Professional Documents
Culture Documents
The ____ is unsuitable for a connectionless type of application because it requires the overhead of a
handshake before any connectionless transmission, effectively negating the chief characteristic of a
connectionless transaction.
Selected Answer:
challenge-response approach
Question 2
We use a cubic equation in which the variables and coefficients all take on values in the set of integers
from 0 through p - 1 and in which calculations are performed modulo p for a ____ over Zp.
Selected Answer:
elliptic curves
Question 3
The Diffie-Hellman key exchange formula for calculation of a secret key by User A is:
Selected Answer:
K = nA x PB
Question 4
For a _____ defined over GF(2m), the variables and coefficients all take on values in GF(2m) and in
calculations are performed over GF(2m).
Selected Answer:
binary curve
Question 5
The ___ attack is when the attacker is looking for two messages Mand M1 that produce the same hash:
H(M) =H(M1)
Selected Answer:
birthday
Question 6
"The sender ‘signs’ a message with its private key. Signing is achieved by a cryptographic algorithm
applied to the message or to a small block of data that is a function of the message," is a description of a
_____ .
Selected Answer:
digital signature
Question 7
The key algorithmic ingredients of ___ are the AES encryption algorithm, the CTR mode of operation,
and the CMAC authentication algorithm.
Selected Answer:
CCM
Question 8
With the ____ scheme, if an adversary succeeds in obtaining or computing the private key of the
directory authority, the adversary could authoritatively pass out counterfeit public keys and
subsequently impersonate any participant and eavesdrop on messages sent to any participant.
Selected Answer:
Question 9
The ___ is the node that is attempting to access the network and may be any device that is managed by
the network access control system.
Selected Answer:
AR
Question 10
A hash function that satisfies the properties of variable input size, fixed output size, efficiency, preimage
resistant, second preimage resistant and ____ is referred to as a strong hash function.
Selected Answer:
collision resistant
Question 11
A CTR-based authenticated encryption approach is the most efficient mode of operation for high-speed
packet networks.
Selected Answer:
True
Question 12
A _____ accepts a variable length block of data as input and produces a fixed size hash value h=H(M).
Selected Answer:
hash function
Question 13
The cryptographic hash function requirement that guarantees that it is impossible to find an alternative
message with the same hash value as a given message and prevents forgery when an encrypted hash
code is used is the _____ .
Selected Answer:
Question 14
We define the _____ of an algorithm to be f(n) if, for all n and all inputs of length n the execution of the
algorithm takes at most f(n) steps. This is a common measure of the efficiency of an algorithm.
Selected Answer:
time complexity
Question 15
The security of any MAC function based on an embedded hash function depends in some way on the
cryptographic strength of the underlying hash function.
Selected Answer:
True
Question 16
Similar to the generic attack, except that the list of messages to be signed is chosen after the attacker
knows the user's public key but before any signatures are seen, is the ____ attack.
Selected Answer:
directed chosen
Question 17
The principal objective for developing a ___ is to enable secure, convenient and efficient acquisition of
public keys.
Selected Answer:
PKI
Question 18
The digital signature function does not include the authentication function.
Selected Answer:
False
Question 19
The ____ approach is unsuitable for a connectionless type of application because it requires the
overhead of a handshake before any connectionless transmission, effectively negating the chief
characteristic of a connectionless transaction.
Selected Answer:
challenge-response
Question 20
The ____ mode of operation was standardized by NIST specifically to support the security requirements
of IEEE 802.1 WiFi wireless local area networks but can be used in any networking application requiring
authenticated encryption.
Selected Answer:
CCM
Question 21
The more frequently session keys are exchanged the more ____ they are because the opponent has less
ciphertext to work with for any given session key.
Selected Answer:
secure
Question 22
Eq(a,b) is an elliptic curve with parameters a, b, and q, where ___ is a prime or an integer of the form
2m.
Selected Answer:
Question 23
The topics of cryptographic key management and cryptographic key distribution are complex, involving
cryptographic, protocol, and management considerations.
Selected Answer:
True
Question 24
Selected Answer:
Eq(a,b)
Question 25
If three points on an elliptic curve lie on a straight line their sum is ____
Selected Answer:
Question 26
A(n) _____ G is a set of elements with a binary operation, denoted by *, that associates to each ordered
pair (a,b) of elements in G an element ( a*b) in G.
Selected Answer:
group
Question 27
If collision resistance is required the value ___ determines the strength of the hash code against brute-
force attacks.
Selected Answer:
2m/2
Question 28
The _______, which is the latest of the RSA schemes, is the one that RSA Laboratories recommends as
the most secure of the RSA schemes.
Selected Answer:
RSA-PSS
Question 29
Network access control authenticates users logging into the network and determines what data they can
access and actions they can perform.
Selected Answer:
True
Question 30
The principal attraction of ____, compared to RSA, is that it appears to offer equal security for a far
smaller key size, thereby reducing processing overhead
Selected Answer:
Question 31
A _____ is an algorithm for which it is computationally infeasible to find either (a) a data object that
maps to a pre-specified hash result or (b) two data objects that map to the same hash result.
Selected Answer:
Question 32
The first stage in generating an RSA-PSS signature of a message Mis to generate from Ma fixed-length
message digest, called an ______.
Selected Answer:
encoded message
Question 33
____ is an extension of identity management to multiple security domains such as autonomous internal
business units, external business partners and other third party applications and services with the goal
of sharing digital identities so that a user can be authenticated a single time and then access applications
and resources across multiple domains.
Selected Answer:
Kerberos
Question 34
With ___ authentication an opponent would have difficulty generating ciphertext that when decrypted
would have valid error control bits.
Selected Answer:
Question 35
It can be shown that some form of birthday attack will succeed against any hash scheme involving the
use of cipher block chaining without a secret key, provided that either the resulting hash code is small
enough or that a larger hash code can be decomposed into independent subcodes.
Selected Answer:
True
Question 36
To create a ____ a user calculates two quantities, r and s, that are functions of the public key
components (p, q, g), the user's private key (x), the hash code of the message H(M), and an additional
integer k that should be generated randomly or pseudorandomly and be unique for each signing.
Selected Answer:
signature
Question 37
X.509 is an important standard because the certificate structure and authentication protocols defined in
X.509 are used in a variety of contexts.
Selected Answer:
True
Question 38
Two issues to consider with the computation required to use RSA are encryption/decryption and ____ .
Selected Answer:
key generation
Question 39
In the digital signature algorithm the user's ____ is represented by x, which is a random or
pseudorandom integer with 0 < x < q.
Selected Answer:
public key
Question 40
A good hash function has the property that “the results of applying the function to a large set of inputs
will produce outputs that are evenly distributed and apparently random”.
Selected Answer:
True
Question 41
With a ____ attack the attacker is allowed to use the user as an "oracle". This means that the user may
request signatures of messages that depend on previously obtained message-signature pairs.
Selected Answer:
Question 42
The principal underlying standard for federated identity is the ____ which defines the exchange of
security information between online business partners.
Selected Answer:
SAML
Question 43
An alternative authentication technique involves the use of a secret key to generate a small fixed size
block of data known as a ____ or MAC that is appended to the message
Selected Answer:
cryp chechsum
Question 44
"Release of message contents to any person or process not possessing the appropriate cryptographic
key" is a ____ attack.
Selected Answer:
disclosure
Question 45
The ____ is a set of policies, processes, server platforms, software and workstations used for the purpose
of administering certificates and public-private key pairs, including the ability to issue, maintain, and
revoke public key certificates.
Selected Answer:
Question 46
____ indicates a restriction imposed as to the purposes for which, and the policies under which, the
certified public key may be used.
Selected Answer:
Key usage
Question 47
The approach taken by the Transport Layer Security protocol and the Wireless Transport Layer Security
Protocol involve invoking HMAC ___ for each block of output wi.
Selected Answer:
twice
Question 48
A service to solve the problem of minimizing the number of times that a user has to enter a password
and the risk of an eavesdropper capturing the password and using it is known as the ____ .
Selected Answer:
Question 49
The appeal of ____ is that its designers have been able to prove an exact relationship between the
strength of the embedded hash function and the strength of this form of authentication.
Selected Answer:
HMAC
Question 50
When an entire message is encrypted for confidentiality using either symmetric or asymmetric
encryption the security of the scheme generally depends on the ____ of the key.
Selected Answer:
bit length
Question 51
Selected Answer:
False
Question 52
Selected Answer:
identity management
Question 53
The ____ key exchange involves multiplying pairs of nonzero integers modulo a prime number q. Keys
are generated by exponentiation over the group with exponentiation defined as repeated multiplication.
Selected Answer:
Diffie-Hellman
Question 54
The ____ mode of operation is designed to be parallelizable so that it can provide high throughput with
low cost and low latency.
Selected Answer:
GCM
Question 55
Intended to provide an integrity check as part of the encryption operation, encryption in Kerberos
Version 4 makes use of a nonstandard mode of DES known as ____. It has been demonstrated that this
mode is vulnerable to an attack involving the interchange of ciphertext blocks.
Selected Answer:
Question 56
The ____ protocol enables two users to establish a secret key using a public-key scheme based on
discrete logarithms.
Selected Answer:
Diffie-Hellman
Question 57
A ____ GF(2m) consists of 2m elements together with addition and multiplication operations that can be
defined over polynomials.
Selected Answer:
finite field
Question 58
The hash algorithm involves repeated use of a ____ function,f, that takes two inputs (an n-bit input and a
b-bit block) and produces an n-bit output.
Selected Answer:
compression
Question 59
"Given a hash function H, with n possible outputs and a specific value H(x), if H is applied to k random
inputs, what must be the value of k so that the probability that at least one input y satisfies H(y) =H(x) is
0.5" is a reference to the ____ .
Selected Answer:
birthday attack
Question 60
A single algorithm that will calculate the greatest common divisor (gcd) of two integers and, if the gcd is
1, determine the inverse of one of the integers modulo the other, is the ____ algorithm.
Selected Answer:
Euclidean
Question 61
A solution, which eliminates the burden of each server having to confirm the identities of clients who
request service, is to use an ____ that knows the passwords of all users and stores these in a centralized
database and shares a unique secret key with each server.
Selected Answer:
authentication server
Question 62
Typically the session key is used for the duration of a logical connection, such as a frame relay connection
or transport connection, and then it is permanently stored.
Selected Answer:
False
Question 63
It must be computationally infeasible to forge a digital signature, either by constructing a new message
for an existing digital signature or by constructing a fraudulent digital signature for a given message.
Selected Answer:
True
Question 64
Broad network access, measured service, resource pooling, and rapid elasticity are essential
characteristics of _____.
Selected Answer:
cloud computing
Question 65
The Secure Hash Algorithm design closely models, and is based on, the hash function ____ .
Selected Answer:
MD4