Inferential Statistics Quiz

Questions and Answers

Which statistic applied to census data from the Czech Republic would result in inference?

• The average monthly income of programmers in a small village (100 citizens) between ages 60 and 70. (correct)
• The average age of citizens who own a company.
• The average monthly income of programmers in Brno between ages 20 and 30.
• The number of citizens who have permanent residence in a small village (100 citizens) between ages 60 and 70.

Which statement is true about the XOR operation?

• It preserves linear relations between the operands.
• It depends only on the most significant bits of the operands.
• It detects if the operands are the same.
• It is commutative (i.e., A XOR B = B XOR A). (correct)

Which of the following statements about the man-in-the-middle attack in the Diffie-Hellman protocol is correct?

• The attacker re-encrypts the communication of two parties. (correct)
• Authentication of the parties allows the attack.
• The attacker is authenticated for both parties.
• The attacker shares two different symmetric keys with the parties.

Which statement about the risk rating matrix in the context of qualitative risk assessment is true?

A level of risk of a given high probable threat can be low if the impact rating is very low. (D)

Which of the following statements about the man-in-the-middle attack in the Diffie-Hellman protocol is correct?

The attacker is able to communicate with each of the parties. (B)

Which statement about the XOR operation is true?

It can be viewed as bitwise multiplication modulo 2. (A)

Which of the following statements regarding risk analysis matrices is incorrect?

The matrix value represents the estimated annual loss expectancy (ALE). (D)

Which of the following statements about Message Authentication Codes (MACs) is false?

Collision resistance is important for MAC, like for cryptographic hash functions. (C)

According to the Common Criteria, pseudonymity ensures that a user may use a resource or service:

Through the TSF not providing a capability to determine the original user identity based on a provided alias. (A)

Which of the following is not a good rule of thumb in real-world software security?

Implement cryptographic functions yourself if the library you are using becomes unmaintained. (C)

Which of the following statements about active network monitoring is false?

It is typically used to bypass network encryption. (B)

Which of the following is not an effective way to improve the security of password-based authentication?

Using short passwords in a double-bluff, as they are obviously weak and no one will try to guess them. (B)

Study Notes

Inference in Census Data

• Inference occurs when applying statistics to census data from the Czech Republic, specifically when considering the average monthly income of programmers in a small village (100 citizens) between ages 60 and 70.

XOR Operation

• The XOR operation is commutative (A XOR B = B XOR A).
• It detects if the operands are different.
• It does not depend on the most significant bits of the operands.
• It cannot be viewed as bitwise multiplication modulo 2.

Man-in-the-Middle Attack

• A man-in-the-middle attack in the Diffie-Hellman protocol occurs when the attacker re-encrypts the communication of two parties.
• The attacker shares two different symmetric keys with parties.
• The attacker is able to communicate with each of the parties.
• The attacker performs the Diffie-Hellman protocol with each of the parties.

Risk Rating Matrix

• A level of risk of a given high probable threat can be low if the impact rating is very low.
• The level of risk depends on both the likelihood of a threat and the impact rating.
• The likelihood of a threat, as well as the cost of impact, is only estimated and not precisely computed.
• The matrix combines an impact rating and the probability that a threat occurs with successful exploitation.

MAC and Digital Signatures

• MAC requires a shared secret key, unlike a cryptographic hash function.
• Collision resistance is important for MAC, unlike for cryptographic hash functions.
• MAC is not a type of digital signature.
• HMAC is a standard that specifies the construction of MAC from cryptographic hash functions.

Pseudonymity

• Pseudonymity ensures that a user may use a resource or service through the TSF (Target of Evaluation Security Functions) not providing a capability to determine the original user identity based on a provided alias.

Software Security Rules of Thumb

• Do not implement cryptographic functions yourself even if the library you are using becomes unmaintained.
• View all user inputs as potentially harmful.
• Dedicate enough time to security education.

Active Network Monitoring

• It often inserts new traffic into the network.
• It is typically more powerful than passive network monitoring.
• It usually acquires the information from actively sent network probes (network packets).

Improving Password-Based Authentication

• Improve security by adding another factor (e.g., hardware token) to the authentication scheme.
• Use a strong unique password for each service.
• Increase the entropy/randomness of passwords.

Description

Test your knowledge of inferential statistics concepts with this quiz question about applying statistics to census data from the Czech Republic. Determine which statistic would lead to a valid inference based on the given scenarios.