Chapter 52 Β· Quiz

Cryptographic Attacks Quiz

6 multiple-choice questions + 1 matching section. Select your answers, then click Submit.

Question 1 of 6
Which statement best describes why birthday attacks are effective against hash functions with small output sizes?
Question 2 of 6
A security team discovers their document-signing system uses MD5. What is the most accurate statement about the risk?
Question 3 of 6
A victim at a coffee shop visits a bank website and submits login credentials. An on-path attacker captures the credentials in plaintext, yet the victim sees no browser warning and the server logs show a clean authenticated HTTPS session. Which attack is described?
Question 4 of 6
What does POODLE stand for, and what are its two required phases?
Question 5 of 6
Why does HSTS prevent SSL stripping when a simple HTTP-to-HTTPS 301 redirect does not?
Question 6 of 6
A security architect disables SSL 3.0, TLS 1.0, and TLS 1.1 on a web server. Which attack does this configuration change directly prevent, and why?

Matching β€” Attack to Definition

Match each term on the left to its correct definition on the right.

1. Birthday Attack
2. SSL Stripping
3. POODLE
4. MD5
A. Forces TLS negotiation to SSL 3.0 by injecting errors into successive handshake attempts until the client falls back to the legacy protocol
B. A 128-bit hash algorithm published in 1992; practical collisions demonstrated in 2004; used to forge a CA-signed certificate in December 2008
C. A search strategy that finds any two inputs producing the same hash digest in approximately √N operations for a hash with N possible outputs
D. An on-path attack that intercepts a server's HTTP-to-HTTPS redirect, keeping the victim on plaintext HTTP while the attacker maintains an HTTPS session with the server