Tag: security

Questions Related to security

Which of the following requires that a user or process be granted access to only those resources necessary to perform assigned functions.
technology security

  1. Discretionary access control

  2. Separation of duties

  3. Least privilege

  4. Rotation of duties

Show answer
Correct Option: C

In mandatory access control, the system controls access and the owner determines:
technology security

  1. Validation

  2. Need to know

  3. Consensus

  4. Verification

Show answer
Correct Option: B

Which is a fundamental disadvantage of biometrics?
technology security

  1. Revoking credentials

  2. Encryption

  3. Communications

  4. Placement

Show answer
Correct Option: A

A disadvantage of single sign-on is:
technology security

  1. Consistent time-out enforcement across platforms

  2. A compromised password exposes all authorized resources

  3. Use of multiple passwords to remember

  4. Password change control

Show answer
Correct Option: B

Availability makes information accessible by protecting from each of the following except:
technology security

  1. Denial of services

  2. Fires, floods, and hurricanes

  3. Unreadable backup tapes

  4. Unauthorized transactions

Show answer
Correct Option: D

Asymmetric key cryptography is used for all of the following except:
technology security

  1. Encryption of data

  2. Access controls

  3. Nonrepudiation

  4. Steganography

Show answer
Correct Option: D

One of the most important principles in the secure use of a public key algorithm is:

technology security

  1. Protection of the private key

  2. Distribution of the shared key

  3. Integrity of the message

  4. History of session keys

Show answer
Correct Option: A

AI Explanation

To answer this question, you need to understand the principles and concepts related to the secure use of a public key algorithm.

Option A) Protection of the private key - This option is correct. One of the most important principles in the secure use of a public key algorithm is the protection of the private key. The private key must be kept secret and secure to prevent unauthorized access or use. If the private key is compromised, it can lead to the unauthorized decryption of encrypted messages or the creation of forged digital signatures.

Option B) Distribution of the shared key - This option is not the correct answer. While the distribution of the shared key is an important aspect of symmetric key algorithms, it is not directly related to public key algorithms. Public key algorithms use asymmetric cryptography, where each user has a pair of keys: a public key and a private key. The public key is used for encryption, while the private key is used for decryption. The distribution of the public key is important, but the protection of the private key is paramount.

Option C) Integrity of the message - This option is not the correct answer. While the integrity of the message is important in ensuring that the message has not been tampered with during transmission, it is not specific to the secure use of a public key algorithm. Integrity can be achieved through the use of message authentication codes (MACs) or digital signatures, which can be implemented using public key algorithms, but it is not the most important principle in this context.

Option D) History of session keys - This option is not the correct answer. The history of session keys is not directly related to the secure use of a public key algorithm. Session keys are typically used in symmetric key algorithms to secure a specific communication session. Public key algorithms, on the other hand, are used for tasks such as encryption, digital signatures, and key exchange.

Therefore, the correct answer is A) Protection of the private key. This option is correct because the protection of the private key is crucial for maintaining the security of public key algorithms.

Secure distribution of a confidential message can be performed by:

technology security

  1. Encrypting the message with the receiver's public key

  2. Encrypting a hash of the message

  3. Having the message authenticated by a certificate authority

  4. Using a password-protected file format

Show answer
Correct Option: A

When a user needs to provide message integrity, what options may be best?

technology security

  1. Send a digital signature of the message to the recipient

  2. Encrypt the message with a symmetric algorithm and send it

  3. Encrypt the message with a private key so the recipient can decrypt with the corresponding public key

  4. Send an encrypted hash of the message along with the message to the recipient

Show answer
Correct Option: D

AI Explanation

To answer this question, you need to understand the concept of message integrity and the different options available to ensure it. Let's go through each option to understand why it is correct or incorrect:

Option A) Send a digital signature of the message to the recipient - This option is incorrect because a digital signature is used for message authentication, not message integrity. It ensures that the message comes from the claimed sender and has not been tampered with, but it does not specifically address message integrity.

Option B) Encrypt the message with a symmetric algorithm and send it - This option is incorrect because encryption alone does not provide message integrity. Encryption only protects the confidentiality of the message, ensuring that it cannot be read by unauthorized parties. It does not verify the integrity of the message or detect any modifications during transmission.

Option C) Encrypt the message with a private key so the recipient can decrypt with the corresponding public key - This option is incorrect because it describes asymmetric encryption, which is primarily used for confidentiality and authentication. While asymmetric encryption can provide some level of integrity, it is not the most effective option for ensuring message integrity.

Option D) Send an encrypted hash of the message along with the message to the recipient - This option is correct because it involves sending an encrypted hash (also known as a digital signature) of the message along with the message itself. By encrypting the hash, the recipient can verify the integrity of the message by comparing the decrypted hash with a recalculated hash of the received message. If the hashes match, it ensures that the message has not been tampered with during transmission.

The correct answer is D) Send an encrypted hash of the message along with the message to the recipient. This option is correct because it provides a way to verify the integrity of the message.

The two methods of encrypting data are

technology security

  1. Substitution and transposition

  2. Block and stream

  3. Symmetric and asymmetric

  4. DES and AES

Show answer
Correct Option: B