Chapter 4: Cryptography, Access Control, and Obscuring Data

Questions and Answers

What is the science of making and breaking secret codes called?

Cybersecurity

Algorithmia

Cryptography (correct)

Steganography

In which circles did the history of cryptography start according to the text?

Scientific circles

Diplomatic circles (correct)

Educational circles

Military circles

What is a series of well-defined steps used to encrypt and decrypt messages called?

Protocol

Firewall

Keychain

Cipher (correct)

What is the concept used to store and transmit data so only the intended recipient can read it?

Cryptography

Before diplomatic circles, where did the history of cryptography have its origins?

Military communications

What is used in modern cryptography to make sure cyber criminals cannot easily compromise protected information?

Complex algorithms

What is the main difference between symmetric and asymmetric encryption?

Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses different keys.

What type of encryption system allows any person to encrypt a message using the receiver's public key?

Public-key encryption system

Which encryption method uses a pre-shared key for encrypting and decrypting data?

Symmetric encryption

In asymmetric encryption, which key is kept private?

Private key

What is a characteristic of symmetric algorithms compared to asymmetric algorithms?

Symmetric algorithms use the same key for both encryption and decryption.

How do parties exchange secure messages in a public-key encryption system?

By using the public key of the receiver

Which encryption standard uses a 64-bit block size and a 56-bit key?

3DES

How many rounds of transformations does IDEA perform on each block?

Eight

Which encryption algorithm was the replacement for DES?

IDEA

What does AES stand for?

Advanced Encryption Standard

In asymmetric encryption, how many keys are used for encryption and decryption?

Two different keys for encryption and decryption

Which encryption standard is used by the U.S. government to protect classified information?

AES

What is the main purpose of a VPN?

To create a secure communication channel over a public network

Which protocol suite is specifically designed to provide secure services over networks?

IPsec

What does IPsec provide for remote sites in terms of data exchange?

Encrypted and verified information exchange

Why is data in use a growing concern for organizations?

Because users need to open and change the data

What is the primary goal of physical access controls?

To prevent unauthorized users from gaining physical access to facilities

Which type of controls aim to prevent direct contact with systems?

Physical Access Controls

What type of access control restricts the actions that a subject can perform on an object?

Mandatory access control (MAC)

Which type of access control grants or restricts object access determined by the object's owner?

Discretionary access control (DAC)

In role-based access control (RBAC), what are roles based on?

Job functions within an organization

What do administrative access controls focus on?

Personnel and business practices

Which type of access control uses tools and protocols for identification, authentication, authorization, and accountability?

Logical Access Controls

What aspect of access controls does discretionary access control (DAC) emphasize?

Object owner's permissions