Question 1

This was commonly used in cryptography during World War II.&#10;A)Tunneling&#10;B)Personalization&#10;C)Van Eck phreaking&#10;D)One-time pad

Accepted Answer

The one-time pad was a cryptography method widely used during World War II. It is a system where a random key or "pad" is used only once to encrypt and decrypt a message, making it theoretically unbreakable if used correctly.

Question 2

Today, many Internet businesses and users take advantage of cryptography based on this approach.&#10;A)Public key infrastructure&#10;B)Output feedback&#10;C)Encrypting File System&#10;D)Single sign on

Accepted Answer

Public key infrastructure (PKI) is the approach widely used in Internet businesses and by users for cryptography. It involves the use of a pair of keys - a public key and a private key - for secure communication over the Internet, enabling activities such as secure email, secure web browsing, and the authentication of users and devices.

Question 3

This is the name for the issuer of a PKI certificate.&#10;A)Man in the middle&#10;B)Certificate authority&#10;C)Resource Access Control Facility&#10;D)Script kiddy

Accepted Answer

The Certificate Authority (CA) is the entity responsible for issuing digital certificates in a Public Key Infrastructure (PKI) system. These certificates verify the ownership of a public key by the named subject of the certificate.

Question 4

Developed by Philip R. Zimmermann, this is the most widely used privacy-ensuring program by individuals and is also used by many corporations.&#10;A)DS&#10;B)OCSP&#10;C)Secure HTTP&#10;D)Pretty Good Privacy

Accepted Answer

Pretty Good Privacy (PGP) was developed by Philip R. Zimmermann and is widely used for securing individual communications as well as being utilized by corporations for secure data exchange.

Question 5

This is the encryption algorithm that will begin to supplant the Data Encryption Standard (DES) - and later Triple DES - over the next few years as the new standard encryption algorithm.&#10;A)Rijndael&#10;B)Kerberos&#10;C)Blowfish&#10;D)IPsec

Accepted Answer

Rijndael was selected as the Advanced Encryption Standard (AES) to replace DES and Triple DES, becoming the new standard for encryption to secure sensitive data.

Question 6

This is the inclusion of a secret message in otherwise unencrypted text or images.&#10;A)Masquerade&#10;B)Steganography&#10;C)Spoof&#10;D)Eye-in-hand system

Accepted Answer

Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. It differs from cryptography in that the aim is to hide the existence of the message, rather than just the content.

Question 7

In password protection, this is a random string of data used to modify a password hash.&#10;A)Sheepdip&#10;B)Salt&#10;C)Bypass&#10;D)Dongle

Accepted Answer

Salt is used in password protection to add a unique value to each password before it is hashed, making it more difficult to crack through methods like rainbow table attacks. This process helps in enhancing the security of stored passwords.

Question 8

This is a mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding cipher text value and vice versa.&#10;A)Foot printing&#10;B)Hash function&#10;C)Watermark&#10;D)Electronic Code Book

Accepted Answer

Electronic Code Book (ECB) is a mode of operation for block ciphers where each block of plaintext is encrypted independently, resulting in a defined corresponding ciphertext for each possible block of plaintext.

Question 9

This is a trial and error method used to decode encrypted data through exhaustive effort rather than employing intellectual strategies.&#10;A)Chaffing and winnowing&#10;B)Cryptanalysis&#10;C)Serendipity&#10;D)Brute force cracking

Accepted Answer

Brute force cracking is a method that involves trying all possible combinations to decode encrypted data, relying on exhaustive effort rather than intellectual strategies.

Question 10

An intruder might install this on a networked computer to collect user ids and passwords from other machines on the network.&#10;A)Passphrase&#10;B)Root kit&#10;C)Ownership tag&#10;D)Token

Accepted Answer

A root kit is a collection of software tools that enable an unauthorized user to gain control of a computer system without being detected. It can be used to collect user IDs and passwords from other machines on the network by intercepting and logging information on the compromised system.

Question 11

This type of intrusion relies on the intruder's ability to trick people into breaking normal security procedures.&#10;A)Shoulder surfing&#10;B)Hijacking&#10;C)Brain fingerprinting&#10;D)Social engineering

Accepted Answer

The answer of This type of intrusion relies on the...

Question 12

The developers of an operating system or vendor application might issue this to prevent intruders from taking advantage of a weakness in their programming.&#10;A)Cookie&#10;B)Key fob&#10;C)Watermark&#10;D)Patch

Accepted Answer

The answer of The developers of an operating system or...

Question 13

This is an attack on a computer system that takes advantage of a particular vulnerability that the system offers to intruders.&#10;A)Port scan&#10;B)Denial of service&#10;C)Exploit&#10;D)Logic bomb

Accepted Answer

The answer of This is an attack on a computer...

Question 14

This is a program in which harmful code is contained inside apparently harmless programming or data.&#10;A)Snort&#10;B)Honeypot&#10;C)Blue bomb&#10;D)Trojan horse

Accepted Answer

The answer of This is a program in which harmful...

Question 15

This is the modification of personal information on a Web user's computer to gain unauthorized information with which to obtain access to the user's existing accounts.&#10;A)Identity theft&#10;B)Cookie poisoning&#10;C)Shoulder surfing&#10;D)Relative identifier

Accepted Answer

The answer of This is the modification of personal information...

Question 16

This type of attack may cause additional damage by sending data containing codes designed to trigger specific actions - for example, changing data or disclosing confidential information.&#10;A)Buffer overflow&#10;B)Block cipher&#10;C)War dialing&#10;D)Distributed denial-of-service attack

Accepted Answer

The answer of This type of attack may cause additional...

Question 17

This is the forging of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.&#10;A)Foot printing&#10;B)Non repudiation&#10;C)E-mail spoofing&#10;D)Finger

Accepted Answer

The answer of This is the forging of an e-mail...

Question 18

This is a type of network security attack in which the intruder takes control of a communication between two entities and masquerades as one of them.&#10;A)Hijacking&#10;B)Identity theft&#10;C)Smurf attack&#10;D)Tunneling

Accepted Answer

The answer of This is a type of network security...

Question 19

This is a compromised Web site that is being used as an attack launch point in a denialof-service attack.&#10;A)Bastion host&#10;B)Packet monkey&#10;C)Dongle&#10;D)Zombie

Accepted Answer

The answer of This is a compromised Web site that...

Question 20

This electronic &#34;credit card&#34; establishes a user's credentials when doing business or other transactions on the Web and is issued by a certification authority.&#10;A)Private key&#10;B)Digital certificate&#10;C)Smart card&#10;D)Ownership tag

Accepted Answer

The answer of This electronic &#34;credit card&#34; establishes a user's...

Question 21

What &#34;layer&#34; of an e-mail message should you consider when evaluating e-mail security?&#10;A)TCP/IP&#10;B)SMTP&#10;C)Body&#10;D)All of the above

Accepted Answer

The answer of What &#34;layer&#34; of an e-mail message should...

Deck 2: Cybersecurity and Cryptography