Cryptographic Tools and Techniques

Question 1

You have been asked by a member of senior management to explain the importance of encryption and define what symmetric encryption offers. Which of the following offers the best explanation? 
A. Non-repudiation 
B. Confidentiality 
C. Hashing 
D. Privacy and authentication

Answer 1

B. Symmetric encryption offers privacy and can be used for authentication. However, symmetric encryption can suffer from problems with key distribution and key management.

Question 2

As the security administrator for your organization, you must be aware of all types of hashing algorithms. Which algorithm was developed by Ron Rivest and offers a 128-bit output? 
A. AES 
B. DES 
C. MD5 
D. RC4

Answer 2

C. The MD algorithms are a series of cryptographic algorithms that were developed by Ron Rivest. MD5 processes a variable-size input and produces a fixed 128-bit output.

Question 3

A coworker is concerned about the veracity of a claim because the sender of an email denies sending it. The coworker wants a way to prove the authenticity of an email. Which would you recommend? 
A. Hashing 
B. Digital signature 
C. Symmetric encryption 
D. Asymmetric encryption

Answer 3

B. A digital signature is a hash value that has been encrypted with the private key of the sender. It is used for authentication and integrity. Digital signatures provide authenticity.

Question 4

A junior administrator at a sister company called to report a possible exposed private key that is used for PKI transactions. The administrator would like to know the easiest way to check whether the lost key has been flagged by the system. What are you going to recommend to the administrator? 
A. Hashing 
B. Issuance to entities 
C. Online Certificate Status Protocol 
D. Wildcard verification

Answer 4

C. The easiest way to check whether the lost key has been flagged by the system is to use the Online Certificate Status Protocol to check the certificate and verify if it is valid.

Question 5

You’ve discovered that an expired certificate is being used repeatedly to gain logon privileges. To what list should the certificate have been added? 
A. Wildcard verification 
B. Expired key revocation list 
C. Online Certificate Status Protocol 
D. Certificate revocation list (CRL)

Answer 5

D. A CRL lists revoked certificates.

Question 6

A junior administrator comes to you in a panic after seeing the cost for certificates. She would like to know if there is a way to get one certificate to cover all domains and subdomains for the organization. What solution can you offer? 
A. Wildcards 
B. Blanket certificates 
C. Distributed certificates 
D. No such solution exists

Answer 6

A. Wildcard certificates allow the purchaser to secure an unlimited number of subdomain certificates on a domain name.

Question 7

Which of the following is not an advantage of symmetric encryption?
A. It’s powerful.
B. A small key works well for bulk encryption.
C. It offers confidentiality.
D. Key exchange is easy.

Answer 7

D. Symmetric encryption does not provide for easy key exchange.

Question 8

Most authentication systems make use of a one-way encryption process. Which of the following best offers an example of one-way encryption? 
A. Asymmetric encryption 
B. Symmetric encryption 
C. Hashing 
D. PKI

Answer 8

C. Most authentication systems make use of a one-way encryption process known as hashing. One of the strengths of a hash is that it cannot be easily reversed.

Question 9

Which of the following is an early form of encryption also known as ROT3? 
A. Transposition cipher 
B. Substitution cipher 
C. Scytale 
D. Caesar’s cipher

Answer 9

D. Caesar’s cipher is known as ROT3 cipher, because you move forward by three characters to encrypt and back by three characters to decrypt.

Question 10

Which type of encryption best offers easy key exchange and key management? 
A. Symmetric 
B. Asymmetric 
C. Hashing 
D. Digital signatures

Answer 10

B. Asymmetric encryption offers easy key exchange and key management. However, it requires a much larger key to have the same strength as symmetric encryption.

Question 11

SSL and TLS can best be categorized as which of the following? 
A. Symmetric encryption systems 
B. Asymmetric encryption systems 
C. Hashing systems 
D. Hybrid encryption systems

Answer 11

D. Both SSL and TLS are examples of hybrid encryption. These services use both symmetric and asymmetric algorithms.

Question 12

You’re explaining the basics of cryptography to management in an attempt to obtain an increase in the budget. Which of the following is not symmetric encryption? 
A. DES 
B. RSA 
C. Blowfish 
D. Twofish

Answer 12

B. While DES, Blowfish, and Twofish are all examples of symmetric encryption, RSA is not.

Question 13

Which of the following is not a hashing algorithm? A. SHA
B. HAVAL
C. MD5
D. IDEA

Answer 13

D. IDEA is a symmetric encryption standard that is similar to DES and was invented in Switzerland.

Question 14

A mobile user calls you from the road and informs you that he has been asked to travel to China on business. He wants suggestions for securing his hard drive. What do you recommend he use? 
A. S/MIME 
B. BitLocker 
C. Secure SMTP 
D. PKI

Answer 14

B. BitLocker is an example of an application that can provide full disk encryption.

Question 15

You were given a disk full of applications by a friend but are unsure about installing a couple of the applications on your company laptop. Is there an easy way to verify if the programs are original or if they have been tampered with? 
A. Verify with a hashing algorithm. 
B. Submit to a certificate authority. 
C. Scan with symmetric encryption. 
D. Check the programs against the CRL.

Answer 15

A. Comparing the hash of a program to that on the developer’s website is an easy way to verify the integrity of an application.

Question 16

What is the correct term for when two different files are hashed and produce the same hashed output? A. Session key
B. Digital signature
C. Message digest
D. Collision

Answer 16

D. When two different messages result in the same output, it’s called a collision. Collisions can be a problem with hashing programs that output shorter hashes, such as 128 bits. That is why many programs that rely on a hash use 256-bit or 512-bit outputs. Larger hashes are less likely to suffer from collision.

Question 17

You have been asked to suggest a simple trust system for distribution of encryption keys. Your client is a three-person company and wants a low-cost or free solution. Which of the following would you suggest? A. Single authority trust
B. Hierarchical trust
C. Spoke/hub trust
D. Web of trust

Answer 17

D. The web of trust is easy to set up and has little or no cost. Users can distribute keys directly by attaching them to the bottom of their email messages.

Question 18

Which of the following would properly describe a system that uses a symmetric key distributed by an asymmetric process? 
A. Digital signature 
B. Hybrid encryption 
C. HMAC 
D. Message digest

Answer 18

B. Hybrid encryption combines symmetric and asymmetric encryption. The process works by using an asymmetric process to exchange a symmetric key.

Question 19

A CASP+ must understand the importance of encryption and cryptography. It is one of the key concepts used for the protection of data in transit, while being processed, or while at rest. With that in mind, DES ECB is an example of which of the following? 
A. Disk encryption 
B. Block encryption 
C. Port encryption 
D. Record encryption

Answer 19

B. There are many ways that cryptographic solutions can be applied. DES ECB is an example of block encryption. DES works with 64-bit blocks of data.

Question 20

Which of the following can be used to describe a physical security component that is used for cryptoprocessing and can be used to store digital keys securely? 
A. HSM 
B. TPM 
C. HMAC 
D. OCSP

Answer 20

A. Hardware Security Modules (HSMs) are physical devices that are used to securely store cryptographic keys and are widely used in high-security systems and hard devices such as ATMs.