Chapter 4: Cryptography, Access Control, and Obscuring Data

Questions and Answers

What is the science of making and breaking secret codes called?

• Cybersecurity
• Algorithmia
• Cryptography (correct)
• Steganography

In which circles did the history of cryptography start according to the text?

• Scientific circles
• Diplomatic circles (correct)
• Educational circles
• Military circles

What is a series of well-defined steps used to encrypt and decrypt messages called?

• Protocol
• Firewall
• Keychain
• Cipher (correct)

What is the concept used to store and transmit data so only the intended recipient can read it?

Cryptography (A)

Before diplomatic circles, where did the history of cryptography have its origins?

Military communications (C)

What is used in modern cryptography to make sure cyber criminals cannot easily compromise protected information?

Complex algorithms (D)

What is the main difference between symmetric and asymmetric encryption?

Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses different keys. (C)

What type of encryption system allows any person to encrypt a message using the receiver's public key?

Public-key encryption system (C)

Which encryption method uses a pre-shared key for encrypting and decrypting data?

Symmetric encryption (B)

In asymmetric encryption, which key is kept private?

Private key (A)

What is a characteristic of symmetric algorithms compared to asymmetric algorithms?

Symmetric algorithms use the same key for both encryption and decryption. (B)

How do parties exchange secure messages in a public-key encryption system?

By using the public key of the receiver (D)

Which encryption standard uses a 64-bit block size and a 56-bit key?

3DES (D)

How many rounds of transformations does IDEA perform on each block?

Eight (B)

Which encryption algorithm was the replacement for DES?

IDEA (A)

What does AES stand for?

Advanced Encryption Standard (C)

In asymmetric encryption, how many keys are used for encryption and decryption?

Two different keys for encryption and decryption (B)

Which encryption standard is used by the U.S. government to protect classified information?

AES (B)

What is the main purpose of a VPN?

To create a secure communication channel over a public network (D)

Which protocol suite is specifically designed to provide secure services over networks?

IPsec (A)

What does IPsec provide for remote sites in terms of data exchange?

Encrypted and verified information exchange (D)

Why is data in use a growing concern for organizations?

Because users need to open and change the data (D)

What is the primary goal of physical access controls?

To prevent unauthorized users from gaining physical access to facilities (A)

Which type of controls aim to prevent direct contact with systems?

Physical Access Controls (B)

What type of access control restricts the actions that a subject can perform on an object?

Mandatory access control (MAC) (B)

Which type of access control grants or restricts object access determined by the object's owner?

Discretionary access control (DAC) (A)

In role-based access control (RBAC), what are roles based on?

Job functions within an organization (D)

What do administrative access controls focus on?

Personnel and business practices (A)

Which type of access control uses tools and protocols for identification, authentication, authorization, and accountability?

Logical Access Controls (C)

What aspect of access controls does discretionary access control (DAC) emphasize?

Object owner's permissions (D)