Chapter 10 Sec +

Question 1

MD5

Answer 1

Message Digest 5

• is a common hashing algorithm that produces 128-bit hash value

-Cracked and really only used for Checksum to verify integrity of files

Question 2

SHA

Answer 2

Secure Hash Algorithm

Are a group of hashing algorithms
With variations grouped into 4 Standards

SHA 0 do not uses
SHA1 creates 160bit hash not used
SHA2 uses 256,224,384,512 bit hashes

Also verifies file integrity

Question 3

HMAC

Answer 3

Hash Based Message Authentication Code

Is another way to provide integrity
- is a fixed length string of bits similar to MD5 and SHA-256
-uses a Shared secret integrity Key to add some randomness to the result
-provides both integrity and authenticity

Question 4

LSASS

Answer 4

Local Security Authority Subsystem Security
A place that has password hashes

Question 5

Credman

Answer 5

Credential manager

Question 6

AES

Answer 6

Advanced Encryption Standard

Is a strong symmetric Block Cipher that encrypts data in 128-bit blocks

Uses key sizes of 128,192,256 bit keys

More bits used the harder it is to figure out the key

Question 7

3DES

Answer 7

Is a Symmetric Block Cipher designed to improve on Legacy Data encrypted Standard (DES)

It Encrypts data using the DES algorithm in 3 separate passes And uses multiple keys
Encrypts data in 64-bit blocks
Key sizes of 112 but and 168 bit

Question 8

CA

Answer 8

Certificate Authority
Issue and manage certificates to include
Asymmetric Encryption, authentication and digital signatures

Question 9

ECC

Answer 9

Elliptic Curve Cryptography

It uses mathematical equations to formulate an elliptical curve

-Used on low power devices

Question 10

RSA

Answer 10

Rivest Shamir Adleman
Is the primary public key Cryptographic algorithm used on the Internet
Uses key sizes of 1024,2048,4096
NIST recommends using 2048 and above keys

Question 11

DSA

Answer 11

Digital Signature Algorithm

Uses an Encrypted hash of a message

The hash is encrypted with the senders private key

Question 12

S/MIME

Answer 12

Secure/Multipurpose Internet Mail Extensions

Is the most popular standard to digitally sign and encrypt email
-uses both asymmetrical and symmetrical Encryption

Current Verizon uses Cryptographic Message Syntax(CMS) which allows it to use variety of different hashing algorithms and Encryption algorithms

Question 13

PKI

Answer 13

Public Key Infrastructure
-is a group of technologies used to request,create,manage,store, distribute,and revoke digital signatures

Question 14

CSR

Answer 14

Certificate Signing Request
It includes purpose of cert and information about website and public key and user.

And is formatted using the Public Key Cryptography Standards #10 Specifications

Question 15

RA

Answer 15

Registration Authority

Can assist the CA by collecting digital certs registration information

Question 16

CRL

Answer 16

Certificate Revocation Lists

Is version 2 certificate that includes a list of revoked certificates identified by Serial numbers

Question 17

OCSP

Answer 17

Online Certification Status Protocol

Returns answers such as good, Revoked, or Unknown for Certificates

clients before they use certs verify it’s valid with checks

Question 18

KMS

Answer 18

Key Management System

Is a Centralized system or Service Responsible for the Secure Management of Cryptographic Keys used in Various security Applications

Question 19

SAN

Answer 19

Subject Alternative Name

Certificate is used for multiple domains that have different names but are owned by the same organization

Question 20

ASCII

Answer 20

American Standard Code for Information Interchange

BASE64 encoding converts binary data into ASCII String format

Question 21

CER

Answer 21

Canonical Encoding Rules
Is used for ASCII Format

Question 22

DER

Answer 22

Distinguish Encoding Rules
Used for Binary Format

Question 23

PEM

Answer 23

Privacy Enhanced Mail

-Can be used for almost anything
-Can be converted to CER or DER
-Used to share public keys within a cert, request certs from ca as a CSR, install private keys on server, publish a CRL, or share the full cert chain