.png){kind=logo}
PDF Download
CYBER TEST 1: REVIEW QUESTIONS
Actual Qs and Ans - Expert-Verified Explanation -Guaranteed passing score -28 Questions and Answers
-Format: Multiple-choice / Flashcard
Question 1: Briefly describe the three schemes illustrated in Figure 3.
Answer:
What properties must a hash function have to be useful for message authentication?
Question 2: Describe the general concept of a challenge-response protocol.
Answer:
It's an authentication process that verifies an identity by requiring correct authentication information to be provided in response to a challenge. In a computer system, the authentication information is usually a value that is required to be computed in response to an unpredictable challenge value.
Question 3: CIA triad
Answer:
Confidentiality:
*data confidentiality-assures private or confidential info is not made available or disclosed to unauthorized individuals *privacy - insures that the individuals control or influence what information about them is collected and stored
Integrity:
*data integrity: assures that information and programs are changed only in a specified and authorized manner *system integrity: assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertant unauthorized manipulation of the system Availability: assures that systems work promptly and service is not denied to authorized users.
Question 4: How many keys are required for two people to communicate via a symmetric cipher?
Answer:
One key is required. Both sender and receiver need to the secret key to decipher the message.
Question 5: What are the essential ingredients of a symmetric cipher?
Answer:
*plaintext --> *encryption algorithm --> *secret key --> *ciphertext --> *decryption algorithm
Question 6: List three approaches to message authentication.
Answer:
*one destination responsible for monitoring authentication Question 7: What are the two principal requirements for the secure use of symmetric encryption?
Answer:
*strong encryption algorithm *sender and receiver must both have the secret key Question 8: Define the terms false match rate and false nonmatch rate, and explain the use of a threshold in relationship to these two rates.
Answer:
*False match rate - the frequency with which biometric samples from different sources are erroneously assessed to be from the same source *false nonmatch rate - frequency with which samples from the same source are erroneously assessed to be from different sources *the decision threshold exists between the two bell curves of the false nonmatch bell curve and the false match bell curve
Question 9: define 'computer security'
Answer:
the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, informationdata, and telecommunications)
Question 10: What is a message authentication code?
Answer:
aka MAC, and "cryptographic checksum" An authenticator that is a cryptographic function of both the data to be authenticated and a secret key.Question 11: List and briefly describe the principal threats to the secrecy of passwords.
Answer:
1. offline dictionary attack: *obtain the system password file
*then compares the password hashes against hashes of commonly used passwords *hacker finally gains access with username/password combo
- specific acccount attack: the attacker guesses the password, one solution is to create a lockout
mechanism
- popular password attack: combination of dicitionary and specific account attack
- workstation hijacking: hacker waits until a workstation is unnattended, one solution is to automate a
log out when the
- password guessing against single user: attacker attempts to gain info about acct holder and policies,
- exploiting user mistakes: finding the password written down or stored in the computer
- exploiting multiple password use
using this knowledge to make an educated guess of -p
8:electronic monitoring: aka eavesdropping Question 12: In the context of biometric user authentication, explain the terms, enrollment, verification, and identification.
Answer:
*verification: analogous to a user logging on to a system by using a memory card or smart card coupled with a password or PIN, user enters pin and also uses a biometric sensor. System compares biometrics with the stored biometric template
*identification: means only using the biometric sensor to confirm identity
Question 13: non-repudiation
Answer:
assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the information.
Question 14: What is a public-key certificate?
Answer:
How can public-key encryption be used to distribute a secret key?
Question 15: german eID (POLL12) stores....
Answer:
*personal data: name, date of birth, etc
*document number: unique nine characters
*card access number(CAN):six digit random decimal printed on front of card, used as password *machine readable zone (MRZ): three lines of human- and machine readable text on the back of the card, may also be used as password
Question 16: What are the principal ingredients of a public-key cryptosystem?
Answer:
List and briefly define three uses of a public-key cryptosystem.
Question 17: asset
Answer:
a major application, general support system, high impact program, physical plant, mission critical system, or a logically related group of systems
Question 18: What is the difference between a private key and a secret key?
Answer:
What is a digital signature?Question 19: other than the CIA triad, what are two other common security objectives?
Answer:
authenticity:
accountability:
Question 20: Explain the difference between an attack surface and an attack tree.
Answer:
*attack surface: any reachable and exploitable vulnerabilities in a system
-ex's: open ports on outward facing web other servers, and code listening on those ports. services available on the inside of a firewall. code that processes incoming data, email, XML, office documents, and industry specific custom data exchange formats. interfaces, SQL, and Web Forms. An employee with access to sensitive information vulnerable to a social engineering attack.
.png)