ITN 262 FINAL EXAM QUESTIONS WITH
100% CORRECT ANSWERS
Which of the following security measures can detect a bit-flipping attack? Select all that
apply. - Answer- d) Message containing a digital signature
c) Message containing a keyed hash
A successful bit-flipping attack requires which of the following? Select all that apply. -
Answer- c) Knowledge of the exact contents of the plaintext
b) A stream cipher
True or False? A bit-flipping attack is not knowing what the message says and changing
it bit by bit. - Answer- False
Kevin's little brother has implemented a 28-bit one-way hash as a math project. How
many trials should it take to locate a collision using a birthday attack? - Answer- c) 214
True or False? A keyed hash gives us a way to verify that some of our own data has not
been modified by an attacker or someone who doesn't have the secret key. - Answer-
True
Alice has constructed a document. Bob needs to verify the document's integrity. Which
of the following data items must they share? Select all that apply. - Answer- g) A one-
way hash value encrypted with Alice's private key
a) Alice's public key
Which of the following can help to avoid problems with reused encryption keys? Select
all that apply. - Answer- d) Combine the key with a nonce
c) Change the internal key
When encrypting a one-way hash or a secret encryption key with RSA, you must
encrypt a value that contains more bits than the public key's N value. You can
accomplish this via which of the following? Select all that apply. - Answer- c) Using a
sufficiently large hash value
a) Padding the hash value with additional, randomly generated data
Which of the following crypto building blocks are used to construct a typical digital
signature, as described in Section 8.5.3? Select all that apply. - Answer- b) Public-key
encryption
a) One-way hash
,A(n) __________ uses asymmetric keys to sign or verify digital data. - Answer- digital
signature
Digital signatures may be used to provide: - Answer- nonrepudiation
True or False? A digital signature uses symmetric keys to sign or verify digital data. -
Answer- False
True or False? A certificate authority is a trusted third party that issues certificates on
behalf of some organization. - Answer- True
What was the first web browser to use public key certificates? - Answer- a) Netscape
Navigator
True or False? Crypto techniques originally focused on confidentiality. - Answer- True
Which of the following security protections is used to prevent passive attacks? -
Answer- Confidentiality
We use cryptography to apply all of the following protections to network traffic, except: -
Answer- reliability
True or False? Eavesdropping without interfering with communications would be
considered a passive attack. - Answer- True
True or False? A network attack in which someone forges network traffic would be
considered an active attack. - Answer- True
When we place crypto in different protocol layers, we often balance two important
properties: - Answer- application transparency and network transparency.
Wireless Protected Access, version 2 (WPA2.) falls under: - Answer- 802.11.
We are trying to protect our traffic as much as possible from sniffing. To minimize the
risk, should we encrypt as much of our packets as possible, including headers? -
Answer- Yes, because plaintext headers open our network messages to traffic analysis.
In typical applications, does SSL provide application transparency? - Answer- No,
because the SSL software is traditionally integrated into the application software
package and is not supported unless the application specifically provides it.
Virtual private networking is used primarily for encrypting: - Answer- a connection
between two sites across the internet.
, Secure Sockets Layer (SSL) has been replaced by: - Answer- Transport Layer Security
(TLS).
The principal application of IPsec is: - Answer- virtual private networking.
Which of the following network protocols typically provide application transparency?
Select all that apply. - Answer- a) Wi-Fi Protected Access
b) IPsec
True or False? Encryption works against traffic filtering, because the filtering process
can't detect malicious content in encrypted packets. - Answer- True
True or False? We clearly need to use encryption if we wish to protect against sniffing. -
Answer- True
__________ rely on traffic analysis when the defenders use encryption that is too
difficult to attack. - Answer- Attackers
Producing one encryption key for each cryptonet or communicating pair and distributing
that key to the appropriate endpoints is called: - Answer- manual keying.
True or False? When replacing crypto keys, they must be all replaced 1 month at a
time. - Answer- False
True or False? In manual keying, two encryption keys are produced for each cryptonet
or communicating pair and those keys are distributed to the appropriate endpoints. -
Answer- False
True or False? Self-rekeying transforms an existing encryption key into a new one using
a pseudorandom number generator. - Answer- True
The process of transforming an existing key into a new one is called: - Answer- self-
rekeying.
Associate the following concepts with the appropriate secret-key building blocks. -
Answer- Key wrapping
Build a unique TEK from nonces and a secret - Answer- Shared secret hashing
Shares a separate KEK with each registered user - Answer- Key distribution center
True or False? The Key Distribution Center (KDC) greatly simplifies key management.
Each host must establish multiple "KDC keys" that it shares with the KDC. - Answer-
False
100% CORRECT ANSWERS
Which of the following security measures can detect a bit-flipping attack? Select all that
apply. - Answer- d) Message containing a digital signature
c) Message containing a keyed hash
A successful bit-flipping attack requires which of the following? Select all that apply. -
Answer- c) Knowledge of the exact contents of the plaintext
b) A stream cipher
True or False? A bit-flipping attack is not knowing what the message says and changing
it bit by bit. - Answer- False
Kevin's little brother has implemented a 28-bit one-way hash as a math project. How
many trials should it take to locate a collision using a birthday attack? - Answer- c) 214
True or False? A keyed hash gives us a way to verify that some of our own data has not
been modified by an attacker or someone who doesn't have the secret key. - Answer-
True
Alice has constructed a document. Bob needs to verify the document's integrity. Which
of the following data items must they share? Select all that apply. - Answer- g) A one-
way hash value encrypted with Alice's private key
a) Alice's public key
Which of the following can help to avoid problems with reused encryption keys? Select
all that apply. - Answer- d) Combine the key with a nonce
c) Change the internal key
When encrypting a one-way hash or a secret encryption key with RSA, you must
encrypt a value that contains more bits than the public key's N value. You can
accomplish this via which of the following? Select all that apply. - Answer- c) Using a
sufficiently large hash value
a) Padding the hash value with additional, randomly generated data
Which of the following crypto building blocks are used to construct a typical digital
signature, as described in Section 8.5.3? Select all that apply. - Answer- b) Public-key
encryption
a) One-way hash
,A(n) __________ uses asymmetric keys to sign or verify digital data. - Answer- digital
signature
Digital signatures may be used to provide: - Answer- nonrepudiation
True or False? A digital signature uses symmetric keys to sign or verify digital data. -
Answer- False
True or False? A certificate authority is a trusted third party that issues certificates on
behalf of some organization. - Answer- True
What was the first web browser to use public key certificates? - Answer- a) Netscape
Navigator
True or False? Crypto techniques originally focused on confidentiality. - Answer- True
Which of the following security protections is used to prevent passive attacks? -
Answer- Confidentiality
We use cryptography to apply all of the following protections to network traffic, except: -
Answer- reliability
True or False? Eavesdropping without interfering with communications would be
considered a passive attack. - Answer- True
True or False? A network attack in which someone forges network traffic would be
considered an active attack. - Answer- True
When we place crypto in different protocol layers, we often balance two important
properties: - Answer- application transparency and network transparency.
Wireless Protected Access, version 2 (WPA2.) falls under: - Answer- 802.11.
We are trying to protect our traffic as much as possible from sniffing. To minimize the
risk, should we encrypt as much of our packets as possible, including headers? -
Answer- Yes, because plaintext headers open our network messages to traffic analysis.
In typical applications, does SSL provide application transparency? - Answer- No,
because the SSL software is traditionally integrated into the application software
package and is not supported unless the application specifically provides it.
Virtual private networking is used primarily for encrypting: - Answer- a connection
between two sites across the internet.
, Secure Sockets Layer (SSL) has been replaced by: - Answer- Transport Layer Security
(TLS).
The principal application of IPsec is: - Answer- virtual private networking.
Which of the following network protocols typically provide application transparency?
Select all that apply. - Answer- a) Wi-Fi Protected Access
b) IPsec
True or False? Encryption works against traffic filtering, because the filtering process
can't detect malicious content in encrypted packets. - Answer- True
True or False? We clearly need to use encryption if we wish to protect against sniffing. -
Answer- True
__________ rely on traffic analysis when the defenders use encryption that is too
difficult to attack. - Answer- Attackers
Producing one encryption key for each cryptonet or communicating pair and distributing
that key to the appropriate endpoints is called: - Answer- manual keying.
True or False? When replacing crypto keys, they must be all replaced 1 month at a
time. - Answer- False
True or False? In manual keying, two encryption keys are produced for each cryptonet
or communicating pair and those keys are distributed to the appropriate endpoints. -
Answer- False
True or False? Self-rekeying transforms an existing encryption key into a new one using
a pseudorandom number generator. - Answer- True
The process of transforming an existing key into a new one is called: - Answer- self-
rekeying.
Associate the following concepts with the appropriate secret-key building blocks. -
Answer- Key wrapping
Build a unique TEK from nonces and a secret - Answer- Shared secret hashing
Shares a separate KEK with each registered user - Answer- Key distribution center
True or False? The Key Distribution Center (KDC) greatly simplifies key management.
Each host must establish multiple "KDC keys" that it shares with the KDC. - Answer-
False
