Computer Security Principles and Practice 4th Edition By William Stallings - Test Bank

Chapter 2 – Cryptographic Tools TRUE/FALSE QUESTIONS: T F 1. Symmetric encryption is used primarily to provide confidentiality. T F 2. Two of the most important applications of public-key encryption are digital signatures and key management. T F 3. Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. T F 4. The secret key is input to the encryption algorithm. T F 5. Triple DES takes a plaintext block of 64 bits and a key of 56 bits to produce a ciphertext block of 64 bits. T F 6. Modes of operation are the alternative techniques that have been developed to increase the security of symmetric block encryption for large sequences of data. T F 7. The advantage of a stream cipher is that you can reuse keys. T F 8. A message authentication code is a small block of data generated by a secret key and appended to a message. T F 9. Like the MAC, a hash function also takes a secret key as input. T F 10. The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm. T F 11. Public-key cryptography is asymmetric. T F 12. Public-key algorithms are based on simple operations on bit patterns. T F 13. The purpose of the DSS algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages. T F 14. An important element in many computer security services and applications is the use of cryptographic algorithms. T F 15. Some form of protocol is needed for public-key distribution. MULTIPLE CHOICE QUESTIONS: 1. The original message or data that is fed into the algorithm is __________. A. encryption algorithm B. secret key C. decryption algorithm D. plaintext 2. The __________ is the encryption algorithm run in reverse. A. decryption algorithm B. plaintext C. ciphertext D. encryption algorithm 3. __________ is the scrambled message produced as output. A. Plaintext B. Ciphertext C. Secret key D. Cryptanalysis 4. On average, __________ of all possible keys must be tried in order to achieve success with a brute-force attack. A. one-fourth B. half C. two-thirds D. three-fourths 5. The most important symmetric algorithms, all of which are block ciphers, are the DES, triple DES, and the __________. A. SHA B. RSA C. AES D. DSS 6. If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to __________ . A. use longer keys B. use shorter keys C. use more keys D. use less keys 7. __________ is a procedure that allows communicating parties to verify that received or stored messages are authentic. A. Cryptanalysis B. Decryption C. Message authentication D. Collision resistance 8. The purpose of a __________ is to produce a “fingerprint” of a file, message, or other block of data. A. secret key B. digital signature C. keystream D. hash function 9. __________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n. A. DSS B. RSA C. SHA D. AES 10. A __________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key. A. digital signature B. keystream C. one way hash function D. secret key 11. Transmitted data stored locally are referred to as __________ . A. ciphertext B. DES C. data at rest D. ECC 12. Digital signatures and key management are the two most important applications of __________ encryption. A. private-key B. public-key C. preimage resistant D. advanced 13. A __________ is to try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. A. mode of operation B. hash function C. cryptanalysis D. brute-force attack 14. Combined one byte at a time with the plaintext stream using the XOR operation, a __________ is the output of the pseudorandom bit generator. A. keystream B. digital signature C. secure hash D. message authentication code 15. A _________ protects against an attack in which one party generates a message for another party to sign. A. data authenticator B. strong hash function C. weak hash function D. digital signature SHORT ANSWER QUESTIONS: 1. Also referred to as single-key encryption, the universal technique for providing confidentiality for transmitted or stored data is __________ . 2. There are two general approaches to attacking a symmetric encryption scheme: cryptanalytic attacks and __________ attacks. 3. The __________ algorithm takes the ciphertext and the secret key and produces the original plaintext. 4. A __________ attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. 5. A __________ processes the plaintext input in fixed-size blocks and produces a block of ciphertext of equal size for each plaintext block. 6. A __________ processes the input elements continuously, producing output one element at a time. 7. Public-key encryption was first publicly proposed by __________ in 1976. 8. The two criteria used to validate that a sequence of numbers is random are independence and _________ . 9. A _________ is a hardware device that sits between servers and storage systems and encrypts all data going from the server to the storage system and decrypts data going in the opposite direction. 10. In July 1998 the __________ announced that it had broken a DES encryption using a special purpose “DES cracker” machine. 11. The simplest approach to multiple block encryption is known as __________ mode, in which plaintext is handled b bits at a time and each block of plaintext is encrypted using the same key. 12. A __________ stream is one that is unpredictable without knowledge of the input key and which has an apparently random character. 13. The __________ is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. 14. __________ is provided by means of a co-processor board embedded in the tape drive and tape library hardware. 15. The purpose of the __________ algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages. Chapter 4 – Access Control TRUE/FALSE QUESTIONS: T F 1. Access control is the central element of computer security. T F 2. The authentication function determines who is trusted for a given purpose. T F 3. An auditing function monitors and keeps a record of user accesses to system resources. T F 4. External devices such as firewalls cannot provide access control services. T F 5. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner. T F 6. Security labels indicate which system entities are eligible to access certain resources. T F 7. Reliable input is an access control requirement. T F 8. A user may belong to multiple groups. T F 9. An access right describes the way in which a subject may access an object. T F 10. The default set of rights should always follow the rule of least privilege or read-only access T F 11. A user program executes in a kernel mode in which certain areas of memory are protected from the user’s use and certain instructions may not be executed. T F 12. Any program that is owned by, and SetUID to, the “superuser” potentially grants unrestricted access to the system to any user executing that program. T F 13. Traditional RBAC systems define the access rights of individual users and groups of users. T F 14. A constraint is a defined relationship among roles or a condition related to roles. T F 15. An ABAC model can define authorizations that express conditions on properties of both the resource and the subject. MULTIPLE CHOICE QUESTIONS: 1. __________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance. A. Audit control B. Resource control C. System control D. Access control 2. __________ is verification that the credentials of a user or other system entity are valid. A. Adequacy B. Authentication C. Authorization D. Audit 3. _________ is the granting of a right or permission to a system entity to access a system resource. A. Authorization B. Authentication C. Control D. Monitoring 4. __________ is the traditional method of implementing access control. A. MAC B. RBAC C. DAC D. MBAC 5. __________ controls access based on comparing security labels with security clearances. A. MAC B. DAC C. RBAC D. MBAC 6. A concept that evolved out of requirements for military information security is ______ . A. reliable input B. mandatory access control C. open and closed policies D. discretionary input 7. A __________ is an entity capable of accessing objects. A. group B. object C. subject D. owner 8. A(n) __________ is a resource to which access is controlled. A. object B. owner C. world D. subject 9. The final permission bit is the _________ bit. A. superuser B. kernel C. set user D. sticky 10. __________ is based on the roles the users assume in a system rather than the user’s identity. A. DAC B. RBAC C. MAC D. URAC 11. A __________ is a named job function within the organization that controls this computer system. A. user B. role C. permission D. session 12. __________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization. A. Constraints B. Mutually Exclusive Roles C. Cardinality D. Prerequisites 13. __________ refers to setting a maximum number with respect to roles. A. Cardinality B. Prerequisite C. Exclusive D. Hierarchy 14. Subject attributes, object attributes and environment attributes are the three types of attributes in the __________ model. A. DSD B. RBAC C. ABAC D. SSD 15. The __________ component deals with the management and control of the ways entities are granted access to resources. A. resource management B. access management C. privilege management D. policy management SHORT ANSWER QUESTIONS:¸ 1. X.800 defines __________ as the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner. 2. An independent review and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security, and to recommend any indicated changes in control, policy and procedures is a(n) __________ . 3. __________ access control controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles. 4. __________ access control controls access based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do. 5. The basic elements of access control are: subject, __________, and access right. 6. Basic access control systems typically define three classes of subject: owner, __________ and world. 7. A __________ access control scheme is one in which an entity may be granted access rights that permit the entity, by its own volition, to enable another entity to access some resource. 8. The __________ user ID is exempt from the usual file access control constraints and has system wide access. 9. A __________ is a mapping between a user and an activated subset of the set of roles to which the user is assigned. 10. Role hierarchies make use of the concept of __________ to enable one role to implicitly include access rights associated with a subordinate role. 11. A __________ dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role and can be used to structure the implementation of the least privilege concept. 12. There are three key elements to an ABAC model: attributes which are defined for entities in a configuration; a policy model, which defines the ABAC policies; and the __________ model, which applies to policies that enforce access control. 13. The three types of attributes in the ABAC model are subject attributes, object attributes, and _________ attributes. 14. A __________ is an object or data structure that authoritatively binds an identity to a token possessed and controlled by a subscriber. 15. In digital identity systems, a __________ functions as a certification program.