Cryptography and Network Security Principles and Practice 7th Edition by Stallings Test bank

CHAPTER 1: COMPUTER AND NETWORK SECURITY CONCEPTS
Cryptography and Network Security: Principles and Practice, 7 th Edition, by William
Stallings

TRUE OR FALSE 
T  F  1. The OSI security architecture provides a systematic framework for
defining security attacks, mechanisms, and services.
T  F  2. Security attacks are classified as either passive or aggressive.
T  F  3. Authentication protocols and encryption algorithms are examples
of security mechanisms.
T  F  4. The more critical a component or service, the higher the level of
required availability.
T  F  5. Thanks to years of research and development, it is now possible to
develop security design and implementation techniques that
systematically exclude security flaws and prevent all unauthorized
actions.
T  F  6. The field of network and Internet security consists of measures to
deter, prevent, detect and correct security violations that involve
the transmission of information.
T  F  7. Patient allergy information is an example of an asset with a high
requirement for integrity.
T  F  8. The OSI security architecture was not developed as an
international standard, therefore causing an obstacle for computer
and communication vendors when developing security features.
T  F  9. Data origin authentication does not provide protection against the
modification of data units.
T  F  10. The emphasis in dealing with active attacks is on prevention
rather than detection.
T  F  11. The connection-oriented integrity service addresses both
message stream modification and denial of service.
T  F  12. All the techniques for providing security have two components: a
security-related transformation on information to be sent and
some secret information shared by the two principals. 
T  F  13. An attack tree is a branching hierarchical data structure that
represents a set of potential techniques for exploiting security
vulnerabilities.
Cryptography and Network Security: Principles and Practice, 7 th Edition, by William
Stallings
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
T  F  14. The data integrity service inserts bits into gaps in a data stream to
frustrate traffic analysis attempts.
T  F  15. Symmetric encryption is used to conceal the contents of blocks or
streams of data of any size, including messages, files, encryption
keys, and passwords.
MULTIPLE CHOICE
1. __________ is the most common method used to conceal small blocks of data,
such as encryption keys and hash function values, which are used in digital
signatures.
A) Symmetric encryption B) Data integrity algorithms
C) Asymmetric encryption D) Authentication protocols
2. A common technique for masking contents of messages or other information
traffic so that opponents can not extract the information from the message is
__________ .
A) integrity B) encryption
C) analysis D) masquerade
3. __________ involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
A) Disruption B) Replay
C) Service denial D) Masquerade
4. _________ refers to the use of multiple, overlapping protection approaches
addressing the people, technology, and operational aspects of information
systems.
Cryptography and Network Security: Principles and Practice, 7 th Edition, by William
Stallings

A) Layering B) Modularity
C) Encapsulation  D) Open design
5. A loss of __________ is the unauthorized disclosure of information.
A) authenticity B) confidentiality
C) reliability D) integrity
6. Verifying that users are who they say they are and that each input arriving at
the system came from a trusted source is _________ .
A) authenticity B) credibility
C) accountability D) integrity
7. A _________ level breach of security could cause a significant degradation in
mission capability to an extent and duration that the organization is able to
perform its primary functions, but the effectiveness of the functions is
significantly reduced.
A) catastrophic B) moderate
C) low D) high
8. A __________ is any action that compromises the security of information owned
by an organization.
A) security attack B) security service
C) security alert D) security mechanism
9. A __________ takes place when one entity pretends to be a different entity.
A) replay B) masquerade
Cryptography and Network Security: Principles and Practice, 7 th Edition, by William
Stallings

C) service denial D) passive attack