Chapter 10 Flashcards

Question 1

Q

Integrity

Answer

A

One of the three main goals of information security known as the CIA security triad

Integrity provides assurance that data or system configurations have not been modified

Audit logs and hashing are two methods used to ensure integrity

Compare with availability and confidentiality

Question 2

Q

Hash

Answer

A

A number created by executing a hashtag algorithm against data, such as a file or message

Hashing is commonly used for integrity

Common hashing algorithms are MD5, SHA-1, and HMAC

Question 3

Q

Confidentiality

Answer

A

One of three main goals of information security known as the CIA security triad

Confidentiality ensures that unauthorized entities cannot access data

Encryption and access controls help protect against the loss of confidentiality

Compare with availability and integrity

Question 4

Q

Encryption

Answer

A

A process that scrambles, or ciphers, data to make it unreadable

Encryption normally includes a public algorithm and a private key

Compare with Asymmetric and Symmetric Encryption

Question 5

Q

Digital Signature

Answer

A

An encryption hash of a message, encrypted with the sender’s private key

It provides authentication, non-reputation, and integrity

Question 6

Q

Authentication

Answer

A

The process that occurs when a user proves an identity, such as with a password

Question 7

Q

Non-Repudiation

Answer

A

The ability to prevent a party from denying an action

Digital Signatures and access logs provide non-repudiation

Question 8

Q

Patch File

Question 9

Q

SHA-1 Checksum

Question 10

Q

MD5

Answer

A

Message Digest 5 is a hashing function used to provide integrity

MD5 creates 128-bit hashes, which are also referred to as MD5 checksums

Experts consider MD5 cracked

Question 11

Q

SHA

Answer

A

Secure Hash Algorithm is a hashing function used to provide integrity

Versions include SHA-1, SHA-2, SHA-3

Question 12

Q

HMAC

Answer

A

Hash-based Message Authentication Code is a hashing algorithm used to verify integrity and authenticity of a message with the use of a shared secret

It is typically combined with another hashing algorithm such as SHA

Question 13

Q

RIPEMD

Answer

A

RACE Integrity Primitives Evaluation Message Digest is a hash function used for integrity

It creates fixed-length hashes of 128, 160, 256, or 320 bits

Question 14

Q

Key Stretching

Answer

A

A technique used to increase the strength of stored passwords

It adds additional bits (called salts) and can help thwart brute force and rainbow table attacks

Question 15

Q

Salt

Answer

A

A random set of data added to a password when creatig the hash

PBKDF2 and bcrypt are two protocols that use salts

Question 16

Q

Bcrypt

Answer

A

A key stretching algorithm

It is used to protect passwords

Bcrypt salts passwords with additional bits before encrypting them with Blowfish

This thwarts rainbow table attacks

Question 17

Q

PBKDF2

Answer

A

Password-Based Key Derivation Function 2 is a key stretching technique that adds additional bits to a password as a salt

It helps prevent brute force and rainbow table attacks

Question 18

Q

Data-at-rest

Answer

A

Any data stored on media

It’s common to encrypt sensitive data-at-rest

Question 19

Q

Data-In-Transit

Answer

A

Any data sent over a network

It’s common to encrypt sensitive data-in-transit

Question 20

Q

Data-In-Use

Answer

A

Any data currently being used y a computer

Because the computer needs to process the data, it is not encrypted while in use

Question 21

Q

Algorithm

Question 22

Q

Key

Question 23

Q

Random and Pseudo-Random Numbers

Question 24

Q

IV

Answer

A

Initialization Vector attack is a wireless attack that attempts to discover the IV

Legacy wireless security protocols are susceptible to IV attacks

Question 25

Q

Nonce

Answer

A

A number used once

Cryptography elements frequently use a nonce to add randomness

Question 26

Q

XOR

Answer

A

A logical operation used in some encryption schemes

XOR operations compare two inputs

If the two inputs are the same, it outputs True

If the two inputs are different, it outputs False

Question 27

Q

Confusion

Answer

A

A cryptography concept that indicates ciphertext is significantly different than plaintext

Question 28

Q

Diffusion

Answer

A

A cryptography concept that ensures that small changes in plaintext result in significant changes in ciphertext

Question 29

Q

Secret Algorithm

Question 30

Q

Weak/Deprecated Algorithms

Question 31

Q

High Resiliency

Question 32

Q

Block Cipher

Answer

A

An encryption method that encrypts data in fixed-sized blocks

Compare with stream cipher

Question 33

Q

StreamCipher

Answer

A

An encryption method that encrypts data as a stream of bits or bytes

Compare with block cipher

Question 34

Q

ECB

Answer

A

Electronic Codebook is a legacy mode of operation used for encryption

It is weak and should not be used

Question 35

Q

CBC

Answer

A

Cipher Block Chaining is a mode of operation used for encryption that effectively converts a block cipher into a stream cipher

It uses an IV for the first block and each subsequent block is combined with the previous block

Question 36

Q

CTM

Answer

A

Counter mode is a mode of operation used for encryption that combines an IV with a counter

The combined result is used to encrypt blocks

Question 37

Q

GCM

Answer

A

Galois/Counter Mode is a mode of operation used for incryption

It combines the counter (CTM) mode with hashing techniques for data authenticity and confidentiality

Question 38

Q

Symmetric Encryption

Answer

A

A type of encryption using a single key to encrypt and decrypt data

Compare with asymmetric encryption

Question 39

Q

Encryption Algorithm

Question 40

Q

Decryption Algorithm

Question 41

Q

Substitution Cipher

Answer

A

An encryption method that replaces characters with other characters

Question 42

Q

Plaintext

Answer

A

Text displayed in a readable format

Encryption converts plaintext to ciphertext

Question 43

Q

Ciphertext

Answer

A

The result of encrypting plaintext

Ciphertext is not in an easily readable format until it is decrypted

Question 44

Q

ROT13

Answer

A

A substitution cipher that uses a key of 13

To encrypt a message, you would rotate each letter 13 spaces

To decrypt a message, you would rotate each letter 13 spaces

Question 45

Q

Obfuscation

Answer

A

An attempt to make something unclear or difficult to understand

Steganography methods use obfuscation to hide data within data

Question 46

Q

AES

Answer

A

Advanced Encryption Standard is a strong symmetric block cipher that encrypts data in 128-bit blocks

AES can use key sizes of 128 bits, 192 bits, 256 bits

Question 47

Q

Fast

Question 48

Q

Efficient

Question 49

Q

Strong

Question 50

Q

DES

Answer

A

Data Encryption Standard is a legacy symmetric encryption standard used to provide confidentiality
It has been compromised and AES or 3DES should be used instead

Question 51

Q

3DES

Answer

A

Triple Digital Encryption Standard is a symmetric algorithm used to encrypt data and provide confidentiality

It is a block cipher that encrypts data in 64-bit blocks

Question 52

Q

RC4

Answer

A

A symmetric stream cipher that can use between 40 and 2,048 bits

Experts consider it cracked and recommend using stronger alternatives

Question 53

Q

Blowfish

Answer

A

A strong symmetric block cipher

It encrypts data in 64-bit blocks and supports key sized between 32 and 448 bits

Compare with Twofish

Question 54

Q

Twofish

Answer

A

A symmetric key block cipher

It encrypts data in 128-bit blocks and supports 128-, 192-, or 256-bit keys

Compare with Blowfish

Question 55

Q

Asymmetric Encryption

Answer

A

A type of encryption using two keys to encrypt and decrypt data

It uses a public key and a private key

Compare with symmetric encryption

Question 56

Q

Public Key

Answer

A

Part of a matched key pair used in asymmetric encryption

The public key is publicly available

Compare with private key

Question 57

Q

Private Key

Answer

A

Part of a matched key pair used

Question 58

Q

Certificate

Answer

A

A digital file used for encryption, authentication, digital signatures, and more

Public certificates include a public key used for asymmetric encryption

Question 59

Q

Serial Number

Question 60

Q

Issuer

Question 61

Q

Validity Dates

Question 62

Q

Subject

Question 63

Q

Usage

Question 64

Q

RSA

Answer

A

Rivest, Shamir, and Adleman is an asymmetric algorithm used to encrypt data and digitally sign transmissions

It is named after its creators, Rivest, Shamir, and Adleman

Answer 47

A

An ephemeral key is a type of key used in cryptography

Ephemeral keys have very short lifetimes and are re-created for each session

Answer 48

A

A characteristic of encryption keys ensuring that keys are random

Perfect forward secrecy methods do not use deterministic algorithms

Answer 49

A

The practice of hiding data within data

For example, it’s possible to embed text files within an image, hiding them from casual users

It is one way to obscure data to hide it

Answer 50

A

Digital Signature Algorithm is an encrypted hash of a message used for authentication, non-repudiation, and integrity

The sender’s private key encrypts the hash of the message

Answer 51

A

Secure/Multipurpose Internet Mail Extensions is a popular standard used to secure email

S/MIMI provides confidentiality, integrity, authentication, and non-repudiation

Answer 52

A

A set of hardware, software, and/or firmware that implements cryptographic functions

Compare with crypto service provider

Answer 53

A

A software library of cryptographic standards and algorithms

These libraries are typically distributed within crypto modules

Answer 54

A

A type of attack that forces a system to downgrade its security

The attacker then exploits the lesser security control

Answer 55

A

A PKI certificate identifying a root CA

Answer 56

A

A process that combines all certificates within a trust model

It includes all the certificates in the trust chain from the root CCA down to the certificate issued to the end user

Answer 57

A

Certificate signing request is a method of requesting a certificate from a CA

It starts by creating an RSA-based private/public key pair and then including the public key in the CSR

Answer 58

A

Online Certificate Status Protocol is an alternative to using a CRL

It allows entities to query a CA with the serial number of a certificate

The CA answers with good, revoked, or unknown

Answer 59

A

The process of appending a digitally signed OCSP response to a certificate

It reduces the overall OCSP traffic sent to CA

Answer 60

A

A security mechanism used by some web sites to prevent web site impersonation

Web sites provide clients with a list of public key hashes

Clients store the list and use it to validate the web site

Answer 61

A

The process of placing a copy of a private key in a safe environment

Answer 62

A

The process of assigning a certificate to code

The certificate includes a digital signature and validates the code

Answer 63

A

Canonical Encoding Rules are a base format for PKI certificates

They are binary encoded files

Compare with DER

Answer 64

A

Distinguished Encoding Rules are a base format for PKI certificates

They are BASE64 ASCII encoded files

Compare with CER

Answer 65

A

Privacy Enhanced Mail is a common format for PKI certificates

It can use either CER (ASCII) or DER (Binary) formats and can be used for almost any type of certificates

Answer 66

A

PKCS#7 is a common format for PKI certificates

They are DER-based (ASCII) and commonly used to share public keys

Answer 67

A

PKCS#12 is a common format for PKI certificates

They are CER-based (Binary) and often hold certificates with the private key

They are commonly encrypted

Answer 68

A

Personal information Exchange is a common format for PKI certificates

It is the predecessor to P12 certificates

Brainscape's Knowledge GenomeTM

Chapter 10 Flashcards

Brainscape's Knowledge Genome^TM