Chapter 3 (Sybex)

Question 1

You decided to start a new consulting business. You began the risk analysis process and developed employee policies and research and test third party security. What is the riskiest problem for SOHO?

A. Mobile devices
B. Email
C. Training
D. Guidelines

Answer 1

A. Mobile devices

Explanation:
Mobile devices present the weakest security link. Every mobile device represents a potential vector of compromise by attackers. Even with passwords, facial recognition, thumbprint scanners, and remote wipe capabilities, BYOD remains a vulnerability for many organizations.

Question 2

A new program that you are in charge of requires replacing legacy hardware and software. These applications will touch three major operational systems in the company. You establish security requirements and engage with the infrastructure and networking. What is your next step?

A. Document all requirements, both technical and non technical
B. Organize a tabletop exercise with all the technical personnel.
C. Communicate the security requirements with all stakeholders
D. Meet with database and application consultants for migration advice

Answer 2

C. Communicate the security requirements with all stakeholders

Explanation:
After you have established security requirements when replacing legacy equipment, those requirements need to be escalated and communicated to all stakeholders in the project

Question 3

You are helping develop a security awareness policy that focuses on social engineering and email safety. You are working on a section that helps employees avoid malware downloads via phishing. What would not be beneficial in this policy?

A. Not using public WiFi on mobile devices
B. Using antimalware and anti phishing software
C. Using digital certificates
D. Not sharing personal information in email?

Answer 3

A. Not using public WiFi on mobile devices

Explanation:
Public Wifi can be dangerous if not used correctly, but it would not be as important in this policy making situation. Public WiFi rules and guidelines would belong in your Internet usage policy

Question 4

You are in a large scale enterprise organization, and your IT administrators do not have time to manually distribute certificates to mobile devices. What is the best protocol to use?

A. MDM
B. ICMP
C. RDP
D. SCEP

Answer 4

D. SCEP

Explanation:
The Simple Certificate Enrollment Protocol (SCEP) is a standard protocol used for certificates. It is mostly used for certificate based authentication where access to WiFi, VPN and email is deployed using certificates. Advantages are no intervention by users and secure encrypted network communication

Question 5

Your staff wants to use Bluetooth on their networked mobile devices, and you were asked to be the Bluetooth administrator. What type of network are you implementing?

A. MAN
B. LAN
C. WLAN
D. PAN

Answer 5

D. PAN

Explanation:
Bluetooth is described as a personal area network (PAN). A PAN is used to create a network to connect and share data with devices that are close together. A network of a PC, a phone, printer and wireless headphones would be a PAN. A MAN is a metropolitan area network, a LAN is local, and a WLAN is a wireless

Question 6

You work for a university and are monitoring your dedicated faculty wireless network. You have configured WiFi profiles to deploy wireless network settings to users in your organization, but you still see many unauthorized mobile devices connected to the network. Malicious activity has been reported. Your IT security manager suggested adding contextual authentication. Which of the following falls in that category?

A. GPS
B. IDS
C. MAC Filtering
D. Bluetooth

Answer 6

A. GPS

Explanation: A common contextual authentication method is using a geographic location or the time of day. If a professor typically accesses their account during their planning period while in a certain location like their office or classroom, any login attempt that falls outside those parameters will fail

Question 7

Some employees were issued NFC capable corporate phones. As part of the security department, you are tasked with recommending how to use these devices securely. Which answer should be included in your recommendation?

A. Keeping patches up to date
B. Turning off pairing mode
C. Turning off discovery mode
D. Turning on NFC when not in use

Answer 7

A. Keeping patches up to date

Explanation:
Keeping your near field communication capable device up to date and off when not in use are two recommendations that should be mentioned. Like most things in cyber; if you do not need it, turn it off to shrink your attack surface

Question 8

You are employed in a high risk geographically diverse production environment. Which of these options would best reason to deploy link encryption to reduce risk?

A. Link encryption provides better flow confidentiality and routing
B. Link encryption encrypts routing information and is often used with satellite communication
C. Link encryption is used for message confidentiality
D. Link encryption is implemented for better traffic integrity

Answer 8

A. Link encryption provides better flow confidentiality and routing

Explanation:
Link encryption is a way to secure your data by encryption the information at the Data Link layer as it is transmitted between two points

Question 9

Instead of having salespeople travel back to the corporate office to upload customer information and to download a new electronic marketing materials, upper management tasked the IT department with recommending a secure but simple to use solution. This solution should enable the salespeople to remain in the field but utilize internet access to transfer the necessary information to and from the corporate office. All salespeople are familiar with using a web browser. What solution best suites this need?

A. A VPN solution using SSL/TLS via a web browser
B. A VPN solution using an application solution with IPSec
C. A VPN solution using a web browser with WAF
D. A VPN solution using an application solution with HIDS

Answer 9

A. A VPN solution using SSL/TLS via a web browser

Explanation:
A VPN using SSL/TLS via a web browser is likely the best solution. It provides secure communication with the corporate office as well as ease of use because it uses a web browser interface

Question 10

You were tasked with choosing the correct encryption for your mobile device management program. Which asymmetric encryption algorithm is best suited for mobile devices?

A. AES
B. ECC
C. IDEA
D. Serpent

Answer 10

B. ECC

Explanation:
The Elliptic Curve Cryptography (ECC) algorithm is ideal for mobile devices because it requires less computational power to calculate yet is considered very secure. AES encryption is commonly used in wireless security, processor security, file encryption and SSL/TLS. IDEA was used in Pretty Good Privacy (PGP) v2.0 and Serpent encryption was a runner up to AES but has not been patented

Question 11

You deployed containers to bundle and run applications in your production environment. You need a way to manage the containers and to ensure that there is no downtime. If one container goes down, another one needs to spin up. Which technology will allow you to not spin up machines manually in case of a failure?

A. Kubernetes
B. Instantiation
C. Rollback
D. Tiagra

Answer 11

A. Kubernetes

Explanation:
Kubernetes provides a framework to run resilient distributed systems. It takes care of scaling systems, failovers and load balancing and it can even be configured to kill containers that fail a health check

Question 12

A governmental agency purchases new computers for its employees and wants to ensure that the computers boot loader process is protected from rootkits loading during startup. What protection mechanism requires UEFIs Secure Boot Process and TPM encryption to work together to ensure that an OS is allowed to load and to specify which parts of the process are allowed to execute?

A. Early Launch Antimalware
B. Integrity Measurement Architecture
C. Measured Launch
D. Attestation Services

Answer 12

C. Measured Launch

Explanation:
Measured Launch is a boot loader protection mechanism and relies on UEFIs Secure Boot and TPM encryption to ensure that an OS is allowed to load and specify which parts are allowed to execute. It is sometimes referred to as a measured boot

Question 13

As a security engineer, you discovered that some of your computers are still using BIOS for hardware initialization. What security feature is missing from BIOS that is available using UEFI?

A. Loads boot loader
B. Setting system clock
C. Secure boot
D. Initializes system hardware components

Answer 13

C. Secure boot

Explanation:
Secure Boot is a security feature available in Unified Extensible Firmware Interface (UEFI). It only allows OS boot loaders certified by the software vendor

Question 14

A company outsources payroll and is concerned about whether the right technical and legal agreement needs to be set in place about the data. Which type of interoperability agreement can you use to make sure the data is encrypted while in transit and at rest?

A. BPA
B. MOU
C. ISA
D. NDA

Answer 14

C. ISA

Explanation:
An interconnection security agreement (ISA) specifically identifies the technical requirements for secure connections (NIDS or NIPS) and ensures that the data is encrypted properly. A BPA is a business partnership agreement and an MOU is a memorandum of understanding between two parties that need to work together. An NDA is a nondisclosure agreement or confidentiality that is signed by two parties and outlines confidential material, or information that the parties need to share with each other.

Question 15

You travel a great deal for work. What tool would you use to find a hidden infrared camera in your hotel room?

A. Fuzzer
B. Metal detector
C. Tethering
D. Smartphone

Answer 15

D. Smartphone

Explanation:
Smartphones today have very advanced technology, including system on a chip (SOC) embedded architecture. A SOC can include a primary CPR, graphics processor, flash memory, and voltage regulator. The cameras on modern smartphones are so sophisticated that they can pick up on infrared light and the illuminating light from IR cameras

Question 16

Because of your facility’s geolocation and its propensity for hurricanes, you are tasked with finding another data processor facility to provide you with a location in case of a natural disaster. You are negotiating a contract with an organization with HVAC, power, water and communication but no hardware. What kind of facility are you building?

A. PLC
B. Warm Site
C. Safety Instrumented System
D. Cold Site

Answer 16

D. Cold Site

Explanation:
A cold site has infrastructure only, perhaps four walls and heating/ventilation and air conditioning (HVAC). A warm site is between two buildings - a building with HVAC, running water and power and after a backup, these assets are ready to be networked and have the business up and running in a reasonable amount of time.
A PLC is an industrial computer with a high degree of reliability capable of running a program without interruption in a 24/7/365 environment and can sometimes be found in an HVAC. A Safety Instrumented System is used specifically on crittical systems. It is made up of sensors, logic solvers and control elements. The logic solver drives the control elements to the state required to provide a safe state if the inputs indicate an abnormal situation

Question 17

Sarah has been added to the operations team to conduct the annual business impact analysis (BIA) evaluation with a focus on new cloud infrastructure. She has been charged with updating this document. This BIA will identify which of the following?

A. The impact of vulnerabilities to the organization
B. How best to reduce threats efficiently
C. The exposure to loss within the organization
D. How to bring about change based on the impact to operations

Answer 17

C. The exposure to loss within the organization

Explanation:
The BIA is a process that identifies critical functions within a business that predicts what the end results will be if there is a disruption. Potential effects includes the loss of data or backups, equipment, and revenue, loss of staff, reputational damage and other types of business losses. Business impact analysis is an important stage in developing a disaster recovery (DR) plan that will ensure operation of a company’s infrastructure and applications in case of a major outage. A comprehensive disaster recovery BIA report is one of the most crucial elements required to devise an emergency response strategy

Question 18

You need a hardware solution that will provide your employees with a secure way to store digital certificates and private keys. The solution must be mobile. Which of the following options best suits your needs?

A. PKI Token
B. PKI Badge
C. Token Ring
D. RAID

Answer 18

A. PKI Token

Explanation:
A PKI token is a hardware device used to store digital certificates and private keys., The encryption and decryption are performed on the hardware itself.

Question 19

You completed the inventory of your existing virtual web applications and must sort them in order of priority. Your list is quite long and if you do not prioritize, it will be difficult to know which application to focus on first. What would not be a category rating?

A. Normal
B. Baseline
C. Serious
D. Critical

Answer 19

B. Baseline

Explanation:
A critical application would be externally facing and have customer information that needs protecting. These applications would need to be managed and tested first because they would be targeted by attackers. Serious applications may be internal or external and have sensitive information. Normal applications would be at the bottom of the list and would be included in tests only after critical and serious applications are fully tested

Question 20

Tim, a network engineer, is working on a mis configured router at a remote office. He successfully connects a telephone line and modem to the router so that he can access the router if the single network circuit fails. What is this type of connected referred to as?

A. Failover management
B. Redundant management
C. Out of band management
D. Standby management

Answer 20

C. Out of band management

Explanation:
In computer networking, out of band data is the data transferred through a mechanism that is independent from the main in band data stream. This type of configuration provides out of band management of the router should the primary management method fail

Question 21

Your business cannot overlook the need for allowing remote access and collaboration tools to employees. You never know when an employee will need to connect to the corporate intranet from a remote location. The first thing to do is create a comprehensive network security policy. Which one of these will not fit into that policy?

A. Definition of the classes of users and their level of access
B. Identification of devices allowed to connect through a VPN
C. The maximum idle time before automatic termination
D. Allow list ports and protocols necessary to everyday tasks

Answer 21

D. Allow list ports and protocols necessary to everyday tasks

Explanation:
Defining user access as well as devices and idle time are especially important to a network security policy. You should also decide what authentication methods are used, how authentication will be implemented and what the standard operating procedures are should your organization be compromised.

Question 22

You manage a CA on your global corporate network. When a certificate authority revokes a certificate, what certificate information is placed on the revocation list?

A. Certificate’s private key
B. Certificate’s public key
C. Certificate’s serial number
D. Certificate’s hash

Answer 22

C. Certificate’s serial number

Explanation:
Certificates are managed via their serial number. If a certificate is revoked, the certificate’s serial number is placed on the revocation list

Question 23

You work with an intermediate certificate authority to create digital certificates for your organization. What cryptographic key do you provide to the intermediate certificate authority?

A. You do not provide keys to the certificate authority
B. You provide both the private and public keys
C. You provide the private keys
D. You provide the public keys

Answer 23

D. You provide the public keys

Explanation:
You will provide the intermediate certificate authority with the public key so that it can be included in the digital certificate. Private keys always stay private and are never given out to others.

Question 24

Your company relies on certificates to verify entities it does business with. It is important that the validity of certificates is verified as quickly as possible. What method of checking certificate validity is best for this situation?

A. CRL
B. OCSP
C. CLR
D. OSCP

Answer 24

B. OCSP

Explanation:
Online Certificate Status Protocol (OCSP) is a protocol designed to quickly check individual certificates with the issuing certificate authority in real time

Question 25

You want to send a confidential message to a colleague in such a way that only the colleague can read it. You encrypt the message and then send it. What key is used to decrypt the message?

A. Your public key
B. Your private key
C. Your colleague’s public key
D. Your colleague’s private key

Answer 25

D. Your colleague’s private key

Explanation:
If the colleague’s public key is used to encrypt the message, only the colleague’s private key can decrypt it. Because the colleague is the only one with their private key, it ensures that only the colleague can read the message.

Question 26

You want to verify the trustworthiness of a user’s digital certificate signed by a certificate authority by using a trust anchor. What type of certification is this?

A. Wildcard certification
B. Perpetual certification
C. Cross certification
D. Root certification

Answer 26

C. Cross certification

Explanation:
A trust anchor is a CA verification key used by the client application as the starting point for all certificate validation. If the users trust anchor is not in the users local CA, then the users local CA is a subordinate CA. The user’s trust anchor is the public key of the root CA of the hierarchy. All certificate validation by clients within a hierarchy starts with the root CAs public key

Question 27

Don has a list of all the CA profiles he would like to add to a trusted group. What component of the PKI process defines how the CA interacts with the CRL?

A. Profile
B. Enrolment
C. Revocation
D. Validation

Answer 27

A. Profile

Explanation:
The certificate authority (CA) prolife defines every factor associated with a specific certificate to establish secure connections between two endpoints. The profile specify which certificate to use, how to verify certificate revocation status, and how that status limits access. You can configure and assigned a trusted CA group for authentication. When a peer tries to establish a connection with a client, only the certificate issued by that particular trusted CA of that entity gets validated.

Question 28

Russell and Otis are discussing a significant difference between an HMAC of input data and a hash of input data. What exactly is the difference between an HMAN and a hash of a span of input data?

A. Keyed hash
B. Hybrid
C. SSL/TLS
D. Cipher

Answer 28

A. Keyed hash

Explanation:
HMAC is a keyed hash of data. HMAC stands for Keyed Hashing for Message Authentication. It is a message authentication code created by running a cryptographic hash function (like MD5, SHA1 and SHA256) over the data (to be authenticated) and a shared secret key. HMACs are similar to digital signatures. They both enforce integrity and authenticity. They both use cryptographic keys and they both employ hash functions. The main differences is that digital signatures use asymmetric keys, where as HMACs use symmetric keys. An HMAC also provides collision resistance. In order to generate an HMAC, you require a key. If you only share this key with trusted parties, given an HMAC signature, you can be confident that only one of the trusted parties could have generated that signature.

Question 29

A network engineer wants to configure a router so that remote connections to it via SSH are possible. Which of the following commands must be entered after the line vty 0 4 command to ensure that only SSH connections are allowed?

A. transport secure
B. transport ssh
C. transport input secure
D. transport input ssh

Answer 29

D. transport input ssh

Explanation:
When this command is entered, only SSH connections are allowed. Additional commands are required to configure SSH use on a router, but the answer is required under the line vty 0 4 command to enable its use.

Question 30

You intend to use asymmetric encryption to transmit various amounts of data from one endpoint to another over the Internet. You are concerned that if the private key used for this transmission is compromised, all encrypted data will be exposed. What technology could you use that generates temporary session keys base don your asymmetric keys?

A. Perfect Forward Secrecy
B. ECDH
C. ECDSA
D. RSA

Answer 30

A. Perfect Forward Secrecy

Explanation:
Perfect Forward Secrecy is a way of protecting your asymmetric keys by only using these keys to generated temporary session keys based on your asymmetric keys. By doing this, your actual key pair is never used to encrypt and decrypt the data. Also, these temporary keys are periodically changed, so if any temporary key is compromised, only the data encrypted with the temporary key is exposed. All other sessions are still secure.

Question 31

You have been given a USB with hardware drivers form a coworker. How can you ensure that the drivers have not been tampered with?

A. MD5 hashes on the Internet
B. SHA-1 hashes on the developers website
C. Scan with a vulnerability scanner
D. Scan with asymmetric algorithms

Answer 31

B. SHA-1 hashes on the developers website

Explanation:
Most developers will provide a hash (Both SHA1 and MD5) for files to be downloaded from their site to make sure that the file is not corrupted during download or tampered with

Question 32

Which method of encryption makes use of a single shared key?

A. SHA
B. ECC
C. 3DES
D. AES

Answer 32

C. 3DES

Explanation:
Triple DES is a symmetric encryption algorithm and uses a single shared key. It is based on the DES algorithm. It has the advantage of proven reliability and a longer key length that eliminates many of the attacks that can be used to reduce the amount of time it takes to break DES.

Question 33

Collin has accepted a new position in cybersecurity at a research company and his first task is implementing a private key cryptographic system. What will be his biggest challenge?

A. Protecting the CA
B. Keeping the key secure
C. Calculating return on investment
D. Authenticating the end user

Answer 33

B. Keeping the key secure

Explanation:
Keeping the key secure will be the biggest challenge. There is no certificate authority in private key encryption, only in public key encryption. The task was given to implement, not evaluate, so calculating the ROI would not be a challenge and no user authentication is required for symmetric encryption

Question 34

Abdul’s organization is trying to decide whether to use RSA or ECC to encrypt cellular communications. What is the advantage of ECC over the RSA algorithm?

A. ECC uses curves to improve reliability
B. ECC uses curves instead of keys
C. ECC requires fewer resources
D. ECC cannot be used for digital signatures

Answer 34

C. ECC requires fewer resources

Explanation:
ECC has improved efficiency and requirement of fewer resources than RSA. ECC has a higher strength per bit than an RSA. ECC is a method used to implement public key (asymmetric) cryptography.

Question 35

Stanton is using RSA encryption. Which of the following is a characteristic of the RSA encryption algorithm?

A. It is a symmetric algorithm
B. It uses prime numbers
C. It uses composite numbers
D. It uses identical keys for encryption and decryption

Answer 35

B. It uses prime numbers

Explanation:
The asymmetric RSA encryption algorithm uses prime numbers to generate keys. A prime number is a number that has exactly two factors: 1 and the number itself. Encryption algorithms ensure the confidentiality of data. RSA is considered secure only if the prime numbers are large enough, so it is recommended that RSA keys be at least 2,048 bits long. Symmetric algorithms use identical keys for encryption and decryption. A composite number has more than two factors, which means apart from getting divided by number 1 and itself, it can also be divided by at least one integer or number

Question 36

Carmela is worried about key escrow for her organization. The purpose of key escrow is to enable a trusted third party to do which of the following?

A. Back up encrypted data
B. Decrypt backup data
C. Verify identity using a digital certificate
D. Access sensitive data if required

Answer 36

D. Access sensitive data if required

Explanation:
The purpose of key escrow is to enable a trusted third party to access sensitive data if needed. The escrow agent would have the encryption keys and provide those keys to the investigating entity upon proof of rightful access to the encrypted data, such as court ordered

Question 37

Stacy is a security analyst for her firm and is responsible for the security of all telecommunication and collaborating tools. Most recently she has been investigating encryption in videoconferencing and decided to recommend keeping Zoom as their videoconferencing tool. What encryption did Zoom upgrade to make Stacy feel more comfortable with the software?

A. AES with ECB
B. AES with GCM
C. 3DES with GCM
D. AES with DES

Answer 37

B. AES with GCM

Explanation:
Up until early 2020, Zoom used 128 bit AES keys with ECB (Electronic Code Book), which has been provide to be insecure. Zoom has upgraded to 256 bit AES with Galois/Counter Mode (GCM) GCM is ideal for videoconferencing since it is a stream cipher rather than a block cipher

Question 38

David is investigating ECC cryptography and analyzing which size curve to use. Which of these is recommended by the NSA?

A. P-192
B. P-256
C. P-384
D. P-128

Answer 38

C. P-384

Explanation:
Various elliptic curves use din ECC have different properties. P-384 is the elliptic curve that the NSA recommends everyone use until post quantum methods have been standardized. It provides 192 bits of security, whereas more commonly used curves provide 128 bits.

Question 39

Bess needs to use encryption that provides better protection due to the fact that it creates a unique session key for each transaction. Which of these is her best option?

A. FS
B. Skipjack
C. P-256
D. BCrypt

Answer 39

A. FS

Explanation:
Forward Secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised. FS encryption systems change the keys used to encrypt and decrypt information frequently and automatically. This ongoing process ensures that even if the most recent key is compromised, a minimal amount of sensitive data is exposed.

Question 40

Valentino is looking to use a simple function to make encryption keys more resistant to dictionary attacks. What function best meets his need?

A. IPSec
B. PBKDF2
C. S/MIME
D. EAP

Answer 40

B. PBKDF2

Explanation:
Password Based Key Derivation Function 2 (PBKDF2) is a simple cryptographic key derivation function that is resistant to dictionary attacks and rainbow table attacks. It is based on interactively deriving HMAC many times with some padding. Today PBKDF2 is considered less secure than modern KDF functions, so it is recommended that you use bcrypt or Argon2 instead

Question 41

Your small company wants to utilize asymmetric encryption to send secure emails but doesn’t want the expense of using a certificate authority. Which of the following options is a good alternative?

A. PKI
B. CA/RA
C. GPG
D. Kerberos

Answer 41

C. GPG

Explanation:
GNU Privacy Guard (GPG) is a free asymmetric encryption system in which the end users have to manage the keys and have to verify public key identities

Question 42

You work for a company that has the Microsoft Windows OS deployed on its computers. Various versions of Windows are being used within your organization. You want to take advantage of EFS to secure individual files on these systems. Which filesystem supports EFS?

A. FAT16
B. EXT4
C. FAT32
D. NTFS

Answer 42

D. NTFS

Explanation:
The Encrypting File System (EFS) is a component of the New technology File System (NTFS). Other filesystems do not support EFS

Question 43

Your CISO was notified that your network is compromised. The first thing your security department needs to understand is what the attacker stole. After security knows what was stolen, what is the best follow up question to ask?

A. Can the attackers use our data
B. How did they get in?
C. How do we keep it from happening again?
D. How did they know we had been hacked?

Answer 43

A. Can the attackers use our data

Explanation:
Attackers steal data all the time, but most of the time it is/should be unusable due to strong encryption. If the data stolen is in cleartext or with weak encryption, it changes the trajectory of your disaster recovery process

Question 44

You are a security analyst assigned a ticket put in by a website designed stating “Our website has an invalid or missing intermediate certificate. This may not break the padlock on all browsers but will on other. Please contact our SSL vendor. What should you do first?

A. Check that the certificate is installed correctly
B. Contact the SSL vendor
C. Reassign the ticket back to the website designed
D. Test all browsers

Answer 44

A. Check that the certificate is installed correctly

Explanation:
Intermediate certificates are used as a stand in for your root certificate. You use intermediate certificates as a proxy because you must keep your root certificate behind many layers of security, ensuring its keys are absolutely inaccessible. Because the root certificate itself signed the intermediate certificate, the intermediate certificate can be used to sign the SSLs your customers install and maintain the chain of trust

Question 45

Harley is getting the error in Chrome and other browsers: ERR_SSL_VERSION_OR_CIPHER_MISMATCH. What does the error mean?

A. The browser is not compatible with the website
B. The browser re0quires a credit card on file
C. The browser needs updating
D. The browser has deemed the website unsafe

Answer 45

D. The browser has deemed the website unsafe

Explanation:
The error ERR_SSL_VERSION_OR_CIPHER_MISMATCH occurs when a users browser cannot establish a secure connection with a web server that uses HTTPS and SSL. The issue may lie in the server configuration or locally on the users computer.

Question 46

Evan has been placed in charge of key management and deciding how long the crypto period is for each key. A crypto period is the time span in which a key is authorized for use. What happens after that key expires?

A. The key is deleted
B. The key is rekeyed
C. The key is revoked
D. The key is recut

Answer 46

B. The key is rekeyed

Explanation:
Encryption key management is administering the full life cycle of cryptographic keys. According to NIST, this includes generating, using, storing, archiving and deleting keys. Protection of the encryption keys includes limiting access to the keys physically, logically and through user/role access. Encryption keys usually have a set expiration date so that data encryption can be renewed or rotated regularly, theoretically adding to the inherent protection encryption can provide. New, cryptographic key material is re-keyed, and a new expiration date is set

Question 47

Tim is writing code specifically to make it hard to understand and thus make it more difficult to attack or to copy. What technique is he using?

A. Encoding
B. Obfuscation
C. Encrypted
D. Hashing

Answer 47

B. Obfuscation

Explanation:
Obfuscation is used to prevent people from understanding the meaning of something and is often used with computer code to help prevent successful reverse engineering or theft of a products functionality. Encoding is for maintaining data usability and can be reversed easily. Encryption is used for confidentiality, and hashing is done for integrity

Question 48

Johnny is writing a new security policy regarding encryption. One of thew new line items is rotating root keys regularly and during special events like a system admin getting terminated. What does regular rotation of root keys provide?

A. Quantum safe protection
B. Protects the user from obfuscation
C. A new key just in case the old one is compromised
D. Protects the encryption algorithm

Answer 48

C. A new key just in case the old one is compromised

Explanation:
it is best practice to rotate your root keys on a regular basis. Regular rotations reduce what is known as the crypto period of the key and can also be used in specific cases such as personnel turnover, process malfunctions, or the detection of a security issue. This can be done automatically on a specxific interval or manually if you want more control over the frequency of rotation.