This is a sample of the third part of the exam for the course

TTM4135 - Information Security

The exam consists of 20 questions. For every question 5 alternative answers are given, of which ONLY ONE is correct. If you chose the correct answer you will earn 1.6 points, otherwise you will loose 0.4 points (i.e. the penalty is -0.4 points). There is one additional choice that is placed by default: I do not know. If you leave the answer on that state - then you will not get any points (i.e. the earned points are 0). Maximal number of points in this part of the exam is 32. Time for work on this test: 60 minutes.

1. Which of the following attacks is a passive attack?

a) Masquerade
b) Release of message contents
c) Reply
d) Modification of messages
e) Denial of service
I do not know

2. Which service IS NOT a part of X.800 list of security services?

a) Authentication
b) Access control
c) Data confidentiality
d)
Data integrity
e) IP security
I do not know

3. What is the X.800 service of nonrepudiation?

a) A service that prevents only the sender from denying transmission of a message.
b) A service that prevents only the receiver from denying receiving a message.
c) A service that prevents both the sender and receiver from denying a transmitted message.
d)
A service that authorize the sender to claim that he/she has send a message.
e) A service that authorize the receiver to claim that he/she has received a message.
I do not know

4. Which one IS NOT an X.800 security mechanism?

a) Key exchange
b) Notarization
c) Routing control
d)
Authentication exchange
e) Data integrity
I do not know

5. A symmetric encryption scheme has five ingredients:

a)
  • Plaintext,
  • Encryption algorithm,
  • Database of secret session keys,
  • Ciphertext,
  • Decryption algorithm
b)
  • Plaintext,
  • Encryption algorithm,
  • Session key,
  • Ciphertext,
  • Decryption algorithm
c)
  • Plaintext,
  • Same encryption and decryption algorithm,
  • Session key,
  • Ciphertext,
  • Validity time period
d)
  • Plaintext,
  • Same encryption and decryption algorithm,
  • Database of secret session keys,
  • Ciphertext,
  • Validity period for the session keys
e)
  • Plaintext,
  • Encryption algorithm,
  • Secret key,
  • Ciphertext,
  • Decryption algorithm
I do not know

6. What is known to the attacker in the "chosen ciphertext" attack?

a)
  • Encryption algorithm,
  • Ciphertext,
  • Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key.
b)
  • Encryption algorithm,
  • Ciphertext,
  • Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key
  • Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key.
c)
  • Encryption algorithm
  • Ciphertext
d)
  • Encryption algorithm
  • Ciphertext
  • One or more plaintext-ciphertext pairs formed with secret key
e)
  • Encryption algorithm,
  • Ciphertext,
  • Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key
I do not know

7. Which cipher has theoretically proven security?

a) Caesar cipher
b) Monoalphabetic cipher
c) Playfair cipher
d) Polyalphabetic cipher
e) One-Time Pad cipher
I do not know

8. A Feistel cipher structure generally performs repeatedly the following two operations:

a) Confusion and substitution
b) Diffusion and substitution
c) Permutation and rotation
d) Substitution and permutation
e) Permutation and Diffusion
I do not know

9. How many S-boxes has Triple-DES?

a) 1
b) 3
c) 6
d) 8
e) 12
I do not know

10. How many S-boxes has AES?

a) 1
b) 3
c) 6
d) 8
e) 16
I do not know

11. How many rounds has AES (working with 128 bit key)?

a) 10
b) 12
c) 16
d) 24
e) 32
I do not know

12. Which one IS NOT a block cipher mode of operation?

a) ECB
b) CBC
c) CFB
d) OFB
e) CCB
I do not know

13. What is the role of the master key?

a) To produce next master key.
b) To produce one session key and then to be replaced by a new master key.
c) To produce one session key and new master key but then to be replaced by the new master key.
d) To produce session keys.
e) To produce new master keys.
I do not know

14. Which two criteria are used to check the randomness quality of sequences of numbers:

a) Uniform distribution and independence
b) Normal distribution and strong dependence
c) Uniform distribution and dependence
d) Binomial distribution and hypotheses testing
e) Two dimensional uniform distribution
I do not know

15. The attack "Meet-in-the-Middle" has been successfully applied to the following block cipher:

a) DES
b) Double DES
c) Triple DES
d) RC4
e) AES
I do not know

16. Miller-Rabin algorithm applied on a number n can:

a) Construct a finite field of size 2n
b) Factorize a number
c) Prove that a number is prime
d) Prove that the number is composite
e) Construct a finite field of size n
I do not know

17. A public-key encryption scheme has six ingredients:

a)
  • Plaintext,
  • Encryption algorithm,
  • Public key,
  • Private key,
  • Ciphertext,
  • Decryption algorithm
b)
  • Plaintext,
  • Encryption algorithm,
  • Open public key,
  • Securely exchanged secret key,
  • Ciphertext,
  • Decryption algorithm
c)
  • Plaintext,
  • Encryption algorithm,
  • Private key,
  • Public key ring,
  • Ciphertext,
  • Decryption algorithm
d)
  • Plaintext,
  • Encryption and decryption algorithm,
  • Database of public and private keys,
  • Key distribution center,
  • Ciphertext,
  • Validity period for the public keys
e)
  • Plaintext,
  • Encryption algorithm,
  • Private key,
  • Key distribution center,
  • Ciphertext,
  • Validity period for the public keys
I do not know

18. Diffie-Helman key exchange bases its security on the following mathematical problem:

a) Factorization of numbers
b) Computing Discrete Logarithm
c) Computing Greatest Common Divisor
d) Computing the elliptic curve
e) Computing the residue
I do not know

19. A crypto system that is using Elliptic Curve Cryptography has a public key of length 224 bits. How much bits has to have an RSA crypto system that will offer the same level of security:

a) 448 bits
b) 512 bits
c) 1024 bits
d) 1536 bits
e) 2048 bits
I do not know

20. The cryptographic primitive Whirlpool is:

a) Block cipher similar as AES
b) Stream cipher
c) MAC
d) HMAC
e) Hash function
I do not know

- you will get information how much points you have earned (out of 32).

Author: Dr. Danilo Gligoroski, http://www.q2s.ntnu.no/~danilog/  e-mail: [email protected]