Documente Academic
Documente Profesional
Documente Cultură
1. Which of the following are true about sending a PGP message from Alice to Bob?
Ans: E, F and J
2. Let's say that the plaintext "hello" is enciphered as "zbabh". What kind of cipher is this? (It is
one of the three choices given)
A. substitution
B. transposition
C. product (both substitution and transposition)
Ans: B
3. In a Caesar cipher, the encryption function is the same as the decryption function.
A. true
B. false
Ans : B
4. Briefly describe why a symmetric cipher is never used for a digital signature.
Ans: - Symmetric cipher uses one shared secrete key for encryption and decryption. They
are very much effective for message b/n two trusted individuals but they are unsuitable for
digital signature. Digital signature is based on public key cryptographic technique
5. Keeping the enciphering and deciphering algorithm secret would violate which design
principle?
Ans : C
6. What is the most important difference between symmetric and asymmetric cryptography?
Ans : Symmetric cryptography uses the same secret (private) key to encrypt and decrypt its
data whereas asymmetric uses both a public and private key. Symmetric requires that the
secret key be known by the party encrypting the data and the party decrypting the data.
Asymmetric allows for distribution of your public key to anyone with which they can encrypt
the data they want to send securely and then it can only be decoded by the person having the
private key. This eliminates the need of having to give someone the secret key (as with
symmetric encryption) and risk having it compromised.
The issue with asymmetric is that it is about many times slower than symmetric encryption
which makes it impractical when trying to encrypt large amounts of data. Also to get the same
security strength as symmetric, asymmetric must use strong a stronger key than symmetric.
A. Session key
B. Interchange Key
C. Lifetime of both are the same
Ans : B
8. Lets say that I want my bank to wire you $1000. I encipher a message containing this request
to the bank as follows:
When the bank gets the enciphered message, it does the following:
A. confidentiality
B. origin integrity
C. data integrity
D. availability
Ans : D
9. Kerberos was a mythical three headed dog that guarded the gates of hell. What are the 3
"heads" of the Kerberos protocol?
A. true
B. false
Ans: B
11. During key exchange which of the following must be kept secret
Ans : A and B
12. In Kerberos, the print server shares a key with the authenticating server.
A. true
B. false
Ans : B
13. Kerberos uses public key cryptography to exchange the session key between the
authenticating server and the ticket granting server.
A. true
B. false
Ans : B
Ans : A and D
15. Which of the following are true statements about a digital signature?
A. Part of the procedure of creating a digital signature is to hash the message using a
cryptographic checksum function.
B. A message that is digitally signed must be encrypted before it is signed.
C. Part of the procedure of creating a digital signature is to encrypt the message hash using
the private key.
D. Part of the procedure of creating a digital signature is to encrypt the message hash using
the public key.
E. A digital signature helps assure the integrity of the message.
16. Which of the following are acceptable ways to get the public key of a CA?
A. from a list of trusted root certification authorities that ships with a browser
B. from an unsolicited promotional email sent by the CA
C. from a certificate chain
D. from a flash drive mailed to you by the CA after they have validated your identity.
E. from the home page of the CA
Ans: A, C and D
17. The SSL protocol uses the private key of the browser to encrypt the session key.
A. true
B. false
Ans: B
A. true
B. false
Ans : A
19. When you get a certificate from a CA you must provide the CA with both your public and
your private key.
A. true
B. false
Ans : B
20. Which of the following can be used to establish the identity of an external entity (a user of
the computer system)?
Ans : F
21. Why is it good that to save the hash of your password in the database rather than the
plaintext of the password?
Ans : It’s for security reasons one has to hash the password and put it in the database if it were a plain
text it’s easily accessible to anyone who have a data base access
22. After reading all the literature on passwords, these appear to be the recommendations:
Ans : H