Question 1

Which of the following is used to associate a public key with an identity?&#10;A) Encryption&#10;B) Digital hash&#10;C) Digital certificate&#10;D) Digital signature

Accepted Answer

Digital certificates are used to associate a public key with an identity, ensuring that a public key belongs to the individual, organization, server, or device it claims to be associated with.

Question 2

Which of the following statements about asymmetric key cryptography is true?&#10;A) Asymmetric key cryptography uses one shared key.&#10;B) Asymmetric key cryptography is also called private key cryptography.&#10;C) Asymmetric key cryptography uses two keys called public keys.&#10;D) Asymmetric key cryptography is also called public key cryptography.

Accepted Answer

Asymmetric key cryptography, unlike symmetric key cryptography that uses one shared key, utilizes a pair of keys for encryption and decryption processes. These keys are known as the public key and the private key. The public key is shared with anyone who wants to send an encrypted message, while the private key is kept secret and used to decrypt the message. This method is also referred to as public key cryptography, making option D correct.

Question 3

Which of the following issues and maintains digital certificates?&#10;A) Registration authority&#10;B) Certification authority&#10;C) Public key infrastructure&#10;D) Client nodes

Accepted Answer

Certification authorities (CAs) are responsible for issuing and managing digital certificates, which are used to verify the identity of entities and to secure communications.

Question 4

Which of the following tasks is part of the disposal phase of the SDLC?&#10;A) Authorization&#10;B) Conducting risk assessment&#10;C) Archiving information and sanitization of media&#10;D) Adding hardware and software

Accepted Answer

During the disposal phase of the System Development Life Cycle (SDLC), it is crucial to properly archive information and sanitize media to ensure that sensitive data is securely erased and cannot be recovered. This step is essential for maintaining data security even after a system is no longer in use.

Question 5

Identification of compliance requirements is done during which of the following phases of the SDLC?&#10;A) Initiation&#10;B) Development/acquisition&#10;C) Implementation/assessment&#10;D) Operations/maintenance

Accepted Answer

During the Initiation phase of the System Development Life Cycle (SDLC), identification of compliance requirements is crucial. This early phase involves defining the system's objectives, scope, and constraints, which includes understanding and incorporating any relevant compliance requirements to ensure the system will meet legal and regulatory standards from the outset.

Question 6

Which of the following is the most common web application security flaw?&#10;A) Failure to validate output&#10;B) Failure to validate input&#10;C) Dynamic data validation&#10;D) Static data validation

Accepted Answer

Failure to validate input is the most common web application security flaw. It can lead to various security issues, such as SQL injection, cross-site scripting (XSS), and other vulnerabilities, by allowing attackers to manipulate the inputs in a way that was not intended by the application developers.

Question 7

Symmetric key cryptography uses which of the following?&#10;A) One public key&#10;B) One shared key&#10;C) Two public keys&#10;D) One public and one private key

Accepted Answer

Symmetric key cryptography uses one shared key for both encryption and decryption. This key must be known to both the sender and the receiver.

Question 8

Which of the following is one of the most popular symmetric algorithms of recent years?&#10;A) AES&#10;B) RSA&#10;C) DES&#10;D) IPsec

Accepted Answer

AES (Advanced Encryption Standard) is one of the most popular symmetric encryption algorithms in recent years, widely used across various security protocols and systems for its robustness and efficiency. RSA and IPsec are not symmetric algorithms; RSA is an asymmetric algorithm, and IPsec is a suite of protocols. DES, while historically significant, has been largely superseded by AES due to its stronger security features.

Question 9

Which of the following statements about symmetric key cryptography is not true?&#10;A) Symmetric key cryptography uses one shared key.&#10;B) Symmetric algorithms can provide confidentiality.&#10;C) Symmetric algorithms can provide nonrepudiation and authenticity.&#10;D) Symmetric key cryptography uses a single secret key.

Accepted Answer

Symmetric algorithms primarily provide confidentiality through encryption and decryption using a shared secret key. Nonrepudiation and authenticity are typically provided by asymmetric cryptography, not symmetric, because symmetric keys are shared and do not inherently link an action to a specific user's identity.

Question 10

Which of the following is a component of PKI?&#10;A) Certification authority&#10;B) Registration authority&#10;C) Client nodes&#10;D) All of the above

Accepted Answer

All of the options listed are components of a Public Key Infrastructure (PKI). The Certification Authority (CA) issues digital certificates, the Registration Authority (RA) verifies the identity of entities requesting certificates, and client nodes use these certificates for secure communication.

Question 11

Which of the following is the process of creating a numeric value that represents the original text?&#10;A) Encryption&#10;B) Decryption&#10;C) Hashing&#10;D) Key management

Accepted Answer

The answer of Which of the following is the process...

Question 12

Which of the following provides confidentiality?&#10;A) Encryption&#10;B) Decryption&#10;C) Hashing&#10;D) Key management

Accepted Answer

The answer of Which of the following provides confidentiality?&#10;A) Encryption&#10;B)...

Question 13

Public key cryptography uses which of the following?&#10;A) A shared key&#10;B) A public key&#10;C) A private key&#10;D) Both a public and a private key

Accepted Answer

The answer of Public key cryptography uses which of the...

Question 14

Which of the following provides a standardized process for all phases of any system development or acquisition effort?&#10;A) COTS&#10;B) SDLC&#10;C) NIST&#10;D) CIA

Accepted Answer

The answer of Which of the following provides a standardized...

Question 15

In which phase of the SDLC are systems and products in place and operating, enhancements and/or modifications to the system are being developed and tested, and hardware and software components are added or replaced?

A) Initiation
B) Development/acquisition
C) Operations/maintenance
D) Implementation/assessment

Accepted Answer

The answer of In which phase of the SDLC are...

Question 16

Which of the following is a hybrid of a beta and a final release version of a software product?&#10;A) Release candidate&#10;B) Alpha phase&#10;C) General availability&#10;D) Go live

Accepted Answer

The answer of Which of the following is a hybrid...

Question 17

Which of the following is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted?&#10;A) NIST&#10;B) GLBA&#10;C) MITRE&#10;D) OWASP

Accepted Answer

The answer of Which of the following is an open...

Question 18

Which of the following components of PKI performs the administrative functions, including verifying the identity of users and organizations requesting a digital certificate?&#10;A) Certification authority&#10;B) Registration authority&#10;C) Client nodes&#10;D) Digital certificate

Accepted Answer

The answer of Which of the following components of PKI...

Question 19

Which of the following is not a best practice for cryptographic key management?&#10;A) Keys should be transmitted and stored by secure means.&#10;B) Keys should be properly destroyed when their lifetime ends.&#10;C) Keys should be presented in clear text.&#10;D) Key values should be random, and the full spectrum of the keyspace should be used.

Accepted Answer

The answer of Which of the following is not a...

Question 20

Which of the following is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization?&#10;A) ISO&#10;B) SAMM&#10;C) OWASP&#10;D) SDLC

Accepted Answer

The answer of Which of the following is an open...

Deck 10: Information Systems Acquisition, Development, and Maintenance