CNIT 270 Exam 1 (Latest Update 2026 /
2027) Questions & Answers {Grade A}
100% Correct
What is job rotation in terms of procedural access control? - correct answer Limits the
amount of time that individuals can manipulate security configurations. Exposes
potential fraud by having multiple individuals learn about the job and possible uncover
vulnerabilities. Can reduce burnout in employees.
What are mandatory vacations in terms of procedural access control? - correct
answer For sensitive positions, individuals are mandated to take vacation and security
audits are conducted while they are away.
,What is the principle of least privilege in terms of procedural access control? - correct
answer Limit access to the minimum required to do the job. Eliminate unnecessary
privileges. Should apply to users and processes.
What is the difference between an active vs. passive attack? - correct answer Active
includes data modification, data deletion, password cracking, and denial of service.
Active things are being done.
Passive includes eavesdropping/packet sniffing, key loggers, and protocol analyzer.
What type of codes are Parity, CRC, Error correction codes, and Hash codes? - correct
answer Error Detecting Codes
Can error detecting codes prove there has been no modification? - correct answer No,
absence of evidence is not evidence of absence.
,What does method authentication do? - correct answer - protect against active attacks
- verify received message is authentic
- can use conventional encryption
What does a cryptographic one-way hash function do? - correct answer Accepts a
variable sized message and produces a fixed-size output. Padding includes the length
of the original message in bits as a security measure to increase difficulty.
Hash message can be authenticated if encrypted using symmetric or public key
encryption.
What are the 6 requirements of a good hash function? - correct answer 1) H can be
applied to a block of data of any size
, 2) H produces a fixed length output
3) H(x) is relatively easy to compute for any given x
4) GIVEN the hash h, you can't find any two messages that have the same hash.
---> one-way or pre-image resistant
5) GIVEN x, there should not exist another value that will produce the same hash. H(x)
= H(y) should never occur.
---> second pre-image resistant or weak collision resistant
6) This one is just like 5 but x is NOT given. It is computationally infeasible to find any
pair (x,y) such that H(x)=H(y). Basically there is no pair of values that would collide.
---> strong collision resistant
2027) Questions & Answers {Grade A}
100% Correct
What is job rotation in terms of procedural access control? - correct answer Limits the
amount of time that individuals can manipulate security configurations. Exposes
potential fraud by having multiple individuals learn about the job and possible uncover
vulnerabilities. Can reduce burnout in employees.
What are mandatory vacations in terms of procedural access control? - correct
answer For sensitive positions, individuals are mandated to take vacation and security
audits are conducted while they are away.
,What is the principle of least privilege in terms of procedural access control? - correct
answer Limit access to the minimum required to do the job. Eliminate unnecessary
privileges. Should apply to users and processes.
What is the difference between an active vs. passive attack? - correct answer Active
includes data modification, data deletion, password cracking, and denial of service.
Active things are being done.
Passive includes eavesdropping/packet sniffing, key loggers, and protocol analyzer.
What type of codes are Parity, CRC, Error correction codes, and Hash codes? - correct
answer Error Detecting Codes
Can error detecting codes prove there has been no modification? - correct answer No,
absence of evidence is not evidence of absence.
,What does method authentication do? - correct answer - protect against active attacks
- verify received message is authentic
- can use conventional encryption
What does a cryptographic one-way hash function do? - correct answer Accepts a
variable sized message and produces a fixed-size output. Padding includes the length
of the original message in bits as a security measure to increase difficulty.
Hash message can be authenticated if encrypted using symmetric or public key
encryption.
What are the 6 requirements of a good hash function? - correct answer 1) H can be
applied to a block of data of any size
, 2) H produces a fixed length output
3) H(x) is relatively easy to compute for any given x
4) GIVEN the hash h, you can't find any two messages that have the same hash.
---> one-way or pre-image resistant
5) GIVEN x, there should not exist another value that will produce the same hash. H(x)
= H(y) should never occur.
---> second pre-image resistant or weak collision resistant
6) This one is just like 5 but x is NOT given. It is computationally infeasible to find any
pair (x,y) such that H(x)=H(y). Basically there is no pair of values that would collide.
---> strong collision resistant
