1.4 Flashcards

Public Key Infrastructure, Encrypting data, Key exchange, Encryption technologies, Obfuscation, Hashing and digital signatures, Blockchain technology, Certificates

1
Q

PKI stands for

A

Public Key Infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Policies, procedures, hardware, software, and people that are responsible for creating, distributing, managing, storing, and revoking digital certificates

Also used to describe the binding of public keys to people or devices

A

PKI (Public Key Infrastructure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A type of encryption that uses a single, shared key to encrypt and decrypt data

A

Symmetric encryption

AKA secret key, shared secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A type of encryption that does not scale very well and is challenging to distribute

A

Symmetric encryption

AKA secret key, shared secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A type of encryption that is very fast and has little overhead

A

Symmetric encryption

AKA secret key, shared secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A type of encryption that uses two mathematically-related keys to encrypt and decrypt data

One key is public and one key is private; the private is used to decrypt data encrypted with the public key

The private key cannot be derived from the public key

A

Asymmetric encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True/False

In asymmetric encryption, the public and private keys are created separately at different times

A

False. They are created simultaneously and are mathematically related.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A third party that holds and manages decryption keys. This may be within your own organization.

ex. If there are large amounts of keys

ex. Necessary if the employee using that key is no longer part of the company, but the organization needs access to past messages

A

Key escrow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A type of encryption that is slow to use and involves implementing complex mathematics with very large prime numbers (lots of overhead)

A

Asymmetric encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A type of encryption that protects all of the data in an entire storage device

A

Full-disk encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A type of encryption that protects all of the data in a partition

A

Partition-level encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A type of encryption that protects a single file

A

File encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which types of encryption do BitLocker and FileVault provide? (2 types)

A

Full-disk and volume-level encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which type of encryption does EFS provide?

A

File encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A type of encryption that protects a volume

A

Volume-level encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Difference between a volume and a partition?

A

A partition is a logical division of a disk.

A volume is a logical assembly of two or more partitions used as a mass storage container.

As a filing cabinet, the filing cabinet itself is the disk drive. The drawers represent partitions. A volume is like labeling the top two drawers for “C” and the bottom two drawers “D”. C drawers are alphabetized, and D drawers are organized by date.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A type of encryption that protects all the data stored in a database

A

Database-level encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A type of encryption that encrypts all of the data stored in the database with a symmetric key

A

Transparent encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A type of encryption that protects individual columns within a database.

It uses separate symmetric keys for each column.

A

Record-level encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Why is record-level encryption useful? Why not just encrypt the entire database?

A

It makes querying the database very hard to do without unencrypting the entire database. This provides unnecessary risk.

By keeping some information (names, ID numbers) unencrypted, a typical user can search common info without having access to privileged information. SSNs and other sensitive info can remain encrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What type of encryption does HTTPS and VPNs provide?

A

Transport/communication encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A type of encryption that protects data traversing through a network

A

Transport/communication encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

True/False

The people on both sides of the encryption need to agree on which type of encryption to use based on speed, security level, and complexity of implementation. They need to use compatible encryption methods.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

True/False

Smaller keys provide stronger encryption

A

False; the opposite is true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A method of making a weak/small key stronger by performing the encryption algorithm multiple times on the single piece of data

A

Key stretching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The method of sharing an encryption key across an insecure medium without physically transferring the key

A

Key exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A key exchange method in which you send the symmetric key over a medium other than the internet/network (telephone, courier, in-person, etc.)

A

Out-of-band key exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A key exchange method in which you send the symmetric key over the network, protected with additional asymmetric encryption

This is common for keys that are used for only a short period of time ex. Session keys

A

In-band key exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

True/False

Session keys are ephemeral keys, which means they need to be changed often

Session keys also need to be unpredictable

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

An algorithm that combines public and private keys in order to generate the same symmetric key on both sides of the communication, without actually sending the key.

For example, Bob’s laptop combines Bob’s private key and Alice’s public key to make a symmetric key.

Alice’s laptop combines Alice’s private key and Bob’s public key to make a symmetric key.

Because they are both mathematically related, the same symmetric key is generated.

A

Key exchange algorithm

AKA public and private key cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A standardized piece of hardware specifically designed to provide cryptographic functions for the device it is installed on

It is a cryptographic processor. It can generate random numbers or keys.

It also has persistent memory, meaning there are unique keys that are burned in during manufacturing that can help with full disk encryption.

A

TPM (Trusted Platform Module)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

2 types of memory possessed by the TPM

A

Persistent memory
There are unique keys burned into it during manufacturing that can be used for full disk encryption

Versatile memory
It can store different sets of keys and hardware configuration information
It can securely store BitLocker keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

True/False

The TPM’s password can be thwarted by dictionary and brute force attacks

A

False

There is no way to use these methods to thwart the password protection on a TPM

34
Q

A piece of hardware that provides cryptographic functions (similar to the TPM) for large environments (ex. datacenters)

This hardware is able to store thousands of cryptographic keys

They are typically clustered and use redundant power for availability

A

HSM (Hardware Security Module)

35
Q

HSM stands for

A

Hardware Security Module

36
Q

TPM stands for

A

Trusted Platform Module

37
Q

True/False

HSMs typically have plug-in cards or separate hardware devices specifically designed for very fast cryptographic functions, in order to perform these functions directly on the machine

A

True

38
Q

What system is used to centralize the management of cryptographic keys from one single management console?

This system allows you to:
Associate keys with specific users
Regularly rotate the keys
Log key use and important events

It also keeps the keys separate from the data that you are trying to protect

A

Key management system

39
Q

A security processor built into devices that is dedicated to maintaining privacy by separating sensitive data from other processes.

It is isolated from the main processor

A

Secure enclave

40
Q

Secure enclave features (5)

A

Has its own boot ROM
True RNG
Real-time memory encryption
Root cryptographic keys
Performs AES encryption in hardware

And more…

41
Q

The process of making something difficult (but not impossible) to understand

Hiding something in plain sight

A

Obfuscation

42
Q

Hiding information within an image

A

Steganography

43
Q

Steganography is a type of security through ____.

A

Obscurity

44
Q

Steganography is Greek for

A

“concealed writing”

45
Q

In steganography, what is the document/file that contains the data you are hiding?

A

Covertext

46
Q

5 types of steganography

A

Network-based
Embed msgs in TCP packets

Image-based
Embed the msg in the image

Invisible watermarks
Yellow dots on printers

Audio
Interlacing a secret msg w/in the audio

Video
Larger scale of image steganography
Manage signal-to-noise ratio
Can transfer A LOT of info

47
Q

Which type of steganography has the potential to convey the most information?

A

Video

48
Q

A type of obfuscation where sensitive data is replaced by a non-sensitive placeholder

When the token is sent, the client on the other side makes the connection to the actual sensitive data

If the data is captured via MITM, that token is useless

ex. SSN 266-12-1112 is now 691-61-8539

A

Tokenization

49
Q

Which type of obfuscation is commonly used when paying with an iPhone or smart watch at a grocery store?

A

Tokenization

Specifically a one-time-use token

50
Q

True/False

Tokenization is mathematically related to the data it is protecting

A

False

Unlike encryption or hashing, the token has no relation to the actual data. That way, it is very safe.

51
Q

A type of obfuscation where you hide parts of the original data

Commonly, this type is used to only visually hide the data; it may be intact in storage

A

Data masking

52
Q

4 types of data masking techniques

A

Substituting
Shuffling
Encrypting
Masking out

53
Q

A representation of data as a short string of text

A

Hash

AKA message digest, fingerprint

54
Q

True/False

Hashing is the same thing as encryption

A

False

It is possible to recover the original data from encryption if given the key

It is impossible to recover the original data from a hash

55
Q

This occurs when two different data inputs create the same hash

A

Collision

56
Q

Which encryption algorithm has a problem with collision?

A

MD5 - don’t use it for anything important

This problem was discovered in 1996

57
Q

Random data added to a password when hashing

A

Salt

58
Q

Which type of attack does salting thwart?

A

Rainbow tables

59
Q

True/False

When implementing salting, the same salt gets used for each employee

A

False

Each user gets their own unique salt

60
Q

What 3 things are hashes used for in the form of a digital signature?

A

Integrity
Authentication
Non-repudiation

61
Q

True/False

Using a digital signature is the opposite of using asymmetric encryption

A

True

When using asymmetric encryption, the data is encrypted with the public key and decrypted with the private key

When using a digital signature, the data is encrypted with the private key and decrypted with the public key
That way, you know that no one else could have signed it, and anyone is able to verify the sender

62
Q

The block chain is commonly known as

A

A distributed ledger

An open public ledger

63
Q

4 practical applications for the block chain

A

Payment processing
Digital identification
Supply chain monitoring
Digital voting

And more…

64
Q

What are added to blocks in the block chain in order to ensure integrity?

A

Hashes

65
Q

What 3 things is a public key certificate made up of?

A

Public key
Digital signature
Other details about the key holder

66
Q

How do you build trust from something unknown?

A

Someone/something trustworthy provides their approval

67
Q

An inherently trusted component is known as…

(this can be an HSM, TPM, secure enclave, CA, etc.)

A

Root of trust

68
Q

A trusted entity that digitally signs the certificates on websites. This entity is responsible for vetting requests, verifying the certificate owner, and may collect other information.

A signature from this entity allows your browser to trust the website.

A

CA

69
Q

A CA that is owned by you/your own organization

A

Private CA

70
Q

A certificate that can be used for any device that shares the FQDN listed in the SAN attribute

The certificate can support many different domains

A

Wildcard certificate

71
Q

SAN stands for (in terms of certificates)

A

Subject Alternative Name

72
Q

What is the SAN attribute when creating a certificate?

A

Allows the certificate to support many different domains (a wildcard certificate)

73
Q

CRL stands for

A

Certificate Revocation List

74
Q

A list of revoked digital certificates, managed by a CA

A

CRL (Certificate Revocation List)

75
Q

A protocol that allows web browsers to verify the status of digital certificates in real time

The validity of the certificate is then “stapled” into the SSL/TLS handshake at the beginning of the connection

A

OCSP (Online Certificate Status Protocol)

76
Q

The method of embedding the status of a digital certificate during the SSL/TLS handshake when connecting to a website

A

OCSP stapling

77
Q

What 2 things does a website owner need to send to generate a CSR?

A

Applicant’s public key
Applicant identifying information

78
Q

CSR stands for

A

Certificate signing request

79
Q

A request given to a CA to sign a certificate

A

CSR (Certificate Signing Request)

80
Q

What kind of key exchange is used for keys that are only used for a short period of time? (Ex. Session keys)

A

In-band key exchange