Multiple Choices (60%)

shoulderslyricalAI and Robotics

Nov 21, 2013 (3 years and 7 months ago)

82 views

CPSC 433
Data Security and Encryption Techniques


Final

Test

(Sample)


Multiple Choices (
6
0%)


1.

What are the purposes of
Key distribution center (KDC)

-

Select the one that is
wrong
?

a.

Encrypts
session key

with secret keys to sender and receiver

b.

New keys and

less couriers for transactions

c.

Encrypts
session key

with secret keys to receiver

only

d.

Shares secret key with users in network

e.

Data Integrity

-

assurance that data received is as sent by an authorized entity


2.

Which

one below about
Public
-
key Cryptography

(PK
C
)

is
wrong
?

a.

Public
-
key decrypts private
-
key and not vice
-
versa (private
-
key does not decrypts public
-
key).

b.

If receiver’s public
-
key and sender’s private key are both used, both parties are authenticated

c.

Computationally infeasible to deduce private
-
key
from public
-
key

d.

The
most common public
-
key algorithm

is RSA.

e.

PGP uses PKC to
Encrypts e
-
mails and files using “web of trust”


3.

Which one below about
Digital signatures

is
wrong
?

a.

It uses with
Hash function

to

calculation assigns
hash value
to message

b.

It is q
uite possible the
chance of
collision

is great.

c.

Digital signature, hash function and encrypted message sent to receiver

d.

We use
Timestamping

to

solves non
-
repudiation problem

e.

The
Message integrity

means to

recalculate message hash value matches that sent in

signature,
verifies integrity


4.

Which one below about
Public
-
key Infrastructure

(PKI)

is
wrong
?

a.

Integrates public
-
key cryptography with
digital certificates

b.

Integrates public
-
key cryptography with
certification authorities (CA’s)

c.

PKI will hold the keys ge
nerated unchanged to ensure communication integrity.

d.

PKI will ensure
authenticity

via
Check certificate with CRL
or
Online Certificate Status Protocol

(OCSP)


e.

PKI and digital certificate transactions are more secure than phone line, mail or even credit
-
car
d
transactions


5.

Which one below about
Playfair Cipher

is
wrong
?

a.

It is a

5X5 matrix of letters

b.

if a pair is a repeated letter, insert a filler like 'X'

c.

Does not need to use any keyword or key

d.

if both letters fall in the same row, replace each with letter to

right

e.

if both letters fall in the same column, replace each with the letter below it


6.

Which one below about Digital Certificates and
certification authorities (CA’s)

is
wrong
?

a.

Digital certificate: identifies user, issued by certification authority (such

as VeriSign)

b.

Policy creation authorities
signs certificates for policy creation authorities

c.

Policy creation authorities sign for CA’s who sign for individuals and organizations

d.

Digital certificates stored in
certificate repositories

e.

Policy creation autho
rities sign for CA’s who sign for individuals and organizations







7.

What is(are) the purposes of
Java Policy Files
? (Choose the best one)

a.

It
granted
permission
on basis of
security policy

b.

It
comprised of varying levels of access to system resources

c.

syste
m
-
wide policy loaded automatically by JVM

d.

A and C

e.

A, B and C


8.

Suppose you are developing a
Java Applet
, how do you do to perform
digital signature
? (Choose the
right
one).

a.

You must include the ActionListener interface

b.

You must sign applets with digital sig
natures

c.

You must grant the Applet with permission in your code

d.

You must distribute your code separately

e.

User will not see any actions or messages when Applet is loaded.


9.

Continue from question 8, how to perform
digital signature

in Java
? (Choose the
wrong

one)

a.

Java supports RSA
-
signed applets using Java J
AAS

b.

You must
generate RSA keypair

c.

You must
export digital signature to file

d.

You must
sign applet’s JAR file with digital signature

e.

You must
add

keys that you generated

to keystore

pool


10.

Which statement belo
w about
Stream and Block Ciphers

is
wrong
?

a.

Stream ciphers
process messages a bit or byte at a time when en/decrypting

b.

Block ciphers process messages in into blocks, each of which is then en/decrypted

c.

Block ciphers would need table of 2
64

entries for a 32
-
bit block

d.

DES is one of the block ciphers that was commonly used before

e.

Modern block ciphers involve substitution (S
-
Box) and permutation (P
-
Box) process.


11.

Which one below about “
Authentication
” is
wrong
?

a.

Authentication means to
restrict access to certain

aspects of a program

b.

Authentication
allow
s

users to connect to a network

c.

Authentication can ensure message get properly encrypted

d.

Authentication

regulate
s

resources available to users on network

e.

Java uses JAAS to perform Authentication process


12.

Which one
below about Java
Java Cryptography Extension (JCE)

is
wrong
?

a.

It
supports

3DES

b.

It supports
public
-
key algorithms

like RSA

c.

It
customizable levels of encryption through

multiple encryption algorithms

d.

It
customizable levels of encryption through one key size.

e.

It
provides Java applications with various security facilities


13.

In
Java Authentication and Authorization Service (JAAS)
, authentication is handled by (choose the best
one)

a.

Kerberos system


which
authenticates client’s identity

b.

secondary
Ticket Granting Se
rvice

(TGS)

c.

TGS
authenticates client’s rights to access services

d.

A and B

e.

A, B and C







14.

Which one below about
Single Sign On scripts

is
wrong
?

a.

W
orkstation login scripts

sends password to each application

b.

The password of
workstation login scripts

is store
d in
server

c.

W
orkstation login scripts

authenticate users with central server

d.

A, B are wrong

e.

B and C are wrong


15.

In
Java Authentication and Authorization Service (JAAS
),
which

one below is wrong?

a.

user

governs access to resources on user policies

b.

group

associ
ates user to group, bases policies on group privileges

c.

role
-
based security policies has default policies exist

d.

users obtain privileges to needed applications based on intended task

e.

user, group and
role
-
based security policies

can control the access in JAAS



Questions and Answers (
4
0%)



please write your answer on the blank area of the test sheets.
Don’t spend too much time to write long answer for each question. Try to be as neat and short as
possible.


1.

What

are

the
key process steps of
SSL (Secure Socket

Layer)

in Java
? (
10
%)

2.

Please use a diagram
and statements
to represent

and explain

the infrastructure of
Key Agreement
Protocol
. (
10
%)


3.

Please explain 5 steps of
Digital Signatures for Java
Code?
(5%)

4.

Please explain what are 5
-
steps of
Authentication cycl
e
? (5%)

5.

What is the purpose of State Array in AES cipher? (5%)

6.

What is the purpose of “Single Sign
-
on”? (5%)


-

Good Luck to your test and happy
summer

vacation…