CH2

Question 1

A set of identities, roles, policies, and actions for the creation, use, management, distribution, and revocation of public and private keys.

Answer 1

Public key infrastructure (PKI)

Question 2

The study of the techniques used for encryption and secure communications

Answer 2

Cryptography

Question 3

The study of how to crack encryption algorithms or their implementations

Answer 3

Cryptoanalysis

Question 4

A set of rules, which can also be called an algorithm, about how to perform encryption or decryption.

Answer 4

Cipher

Question 5

What are 3 common methods that ciphers use

Answer 5

Substitution, Polyalphabetic, Transposition

Question 6

This type of cipher substitutes one character for another

Answer 6

Substitution

Question 7

This type of cipher substitutes one character for another but uses multiple alphabets and switches between them by some trigger character in the encoded message

Answer 7

Polyalphabetic

Question 8

This cipher method uses many different options, including the rearrangement of letters.

Answer 8

Transposition

Question 9

The instructions for how to reassemble

Answer 9

Key

Question 10

A symmetric key cipher (same key used to encrypt and decrypt) that operates on a group of bits called a block.

Answer 10

Block cipher

Question 11

List 5 examples of block cipher algorithms

Answer 11

AES, 3DES, Blowfish, DES, IDEA

Question 12

A symmetric key cipher where the plaintext data to be encrypted is done a bit at a time against the bits of the key stream.

Answer 12

Stream cipher

Question 13

Which type of encryption algorithm is faster to use and requires less CPU … Symmetric or Assymmetric?

Answer 13

Symmetric

Question 14

What is the minimum recommended key length for a symmetric encryption algorithm to be considered safe?

Answer 14

128 bits

Question 15

What is an example of an asymmetric algorithm?

Answer 15

public key algorithm

Question 16

List 5 examples of asymmetric algorithms

Answer 16

RSA, DH, ElGamal, DSA, ECC

Question 17

A method used to verify data integrity

Answer 17

Hashing

Question 18

It is not possible to generate the same hash from a different block of data. This is referred to as….

Answer 18

collision resistance

Question 19

What are the 3 most popular types of hashes

Answer 19

MD5, SHA-1, SHA-2(224 - 512 bits)

Question 20

Attack that attempts to find two input strings of a hash function that produce the same hash result

Answer 20

collision attack

Question 21

Hashing mechanism that includes in its calculation a secret key of some type thus, only the other party who also knows the secret key can calculate the resulting hash correctly.

Answer 21

HMAC

Question 22

What is the NIST recommended HMAC function.

Answer 22

HMAC-SHA-1

Question 23

In the world of cryptography, a digital signature provides 3 core benefits:

Answer 23

Authentication, Data Integrity, Nonrepudiation

Question 24

The U.S. government selected and recommended a set of cryptographic standards call Suite B because it has been approved for protecting classified information at both the secret and top secret levels. List the Suite B algorithms

Answer 24

ECC, AES GCM, ECC DSA, SHA-256, SHA-384, SHA-512

Question 25

Contains the public key of the CA server and the other details about the CA server.

Answer 25

Root Certificate

Question 26

Similar to a root certificate, but describes the client and contains the public key of an individual host.

Answer 26

Identity Certificate

Question 27

A series of standards focused on directory services and how those directories are organized. Many popular network operating systems have been based on this, including active directory. This includes directory elements such as (CN=Thor, OU=engineering).

Answer 27

X.500

Question 28

This is a format of a certificate request sent to a CA that wants to receive its identity certificate. This type of request would include the public key for the entity desiring a certificate.

Answer 28

PKCS # 10

Question 29

This is a format that can be used by a CA as a response to a PKCS #10 request. The response itself will very likely be the identity certificate that had been previously requested

Answer 29

PKCS #7

Question 30

The RSA cryptography standard

Answer 30

PKCS #1

Question 31

A format for storing both public and private keys using a symmetric password-based key to “unlock” the data whenever the key needs to be used or accessed.

Answer 31

PKCS # 12

Question 32

Diffie-Hellman key exchange

Answer 32

PKCS #3

Question 33

Cisco and a few other vendors developed this protocol which can automate most of the process for requesting and installing an identity certificate.

Answer 33

SCEP (Simple Certificate Enrollment Protocol)

Question 34

What are the 3 basic ways to check whether a certificate has been revoked?

Answer 34

CRL (certificate revocation list), OCSP (online certificate status protocol), AAA