Question 1

The ____ is unsuitable for a connectionless type of application because it requires the overhead of a
handshake before any connectionless transmission, effectively negating the chief characteristic of a
connectionless transaction.

Selected Answer:

challenge-response approach

Question 2

We use a cubic equation in which the variables and coefficients all take on values in the set of integers
from 0 through p - 1 and in which calculations are performed modulo p for a ____ over Zp.

Selected Answer:

elliptic curves

Question 3

The Diffie-Hellman key exchange formula for calculation of a secret key by User A is:

Selected Answer:

K = nA x PB

Question 4

For a _____ defined over GF(2m), the variables and coefficients all take on values in GF(2m) and in
calculations are performed over GF(2m).

Selected Answer:

binary curve
Question 5

The ___ attack is when the attacker is looking for two messages Mand M1 that produce the same hash:
H(M) =H(M1)

Selected Answer:

birthday

Question 6

"The sender ‘signs’ a message with its private key. Signing is achieved by a cryptographic algorithm
applied to the message or to a small block of data that is a function of the message," is a description of a
_____ .

Selected Answer:

digital signature

Question 7

The key algorithmic ingredients of ___ are the AES encryption algorithm, the CTR mode of operation,
and the CMAC authentication algorithm.

Selected Answer:

CCM

Question 8
With the ____ scheme, if an adversary succeeds in obtaining or computing the private key of the
directory authority, the adversary could authoritatively pass out counterfeit public keys and
subsequently impersonate any participant and eavesdrop on messages sent to any participant.

Selected Answer:

publicly available directory

Question 9

The ___ is the node that is attempting to access the network and may be any device that is managed by
the network access control system.

Selected Answer:

AR

Question 10

A hash function that satisfies the properties of variable input size, fixed output size, efficiency, preimage
resistant, second preimage resistant and ____ is referred to as a strong hash function.

Selected Answer:

collision resistant

Question 11

A CTR-based authenticated encryption approach is the most efficient mode of operation for high-speed
packet networks.
Selected Answer:

True

Question 12

A _____ accepts a variable length block of data as input and produces a fixed size hash value h=H(M).

Selected Answer:

hash function

Question 13

The cryptographic hash function requirement that guarantees that it is impossible to find an alternative
message with the same hash value as a given message and prevents forgery when an encrypted hash
code is used is the _____ .

Selected Answer:

second preimage resistant

Question 14

We define the _____ of an algorithm to be f(n) if, for all n and all inputs of length n the execution of the
algorithm takes at most f(n) steps. This is a common measure of the efficiency of an algorithm.

Selected Answer:

time complexity

Question 15

The security of any MAC function based on an embedded hash function depends in some way on the
cryptographic strength of the underlying hash function.
Selected Answer:

True

Question 16

Similar to the generic attack, except that the list of messages to be signed is chosen after the attacker
knows the user's public key but before any signatures are seen, is the ____ attack.

Selected Answer:

directed chosen

Question 17

The principal objective for developing a ___ is to enable secure, convenient and efficient acquisition of
public keys.

Selected Answer:

PKI

Question 18

The digital signature function does not include the authentication function.

Selected Answer:

False

Question 19
The ____ approach is unsuitable for a connectionless type of application because it requires the
overhead of a handshake before any connectionless transmission, effectively negating the chief
characteristic of a connectionless transaction.

Selected Answer:

challenge-response

Question 20

The ____ mode of operation was standardized by NIST specifically to support the security requirements
of IEEE 802.1 WiFi wireless local area networks but can be used in any networking application requiring
authenticated encryption.

Selected Answer:

CCM

Question 21

The more frequently session keys are exchanged the more ____ they are because the opponent has less
ciphertext to work with for any given session key.

Selected Answer:

secure

Question 22

Eq(a,b) is an elliptic curve with parameters a, b, and q, where ___ is a prime or an integer of the form
2m.
Selected Answer:

Question 23

The topics of cryptographic key management and cryptographic key distribution are complex, involving
cryptographic, protocol, and management considerations.

Selected Answer:

True

Question 24

An encryption/decryption system requires a point G and an elliptic group ___ as parameters.

Selected Answer:

Eq(a,b)

Question 25

If three points on an elliptic curve lie on a straight line their sum is ____

Selected Answer:

Question 26

A(n) _____ G is a set of elements with a binary operation, denoted by *, that associates to each ordered
pair (a,b) of elements in G an element ( a*b) in G.

Selected Answer:
group

Question 27

If collision resistance is required the value ___ determines the strength of the hash code against brute-
force attacks.

Selected Answer:

2m/2

Question 28

The _______, which is the latest of the RSA schemes, is the one that RSA Laboratories recommends as
the most secure of the RSA schemes.

Selected Answer:

RSA-PSS

Question 29

Network access control authenticates users logging into the network and determines what data they can
access and actions they can perform.

Selected Answer:

True

Question 30

The principal attraction of ____, compared to RSA, is that it appears to offer equal security for a far
smaller key size, thereby reducing processing overhead
Selected Answer:

Elliptic Curve Cryptography

Question 31

A _____ is an algorithm for which it is computationally infeasible to find either (a) a data object that
maps to a pre-specified hash result or (b) two data objects that map to the same hash result.

Selected Answer:

cryptographic hash function

Question 32

The first stage in generating an RSA-PSS signature of a message Mis to generate from Ma fixed-length
message digest, called an ______.

Selected Answer:

encoded message

Question 33

____ is an extension of identity management to multiple security domains such as autonomous internal
business units, external business partners and other third party applications and services with the goal
of sharing digital identities so that a user can be authenticated a single time and then access applications
and resources across multiple domains.

Selected Answer:

Kerberos
Question 34

With ___ authentication an opponent would have difficulty generating ciphertext that when decrypted
would have valid error control bits.

Selected Answer:

internal error control

Question 35

It can be shown that some form of birthday attack will succeed against any hash scheme involving the
use of cipher block chaining without a secret key, provided that either the resulting hash code is small
enough or that a larger hash code can be decomposed into independent subcodes.

Selected Answer:

True

Question 36

To create a ____ a user calculates two quantities, r and s, that are functions of the public key
components (p, q, g), the user's private key (x), the hash code of the message H(M), and an additional
integer k that should be generated randomly or pseudorandomly and be unique for each signing.

Selected Answer:

signature

Question 37

X.509 is an important standard because the certificate structure and authentication protocols defined in
X.509 are used in a variety of contexts.
Selected Answer:

True

Question 38

Two issues to consider with the computation required to use RSA are encryption/decryption and ____ .

Selected Answer:

key generation

Question 39

In the digital signature algorithm the user's ____ is represented by x, which is a random or
pseudorandom integer with 0 < x < q.

Selected Answer:

public key

Question 40

A good hash function has the property that “the results of applying the function to a large set of inputs
will produce outputs that are evenly distributed and apparently random”.

Selected Answer:

True

Question 41
With a ____ attack the attacker is allowed to use the user as an "oracle". This means that the user may
request signatures of messages that depend on previously obtained message-signature pairs.

Selected Answer:

adaptive chosen message

Question 42

The principal underlying standard for federated identity is the ____ which defines the exchange of
security information between online business partners.

Selected Answer:

SAML

Question 43

An alternative authentication technique involves the use of a secret key to generate a small fixed size
block of data known as a ____ or MAC that is appended to the message

Selected Answer:

cryp chechsum

Question 44

"Release of message contents to any person or process not possessing the appropriate cryptographic
key" is a ____ attack.

Selected Answer:
disclosure

Question 45

The ____ is a set of policies, processes, server platforms, software and workstations used for the purpose
of administering certificates and public-private key pairs, including the ability to issue, maintain, and
revoke public key certificates.

Selected Answer:

Public Key Infrastructure

Question 46

____ indicates a restriction imposed as to the purposes for which, and the policies under which, the
certified public key may be used.

Selected Answer:

Key usage

Question 47

The approach taken by the Transport Layer Security protocol and the Wireless Transport Layer Security
Protocol involve invoking HMAC ___ for each block of output wi.

Selected Answer:

twice

Question 48
A service to solve the problem of minimizing the number of times that a user has to enter a password
and the risk of an eavesdropper capturing the password and using it is known as the ____ .

Selected Answer:

ticket granting server

Question 49

The appeal of ____ is that its designers have been able to prove an exact relationship between the
strength of the embedded hash function and the strength of this form of authentication.

Selected Answer:

HMAC

Question 50

When an entire message is encrypted for confidentiality using either symmetric or asymmetric
encryption the security of the scheme generally depends on the ____ of the key.

Selected Answer:

bit length

Question 51

The global public key components for DSA are p, q, and h.

Selected Answer:

False
Question 52

A centralized, automated approach to provide enterprise-wide access to resources by employees and

other authorized individuals with a focus of defining an identity for each user, associating attributes with
the identity, and enforcing a means by which a user can verify identity is ____ .

Selected Answer:

identity management

Question 53

The ____ key exchange involves multiplying pairs of nonzero integers modulo a prime number q. Keys
are generated by exponentiation over the group with exponentiation defined as repeated multiplication.

Selected Answer:

Diffie-Hellman

Question 54

The ____ mode of operation is designed to be parallelizable so that it can provide high throughput with
low cost and low latency.

Selected Answer:

GCM

Question 55

Intended to provide an integrity check as part of the encryption operation, encryption in Kerberos
Version 4 makes use of a nonstandard mode of DES known as ____. It has been demonstrated that this
mode is vulnerable to an attack involving the interchange of ciphertext blocks.
Selected Answer:

propagating cipher block chaining

Question 56

The ____ protocol enables two users to establish a secret key using a public-key scheme based on
discrete logarithms.

Selected Answer:

Diffie-Hellman

Question 57

A ____ GF(2m) consists of 2m elements together with addition and multiplication operations that can be
defined over polynomials.

Selected Answer:

finite field

Question 58

The hash algorithm involves repeated use of a ____ function,f, that takes two inputs (an n-bit input and a
b-bit block) and produces an n-bit output.

Selected Answer:

compression

Question 59
"Given a hash function H, with n possible outputs and a specific value H(x), if H is applied to k random
inputs, what must be the value of k so that the probability that at least one input y satisfies H(y) =H(x) is
0.5" is a reference to the ____ .

Selected Answer:

birthday attack

Question 60

A single algorithm that will calculate the greatest common divisor (gcd) of two integers and, if the gcd is
1, determine the inverse of one of the integers modulo the other, is the ____ algorithm.

Selected Answer:

Euclidean

Question 61

A solution, which eliminates the burden of each server having to confirm the identities of clients who
request service, is to use an ____ that knows the passwords of all users and stores these in a centralized
database and shares a unique secret key with each server.

Selected Answer:

authentication server

Question 62

Typically the session key is used for the duration of a logical connection, such as a frame relay connection
or transport connection, and then it is permanently stored.

Selected Answer:
False

Question 63

It must be computationally infeasible to forge a digital signature, either by constructing a new message
for an existing digital signature or by constructing a fraudulent digital signature for a given message.

Selected Answer:

True

Question 64

Broad network access, measured service, resource pooling, and rapid elasticity are essential
characteristics of _____.

Selected Answer:

cloud computing

Question 65

The Secure Hash Algorithm design closely models, and is based on, the hash function ____ .

Selected Answer:

MD4