Cryptography and network security Unit1 mcqs PDF

Preview

Summary

Security Trends1. The term ________ has a connotation of the use of networks specifically.a. Cyber Crimeb. Computer Crimec. Bothd. None2. Which of the following is not a role in which computer plays as a criminal activity?a. Computer as targetsb. Computer as storage devicesc. Bothd. None of the abov...

Description

Security Trends 1. The term ________ has a connotation of the use of networks specifically. a. Cyber Crime b. Computer Crime c. Both d. None 2. Which of the following is not a role in which computer plays as a criminal activity? a. Computer as targets b. Computer as storage devices c. Both d. None of the above 3. Which of the following is not a problem for law enforcement agencies in solving cybercrime? a. Lack in technical knowledge b. Lack of resources c. Global nature of crime d. Inefficient means of solving the crime 4. Successful use of law enforcement requires more a. People skills b. Technology skills c. Respect to law d. None of these 5. ________ is(are) the primary type(s) of property a. Intellectual property b. Real property c. None d. Both 6. ________ is(are) the type(s) of intellectual property a. Patents b. Copyrights c. Trademarks d. All the above 7. A _______ identifies and distinguishes the source of a service. a. TradeMark b. Sourcemark c. ProductMark d. All the above 8. Which is not a type of Patent a. Utility Patents b. Design Patents c. Plant Patents d. Service Patents

9. Intellectual Properties irrelevant to Network and Computer Security are a. Software b. Database c. Algorithm d. None of the above 10. Which of the following actions are not exempted from provisions of DMCA? a. Personal Privacy b. Reverse Engineering c. Copy the Software d. Testing the Software 11. _________ refers to systems and procedures that ensure that holders of digital rights are clearly identified and receive the stipulated payment for their works. a. DRM b. DMCA c. Copyrights Act d. None of these 12. ______ holds the digital rights of the content and wants to protect these rights a. Content Providers b. Distributors c. Clearing House d. Consumers 13. Copyright can be claimed only if the creator has put the idea into a. Hard copy b. Multimedia Form c. Either a or b d. Both 14. The U.S. Digital Millennium Copyright Act (DMCA) has had a profound effect on the protection of digital content rights in a. United States b. American Continent c. Worldwide d. None of the above 15. DMCA is designed to implement a. WPIO b. WOIP c. WOIP d. WIPO

Answers : 1

b

2

d

3

d

4

a

5

d

6

d

7

b

8

d

9

d

10

c

11

a

12

a

13

c

14

c

15

d

Ethical Issues 1.The basic concepts of ethics are: a. b. c. d.

liability. responsibility. accountability. All of the above

Answer: d

2.Ethics in Information Systems refers to system of moral principles that relates to the a. benefits and harms of particular actions b. ends of actions c. rightness and wrongness of motive d. All of the above Answer: d 3.. The top of the ethical hierarchy are the ethical values professionals share with all human beings, such as a. integrity, fairness, and justice. b. ethical values and obligations c. specific knowledge,power d. All of the above Answer: a

4.Example for Ownership Issues a. Software copyrights b . Computer surveillance c. Employee monitoring d. Hacking Answer: a 4. Instruments of acts provides a. computer services b. integrity c. justice d. All of the above Answer : b 5. Ethical issues arise as the result of a. the roles of computers b. computer services c. financial information. d. All of the above Answer: a

6.Example for Personnel ethical Issues a. Ergonomics and human factors b. Software copyrights c . Computer surveillance d. Employee monitoring Answer: a 7. an ethical question concerns a a. Computer surveillance b. justice c. potential conflict of interest. d. All of the above Answer: c 8.Each profession has associated with a. specific ethical values and obligations b. human factors c. computer services d. All of the above Answer: a 9.Which of the following is related to logical issues a. Accuracy and timeliness of data b. Over-rated system capabilities and “smart”computers c. Monopoly of data d.All of the above Answer: d

10.Ethical issues are concerned with a. Accuracy and timeliness of data b. Monopoly of data c. balancing professional responsibilities d.All of the above Answer: c

SECURITY ATTACKS AND SECURITY SERVICES 1) Any action that comprises the security of information owned by an organization ______________ a. Security attack b. Security mechanism c. Security service d. Security architecture

2) What are the two types of security attacks? ___________,_____________

3) ____________ attack attempts to learn or make use of information from the system but does not affect system resources. ___________ attack attempts to alter system resources or affect their operation. a. Active, Passive b. Passive, Active c. Active, Release d. Release, Passive

4) Passive attacks are in nature of ____________, ___________, _________ a. message contents, security attack, affect system b. security attack, transmission, release of message content c. eavesdropping, monitoring, transmission d. traffic analysis, transmission, message content

5) Two types of passive attack are ____________, ___________ 1

6) Scenario: X reads contents of message sent from A to B Attack: ______, ______ a. Traffic analysis, Active b. Traffic analysis, Passive c. Release of message contents, Active d. Release of message contents, Passive

7) Scenario: X observe pattern of messages sent from A to B Attack: ______, ______ a. Traffic analysis, Active b. Traffic analysis, Passive c. Release of message contents, Active d. Release of message contents, Passive

8) _________ attacks involve some modification of the data stream or the creation of a false stream.

9) What are the types of active attacks? _____,_____,_____,______

10) Scenario: X messages to A that appears to be from B Attack: ____________ a. Masquerade b. Replay c. Modification of messages d. Denial of service 1

11) Scenario: X capture message from B that was sent to A; later replay message to A Attack: ____________ a. Masquerade b. Replay c. Modification of messages d. Denial of service

12) Scenario: X modifies message sent from A to B Attack: ____________ a. Masquerade b. Replay c. Modification of messages d. Denial of service

13) Scenario: X disrupts service provided by server Attack: ____________ a. Masquerade b. Replay c. Modification of messages d. Denial of service

14) _______________means some portion of legitimate message is altered, or that messages are delayed or reordered, to produce unauthorized effect. 1

a. Masquerade b. Replay c. Modification of messages d. Denial of service

15) _______________ prevents or inhibits the normal use or management of communication facilities either by disabling network or by overloading it with messages so as to degrade performance. a. Masquerade b. Replay c. Modification of messages d. Denial of service

16) ____________ takes place when one entity pretends to be a different entity. a. Masquerade b. Replay c. Modification of messages d. Denial of service

17) _____________ involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. a. Masquerade b. Replay c. Modification of messages d. Denial of service

1

18) _______________ is an assurance that the communicating entity is the one that it claims to be. a. Authentication b. Access Control c. Data confidentiality d. Data integrity

19) The prevention of unauthorized use of resource is called __________ a. Access Control b. Data confidentiality c. Data integrity d. Non repudiation 20)The protection of data from unauthorized disclosure is called________ a. Authentication b. Access Control c. Data confidentiality d. Data integrity

21)The assurance that the data received are exactly as sent by an authorized entity ___________ a. Authentication b. Access Control c. Data confidentiality d. Data integrity

1

22)____________provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication a. Access Control b. Data confidentiality c. Data integrity d. Non repudiation

23)Authentication: ___________, ___________

24) Which of the following are types of confidentiality? ____________ a. Connection confidentiality b. Connectionless confidentiality c. Selective-Field confidentiality d. Traffic flow confidentiality e. All the above

25) Match the following: I) Connection confidentiality -(A) The protection of all user data in a single data block ii) Connectionless confidentiality -(B)the protection of the information that might be derived from observation of traffic flows. iii) Selective Field confidentiality -(C) protection of all user data on a connection iv) Traffic flow confidentiality - (D)the confidentiality of selected files within the user data on a connection or in a single data block

a. i-C, ii-A, iii-D, iv-B b. i-A, ii-C, iii-D, iv-B 1

c. i-A, ii-C, iii-B, iv-D d. i-C, ii-A, iii-B, iv-D

26) __________ provides for the integrity of all user data on a connection and detects any modification ,insertion,deletion,or replay of any data within an entire data sequence, with recovery attempted. a. Connection Integrity with recovery b. Connection Integrity without recovery c. Selective-Field Connection Integrity d. Selective-Field Connectionless Integrity

27)____________provides for the integrity of all user data on a connection and detects any modification ,insertion,deletion,or replay of any data within an entire data sequence, without recovery. a. Connection Integrity with recovery b. Connection Integrity without recovery c. Selective-Field Connection Integrity d. Selective-Field Connectionless Integrity

28)_______________provides for the integrity of selective fields within the user data of a data block transferred over a connection and takes the form of determination of whether the selected fields have been modified,inserted,deleted,replayed. a. Connection Integrity with recovery b. Connection Integrity without recovery c. Selective-Field Connection Integrity d. Selective-Field Connectionless Integrity

1

29)____________Provides for the integrity of selected files within a single connectionless data block; takes the form of determination of whether the selected files have been modified; a. Connection Integrity with recovery b. Connection Integrity without recovery c. Selective-Field Connection Integrity d. Selective-Field Connectionless Integrity

30)___________Provides for the integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form of replay detection may be provided. a. Connection Integrity with recovery b. Connection Integrity without recovery c. Connectionless Integrity d. Selective-Field Integrity

31) A proof that the message was sent by the specified party_____, _____ a. Repudiation, Origin b. Repudiation, Destination c. Nonrepudiation, Origin d. Nonrepudiation, Destination

32)A proof that the message was received by the specified party____, _____ a. Repudiation, Origin b. Repudiation, Destination c. Nonrepudiation, Origin d. Nonrepudiation, Destination 1

33) Which of the following protects traffic flow from analysis. a. Authentication b. Access Control c. Data confidentiality d. Data integrity

34) Which of the following service is one that protects a system to ensure its availability and depends on proper management and control of system resources? a. Authentication b. Access Control c. Availability d. All the above

35) _____________service depends on access control services and other security services. a. Authentication b. Access Control c. Availability d. All the above

ANSWERS: 1. a 2. Passive attack, Active attack 3. b 4. c 1

5. Release of message contents, Traffic analysis 6. d 7. b 8. Active 9. Masquerade, Replay, Modification of messages, Denial of service 10. a 11. b 12. c 13. d 14. c 15. d 16. a 17. b 18. a 19. a 20. c 21. d 22. d 23. Peer entity authentication, Data origin authentication 24. e 25. a 26. a 27. b 28. c 29. d

1

30. c 31. c 32. d 33. c 34. c 35. c

1

Computer Security Concepts & OSI Security Architecture

1. _______________is used to conceal the contents of blocks or streams of data of any size, including messages, files, encryption keys, and passwords. a)Asymmetric encryption b)Symmetric encryption c)Data integrity algorithms 2. _______________is used to conceal small blocks of data, such as encryption keys and hash function values, which are used in digital signatures. a) Asymmetric encryption b)Symmetric encryption c)Data integrity algorithms 3. _______________are used to protect blocks of data, such as messages from alteration. a)Data integrity algorithms b)Symmetric encryption c)Asymmetric encryption 4. _______________are schemes based on the use of cryptographic algorithms designed to authenticate the identity of entities. a)Authentication protocols b)Computer securities c)CIA triad 5. The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources is called_______________. a)CIA triad b)computer security c)Cryptography 6. _______________embody the fundamental security objectives for both data and for information and computing services. a)Symmetric encryption b)Security services c)CIA triad 7. CIA triad includes _______________. a)Confidentiality b)Integerity&Availability c)Both A&B 8. _______________defined as facts and ideas, which can be represented (encoded) as various forms of data. a) Information b)Data c)key 9. _______________ is defined as information in a specific physical representation, usually a sequence of symbols that have meaning. a)Algorithm b)Data c)Information 10. _______________means preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. a)Confidentiality b)Integrity c)Availability 11. A loss of confidentiality is the _______________. a)unauthorized disclosure of information b) unauthorized modification of information

12. _______________ means guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. a)Confidentiality b)Integrity c)Availability 13. A loss of integrity is the ________________. a)unauthorized disclosure of information b) unauthorized modification of information 14. _______________ means ensuring timely and reliable access to and use of information. a)Confidentiality b)Integrity c)Availability 15. _______________ is the disruption of access to or use of information or an information system. a) loss of availability b) loss of integrity c)loss of confidentiality 16. _______________ means verifying that users are who they say they are and that each input arriving at the system came from a trusted source. a)Authenticity b)Integrity c)Availability 17. _______________ is the security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. a)Confidentiality b)Integrity c)Accountability 18. In developing a particular security mechanism or algorithm, one must always consider __________ on those security features. a)Active attacks b)Passive attacks c)Potential attacks 19. The _______________ provides a systematic framework for defining security attacks, mechanisms, and services. a)OSI Architecture b)OIS Architecture c)Cloud Architecture 20. _______________ is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. a)Attack b)Threat c)Cyber crime 21. Threat is a possible danger that might exploit a ______________. a)vulnerability b)security c)perfect security 22. _______________ is an assault on system security that derives from an intelligent threat. a)Threat b)Attack c)Hacking 23. Attack violates the _______________ of a system. a)security policy b)vulnerability c)data 24. The _______________ is useful to managers as a way of organizing the task of providing security. a)OSI security Architecture b)OIS security Architecture c)Cloud Architecture 25. Any action that compromises the security of information owned by an organization is called _________. a)security mechanism b)security attack c)security policy

26. _______________ is an unauthorized reading of a message of file and traffic analysis. a)Active attack b)Threat c)Passive attack 27. Modification of messages or files, and denial of service are _______________. a)Active attacks b)Passive attacks c)Security mechanisms 28. A _____________ is any process that is designed to detect, prevent, or recover from a security attack. a)security mechanism b)security attack c)security policy

29. Encryption algorithms, digital signatures and authentication protocols are the examples of _______________. a)security attack b)security mechanism c)security policy

30. _______________ is a processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. a)security mechanism b)security services c)security policy 31. Authentication, access control, data confidentiality, data integrity, nonrepudiation, and availability are _______________. a)security services b)security attack c)security policy 32. The ____________ model is 7-layer architecture where each layer is having some specific functionality to perform. a) TCP/IP b) Cloud c) OSI 33. The full form of OSI in OSI model is ______________ a)Open Systems Interconnection b)Open Software Interconnection c)Open Systems Internet 34. Which of the following is not physical layer vulnerability? a)Physical theft of data&hardware b)Physical damage c)Unauthorized network access 35. In __________________ layer, vulnerabilities are directly associated with physical access to networks and hardware. a)physical b)data-link c)network 36. Which of the following is an example of physical layer vulnerability? a)MAC Address Spoofing b)Physical Theft of Data c)Route spoofing 37. Which of the following is an example of data-link layer vulnerability? a)MAC Address Spoofing b)Physical Theft of Data c)Route spoofing 38. Which of the following is an example of network layer vulnerability? a)MAC Address Spoofing b)Physical Theft of Data c)Route spoofing

39. Which of the following is an example of physical layer vulnerability? a)MAC Address Spoofing b)Route spoofing c)Keystroke&Other Input Logging 40. Which of the following is an example of data-link layer vulnerability? a)Physical Theft of Data b)VLAN circumvention c)Route spoofing 41. Failed sessions allow brute-force attacks on access credentials.This type of attacks are done in which layer of the OSI model? a)Physical layer c)Session layer d)Presentation layer 42. Which of the following is an example of Transport layer vulnerability? a) weak or non-existent mechanisms for authentication b) overloading of transport-layer mechanisms c) poor handling of unexpected input 43. Which of the following is an example of session layer vulnerability? a) weak or non-existent mechanisms for authentication b) poor handling of unexpected input c) highly complex application security controls 44. Which of the following is an example of presentation layer vulnerability? a)overloading of transport-layer mechanisms c)highly complex application security controls d)poor handling of unexpected input 45. Which of the following is a...