Alice and Bob communicate. For which of the following is Bob’s private key used?

Bob decrypts a message from Alice.

Alice verifies the signature of a message from Bob.

Carol decrypts a message from Alice.

Alice decrypts a message from Bob.

Bob verifies the signature of a message from Alice.

In which situation is it essential to use the revocation certificate for a PGP key?

You accidentally delete the only copy of your private key.

You erroneously sign someone’s key, which you did not want to sign.

You lose a flash drive with a copy of the private key.

Your key has expired and you want to renew it.

Your key has expired and you do not want to renew it.

What is a disadvantage of symmetric key exchange with a trusted third party?

A compromised user-specific key jeopardises the confidentiality of all past and future communication.

Each participant can decrypt all other participants’ communication.

Prior to communication, multiple users need to be contacted.

Secure connections between all communicating users are required.

The number of stored keys grows quickly with more participants.

What is the basic idea of challenge response protocol?

The secret is never transmitted.

Neither party proves anything to the other party.

Both parties transmit only their part of the secret.

The parties need a secure channel to communicate.

The secret is fixed and independent of the exchange.

When is a reflection attack possible?

The protocol does not use a nonce or timestamp.

The same authentication protocol is used to authenticate the server and the client.

It is possible to record and re-transmit authentication packages.

The client is not authenticated by the server.

The server is not authenticated by the client.

What is the difference between a brute-force attack and a dictionary attack?

For the brute-force attack, plaintexts are randomly chosen; for the dictionary attack, a pre-defined list is used.

The brute-force attack only works for a single language; for the dictionary attack, portions of the password are automatically translated.

The brute-force attack can be easily parallelised; the dictionary attack cannot.

In case of the brute-force attack, the plaintext is hashed repeatedly; for the dictionary attack, an invertible function is used.

A brute-force attack works on all hash functions; a dictionary attack only works on some insecure hash functions.

Which property does not generally hold for a salt?

The salt should be randomly generated.

The salt is necessary for checking a password.

The salt can be shorter than the password.

The salt is stored in plain-text.

Why is the lifetime of ZSKs (Zone Signing Keys) in DNSSEC relatively short?

The keys are small to limit stored/transmitted data and computational complexity. To ensure that these small keys do not get broken easily, they are replaced often.

The keys are regenerated for every DNS query anyways. They are just valid for the maximum time a packet can stay in transit.

There is no need for longer-lasting keys as the data to be signed changes anyways.

Space is limited, so it is important that the keys can be deleted soon.

The randomness of DNS server is not that good, so it makes sense to replace the keys more often.

An application-based DoS attack on HTTP

A volume-based DoS attack on TCP

A protocol-based DoS attack on UDP

A protocol-based DoS attack on TCP

An application-based DoS attack on UDP

What is the most fundamental weakness which allows for a SQL injection attack?

User inputs are not validated before being passed to the database.

Too much information regarding the setup of the database is leaked via the data entry field.

There is no proper separation of the input data and the code.

It is possible to input data which contains SQL code.

The programmer did not use prepared statements to ensure that SQL injection does not work.

What is not an exploitable side channel for extracting a secret key/PIN/code?

After an access code is entered, the display flickers only if a correct code was entered and the door opens.

An encryption IC executes multiplications only for ‘1’ key bits, leading to higher power draw during these bit positions.

Some keys on a keyboard used for entering a password make an audibly different sound.

A PIN check tests digits individually, making it take observably longer for more correct digits.

Some buttons on a PIN keypad of a security door are visibly worn.

Which is not contained in Bitcoin blocks?

Transactions with no input transactions

Bitcoin price in USD at the time of the block

What is the nothing-at-stake problem?

After a fork, validators accept new blocks for multiple chains.

Validator nodes offset possible penalties on their staked cryptocurrency by engaging in price fixing.

The cryptocurrency becomes worthless fast, leaving the blockchain with no validator nodes.

Proof-of-stake blockchains require a trusted third party.

Nodes can only become validators after they have already earned a sum of cryptocurrency.

Mock Exam: IT Security 2024

Authored by infernoxslayerz apple_user

Others

University

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

27 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is Kerckhoffs’s principle?

Implementations of cryptographic algorithms must be protected against malicious modification.

Access should be forbidden by default and only explicitly allowed when sufficient permissions are granted.

The security of a larger system is only as good as the weakest link’s protection.

A cryptographic algorithm should be considered insecure until it is mathematically proven to be secure.

The security of a cryptographic system must only be based on the key and not on the secrecy of the algorithm.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In the security context, what is the definition of integrity?

Recorded actions cannot be denied by the subjects who have carried them out.

Data is not modified unnoticed without authorisation.

Messages are hashed and signed before being sent to communication partners.

Subjects are honest when communicating with others.

A trusted third party (TTP) cannot read communication exchanged on the network.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In the security context, what is the definition of authenticity?

The identity of an object or subject can be proven.

Within a set of subjects, sent messages can be traced back to a sender.

Subjects have to log in before being granted access to a system.

User inputs are validated for their correctness before being operated on.

Messages are sent unencrypted, as clear text.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is not a cryptanalytic attack?

Chiphertext-only attack

Chosen signature attack

Known plaintext attack

Chosen ciphertext attack

Chosen plaintext attack

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the public key property (PKP)?

It is impossible to decrypt data with the secret key.

It is impossible to determine the secret key with only the knowledge about the public key.

It is possible to decrypt the ciphertext only with the public key.

It is impossible to encrypt data with the public key that can be decrypted with the secret key.

It is possible to generate a signature with the public key.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which measure helps to protect data integrity?

Data economy

Pseudonymisation

Encryption

Message Authentication Code

Obfuscation

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Alice and Bob communicate. For which of the following is Bob’s public key used?

Carol signs a message to Bob.

Alice encrypts a message to Bob.

Bob signs a message to Alice.

Bob encrypts a message to Alice.

Alice signs a message to Bob.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

23 questions

Week 1-2_Information and Communication Technology and Introduction to Computer Operations

Quiz

•

University

23 questions

IEA Anatomy Practice Test (TRE 25-26’)

Quiz

•

University

25 questions

Anime Trivia

Quiz

•

University

25 questions

Gagne's Nine Events of Instruction

Quiz

•

University

30 questions

RACE 2023 QUIZ

Quiz

•

University

31 questions

lower body muscles

Quiz

•

University

22 questions

QUIZ 2 AUD589 OCT2023

Quiz

•

University

22 questions

The Empire of Ghana in the Year 1000

Quiz

•

8th Grade - University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Others

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

7 questions

Fragments, Run-ons, and Complete Sentences

Interactive video

•

4th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

10 questions

DNA Structure and Replication: Crash Course Biology

Interactive video

•

11th Grade - University

5 questions

Inherited and Acquired Traits of Animals

Interactive video

•

4th Grade - University

5 questions

Examining Theme

Interactive video

•

4th Grade - University

20 questions

Implicit vs. Explicit

Quiz

•

6th Grade - University

7 questions

Comparing Fractions

Interactive video

•

1st Grade - University

Mock Exam: IT Security 2024

What is Kerckhoffs’s principle?

In the security context, what is the definition of integrity?

In the security context, what is the definition of authenticity?

Which of the following is not a cryptanalytic attack?

What is the public key property (PKP)?

Which measure helps to protect data integrity?

Alice and Bob communicate. For which of the following is Bob’s public key used?

Alice and Bob communicate. For which of the following is Bob’s private key used?

Alice and Bob communicate. For which of the following is Alice’s private key used?

In which situation is it essential to use the revocation certificate for a PGP key?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Others