Professional Documents
Culture Documents
Midterm 2 Quiz Instructions: Public Key Session Key Master Key End-To-End
Midterm 2 Quiz Instructions: Public Key Session Key Master Key End-To-End
Midterm 2 Quiz Instructions: Public Key Session Key Master Key End-To-End
Midterm 2
Started: Apr 14 at 4:30pm
Quiz Instructions
The midterm exam is closed book and closed note. You are allowed to hav a cheatsheet and you can have scratch paper to aid your calculation. A physical calculator (not smartphone app) is
allowed during the exam.
You need to join the lecture Zoom meeting and turn on your video so you can be proctored. You will receive the passcode in the Zoom meeting.
Question 1 2 pts
One of the most important uses of a _________________ cryptosystem is to encrypt secret keys for distribution.
public key
session key
master key
end-to-end
Question 2 2 pts
compression
message encryption
data integrity
collision resistance
Question 3 2 pts
_________________ is verification that the credentials of a user or other system entity are valid.
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 1/13
4/14/2021 Quiz: Midterm 2
Adequacy
Authentication
Audit
Authrorization
Question 4 2 pts
The basic elements of access control are: subject, __________________, and access right.
object
Question 5 2 pts
replay
client
eavesdropping
trojan horse
Question 6 2 pts
64 mod 10 = ______________
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 2/13
4/14/2021 Quiz: Midterm 2
Question 7 2 pts
How many key pairs are required for secure and private communication among n persons if asymmetric encryption is used?
n/2
n * (n-1) /2
n! / 2
Question 8 2 pts
For the following SQL statement, what would the command to inject to the variable $id if you want to retrieve all the entries of the table “users”? _______________________
%' or 1=1#
Question 9 2 pts
Pick the strongest mechanism for user authentication from the list below.
smart card
password
finger print
smart card
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 3/13
4/14/2021 Quiz: Midterm 2
Question 10 2 pts
People tend to choose the same passwords. To prevent them from being hashed into the same value, what mechanism is used in Linux/Unix?
pepper
mustard
wasabi
salt
Question 11 2 pts
72
Question 12 2 pts
Key distribution often involves the use of _____________ which are generated and distributed for temporary use between two parties.
master keys
session keys
Question 13 2 pts
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 4/13
4/14/2021 Quiz: Midterm 2
d. Weak collision free, that is, it is computationally feasible to find the original message given its hash value.
One-way property, that is, it is easy to reverse the hash computation, but computationally infeasible to compute the hash function itself.
Strong collision free, that is, it’s computationally infeasible to find two messages that have the same hash value.
Question 14 2 pts
In a Linux system, the file that stored users’ hashed password is named ________________ (include the full file path).
/etc/shadow
Question 15 2 pts
______________ is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic.
User authentication
Message authentication
Verification
Identification
Question 16 2 pts
How many keys are required for secure and private communication among n persons if symmetric encryption is used?
n! / 2
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 5/13
4/14/2021 Quiz: Midterm 2
n * (n-1) / 2
2n
2^n
Question 17 2 pts
A common item of authentication information associated with a user and the user’s secrete knowledge is a ______________.
password
nonce
timestamp
ticket
Question 18 2 pts
Consider a Diffie-Hellman algorithm where common prime is q = 11 and a primitive root g = 2. If user A’s public key YA is 9, what is the private key XA?
10
Question 19 2 pts
Key distribution often involves the use of __________ which are infrequently used and are long lasting.
session keys
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 6/13
4/14/2021 Quiz: Midterm 2
master keys
Question 20 2 pts
password
dynamic biometrics
token authentication
static biometrics
Question 21 2 pts
In a _________________ attack, an application or physical device masquerades as an authentic application or device for the purpose of capturing a user password,
passcode, or biometric.
Denial-of-service (DoS/DDoS)
Trojan horse
SQL injection
Question 22 2 pts
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 7/13
4/14/2021 Quiz: Midterm 2
Question 23 2 pts
The _________________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords.
user education
Question 24 2 pts
password salt
password hash
password biometric
password cracker
Question 25 2 pts
MAC
RBAC
ABAC
DAC
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 8/13
4/14/2021 Quiz: Midterm 2
Question 26 2 pts
True
False
Question 27 2 pts
True
False
Question 28 2 pts
True
False
Question 29 2 pts
User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic.
True
False
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 9/13
4/14/2021 Quiz: Midterm 2
Question 30 2 pts
The default set of rights should always follow the rule of highest privilege or read only access.
True
False
Question 31 2 pts
Any program that is owned by, and SetUID to, the “superuser” potentially grants unrestricted access to the system to any user executing that program.
True
False
Question 32 2 pts
The ABAC systems define the access rights of individual users and groups of users.
True
False
Question 33 2 pts
True
False
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 10/13
4/14/2021 Quiz: Midterm 2
Question 34 2 pts
Because certificates are forgeable they cannot be placed in a directory without the need for the directory to make special efforts to protect them.
True
False
Question 35 2 pts
A good technique for choosing a password is to use the first letter of each word of a phrase.
True
False
Question 36 10 pts
Consider a Diffie-Hellman key exchange scheme with a common prime q = 13 and a primitive root a = 6. Include your work, not just the answers.
12pt Paragraph
q = 13
a=6
1.
Ya = a^Xa mod q
Ya = 6^9 mod 13 = 5
2.
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 11/13
4/14/2021 Quiz: Midterm 2
K = Yb^Xa mod q
K = 4^9 mod 13 = 12
p 40 words </>
Question 37 10 pts
Perform encryption and decryption using RSA algorithm p = 5, q = 11, e = 7, M = 5. Include your work, not just the answers.
12pt Paragraph
n = 5 * 11 = 55
f(n) = 4* 10 = 40
d = 23
p 73 words </>
Question 38 10 pts
One of most important use of public-key cryptosystem is to encrypt secret keys for distribution. In the following scheme, B can generate a session key Ks and use A’s public
PUA to encrypt the session and send to A. Is this scheme secure? What kind of attack this scheme is subject to? Describe how the attack occurs.
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 12/13
4/14/2021 Quiz: Midterm 2
[A] [B]
12pt Paragraph
p 0 words </>
https://sjsu.instructure.com/courses/1421355/quizzes/1470899/take 13/13