Cybersecurity Quiz PDF

Preview

Summary

Cybersecurity Quiz Practice...

Description

1. With the introduction of the computer the need for automated tools for protecting files and other information stored on the computer became evident. a. True 2. There is natural tendency on the part of users and system manager to perceive little benefit from security investment until a security failure occurs. a. True 3. There are clear boundaries between network security and internet security. a. False 4. The CIA triad embodies the fundamental security objectives for both data and for information and computing services. a. True 5. An SSL session is an association between a client and a server and is created by the ___ a. Handshake Protocol 6. An arbitrary byte sequence chosen by the server to identify an active or resumable session state is a _________ a. Session Identifier 7. Defined as a Proposed Internet Standard in RFC 2246, ________ is an IETF standardisation initiative whose goal is to produce an Internet standard version of SSL. a. TLS 8. Phase _______ of the Handshake Protocol establish security capabilities. a. 1 9. The SSL Internet standard version is called ________ a. TLS 10. The __________ is used to convey SSL related alerts to the peer entity. a. Alert Protocol 11. The _______ approach is vulnerable to man-in-the-middle attacks. a. Anonymous Diffie-Hellman 12. The final message in phase 2, and one that is always required, is the ______message, which is sent by the server to indicate the end of the server hello and associated messages. a. Server_done 13. In developing a particular security mechanism or algorithm one must always consider potential attacks on those security features. a. True

14. A loss of confidentiality is the unauthorised modification or destruction of information. a. False 15. Patient allergy information is an example of an asset with a moderate requirement for integrity. a. False 16. The more critical a component or service, the higher the level availability required a. True 17. Data origin authentication provides protection against the duplication or modification of data units a. False 18. The emphasis in dealing with passive attacks is on prevention rather than detection. a. True 19. Data integrity is the protection of data from unauthorised disclosure. a. False 20. Information access threats exploit service flaws in computers to inhibit use by legitimate users. a. False 21. Viruses and worms are two examples of software attacks. a. True 22. A connection-oriented integrity service deals with individual messages without regard to any larger context and generally provides protection against message modification only. a. False 23. Pervasive security mechanisms are not specific to any particular OSI security service or protocol layer. a. True 24. Public-key encryption is also referred to as conventional encryption, secret-key, or single-key encryption. a. False 25. The advantage of a block cipher is that you can reuse keys a. True 26. Ciphertext is the scrambled message produced as output. a. True

27. The security of symmetric encryption depends on the secret of the algorithm, not the secret of the key. a. False 28. The cipher-only attack is the easiest to defend against because the opponent has the least amount of information to work with. a. True 29. The Feistel structure is a particular example of the more general structure used by all the symmetric block cipher. a. Ture 30. Smaller block sizes mean greater security but reduced encryption/decryption speed. a. False 31. The essence of a symmetric block cipher is that a single round offers inadequate security but that multiple rounds offer increasing security. a. True 32....