# Infosec Exam Preparation 1. For the RUG ‘defense in depth’ is exemplified by a) spam filters installed by Google, SURF, and your own computer b) deep packet inspection of network traffic performed by system administrators c) deep packet inspection of network traffic performed by the outer RUG firewall computer d) routing all wireless network traffic through a single core router before connecting to the Internet => a, c, d Chapter 8.9.5 Defense in Depth 2. It takes time to recover from information security attacks. What type of attacks take the most time to resolve? a) Attacks performed by insiders b) Denial of service attacks c) Phishing attacks d) Virus attacks => a > d > c => a Insiders have the most depth from the get go. 3. The transposition ciphers covered by the lectures and Mark Stamp’s book are characterized by the fact that characters a) of the plain text are replaced by other characters b) in rows of the plain text matrix reappear in rows of the encrypted text matrix c) in columns of the plain text matrix reappear in rows of the encrypted text matrix d) in the plain text matrix reappear in random locations of the encrypted text matrix. what are those ciphers: - double transp. ciph. => b (rows and cols get permutated; therefore the rows look similar, i.e some rows contain the exact same characters as the rows in the plaintext matrix, just different order (column perm.)) 4. With Feistel ciphers blocks are split in left and right halves. If only one encryption round is used, then (a) the left half is not modified and becomes the left half in the next round, whereafter the key schedule is applied to the left half in the next round. (b) the left half is not modified and becomes the right half in the next round (c) the right half is not modified and becomes the right half in the next round, whereafter the key schedule is applied to the right half in the next round. (d) the right half is not modified and becomes the left half in the next round => d, L' = R R' = L XOR round(R, K) 5. (Using Ci to indicate the i-th encrypted block, Pi to indicate the i-th plain text block) Information leakage can be a problem with the CBC block cipher mode. a) If Pi is equal to Pi+1 then the corresponding encrypted blocks are also identical b) If Ci is equal to Cj then Pi is equal to Pj c) If Ci is equal to Cj then Pi xor Pj is known d) If Ci is equal to Cj then Pi xor Pj equals Ci-1 xor Cj-1 => d; c could so be correct because it is basically known 6. A linear diophantine equation xe+yf=g uses e=4,f=8. Once the equation is solved for x and y then an alternative solution for x and y a) does not exist, as solutions of linear diophantine equations are unique b) can be 8+x and -4+y c) can be 4*x and -4*y d) can be 8*x and -8*y => b; g=gcd(e,f)=4; solution: x=-1,y=1 -> (-1+k(8/g),1-k(4/g) ) = (-1+k*2, 1-k); k=4 => (-1 +8, 1 -4) :) 7. When Alice and Bob use Ephemeral Diffie-Hellman a) They send their computed pow(g, x) mod p to their partner, and then destroy both their x and pow(g, x) mod p values. b) They compute their x that is used in pow(g, x) mod p, and send x, en- crypted with their shared encryption key K to their partner. c) After obtaining their partner’s pow(g, x) mod p they use their own y to compute pow(g, xy) mod p. d) They must make sure that their shared encryption key K is not compro- mised, or an attacker will be able to retrieve the session key => c; (a is practically correct but x has to be stored until the partners g^y is received.. and can then be destroyed) 8. When computing pow(333, 29) mod 17 a) you can compute pow(333 mod 17, 29) instead b) you can compute pow(333, 29 mod 17) instead c) start with the least significant bit of 29 d) start with the most significant bit of 29 => a,c,d) build up exponent one at a time starting from higher-order bits. All those are viable options according to GPT. 9. Which of the following hashing algorithms is considered cryptographically strong? a) The Cyclic Redundancy Check b) MD5 c) Both a and b d) Neither a nor b. => d) CRC is a non-cryptographic one, and MD5 is considered broken 10. To compute a HMAC value of a message M using key K and hash function h(A, B) where A represents a message and B represents a key, then the hash value should be computed as a) h(K, M) b) h(M, K) c) h(K, h(K, M)) d) h(M, h(M, K)) => d; inner hash, outer hash, A=Message 11. Which of the following is *not* a ‘role’ in OAuth2? a) Relying Party b) Resource owner c) Client d) Authorisation Server => a; relying party is form OpenId connect 12. Using Kerberos, replay attacks are prevented by a) the ticket-granting server sending a ‘lifetime’ to the client b) the client sending a timestamp to the service provider c) the service provider sending a timestamp to the client d) using separate encryption keys for all communication between client, service provider, ticket-granting server and authentication server => b,c; timestamps are sent everytime; 13. Alice and Bob agree on using K, a shared encryption key. Also, they may use ephemeral Diffie-Hellman. For each new session they agree to use a separate encryption key Y. When Alice constructs Y, which protocol should not be used to inform Bob about Y? Note: E{M,x} indicates M, encrypted with key x a) Alice sends E{pow(g, a) mod p}, Bob replies with E{pow(g, b) mod p} b) Alice sends E{M2,K}, Bob replies with E{M3,K} c) Alice sends E{Y,K}, Bob replies with E{M,Y} d) None of the above protocols should be used. => (d); because "a" looks like ephemeral DH, but the key is missing..., the rest makes no sense... 14. Suppose that there is a function f(D)=Sum_i=1^n di where each di ∈ 0,1 to which we want to introduce noise. What is the sensitivity of this function? (a) 0 (b) -1 (c) 2 (d) 1 => d; because changing one entry in D has an effect of 0 or 1 on the result (count). The sensitivity is the maximum therefore 1 (positive).