1100 Flashcards
A symmetric cipher that was designed to replace DES.
Triple Data Encryption Standard (3DES)
A chip on the motherboard of the computer that provides cryptographic services.
Trusted Platform Module (TPM)
A later derivation of the Blowfish algorithm that is considered to be strong.
Twofish
Cryptography that can be applied to entire disks.
Whole Disk Encryption
What is data called that is to be encrypted by inputting into an encryption algorithm? A. Plaintext B. Cleartext C. Opentext D. Ciphertext
A. Plaintext
Which of the following is not a basic security protection over information that cryptography can provide? A. confidentiality B. Stop loss C. Integrity D. Authenticity
B. Stop loss
The areas of a file in which steganography can hide include all of the following except __________.
A. in data that is used to describe the content or structure of the actual data
B. in the directory structure of the file system
C. in the file header fields that describe the file
D. in areas that contain the content data itself
B. in the directory structure of the file system
Proving that a user sent an e-mail message is known as ______. A. repudiation B. integrity C. nonrepudiation D. availability
C. nonrepudiation
Symmetric cryptographic algorithms are also called _________. A. private key cryptographyB. cipherkey cryptographyC. public/private key cryptographyD. public key cryptography
A. private key cryptography
A(n) __________ is not decrypted - but is only used for comparison purposes. A. stream B. hash C. algorithm D. key
B. hash
Each of the following is a characteristic of a secure hash algorithm except ____________. A. collisions should be rareB. the results of a hash function should not be reversedC. the hash should always be the same fixed sizeD. a message cannot be produced from a predefined has A. collisions should be rare B. the results of a hash function should not be reversed C. the hash should always be the same fixed size D. a message cannot be produced from a predefined has
A. collisions should be rare
A(n) __________ is not decrypted - but is only used for comparison purposes. A. stream B. hash C. algorithm D. key
B. encrypting and decrypting e-mail attachments
___________ encrypts a hash with a shared secret key. A. Key_hashB. WEPC. MDRIPED. Hashed Message Authentication Code (HMAC) A. Key_hash B. WEP C. MDRIPE D. Hashed Message Authentication Code (HMAC)
D. Hashed Message Authentication Code (HMAC)
Which of the following is a protection provided by hashing? A. AuthenticityB. ConfidentialityC. IntegrityD. Availability A. Authenticity B. Confidentiality C. Integrity D. Availability
C. Integrity
__________ is a hash that uses two different and independent parallel chains of computation - the results of which are then combined at the end of the process. A. DESB. AESC. RC4D. RIPEMD A. DES B. AES C. RC4 D. RIPEMD
D. RIPEMD
Which of the following is the strongest symmetric cryptographic algorithm? A. Advanced Encryption StandardB. Data Encryption StandardC. Triple Data Encryption StandardD. Rivest Cipher (RC) 1 A. Advanced Encryption Standard B. Data Encryption Standard C. Triple Data Encryption Standard D. Rivest Cipher (RC) 1
A. Advanced Encryption Standard
If Bob want to send a secure message to Alice using an asymmetric cryptographic algorithm - the key he uses to encrypt the message is __________. A. Alice’s private keyB. Alice’s public keyC. Bob’s public keyD. Bob’s private key A. Alice’s private key B. Alice’s public key C. Bob’s public key D. Bob’s private key
B. Alice’s public key
A digital signature can provide each of the following benefits except __________. A. prove the integrity of the messageB. verify the receiverC. verify the senderD. enforce nonrepudiation A. prove the integrity of the message B. verify the receiver C. verify the sender D. enforce nonrepudiation
B. verify the receiver
Which of the following asymmetric cryptographic algorithms is the most secure? A. MEC-2B. RSAC. MD-17D. SHA-2 A. MEC-2 B. RSA C. MD-17 D. SHA-2
B. RSA
Which of the following asymmetric encryption algorithms uses prime numbers? A. EFSB. Quantum computingC. ECCD. RSA A. EFS B. Quantum computing C. ECC D. RSA
D. RSA
__________ uses lattice-based cryptography and may be more resistant to quantum computing attacks. A. NTRUEncryptB. ECCC. RC4D. SHA-512 A. NTRUEncrypt B. ECC C. RC4 D. SHA-512
A. NTRUEncrypt
The Trusted Platform Module (TPM) __________. A. allows the user to boot a corrupted disk and repair it B. is only available on Windows computers running BitLocker C. includes a pseudorandom number generator (PRNG) D. provides cryptographic services in hardware instead of software
D. provides cryptographic services in hardware instead of software
Which of the following has an onboard key generator and key storage facility - accelerated symmetric and asymmetric encryption - and can back up sensitive material in encrypted form? A. Trusted Platform Module (TPM) B. Self-encrypting hard disk drives (HDDs) C. Encrypted hardware-based USB devices D. Hardware Security Module (HSM)
D. Hardware Security Module (HSM)
The Microsoft Windows LAN Manager hash ___________. A. is weaker than NTLMv2 B. is part of BitLocker C. is required to be present when using TPM D. is identical to MD-4
A. is weaker than NTLMv2
A trust model with one CA that acts as a facilitator to interconnect all other CA’s.
Bridge Trust Model
A trusted third-party agency that is responsible for issuing the digital certificates.
Certificate Authority (CA)
A publicly accessible centralized directory that contains digital certificates that can be used to view the status of a digital certificate.
Certificate Repository (CR)
A repository that lists revoked digital certificates.
Certificate Revocation List (CRL)
A technology used to associate a user’s identity to a public key - in which the user’s public key is “digitally signed” by a trusted third-party.
Digital Certificate
A type of trust model in which a relationship exists between two individuals because one person knows the other person.
Direct Trust
A trust model that has multiple CA’s that sign digital certificates.
Distributed Trust Model
A trust model that has a single hierarchy with one master CA.
Hierarchical Trust Model
A secure version of HTTP sent over SSL/TLS.
Hypertext Transport Protocol Over Secure Sockets Layer (HTTPS)
A set of protocols developed to support the secure exchange of packets.
IP Security (IPsec)
A process in which keys are managed by a third party - such as a trusted CA called the root.
Key Escrow
A highly trusted person responsible for recovering lost or damaged digital certificates.
Key Recovery Agent (KRA)
A technique to recover a private key by distributing parts to different individuals.
M-of-N Control
A framework for all of the entities involved in digital certificates for digital certificate management.
Public Key Infrastructure (PKI)
A subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.
Registration Authority (RA)
A UNIX-based command interface and protocol for securely accessing a remote computer.
Secure Shell (SSH)
A protocol developed by Netscape for securely transmitting documents over the Internet that uses a private key to encrypt data.
Secure Sockets Layer (SSL)
A trust model in which two individuals trust each other because each individually trusts a third-party.
Third-Party Trust
A protocol that is an extension of SSL and guarantees privacy and data integrity between applications.
Transport Layer Security (TLS)
The type of trusting relationship that can exists between individuals or entities.
Trust Model
The most widely accepted format for digital certificates as defined by the International Telecommunication Union (ITU).
X.509
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) ___________. A. digital signature B. encrypted signature C. hash D. digital certificate
D. digital certificate
A digital certificate associates __________. A. a private key with a digital signature B. the user’s identity with their public key C. a user’s private key with the public key D. a user’s public key with their private key
B. the user’s identity with their public key
Digital certificates can be used for each of the following except __________. A. to verify the authenticity of the Registration Authorizer B. to verify the identity of clients and servers on the Web C. to encrypt messages for secure e-mail communications D. to encrypt channels to provide secure communication between clients and servers
A. to verify the authenticity of the Registration Authorizer
An entity that issues digital certificates is a ______________. A. Certificate Signatory (CS) B. Signature Authority (SA) C. Digital Signer (DS) D. Certificate Authority (CA)
D. Certificate Authority (CA)
A centralized directory of digital certificates is called a(n) __________. A. Digital Signature Approval List (DSAP) B. Digital Signature Permitted Authorization (DSPA) C. Authorized Digital Signature (ADS) D. Certificate Repository (CR)
D. Certificate Repository (CR)
Each of the following is a field of an X.509 certificate except __________. A. validity period B. CA expiration code C. serial number D. Signature
B. CA expiration code
In order to ensure a secure cryptographic connection between a Web browser and a Web server - a(n) _________ would be used. A. e-mail Web certificate B. server digital certificate C. personal digital certificate D. Web digital certificate
B. server digital certificate
A digital certificate that turns the address bar green is a(n) __________. A. X.509 certificate B. Advanced Web Server Certificate (AWSC) C. Extended Validation SSL Certificate D. Personal Web-Client Certificate
C. Extended Validation SSL Certificate
The __________-party trust model supports CA. A. first B. second C. third D. fourth
C. third
Public-key Cryptography Standards (PKCS) __________. A. are used to create public keys only B. define how hashing algorithms are created C. have been replaced by PKI D. are widely accepted in the industry
D. are widely accepted in the industry
Each of the following is true regarding a hierarchical trust model except __________. A. it assigns a signal hierarchy with one master CA B. it is designed for use on a large scale C. the master CA is called the root D. the root signs all digital certificate authorities with a single key
B. it is designed for use on a large scale.
Dual-sided digital certificates __________. A. are used in military and financial settings when it is necessary for the client to authenticate back to the server B. are the same as dual-key digital certificates C. are required under PKCS #1 D. require a special browser
A. are used in military and financial settings when it is necessary for the client to authenticate back to the server
Which of the following is not where keys can be stored? A. in hashes B. on the user’s local system C. embedded in digital certificates D. in tokens
A. in hashes
Public Key Infrastructure (PKI) __________. A. creates private key cryptography B. requires the use of an RA instead of a CA C. generates public/private keys automatically D. is the management of digital certificate
D. is the management of digital certificate
A(n) __________ is a published set of rules that govern the operation of a PKI. A. certificate policy (CP) B. certificate practice statement (CPS) C. signature resource guide (SRG) D. enforcement certificate (EF)
A. certificate policy (CP)
Which of the following is not part of the certificate life cycle? A. Authorization B. Creation C. Expiration D. Revocation
A. Authorization
__________ refers to a situation in which keys are managed by a third party - such as a trusted CA. A. Remote key administration B. Trusted key authority C. Key authorization D. Key escrow
D. Key escrow
__________ is a protocol for securely accessing a remote computer. A. Secure Shell (SSH) B. Secure Sockets Layer (SSL) C. Secure Hypertext Transport Protocol (SHTTP) D. Transport Layer Security (TLS)
A. Secure Shell (SSH)
What is the cryptographic transport protocol that is used most often to secure Web transactions? A. SHTTP B. PPPTPoE C. HTTPS D. MD-17
C. HTTPS
Which transport encryption algorithm is integrated as part of IPv6? A. IPsec B. SSH C. SSL/TLS D. RSA
A. IPsec
The ability that provides tracking of events.
Accounting
An item that has value.
Asset
The act of ensuring that an individual or element is genuine.
Authorization
The steps that ensure that the individual is who they claim to be.
Authentication
Security actions that ensure that data is accessible to authorized users.
Availability
The first state law that covers any state agency - person - or company that does business in California.
California’s Database Security Breach Notification Act (2003)
Security actions that ensure only authorized parties can view the information.
Confidentiality
Targeted attacks against financial networks - unauthorized access to information - and the theft of personal information.
Cybercrime
A network of attackers - identity thieves - spammers - and financial fraudsters.
Cybercriminals
A premeditated - politically motivated attack against information - computer systems - computer programs - and data that results in violence.
Cyberterrorism
Attackers whose motivation may be defined as ideology - or attaching for the sake of their principles or beliefs.
Cyberterrorists
The act of taking advantage of a vulnerability.
Exploiting
A law that requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
Gramm-Leach-Bliley Act (GLBA)
A term used to refer to a person who used advanced computer skills to attack computers.
Hacker
A law designed to guard protected health information and implement policies and procedures to safeguard it.
Health Insurance Portability and Accountability Act (HIPAA)
Stealing another person’s personal information - such as a Social Security number - and then using the information to impersonate the victim - generally for financial gain.
Identity Theft
The tasks of securing information that is in a digital format.
Information Security
Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data.
Integrity
The likelihood that a threat agent will exploit the vulnerability.
Risk
A law designed to fight corporate corruption.
Sarbanes-Oxley Act (Sarbox)
Individuals who want to break into computers to create damage - yet lack the knowledge of computers and networks needed to do so.
Script Kiddies
A person who has been hired to break into a computer and steal information.
Spy
A type of action that has the potential to cause harm.
Threat
A person or element that has the power to carry out a threat.
Threat Agent
A flaw or weakness that allows a threat agent to bypass security.
Vulnerability
Each of the following is a reason it is difficult to defend against today’s attackers except __________. A. complexity of attack tools B. weak patch distribution C. greater sophistication of attacks D. delays in patching software products
A. complexity of attack tools
In a general sense - “security” is __________. A. protection from only direct actions B. using reverse attack vectors (RAV) for protection C. only available on hardened computers and systems D. the necessary steps to protect a person or property from harm
D. the necessary steps to protect a person or property from harm
__________ ensures that only authorized parties can view the information. A. confidentiality B. availability C. integrity D. authorization
A. confidentiality
Each of the following is a successive layer in which information security is achieved except __________. A. products B. purposes C. procedures D. people
B. purposes
By definition - a(n) __________ is a person or thing that has the power to carry out a threat. A. vulnerability B. exploit C. threat agent D. risk
C. threat agent
__________ ensures that the individual is who they claim to be. A. authentication B. accounting C. access control D. certification
A. authentication
Each of the following is a goal of information security except __________. A foil cyberterrosim B. avoid legal consequences C. decreases user productivity D. prevent data theft
C. decreases user productivity
The __________ requires that enterprises must guard protected health information and implement policies and procedures to safeguard it. A. Hospital Protection and Insurance Association Agreement (HPIAA) B. Sarbanes-Oxley Act (Sarbox) C. Gramm-Leach-Bliley Act (GLBA) D. Health Insurance Portability and Accountability Act (HIPAA)
D. Health Insurance Portability and Accountability Act (HIPAA)
Utility companies - telecommunications - and financial services are considered prime targets of __________ because attackers can significantly disrupt business and personal activities by destroying a few targets. A. white hat hackers B. script kiddies C. computer spies D. cyberterrorists
D. cyberterrorists
After an attacker has probed a network for information - the next step is to __________. A. penetrate any defenses B. paralyze networks and devices C. circulate to other systems D. modify security settings
A. penetrate any defenses
