Exercise

Question 1

Alice wants to open a communication channel with Bob. Which of the following security properties she must implement in order to check that she is really communicating with Bob?
 A. non-repudiation
 B. integrity
 C. availability
 D. peer authentication
 E. data authentication
 F. privacy
 G. accountability

exercise 1

Question 2

Assume Alice sends a message to Bob. Bob knows that he has to perform data authentication. What does it mean?:
 A. Bob must register the received data in a database
 B. Bob must identify Alice (e.g. check her identity card)
 C. Bob must verify that the data really comes from Alice (for example, by verifying some sort of evidence attached to the data that only Alice may have created)
 D. Bob must demonstrate his identity to Alice

exercise 1

Question 3

Assume Alice wants to connect to two systems run by Bob. Alice and Bob must always perform the mutual authentication. What does it mean?:
 A. Alice authenticates to every system run by Bob and each of the two systems of Bob authenticate to Alice
 B. Bob authenticates to Alice
 C. Alice authenticates to the two systems run by Bob
 D. each of the two systems of Bob authenticate to Alice
 E. Alice and Bob must identify themselves, e.g. by exchanging their identity cards

exercise 1

Question 4

Assume Alice is entering a password (or a PIN) to access her smartphone. Which security property is implemented by her smartphone for this operation?
 A. confidentiality
 B. integrity
 C. authentication
 D. availability
 E. authorization

exercise 1

Question 5

In Windows OS there are two types of users: normal and administrator. Assume a normal user tries to install a program and this operation is denied by the OS. Which security property the OS has implemented for software installation operation? (we assume the user has already logged in successfully with his credentials):
 A. authentication
 B. authorization
 C. traceability
 D. availability

exercise 1

Question 6

Alice writes some data on her disk. The disk is placed in a secure place. After some time she wants to check whether the data has been modified. Which security property does she have to implement?
 A. authentication
 B. authorization
 C. traceability
 D. integrity
 E. availability

exercise 1

Question 7

Alice wants to protect the entrance in a building with a card reader. Which security property/properties must implement the card reader placed at the entrance?
 A. authentication
 B. authorization
 C. non-repudiation
 D. integrity

exercise 1

Question 8

What is a replay attack?
 A. an attack in which some data (in clear or protected for confidentiality) can be intercepted and then sent more than once to the destination
 B. an attack in which only data in clear can be intercepted and then sent more than once to the destination
 C. an attack in which an attacker intercepts the data, then sends it to another attacker who will send it to the destination

exercise 1

Question 9

What is a sniffing attack?
 A. an attack in which data (in clear or protected) is intercepted while in transmission
 B. an attack in which only data in clear can be intercepted
 C. an attack in which an attacker intercepts the data, then modifies it, then finally sends it to the destination

exercise 1

Question 10

What is an IP spoofing attack?
 A. an attack in which the attacker creates fake date and inserts it into a connection
 B. an attack in which an attacker modifies the IP source address and sends it to a destination
 C. an attack in which an attacker modifies the IP destination address and sends it to the destination
 D. an attack in which an attacker modifies both the source and the destination addresses in an IP packet

exercise 1

Question 11

What kind of countermeasures are applicable for an IP spoofing attack aimed to gain unauthorised access to a remote resource?
 A. instruct the browser’s users to carefully check the URL they are connecting to
 B. avoid the use of broadcast networks
 C. avoid the use of the IP address as “credential” to authenticate and get access to any remote resources
 D. install (and regularly update) an anti-malware application on each device

Question 12

What is a Denial of Service attack?
 A. an attack in which the attacker keeps a host busy by exhausting its resources (e.g. mail) so that it cannot provide its services
 B. an attack in which the attacker keeps a host busy by flooding it with traffic (e.g. DNS or ICMP) so that it cannot provide its services
 C. an attack in which an attacker keeps a host busy by exhausting its resources (e.g. by injecting a malware that makes continuous calculations) so that to block the use of the host
 D. an attack in which an attacker denies the use of a host to a user because he/she is not authorized

exercise 1

Question 13

What is Distributed Denial of Service (DoS) attack?
 A. attack in which the attacker (master) exploits multiple deamons installed on compromised nodes to run (upon command) a software implementing the DoS attack against one victim
 B. attack in which an attacker (master) distributes the DoS software to multiple nodes that run independently the attack against different victims
 C. attack in which attackers (masters) collaborate and decide along with the zombies which type of DoS attack to run

exercise 1

Question 14

Bob is an attacker who decides to activate a shadow server to attack Alice. What kind of attacks can he perform against Alice (to provoke damage)
 A. replay attack
 B. Denial of Service
 C. redirect Alice to fake web sites  D. packet sniffing

Question 15

Alice wants to communicate securely with Bob (server). What kind of security properties must she implement to protect from Man in the Middle attack? Note: we assume Alice and Bob have trusted devices and software
 A. server authentication, data authentication, confidentiality of the data exchanged, integrity of the data exchanged
 B. server authentication, confidentiality of the data exchanged, integrity of the data exchanged, serialization of each packet
 C. server authentication, data authentication, confidentiality of the data exchanged, integrity of the data exchanged, and serialization of each packet
 D. privacy of the data exchanged, server authentication, data authentication, integrity of the data exchanged, serialization of each packet

Question 16

In risk analysis, assets are:
 A. any ICT resource, data, and people present or working inside a company
 B. any ICT resource, data, and people used for providing a service
 C. the ICT resources, data, people, and location used in providing a specific service
 D. the ICT resources, data, people, and location used in providing the services offered by the company

Question 17

In risk analysis, vulnerabilities are:
 A. weaknesses in the software that could be exploited by an attacker
 B. weaknesses in the design, implementation, configuration and management that could be exploited by an attacker
 C. actions an attacker performs to damage an asset
 D. weaknesses in the design, implementation, configuration and management that could harm assets if exploited by an attacker or by occurance of unintentional events (natural disasters, mistakes performed by individuals)

Question 18

In risk analysis, a security control is:
 A. a set of operational and management processes, and security mechanisms (including software techniques, algorithms and protocols) used to protect against threats
 B. functional and non-functional requirements that need to be satisfied in order to achieve security
 C. a set of operational and management processes, and security mechanisms (including software techniques, algorithms and protocols) adopted to reduce risks

Question 19

In risk analysis, a risk is:
 A. a qualitative (e.g., low, medium, high, very high) or quantitative (e.g. 10, 15, 25) value calculated based on the impact and the probability of occurrence of a security event
 B. a cost calculated based on the countermeasures to be selected and implemented to protect against a security event
 C. possible deliberate action/accidental event that can produce the loss of a security property

Question 20

What are the security controls and procedures?
 A. documents expressing ‘how’ you implement the policies, both for the technical details (such as specific techniques, algorithms used) and organizational details
 B. documents expressing the vulnerabilities of a system or product
 C. documents expressing the flaws in the implementation of a system of product

Question 21

Which of the following is not a purpose of doing a risk analysis?
 A. delegate responsibility
 B. quantify impact of potential threats
 C. identify risks
 D. define the balance between the impact of a risk and the cost of the necessary countermeasure

Question 22

DES is an algorithm that allows:
 A. symmetric encryption of data by splitting data in blocks
 B. symmetric encryption of data by processing the data flow
 C. creation of digital signatures with asymmetric keys
 D. creation of digital signature and encryption of data with asymmetric keys

Question 23

The key length to defend from brute force attacks has increased because
 A. the use of permutations and transpositions in algorithms has increased
 B. as algorithms get stronger, they get less complex, and thus more susceptible to attacks
 C. processor speed and power have increased
 D. key length reduces over time

Question 24

What of the following properties should a secure AES key have?
 A. confidentiality
 B. non-repudiation  C. traceability
 D. randomness

Question 25

The advantages of the ECB mode are:
 A. parallel encryption
 B. parallel decryption
 C. random access to blocks (you can decrypt a block independently from the others)
 D. simple implementation
 E. difficult to perform cryptanalysis because identical blocks encrypt differently
 F. it’s not possible to swap blocks
 G. it’s not possible to delete blocks
 H. is resistant to known-plaintext attacks

Question 26

if a tool uses AES-256-ECB, you can assume that
 A. the tool can accept as a possible input either a private key or a public key
 B. the tool will have a negligible padding size
 C. the tool will operate on an Initialization Vector of 128 bit
 D. the tool adopts a symmetric algorithm, with a 256-bit key, and where each block of ciphertext is related to only one block of plaintext

Question 27

Which of the following statements are true for the CBC mode?
 A. parallel decryption
 B. parallel encryption
 C. protection on order of blocks
 D. if one cyphertext block is lost/deleted, the error propagates to the decryption of all the blocks from that point on
 E. an IV is used to randomize the first cyphertext block
 F. it’s resistant to known-plaintext attacks
 G. random access to blocks (you can decrypt a block independently from the others)

Question 28

If you encrypt 50B of plaintext with AES-128-CBC, how long is the ciphertext?
 A. 50B
 B. 64B
 C. 80B
 In the above case, let’s assume the ciphertext is a secret message to be sent by Alice to Bob. Indicate the size of data transmitted so that Bob can recover the plaintext
 A. 50B
 B. 64B
 C. 80B

Question 29

If you encrypt 50B of plaintext with AES-256-CBC, how long is the ciphertext?
 A. 50B
 B. 64B
 C. 80B
 In the above case, let’s assume the ciphertext is a secret message to be sent by Alice to Bob. Indicate the size of data transmitted so that Bob can recover the plaintext
 A. 50B
 B. 64B
 C. 80B
 D. 96B

Question 30

If you encrypt 32B of plaintext with AES-128-CBC, how long is the ciphertext?
 A. 32B
 B. 48B
 C. 64B
 If you encrypt 32B of plaintext with AES-128-CTR, how long is the ciphertext?
 A. 32B
 B. 48B
 C. 64B

Question 31

Assume Alice wants to protect her data (1 TB) on disk, but she does not want to increase the space occupied on disk. Moreover, she would like to perform the encryption very fast and to keep her data protected for 10 years. Which algorithm should she use?
 A. AES-128-CBC
 B. AES-128-ECB
 C. AES-256-CTS-CBC
 D. 3DES-168-CTS-CBC
 E. AES-512-CTS-CBC

Question 32

Assume Alice wants to protect her data (1 TB) on disk, she has more space, but she would like to perform the encryption very fast. Which algorithm should she use?
 A. AES-128-CBC
 B. AES-128-ECB
 C. AES-256-CTR
 D. 3DES-168-CTR
 E. AES-512-CTS-CBC
 F. Chacha20-256
 G. Chacha20-512
 E. RC4-128

Question 33

Which of the following statements are true for the CTR mode:
 A. allows parallel encryption of plaintext
 B. allows parallel decryption of plaintext
 C. allows random access to groups
 D. if a ciphertext block is modified, then (only) that group is erroneously decrypted (but not the successive ones)
 E. it is difficult to perform cryptanalysis because identical plaintext groups encrypt differently
 F. it’s possible to rearrange/swap cyphertext groups
 G. if a ciphertext group is deleted, all successive cyphertext groups will be decrypted erroneously

Question 34

 Alice wants to send a confidential message P to Bob … and  Alice and Bob have 64 bit platforms  P is large, e.g. 10 GB  P must be protected for 2 months
 Alice and Bob have agreed OOB about an algorithm (AES- 128-CBC) and a key (K)
 write the formulas and the steps

Question 35

Which of the following algorithm is based on the fact that it is hard to factor large numbers into two prime numbers?
 A. ECC
 B. RSA
 C. Diffie-Hellman
 D. DES

Question 36

Assume Alice wants to communicate to Bob her public key. She decides to sends the key over an unprotected channel, because the public key is public. Assume Eve can control the communication channel between Alice and Bob. What kind of security attacks could do Eve to damage the secure communication between Alice and Bob?
 A. replay attack – Eve sends the public key of Alice 10 times
 B. sniffing attack – Eve reads the public key of Alice
 C. man in the middle – Eve modifies the public key of Alice by changing some bits
 D. man in the middle – Eve replaces the public key of Alice with her own
 E. filtering – Eve deletes the public key of Alice

Question 37

A sender (Alice) wants to send a digitally signed message to a receiver (Bob). Which key is used to create a digital signature?
 A. The receiver’s private key  B. The sender’s public key  C. The sender’s private key  D. The receiver’s public key

Question 38

What is the advantage of RSA over DSA?
 A. It can provide digital signature and encryption functionality.
 B. It uses fewer resources and encrypts faster because it uses symmetric keys.
 C. It is a block cipher rather than a stream cipher.
 D. It employs a one-time encryption pad.

Question 39

Which of the following best describes a digital signature?
 A. A method of transferring a handwritten signature to an electronic document
 B. A method to encrypt confidential information
 C. A method to provide an electronic signature and encryption
 D. A method to let the receiver of the message verify the source (data origin) and integrity of a message

Question 40

Diffie-Hellman is a:
 A. symmetric algorithm
 B. asymmetric algorithm
 C. hash algorithm
 D. keyed-digest algorithm

… that is frequently used for:
 A. creating digital signatures
 B. agreeing on a secret key
 C. creating an HMAC

Question 41

Alice wants to send a secret key K to Bob by using asymmetric cryptography. Which operation must Alice do?
 A. encrypt the key K with the public key of Bob, by using RSA
 B. encrypt the key K with the public key of Bob, by using DSA
 C. encrypt the key K with her own public key, by using RSA
 D. encrypt the key K with the private key of Bob, by using DSA

Question 42

Which of the following ones are properties or characteristics of a one-way function?
 A. converts an arbitrary length message into a fixed-length value (the digest)
 B. given the digest value h(m), it should be computationally infeasible to find the corresponding message m
 C. it should be impossible or infrequent to derive the same digest from two different messages
 D. converts a fixed-length message to an arbitrary length value

Question 43

Assume Alice sends to Bob a plain message m along with its digest md=h(m) over an insecure channel. Assume Eve is an active attacker controlling the channel between Alice and Bob (i.e. can read, delete, modify, inject data). Bob receives both the message and the digest. What would tell Bob that the message has been modified?
 A. the public key has been altered
 B. the message digest has been altered
 C. the message digest computed by Bob is different from the one sent by Alice
 D. the message extracted by Bob from the digest – i.e. mBob=h-1(md) – is different from the message received m
 E. none of the above

Question 44

Alice wants to protect for integrity one file F on her disk (unprotected). She performs these steps:
1. she calculates a digest of the file, D = h(F)
2. she copies D on a secure storage (e.g. a USB pen) where she also keeps other sensitive data (e.g. her RSA key-pair)
After one year, Alice wants to check if F has been illegally modified, so she takes the file F from disk and recalculates the digest on the file, D’ = h(F)

Question 45

What would indicate to Alice that F has been modified?
 A. the file F has a different creation time
 B. the private key has been altered
 C. the message digest D stored in the secure storage is different from the message digest D’ recalculated on F
 D. the message digest D stored in the secure storage is the same as the message digest D’ recalculated on F
 E. none of the above

Question 46

If different messages generate the same hash value, how is this called?
 A. secure hashing
 B. collision
 C. MAC generation
 D. HMAC generation

Question 47

Given a message m1, after 100,000 random attempts Alice finds a message m2 that generates the same hash value when calculated with the algorithm H. Is H a secure hash algorithm?
 A. yes
 B. no
 C. it depends on the length of the output generated by H  D. it depends on the key used in the computation

Question 48

HMAC is an algorithm that allows:
 A. to combine a message with a symmetric key to provide data authentication and integrity
 B. to combine a message with an asymmetric private key to provide data authentication and integrity
 C. to combine a message with an asymmetric public key to provide data authentication and integrity
 D. to combine a message with a symmetric key to provide data authentication, integrity, and non-repudiation
 E. to combine a message with an asymmetric private key to provide data authentication, integrity, and non-repudiation

Question 49

Which of the following best describes the difference between HMAC and CBC-MAC?
 A. HMAC creates a message digest and is used for integrity; CBC-MAC is used to encrypt blocks of data for confidentiality
 B. HMAC uses a symmetric key and a hash algorithm; CBC- MAC uses the first encrypted block as a checksum
 C. HMAC and CBC-MAC provide integrity and data authentication; HMAC uses a hash function, while CBC-MAC uses a block encryption algorithm
 D. HMAC encrypts a message with a symmetric key and then puts the results through a hash algorithm; CBC-MAC encrypts the whole message

Question 50

Alice wants to protect some messages m1, m2, … mN for data authentication and integrity. She constructs for each message a MAC in the following manner:
for (i=1; i<=N; i++) mac(i) = HMAC-SHA256( i, mi );
She sends each message mi and the corresponding mac(i) to Bob over an unprotected channel.
Is data authentication and integrity achieved for all messages mi? (justify your answer)
 A. yes
 B. no

Question 51

 Alice wants to send Bob a plaintext P protected for confidentiality, authentication, and integrity
 Alice and Bobs share two symmetric keys K1 and K2
 Alice and Bob agreed on two algorithms, A1 (for MAC) and A2 (for symmetric encryption)
 which operations should Alice perform on P and what data should she transmit to Bob so that he can recover the plaintext and verify its integrity and authenticity?
 explain the advantages and disadvantages of your solution

Question 52

 Authenticated Encryption provides:
 A. confidentiality and authentication/integrity in one step with two different keys
 B. confidentiality and authentication/integrity in one step with one key
 C. confidentiality and authentication/integrity in two steps with one key
27
©

Question 53

Which of the following best describes a Certification Authority?
 A. an organization that issues private keys and the corresponding algorithms
 B. an organization that certifies encryption algorithms
 C. an organization that certifies encryption keys
 D. an organization that issues public-key certificates to entities
30

Question 54

Assume a CA issues an X.509v3 certificate to Alice. Which of the following values are included in the certificate issued to Alice? Select all that apply.
 A. Alice’s public key
 B. Alice’s private key
 C. A signature on Alice’s X.509v3 certificate, calculated with the CA’s private key
 D. A signature of the Alice’s X.509v3 certificate, calculated with the CA’s public key
 E. An indication of the owner of the certificate, such as the Alice’s name or e-mail address
 F. A time period, indicating the lifetime of the certificate
 G. An indication of the issuer of the certificate, such as the CA’s name

Question 55

Why would a Certification Authority revoke a certificate?
 A. if the subject’s public key has been compromised
 B. if the subject’s private key has been compromised
 C. if the subject sent the certificate over an unprotected channel
 D. none of the above

Question 56

Which of the following statements about CRL and OCSP are correct?
 A. CRL is a list of revoked certificates issued by a CA
 B. CRL is a list of revoked certificates issued by a root CA
 C. OCSP is a protocol to query a server about the validity of a single specific certificate at a specified time
 D. OCSP is a protocol to query a server about the validity of a single specific certificate at the current time

Question 57

Alice sends a digitally signed message to Bob and attaches her X.509v3 certificate (and a certificate chain up to a trusted root CA). Which steps must Bob perform to verify the signature on the message? (you can select multiple responses from the ones below)
 A. verify the signature on the message by using the certificate of Alice
 B. verify that the certificate of Alice is authentic by constructing the chain up to a trusted root and verifying the signatures on each certificate in the chain
 C. verify that each certificate in the chain (except the one of the trusted root) has not been revoked
 D. do not check the trusted root CA certificate that Alice sent him because he should have it already configured it as trusted

Question 58

Alice wants to send to Bob a message P protected for integrity and (data) authentication
 Alice and Bob share a symmetric key K
 Alice and Bob agreed about using HMAC-SHA1
 what information should Alice send to Bob? (write the corresponding formulas)

Question 59

Two companies in business wish to protect their messages (exchanged via an unprotected TCP/IP network) by providing confidentiality, integrity, and data authentication. Assuming that the companies do not have access to any secure channel or data format but share a password pwd (10 alphanumeric characters long) and can use only basic symmetric encryption, hash algorithms, and auxiliary mathematical functions (but not asymmetric encryption), suggest a possible solution for protecting a message M and write the formula to generate the protected message P.

Question 60

Which of the following statements correctly describes reusable passwords as authentication factor?
 A. they are the least expensive and most secure  B. they are the most expensive and least secure  C. they are the least expensive and least secure  D. they are the most expensive and most secure

Question 61

Alice wants to send to Bob a digitally signed message P  assumptions:
 Alice has an RSA key pair ( Alice.SK, Alice.PK )
 Bob knows Alice.PK (may be it was exchanged OOB)  write down the formulas

Question 62

Which of the following factors provides stronger authentication?
 A. what a person knows  B. what a person is  C. what a person has

Question 63

How is a challenge/response protocol used with an authentication-token (device)?
 A. this protocol is not used; cryptography is used
 B. an authentication service generates a challenge, then the authentication token generates a response based on the challenge
 C. the token challenges the user for a username and password
 D. the token challenges the user’s password against a database of stored credentials

Question 64

What is a dictionary attack?
 A. the attacker pre-computes a list of hashes of many “words”; the hashes are then compared with a hashed password (sniffed from the communication channel or leaked from a server)
 B. the attacker pre-computes several hashes (for several iterations) starting from a word in the Dictionary; the hashes are then compared with a hashed password (sniffed from the communication channel or leaked from a server)
 C. the attacker uses a Dictionary of common words (e.g. English language dictionary) to pre-compute a big list of their hashes; the hashes are then compared with a hashed password (sniffed from the communication channel (or leaked from a server)

Question 65

A salt is used to protect from dictionary attack. A salt is ..  A. a secret number  B. a random number, unpredictable
 C. a number that must be known only by the user to generate a more secure password

Question 66

The advantages of static passwords are (you can choose more than one option):
 A. are simple, “free”, and require no extra device to carry
 B. are immune to sniffing
 C. are immune to replay attacks
 D. require no trust in a third party (in contrast, public key certificates require trust in the CA)
 E. are immune to MITM attacks

Question 67

The advantages of OTPs are (you can choose more than one option):
 A. are simple, “free”, and require no extra device to carry
 B. sniffing attacks are not efficient
 C. are immune to replay attacks
 D. require no trust in a third party (in contrast, public key certificates require trust in the CA)
 E. are immune to MITM attacks

Question 68

A claimant must authenticate to a Verifier by using a symmetric CRA protocol. The advantages in this case are (you can choose multiple options):
 A. the Verifier must not store sensitive keys
 B. sniffing attacks are not efficient
 C. replay attacks cannot be performed
 D. require no trust in a third party (in contrast, public key certificates require trust in the CA) or OOB exchange of public keys
 E. is fast
 F. is immune to involuntary signing or to relay attacks (does not require Verifier authentication)

Question 69

A claimant must authenticate to a Verifier by using an asymmetric CRA protocol. The advantages in this case are (you can choose multiple options):
 A. the Verifier must not store sensitive keys
 B. sniffing attacks are not efficient
 C. replay attacks cannot be performed
 D. require no trust in a third party (in contrast, public key certificates require trust in the CA) or OOB exchange of public keys
 E. is fast
 F. is immune to involuntary signing or relay attacks (does not require Verifier authentication)