ICS 491 Final Review Questions PDF
Document Details
Uploaded by SpeedyEuphemism6566
ICS
Tags
Summary
This is a past paper for ICS 491, covering questions and answers on topics in cryptography and security, such as AES, SHA-1, Diffie-Hellman, password cracking, and various encryption algorithms. The paper is suitable for an undergraduate-level course.
Full Transcript
ICS 491_Final Review Questions A.) Select the correct answer in the following: 1. The AES key length is A) 512 bit B) 255 bit C) 128 bit D) 160 bit 2. SHA-1 produces a hash value of A) 256 bit. B) 1...
ICS 491_Final Review Questions A.) Select the correct answer in the following: 1. The AES key length is A) 512 bit B) 255 bit C) 128 bit D) 160 bit 2. SHA-1 produces a hash value of A) 256 bit. B) 160 bit. C) 384 bit. D) 180 bit. 3. Diffie-Hellman algorithm is used for ______________ A) Message authentication. B) Message integrity. C) Message Splashing. D) One-time session key exchange. 4. -------------------- is the input of encryption algorithm A) Ciphertext B) Plaintext C) Secret key D) Private key 5. Mailboxes are an example of _______________ in access control A) Subject B) Object C) Access rights D) All of previous 6. _______________ is an example of simple transposition cipher algorithm. A) Caesar Cipher B) AES algorithm C) One-Time Pad D) DES algorithm 7. The “man-in-the-middle” attack is attack against: A) Hash functions. B) Symmetric key algorithm. C) DES algorithm. D) Public-key algorithms. ICS 491_Final Review Questions 8. The key size of Data Encryption Standard (DES) is equal to _____________ A) 125 bit B) 156 bit C) 64 bit D) 56 bit B.) State if the following statements are True (T) or False (F): Sr. Statement True /False The traditional approach to password cracking is password 1 T guessing. 2 User education is one of password vulnerability. F 3 DES algorithm uses 10 rounds. F Random numbers use to generate stream key for 4 T symmetric stream cipher. Asymmetric key means that sender and receiver each use a 5 F same key. Hash function can be applied to a stream of data of any 6 F size. ICS 491_Final Review Questions Question (2): Underline the word which makes the following sentence true 1. (Bloom filter, User education), is one of proactive password checking. 2. (Substitution, Permutation) cipher replaces one symbol with another. 3. (Block, Stream) cipher process messages a bit or byte at a time. 4. Digital signature technique does not provide (integrity, confidentiality). 5. (DES, ECC) is a single key algorithm. 6. (SHA-256, SHA-384) produces 256-bit hash value. 7. Voice pattern, handwriting, and typing rhythm are samples for (Static, Dynamic) Biometrics. 8. (AES, ECC), Security like RSA algorithm, but with much smaller keys ICS 491_Final Review Questions Question No. (3) A.) Identify the following security threats write a suitable term; select it from the table below. A Replay Attack B Specific account attack C Denial-of-Service Attack D Network attack E Active Attack Write the correct letter as an answer: No. Security attack Term 1 Attempts to alter system resources or affect their operation. E 2 Adversary repeats a previously captured user response. A Attempts to disable a user authentication service by flooding 3 C the service with numerous authentication attempts The attacker targets a specific account and submits 4 B password guesses until the correct password is discovered Refers to vulnerabilities over an enterprise network, wide- 5 D area network, or the Internet B.) Give the term, which match the following block cipher operation modes described below; select the term it from below list (3 marks). Cipher Block Chaining Cipher Feedback A B C Counter (CTR) (CBC) (CFB) Write the correct letter as an answer: Sr. Scenarios Term 1 Each block of plaintext is XORed with an encrypted counter. C The input to the encryption algorithm is the XOR of the next A 2 64 bit of plaintext and the preceding 64 bit of ciphertext Preceding Ciphertext is used as input to the encryption B 3 algorithm to produce pseudorandom output, which is XORed with plaintext to produce next unit of ciphertext. ICS 491_Final Review Questions Question No. (4) For the given scenarios, notations, which describe different security issues, notations, match it with the suitable security concepts, selected from below list. Digital Message Digital Denial-of- A Signature B C D Authentication Envelopes Service Attack Standard (DSS) Diffie-Hellman AES E F Block Cipher G H Access right Key Exchange Algorithm Write the correct letter as an answer Security No. Scenarios concept Practical method to exchange a secret key securely that can 1 E then be used for subsequent encryption of messages Protects a message without needing to first arrange for 2 C sender and receiver to have the same secret key Protects against active attacks and verifies received 3 B message is authentic 4 Describes the way in which a subject may access an object H Consists of a sequence of rounds with substitutions and 5 F permutations controlled by key 6 It uses three different key sizes: 128, 192, 256. G 7 Cannot be used for encryption or key exchange A Attempts to disable a user authentication service by 8 flooding the service with numerous authentication D attempts ICS 491_Final Review Questions Question No. (5) A.) Perform the following RSA key generation steps. Each step must satisfy the requirements for a legitimate RSA key. a) Find the value of n if p=5 and q =11 N=p*q=5*11=55 b) Compute φ(n) φ(n) =(p-1) * (q-1) =4*10=40 c) If e= 23, compute a valid value for d? D=e^-1 mod φ(n)= d) Compute the cipher value for plaintext message m= 15 C=M^e mod n=15^23 mod n=20 [Hint: Use the figure below for RSA algorithm:] ICS 491_Final Review Questions B.) Users A and B wish to setup a common secret key (Diffie -Hellman key) between themselves using the Diffie-Hellman key exchange technique. They agree on q= 7 as the modulus and 𝜶 =3 as the primitive root. User A chooses 2 as private key XA and User B chooses 5 as private key XB Find: 1. User A’s public key? Ya= 𝜶 ^Xa mod q…=…3^2 mod 7=2 2. User B’s public key? Yb= 𝜶 ^Xb mod q…=…3^5 mod 7=5 …………………………………………………………………………………… 3. Secret key by user A? K= Yb ^ Xa mod q=5^ 2 mod 7=25 mod 7=4 4. Secret key by user B? K= YA ^ Xb mod q=2^ 5 mod 7=32 mod 7=4 …………………………………………………………………………………… C.) Use one-time pad encryption technique with key “RANDOMNO” to encrypt the plaintext: “HELLO SIR” showing all the steps of the encryption. Plaintext H E L L O S I R KEY R A N D O M N O Ciphertext Y E Y O B D V E Hint: (Use the table below to encrypt the plaintext) ICS 491_Final Review Questions A B C D E F G H I J K L M N 0 1 2 3 4 5 6 7 8 9 10 11 12 13 O P Q R S T U V W X Y Z 14 15 16 17 18 19 20 21 22 23 24 25 1. The Diffie-Hellman algorithm is primarily used to provide which of the following? A. Key exchange B. Integrity C. Non-repudiation D. Confidentiality 2. MAC stands for A Message authentication cipher B Message arbitrary connection C Message authentication control D Message authentication code 3. Encryption and Decryption provide A. Availability B. Integrity C. Confidentiality D. Portability 4. Message authentication provides ……………………. A. Message confidentiality B. Message integrity C. Message Splashing D. Message Sending ICS 491_Final Review Questions 5. The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords. A. Work station Hijacking. B. Offline dictionary attack. C. Electronic monitoring. D. User education. 6. Key length in AES cryptosystem is A. 512 B. 128 C. 64 D. 256 7. The ------------method provides a one-time session key for two keys A DES B RSA C Diffie- Hellman D AES 8. RBAC is based on A User identity rather than user rules in the system B User rule in the system rather than identity C comparing security labels with security clearances D based on the attributes of the user, the resources and the current environment 9. __________ defines user authentication as "the process of verifying an identity claimed by or for a system entity". A RC4945 B RC4947 C RC4924 D RC4949 ICS 491_Final Review Questions 10. For hash function H, and a hash value h, given h, it is infeasible to find x such that H(x)=h, this property called: A. Second pre-image resistance B. Pre-image resistant C. Second pre-image attack D. Pre-image attack 11. In ____________ attack, the attacker uses One or more Plaintext-Ciphertext pairs formed with the secret key, called A. Chosen text. B. Cipher text only. C. Know plaintext. D. Chosen Ciphertext. 12. SHA-1 produces a hash value of A. 256 bits B. 160 bits C. 180 bits D. 128 bits 13. At ----------------- block cipher operating mode, each previous cipher blocks are chained with current plaintext block A. OFB B. CBC C. ECB D. CFB 14. Control of system services or functions by an unauthorized entity called A. Disclosure B. Usurpation C. Deception D. Disruption ICS 491_Final Review Questions 15. SHA-512, the message is divided into blocks of size ___ bits for the hash computation. A. 512 B. 1024 C. 256 D. 1048 16. When the Hash function H satisfy that: It is infeasible to find any x, y such that (H(y)=H(x)) , then it is A. Weak collision resistance function B. Bad collision resistance function C. One way function D. Strong collision resistance function 17. The DSS signature uses which hash algorithm? A. SHA-1 B. SHA-3 C. MD-5 D. Doesn’t use hash function 18. Which one of the following algorithm is widely used in web SSL/TLS and wireless WEP/WPA? A. AES B. DES C. MD5 D. RC4 19. Which of the following statement is true about digital signature? A. It used to provide data confidentiality B. It used to protect the message from eavesdropping C. Used for authenticating both source and data integrity D. Protect against replay attack. ICS 491_Final Review Questions 20. When a hash function is used to provide message authentication, the hash function value is referred to as A. Message Field B. Message Digest C. Message Score D. Message Leap 21. The “man-in-the-middle” attack is attack against: A. Hash functions B. Symmetric key algorithm C. Kerberos D. Public-key algorithms 22. What type of cryptanalytic attack where an adversary has the least amount of information to work with? A. Known-plaintext B. Ciphertext-only C. Plaintext-only D. Chosen-ciphertext 23. A type cryptographic attack where it is based on the probability of two different messages using the same hash function to produce the same message digest is? A. Birthday attack B. Statistic attack C. Differential cryptanalysis attack D. Known ciphertext attack ICS 491_Final Review Questions 24. Which of the followings is an example of simple substitution encryption algorithm? A. Rivest, Shamir, Adleman (RSA) B. Data Encryption Standard (DES) C. Caesar cipher D. Blowfish 25. The three primary methods for user authenticating in computer a system or network are…? A. passwords, tokens, and biometrics. B. authorization, identification, and tokens. C. passwords, encryption, and identification. D. identification, encryption, and authorization. 26. Which of the following is public key algorithm? A. RC4. B. Blowfish. C. DES. D. RSA. 27. In ____________ attack, the attacker uses One or more Plaintext-Ciphertext pairs formed with the secret key which he knew. A. Chosen text. B. Cipher text only. C. Known plaintext. D. Chosen Ciphertext. 28. At ----------------- block cipher operating mode, each previous cipher blocks are chained with current plaintext block A. OFB B. CBC C. ECB D. CFB ICS 491_Final Review Questions 29. A hash function guarantees integrity of a message. It guarantees that message has not be A. Replaced B. Over view C. Changed D. Violated 30. The DES Algorithm Cipher System consists of ____________rounds (iterations) each with a round key A. 12 B. 14 C. 8 D. 16 ICS 491_Final Review Questions Question No. (2) 1 For the given scenarios, notations which describe different security issues, notations, Match it with the suitable security concepts, selected from below list. A Protection domains C Digital E Public key G Message Envelope Encryption checksum B User Authentication D PKI F Diffie-Hellman H Bloom filter Key Exchange I True random J XAMCL K Pseudo L AXN numbers generator random numbers generator Write the correct letter as an answer Sr. scenarios Security concept 1 Alice and Bob are securely swap a secret key that can be used as a F subsequent symmetric encryption of messages. 2 Alice The need to Protect a message without prearrange with the C receiver Bob to have the same secret key. 3 Alice and Bob generates two separate keys, one private and one E public for future encryption/description process. 4 Alice and Bob use of a secret key to generate a small fixed-size G block of data to authenticate the sender identity 5 The Description of organization’s degree of certainty that a user B has presented a credential that refers to his or her identity 6 The development of an effective and efficient proactive H password checker based on rejecting used passwords. 7 The deterministic algorithm that produce sequences of numbers K that can be predictable. 8 The Attribute based access control policy language. J 9 Open identity trust framework L 10 Set of objects together with access rights to those objects A ICS 491_Final Review Questions Question No. (3) 1. Evaluate the following situations and write appropriate security threats selected from the below list: A Disruption C Usurpation E Disclosure B Snooping D Deception F Modification Sr. situations Security threat 1 An entity gains access to data for which the entity is not E authorized. 2 An authorized entity receiving false data and believing it to D be true by malicious activity. 3 An interrupts to correct operation of system services and A functions by modification. 4 Control of system services or functions by an unauthorized C entity. 5 A hacker monitoring a communications channel B Question No. (4) 1. Consider the RSA public key cipher with keys based on the two primes p = 3 and q = 11, and the numbers e = 3 , d= 7. Answer the following: 1. The public key is: Public key: (e , n) = (3, 33) 2. The private key is: Private key (d , n) = (7,33) 3. The encryption of the message represented by the number 6 is: C= me mod n =63 mod 33= 18 ICS 491_Final Review Questions 4. The decryption of the message represented by the number 2 is: M= Cd mod 33 = 27 mod 33 =29 Hint: 2. Consider a Diffie-Hellman scheme with a common prime: q = 11 and a primitive root α = 2. 1. If Alice select a private key XA = 9 what is Alice’s public key? Alice public key = αXA mod q = 29 mod 11= 6 2. If Bob select a private key XB = 7 what is Bob’s public key? Bob public key = αXB mod q = 27 mod 11= 7 3. Find the shared secret key using either Alice or Bob public key Key = (Bob public key) Alice private key mod q= 79 mod 11= 8 Or Key = (Alice public key) Bob private key mod q= 67 mod 11= 8 ICS 491_Final Review Questions 1. ………………. refer to assurance that information and programs are changed only in a specified and authorized manner. A. Integrity B. Confidentiality C. Confusion D. Availability 2. ………………… refer to trust that private or secret information is not made available or disclosed to unauthorized individuals. A. Availability B. Integrity C. Confidentiality D. Portability 3. One of the following is NOT password vulnerability A. Work station Hijacking. B. Offline dictionary attack. C. Electronic monitoring. D. User education. 4. Key length in AES cryptosystem is A. 512 B. 128 C. 64 D. 256 5. The ------------method provides a one-time session key for two keys A DES B RSA C Diffie- Hellman D AES 6. RBAC is based on A User identity rather than user rules in the system B User rule in the system rather than identity C comparing security labels with security clearances D based on the attributes of the user, the resources and the current environment ICS 491_Final Review Questions 7. ------------------------ definesrelationship among roles or a condition related to roles A RBAC B DAC C ABAC D Constrained RBAC 8. One of the following is an Open Identity Trust Framework A ICAM B ICF C PEACE D DAC 9.......................is the standard used in digital certificates that defines its structure, fields, and values. A The standard used in IPSEC. B Kerberos. C X.509. D End to end encryption. 10. In ____________ attack, the attacker uses One or more Plaintext-Ciphertext pairs formed with the secret key, called A. Chosen text. B. Cipher text only. C. Know plaintext. D. Chosen Ciphertext. 11. This equation: C = EK3(DK2(EK1(P))) represents ………………….encryption A. DES B. RC4 C. MD5 D. Triple DES ICS 491_Final Review Questions 12. At ----------------- block cipher operating mode , each previous cipher blocks is chained with current plaintext block A. OFB B. CBC C. ECB D. CFB 13. The virus is activated to perform a malicious function , at ------------------------ stage A. Dormant B. Triggering C. Propagation D. Execution 14. When the Hash function H satisfy that: It is infeasible to find any x, y such that (H(y)=H(x)) , then it is A. Weak collision resistance function B. Bad collision resistance function C. One way function D. Strong collision resistance function 15. _____________ is Not Public key encryption algorithm A. ECC B. DSS C. AES D. RSA ICS 491_Final Review Questions 16. Which one of the following algorithm is widely used in web SSL/TLS and wireless WEP/WPA A. AES B. DES C. MD5 D. RC4 17. Which of the following statement is true about digital signature A. It used to provide data confidentiality B. It used to protect the message from eavesdropping C. Used for authenticating both source and data integrity D. Protect against replay attack. 18. --------------------- is propagates by coping itself to other computers A. Spam email B. Worms C. Trigon horse D. Key loggers 19. -------------------- tricking users to compromise their own systems security A. Spam email B. Trigon horse C. Social Engineering D. Key loggers 20. A hash value encrypted by the sender’s private key is ……………………………. A. DES B. 3DES C. AES D. Digital Signature ICS 491_Final Review Questions Question#2 1. State if the following statement is true or false Sr. Statement True /False 1 Tokens and biometrics can increase security, but at extra cost. True 2 The traditional approach to password cracking is guessing True 3 During security system design, the designer should make it more complicated. False 4 Memory cards store and process data. False 5 A smart card contains an entire microprocessor True 6 Electronic identity cards have biometric data printed on its surface. False 7 Authentication over a network, depend on challenge response technique. True 8 Biometric authentication cheaper than password authentication techniques False 9 HMAC uses an available hash functions without modification True 10 Block cipher is faster than stream cipher False 1. Underline the word which makes the following sentence true 1. The (ECB, CBC), mode of encryption operation XORed the previous 64 bits Ciphertext and the current 64 bits of plaintext. 2. (Smart Phone, Password), is one of means of authenticating user identity. 3. The (Substitution, Permutation) cipher replaces one symbol with another. 4. (Block, Stream) cipher process messages a bit or byte at a time. 5. (DES , AES), is the most widely used block cipher. 6. In (Symmetric, Asymmetric) encryption, the key is single. 7. In (Brute Force, Cryptographic) attack, involves trying every possible key to break the cipher. 8. The key in (Vigenèr , One time pad) cipher does not repeat. 9. In (SHA-1 , SHA-384) produce 160 bit message digest. 10. Voice pattern, handwriting characteristics, and typing rhythm are an examples of ( Static, Dynamic) Biometrics. ICS 491_Final Review Questions Question No. (3) 2 For the given scenarios, which describe different security problems, match the suitable concepts for resolve it, selected from below list. A Digital C Digital E Public key G Message Signature Envelope Encryption checksum B Kerberos D PKI F Diffie-Hellman H RSA Key Exchange Write the correct letter as an answer Sr. scenarios Security concept 1 Alice and Bob needs practical method to exchange a secret key F securely that can then be used for subsequent encryption of messages 2 Alice The need to Protect a message without prearrange for C or E sender and receiver to have the same secret key. 3 Alice needs to send a secure message to Bob through unsecure E or H channel, without share with Bob cryptosystem key. 4 Communication parties use of a secret key to generate a small G fixed-size block of data to authenticate the sender identity 5 Authenticate users in network environment through third party B 1. Write different techniques or software for below tasks: 2. To provide data Confidentiality for a transmitted message. 1. Symmetric key encryption: DES, AES,RC4 2. Asymmetric Key encryption: RSA, ECC 3. To provide data integrity for a transmitted message. 1. Hash Function: SHA1,SHA2 2. Digital Signature: using any public key algorithm such as RSA ,DSS. ICS 491_Final Review Questions 4. To protect computer system from malware. 1. Anti-Virus software: Avira, Kaspersky 2. Firewall Filters. Question No. (4) 2. Evaluate the following situations and write appropriate security threats from the below list : A Disruption C Usurpation E Disclosure G Worms B Snooping D Deception F Blackhole H Rootkits 1 situations Security threat 1 Covertly a set of programs installed for malicious administration H access. 2 An entity gains access to data for which the entity is not authorized. E 3 An authorized entity receiving false data and believing it to be true D by malicious activity. 4 An interrupts to correct operation of system services and functions A by modification. 5 Control of system services or functions by an unauthorized entity. C 6 Monitors communications by attacker. B 7 A propagation of program sent over net using email, remote exec, G and remote login. ICS 491_Final Review Questions 2. Identify the following protocol/algorithm which depicted in below diagram, complete the missing parts Question No. (5) 1. Consider the following scenario, Alice want to send an important massage to Bob using RSA Public key encryption algorithm, write the steps that Alice should follow, complete the following : 1. Key generation: 1. Select p and q 2. Calculate n = p * q. 3. Calculate Q(n)= (p-1)*(q-1) 4. Select Integer e such that : gcd( e, Q(n) ) =1 5. Calculate d such that : ed = 1 mod n. 6. Public key is : (e,n) 7. Private Key is : (d,n) ICS 491_Final Review Questions 2. Encryption step: 1. Plantext M
