Chapter 10: Understanding Cryptography and PKI

Question 1

____ provides assurances that data has not been modified.

Answer 1

Integrity

Question 2

____ ensures that data has retained integrity.

Answer 2

Hashing

Question 3

____ensures that data is only viewable by authorized users.____ protects the confidentiality of data.

Answer 3

Confidentiality

Encryption

Question 4

____ encryption uses the same key to encrypt and decrypt data.

Answer 4

Symmetric

Question 5

____ encryption uses two keys (public and private) created as a matched pair.

Answer 5

Asymmetric

Question 6

A ____ ____ provides authentication, non-repudiation, and integrity.
• Authentication validates an identity.
• Non-repudiation prevents a party from denying an action.
• Users sign emails with a it, which is a hash of an email message encrypted with the sender’s private key.
• Only the sender’s public key can decrypt the hash, providing verification it was encrypted with the sender’s private key.

Answer 6

digital signature

Question 7

A ____ (sometimes listed as a checksum) is a fixed-size string of numbers or hexadecimal characters.

Answer 7

hash

Question 8

____ ____ are one-way functions used to create a hash. You cannot reverse the process to re-create the original data.

Answer 8

Hashing algorithms

Question 9

Passwords are often stored as hashes instead of the actual password._____ the password thwarts many password attacks.

Answer 9

Salting

Question 10

Two commonly used key stretching techniques are _____ and ______. They protect passwords against brute force and rainbow table attacks.

Answer 10

bcrypt and Password-Based Key Derivation Function 2 (PBKDF2)

Question 11

Common hashing algorithms are ______, _____, and _____.

Answer 11

Message Digest 5 (MD5), Secure Hash Algorithm (SHA), and Hash-based Message Authentication Code (HMAC)

Question 12

_____ hashing algorithm provides both integrity and authenticity of a message.

Answer 12

HMAC

Question 13

_____ ensures that data is only viewable by authorized users.

Answer 13

Confidentiality

Question 14

_____ provides confidentiality of data, including data-at-rest (any type of data stored on disk) or data-in-transit (any type of transmitted data).

Answer 14

Encryption

Question 15

____ ciphers encrypt data in fixed-size blocks. Advanced Encryption Standard (AES) and Twofish encrypt data in 128-bit blocks.

Answer 15

Block

Question 16

____ ciphers encrypt data 1 bit or 1 byte at a time. They are more efficient than block ciphers when encrypting data of an unknown size or when sent in a continuous stream. RC4 is a commonly used exampl

Answer 16

Stream

Question 17

Cipher modes include ____, _____, ____ and ____.

Answer 17

Electronic Codebook (ECB)
Cipher Block Chaining (CBC)
Counter (CTM) mode and Galois/Counter Mode (GCM).

Question 18

This cipher mode should not be used.

Answer 18

ECB

Question 19

This cipher mode is widely used because it is efficient and provides data authenticity.

Answer 19

GCM

Question 20

____, ____, and ____ are block ciphers that encrypt data in 64-bit blocks.

Answer 20

Data Encryption Standard (DES), Triple DES (3DES), and Blowfish

Question 21

____ is a popular symmetric block encryption algorithm, and it uses 128, 192, or 256 bits for the key.

Answer 21

AES

Question 22

____ encryption uses public and private keys as matched pairs.

Answer 22

Asymmetric

Question 23

Asymmetric encryption:

If the public key encrypted information, only the matching ____ key can decrypt it.

Answer 23

private

Question 24

Asymmetric encryption: If the private key encrypted information, only the matching ____ key can decrypt it.

Answer 24

public

Question 25

____ keys are always kept private and never shared. ____ keys are freely shared by embedding them in a
certificate.

Answer 25

Private

Public

Question 26

____ is a popular asymmetric algorithm. Many cryptographic protocols use it to secure data such as email and data transmitted over the Internet. It uses prime numbers to generate public and private keys.

Answer 26

RSA

Question 27

___ ____ _____ is an encryption technology commonly used with small wireless devices.

Answer 27

Elliptic curve cryptography (ECC)

Question 28

____-_____ provides a method to privately share a symmetric key between two parties.

Answer 28

Diffie-Hellman

Question 29

_____________ is a version of Diffie-Hellman that uses ECC to re-create keys for each session.

Answer 29

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)

Question 30

_____ is the practice of hiding data within a file. You can hide messages in the white space of a file without modifying its size. A more sophisticated method is by modifying bits within a file. Capturing and comparing hashes of files can discover these attempts.

Answer 30

Steganography

Question 31

When using digital signatures with email:
• The sender’s ____ key encrypts (or signs).
• The sender’s ____ key decrypts.

Answer 31

private

public

Question 32

A ____ ______ provides authentication (verified identification) of the sender, non- repudiation, and integrity of the message.

Answer 32

digital signature

Question 33

Senders create a digital signature by _____ a message and _____ the hash with the sender’s private key. Recipients decrypt the digital signature with the sender’s matching ____ key.

Answer 33

hashing
encrypting
public

Question 34

When encrypting email:
• The recipient’s ____ key encrypts.
• The recipient’s ____ key decrypts.

Answer 34

public

private

Question 35

Many email applications use the ____ key to encrypt a symmetric key, and then use the _____ key to encrypt the email contents.

Answer 35

public

symmetric

Question 36

____ and ____ secure email with encryption and digital signatures. They both use RSA, certificates, and depend on a PKI. They can encrypt email at rest (stored on a drive) and in transit (sent over the network).

Answer 36

S/MIME and PGP

Question 37

____ is the replacement for SSL. SSL is deprecated and should not be used.

Answer 37

TLS

Question 38

When encrypting web site traffic with TLS:
• The web site’s public key encrypts a _____ key.
• The web site’s private key ____ the symmetric key.
• The symmetric key _____ data in the session.

Answer 38

symmetric
decrypts
encrypts

Question 39

Weak cipher suites (such as those supporting SSL) should be _____ to prevent downgrade attacks.

Answer 39

disabled

Question 40

A ____ ____ ____ is a group of technologies used to request, create, manage, store, distribute, and revoke digital certificates. It allows two entities to privately share symmetric keys without any prior communication.

Answer 40

Public Key Infrastructure (PKI)

Question 41

Most public CAs use a ____ centralized CA trust model, with a root CA and intermediate CAs.

Answer 41

hierarchical

Question 42

A ___ issues, manages, validates, and revokes certificates.

Answer 42

CA

Question 43

____ certificates of trusted CAs are stored on computers. If it is not in the trusted store, web users will see errors indicating the certificate is not trusted or the CA is not recognized.

Answer 43

Root

Question 44

You request a certificate with a ___ ___ ___. You first create a private/ public key pair and include the public key in this place.

Answer 44

certificate signing request (CSR)

Question 45

CAs ____ certificates when an employee leaves, the private key is compromised, or the CA is compromised.

Answer 45

revoke

Question 46

A CRL identifies revoked certificates as a list of ____ ____.

Answer 46

serial numbers

Question 47

The CA publishes the _____, making it available to anyone. Web browsers can check certificates they receive from a web server against a copy of the _____ to determine if a received certificate is revoked.

Answer 47

CRL

Question 48

Public key _____ provides clients with a list of hashes for each public key it uses.

Answer 48

pinning

Question 49

Certificate _____ provides clients with a timestamped, digitally signed OCSP response. This is from the CA and appended to the certificate.

Answer 49

stapling

Question 50

User systems return errors when a system tries to use an _____ certificate.

Answer 50

expired

Question 51

A ____ ____ stores a copy of private keys used within a PKI. If the original private key is lost or inaccessible, the copy is retrieved from here, preventing data loss.

Answer 51

key escrow

Question 52

_____ certificates use a * for child domains to reduce the administrative burden of managing certificates. Subject Alternative Name (SAN) certificates can be used for multiple domains with different domain names.

Answer 52

Wildcard

Question 53

A ____ validated certificate indicates that the certificate requestor has some control over a DNS domain. _____ validation certificates use additional steps beyond domain validation to give users a visual indication that they are accessing the site.

Answer 53

domain

Extended

Question 54

___ is a binary format for certificates and ____ is an ASCII format.

Answer 54

CER

DER

Question 55

____ is the most commonly used certificate format and can be used for just about any certificate type.

Answer 55

PEM

Question 56

____ certificates are commonly used to share public keys. ____ and ___ certificates are commonly used to hold the private key.

Answer 56

P7B

P12 and PFX