Chapter 10: Understanding Cryptography and PKI Flashcards

1
Q

____ provides assurances that data has not been modified.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

____ ensures that data has retained integrity.

A

Hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

____ensures that data is only viewable by authorized users.____ protects the confidentiality of data.

A

Confidentiality

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

____ encryption uses the same key to encrypt and decrypt data.

A

Symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

____ encryption uses two keys (public and private) created as a matched pair.

A

Asymmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A ____ ____ provides authentication, non-repudiation, and integrity.
• Authentication validates an identity.
• Non-repudiation prevents a party from denying an action.
• Users sign emails with a it, which is a hash of an email message encrypted with the sender’s private key.
• Only the sender’s public key can decrypt the hash, providing verification it was encrypted with the sender’s private key.

A

digital signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A ____ (sometimes listed as a checksum) is a fixed-size string of numbers or hexadecimal characters.

A

hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

____ ____ are one-way functions used to create a hash. You cannot reverse the process to re-create the original data.

A

Hashing algorithms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Passwords are often stored as hashes instead of the actual password._____ the password thwarts many password attacks.

A

Salting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Two commonly used key stretching techniques are _____ and ______. They protect passwords against brute force and rainbow table attacks.

A

bcrypt and Password-Based Key Derivation Function 2 (PBKDF2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Common hashing algorithms are ______, _____, and _____.

A

Message Digest 5 (MD5), Secure Hash Algorithm (SHA), and Hash-based Message Authentication Code (HMAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

_____ hashing algorithm provides both integrity and authenticity of a message.

A

HMAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

_____ ensures that data is only viewable by authorized users.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

_____ provides confidentiality of data, including data-at-rest (any type of data stored on disk) or data-in-transit (any type of transmitted data).

A

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

____ ciphers encrypt data in fixed-size blocks. Advanced Encryption Standard (AES) and Twofish encrypt data in 128-bit blocks.

A

Block

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

____ ciphers encrypt data 1 bit or 1 byte at a time. They are more efficient than block ciphers when encrypting data of an unknown size or when sent in a continuous stream. RC4 is a commonly used exampl

A

Stream

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Cipher modes include ____, _____, ____ and ____.

A

Electronic Codebook (ECB)
Cipher Block Chaining (CBC)
Counter (CTM) mode and Galois/Counter Mode (GCM).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

This cipher mode should not be used.

A

ECB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

This cipher mode is widely used because it is efficient and provides data authenticity.

A

GCM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

____, ____, and ____ are block ciphers that encrypt data in 64-bit blocks.

A

Data Encryption Standard (DES), Triple DES (3DES), and Blowfish

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

____ is a popular symmetric block encryption algorithm, and it uses 128, 192, or 256 bits for the key.

A

AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

____ encryption uses public and private keys as matched pairs.

A

Asymmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Asymmetric encryption:

If the public key encrypted information, only the matching ____ key can decrypt it.

A

private

24
Q

Asymmetric encryption: If the private key encrypted information, only the matching ____ key can decrypt it.

A

public

25
Q

____ keys are always kept private and never shared. ____ keys are freely shared by embedding them in a
certificate.

A

Private

Public

26
Q

____ is a popular asymmetric algorithm. Many cryptographic protocols use it to secure data such as email and data transmitted over the Internet. It uses prime numbers to generate public and private keys.

A

RSA

27
Q

___ ____ _____ is an encryption technology commonly used with small wireless devices.

A

Elliptic curve cryptography (ECC)

28
Q

____-_____ provides a method to privately share a symmetric key between two parties.

A

Diffie-Hellman

29
Q

_____________ is a version of Diffie-Hellman that uses ECC to re-create keys for each session.

A

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)

30
Q

_____ is the practice of hiding data within a file. You can hide messages in the white space of a file without modifying its size. A more sophisticated method is by modifying bits within a file. Capturing and comparing hashes of files can discover these attempts.

A

Steganography

31
Q

When using digital signatures with email:
• The sender’s ____ key encrypts (or signs).
• The sender’s ____ key decrypts.

A

private

public

32
Q

A ____ ______ provides authentication (verified identification) of the sender, non- repudiation, and integrity of the message.

A

digital signature

33
Q

Senders create a digital signature by _____ a message and _____ the hash with the sender’s private key. Recipients decrypt the digital signature with the sender’s matching ____ key.

A

hashing
encrypting
public

34
Q

When encrypting email:
• The recipient’s ____ key encrypts.
• The recipient’s ____ key decrypts.

A

public

private

35
Q

Many email applications use the ____ key to encrypt a symmetric key, and then use the _____ key to encrypt the email contents.

A

public

symmetric

36
Q

____ and ____ secure email with encryption and digital signatures. They both use RSA, certificates, and depend on a PKI. They can encrypt email at rest (stored on a drive) and in transit (sent over the network).

A

S/MIME and PGP

37
Q

____ is the replacement for SSL. SSL is deprecated and should not be used.

A

TLS

38
Q

When encrypting web site traffic with TLS:
• The web site’s public key encrypts a _____ key.
• The web site’s private key ____ the symmetric key.
• The symmetric key _____ data in the session.

A

symmetric
decrypts
encrypts

39
Q

Weak cipher suites (such as those supporting SSL) should be _____ to prevent downgrade attacks.

A

disabled

40
Q

A ____ ____ ____ is a group of technologies used to request, create, manage, store, distribute, and revoke digital certificates. It allows two entities to privately share symmetric keys without any prior communication.

A

Public Key Infrastructure (PKI)

41
Q

Most public CAs use a ____ centralized CA trust model, with a root CA and intermediate CAs.

A

hierarchical

42
Q

A ___ issues, manages, validates, and revokes certificates.

A

CA

43
Q

____ certificates of trusted CAs are stored on computers. If it is not in the trusted store, web users will see errors indicating the certificate is not trusted or the CA is not recognized.

A

Root

44
Q

You request a certificate with a ___ ___ ___. You first create a private/ public key pair and include the public key in this place.

A

certificate signing request (CSR)

45
Q

CAs ____ certificates when an employee leaves, the private key is compromised, or the CA is compromised.

A

revoke

46
Q

A CRL identifies revoked certificates as a list of ____ ____.

A

serial numbers

47
Q

The CA publishes the _____, making it available to anyone. Web browsers can check certificates they receive from a web server against a copy of the _____ to determine if a received certificate is revoked.

A

CRL

48
Q

Public key _____ provides clients with a list of hashes for each public key it uses.

A

pinning

49
Q

Certificate _____ provides clients with a timestamped, digitally signed OCSP response. This is from the CA and appended to the certificate.

A

stapling

50
Q

User systems return errors when a system tries to use an _____ certificate.

A

expired

51
Q

A ____ ____ stores a copy of private keys used within a PKI. If the original private key is lost or inaccessible, the copy is retrieved from here, preventing data loss.

A

key escrow

52
Q

_____ certificates use a * for child domains to reduce the administrative burden of managing certificates. Subject Alternative Name (SAN) certificates can be used for multiple domains with different domain names.

A

Wildcard

53
Q

A ____ validated certificate indicates that the certificate requestor has some control over a DNS domain. _____ validation certificates use additional steps beyond domain validation to give users a visual indication that they are accessing the site.

A

domain

Extended

54
Q

___ is a binary format for certificates and ____ is an ASCII format.

A

CER

DER

55
Q

____ is the most commonly used certificate format and can be used for just about any certificate type.

A

PEM

56
Q

____ certificates are commonly used to share public keys. ____ and ___ certificates are commonly used to hold the private key.

A

P7B

P12 and PFX