Bài tập trắc nghiệm môn Bảo mật thông tin | Đại học Phenikaa

1. (0.200 Point)
The three concepts that form what is often referred to as the CIA triad are ________. These three
concepts embody the fundamental security objectives for both data and for information and computing services.
A. confidentiality, integrity and availability
B. communication, integrity and authentication
C. confidentiality, integrity, access control
D. communication, information and authenticity 2. (0.200 Point)
A loss of __________ is the unauthorized disclosure of information. A. authenticity B. confidentiality C. reliability D. integrity 3. (0.200 Point)
Verifying that users are who they say they are and that each input arriving at the system came
from a trusted source is _________. A. authenticity B. credibility C. accountability D. integrity 4. (0.200 Point)
A __________ is any action that compromises the security of information owned by an organization. A. security attack B. security service C. security alert D. security mechanism 5. (0.200 Point)
A __________ takes place when one entity pretends to be a different entity. A. replay B. masquerade C. service denial D. passive attack 6. (0.200 Point)
__________ is the protection of transmitted data from passive attacks. A. Access control B. Data control C. Nonrepudiation D. Confidentiality 7. (0.200 Point)
A(n) __________ service is one that protects a system to ensure its availability and addresses the
security concerns raised by denial-of-service attacks. A. replay B. availability C. masquerade D. integrity 8. (0.200 Point)
__________ threats exploit service flaws in computers to inhibit use by legitimate users. A. Information access B. Reliability C. Passive D. Service 9. (0.200 Point)
A(n) __________ is a potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security and cause harm. A. threat B. attack C. risk D. attack vector 10. (0.200 Point)
The protection of the information that might be derived from the observation of traffic flows is _________ .
A. connectionless confidentiality B. connection confidentiality
C. traffic-flow confidentiality
D. selective-field confidentiality 11. (0.200 Point)
Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the
data unit to prove the source and integrity of the data unit and protect against forgery is a(n) ___________. A. security audit trail B. digital signature C. encipherment D. authentication exchange 12. (0.200 Point)
__________ techniques map plaintext elements (characters, bits) into ciphertext elements. A. Transposition B. Substitution C. Traditional D. Symmetric 13. (0.200 Point)
An original intelligible message fed into the algorithm as input is known as _________, while the
coded message produced as output is called the __________. A. decryption, encryption B. plaintext, ciphertext C. deciphering, enciphering D. cipher, plaintext 14. (0.200 Point)
Restoring the plaintext from the ciphertext is __________. A. deciphering B. transposition C. steganography D. encryption 15. (0.200 Point)
A __________ attack involves trying every possible key until an intelligible translation of the ciphertext is obtained. A. brute-force B. Caesar attack C. ciphertext only D. chosen plaintext 16. (0.200 Point)
Techniques used for deciphering a message without any knowledge of the enciphering details is ___________. A. blind deciphering B. steganography C. cryptanalysis D. transposition 17. (0.200 Point)
The ___________ takes the ciphertext and the secret key and produces the original plaintext. It is
essentially the encryption algorithm run in reverse. A. Voronoi algorithm B. decryption algorithm C. cryptanalysis D. diagram algorithm 18. (0.200 Point)
If both sender and receiver use the same key, the system is referred to as: A. public-key encryption B. two-key C. asymmetric D. conventional encryption 19. (0.200 Point)
__________ attacks exploit the characteristics of the algorithm to attempt to deduce a specific
plaintext or to deduce the key being used. A. Brute-force B. Cryptanalytic C. Block cipher D. Transposition 20. (0.200 Point)
The __________ attack is the easiest to defend against because the opponent has the least amount of information to work with. A. ciphertext-only B. chosen ciphertext C. known plaintext D. chosen plaintext 21. (0.200 Point)
_________ refer to common two-letter combinations in the English language. A. Streaming B. Transposition C. Diagrams D. Polyalphabetic cipher 22. (0.200 Point)
A way to improve on the simple monoalphabetic technique is to use different monoalphabetic
substitutions as one proceeds through the plaintext message. The general name for this approach is ___________. A. rail fence cipher B. cryptanalysis
C. polyalphabetic substitution cipher D. polyanalysis cipher 23. (0.200 Point)
A technique referred to as a __________ is a mapping achieved by performing some sort of
permutation on the plaintext letters. A. transposition cipher B. polyalphabetic cipher C. Caesar cipher D. monoalphabetic cipher 24. (0.200 Point)
The methods of __________ conceal the existence of the message in a graphic image. A. steganography B. decryptology C. cryptology D. cryptograph 25. (0.200 Point)
DES exhibits the classic __________ block cipher structure, which consists of a number of
identical rounds of processing. A. Feistel B. SAC C. Shannon D. Rendell 26. (0.200 Point)
A sequence of plaintext elements is replaced by a __________ of that sequence which means that
no elements are added, deleted or replaced in the sequence, but rather the order in which the
elements appear in the sequence is changed. A. permutation B. diffusion C. stream D. substitution 27. (0.200 Point)
A __________ cipher is one that encrypts a digital data stream one bit or one byte at a time. A. product B. block C. key D. stream 28. (0.200 Point)
The vast majority of network-based symmetric cryptographic applications make use of ________ ciphers. A. linear B. block C. permutation D. stream 29. (0.200 Point)
A __________ cipher is one in which a block of plaintext is treated as a whole and used to
produce a ciphertext block of equal length. A. bit B. product C. stream D. block 30. (0.200 Point)
__________ is when each plaintext element or group of elements is uniquely replaced by a
corresponding ciphertext element or group of elements. A. Substitution B. Diffusion C. Streaming D. Permutation 31. (0.200 Point)
Key sizes of __________ or less are now considered to be inadequate. A. 128 bits B. 32 bits C. 16 bits D. 64 bits 32. (0.200 Point)
Feistel proposed that we can approximate the ideal block cipher by utilizing the concept of a
__________ cipher, which is the execution of two or more simple ciphers in sequence in such a
way that the final result or product is cryptographically stronger than any of the component ciphers. A. linear B. permutation C. differential D. product 33. (0.200 Point)
The criteria used in the design of the __________ focused on the design of the S-boxes and on
the P function that takes the output of the S-boxes. A. Avalanche Attack B. Data Encryption Standard C. Product Cipher D. Substitution Key 34. (0.200 Point)
The greater the number of rounds, the __________ it is to perform cryptanalysis. A. easier B. less difficult C. equally difficult D. harder 35. (0.200 Point)
The function F provides the element of __________ in a Feistel cipher. A. clarification B. alignment C. confusion D. stability 36. (0.200 Point)
One of the most intense areas of research in the field of symmetric block ciphers is __________ design. A. S-box B. F-box C. E-box D. D-box 37. (0.200 Point)
Mister and Adams proposed that all linear combinations of S-box columns should be _________
which are a special class of Boolean functions that are highly nonlinear according to certain mathematical criteria. A. horizontal functions B. angular functions C. bent functions D. vertical functions 38. (0.200 Point)
The Nyberg approach that is more or less a manual approach with only simple mathematics to support it is __________. A. human-made B. random C. math-made D. random with testing 39. (0.200 Point)
Allowing for the maximum number of possible encryption mappings from the plaintext block is
referred to by Feistel as the __________. A. ideal substitution cipher B. round function C. ideal block cipher D. diffusion cipher 40. (0.200 Point)
Authentication applied to the entire original IP packet is _________. A. security mode B. cipher mode C. tunnel mode D. transport mode 41. (0.200 Point)
Asymmetric encryption is also known as ___________. A. public-key encryption B. private-key encryption C. optimal encryption D. digital-key encryption 42. (0.200 Point)
Public-key encryption is also known as ___________. A. digital-key encryption B. asymmetric encryption
C. one-way time exchange encryption D. optimal-key encryption 43. (0.200 Point)
Asymmetric encryption can be used for __________.
A. both confidentiality and authentication
B. neither confidentiality nor authentication C. confidentiality D. authentication 44. (0.200 Point)
The plaintext is recovered from the ciphertext using the paired key and a _____________. A. digital signature B. recovery encryption C. decryption algorithm D. encryption algorithm 45. (0.200 Point)
The most widely used public-key cryptosystem is __________.
A. optimal asymmetric encryption B. asymmetric encryption C. RSA D. DES 46. (0.200 Point)
Public-key algorithms are based on __________. A. permutation B. mathematical functions C. substitution D. symmetry 47. (0.200 Point)
__________ are two related keys, a public key and a private key that are used to perform
complementary operations, such as encryption and decryption or signature generation and signature verification. A. Asymmetric keys B. Key exchanges C. Symmetric keys D. Cipher keys 48. (0.200 Point)
The __________ indicates that the subscriber identified in the certificate has sole control and access to the private key. A. OAEP B. Public Key Certificate C. Digital Signature D. PKI 49. (0.200 Point)
A __________ is a cryptographic algorithm that uses two related keys, a public key, and a private
key. The two keys have the property that deriving the private key from the public key is computationally infeasible.
A. Private Key (Symmetric) Cryptographic Algorithm
B. Key Exchange Cryptographic Algorithm
C. Public Key (Asymmetric) Cryptographic Algorithm
D. RSA Digital Cryptographic Algorithm 50. (0.200 Point)
A public-key encryption scheme has __________ ingredients. A. six B. four C. eight D. two 51. (0.200 Point)
The key used in symmetric encryption is referred to as a __________ key. A. public B. secret C. private D. decryption 52. (0.200 Point)
The readable message or data that is fed into the algorithm as input is the ____________. A. ciphertext B. exchange C. plaintext D. encryption 53. (0.200 Point)
Two issues to consider with the computation required to use RSA are encryption/decryption and __________. A. time complexity B. trap-door one-way functions C. key generation
D. asymmetric encryption padding 54. (0.200 Point)
__________ depend on the running time of the decryption algorithm. A. Mathematical attacks B. Timing attacks C. Chosen ciphertext attacks D. Brute-force attacks 55. (0.200 Point)
We define the ___________ of an algorithm to be f(n) if, for all n and all inputs of length n the
execution of the algorithm takes at most f(n) steps. This is a common measure of the efficiency of an algorithm. A. time complexity B. one-way function C. timing attack D. OAEP 56. (0.200 Point)
Authentication applied to all of the packet except for the IP header is _________. A. tunnel mode B. transport mode C. association mode D. security mode 57. (0.200 Point)
_________ consists of an encapsulating header and trailer used to provide encryption or
combined encryption/authentication. The current specification is RFC 4303. A. SPI B. ESP C. ISA D. IPsec 58. (0.200 Point)
The _________ payload allows peers to identify packet flows for processing by IPsec services. A. Configuration B. Vendor ID C. Traffic Selector
D. Extensible Authentication Protocol 59. (0.200 Point)
Which technology is a primary method that IPsec uses to implement data integrity? A. MD5 B. AES C. RSA D. DH 60. (0.200 Point)
What are the source and destination addresses used for an encrypted IPsec packet?
A. Original sender and receiver IP addresses
B. Original sender’s and outbound VPN gateway’s addresses
C. Sending and receiving VPN gateways
D. Sending VPN gateway and original destination address in the packet 61. (0.200 Point)
Which phase is used for private management traffic between the two VPN peers? A. IPsec B. IKE Phase 1 C. IKE Phase 2 D. IKE Phase 3 62. (0.200 Point)
Which of the following are negotiated during IKE Phase 1? A. Hashing B. DH group C. Encryption D. Authentication method 63. (0.200 Point)
What method is used to allow two VPN peers to establish shared secret keys and to establish
those keys over an untrusted network? A. AES B. SHA C. RSA D. DH 64. (0.200 Point)
What are the two main methods for authenticating a peer as the last step of IKE Phase 1? (Choose all that apply.)
A. RSA signatures, using digital certificates to exchange public keys B. PSK (pre-shared key) C. DH Group 2 D. TCP three-way handshake 65. (0.200 Point)
A customer has asked for its wireless equipment to be managed as securely as possible. Which
three management protocols will provide encrypted access to the equipment? (Choose three) A. Secure Shell B. HTTPS C. SNMPv3 D. Telnet E. SNMPv2c F. HTTP 66. (0.200 Point)
A customer has completed the installation of an 802.11ac greenfield deployment at their
corporate headquarters. They would like to leverage 802.11ac enhanced speeds on the trusted
employee WLAN. In order to configure the employee WLAN, what Layer 2 security policies are valid? A. WPA2 (TKIP) B. WPA(AES) C. OPEN D. WEP 67. (0.200 Point)
An engineer wants to set up guest wireless that requires users to log in via a splash page prior to
accessing the network. Which authentication method should be configured? A. LDAP B. RADIUS C. local authentication D. WebAuth E. PSK 68. (0.200 Point)
An engineer would like to setup secure authentication for a wireless network that will utilize
single sign-on. Which two authentication methods can be used to accomplish this? (Choose two.) A. LDAP B. RADIUS C. Local authentication D. WEP E. PSK 69. (0.200 Point)
While undergoing a security audit, a network administrator is told to set up the WLANs with at
least 128-bit encryption but also keeping the 802.11n speeds. What WLAN configuration would meet the requirements? A. Static WEP B. WPA-TKIP C. WPA2-AES D. CKIP 70. (0.200 Point)
What Cisco Catalyst switch feature can be used to define ports as trusted for DHCP server connections? A. DHCP snooping B. port security C. 802.1x D. private VLANs 71. (0.200 Point)
Which statement about named ACLs (Access Control Lists) is true?
A. They support standard and extended ACLs.
B. They are used to filter usernames and passwords for Telnet and SSH.
C. They are used to filter Layer 7 traffic.
D. They support standard ACLs only.
E. They are used to rate limit traffic destined to targeted networks. 72. (0.200 Point)
Which identification number is valid for an extended ACL? A. 1 B. 64 C. 99 D. 100 E. 299 F. 1099 73. (0.200 Point) R1# show access-lists Extended IP access list 175
10 deny tcp any any time-range nonworkhours (active)
20 permit tcp any any time-range nonworkhours (inactive)
Refer to the exhibit. While you troubleshoot a connectivity issue to a PC behind R1, you enter the
show access-lists command to generate this output. Which reason for the problem is most likely true?
A. The permit all ACL entry on R1 is inactive.
B. The ACL of R1 is misconfigured.
C. A deny all ACL entry is currently active on R1.
D. An implicit deny is causing R1 to block network traffic. 74. (0.200 Point)
When you are troubleshooting an ACL issue on a router, which command can help you to verify
which interfaces are affected by the ACL? A. show ip access-lists B. show access-lists C. show interface D. show ip interface E. list ip interface 75. (0.200 Point)
A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on
networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two
ACL statements, when combined, are the best for accomplishing this task? (Choose two.)
A. access-list 10 permit ip 192.168.146.0 0.0.1.255
B. access-list 10 permit ip 192.168.147.0 0.0.255.255
C. access-list 10 permit ip 192.168.148.0 0.0.1.255
D. access-list 10 permit ip 192.168.149.0 0.0.255.255
E. access-list 10 permit ip 192.168.146.0 0.0.0.255
F. access-list 10 permit ip 192.168.146.0 255.255.255.0 76. (0.200 Point)
In which solution is a router ACL used?
A. filtering packets that are passing through a router
B. to change the default administrative distance of a route in the route table
C. protecting a server from unauthorized access
D. controlling path selection, based on the route metric 77. (0.200 Point)
Which IPsec security protocol should be used when confidentiality is required? A. MD5 B. PSK C. AH D. ESP 78. (0.200 Point)
A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)
A. The network administrator can apply port security to dynamic access ports.
B. The network administrator can apply port security to EtherChannels.
C. When dynamic MAC address learning is enabled on an interface, the switch can learn new
addresses, up to the maximum defined.
D. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
E. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN. 79. (0.200 Point)
On which options are standard access lists based?
A. destination address and wildcard mask
B. destination address and subnet mask
C. source address and subnet mask
D. source address and wildcard mask 80. (0.200 Point)
Which component of VPN technology ensures that data is unaltered between the sender and recipient? A. encryption B. authentication C. key exchange D. data integrity 81. (0.200 Point)
How does using the service password-encryption command on a router provide additional security?
A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router 82. (0.200 Point)
When are packets processed by an inbound access list?
A. before they are routed to an outbound interface
B. after they are routed to an outbound interface
C. before and after they are routed to an outbound interface
D. after they are routed to an outbound interface but before being placed in the outbound queue 83. (0.200 Point)
The company internetwork is subnetted using 29 bits. Which wildcard mask should be used to
configure an extended access list to permit or deny access to an entire subnetwork? A. 255.255.255.224 B. 255.255.255.248 C. 0.0.0.224 D. 0.0.0.8 E. 0.0.0.7 F. 0.0.0.3 84. (0.200 Point)
What are three valid reasons to assign ports to VLANs on a switch? (Choose three.)
A. to make VTP easier to implement
B. to isolate broadcast traffic
C. to increase the size of the collision domain
D. to allow more devices to connect to the network
E. to logically group hosts according to function
F. to increase network security 85. (0.200 Point)
Which protocol should be used to establish a secure terminal connection to a remote network device? A. ARP B. SSH C. Telnet D. WEP E. SNMPv1 F. SNMPv2 86. (0.200 Point)
What three pieces of information can be used in an extended access list to filter traffic? (Choose three.) A. protocol B. VLAN number C. TCP or UDP port numbers D. source switch port number
E. source IP address and destination IP address
F. source MAC address and destination MAC address 87. (0.200 Point)
Which command is necessary to permit SSH or Telnet access to a Cisco switch that is otherwise
configured for these vty line protocols? A. transport output all B. transport preferred all C. transport type all D. transport input all 88. (0.200 Point)
What features can protect the data plane? (Choose three.) A. policing B. ACLs C. IPS D. antispoofing E. QoS F. DHCP-snooping 89. (0.200 Point)
Which of the following statements is true regarding a stateless packetfiltering firewall? (Select the best answer.)
A. It can operate at Layer 4 of the OSI model.
B. It is more secure than a stateful packetfiltering firewall.
C. It tracks packets as a part of a stream.
D. It is not susceptible to IP spoofing attacks. 90. (0.200 Point)
Which of the following statements is true of all firewalls? (Select the best answer.)
A. They maintain a state table.
B. They hide the source of network connections.
C. They operate at Layer 7 of the OSI model.
D. They are multihomed devices. 91. (0.200 Point)
Which feature can validate address requests and filter out invalid messages? A. IP Source Guard B. port security C. DHCP snooping