• security Online Quiz - 5
Back
0

security Online Quiz - 5

Description: security Online Quiz - 5
Number of Questions: 20
Created by:
Tags: security
Start the Quiz
Attempted 0/20 Correct 0 Score 0

Asymmetric key cryptography is used for all of the following except:

technology security

  1. Encryption of data

  2. Access controls

  3. Nonrepudiation

  4. Steganography

Show answer
Correct Option: D

AI Explanation

To answer this question, we need to understand the purpose of asymmetric key cryptography and how it is used.

Asymmetric key cryptography, also known as public-key cryptography, uses a pair of keys: a public key and a private key. The public key is used for encryption, while the private key is used for decryption. This type of cryptography is widely used to provide secure communication over insecure networks.

Let's go through each option to understand why it is correct or incorrect:

Option A) Encryption of data - This option is correct. One of the main purposes of asymmetric key cryptography is to encrypt data using the public key.

Option B) Access controls - This option is incorrect. Asymmetric key cryptography can be used for access controls, such as digital signatures and authentication.

Option C) Nonrepudiation - This option is incorrect. Asymmetric key cryptography can be used to provide nonrepudiation, which means that the sender of a message cannot deny sending it.

Option D) Steganography - This option is correct. Steganography is the practice of hiding information within other information, such as hiding a message within an image. Asymmetric key cryptography is not directly used for steganography.

Therefore, the correct answer is D) Steganography.

One of the most important principles in the secure use of a public key algorithm is:

technology security

  1. Protection of the private key

  2. Distribution of the shared key

  3. Integrity of the message

  4. History of session keys

Show answer
Correct Option: A

AI Explanation

To answer this question, you need to understand the principles and concepts related to the secure use of a public key algorithm.

Option A) Protection of the private key - This option is correct. One of the most important principles in the secure use of a public key algorithm is the protection of the private key. The private key must be kept secret and secure to prevent unauthorized access or use. If the private key is compromised, it can lead to the unauthorized decryption of encrypted messages or the creation of forged digital signatures.

Option B) Distribution of the shared key - This option is not the correct answer. While the distribution of the shared key is an important aspect of symmetric key algorithms, it is not directly related to public key algorithms. Public key algorithms use asymmetric cryptography, where each user has a pair of keys: a public key and a private key. The public key is used for encryption, while the private key is used for decryption. The distribution of the public key is important, but the protection of the private key is paramount.

Option C) Integrity of the message - This option is not the correct answer. While the integrity of the message is important in ensuring that the message has not been tampered with during transmission, it is not specific to the secure use of a public key algorithm. Integrity can be achieved through the use of message authentication codes (MACs) or digital signatures, which can be implemented using public key algorithms, but it is not the most important principle in this context.

Option D) History of session keys - This option is not the correct answer. The history of session keys is not directly related to the secure use of a public key algorithm. Session keys are typically used in symmetric key algorithms to secure a specific communication session. Public key algorithms, on the other hand, are used for tasks such as encryption, digital signatures, and key exchange.

Therefore, the correct answer is A) Protection of the private key. This option is correct because the protection of the private key is crucial for maintaining the security of public key algorithms.

Secure distribution of a confidential message can be performed by:

technology security

  1. Encrypting the message with the receiver's public key

  2. Encrypting a hash of the message

  3. Having the message authenticated by a certificate authority

  4. Using a password-protected file format

Show answer
Correct Option: A

When a user needs to provide message integrity, what options may be best?

technology security

  1. Send a digital signature of the message to the recipient

  2. Encrypt the message with a symmetric algorithm and send it

  3. Encrypt the message with a private key so the recipient can decrypt with the corresponding public key

  4. Send an encrypted hash of the message along with the message to the recipient

Show answer
Correct Option: D

AI Explanation

To answer this question, you need to understand the concept of message integrity and the different options available to ensure it. Let's go through each option to understand why it is correct or incorrect:

Option A) Send a digital signature of the message to the recipient - This option is incorrect because a digital signature is used for message authentication, not message integrity. It ensures that the message comes from the claimed sender and has not been tampered with, but it does not specifically address message integrity.

Option B) Encrypt the message with a symmetric algorithm and send it - This option is incorrect because encryption alone does not provide message integrity. Encryption only protects the confidentiality of the message, ensuring that it cannot be read by unauthorized parties. It does not verify the integrity of the message or detect any modifications during transmission.

Option C) Encrypt the message with a private key so the recipient can decrypt with the corresponding public key - This option is incorrect because it describes asymmetric encryption, which is primarily used for confidentiality and authentication. While asymmetric encryption can provide some level of integrity, it is not the most effective option for ensuring message integrity.

Option D) Send an encrypted hash of the message along with the message to the recipient - This option is correct because it involves sending an encrypted hash (also known as a digital signature) of the message along with the message itself. By encrypting the hash, the recipient can verify the integrity of the message by comparing the decrypted hash with a recalculated hash of the received message. If the hashes match, it ensures that the message has not been tampered with during transmission.

The correct answer is D) Send an encrypted hash of the message along with the message to the recipient. This option is correct because it provides a way to verify the integrity of the message.

The two methods of encrypting data are

technology security

  1. Substitution and transposition

  2. Block and stream

  3. Symmetric and asymmetric

  4. DES and AES

Show answer
Correct Option: B

Messages protected by steganography can be transmitted to:

technology security

  1. Picture files

  2. Music files

  3. Video files

  4. All of the above

Show answer
Correct Option: D

An unauthorized and unintended communication path that provides for exchange of information is a:

technology security

  1. Secret link

  2. Covert channel

  3. Covert encryption

  4. Communication pipe

Show answer
Correct Option: B

What is the primary risk of using cryptographic protection for systems or data?

technology security

  1. Loss of the system may mean loss of all data.

  2. A hardware failure may lead to lost data or system integrity.

  3. A disgruntled user may lead to denial of service.

  4. An employee may hide his activities from the security department.

Show answer
Correct Option: C

AI Explanation

To answer this question, you need to understand the primary risks associated with using cryptographic protection for systems or data. Let's go through each option to understand why it is correct or incorrect:

Option A) Loss of the system may mean loss of all data - This option is not the primary risk of using cryptographic protection. While the loss of a system can result in data loss, it is not specific to cryptographic protection.

Option B) A hardware failure may lead to lost data or system integrity - This option is not the primary risk of using cryptographic protection. Hardware failures can occur in any system, regardless of whether cryptographic protection is used or not.

Option C) A disgruntled user may lead to denial of service - This option is the correct answer. The primary risk of using cryptographic protection is that a disgruntled user with access to the cryptographic keys or passwords can intentionally deny service to legitimate users by withholding or misusing the keys, rendering the system or data inaccessible.

Option D) An employee may hide his activities from the security department - This option is not the primary risk of using cryptographic protection. While cryptographic protection can be used to hide activities, it is not specific to cryptographic protection and can occur in any system.

The correct answer is C) A disgruntled user may lead to denial of service. This option is correct because it represents the primary risk of using cryptographic protection, where a user with access to the encryption keys can intentionally deny service to legitimate users.

The testing or reconciliation of evidence of a user’s identity is:

technology security

  1. Authorization

  2. Accountability

  3. Auditing

  4. Authentication

Show answer
Correct Option: D
Explanation:

To solve this question, the user needs to know the definitions of different security concepts and their applications. The user must identify the concept that refers to the testing or reconciliation of evidence of a user's identity.

Now, let's go through each option and explain why it is right or wrong:

A. Authorization: Authorization refers to the process of granting or denying access to a resource based on a user's identity and the permissions associated with that identity. This option is not the correct answer since it does not refer to the testing or reconciliation of evidence of a user's identity.

B. Accountability: Accountability refers to the state of being responsible or answerable for one's actions. This option is not the correct answer since it does not refer to the testing or reconciliation of evidence of a user's identity.

C. Auditing: Auditing refers to the process of tracking and evaluating the use of resources or actions taken by users to ensure compliance with policies and regulations. This option is not the correct answer since it does not refer to the testing or reconciliation of evidence of a user's identity.

D. Authentication: Authentication refers to the process of verifying the identity of a user or system. This includes the testing or reconciliation of evidence of a user's identity such as passwords, biometric data, or security tokens. This option is the correct answer.

Therefore, the answer is: D. Authentication.

An ongoing activity that examines either the system or the users, such as intrusion detection, is:

technology security

  1. Auditing

  2. Monitoring

  3. Accounting

  4. Eavesdropping

Show answer
Correct Option: B

The ability to determine the actions and behaviors of a single individual within a system and to identify that particular individual is:

technology security

  1. Authentication

  2. Accountability

  3. Authorization

  4. Nonrepudiation

Show answer
Correct Option: B
Explanation:

To solve this question, the user needs to have knowledge of basic cybersecurity concepts.

The correct answer is:

B. Accountability

Option A, Authentication refers to the process of verifying the identity of a user or system before granting access.

Option C, Authorization is the process of granting or denying access to specific resources or actions.

Option D, Nonrepudiation refers to the ability to prove that a particular action or event occurred and that it cannot be denied by the party who performed it.

Option B, Accountability is the ability to determine the actions and behaviors of a single individual within a system and to identify that particular individual. It is the answer to the question "who did what, when, and how" in a given system.

Therefore, the correct answer is B. Accountability.

The application of multiple layers of protection wherein a subsequent layer will provide protection if a previous layer is breached is:

technology security

  1. Defense-in-depth

  2. Weakest link

  3. Fail-safe

  4. Control analysis

Show answer
Correct Option: A

One of the main characteristics of black box testing of information systems is:

technology security

  1. The testing team is provided full knowledge of the resources to be tested.

  2. The testing team is provided partial knowledge of the resources to be tested and has to acquire some information on its own.

  3. The testing team is provided no knowledge of the resources to be tested and has to acquire information on its own.

  4. The testing team is not permitted direct access to the resources to be tested.

Show answer
Correct Option: C

The right of an individual to protection from unauthorized disclosure of personally identifiable information (PII) is the definition of:

technology security

  1. Security

  2. Confidentiality

  3. Authorization

  4. Privacy

Show answer
Correct Option: D

Which standard addresses credit card and cardholder authentication and is organized as 12 requirements under 6 logically consistent control objectives?

technology security

  1. Payment Card Industry (PCI) Data Privacy Standard (DPS)

  2. Payment Card Industry (PCI) Data Confidentiality Standard (DCS)

  3. Payment Card Industry (PCI) Data Security Standard (DSS)

  4. Payment Card Industry (PCI) Data Authorization Standard (DAS)

Show answer
Correct Option: C

AI Explanation

To answer this question, you need to understand the Payment Card Industry (PCI) standards.

Option A) Payment Card Industry (PCI) Data Privacy Standard (DPS) - This option is incorrect because the PCI Data Privacy Standard primarily focuses on protecting the privacy of cardholder data.

Option B) Payment Card Industry (PCI) Data Confidentiality Standard (DCS) - This option is incorrect because the PCI Data Confidentiality Standard primarily focuses on ensuring the confidentiality of cardholder data.

Option C) Payment Card Industry (PCI) Data Security Standard (DSS) - This option is correct. The PCI Data Security Standard (DSS) addresses credit card and cardholder authentication. It is organized into 12 requirements under 6 logically consistent control objectives.

Option D) Payment Card Industry (PCI) Data Authorization Standard (DAS) - This option is incorrect because there is no specific PCI standard called the Data Authorization Standard (DAS).

The correct answer is C) Payment Card Industry (PCI) Data Security Standard (DSS). This standard addresses credit card and cardholder authentication and is organized as 12 requirements under 6 logically consistent control objectives.

What provides a standard for Web application security and summarizes primary Web application security vulnerabilities based on input from security experts?
technology security

  1. The British Standards Institute (BSI) 7799

  2. ISO 27002

  3. The Open Web Application Security Project (OWASP) Top Ten Project

  4. TSP-Secure

Show answer
Correct Option: C

Which one of the following provides the owner with a legally enforceable right to exclude others from practicing a covered invention for a specified period of time?
technology security

  1. Copyright

  2. Patent

  3. Warranty

  4. Trade Secret

Show answer
Correct Option: B

The columns of the access matrix are called:
technology security

  1. Access control lists (ACLs)

  2. Capability lists

  3. Triples

  4. Properties

Show answer
Correct Option: A

What model describes those characteristics of security engineering processes essential to ensure good security engineering?

technology security

  1. Systems Security Engineering Capability Maturity Model (SSE-CMM)

  2. Capability Maturity Model Integration (CMMi)

  3. Bell-LaPadula model

  4. Systems Engineering Capability Maturity Model (SE-CMM)

Show answer
Correct Option: A

Which form of malware is designed to reproduce itself by utilizing system resources?

technology security

  1. A worm

  2. A virus

  3. A trojan horse

  4. A multipart virus

Show answer
Correct Option: A
- Hide questions
ADVERTISEMENT

Find more quizzes from top tags

general knowledge
3615 Quizzes
119858 Questions
 technology
307 Quizzes
36705 Questions
 sports
963 Quizzes
19148 Questions
 history
1187 Quizzes
13475 Questions
 physics
598 Quizzes
13441 Questions
 biology
1160 Quizzes
12174 Questions
 science & technology
551 Quizzes
11015 Questions
 chemistry
490 Quizzes
9892 Questions
 maths
518 Quizzes
9324 Questions
 softskills
0 Quizzes
7131 Questions