Asymmetric encryption utilizes only a public key for encryption and decryption.
FALSE
Asymmetric encryption can be used for con dentiality but not for authentication.
FALSE
Asymmetric encryption transforms plaintext into ciphertext.
TRUE
Plaintext is transformed into ciphertext using two keys and a decryption algorithm.
FALSE
A major advance in symmetric cryptography occurred with the development of the
rotor encryption/decryption machine.
TRUE
Public-key encryption is more secure from cryptanalysis than symmetric encryption.
FALSE
Much of the theory of public-key cryptosystems is based on number theory.公钥密码
系统的许多理论都是基于数论的。
TRUE
Asymmetric algorithms rely on one key for encryption and a di erent but related key
for decryption.
TRUE
The encryption algorithm performs various transformation on the ciphertext.
FALSE
If the authenticator is encrypted with the sender's private key, it serves as a signature
that veri es origin, content, and sequencing.如果验证器是⽤发送者的私钥加密的，那
么它将⽤作验证来源、内容和顺序的签名。
TRUE
A trap-door one-way function is easy to calculate in one direction and infeasible to
calculate in the other direction unless certain additional information is known.
TRUE
A public-key encryption scheme is not vulnerable to a brute-force attack.
FALSE
Before the application of the public-key cryptosystem each participant must generate TRUE
a pair of keys.
The defense against the brute-force approach for RSA is to use a large key space.
TRUE
Timing attacks are ciphertext attacks that are only applicable to RSA.
FALSE
Asymmetric encryption is also known as
A)digital-key encryption
B)private-key encryption
C)public-key encryption
D)optimal encryption
Public-key encryption is also known as ___________ .
A)optimal-key encryption
B)one way time exchange encryption
C)asymmetric encryption
D)digital-key encryption
Asymmetric encryption can be used for __________ .
A)neither con dentiality nor authentication
B)both con dentiality and authentication
C)authentication
D)con dentiality
Plaintext is recovered from the ciphertext using the paired key and a _____________ .
A)recovery encryption
B)encryption algorithm
C)decryption algorithm
D)digital signature
ff
fi
fi
fi
fi
fi
The most widely used public-key cryptosystem is __________ .
A)optimal asymmetric encryption
B)RSA
C)asymmetric encryption
D)DES
Public-key algorithms are based on __________ .
A)substitution
B)mathematical functions
C)symmetry
D)permutation
__________ are two related keys, a public key and a private key that are used to perform
complementary operations, such as encryption and decryption or signature generation and
signature veri cation.
A)Asymmetric keys
B)Key exchanges
C)Symmetric keys
D)Cipher keys
The __________ indicates that the subscriber identi ed in the certi cate has sole control and
access to the private key.表示证书中标识的订户对私钥拥有唯⼀的控制权和访问权。
A)Public Key Certi cate
B)Digital Signature
C)PKI
D)OAEP
A __________ is a cryptographic algorithm that uses two related keys, a public key and a private
key. The two keys have the property that deriving the private key from the public key is
computationally infeasible.
A)Public Key (Asymmetric) Cryptographic Algorithm
B)Private Key (Symmetric) Cryptographic Algorithm
C)RSA Digital Cryptographic Algorithm
D)Key Exchange Cryptographic Algorithm
A public-key encryption scheme has __________ ingredients.
A)two
B)six
C)fourterm-23
D)eight
The key used in symmetric encryption is referred to as a __________ key.
A)secret
B)private
C)public
D)decryption
The readable message or data that is fed into the algorithm as input is the ____________ .
A)exchange
B)ciphertext
C)plaintext
D)encryption
Two issues to consider with the computation required to use RSA are encryption/decryption and
__________ .
A)asymmetric encryption padding
B)key generation
C)time complexity
D)trap-door one-way functions
fi
fi
fi
fi
__________ depend on the running time of the decryption algorithm.
A)Timing attacks
B)Mathematical attacks
C)Chosen ciphertext attacks
D)Brute-force attacks
We de ne the ___________ of an algorithm to be f(n) if, for all n and all inputs of length n the
execution of the algorithm takes at most f(n) steps. This is a common measure of the e ciency
of an algorithm.
A)one-way function
B)OAEP
C)timing attack
D)time complexity
Message authentication is a mechanism or service used to verify the integrity of a
message.
TRUE
A considerably larger key size can be used for ECC compared to RSA
FALSE
The Di e-Hellman key exchange is a simple public-key algorithm
TRUE
The security of ElGamalis based on the di culty of computing discrete logarithms.
TRUE
For purposes of ECC, elliptic curve arithmetic involves the use of an elliptic curve
equation de ned over an in nite eld.
FALSE
The Di e-Hellman algorithm depends on the di culty of computing discrete
logarithms for its e ectiveness.
TRUE
There is not a computational advantage to using ECC with a shorter key length than a FALSE
comparably secure TSA.
Most of the products and standards that use public-key cryptography for encryption
and digital signatures use RSA
TRUE
ECC is fundamentally easier to explain than either RSA or Di e-Hellman.
FALSE
A number of public-key ciphers are based on the use of an abelian group阿⻉尔群
TRUE
Elliptic curves are ellipses.
FALSE
For determining the security of various elliptic curve ciphers it is of some interest to
know the number of points in a nite abelian group de ned over an elliptic curve.
TRUE
The form of cubic equation appropriate for cryptographic applications for elliptic
curves is somewhat di erent for GF(2m) than for Zp.
TRUE
The security of ECC depends on how di cult it is to determine k given kP and P.
TRUE
An encryption/decryption system requires that point Pm be encrypted as a plaintext.
FALSE
Since a symmetric block cipher produces an apparently random output it can serve
as the basis of a pseudorandom number generator.
TRUE
A considerably larger key size can be used for ECC compared to RSA.
FALSE
_________ can be used to develop a variety of elliptic curve cryptography schemes.
ffi
ffi
fi
ffi
ffi
ffi
fi
fi
fi
ff
ff
fi
fi
ffi
ffi
A. Elliptic curve arithmetic
B. Binary curve
C. Prime curve
D. Cubic equation
The key exchange protocol is vulnerable to a __________ attack because it does not
authenticate the participants.
A. one-way function
B. time complexity
C. chosen ciphertext
D. man-in-the-middle
The __________ cryptosystem is used in some form in a number of standards including DSS and
S/MIME.
A. Rabin
B. Rijnedel
C. Hillman
D. ElGamal
A(n) __________ is de ned by an equation in two variables with coe cients.
A. abelian group
B. binary curve
C. cubic equation
D. elliptic curve
__________ are best for software applications.
A. Binary curves
B. Prime curves
C. Bit operations
D. Abelian groups
An encryption/decryption system requires a point G and an elliptic group _________ as
parameters.
A. Eb(a,q)
B. Ea(q,b)
C. En(a,b)
D. Eq(a,b)
For cryptography the variables and coe cients are restricted to elements in a __________ eld.
A. primitive
B. in nite
C. public
D. nite
If three points on an elliptic curve lie on a straight line their sum is __________ .
A. 0
B. 1
C. 6
D. 3
___________ makes use of elliptic curves in which the variables and coe cients are all restricted
to elements of a nite eld.
A. Prime curve
B. Elliptic curve cryptography(ECC)
C. abelian group
D. Micali-Schnorr
For a ___________ de ned over GF(2m), the variables and coe cients all take on values in
GF(2m) and in calculations are performed over GF(2m).
fi
ffi
ffi
ffi
ffi
fi
fi
fi
fi
fi
fi
A. cubic equation
B. prime curve
C. binary curve
D. abelian group
A. K = nB x PA
B. K = nA x PB
C. K = nP x BA
D. K = nA x PA
Included in the de nition of an elliptic curve is a single element denoted O and called the point
at in nity or the __________ .
A. prime point
B. zero point
C. abelian point
D. elliptic point
The principal object of a hash function is___________
data
integrity
A ___________ accepts a variable length block of data as input and produces a xed
size hash value h = H(M)
hash
function
The Secure Hash Algorithm design closely models, and is based on, the hash
function __________
MD4
A ___________ is an algorithm for which it is computationally infeasible to nd either
(a) a data object that maps to a pre-speci ed hash result or (b) two data objects that
map to the same hash result.
cryptogr
aphic
hash
function
The cryptographic hash function requirement that guarantees that it is impossible to
nd an alternative message with the same hash value as a given message and
prevents forgery when an encrypted hash code is used is the
second
preimage
resistant
__________ is a mechanism or service used to verify the integrity of a message.
message
authentc
ation
Message authentication is achieved using a __________
mac
__________ are measures of the number of potential collisions for a given hash value.
preimage
A hash function that satis es the properties of variable input size, xed output size, e ciency,
preimage resistant and second preimage resistant is referred to as a _________
weak
hash
function
The e ort required for a collision resistant attack is explained by a mathematical result referred birthdayp
to as the ___________
aradox
A pseudorandom number generator takes as input a xed value called the
__________ and produces a sequence of output bits using a deterministic algorithm.
A. seed
B. xed skew
C. entropy source
D. keystream
The best that can be done to determine if a PRNG generates numbers that have the characteristic of
randomness is on the basis of multiple tests. These tests should seek to establish uniformity, scalability,
and __________ .
fi
ffi
fi
fi
fi
fi
fi
fi
ffi
ff
fi
A. consistency
B. authentication
C. frequency
D. sequencing
fi
fi
The Di e-Hellman key exchange formula for calculation of a secret key by User A is:
The __________ test is the most basic test of randomness and must be included in any test suite.
A. frequency
B. runs
C. unpredictability
D. Maurer
The Blum, Blum, Shub generator is referred to as a ____________ .
A. TRNG
B. OFB PRNG
C. QRN
D. CSPRBG
Two approaches that use a block cipher to build a PNRG and have gained widespread acceptance are:
A. CTR mode and CFB mode
B. CTR mode and OFB mode
C. CBC mode and CFB mode
D. OFB mode and ECB mode
A __________ uses a nondeterministic source to produce randomness.
A. CSPRBG
B. TRNG
C. PRNG
D. BBS
__________ is an open source project for creating truly random numbers using inexpensive cameras, open
source code, and inexpensive hardware.
A. LavaRnd
B. Blum, Blum, Shub
C. Maurer's statistics
D. Entropy
Various methods of modifying a bit stream to reduce or eliminate a bias have been developed. These are
referred to as ___________ algorithms.
A. backward
B. deskewing 偏移校正
C. forward
D. keystream
The Linux operating system uses _________ entropy sources for generating random numbers.
A. four
B. three
C. one
D. two
In key distribution and reciprocal authentication schemes two communicating parties cooperate by
exchanging messages to distribute keys and/or authenticate each other. In many cases ___________ are
used for handshaking to prevent replay attacks.
A. session keys
B. nonces. 暂时
C. RC4's
D. entropies
The distribution of bits in a random number sequence should be ___________ , therefore the frequency of
occurrence of ones and zeros should be approximately equal.
A. independent
B. uniform
C. reversed
D. streamed
Public-key encryption is also known as ___________ .
A. digital-key encryption
B. asymmetric encryption
C. one way time exchange encryption
D. optimal-key encryption
Asymmetric encryption can be used for __________ .
A. both con dentiality and authentication
B. neither con dentiality nor authentication
C. con dentiality
D. authentication
Plaintext is recovered from the ciphertext using the paired key and a _____________ .
A. digital signature
B. recovery encryption
C. decryption algorithm
D. encryption algorithm
The most widely used public-key cryptosystem is __________ .
A. optimal asymmetric encryption
B. asymmetric encryption
C. RSA
D. DES
Public-key algorithms are based on __________ .
A. permutation
B. mathematical functions
C. substitution
D. symmetry
__________ are two related keys, a public key and a private key that are used to perform complementary
operations, such as encryption and decryption or signature generation and signature veri cation.
A. Asymmetric keys
B. Key exchanges
C. Symmetric keys
D. Cipher keys
The __________ indicates that the subscriber identi ed in the certi cate has sole control and access to the
private key.
A. OAEP
B. Public Key Certi cate
C. Digital Signature
D. PKI
A __________ is a cryptographic algorithm that uses two related keys, a public key and a private key. The
two keys have the property that deriving the private key from the public key is computationally infeasible.
A. Private Key (Symmetric) Cryptographic Algorithm
B. Key Exchange Cryptographic Algorithm
C. Public Key (Asymmetric) Cryptographic Algorithm
D. RSA Digital Cryptographic Algorithm
A public-key encryption scheme has __________ ingredients.
fi
fi
fi
fi
fi
fi
fi
A. six
B. four
C. eight
D. two
The readable message or data that is fed into the algorithm as input is the ____________ .
A. ciphertext
B. exchange
C. plaintext
D. encryption
Two issues to consider with the computation required to use
RSA are encryption/decryption and __________ .
A. time complexity
B. trap-door one-way functions
C. key generation
D. asymmetric encryption padding
__________ depend on the running time of the decryption algorithm.
A. Mathematical attacks
B. Timing attacks
C. Chosen ciphertext attacks
D. Brute-force attacks
We de ne the ___________ of an algorithm to be f(n) if, for all n and all inputs of length n the execution of
the algorithm takes at most f(n) steps. This is a common measure of the e ciency of an algorithm.
A. time complexity
B. one-way function
C. timing attack
D. OAEP
The SSL Internet standard version is called _________
TLS
The most complex part of TLS is the __________ Handshake protocol
_______ provides secure, remote logon and other secure client/server facilities.
SSH
The ______ is used to convey TLS-related alerts to the peer entity.
Alert protocol
The _______ approach is vulnerable to man-in-the-middle attacks.
Anonymous Di e-Hellman
Cloud computing gives you the ability to expand and reduce resources according to
your speci c service requirement.
TRUE
In a public cloud model the provider is responsible both for the cloud infrastructure
and for the control of data and operations within the cloud.
TRUE
The term platform as a service has generally meant a package of security services
o ered by a service provider that o oads much of the security responsibility from an
enterprise to the security service provider
FALSE
The major advantage of the public cloud is cost.
FALSE
The security module for openStack is Keystone.
FALSE
An arbitrary byte sequence chosen by the server to identify an active or resumable
session state is a _________
session
identi er
De ned as a Proposed Internet Standard in RFC 2246, _________ is an IETF
standardization initiative whose goal is to produce an Internet standard version of
SSL.
TLS
Phase _________ of the Handshake Protocol establishes security capabilities.
ffi
ffl
ffi
fi
fi
fi
fi
fi
ff
The nal message in phase 2, and one that is always required, is the ___________
message, which is sent by the server to indicate the end of the server hello and
associated messages.
1
server_d
one
The symmetric encryption key for data encrypted by the client and decrypted by the
server is a _________ .
client
write
key
With each element of the list de ning both a key exchange algorithm and a
CipherSpec, the list that contains the combination of cryptographic algorithms
supported by the client in decreasing order of preference is the __________ .
CipherS
uite
_________ attacks include impersonating another user, altering messages in transit
between client and server and altering information on a Web site.
Active
_________ is organized as three protocols that typically run on top of TCP for secure
network communications and are designed to be relatively simple and inexpensive to
implement.
SSH
_________ provides secure, remote logon and other secure client/server facilities.
SSH
IaaS provides service to customers in the form of software, speci cally application
software, running on and accessible in the cloud.
TRUE
There is an increasingly prominent trend in many organizations to move a substantial
portion or even all IT operations to enterprise cloud computing.
TRUE
Measured service and rapid elasticity are essential characteristics of _________.
A. resource pooling
B. cloud computing
C. broad network access
D. resource pooling
A __________ cloud provides service to customers in the form of a platform on which the
Customer's applications can run.
A. broad network access
B. infrastructure as a service
C. platform as a service
D. resource pooling
The use of __________ avoids the complexity of software installation, maintenance, upgrades,
and patches.
A. SaaS B. MaaS
C. PaaS D. IaaS
A __________ infrastructure is made available to the general public or a large industry group and
is owned by an organization selling cloud services.
A. community cloud
B. private cloud
C. hybrid cloud
D. public cloud
Examples of services delivered through the __________ include database on demand, e-mail on
demand, and storage on demand.
A. hybrid cloud B. public cloud
C. private cloud D. community cloud
The core of ___________ is the implementation of intrusion detection systems and intrusion
prevention systems at entry points to the cloud and on servers in the cloud.
A. Intrusion management B. SIEM
C. security assessments D. web security
A __________ interconnects the IoT-enabled devices with the higher-level communication
networks.
A. microcontroller
B. gateway
C. carrier
D. sensor
fi
ff
fi
fi
fi
cloud computing____Is De ned as "a model for enabling ubiquitous, convenient, on demand
network access to a shared pool of con gurable computing resources that can be rapidly
provisioned and released with minimal management e ort or service provider interaction .
NIST SP 800-145 de nes three service models: software as a service, platform as a service, and
_Infrastructure____ as a service.
The four most prominent deployment models for cloud computing are public cloud, community
cloud, hybrid cloud and _private___ cloud.
The _hybrid__ cloud infrastructure is a composition of two or more clouds that remain unique
entities but are bound together by standardized or proprietary technology that enables data and
application portability.
A cloud __auditor审核员__ is a party that can conduct independent assessment of cloud
services, information system operations, performance, and security of the cloud
implementation.
__IAM___ includes people, processes and systems that are used to manage access to
enterprise resources by assuring that the identity of an entity is veri ed, then granting the
correct level of access based on this assured identity.
The __IoT___ is a term that refers to the expanding interconnection of smart devices, ranging
from appliances to tiny sensors.
With reference to the end systems supported, the Internet has gone through roughly four
generations of deployment culminating in the IoT: information technology, operational
technology, _Personal Technology___, and sensor/actuator technology.
The core network, also referred to as a ___backBone__ network, connects geographically
dispersed fog networks as well as provides access to other networks that are not part of the
enterprise network.
Kerberos provides a trusted third party authentication service that enables clients and TRUE
servers to establish authenticated communication.
Examples of dynamic biometrics include recognition by ngerprint, retina, and face.
F/静态
(dynamic biometrics):Examples include recognition by voice pattern,handwriting
characteristics,and typing rhythm.
动态⽣物
识别
User authentication is the basis for most types of access control and for user
accountability.
TRUE
For network based user authentication the most important methods involve
cryptographic keys and something the individual possesses, such as a smart card.
TRUE
There are a variety of problems including dealing with false positives and false
negatives, user acceptance, cost, and convenience with respect to biometric
authenticators.
TRUE
Any timestamp based procedure must allow for a window of time su ciently large
enough to accommodate network delays yet su ciently small to minimize the
opportunity for attack
TRUE
An e-mail message should be encrypted such that the mail handling system is not in
possession of the decryption key.
TRUE
Because there are no potential delays in the e-mail process timestamps are extremely F
useful.
The operating system cannot enforce access-control policies based on user identity.
F
The security of the Kerberos server should not automatically be assumed but must be TRUE
guarded carefully by taking precautions such as placing the server in a locked room.
ffi
fi
fi
TRUE
ffi
It is the ticket that proves the client's identity.
fi
F
fi
Once the server veri es that the user ID in the ticket is the same as the unencrypted
user ID in the message it considers the user authenticated and grants the requested
service.
1. __________ is an authentication service designed for use in a distributed environment.
A. Kerberos B. PCBC
C. Toklas D. X.509
4. The overall scheme of Kerberos is that of a trusted third party authentication service that uses
a protocol based on a proposal by __________ .
A. Needham and Schroeder B. Kehn
C. Denning D. Gong
Presenting an identi er to the security system is the __________ step.
A. authentication
B. veri cation
C. identi cation
D. clari cation
Presenting or generating authentication information that corroborates the binding between the
entity and the identi er is the ___________ step.
A. identi cation
B. veri cation
C. clari cation
D. authentication
The __________ is unsuitable for a connectionless type of application because it requires the
overhead of a handshake before any connectionless transmission e ectively negating the chief
characteristic of a connectionless transaction.
A. timestamp approach
B. challenge-response approach
C. simple replay approach D. one-way authentication approach
Kerberos relies exclusively on __________ .
A. symmetric encryption B. asymmetric encryption
C. private key encryption D. public key encryption
ff
fi
fi
fi
fi
fi
fi
fi
fi
fi
A __packet ltering_irewall applies a set of rules to each incoming and outgoing IP packet and
then forwards or discards the packet