1. What is computer security primarily concerned with?

A) Protecting hardware only

B) Protecting software only

C) Protecting assets of a computer system

D) Protecting internet speed

2. Network security focuses on protecting:

A) Data during transmission

B) Hardware components

C) Software applications

D) Physical access points

3. The ITU-T Recommendation X.800 describes network security aspects including:

A) Security management

B) Security service

C) Security cost

D) Security support

4. Which of the following is a passive attack?

A) Message modification

B) Denial of service

C) Eavesdropping

D) Message creation

5. A characteristic of passive attacks is that they are:

A) Easy to detect

B) Difficult to detect

C) Always preventable

D) Legal under some laws

6. An example of an active attack is:

A) Eavesdropping

B) Network scanning

C) Message replay

D) Encryption

7. Which of these is NOT a category of active attacks?

A) Modification of messages

B) Replay attacks

C) Data origin authentication

D) Masquerade

8. Data confidentiality aims to:

A) Prevent unauthorized disclosure of data

B) Ensure data modification

C) Enable data replication

D) Control data access timing

9. The primary goal of data integrity is to:

A) Detect non-integrity of data

B) Authorize data changes

C) Confirm data availability

D) Encrypt data

10. Entity authentication ensures that:

A) Data is received correctly

B) The identity of a party is as claimed

C) Messages are encrypted

D) Data is checked for integrity

11. Non-repudiation prevents:

A) Denial of sending or receiving a message

B) Unauthorized data access

C) Replay attacks

D) Data encryption

12. Which mechanism aims to prevent unauthorized use of a resource?

A) Availability

B) Access control

C) Integrity checks

D) Data confidentiality

13. The security goal of availability ensures that systems are:

A) Used by anyone freely

B) Accessible to legitimate users when needed

C) Constantly online without breaks

D) Prone to passive attacks

14. Symmetric-key encryption involves:

A) Public-key infrastructure

B) The same key for encryption and decryption

C) Multiple public keys for data transfer

D) Only digital signatures

15. In public-key encryption, the encryption and decryption keys are:

A) Identical

B) Public only

C) Different

D) Used interchangeably
16. A hash function in network security is used to:

A) Encrypt data

B) Authenticate entities

C) Produce a fixed-size string from data

D) Manage network traffic

17. Digital signatures help in achieving:

A) Data confidentiality only

B) Non-repudiation and authentication

C) Data replication

D) Message encoding

18. Message authentication codes (MACs) are primarily used for:

A) Entity authentication

B) Message integrity and authenticity

C) Access control

D) Data encryption

19. An example of an entity authentication protocol is:

A) Denial of service prevention

B) IP blocking

C) Password verification

D) Data encryption

20. To detect and recover from active attacks, a common defense mechanism includes:

A) Encryption only

B) Detection and response protocols

C) Avoiding internet use

D) Using passive monitoring techniques

21. What is the objective of cryptanalysis?

A) To hide plaintext

B) To recover plaintext or the secret key

C) To create new ciphers

D) To encrypt data

22. According to Kerkhoff's principle, what is known by the adversary?

A) Only the ciphertext

B) Only the encryption algorithm

C) Everything except the secret key

D) The plaintext and key

23. What is the brute-force attack method?

A) Guessing the plaintext directly

B) Trying every possible key to decrypt ciphertext

C) Using statistical analysis to decrypt

D) None of the above

24. In a brute-force attack, how much of the key space needs to be tried on average?

A) All possible keys

B) Half of all possible keys

C) Only a quarter of the keys

D) Just one key

25. Which key size would take the longest time to break at 1 decryption per microsecond?

A) 32 bits

B) 56 bits

C) 128 bits

D) 168 bits
Ahmed Al-Mamouri
26. Which attack type only has access to the ciphertext?

A) Ciphertext-only attack

B) Known-plaintext attack

C) Chosen-plaintext attack

D) Chosen-ciphertext attack

27. What is a known-plaintext attack?

A) Attacker has only the ciphertext

B) Attacker has pairs of plaintext and ciphertext

C) Attacker has plaintext messages of their choice

D) None of the above

28. In a chosen-plaintext attack, what advantage does the attacker have?

A) Choosing the key

B) Access to ciphertext only

C) Ability to select plaintexts to be encrypted

D) Deciphering without the key

29. What did US cryptanalysts prove by sending a plain message about low water supply in Midway?

A) They cracked the Japanese code

B) They located the Japanese fleet

C) 'AF' referred to Midway Island

D) They intercepted all Japanese messages

30. What type of cipher replaces each element of plaintext with another element?

A) Transposition cipher

B) Substitution cipher

C) Product cipher

D) Ciphertext-only cipher
31. What is diffusion in terms of cipher properties?

A) Hiding the relationship between plaintext and key

B) Rearranging the plaintext elements

C) Hiding statistical relationships between ciphertext and plaintext

D) Encrypting using substitution boxes

32. Who introduced the concepts of confusion and diffusion in cryptography?

A) Claude Shannon

B) Kerkhoff

C) Alan Turing

D) Albert Einstein

33. Which of the following ciphers uses both substitutions and transpositions?

A) Substitution cipher

B) Transposition cipher

C) Product cipher

D) None of the above

34. In a chosen-ciphertext attack, the attacker has control over:

A) Choosing plaintexts to decrypt

B) Choosing ciphertexts to decrypt

C) Choosing the encryption key

D) No control over plaintext or ciphertext

35. Which cipher property hides the relationship between ciphertext and key?

A) Diffusion

B) Transposition

C) Substitution

D) Confusion
36. What is the primary purpose of encryption?

A) To store data

B) To convert plaintext into ciphertext

C) To delete data securely

D) To make data larger in size

37. What is plaintext?

A) The original message to be encrypted

B) The key used in encryption

C) The algorithm for decryption

D) The encrypted message

38. In a symmetric cipher model, what is used for both encryption and decryption?

A) Different keys for encryption and decryption

B) The same key for encryption and decryption

C) No key at all

D) A public and private key pair

39. What is a block cipher?

A) A cipher that encrypts data one bit at a time

B) A cipher that encrypts data in blocks (e.g., 64 or 128 bits)

C) A cipher that uses a different key for each bit of data

D) A cipher without keys

40. Which of the following statements is true about asymmetric encryption?

A) It uses the same key for encryption and decryption

B) It uses different keys for encryption and decryption

C) It is not used for data encryption

D) It is the only type of cipher

41. In symmetric encryption, what does 'K' represent in the formula?

A) The ciphertext

B) The plaintext

C) The secret key

D) The encryption algorithm

42. What is cryptanalysis?

A) The science of creating cryptographic algorithms

B) The science of breaking or analyzing cryptographic systems

C) The study of symmetric encryption only

D) The development of new encryption keys

43. Which term describes a set of all possible keys?

A) Cipher block

B) Key stream

C) Key space

D) Plaintext space

44. In cryptographic communication, who are Alice and Bob?

A) Programmers creating encryption algorithms

B) Two characters used to demonstrate secure communication over an insecure channel

C) Attackers trying to break encryption

D) Devices used in encryption processes

45. What is the term for a process that converts ciphertext back into plaintext?

A) Encryption

B) Deciphering or decryption

C) Cryptanalysis

D) Encoding
46. An example of an active attack is:

A) Eavesdropping

B) Network scanning

C) Message replay

D) Encryption

47. Which mechanism aims to prevent unauthorized use of a resource?

A) Availability

B) Access control

C) Integrity checks

D) Data confidentiality

48. The security goal of availability ensures that systems are:

A) Used by anyone freely

B) Accessible to legitimate users when needed

C) Constantly online without breaks

D) Prone to passive attacks

49. Symmetric-key encryption involves:

A) Public-key infrastructure

B) The same key for encryption and decryption

C) Multiple public keys for data transfer

D) Only digital signatures

50. Digital signatures help in achieving:

A) Data confidentiality only

B) Non-repudiation and authentication

C) Data replication

D) Message encoding
Ahmed Al-Mamouri