AIS615 TUTORIAL CHAPTER 9

9.1 Match the terms with their definitions:

1. ___ Virtual Private
Network (VPN)
2. ___ Data Loss Prevention
(DLP)
3. ___ Digital signature
4. ___ Digital certificate
5. ___ Data masking
6. ___ Symmetric
encryption
7. ___ Spam
8. ___ Plaintext
9. ___ Hashing
10. __Ciphertext
11. ___Information rights
management (IRM)
12. __ Certificate authority
13. ___ Non-repudiation
14. ___ Digital watermark
15. ___ Asymmetric
encryption
16. __ Key escrow
a. A hash encrypted with the creator’s private key
b. A company that issues pairs of public and private keys and
verifies the identity of the owner of those keys.
c. A secret mark used to identify proprietary information.
d. An encrypted tunnel used to transmit information securely
across the Internet.
e. Replacing real data with fake data.
f. Unauthorized use of facts about another person to commit
fraud or other crimes.
g. The process of turning ciphertext into plaintext.
h. Unwanted e-mail.
i. A document or file that can be read by anyone who accesses
it.
j. Used to store an entity’s public key, often found on web sites.
k. A procedure to filter outgoing traffic to prevent confidential
information from leaving.
l. A process that transforms a document or file into a fixed
length string of data.
m. A document or file that must be decrypted to be read.
n. A copy of an encryption key stored securely to enable
decryption if the original encryption key becomes
unavailable.
o. An encryption process that uses a pair of matched keys, one
public and the other private. Either key can encrypt
something, but only the other key in that pair can decrypt it.
p. An encryption process that uses the same key to both encrypt
and decrypt.
q. The inability to unilaterally deny having created a document
or file or having agreed to perform a transaction.
r. Software that limits what actions (read, copy, print, etc.) users
granted access to a file or document can perform.

9.12 Answer all of the following multiple-choice questions:

1. Websites often provide a link to the organization’s privacy policy. Doing so most directly
satisfies the requirements of the section of GAPP referred to as _____.
a. management
b. notice
c. quality
d. collection
2. Which of the following factors increase the strength of an encryption solution?
a. Securely storing encryption keys somewhere other than in the browser.
b. Keeping the encryption algorithm secret.
c. Using a 24-bit encryption key.
d. All three options increase the strength of an encryption solution.
e. None of the three factors increase the strength of an encryption solution.

3. Able wants to send an encrypted document to Baker as an email attachment. If Able

wants to securely send Baker the key to decrypt the document, Able should
a. Encrypt the key using Able's public asymmetric key.
b. Encrypt the key using Able's private asymmetric key.
c. Encrypt the key using Baker's public asymmetric key.
d. Encrypt the key using Baker's private asymmetric key.

4. Which type of VPN is more secure?

a. SSL.
b. IPSEC.
c. SSL and IPSEC VPNs are both secure.
d. Neither SSL nor IPSEC VPNs are secure.

5. GAPP stresses the importance of obtaining consent when collecting, using, and sharing
information about customers. If a company’s policy is to ask customers for permission to
collect sensitive personal information and then only asks questions about sensitive
matters (such as political beliefs or sexual orientation) after the customer agrees to
answer such questions, it is following the process referred to as _____.
a. explicit consent (opt-out)
b. explicit consent (opt-in)
c. implicit consent (opt-out)
d. implicit consent (opt-in)

6. Which of the following statements is true?

a. A file encrypted with X's private key can only be decrypted by using X's private
key.
b. A file encrypted with X's private key can only be decrypted using X's public key.
c. A file encrypted with X's private key can only be decrypted by using Y's private
key.
d. A file encrypted with X's private key can only be decrypted using Y's public key.
7. To decrypt a digital signature _____.
a. the recipient uses the sender's private key.
b. the recipient uses the sender's public key.
c. the recipient uses the recipient's private key.
d. the recipient uses the recipient's public key.

8. Encryption is least effective in protecting the confidentiality of sensitive data when

_____.
a. it is at rest
b. it is being processed
c. it is being transmitted over the Internet
d. encryption is equally effective in protecting confidentiality at all stages of the data
processing cycle

9. Nonrepudiation of a digital contract is achieved by creating and using a _____.

a. digital signature
b. digital certificate