Chapter 3 ■ Security Architecture and Engineering (Domain 3) 67
- Tom is a cryptanalyst and is working on breaking a cryptographic algorithm’s secret key.
He has a copy of an intercepted message that is encrypted, and he also has a copy of the
decrypted version of that message. He wants to use both the encrypted message and its
decrypted plaintext to retrieve the secret key for use in decrypting other messages. What
type of attack is Tom engaging in?
A. Chosen ciphertext
B. Chosen plaintext
C. Known plaintext
D. Brute force - A hacker recently violated the integrity of data in James’s company by modifying a file
using a precise timing attack. The attacker waited until James verified the integrity of a
file’s contents using a hash value and then modified the file between the time that James
verified the integrity and read the contents of the file. What type of attack took place?
A. Social engineering
B. TOCTOU
C. Data diddling
D. Parameter checking - What standard governs the creation and validation of digital certificates for use in a public
key infrastructure?
A. X.509
B. TLS
C. SSL
D. 802.1x - What is the minimum fence height that makes a fence difficult to climb easily, deterring
most intruders?
A. 3 feet
B. 4 feet
C. 5 feet
D. 6 feet
6 7. Johnson Widgets strictly limits access to total sales volume information, classifying it as a
competitive secret. However, shipping clerks have unrestricted access to order records to
facilitate transaction completion. A shipping clerk recently pulled all of the individual sales
records for a quarter and totaled them up to determine the total sales volume. What type
of attack occurred?
A. Social engineering
B. Inference
C. Aggregation
D. Data diddling