INSTITUTE OF MANAGEMENT SCIENCES

CENTER OF EXCELLENCE IN INFORMATION TECHNOLOGY

Name: ................................ Roll No: ............................

Group: ................................ Examination: Mid Term (Part I)c
Semester: Spring 2019 Total marks: 0 Weight: 15
Time allowed: 25 mins Date: March 27, 2019
Course: Information Security Instructor: Dr. Tamleek Ali Tanveer

Encircle appropriate option(s). Total marks for this part are 15. Concentrate on your own paper as your peers
may have a different version the paper.

1. In CIA the letter ’A’ stands for __________________

a) Authentication b) Availability c) Authority d) Access Control

2. DOS attack is much more difficult to accomplish than gaining administrative access to a machine.

a) TRUE b) FALSE

3. A ________ cipher replaces one character with another character.

a) substitution b) transposition c) either (A) or (B) d) neither (A) nor (B)

4. How many unique eight (7) digits PINs are possible? Check the correct answer:

a) 10,000 b) 1,000,000 c) 1,00,000 d) 10,000,000

5. A system call allows application code to gain access to functionality implemented by the OS. A system call is often called a
protected procedure call. the cost of a system call is _________

a) same as a regular call. b) higher than a regular call c) lesser than a regular call d) None of the above

6. Which one is the correct sequence?

a) Authorization –> Authen- b) Authentication –> Autho- c) Resource Access –> Au- d) Both a and b
tication –> Resource Access rization –> Resource Access thorization –> Authentication

7. Before accessing any resource _________

a) A user must have write access

b) A user must be logged into c) A user may not have ac- d) Both a and b
the operating system cess right to the resource

8. AES is much more efficient than Triple DES

a) True b) False

9. Which of the following mode of cipher can be used for stream cipher?

a) CBC b) CFB c) ECB d) BCD

10. XEN is a _________________.

a) Virtual Machine b) Hypervisor c) Virtual Monitoring System d) Virtualized Hardware System

11. Which of the following is the strongest against brute force attack?

a) DES b) 3DES c) AES d) RC6

12. What are the properties of a hash function?

a) One way b) Strong encryption c) Collision resistant d) All of the above

Information Security (Spring 2019 - Mid Term (Part I)c) Page 1 of 3

13. Which ONE is considered the best method to distribute Public Keys:

a) public announcement b) publicly available directory c) public-key authority d) public-key certificates

14. In public-key cryptosystem, who know the private key of key owner:

a) Certification Authority b) Only the owner c) Both CA and Owner d) Reciever and CA

15. Data breaches violate which of the following security requirements?

a) Integrity b) Availability c) Confidentiality d) Non-repudiation

16. A number of online banking systems send a limited lifetime PIN to your smartphone for you to be able to authenticate
yourself to the bank. Is this an example of...

a) Something you have b) Something you are c) Something you know d) OTP

17. The _______ criterion states that it must be extremely difficult or impossible to create the message if the message digest is
given.

a) one-wayness b) weak-collision-resistance c) strong-collision-resistance d) none of the above

18. An attacker correctly guesses Alice’s password and logins in as her. Is this a case of...

a) False positive b) True positive c) False negative d) True negative

19. A randomly chosen password has six characters that include upper and lower case letters, digits (0-9). In the worst case,
how many attempts must a brute-force method make to determine a password when its hashed value is available?

a) 672 b) 626 c) 726 d) 727

20. ARP spoofing can lead to _______________

a) DOS attack b) sniffing attack c) active attack d) passive attack

21. Which of the following is(are) Kernel disign requirement(s).

a) Temperproof b) Un-Bypassable c) Analyzable d) All of the above

22. Brute-force attack is a guaranteed way to break any password. What can be the way to overcome the brute-force attack?

a) Social Engineering b) Limiting number of pass- c) Input validation d) None of the above
word attempts

23. To decrypt using AES, just run the same algorithm with reverse key order.

a) True b) False

24. ARP protocol does ______________ resolution.

a) Name to IP b) IP to name c) MAC to IP d) IP to MAC

25. Which of the following is NOT property of a Hash function?

a) Given message m, It should b) Given m1, it is computa- c) Given H(m), there is no d) Any size of message gen-
be easy to compute H(m) tionally impossible to find easy way to find m erates fixed size (128-512)
m2 s.t. H(m2) = H(m1) output.

26. Revocation of access certain access rights can be carried out easily in systems that use...

a) ACLs b) C-lists c) BLP d) ACM

27. Which ONE of the following is NOT a solution to prevent SYN flood attack?

a) Decrease the wait time for b) Not store the connection c) Avoid client connections d) use SYN cookies
half open connection information

Information Security (Spring 2019 - Mid Term (Part I)c) Page 2 of 3

28. A key problem with model checking is ________________

a) It cannot show absence of b) It does not scale to prac- c) Difficult to understand d) All of the above
a problem tical large size systems

29. A multi-factor authentication is likely to reduce _____________.

a) True Negative b) False Positive c) False Negative d) Both b and c

30. Reference Monitor _____________ TCB.

a) Is part of the TCB b) is not part of the TCB c) is the only part of the TCB d) is the only trusted part of
the TCB

Information Security (Spring 2019 - Mid Term (Part I)c) Page 3 of 3