MIS399 Midterm Quiz

  1. (malicious software) software that has a nefarious purpose, designed to cause problems to you as an individual or your system (Viruses and Worms)    malware
  2. 5 core functions of NIST Cybersecurity Framework    Identify, Protect, Detect, Respond, Recover
  3. a concept that when something fails, it should do so in a safe state   fail-safe defaults
  4. a message in its original form   Plaintext (or cleartext)
  5. a message in the encrypted form   Ciphertext
  6. a protection mechanism should deny access by default, and grant access only when explicit permission exists   default (implicit) deny
  7. A special mathematical function that performs one-way encryption   Hashing
  8. a subject (user, application, or process) should have only necessary rights and privileges to perform its tasks with no additional permissions   least privilege
  9. a system for encryption and decryption   Cryptosystem
  10. ability to verify that a message has been sent and received and that the sender can be identified (enforces ID) and verified   nonrepudiation
  11. Agents intercept a message that is encrypted, and proceed to use various techniques to try and decipher the plain text message   Cryptanalysis
  12. All of the following are asymmetric encryption   RSA, ECC, ElGamal
  13. always using simple solutions when available   Economy of mechanism
  14. An asymmetric encryption key that does have to be protected.   private key
  15. An asymmetric encryption key that does not have to be protected.  public key
  16. application of encryption verifies that a document was sent by the person it says it is from   Digital signitures
  17. applies to situations involving both authorization and access    implict deny
  18. attacks by a criminal organization which is characterized by a greater amount of planning, a longer period of time to conduct the activity, more financial banking to accomplish it, and possible corruption or collusion with insiders   structured threat
  19. attacks on a system that are conducted over short periods of time, are usually done by an individual or small group, have little financial backing, and are accomplished by insiders or outsiders who do not seek collusion with insiders   unconstructed threat
  20. attempts to break encryption algorithms   Cryptanalyst
  21. characterized by a much longer period of preparation (years is not uncommon), tremendous financial backing and a large/organized group of attackers.   highly structured threat
  22. communication between two parties; allows future activity without renewed authentication   Session Management
  23. Confidentiality, Integrity, and Availability   “CIA” of security
  24. controlling access to internal computers from external entities such as routers, firewalls, authentication hardware and software, encryption, and IDS   network security
  25. Cryptographic algorithms are used for all of the following   Confidentiality, Integrity, and Authentication
  26. Cryptography can be used to protect confidentiality and integrity as well as to implement nonrepudiation, authentication, key escrow, digital signatures, and digital rights management.   True
  27. deals with the security of telecommunications systems    COMSEC (Communication Security)
  28. design and operation of elements to ensure the proper functional environment of a system   configuration management
  29. Designed for the integrity of a message.One way hash that can create a hash value that can be used with an encryption protocol, has 160-bit hash value.   Secure Hash Algorithm (SHA)
  30. Developed by the Research and Development in Advanced Communication Technologies (RACE). The primary design feature is two different and independent parallel chains of computation, the results of which are then combined at the end of the process   RIPEMD
  31. Encrypting a message by simply rearranging the order of the letters is a function of the   Transposition Cypher
  32. Example of a shift cypher   ROT13
  33.   exception handling; system is more resilient   exception management
  34. focuses on protecting each computer and device individually instead of addressing protection of the network as a whole   host security
  35. for any given risk, more than one individual needs to be involved    separation of duties
  36. has 224, 256, 334, 512 bit hash values   SHA-2
  37. Hashing algorithms are most likely to be compromised   by a collision attack
  38. holds that the protection of an object should not rely upon secrecy of the protection mechanism itself   Open Design
  39. if we change a character of the plaintext, then several characters of the ciphertext should change, and similarly, if we change a character of the ciphertext, then several characters of the plaintext should change.   Diffusion
  40. information being protected from unauthorized access or alteration and yet is available to authorized individuals when required   Information Security
  41. is a common hashing algorithm that produces a 128-bit hash.   Message Digest 5 (MD5)
  42. is a concept that complements the idea of various layers of security   Diversity of Defense
  43. is a principle that is characterized by the use of multiple, different defense mechanism with a goal of improving the defensive response to an attack   Defense in Depth
  44. is a property of a public key system in which a key derived from another key is not compromised even if the originating key is compromised in the future.   perfect forward secrecy
  45. is the ability to control whether a subject can interact with an object  Access Control
  46. is the latest, is more secure and produces a 128-bit hash.   MD5
  47. is the masking of an item to render it unreadable, yet still usable   obfuscation
  48. is to ensure that only those individuals who have the authority to view a piece of information may do so   Confidentiality
  49. It takes plaintext of any length and creates a digest 128 bits in length. It then divides the plaintext into multiple 128-bit sections. Extra padding is added If the message is less than 128 bits.   MD2
  50. Keeping a copy of an encryption key with a trusted third party   Key escrow
  51. Message Digest 4: A hash that was created in 1990 for computers that process 32 bits at a time.   MD4
  52. Operational Model of Security   Protection=Prevention + (Detection + Response)
  53. Polyalphabetic substitution cipher   The Vigenère cipher works as a(n)
  54. Produces a 160-bit hash value and is used in DSS   SHA-1
  55. protection of data, hardware, and software    computer security
  56. refers to the concept that each and every request should be verified   Complete Mediation
  57. Refers to the users’ acceptance of security measures.   psychological acceptability
  58. states that mechanisms used to access resources should be dedicated and not shared   Least common mechanism
  59. states that the protection mechanism should be constructed so that it uses more than one piece of information to make access decisions   separation of privilege
  60. the “hacking” of the systems and computers used by a telephone company used by a telephone company to operate its telephone network   phreaking
  61. The “hacking” of the systems and computers used by a telephone company to operate its telephone network   Phreaking
  62. The cipher that replaces each letter of the alphabet with a different letter (not in sequence)   Substitution Cypher
  63. the matching of a user to an account through previously shared credentials   Authentication
  64. the practice (or art) of using encryption to conceal text      Cryptography
  65. The process for protecting intellectual property from unauthorized users   Digital Rights Management
  66. the process of coding a message such that its meaning is concealed   Encryption
  67. the process of transforming an encrypted message into the original form   Decryption
  68. The science of encrypting, or hiding, information    Cryptology
  69. This type of encryption uses the same key to encrypt and decrypt   Symmetric Key
  70. to making the relationship between the key and the ciphertext as complex and as involved as possible.   Confusion
  71. transforming plaintext of any length into a short code called a hash   Hashing
  72. warfare conducted against the information and information processing equipment used by an adversary  information warfare
  73. When a message sent by a user is digitally signed with a private key, the person will not be able to deny sending the message   Nonrepudiation
  74. whether a control can be verified to be functioning properly   auditability
  75. Which encryption method is based on the idea of two keys, one that is public and one that is private?   Asymmetric encryption
  76. Which encryption method is based on the idea of using the same key for encryption and decryption of data   Symmetric Cypher

Other Links:

Statistics Quiz

Networking Quiz

See other websites for quiz:

Check on QUIZLET

Check on CHEGG

Post Views: 105

Leave a Reply

Your email address will not be published. Required fields are marked *