CHAPTER 6 Questions Flashcards

1
Q

Ryan is responsible for managing the cryptographic keys used by his organization. Which of the following statements are correct about how he should select and manage those keys? (Choose all that apply.)

A. Keys should be sufficiently long to protect against future attacks if the data is expected to remain sensitive.
B. Keys should be chosen using an approach that generates them from a predictable pattern.
C. Keys should be maintained indefinitely.
D. Longer keys provide greater levels of security.

A

A. Keys should be sufficiently long to protect against future attacks if the data is expected to remain sensitive.
D. Longer keys provide greater levels of security.

Keys must be long enough to withstand attack for as long as the data is expected to remain sensitive. They should not be generated in a predictable way but, rather, should be randomly generated. Keys should be securely destroyed when they are no longer needed and not indefinitely retained. Longer keys do indeed provide greater security against brute-force attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

John recently received an email message from Bill. What cryptographic goal would need to be met to convince John that Bill was actually the sender of the message?

A. Nonrepudiation
B. Confidentiality
C. Availability
D. Integrity

A

A. Nonrepudiation

Nonrepudiation prevents the sender of a message from later denying that they sent it. Confidentiality protects the contents of encrypted data from unauthorized disclosure. Integrity protects data from unauthorized modification. Availability is not a goal of cryptography.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You are implementing AES encryption for files that your organization plans to store in a cloud storage service and wish to have the strongest encryption possible. What key length should you choose?

A. 192 bits
B. 256 bits
C. 512 bits
D. 1,024 bits

A

B. 256 bits

The strongest keys supported by the Advanced Encryption Standard are 256 bits. The valid AES key lengths are 128, 192, and 256 bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are creating a security product that must facilitate the exchange of symmetric encryption keys between two parties that have no way to securely exchange keys in person. What algorithm might you use to facilitate the exchange?

A. Rijndael
B. Blowfish
C. Vernam
D. Diffie–Hellman

A

D. Diffie–Hellman

The Diffie–Hellman algorithm allows the exchange of symmetric encryption keys between two parties over an insecure channel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What occurs when the relationship between the plaintext and the key is complicated enough that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key? (Choose all that apply.)

A. Confusion
B. Transposition
C. Polymorphism
D. Diffusion

A

A. Confusion
D. Diffusion

Confusion and diffusion are two principles underlying most cryptosystems. Confusion occurs when the relationship between the plaintext and the key is so complicated that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key. Diffusion occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Randy is implementing an AES-based cryptosystem for use within his organization. He would like to better understand how he might use this cryptosystem to achieve his goals. Which of the following goals are achievable with AES? (Choose all that apply.)

A. Nonrepudiation
B. Confidentiality
C. Authentication
D. Integrity

A

B. Confidentiality
C. Authentication
D. Integrity

AES provides confidentiality, integrity, and authentication when implemented properly. Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely denying that they originated a message and cannot be achieved with a symmetric cryptosystem, such as AES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Brian encountered encrypted data left on one of his systems by attackers who were communicating with one another. He has tried many cryptanalytic techniques and was unable to decrypt the data. He believes that the data may be protected with an unbreakable system. When correctly implemented, what is the only cryptosystem known to be unbreakable?

A. Transposition cipher
B. Substitution cipher
C. Advanced Encryption Standard
D. One-time pad

A

D. One-time pad

Assuming that it is used properly, the one-time pad is the only known cryptosystem that is not vulnerable to attacks. All other cryptosystems, including transposition ciphers, substitution ciphers, and even AES, are vulnerable to attack, even if no attack has yet been discovered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Helen is planning to use a one-time pad to meet a unique cryptographic requirement in her organization. She is trying to identify the requirements for using this cryptosystem. Which of the following are requirements for the use of a one-time pad? (Choose all that apply.)

A. The encryption key must be at least one-half the length of the message to be encrypted.
B. The encryption key must be randomly generated.
C. Each one-time pad must be used only once.
D. The one-time pad must be physically protected against disclosure.

A

B. The encryption key must be randomly generated.
C. Each one-time pad must be used only once.
D. The one-time pad must be physically protected against disclosure.

The encryption key must be at least as long as the message to be encrypted. This is because each key element is used to encode only one character of the message. The three other facts listed are all characteristics of one-time pad systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Brian administers a symmetric cryptosystem used by 20 users, each of whom has the ability to communicate privately with any other user. One of those users lost control of their account and Brian believes that user’s keys were compromised. How many keys must he change?

A. 1
B. 2
C. 19
D. 190

A

C. 19

In a symmetric cryptosystem, a unique key exists for each pair of users. In this case, every key involving the compromised user must be changed, meaning that the key that the user shared with each of the other 19 users must be changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message?

A. Stream cipher
B. Caesar cipher
C. Block cipher
D. ROT3 cipher

A

C. Block cipher

Block ciphers operate on message “chunks” rather than on individual characters or bits. The other ciphers mentioned are all types of stream ciphers that operate on individual bits or characters of a message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

James is the administrator for his organization’s symmetric key cryptographic system. He issues keys to users when the need arises. Mary and Beth recently approached him and presented a need to be able to exchange encrypted files securely. How many keys must James generate?

A. One
B. Two
C. Three
D. Four

A

A. One

Symmetric key cryptography uses a shared secret key. All communicating parties utilize the same key for communication in any direction. Therefore, James only needs to create a single symmetric key to facilitate this communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present. What type of technique is he using?

A. Split knowledge
B. M of N Control
C. Work function
D. Zero-knowledge proof

A

B. M of N Control

. M of N Control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks. M of N Control is an example of a split knowledge technique, but not all split knowledge techniques are used for key escrow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is used to increase the strength of cryptography by creating a unique ciphertext every time the same message is encrypted with the same key?

A. Initialization vector
B. Vigenère cipher
C. Steganography
D. Stream cipher

A

A. Initialization vector

An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique ciphertext every time the same message is encrypted with the same key. Vigenère ciphers are an example of a substitution cipher technique. Steganography is a technique used to embed hidden messages within a binary file. Stream ciphers are used to encrypt continuous streams of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tammy is choosing a mode of operation for a symmetric cryptosystem that she will be using in her organization. She wants to choose a mode that is capable of providing both confidentiality and data authenticity. What mode would best meet her needs?

A. ECB
B. GCM
C. OFB
D. CTR

A

B. GCM

Galois/Counter Mode (GCM) and Counter with Cipher Block Chaining Message Authentication Code mode (CCM) are the only two modes that provide both confidentiality and data authenticity. Other modes, including Electronic Code Book (ECB), Output Feedback (OFB), and Counter (CTR) modes, only provide confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Julie is designing a highly secure system and is concerned about the storage of unencrypted data in RAM. What use case is she considering?

A. Data in motion
B. Data at rest
C. Data in destruction
D. Data in use

A

D. Data in use

Data that is stored in memory is being actively used by a system and is considered data in use. Data at rest is data that is stored on nonvolatile media, such as a disk. Data in motion is being actively transferred over a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Renee conducted an inventory of encryption algorithms used in her organization and found that they are using all of the algorithms below. Which of these algorithms should be discontinued? (Choose all that apply.)

A. AES
B. DES
C. 3DES
D. RC5

A

B. DES
C. 3DES

The Advanced Encryption Standard (AES) and Rivest Cipher 6 (RC6) are modern, secure algorithms. The Data Encryption Standard (DES) and Triple DES (3DES) are outdated and no longer considered secure.

17
Q

Which one of the following encryption algorithm modes suffers from the undesirable characteristic of errors propagating between blocks?

A. Electronic Code Book
B. Cipher Block Chaining
C. Output Feedback
D. Counter

A

B. Cipher Block Chaining

One important consideration when using CBC mode is that errors propagate—if one block is corrupted during transmission, it becomes impossible to decrypt that block and the next block as well. The other modes listed here do not suffer from this flaw.

18
Q

Which one of the following key distribution methods is most cumbersome when users are located in different geographic locations?

A. Diffie–Hellman
B. Public key encryption
C. Offline
D. Escrow

A

C. Offline

Offline key distribution requires a side channel of trusted communication, such as in-person contact. This can be difficult to arrange when users are geographically separated. Alternatively, the individuals could use the Diffie–Hellman algorithm or other asymmetric/public key encryption technique to exchange a secret key. Key escrow is a method for managing the recovery of lost keys and is not used for key distribution.

19
Q

Victoria is choosing an encryption algorithm for use within her organization and would like to choose the most secure symmetric algorithm from a list of those supported by the software package she intends to use. If the package supports the following algorithms, which would be the best option?

A. AES-256
B. 3DES
C. RC4
D. Skipjack

A

A. AES-256
The AES-256 algorithm is a modern, secure cryptographic algorithm. 3DES, RC4, and Skipjack are all outdated algorithms that suffer from significant security issues.

20
Q

The Jones Institute has six employees and uses a symmetric key encryption system to ensure confidentiality of communications. If each employee needs to communicate privately with every other employee, how many keys are necessary?

A. 1
B. 6
C. 15
D. 30

A

C. 15

A separate key is required for each pair of users who want to communicate privately. In a group of six users, this would require a total of 15 secret keys. You can calculate this value by using the formula (n * (n – 1) / 2). In this case, n = 6, resulting in (6 * 5) / 2 = 15 keys.