Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-Cybersecurity Bootcamp Study Aid > 10.3 Applied Cryptography and Attacks > Flashcards

10.3 Applied Cryptography and Attacks Flashcards

1
Q

Encryption can be used to secure portable devices like laptops and cell phones. Most current operating systems use _______ to prevent unauthorized parties from viewing the data on the machine.

A

disk encryption

Encryption can be used to secure portable devices like laptops and cell phones. Most current operating systems use disk encryption to prevent unauthorized parties from viewing the data on the machine.

Microsoft Windows uses a symmetric disk encryption program called BitLocker.

Macs use a symmetric disk encryption program called FileVault.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

True or False

Emails are natively encrypted. They are sent and received in plaintext.

A

False

Emails are NOT natively encrypted. They are sent and received in plaintext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Programs like _____ and _____ can apply
public key cryptography to provide email
confidentiality and use digital signatures
to ensure authenticity and integrity.

A

Programs like S/MIME and PGP can apply public key cryptography to provide email confidentiality and use digital signatures
to ensure authenticity and integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

___________ is a protocol

designed to encrypt web traffic.

A

Secure Socket Layer (SSL) is a protocol
designed to encrypt web traffic.

○ HTTPS actually stands HTTP over SSL.

These certificates use public key cryptography to establish a secure connection between the browser and the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A _________ is a cybersecurity professional who captures and investigates digital evidence from computers, cell phones, and other devices containing digital data.

A

A forensic examiner is a cybersecurity professional who captures and investigates digital evidence from computers, cell phones, and other devices containing digital data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

True or False

Forensic examiners make a hash of
a device when it is initially collected
for investigation.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

_________ is the cryptographic technique of placing hidden messages
within files, images, or videos.

A

Steganography is the cryptographic technique of placing hidden messages within files, images, or videos.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

_________ are small data files that use public key

cryptography to secure connections between the browser and the web server.

A

SSL certificates are small data files that use public key cryptography to secure connections between the browser and the web server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

To get an SSL, an organization must first reach out to a ___________ , an organization responsible for issuing SSL certificates.

A

To get an SSL, an organization must first reach out to a certificate authority (CA), an organization responsible for issuing SSL certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What information does a CA need to get a SSL certificate?

A
  • Company documents
  • A unique IP address
  • A certificate signing request (CSR), a block of encrypted data that is created on the web server where the SSL certificate will eventually be installed.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When generating the CSR, a _______ and _______ pair are created.

A

When generating the CSR, a private and public key pair are created.

  • Only the public key is sent to the CA.
  • The private key remains hidden on the webserver.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SSL certificates validate authenticity using a _______.

A

SSL certificates validate authenticity using a chain of trust.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Browsers have a pre-established list of trusted CAs, called a _________.

A

Browsers have a pre-established list of trusted CAs, called a ________.

Root certificate authorities are a list of CAs trusted by your browser. They’re at the top of the trust chain and are typically not the organizations that issue SSL certificates.

Intermediate certificate authorities usually issue certificates and report up to a root certificate authority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Explain the process of an SSL certificate

A
  1. When we access a secure website, the browser asks the web server for certificate details.
  2. The server responds with a copy of the SSL certificate and the public key.
  3. The browser validates the certificate by checking the expiration date and root CA.
  4. The browser uses the server’s public key to create, encrypt, and send a session key.
  5. The server decrypts the key, sends an acknowledgement, and starts an encrypted session.
  6. Secure web traffic begins. Server and browser encrypt/decrypt data with the session key.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does SSL stand for?

A

Secure Socket Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What’s the difference between SSL and TLS?

A

SSL refers to Secure Sockets Layer whereas TLS refers to Transport Layer Security. Basically, they are one and the same, but, entirely different.

How similar both are? SSL and TLS are cryptographic protocols that authenticate data transfer between servers, systems, applications and users. For example, a cryptographic protocol encrypts the data that is exchanged between a web server and a user.

17
Q

A _____________ exploits weakness in cryptographic algorithms by attempting to determine if the “random” values produced are actually predictable.

A

A statistical attack exploits weakness in cryptographic algorithms by attempting to determine if the “random” values produced are actually predictable.

18
Q

Give some examples of a cryptographic attacks

A
  1. Predictable token-generation
  2. Brute force attacks
  3. Birthday attack (Also known as collision and hashing collision.)
  4. Frequency Analysis
  5. Replay attacks
19
Q

What are rainbow tables?

A

Rainbow tables are resources that contain precomputed hashes with the associated plaintext passwords.

  • Some rainbow tables are extremely large.
  • They can take up a lot of storage space and CPU to use effectively.
20
Q

We can defend against rainbow tables by _________, a cryptographic method of combining salt (a random value) with the plaintext into the hash function.

A

We can defend against rainbow tables by salting, a cryptographic method of combining salt (a random value) with the plaintext into the hash function.

21
Q

_______ is a command-line tool that can automate the cracking of hashes.

A

Hashcat is a command-line tool that can automate the cracking of hashes.

22
Q

Hashcat uses ______, ______ and ______methods to figure out plaintext passwords from hashes.

A

Hashcat uses dictionary wordlists, rainbow tables, and brute force methods to figure out plaintext passwords from hashes.

ag-Cybersecurity Bootcamp Study Aid (55 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions