$10-$True$/$False:

a$)$ A public$-$key certificate scheme alone does not provide the necessary security to authenticale the public key.

b$)$ Master keys can be distributed in some noncryptographic way such as physical delivery.

c$)$ The distribution of session keys delays the start of any exchange and places a burden on network capacity.

d$)$ Because certificates are forgeable they cannot be placed in a directory without the need for the directory to make special efforts to protect them.

e$)$ Manual delivery of a key is not reasonable for link encryption

f$)$ User authentication is the basis for most types of access control and for user accountability.

g$)$ There are a variety of problems including dealing with false positives and false negatives, user acceptance, cost, and convenience with respect to biometric authenticators.

h$)$ Any timestamp based procedure must allow for a window of time sufficiently large enough to accommodate network delays yet sufficiently small to minimize the opportunity for attack.

i$)$ The operating system cannot enforce access$-$control policies based on user identity.

j$)$ The clocks among the various participants are not required to be synchronized when using the timestamp approach.

k$)$ For many clients, the most devastating impact from a security breach is the loss or leakage of data.

The cloud provider in a public cloud infrastructure is responsible for both the infrastructure and the control.

m$)$ A cloud broker is useful when cloud services are too complex for a cloud consumer to easily manage.

n$)$ In effect, SaaS is an operating system in the cloud.

o$)$ Hackers and malicious software can exploit system vulnerabilities across a shared cloud environment.

$(15$ pts$)$