CS419 Exam 2

100 Points - 25 Questions - 4 Points each

For each statement, select the most appropriate answer.

Part 1: Malware

1. N-day vulnerabilities are particularly dangerous because:
   (a) The affected systems have a large attack surface.
   (b) Attackers have more days (N) to attack a target than with a 0-day vulnerability.
   (c) The malware runs for a longer time than 0-day vulnerabilities.
   (d) A larger community of attackers knows about them than they do of 0-day vulnerabilities.
2. A Trojan is a type of malware that:
   (a) Looks and acts like legitimate software.
   (b) Contains a backdoor for attacker access.
   (c) Stays dormant until it gets a request from a command and control server.
   (d) Attacks other systems to propagate itself.
3. Spear phishing differs from phishing because it:
   (a) Requires a user to click on a link to download the malware.
   (b) Is personalized to the victim.
   (c) Is sent to a large collection of people.
   (d) Contains malware within the message so the victim does not need to take any action.
4. Rootkits:
   (a) Enable malware to run with administrative privileges.
   (b) Run malware before the system boots.
   (c) Hide the presence of malware in the system.
   (d) Bypass standard authentication mechanisms to allow attackers to log into the system.
5. Anti-malware software refers to a signature as:
   (a) The set of files that the malware modifies.
   (b) A sequence of bytes that is unique to that specific piece of malware.
   (c) The encrypted hash of the malware.
   (d) The sequence of operations that a virus performs as it runs.
6. With polymorphic malware:
   (a) The malware can switch between running as a worm and running as a virus.
   (b) The malware modifies different files each time it runs.
   (c) The payload varies based on what the malware downloads from its command and control server.
   (d) The malware's code changes each time it moves to a new system.

   Part 2: Cryptography

7. Kerckhoffs's Principle states that a cryptosystem should be secure:
   (a) If the algorithm and the key are kept secret.
   (b) It has been rigorously tested and no weaknesses have been found.
   (c) If a unique key is used each time an encryption is required.
   (d) Even if everything about it is publicly known except the key.
8. Polyalphabetic substitution ciphers improved upon monoalphabetic ciphers by:
   (a) Being able to handle multiple languages.
   (b) Reducing the size of the ciphertext by allowing a single character to represent multiple plaintext characters.
   (c) Being less vulnerable to frequency analysis.
   (d) Using a symmetric algorithm.
9. Why is the one-time pad almost never used?
   (a) It only works on textual data rather than binary files.
   (b) It is less efficient when compared to modern block ciphers.
   (c) It is not as secure as modern algorithms.
   (d) It requires a key that is the same length as the message.
10. A requirement for perfect secrecy is:
    (a) The key must be the same length as the message.
    (b) Neither the key nor the algorithm must be leaked to the adversary.
    (c) A different key must be used for decryption than for encryption.
    (d) Keys must be long enough to make an exhaustive search impractical.
11. Which statement best describes the property of confusion?
    (a) If an attacker only sees the ciphertext, it is impossible to figure out what encryption algorithm created it.
    (b) Frequency analysis attacks are ineffective due to the use of multiple substitution alphabets.
    (c) It is difficult to find a relationship between any part of the ciphertext with any part of the plaintext and key.
    (d) Any change in the plaintext data propagates throughout the entire ciphertext.
12. Compared to Cipher Block Chaining, Counter (CTR) mode:
    (a) Does not make the ciphertext dependent on its position in the file or data stream.
    (b) Enables blocks to be encrypted in parallel.
    (c) Requires fewer encryption operations.
    (d) Is less secure since the plaintext is never encrypted.

    Part 3: Integrity & Key Exchange

13. The Diffie-Hellman algorithm is designed to allow:
    (a) Alice to encrypt a session key for Bob.
    (b) Alice and Bob to come up with a shared secret key.
    (c) Alice to encrypt messages that only Bob can read.
    (d) Alice to send tamper-proof and encrypted messages to Bob.
14. A hybrid cryptosystem:
    (a) Encrypts a symmetric session key with a public key algorithm.
    (b) Uses two layers of encryption for higher security.
    (c) Combines encryption with integrity.
    (d) Uses a different key for each direction of communication.
15. Forward secrecy requires:
    (a) All keys used for a session never to be reused.
    (b) Sending a session key via public key cryptography.
    (c) A key that is as long as the message.
    (d) Pre-shared encryption keys.
16. A MAC differs from cryptographic hash functions because it:
    (a) Produces a fixed-length output regardless of the message size.
    (b) Incorporates a shared secret key.
    (c) Can be inverted to recover the original message.
    (d) Applies compression to the message.
17. The pigeonhole principle tells us that:
    (a) Hash collisions can occur.
    (b) Hash collisions will never occur with a good cryptographic hash function.
    (c) Hash functions are not reversible.
    (d) The output of a hash is always a constant size.
18. A digital signature differs from a MAC because it:
    (a) Identifies the user who signed the message.
    (b) Does not rely on hash functions.
    (c) Produces a fixed-length result.
    (d) Uses different keys for signing than for verification.
19. An X.509 digital certificate:
    (a) Secures a message with a digital signature.
    (b) Contains an encrypted hash of the message to which it is attached.
    (c) Associates a name with a public key.
    (d) Securely stores the user's private key.

    Part 4: Authentication

20. The Needham-Schroeder protocol was improved by Denning-Sacco to:
    (a) Remove the need to use public key cryptography.
    (b) Add the use of nonces to ensure replay attacks are not possible.
    (c) Fix a vulnerability that is present if an attacker knows an old session key.
    (d) Not require the use of a trusted third party.
21. When Alice wants to talk to Bob and receives a ticket from Kerberos, that ticket:
    (a) Contains a session key and is encrypted for Bob.
    (b) Contains a session key and is encrypted for Alice.
    (c) Contains Bob's identification and is signed by Kerberos.
    (d) Contains an authorization code that Alice can send to Bob.
22. Which of the following is NOT an example of two-factor authentication (2FA)?
    (a) Access card and face scan.
    (b) Username and password.
    (c) Password and SMS code.
    (d) PIN and fingerprint scan.
23. The use of salt makes:
    (a) It impossible to find a password from a hash with a dictionary attack.
    (b) User passwords extremely difficult to guess.
    (c) Stored hashed passwords from two users different even if the passwords are the same.
    (d) Password transmission secure over an insecure network.
24. The Time-based One-Time Password (TOTP) protocol works because:
    (a) Both sides share the same secret value.
    (b) One side sends the time encrypted with the service's public key.
    (c) A random sequence number ensures that the password is different each time.
    (d) All messages are encrypted with a shared session key.
25. With Google's reCAPTCHA. you can simply click on a checkbox to state you are a human because:
    (a) The position of the box varies slightly each time it is shown so automated software cannot predict its location.
    (b) CAPTCHAs have been shown to be mostly ineffective, so checking a box is as good as typing words.
    (c) Automated software cannot recognize the reCAPTCHA prompt, so only humans can check the box.
    (d) The service looks at your IP address, Google cookies, and mouse movements.