CECS 378 MIDTERM 1 EXAM QUESTIONS WITH VERIFIED SOLUTIONS LATEST UPDATE 2026

CECS 378 MIDTERM 1 EXAM QUESTIONS WITH VERIFIED SOLUTIONS LATEST UPDATE 2026 What does CIA stand for in the context of information security? a) Central Intelligence Agency b) Confidentiality, Integrity, Availability c) Cyber Intelligence Assessment d) Critical Information Analysis - Answers b: Confidentiality, Integrity, Availability Which component of the CIA Triad focuses on keeping data accessible to authorized users? a) Confidentiality b) Integrity c) Availability d) Authentication - Answers c: Availability True or False: The CIA Triad is primarily used by conspiracy theorists. - Answers false Which of the following is an example of maintaining confidentiality? a) Regular system backups b) Two-factor authentication c) Data validation checks d) Load balancing - Answers b: Two-factor authentication How can the CIA Triad help organizations after a security incident? a) By providing a clear checklist for evaluation b) By increasing network speed ) By automatically fixing vulnerabilities d) By contacting law enforcement - Answers a: By providing a clear checklist for evaluation Which of these is NOT typically considered part of the CIA Triad? a) Confidentiality b) Integrity c) Availability d) Accountability - Answers d: Accountability True or False: The CIA Triad can help inform an organization's security policies and procedures. - Answers true In the context of e-commerce, asking for a password when logging in primarily addresses which aspect of the CIA Triad? a) Confidentiality b) Integrity c) Availability d) None of the above - Answers a: Confidentiality What is inserted between the physical server resources and virtual servers in software-based virtualization? a) Hypervisor b) Virtual machine c) Virtualization layer d) Guest operating system - Answers c: Virtualization layer What are the four core components of hardware resources emphasized in virtualization? a) CPU, memory, network, and disk resources b) RAM, GPU, SSD, and motherboard c) Processor, hard drive, keyboard, and monitor d) Cache, BIOS, power supply, and cooling system - Answers a: CPU, Memory, network, and disk resources What is another term used for the virtualization layer? a) Virtual Machine Monitor (VMM) b) Host System c) Guest Operating System d) Virtual CPU - Answers a: Virtual Machine Monitor (VMM) In virtualization terminology, what is the physical server called? a) Virtual Machine b) Host c) Guest d) Hypervisor - Answers b: host True or False: Virtual machines on the same host can access each other's data freely. - Answers false What makes it easy for administrators to back up virtual machines? a) They require special backup software b) They consist of only a few files (configuration, disk, and log) c) They can't be backed up d) They automatically back themselves up - Answers b: They consist of only a few files (configuration, disk, and log) What allows virtual machines to be fully separated and isolated from each other? a) The host operating system b) The virtualization layer c) The guest operating system d) The network interface - Answers b: The virtualization layer True or False: The hardware resources allocated to a virtual machine can be changed during ongoing operations. - Answers true What component does all access from a virtual machine to the physical hardware pass through? a) CPU b) Memory c) Virtualization layer d) Network interface - Answers c: Virtualization layer According to the article, a virtual machine created on one server model (e.g., PRIMERGY RX300 S4) can be run on a different model (e.g., PRIMERGY RX600 S4). What makes this possible? a) The virtualization layer's separation of VMs from hardware dependencies b) The identical hardware in both server models c) Special transfer software d) The guest operating system's adaptability - Answers a: he virtualization layer's separation of VMs from hardware dependencies What is Git primarily designed for? a) Database management b) Version control c) Web development d) Network administration - Answers b: Version control Who created Git? a) Bill Gates b) Linus Torvalds c) Mark Zuckerberg d) Steve Jobs - Answers b: Linus Torvalds What percentage of developers reported using Git as their primary version control system as of 2022? a) 75% b) 85% c) 95% d) 100% - Answers c: 95% Which of the following is NOT one of the three main states of files in Git? a) Modified b) Staged c) Committed d) Archived - Answers d:Archived What does Git store instead of file differences? a) File metadata b) Snapshots of the project c) Only the changes made d) Compressed file versions - Answers b: Snapshots of the project What is a key advantage of Git's distributed nature? a) It requires less storage space b) It's faster than centralized systems c) It allows for offline work d) It's easier to set up - Answers c: It allows for offline work What is a "commit" in Git? a) A bug in the code b) A version of the project c) A merge conflict d) A branch deletion - Answers b: A version of the project What command is used to create a new branch and switch to it in Git? a) git branch new-branch b) git checkout -b new-branch c) git create new-branch d) git switch new-branch - Answers b: git checkout -b new-branch What does Git use to ensure the integrity of every version of your project? a) Encryption b) Compression c) Cryptographic hash functions d) Blockchain technology - Answers c: Cryptographic hash functions What is the purpose of the staging area in Git? a) To permanently store changes b) To review and format changes before committing c) To sync with remote repositories d) To create backups of the project - Answers b: To review and format changes before committing What is the primary security drawback of the Electronic Codebook (ECB) mode? a) It's too slow b) It preserves patterns in the plaintext c) It requires a large initialization vector d) It can't handle large files - Answers b: It preserves patterns in the plaintext Which mode of operation combines encryption with authentication? a) CBC b) CTR c) ECB d) GCM - Answers d: GCM What is the purpose of an initialization vector (IV) in block cipher modes? a) To increase the key size b) To speed up encryption c) To ensure distinct ciphertexts even when encrypting the same plaintext multiple times d) To reduce the block size - Answers c: To ensure distinct ciphertexts even when encrypting the same plaintext multiple times What is a padding oracle attack primarily exploiting? a) Weak keys b) Timing information from decryption operations c) Large block sizes d) Slow encryption algorithms - Answers b: Timing information from decryption operations Which of the following is recommended to mitigate CBC mode vulnerabilities? a) Using larger block sizes b) Implementing a data integrity check before decryption c) Increasing the number of rounds in the cipher d) Using ECB mode instead - Answers b: Implementing a data integrity check before decryption What is the recommended paradigm for combining encryption and authentication? a) Sign-then-encrypt b) Encrypt-then-sign c) Sign-and-encrypt simultaneously d) It doesn't matter as long as both are done - Answers b: Encrypt-then-sign Which of the following is NOT a characteristic of the Galois/Counter Mode (GCM)? a) It combines counter mode encryption with Galois authentication b) It allows for parallel computation c) It requires padding of the last block d) It provides both confidentiality and integrity - Answers c: It requires padding of the last block What type of signature is recommended to ensure data integrity in CBC mode? a) Simple checksum b) HMAC (keyed-hash message authentication code) c) Digital signature d) Both b and c are acceptable - Answers d: Both b and c are acceptable What is the main purpose of the Diffie-Hellman (DH) algorithm? a) To provide nonrepudiation support b) To support email data confidentiality c) To encrypt data traffic after a VPN is established d) To generate a shared secret between two hosts that have not communicated before - Answers d: To generate a shared secret between two hosts that have not communicated before Which of the following is a feature of HMAC? a) HMAC is based on the RSA hash function b) HMAC uses a secret key known only to the sender c) HMAC uses protocols such as SSL or TLS for session layer confidentiality d) HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance - Answers d: HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance Which requirement of secure communications is ensured by implementing MD5 or SHA hash generating algorithms? a) Confidentiality b) Authentication c) Integrity d) Nonrepudiation - Answers c: Integrity In public key encryption, which key is used for encryption? a) Private key b) Public key c) Symmetric key d) Master key - Answers b:Public key What is a primary advantage of Elliptic Curve Cryptography (ECC) over RSA? a) It's more secure b) It's easier to implement c) It requires less computing power for equivalent security d) It's been in use longer - Answers c: It requires less computing power for equivalent security What is the primary advantage of using Elliptic Curve Cryptography (ECC) compared to RSA? a) ECC is easier to implement. b) ECC requires smaller key sizes for equivalent security. c) ECC is older and more widely trusted. d) ECC can only be used for digital signatures. - Answers b: ECC requires smaller key sizes for equivalent security. In the context of public key cryptography, what does "non-repudiation" mean? a) The sender cannot deny sending the message. b) The recipient cannot deny receiving the message. c) The message cannot be modified after sending. d) The encryption process cannot be reversed. - Answers a: The sender cannot deny sending the message. Which of the following protocols is commonly associated with public key infrastructure (PKI)? a) HTTPS b) FTP c) SMTP d) SNMP - Answers a: HTTPS What is the purpose of a digital signature in public key cryptography? a) To encrypt messages for confidentiality. b) To verify the authenticity and integrity of a message. c) To generate random keys for symmetric encryption. d) To establish a secure connection between two parties. - Answers b: To verify the authenticity and integrity of a message. Which of the following statements about public key encryption is true? a) The private key is shared with everyone to ensure security. b) Public keys can be used to decrypt messages encrypted with the corresponding private key. c) Public key encryption is generally faster than symmetric encryption. d) Public keys are used to encrypt messages, while private keys are used to decrypt them - Answers d: Public keys are used to encrypt messages, while private keys are used to decrypt them What is the main advantage of universal hashing over deterministic hashing? a) It's faster b) It offers guarantees against adversarial inputs c) It uses less memory d) It always produces perfect hash functions - Answers b: It offers guarantees against adversarial inputs In universal hashing, when is a new hash function typically chosen in hash table implementations? a) Every time a new key is inserted b) At regular time intervals c) After "too many" key collisions are noticed d) Only when the table is resized - Answers c: After "too many" key collisions are noticed Which of the following is NOT mentioned as a collision resolution scheme in the article? a) Dynamic perfect hashing b) Cuckoo hashing c) 2-choice hashing d) Linear probing - Answers d: Linear probing What is the typical goal of hashing according to the article? a) To maximize the number of collisions b) To obtain a low number of collisions c) To create perfect hash functions