanation: X.509 is the standard used in digital certificates that defines its structure, fields, and
values
98. The man-in-middle attack can endanger the security of the Diffie-Hellman method if two
parties are not [BL2]
a. Authenticated
b. joined
c. Submit
d. Separate
Explanation: The man-in-middle attack can endanger the security of the Diffie-Hellman method
if two parties are notAuthenticated
99. The method provides a one-time session key for two parties. [BL2]
a) Diffie-Hellman
b) RSA
c) DES
d) AES
Answer: a
Explanation: the Diffie Hellman method provides a one-time session key for two parties