Confidentiality can be provided by performing message encryption __________ the mac algorithm.

Unformatted Attachment Preview

User Course Test Final Exam _CS Started 2/23/22 Submitted 2/23/22 Due Date 2/23/22 Status Completed Attempt Score 232 out of 260 points Time Elapsed 2 hours, 27 minutes out of 2 hours and 30 minutes Results Displayed Submitted Answers • Question 1 With a __________ attack the attacker is allowed to use the user as an "oracle". This means that the user may request signatures of messages that depend on previously obtained message-signature pairs. Selected Answer: h. adaptive chosen message • Question 2 A good hash function has the property that “the results of applying the function to a large set of inputs will produce outputs that are evenly distributed and apparently random”. Selected Answer: True • Question 3 The topics of cryptographic key management and cryptographic key distribution are complex, involving cryptographic, protocol, and management considerations. Selected Answer: True • Question 4 An encryption/decryption system requires a point G and an elliptic group _________ as parameters. Selected Answer: Eq(a,b) • Question 5 User authentication is the means by which a user provides a claimed identity to the system. Selected Answer: False • Question 6 The three general approaches to dealing with replay attacks are: 1. Attach a sequence number to each message used in an authentication exchange. A new message is accepted only if its sequence number is in the proper order. 2. Party A accepts a message as fresh only if the message contains a timestamp that, in A's judgment, is close enough to A's knowledge of current time. This approach requires that clocks among the various participants be synchronized. 3. Party A, expecting a fresh message from B, first sends B a nonce (challenge) and requires that the subsequent message (response) received from B contain the correct nonce value Selected Answer: True • Question 7 __________ is an extension of identity management to multiple security domains such as autonomous internal business units, external business partners and other third party applications and services with the goal of sharing digital identities so that a user can be authenticated a single time and then access applications and resources across multiple domains. Selected Answer: Identity federation • Question 8 The approach taken by the Transport Layer Security protocol and the Wireless Transport Layer Security Protocol involve invoking HMAC _________ for each block of output wi. Selected Answer: twice • Question 9 With the __________ scheme, if an adversary succeeds in obtaining or computing the private key of the directory authority, the adversary could authoritatively pass out counterfeit public keys and subsequently impersonate any participant and eavesdrop on messages sent to any participant. Selected Answer: publicly available directory • Question 10 The digital signature function does not include the authentication function. Selected Answer: False • Question 11 Hash functions divided into three classes: Selected Answer: c. Hash functions built around block ciphers. Hash functions using modular arithmetic. Hash functions with what is termed a "digest" design. • Question 12 The Diffie-Hellman key exchange formula for calculation of a secret key by User A is: Selected Answer: K = nA x PB • Question 13 __________ is an authentication service designed for use in a distributed environment. Selected Answer: c. Kerberos • Question 14 Suppress-replay attack is when a sender's clock is behind the intended recipient's clock., an opponent can intercept a message from the sender and replay it later when the timestamp in the message becomes current at the recipient's site. This replay could cause unexpected results Selected Answer: False • Question 15 A common item of authentication information associated with a user is a ___________ . Selected Answer: h. password • Question 16 The cryptographic hash function is not a versatile cryptographic algorithm Selected Answer: False • Question 17 __________ key encryption schemes are secure if the public key is authenticated. Selected Answer: a. Private • Question 18 Broad network access, measured service, resource pooling, and rapid elasticity are essential characteristics of ___________. Selected Answer: cloud computing • Question 19 Affirmative act: attaching of the signature should be a confirmatory act that serves the formality and approval functions of a signature and establishes the sense of having legally completed a transaction Selected Answer: False • Question 20 The GCM mode makes use of two functions: __________, which is a keyed hash function, and GCTR. Selected Answer: h. GHASH • Question 21 The cryptographic hash function requirement that guarantees that it is impossible to find an alternative message with the same hash value as a given message and prevents forgery when an encrypted hash code is used is the ___________ . Selected Answer: second preimage resistant • Question 22 One means of forming a MAC is to combine a cryptographic hash function in some fashion with a secret key. Selected Answer: True • Question 23 Message authentication is a mechanism or service used to verify the integrity of a message Selected Answer: True • Question 24 It can be shown that some form of birthday attack will succeed against any hash scheme involving the use of cipher block chaining without a secret key, provided that either the resulting hash code is small enough or that a larger hash code can be decomposed into independent subcodes. Selected Answer: True • Question 25 SHA-384 and SHA-512, each message block has -------------- bits, which represented as a sequence of sixteen 64-bit words Selected Answer: e. 1024 • Question 26 The requirements for the use of a public-key certificate scheme are: Selected Answer: a. 1. Any participant can read a certificate to determine the name and public key of the certificate's owner. 2. Any participant can verify that the certificate originated from the certificate authority and is not counterfeit. 3. Only the certificate authority can create and update certificates. 4. Any participant can verify the currency of the certificate. • Question 27 For a ___________ defined over GF(2m), the variables and coefficients all take on values in GF(2m) and in calculations are performed over GF(2m). Selected Answer: binary curve • Question 28 The approach taken by the Transport Layer Security protocol and the Wireless Transport Layer Security Protocol involve invoking HMAC _________ for each block of output wi. Selected Answer: a. twice • Question 29 The _________________, which is the latest of the RSA schemes, is the one that RSA Laboratories recommends as the most secure of the RSA schemes. Selected Answer: RSA-PSS • Question 30 The __________ is unsuitable for a connectionless type of application because it requires the overhead of a handshake before any connectionless transmission, effectively negating the chief characteristic of a connectionless transaction. Selected Answer: b. challenge-response approach • Question 31 The principal underlying standard for federated identity is the __________ which defines the exchange of security information between online business partners. Selected Answer: e. SAML • Question 32 The __________ mode of operation is designed to be parallelizable so that it can provide high throughput with low cost and low latency. Selected Answer: GCM • Question 33 The ____________ components of DSA are the same as in the Schnorr signature scheme. Selected Answer: b. global public key • Question 34 "Release of message contents to any person or process not possessing the appropriate cryptographic key" is a __________ attack. Selected Answer: disclosure • Question 35 __________ indicates a restriction imposed as to the purposes for which, and the policies under which, the certified public key may be used. Selected Answer: Key usage • Question 36 The organization of unkeyed Hash Functions identified as modification detection codes (MDCs) is based on the class of the operations containing their internal compression functions. The three categories are Selected Answer: a. Customized Hash Functions, Hash Functions based on block ciphers, and Functions based on modular arithmetic • Hash Question 37 X.509 is an important standard because the certificate structure and authentication protocols defined in X.509 are used in a variety of contexts. Selected Answer: True • Question 38 A ___________ is an algorithm for which it is computationally infeasible to find either (a) a data object that maps to a pre-specified hash result or (b) two data objects that map to the same hash result. Selected Answer: cryptographic hash function • Question 39 What is the major issue in end to end key distribution? How does the key hierarchy concept address that issue? Selected Answer: a. session key is a temporary encryption key used between two principals. A master key is a long-lasting key that is used between a key distribution center and a principal for the purpose of encoding the transmission of session keys. Typically, the master keys are distributed by noncryptographic means. • Question 40 Similar to the generic attack, except that the list of messages to be signed is chosen after the attacker knows the user's public key but before any signatures are seen, is the __________ attack. Selected Answer: directed chosen • Question 41 Typically the session key is used for the duration of a logical connection, such as a frame relay connection or transport connection, and then it is permanently stored. Selected Answer: False • Question 42 "Given a hash function H, with n possible outputs and a specific value H(x), if H is applied to k random inputs, what must be the value of k so that the probability that at least one input y satisfies H(y) =H(x) is 0.5" is a reference to the __________ . Selected Answer: birthday attack • Question 43 Hash Functions are a function , which has, the following two properties: Selected Answer: e. Compression and digest • Question 44 A recipient in possession of the secret key cannot generate an authentication code to verify the integrity of the message. Selected Answer: False • Question 45 A centralized, automated approach to provide enterprise-wide access to resources by employees and other authorized individuals with a focus of defining an identity for each user, associating attributes with the identity, and enforcing a means by which a user can verify identity is __________ . Selected Answer: identity management • Question 46 The __________ approach is unsuitable for a connectionless type of application because it requires the overhead of a handshake before any connectionless transmission, effectively negating the chief characteristic of a connectionless transaction. Selected Answer: challenge-response • Question 47 Presenting an identifier to the security system is the __________ step. Selected Answer: h. Identification • Question 48 The global public key components for DSA are p, q, and h. Selected Answer: False • Question 49 The __________ is unsuitable for a connectionless type of application because it requires the overhead of a handshake before any connectionless transmission, effectively negating the chief characteristic of a connectionless transaction. Selected Answer: challenge-response approach • Question 50 Matyas-Meyer-Oseas,Davies-Meyerand and Miyaguchi-Preneel are Selected Answer: b. Single-Length MDCs • Question 51 The key algorithmic ingredients of _________ are the AES encryption algorithm, the CTR mode of operation, and the CMAC authentication algorithm. Selected Answer: CCM • Question 52 Two MACs that are based on the use of a block cipher mode of operation are Data Authentication Algorithm and __________ . Selected Answer: f. CMAC • Question 53 IPSec can guarantee that all traffic designated by the network administrator is authenticated but cannot guarantee that it is encrypted. Selected Answer: False • Question 54 __________ is an integer value unique within the issuing CA that is unambiguously associated with this certificate. Selected Answer: a. Serial number • Question 55 The __________ key exchange involves multiplying pairs of nonzero integers modulo a prime number q. Keys are generated by exponentiation over the group with exponentiation defined as repeated multiplication. Selected Answer: Diffie-Hellman • Input: of Question 56 each of m-bit the last block is padded with the encoding |M|. Process: 1. 2. Initialize 3. Compute Output: Message digest of M is Selected Answer: b. Serial Cryptography Hash Function • Question 57 Hash functions can be used for intrusion and virus detections Selected Answer: True • Question 58 The _________ is the node that is attempting to access the network and may be any device that is managed by the network access control system. Selected Answer: AR • Question 59 The Secure Hash Algorithm design closely models, and is based on, the hash function __________ . Selected Answer: MD4 • Question 60 With _________ authentication an opponent would have difficulty generating ciphertext that when decrypted would have valid error control bits. Selected Answer: g. internal error control • Question 61 A CTR-based authenticated encryption approach is the most efficient mode of operation for high-speed packet networks. Selected Answer: True ; • Question 62 The more frequently session keys are exchanged the more __________ they are because the opponent has less ciphertext to work with for any given session key. Selected Answer: secure • Question 63 An individual SA can implement both the AH and the ESP protocol. Selected Answer: False • Question 64 The _________ attack is when the attacker is looking for two messages Mand M1 that produce the same hash: H(M) =H(M1) Selected Answer: birthday • Question 65 The appeal of __________ is that its designers have been able to prove an exact relationship between the strength of the embedded hash function and the strength of this form of authentication. Selected Answer: HMAC • Question 66 As with ElGamal encryption, the global elements of __________ are a prime number q and a, which is a primitive root of q. Selected Answer: a. ElGamal digital signature • Question 67 Some sort of mechanism or protocol is needed to provide for the secure distribution of keys. Selected Answer: True • Question 68 A ___________ accepts a variable length block of data as input and produces a fixed size hash value h=H(M). Selected Answer: hash function • Question 69 If three points on an elliptic curve lie on a straight line their sum is __________ Selected Answer: 0 • Question 70 __________ is an extension of identity management to multiple security domains such as autonomous internal business units, external business partners and other third party applications and services with the goal of sharing digital identities so that a user can be authenticated a single time and then access applications and resources across multiple domains. Selected Answer: e. authentication federation • Question 71 Virtually all cryptographic hash functions involve the iterative use of a compression function Selected Answer: True • Question 72 It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. Selected Answer: True • Question 73 The principal objective for developing a _________ is to enable secure, convenient and efficient acquisition of public keys. Selected Answer: PKI • Question 74 To create a __________ a user calculates two quantities, r and s, that are functions of the public key components (p, q, g), the user's private key (x), the hash code of the message H(M), and an additional integer k that should be generated randomly or pseudorandomly and be unique for each signing. Selected Answer: signature • Question 75 The security of any MAC function based on an embedded hash function depends in some way on the cryptographic strength of the underlying hash function. Selected Answer: True • Question 76 To create a __________ a user calculates two quantities, r and s, that are functions of the public key components (p, q, g), the user's private key (x), the hash code of the message H(M), and an additional integer k that should be generated randomly or pseudorandomly and be unique for each signing. Selected Answer: g. signature • Question 77 A __________ defines the procedures needed to revoke digital certificates. Selected Answer: a. KDC • Question 78 p =37, q=23, n=37*23=851, = (p-1) (q-1) = 792, the public exponent e the greater common divisor of e and is 1, select e= 5; find the ciphertext where the plaintext is “hello”, Number of bits per group: 10 Selected Answer: b. h e l l o 104 101 108 108 111 01101000 104 01100101 101 01101100 108 01101100 108 01101111 111 • Question 79 731 307 719 719 333 1011011011 0100110011 1011101111 1011001111 0101001101 Confidentiality can be provided by performing message encryption __________ the MAC algorithm. Selected Answer: a. before or after • Question 80 With _________ authentication an opponent would have difficulty generating ciphertext that when decrypted would have valid error control bits. Selected Answer: internal error control • Question 81 The topics of cryptographic key management and cryptographic key distribution are complex, involving cryptographic, protocol, and management considerations. Selected Answer: True • Question 82 In the digital signature algorithm the user's __________ is represented by x, which is a random or pseudorandom integer with 0 < x < q. Selected Answer: f. public key • Question 83 Network access control authenticates users logging into the network and determines what data they can access and actions they can perform. Selected Answer: True • Question 84 With a __________ attack the attacker is allowed to use the user as an "oracle". This means that the user may request signatures of messages that depend on previously obtained message-signature pairs. Selected Answer: adaptive chosen message • Question 85 Geometric Hashing: used in visual recognition for classifying parameter objects within an associative container such as a hash-table Selected Answer: b. True • Question 86 A CTR-based authenticated encryption approach is the most efficient mode of operation for high-speed packet networks. Selected Answer: True • Question 87 With a __________ attack the attacker is given access to a set of messages and their signatures. Selected Answer: a. known message • Question 88 The prospective signer is termed the subscriber. A certificates principal purpose is to bind a key pair with a particular subscriber. A recipient of the certificate desiring to rely upon a digital signature created by the subscriber named in the certificate. Selected Answer: True • Question 89 What are the steps involved in an authentication process? Simple replay: The opponent simply copies a message and replays it later. Repetition that can be logged: An ally can replay a timestamped message within the valid time window. Repetition that can be detected: This situation could arise because the original message could have been suppressed and thus did not arrive at its destination; only the replay message arrives. Backward replay with modification: This is a replay back to the message sender. This attack is possible if symmetric encryption is used and the sender cannot easily recognize the difference between messages sent and messages received on the basis of content. Selected Answer: False • Question 90 In the digital signature algorithm the user's __________ is represented by x, which is a random or pseudorandom integer with 0 < x < q. Selected Answer: public key • Question 91 The principal underlying standard for federated identity is the __________ which defines the exchange of security information between online business partners. Selected Answer: SAML Wednesday, February 23, 2022 3:24:30 PM EST OK Name: Description: ...

What types of attacks are addressed by Mac?

Is an algorithm that requires the use of a secret key?

What is formed by taking the hash of the message and encrypting the hash with the creator's private key?

Is a mechanism or service used to verify the integrity of a message?