CÂU HỎI LÝ THUYẾT TACN

Từ viết tắt

WAF = Web Application Firewall

MULTICS = Multiplexed Information & Computing Service

IPS = Intrusion Prevention System

MIT = Massachusetts Institute of Technology

SMTP = Simple Mail Transfer Protocol

FTP = File Transfer Protocol

DNS = Domain Name System

HTTP = HyperText Transfer Protocol

SSDLC = Secure Software Development Lifecycle

IP = Intellectual Property

NAT = Network Addresses Translation

TCP = Transmission Control Protocol

NGFW = New Generation Firewall

FWTK = Firewall ToolKit

1.Who was known as the founder of the Internet? What did he develop?

Larry Roberts known as the founder of the Internet.

He developed the project called ARPANET from its inception.

2.Why does the C.I.A. triangle model no longer adequately address the
constantly changing environment?
The threats to the confidentiality, integrity, and availability of information have
evolved into a vast collection of events, including accidental or intentional
damage, destruction, theft, unintended or unauthorized modification, or other
misuse from human or non human threats.

3.What is security? What is information security?

Security is “the quality or state of being secure to be free from danger.”

Information security is the protection of information and its critical elements,

including the systems and hardware that use, store, and transmit that
information

4.How many fundamental characteristics does information have? What are

they? fundamental (cơ bản) thì nêu 3 cái thôi, khi nào nó ghi critical (quan
trọng - câu 9) thì mới nêu tất cả 7 cái

Information has 3 fundamental characteristics: confidentiality, integrity and

availability.

5.What is attack? What types of attack are mentioned in the passages?

Attack: An intentional or unintentional act that can cause damage to or

otherwise compromise information and/or the systems that support it.

Tấn công là hành động gây hại hoặc làm hỏng thông tin hoặc/ và cái hệ thống ỗ
trợ thông tin đấy. (tức là nó gây hại cho cả thông tin và hệ thống hoặc chỉ gây
hại lên 1 trong 2 thôi)

Attacks can be active or passive, intentional or unintentional, and direct or

indirect.

6.What is vulnerability? Give some examples of vulnerabilities.

Vulnerability: A weakness or fault in a system or protection mechanism that

opens it to attack or damage.

Some examples of vulnerabilities are a flaw in a software package, an

unprotected system port, and an unlocked door.

7. When is information authentic? Give example about the authenticity of

information can be compromised.
When it is in the same state in which it was created, placed, stored, or
transferred.

Consider for a moment some common assumptions about e-mail. When you
receive e-mail, you assume you know the origin of it. This is not always the
case. E-mail spoofing is a problem for many people today. Spoofing the
sender’s address can fool e-mail recipients into thinking that messages are
legitimate traffic, thus inducing them to open e-mail they otherwise might not
have. (khó quá bỏ qua:))))
8. When is information confidentiality? What can you use to protect the
confidentiality of information?
When it is protected from disclosure or exposure to unauthorized individuals or
systems.

To protect the confidentiality of information, we can:

+ information classification
+ secure document storage
+ application of general security policies
+ education of information custodians and user

9. How many critical characteristics does information have? What are they?

There are 7 critical characteristics .

They are availability , accuracy , authenticity, confidentiality, integrity, utility,

possession.

10. What happens when an unauthorized user obtains an organization’s

procedures?

When an unauthorized user obtain an organization ‘s procedures, this poses a

threat to the integrity of the information

11. What is an information system? Why is data the main target of intentional
attacks?

An information system is the entire set of software, hardware, data, people,

procedures, and networks.

Because data is often the most valuable asset possessed by an organization.

12. Why don’t any individuals and organizations purchase software as
mandated by the owner’s license agreements?

Because most software is licensed to a particular purchaser, its use is restricted

to a single user or to a designated user in an organization

13. Which malicious code software programs that hide their true nature and
reveal their designed behavior only when activated?

They are Trojan horses. (có thể hỏi ngược lại Trojan horses là gì, thì câu trả lời
chính là câu hỏi trên này luôn)

14. Why are the software components or programs of malicious code

designed?

They are designed to damage, destroy, or deny service to the target systems.

15. Who are hackers? Which skill levels are divided among hackers?

Hackers are “people who use and create computer software to gain access to
information illegally ”. Two skill levels among hackers. The first is the expert
hacker, or elite hacker and the novice or unskilled hacker.

Câu hỏi thêm : Compare Elite hacker and novice or unskilled hacker

- The expert hacker, or elite hacker, who develops software scripts and program
exploits used by the novice or unskilled hacker.

- The expert hacker is usually a master of several programming languages,

networking protocols, and operating systems and also exhibits a mastery of the
technical environment of the chosen targeted system.

Novice and unskill hacker who originates nothing but simply steals code,
technique, and attack methods from others.

16.What is one of the most common methods of virus transmission?

It is via e-mail attachment files.

17. Why do employees mistakes represent a serious threat to the

confidentiality, integrity, and availability of data? How can physical theft be
controlled?
Because employees use data in everyday activities to conduct the organization’s
business .

They can be controlled quite easily by means of a wide variety of measures,

from locked doors to trained security personnel and the installation of alarm
systems.

Câu hỏi thêm:

Which threat is the most dangerous in the information security? Why?

One of the greatest threats to an organization’s information security is the

organization’s own employees(dong thu 4 tu cuoi len trang 41)

Because employees use data in everyday activities to conduct the organization’s

business, their mistakes represent a serious threat to the confidentiality,
integrity, and availability of data —even, relative to threats from outsiders

18. Which mistakes do employees often make when they use information
systems?

They are: Revelation of classified data, entry of erroneous data, accidental

deletion or modification of data, storage of data in unprotected areas, and failure
to protected information.

19.What is a cracking attack? When is it used?

A cracking attack is an attempt to reverse-calculate a password.

It is used when a copy of the SAM (Security Account Manager) data file can be
obtained.

20.What is a distributed denial of-service?

A distributed denial of-service is an attack in which a coordinated stream of

requests is launched against a target from many locations at the same time.

21.Why is sometimes the brute force attack called a password attack?

Since it is often used to obtain passwords to commonly used accounts.

Since ở đây dịch là bởi vì, giống Because.

22.Which attack includes the execution of viruses, worms, Trojan horses, and
active Web scripts with the intent to destroy or steal information.

It is the malicious code attack. (có thể hỏi ngược lại)

23. Why is a trap door hard to detect?

Because very often the programmer who puts it in place also makes the access
exempt from the usual audit logging features of the system.

24. Why are always the manufacturer’s default administrator account names
and passwords changed?

Because if attackers can narrow the fields of target accounts, they can devote
more time and resources to these accounts.

25.Why are many requests made that the target system becomes overloaded
and cannot respond to legitimate requests for service in a DoS attack?

Because the attacker sends a large number of connection or information requests

to a target

26. What is vulnerability?

cái Vulnerability có 2 định nghĩa (câu 6), cái nào cx được

A weakness or fault in a system or protection that opens it to attack or damage.

27.What is phishing? What is its variant?

Phishing is an attempt to gain personal or financial information from an

individual, usually by posing as a legitimate entity.

A variant is spear phishing.

Thêm câu này vì t bị hỏi: Name some techniques that Phishing attacks use?
There are 3 primary techniques: URL manipulation, phone phishing, web site
forgery.

28. How may pharming also exploit the Domain Name System?

Pharming may exploit the DNS by causing it to transform the legitimate host
name into the invalid site’s IP address.
29. What do sometimes attackers do to sway the target for social engineering?

They threaten, cajole or beg to sway the target.

30. In which attack does an attacker monitor packets from the network,
modify them, and insert them back into the network?

It is Spoofing

31.Why does pharming often use Trojans, worms, or other virus technologies
to attack the Internet browser’s address bar?

Pharming use them so that the valid URL typed by users is modified to the
address bar of the illegitimate Web site.

32. What do hackers use to engage in IP spoofing?

Hackers use a variety of techniques to obtain trusted IP addresses, and then

modify the packet headers to insert these forged addresses.

33. In Which attack can the cookie allow the designer to collect information
on how to access password-protected sites?

It is in the timing attack.

34. What is a firewall in computing? How can firewalls be categorized?

In computing, firewall is a security system that monitors and controls incoming

and outgoing network traffic based on predetermined security rules.

It can be categorized by: development era, processing mode and structure

35. What is the most important benefit of application layer filtering?

The most important benefit of application layer filtering is that it can understand
certain applications and protocols (such as File Transfer Protocol (FTP),
Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP))

nếu ko thể nhớ được cả tên thì ghi tên viết tắt thôi

36. What does a commercial-grade firewall system consist of?

A commercial-grade firewall system consists of application software that is
configured for the firewall application and run on a general-purpose computer

37. What is one of the most effective methods of improving computing security
in the SOHO setting? What method is used for protecting the residential user?

One of the most effective methods of improving computing security in the

SOHO setting is by means of a SOHO or residential-grade firewall.

It is: to install a software firewall directly on the user’s system.

38. Which approach allows the router to prescreen packets to minimize the
network traffic and load on the internal proxy? What is the protocol for
handling TCP traffic via a proxy server?

It is Screened host firewalls.

SOCKS is the protocol for handling TCP traffic via a proxy server

39. Why is NAT able to prevent external attacks from reaching internal
machines with addresses in specified ranges?

Because the internal addresses used by NAT consist of 3 different ranges.

40. How many major processing-mode categories are firewalls categorized?

What are they?

5 major processing -mode categories: packet -filtering firewalls, application

gateways, circuit gateways, MAC layer firewalls and hybrid. hybrid là cái kết
hợp cả 4 cái đã nêu.

41.What were the primary threats to security?

It is the additional processing required to manage and verify packets against the
state table.

42. Which layers of security should a successful organization have to protect

its operation?

They are: Physical security , personnel security , operations security ,

communications security , network security and information security

43. Give the definition of these terms “asset, exploit and exposure”.
Asset: the organization resource that is being protected.

Exploit: a technique used to compromise a system

Exposure: a condition or state of being exposed.

44. What is threat? Give an example of threat.

Threat is a category of objects, persons, or other entities that presents a danger

to an asset.

45. How can Email spoofing be defined? Give the explanation to clarify this
act.

E-mail spoofing, the act of sending an e-mail message with a modified field, is a
problem for many people today, because often the modified field is the address
of the originator.

Spoofing the sender’s address can fool e-mail recipients into thinking that
messages are legitimate traffic, so make them open e-mail they otherwise might
not have. Spoofing can also change data being transmitted across a network, as
in the case of UDP packet spoofing, which can enable the attacker to get access
to data stored on computing systems.

46. How can you protect the confidentiality of information?

To protect the confidentiality of information, you can use a number of measures,

including the following:

• Information classification

• Secure document storage

• Application of general security policies

• Education of information custodians and end user

47. What kind of confidentiality of information is especially high?

The value of confidentiality of information is especially high when it is personal

information about employees, customers, or patients.
48. What is the utility of information?

The utility of information is the quality or state of having value for some
purpose or user.

49. What is the possession of information?

The possession of information is the quality or state of ownership or control.

50. How can we define the procedures of an IS? What is the importance of
physically securing the IS compared with?

Procedures are written instructions for accomplishing a specific task.

Physically securing the information system is so important as educating

employees about safeguarding procedures.

51. What does a computer virus consist of? What happened when
information was transferred by diskettes from system to system?

A computer virus consists of segments of code that perform malicious actions.

The code attaches itself to an existing program and takes control of that
program’s access to the targeted computer. The virus-controlled target program
then carries out the virus’s plan by replicating itself into additional targeted
systems.

52. Name some common types of information virrues that you have learnt.
Give their definition.

Trojan horse: hide their true nature and reveal their designed behavior only
when activated.

Worms: a malicious program that replicates itself constantly, without requiring

another program environment

Trap door: A virus or worm can have a payload that installs a back door or trap
door component in a system, which allows the attacker to access the system at
will with special privileges

53. What will happen if a information system is threatened by worms?

Once the worm has infected a computer, it can redistribute itself to all e-mail
addresses found on the infected system.

54.List two threats in the information area that you have learnt and explain
how do they act?

- Forces of Nature: they usually occur with very little warning and are
beyond the control of people. These threats, which include events such as
fires, floods, earthquakes, lightning, volcanic eruptions and insect
infestations, can disrupt not only the lives of individuals but also the
storage, transmission, and use of information.
- Polymorphic Threat: overtime changes the way it appears to antivirus
software programs, making it undetectable by techniques that look for
preconfigured signatures.

55.What is an attack? Is threat different from attack? Give explanation.

An attack is an act that takes advantage of a vulnerability to compromise a

controlled system. Yes, threat, which are always present, is different from attack
- only exists when a specific act may cause a loss.

56.What is the definition of the hoaxes?

A devious attack on computer systems is the transmission of a virus hoax with a

real virus attached.

57. What is a different method to assure information integrity?

Another method of assuring information integrity is file hashing, in which a file

is read by a special algorithm that uses the value of the bits in the file to
compute a hash value (ko nhớ được thì nhớ vế đầu thôi)

58. Which attacks in information system are the most difficult to defend
against?

DDoS attacks are the most difficult to defend against,

59. What is spam? What are its consequences? Give some solutions to deal
with it.
Spam is unsolicited commercial e-mail.

The most significant consequence of spam is the waste of computer and human
resources.

Solutions: Many organizations attempt to cope with the flood of spam by using
e-mail filtering technologies. Other organizations simply tell the users of the
mail system to delete unwanted messages.

60.Which attack is considered as a favorite weapon in the hacker’s arsenal?

It is sniffer.

61.What is cryptography? What is it used for? Where does cryptography

derive from and what does it mean?

Cryptography is the study of mathematical techniques related to aspects of

information security such as confidentiality, data integrity, entity authentication,
and data origin authentication to encrypt or decrypt information.

The word “cryptography” is derived from the Greek words kryptos, meaning
hidden, and graphien, meaning to write.

62. What is encryption? What is decryption?

The process of making the information unreadable is called encryption or

enciphering.

Reversing this process and retrieving the original readable information is called
decryption or deciphering.

63. How many goals does cryptography have? What are they? Let’s describe
one of these goals.

There are 4 goals:

- Confidentiality: a service to keep the content of information from all but

those authorized to have it.
- Data integrity: a service which address unauthorized alteration of data.
- Authentication: a service related to identification and it is subdivided into
2 major classes: entity & data origin authentication.
 - Non-repudiation: a service which prevents an entity from denying
previous actions or commiments.

64. When was cryptography changed from dark art into a science based on
mathematics? Who changed it? Which algorithms are the most widely used in
the world among crypto algorithms?

In 1861 - 1865.

Auguste Kerckhoff changed it.

RSA algorithms is the most widely used in the world among crypto algorithms.

65. What did Whitefield Diffie and Martin Hellman introduce? What is one of
the most significant contributions provided by public-key cryptography?

Diffie and Martin Hellman introduced the idea of public-key cryptography of

which algorithms are based on the computational complexity problem.

One of the most significant contributions provided by public-key cryptography

is the digital signature.

66. What is IPS? What can it do? What is an intrusion detection system?

IPS is Intrusion Prevention System.

It can detect an intrusion and also prevent that intrusion from successfully
attacking the organization by means of an active response.

An intrusion detection system is a device or software application that monitors

a network or systems for malicious activity or policy violations.

67. How does an IDS work? How many reasons does an IDPS need
installing?

An IDS works like a burglar alarm in that it detects a violation and activates an
alarm.

There are 5 reasons to install an IDPS:

- server as deterrents by increasing the fear off detection among would-be

attackers.
- cover the organization when its network cant protect itself.
 - help administrators detect the preambles to attack.
- threat documentation
- provide information about how the attacks occurred

68. Give some descriptions of an IDS.

An IDS works like a burglar alarm in that it detects a violation (some system
activity analogous to an opened or broken window) and activates an alarm
which can be audible and visual, silent.

69. What is the difference between on-line NIDS and off-line NIDS?

On-line NIDS deals with the network in real time. It analyses the Ethernet
packets and applies some rules, to decide if it is an attack or not, while off-line
NIDS deals with stored data and passes it through some processes to decide if it
is an attack or not.

70. What is a host-based intrusion detection system? What is a host-based IDS

capable of doing?

A host-based intrusion detection system is an intrusion detection system that is

capable of monitoring and analyzing the internals of a computing system as well
as the network packets on its network interfaces.

A host-based IDS capable of monitoring all or parts of the dynamic behavior

and the state of a computer system, based on how it is configured.

71. What can happen if intruders succeed in modifying any of the objects the
HIDS monitors?

Nothing can stop such intruders from modifying the HIDS itself – unless
security administrators take appropriate precautions.

72. What does a signature-based IDPS examine? What are the weaknesses of
the signature-based approach? What is the solution to the weaknesses of the
signature-based approach?

A signature-based IDPS examines network traffic in search of patterns that

match known signatures—that is, preconfigured, predetermined attack patterns.

Disadvantage:
 + new attack strategies must continually be added into the IDPS’s database
of signatures.
+ a slow, methodical attack might escape detection if the relevant IDPS
attack signature has a shorter time frame.

Solutions: collect and analyze data over longer periods of time.

73. What are the advantages and disadvantages of the statistical

anomaly-based approach?

The advantage of the statistical anomaly-based approach is that the IDPS can
detect new types of attacks, since it looks for abnormal activity of any type.

Disadvantage:

+ may not detect minor changes to system variables and may generate many
false positives.

+ require much more overhead and processing capacity.

74. What does a honeypot system contain? What are honeypots? What are
they designed for?

A honeypot system contains pseudo-services that emulate well-known services,

but is configured in ways that make it look vulnerable to attacks.

Honeypots are decoy systems designed to lure potential attackers away from
critical systems.

Câu hỏi thêm: What are Honeynets, and padded Cell Systerms?

When a collection of honeypots connects several honeypot systems on a subnet,

it may be called a honeynet.

A padded cell is a honeypot that has been protected so that that it cannot be
easily compromised—in other words, a hardened honeypot.

75. List 3 advantages and 3 disadvantages of using the honeypot or padded

cell approach.

3 advantages of using the honeypot:

- Attackers can be diverted to targets that they cannot damage.

- Administrators have time to decide how to respond to an attacker

- Honeypots may be effective at catching insiders who are snooping around a

network.

3 disadvantages of using the honeypot:

- The legal implications of using such devices are not well understood.

- Honeypots and padded cells have not yet been shown to be generally useful
security technologies.

- Administrators and security managers need a high level of expertise to use

these systems

76. What is the software? Which software do you know?

The software component of the IS comprises applications, operating systems,

and assorted command utilities. (dong 1 trang 23)

Example: Facebook; Zing MP3, Telegram,…

77. What is the hardware? List some hardware components you know?

Hardware is the physical technology that houses and executes the software,
stores and transports the data, and provides interfaces for the entry and removal
of information from the system.(dong 17 trang 23)

Example: CPU, Ram, Network Card, Hard Drive,…

78. What is a theft? Which type of theft in the information security do you
know?

The threat of theft—the illegal taking of another’s property, which can be

physical, electronic, or intellectual—is a constant(dong 11 trang 43)

There are two type of theft in the information security: physical theft, electronic
theft.

79. What attack in the information security do you know?

(do you know là hỏi ý hiểu của mình, còn khi nào hỏi have you learnt thì là lấy
trong bài)
SQL Injection, Weak Audit, Database protocol vulnerabilities, Weak
authentication, excessive privileges, …

80. What common architectural implementations do you know?

It is Packet-filtering router: Many of these routers can be configured to reject

packets that the organization does not want to allow into the network. This is a
simple but effective way to lower the organization’s risk from external attack.
The drawbacks to this type of system include a lack of auditing and strong
authentication.

81. What firewall processing modes do you know? Give some information to
support your answers?

The packet-filtering firewall, also simply called a filtering firewall, and it can:

- examine the header information of data packets that come into a network.
- scan network data packets looking for compliance with or violation of the
rules of the firewall’s database.
- inspect packets at the network layer, or Layer 3 of OSI model. If the
device finds a packet that matches a restriction, it stops the packet from
traveling from one network to another.

83. What does IDPS stand for? What do you know about IDPS? What is
IDPS used for?

IDPS stands for intrusion detection and prevention system

IDPS: the combined term intrusion detection(IDS) and prevention system(IPS)

is generally use to describe current anti –intrusion technologies (IPS+IPS)

According to the NIST documentation on industry best practices, there

are several compelling reasons to acquire and use an IDPS:

- To prevent problem behaviors by increasing the perceived

risk of discovery and punishment for those who would
attack or otherwise abuse the system
- To detect attacks and other security violations that are not
prevented by other security measures
 - To detect and deal with the preambles to attacks
- To document the existing threat to an organization
- To act as quality control for security design and
administration.
- To provide useful information about intrusions that do take
place, allowing improved diagnosis, recovery, and
correction of causative factors

84. How many IDPS methods do you know? What are they? State your
understanding about the signature- based approach, the statistical-anomaly
approach, and the stateful packet inspection approach.

Three methods:

- A signature-based IDPS (sometimes called a knowledge-based IDPS or a

misusedetection IDPS) examines network traffic in search of patterns that
match known signatures—that is, preconfigured, predetermined attack
patterns
- The statistical anomaly-based IDPS (stat IDPS) or behavior-based IDPS
collects statistical summaries by observing traffic that is known to be
normal
- Stateful protocol analysis (SPA) is a process of comparing
predetermined profiles of generally accepted definitions of
benign activity for each protocol state against observed events to
identify deviations.
85. Give your understandings about NIDP and HIDS?

Network intrusion detection systems (NIDS) are placed at a strategic point or

points within the network to monitor traffic to and from all devices on the
network

A host-based intrusion detection system (HIDS) is an intrusion detection

system that is capable of monitoring and analyzing the internals of a computing
system as well as the network packets on its network interfaces, similar to the
way a network-based intrusion detection system (NIDS) operates
86. How many parties do you think normally participate in a two -way
communication? Who are they?

There are four parties:

● An entity or a party is someone or something which sends,

receives, or manipulates information. An entity may be a person,
a computer terminal, etc.
● A sender is an entity in a two-party communication which is the
legitimate transmitter of information.
● A receiver is an entity in a two-party communication which is the
intended recipient of information.
● An adversary is an entity in a two-party communication which is
neither the sender nor receiver, and which tries to defeat the
information security service being provided between the sender
and receiver

87. What does the phrase hash function mean? What is it?

Hash functions are mathematical algorithms that generate a message summary

or digest (sometimes called a fingerprint) to confirm the identity of a specific
message and to confirm that there have not been any changes to the content

88. What hash functions do you know?

SHA-1, SHA -384, MD4, SHA -256,

89. Why are hash functions widely used in e-commerce?

Because hash functions confirm message identity and integrity, both of which
are critical functions in e-commerce.

90. What do you know about symmetric encryption?

Encryption methodologies that require the same secret key to encipher and
decipher the message are using what is called private key encryption or
symmetric encryption.
Symmetric encryption methods use mathematical operations that can be
programmed into extremely fast computing algorithms so that the encryption
and decryption processes are executed quickly by even small computers

The primary challenge of symmetric key encryption is getting the key to the
receiver, a process that must be conducted out of band to avoid interception.

91. What is asymmetric encryption? What do you know about it?

Asymmetric encryption uses two different but related keys, and either key can
be used to encrypt or decrypt the message

92. What is PKI? What is it used for?

Public-key Infrastructure (PKI) is an integrated system of software, encryption

methodologies, protocols, legal agreements, and third-party services that
enables users to communicate securely.

93. What components are integrated for a typical solution PKI to protect the
transmission and reception of secure information?

A typical PKI solution protects the transmission and reception of secure

information by integrating the following components: A certificate
authority (CA), a registration authority (RA), Certificate directories,
Management protocols, Policies and procedures.

94. What types of attacks cryptography do you know? State your

understanding about it.

A man-in-the-middle attack attempts to intercept a public key or even

to insert a known key structure in place of the requested public key.
In a dictionary attack, the attacker encrypts every word in a dictionary
using the same cryptosystem as used by the target in an attempt to
locate a match between the target ciphertext and the list of encrypted
words
In a timing attack, the attacker eavesdrops on the victim’s session and uses
statistical analysis of patterns and inter-keystroke timings to discern sensitive
session information. Having broken an encryption, the attacker may launch a
replay attack, which is an attempt to resubmit a recording of the deciphered
authentication to gain entry into a secure source

95. Who is the Father of Western cryptography? What did he invent?

Leon Battista Alberti, the Father of Western cryptography, he invented a device

based on two concentric disc that simplified the use of Caesar ciphers.

96. When was cryptography changed from dark art into a science based on

mathematics? Who changed it?\

In 1861-1865, Auguste Kerchoff changed cryptography from dark art into a

science based on mathematics.

97. Who was the father of Information Theory?

Claude Elwood Shannon

98. What device was developed and used in the early- to mid-20th century to

protect commercial, diplomatic and military communication?

Enigma

99. Who invented Enigma machine and when was it invented?

Dr. Arthur Scherbius,  in the early- to mid-20th century

100. Who introduced the idea of public-key cryptography? What are its

algorithms based on? the computational complexity problem. (cái ý này chắc
hỏi nhầm, câu hỏi của nó sẽ là what are its algorithms based on, đáp án là the
computational complexity problem)

They are Whitefield Diffie and Martin Hellman.

It based on the computational complexity problem.

101. What device was developed by the Spartans of Greece? When was it

developed?

The Spartans of Greece developed the scytale in 487 B.C.

102. What did Leon Battista Alberti invent?

He invented a device based on two concentric discs that simplified the use of
Caesar ciphers.

103. Which algorithms are the most widely used in the world among crypto

algorithms?

The Diffie-Hellman and RSA.

104. Who developed the multiple frequency analysis techniques?

Charles Babbage developed the multiple frequency analysis techniques.

105. Who invented one-time pad encryption for Telex Traffic?

Gilbert S.Vernam

106. What cipher did Julius Caesar use to secure military and government
communications?

Monoalphabetic substitution cipher and a simple substitution cipher.

107. What is one of the most significant contributions provided by public-key

cryptography?

The digital signature.

108. Who broke Japan’s Purple’s ciphers?

William Friedman.