Cryptography

Question 1

What asymmetric algorithm is based on the fact that 2 very large prime numbers can be multiplied easily but can’t be factored easily. Used for digital signatures and key encryption.

Answer 1

RSA

Question 2

3DES features

Answer 2

Uses 168bit key

Uses 48 rounds of computation

Question 3

AES features

Answer 3

Uses 128, 192, 256bit keys

Uses 14 rounds of computation

Question 4

DES features

Answer 4

Based on 128bit lucifer algorithm

Uses 16 rounds of computation

Question 5

Data origin authentication definition

Answer 5

A system based authentication that verifies the source of a message

Question 6

Cryptanalysis definition

Answer 6

The process of studying ciphertext and cryptosystems to identify weaknesses

Question 7

Key clustering definition

Answer 7

The same ciphertext generated from the same plaintext using two different keys

Question 8

Cipher definition

Answer 8

An algorithm that uses random symbols to represent plaintext units or single letters in the form of ciphertext.

Question 9

ciphertext definition

Answer 9

encrypted data that is unreadable until it is converted into plaintext.

Question 10

3 characteristics of quantum cryptography

Answer 10

based on the laws of quantum mechanics
generates a cryptographic key that can be exchanged securely between remote users
combines quantum cryptographics with traditional algorithms to distribute secret keys

Question 11

What method uses human interaction to obtain encryption keys and valuable information

Answer 11

social engineering

Question 12

What method uses trial and error attack to try every possible key until it succeeds

Answer 12

brute force

Question 13

What method examines multiple pieces of ciphertext to determine trends or statistical data

Answer 13

ciphertext only

Question 14

What method examines power requirements and duration of the encryption process to find the encryption key

Answer 14

differential cryptanalysis

Question 15

What method searches both plaintext and ciphertext from the same message to find the encryption key

Answer 15

known plaintext

Question 16

What attack collects hash values in a table to save time in hash function attacks

Answer 16

rainbow table

Question 17

What attack examines the plaintext and ciphertext for linear approximations

Answer 17

linear cryptanalysis

Question 18

What attack exploits weak points in block ciphers with highly mathematical structures

Answer 18

algebraic

Question 19

What attack decrypts ciphertext and examines the plaintext result to find the key

Answer 19

chosen ciphertext

Question 20

What attack uses the algorithm and encryption device to find the encryption method

Answer 20

chosen plaintext

Question 21

define ciphertext

Answer 21

data that has been encrypted

Question 22

define plaintext

Answer 22

original text before encryption

Question 23

define decipher

Answer 23

act of decrypting ciphertext

Question 24

define encipher

Answer 24

act of encrypting plaintext

Question 25

define work factor

Answer 25

estimated time and effort required to overcome a security control and break a cryptosystem

Question 26

define algorithm

Answer 26

a small procedure used for encryption

Question 27

define frequency analysis

Answer 27

main method of cryptanalysis and involves analysis of patterns of letters.

Question 28

define running key cipher

Answer 28

uses real world objects such as book to describe each word by a sequence of numbers.

Question 29

define substitution cipher

Answer 29

replaces bits, characters, or blocks with different bits, characters, or blocks

Question 30

define transposition cipher

Answer 30

uses permutation to scramble letters and a key to determine the positions to which the characters are moved.

Question 31

define concealment cipher

Answer 31

ensures every x word within a text is part of the real message.

Question 32

define block cipher

Answer 32

applies a cryptographic key and algorithm to a block of data at once rather than one bit at a time.

Question 33

define stream cipher

Answer 33

applies a cryptographic key and algorithm to one bit at a time in a data stream.

Question 34

How many channels are used in quantum cryptography?

Answer 34

2

Question 35

What are the two channels used for in quantum cryptography?

Answer 35

1 channel transmits quantum key material through single photon light pulses
1 channel carriers message traffic

Question 36

define symmetric key encryption

Answer 36

uses a shared secret key for both encryption and decryption

Question 37

define asymmetric key encryption

Answer 37

uses two separate keys for encryption and decryption

Question 38

3 symmetric key strengths

Answer 38

Faster than asymmetric
difficult to break
cheaper than asymmetric

Question 39

3 symmetric key weaknesses

Answer 39

needs to be secured properly
complex key management
does not provided authentication

Question 40

3 Symmetric key algorithms

Answer 40

3DES
DES
AES

Question 41

DES

Answer 41

divides plaintext into blocks of 64bits
16 rounds of transposition
uses 56bit key
uses IBM 128bit lucifer algorithm

Question 42

3DES

Answer 42

uses 3 56bit keys
encrypts/decrypts data 3 times with the 3 keys
48 rounds in computation

Question 43

AES

Answer 43

supports key sizes of 128, 192, 256

10, 12, 14 rounds of computation depending on key

Question 44

Uses 16 rounds of cryptographic functions to work on 64bit data blocks

Answer 44

blowfish

Question 45

A patent free algorithm that can use 128bit blocks.

uses 64bit and 128bit blocks

Answer 45

SAFER

Question 46

uses variable key size and is used in the SSL protocol

Answer 46

RC4

Question 47

A 128bit encryption algorithm that makes use of a

SPN cryptosystem and a pair of subkeys per round

Answer 47

CAST

Question 48

7 asymmetric algorithms

Answer 48

RSA
Digital Signature Algorithm
Diffie Hellman
Elliptic Curve Cryptography
El Gamal
Knapsack
LUC

Question 49

RSA key lengths

Answer 49

768, 1024

Question 50

Digital Signature Algorithm key lengths

Answer 50

512, 1024

Question 51

DSA algorithm

Answer 51

SHA-1

Question 52

Where is DSA primarily used?

Answer 52

governments

Question 53

Is diffie-hellman used for encryption or digital signatures?

Answer 53

no

Question 54

What is diffie-hellman used for?

Answer 54

obtaining secret key between two parties

Question 55

elliptic curve cryptography provides

Answer 55

digital signatures
secure key distribution
encryption

Question 56

used for authentication and key encryption based on the fact that 2 very large prime numbers can be multiplied easily but can’t be factored easily

Answer 56

RSA

Question 57

used for digital signatures only, uses a key length that varies from 512 to 1024bits and works with SHA-1.

Answer 57

DSA

Question 58

used to perform key exchange over an insecure medium and vulnerable to man in the middle attacks.

Answer 58

Diffie-Hellman

Question 59

secure message format

Answer 59

receiver’s public key encrypts this message format

Question 60

open message format

Answer 60

sender’s private key encrypts the message

Question 61

secure and signed format

Answer 61

message is encrypted by the sender’s private key and then again encrypted with the receiver’s public key.

Question 62

What are 3 cipher types?

Answer 62

block cipher
stream cipher
one-time pad

Question 63

stream cipher

Answer 63

treats message as a stream of bits

Question 64

3 goals of message authentication

Answer 64

integrity of data
identify sender
identify uniqueness of data

Question 65

5 requirements of a strong hash function

Answer 65

input data can be of any length
output or MD value of the data has a fixed length
MD value can be calculated for any input data
function should be collision free by generating a unique MD value for each input data
should support 1 way function. Data can’t be derived from MD value.

Question 66

7 hash functions

Answer 66

MD2
MD4
MD5
HAVAL
SHA-1
SHA-3
RIPEMD-160

Question 67

MD2

Answer 67

support computers with 8bit processors
pads original message so total length is divisible by 16
16byte checksum is added to padded message

Question 68

MD4

Answer 68

support computers with 32bit processors

Question 69

HAVAL

Answer 69

Generates a variable length output with 3 to 5 rounds of operation

Question 70

MD5

Answer 70

generates a 128bit MD value

supports computers with 32bit processors

Question 71

SHA-1

Answer 71

helps create digital signatures

generates a 160bit MD value

Question 72

collision attack

Answer 72

multiple unique inputs generate the same MD value

Question 73

aliasing attack

Answer 73

restarts the hash algorithm through any input. Easier for the attacker to create an input that would generate the same hash value.

Question 74

birthday paradox

Answer 74

probability that 2 entities in a group can share a common feature

Question 75

define MAC - Message authentication code

Answer 75

a secret key added to a message

Question 76

define HMAC

Answer 76

hash based message authentication code - a secret key added to the message, then hashed.
receiver adds secret key to message, then hashed.
provides data origin authentication but fails to provide data confidentiality
message sent in clear text

Question 77

CBC-MAC cipher block chaining MAC

Answer 77

message is encrypted. Last block is used as MAC value message send in clear text.

Question 78

Mitigation methods for MD hashes

Answer 78

digital signatures

shared secret keys

Question 79

digital signatures provide

Answer 79

integrity
authentication
non-repudiation

Question 80

X-KISS

Answer 80

XML Key information service specification
outlines the syntax that applications should use to delegate some or all tasks need to process the key information element.

Question 81

X-KRSS

Answer 81

XML Key registration service specification

defines the protocols needed fro to register public key information

Question 82

3 characteristics of XML key management specification 2.0

Answer 82

protocol allows interoperability with services required to establish and maintain trust
message share a common format to be carried by SOAP over HTTP
the protocol consists of pairs of requests and responses

Question 83

Asymmetric key cryptography is used for the following
A. encryption of data, access control, steganography
B. steganography, access control, non-repudication
C. non-repudiation, steganography, encryption of data
D. encryption of data, non-repudiation, access control.

Answer 83

D. encryption of data, non-repudiation, access control.

Question 84

Which of the following supports asymmetric key cryptography?
A. diffie-hellman
B. rijndael
C. blowfish
D. sha-256

Answer 84

A. diffie-hellman

Question 85

What is an important disadvantage of using a public key algorithm compared to a symmetric algorithm?
A. a symmetric algorithm provides better access control
B. a symmetric algorithm is a faster process.
C. a symmetric algorithm provides non-repudiation of delivery
D. A symmetric algorithm is more difficult to implement.

Answer 85

B. a symmetric algorithm is a faster process.

Question 86

When a user needs to provide message integrity, what option is best?
A. Send a digital signature of the message to the recipient
B. encrypt the message with a symmetric algorithm and send it
C. encrypt the message with a private key so the recipient can decrypt with the corresponding public key
D. Create a checksum, append it to the message, encrypt the message, send it to the recipient.

Answer 86

D. Create a checksum, append it to the message, encrypt the message, send it to the recipient.

Question 87

A CA provides which benefits to a user?
A. protection of public keys of all users
B. history of symmetric keys
C. proof of non-repudiation of origin
D. validation that a public key is associated with a particular user.

Answer 87

D. validation that a public key is associated with a particular user.

Question 88

What is the output length of a RIPEMD-160 hash?
A. 160bits
B. 150bits
C. 128bits
D. 104bits

Answer 88

A. 160bits

Question 89

ANSI X0.17 is concerned primarily with
A. protection and secrecy of keys
B. financial records and retention of encrypted data
C. formalizing a key hierarchy
D. the lifespan of key-encrypting keys

Answer 89

A. protection and secrecy of keys

Question 90

When a certificate is revoked, what is the proper procedure?
A. setting new key expiry dates
B. Updating the certificate revocation list
C. removal of the private key from all directories
D. notification to all employees of revoked keys

Answer 90

B. Updating the certificate revocation list

Question 91

Which is true about link encryption?
A. link encryption is advised for high-risk environments, provides better traffic flow confidentiality, and encrypts routing information.
B. link encryption is often used for frame relay or satellite links, is advised for high-risk environments and provides better traffic flow confidentiality
C. link encryption encrypts routing information, is often used for frame relay or satellite links, and provides traffic flow confidentiality
D. link encryption provides better traffic flow confidentiality, is advised for high-risk environments and provides better traffic flow confidentiality.

Answer 91

C. link encryption encrypts routing information, is often used for frame relay or satellite links, and provides traffic flow confidentiality

Question 92

Which is the sequence that controls the operation of the cryptographic algorithm?
A. encoder
B. decoder wheel
C. cryptovariable
D. cryptographic routine

Answer 92

C. cryptovariable

Question 93

The process used in most block ciphers to increase their strength is
A. diffusion
B. confusion
C. step function
D. SP-network substitution/permutation

Answer 93

D. SP-network

substitution/permutation

Question 94

Which of the following best describes fundamental methods of encrypting data?
A. substitution and transposition
B. 3DES and PGP
C. symmetric and asymmetric
D. DES and AES

Answer 94

C. symmetric and asymmetric

Question 95

Cryptography supports all of the core principles of information security except
A. availability
B. confidentiality
C. integrity
D. authenticity

Answer 95

D. authenticity

Question 96

A way to defeat frequency analysis as a method to determine the key is to use
A. substitution ciphers
B. transposition ciphers
C. polyalphabetic ciphers
D. inversion ciphers

Answer 96

C. polyalphabetic ciphers

Question 97

The running key cipher is based on
A. modular arithmetic
B. XOR mathematics
C. factoring
D. exponentiation

Answer 97

A. modular arithmetic

Question 98

They only cipher system said to be unbreakable by brute force is
A. AES
B. DES
C. one-time pad
D, 3DES

Answer 98

C. one-time pad

Question 99

A message protected by steganography would most likely be found in a
A. public key
B. algorithm
C. private key
D. picture file

Answer 99

D. picture file

Question 100

Which is the best choice for implementing encryption on a smart card?
A. blowfish
B. elliptic curve
C. twofish
D. quantum

Answer 100

B. elliptic curve

Question 101

An email with a document attachment from a known individual is received with a digital signature. The email client is unable to validate the signature. What is the best course of action?
A. open the attachment to determine if the signature is valid
B. determine why the signature can’t be validated prior to opening the attachment
C. delete the email
D. forward the email to another address with a new signature.

Answer 101

B. determine why the signature can’t be validated prior to opening the attachment

Question 102

The vast majority of virtual private networks use
A. SSL/TLS and IPSec
B. El Gamal and DES
C. 3DES and Blowfish
D. TwoFish and IDEA

Answer 102

A. SSL/TLS and IPSec

Question 103

There are several components involved with steganography.  Which of the following refers to a file that has hidden information in it?
A. Stego-medium
B. Concealment cipher
C. Carrier
D. Payload

Answer 103

C. Carrier

Question 104

What is stego-medium?

Answer 104

Medium in which information is hidden.

Question 105

Which of the following correctly describes the relationship between SSL and TLS?
A. TLS is the open community version of SSL
B. SSL can be modified by developers to expand the protocol’s capabilities.
C. TLS is a proprietary protocol, while SSL is an open community protocol.
D. SSL is more extensible and backward compatible with TLS.

Answer 105

A. TLS is the open community version of SSL

Question 106

Which of the following incorrectly describes steganography?
A. It is a type of security through obscurity
B. Modifying the most significant bit is the most common method used.
C. Steganography does not draw attention to itself like encryption does.
D. Media files are ideal for steganographic transmission because of their large size.

Answer 106

B. Modifying the most significant bit is the most common method used.

Question 107

Which of the following correctly describes a drawback of symmetric key systems?
A. Computationally less intensive than asymmetric systems
B. Work much more slowly than asymmetric systems
C. Carry out mathematically intensive taks
D. Key must be delivered via secure courier.

Answer 107

D. Key must be delivered via secure courier.

Question 108

Which of the following occurs in a PKI environment?
A. The RA creates the certificate, and the CA signs it.
B. The CA signs the certificate
C. The RA signs the certificate
D. The user signs the certificate

Answer 108

B. The CA signs the certificate

Question 109

Encryption can happen at different layers of an operating system and network stack.  Where does PPTP encryption take place?
A. Data link layer
B. Within applications
C. Transport layer
D. Data link and physical

Answer 109

A. Data link layer

Question 110

Which of the following best describe the difference between public key cryptography and public key infrastructure?
A. Public key cryptography is the use of an asymmetric algorithm, while public key infrastructure is the use of a symmetric algorithm
B. Public key cryptography is used to create public/private key pairs, and public key infrastructure is used to perform key exchange and agreement
C. Public key cryptography provides authentication and non-repudiation, while public key infrastructure provides confidentiality and integrity
D. Public key cryptography is another name for asymmetric cryptography, while public key infrastructure consists of public key cryptographic mechanisms

Answer 110

D. Public key cryptography is another name for asymmetric cryptography, while public key infrastructure consists of public key cryptographic mechanisms

Question 111

Which of the following best describes Key Derivation Functions?
A. Keys are generated from a master key
B. Session keys are generated from each other
C. Asymmetric cryptography is used to encrypt symmetric keys
D. A master key is generated from a session key

Answer 111

A. Keys are generated from a master key

Question 112

The elliptic curve cryptosystem is an asymmetric algorithm. What sets it apart from other asymmetric algorithms?
A. It provides digital signatures, secure key distribution, and encryption
B. It computes discrete logarithms in a finite field
C. It uses a larger percentage of resources to carry out encryption
D. It is more efficient

Answer 112

D. It is more efficient

Question 113

If implemented properly, a one-time pad is a perfect encryption scheme. Which of the following incorrectly describes a requirement for implementation?
A. The pad must be securely distributed and protected at its destination.
B. The pad must be made up of truly random values
C. The pad must always be the same length
D. The pad must be used only one time

Answer 113

C. The pad must always be the same length

Question 114

Sally is responsible for key management within her organization. Which of the following incorrectly describes a principle of secure key management?
A. Keys should be backed up or escrowed in case of emergencies
B. The more a key is used, the shorter its lifetime should be
C. Less secure data allows for a shorter key lifetime
D. Keys should be stored and transmitted by secure means

Answer 114

C. Less secure data allows for a shorter key lifetime

Question 115

Mandy needs to calculate how many keys must be generated for the 260 employees using the company's PKI asymmetric algorithm.  How many keys are required?
A. 33,670
B. 520
C. 67,340
D. 260

Answer 115

B. 520

Question 116

Which of the following works similarly to stream ciphers?
A. one-time pad
B. AES
C. Block
D. RSA

Answer 116

A. one-time pad

Question 117

There are two main types of symmetric ciphers: stream and block.  Which of the following is not an attribute of a good stream cipher?
A. Statistically unbiased keystream
B. Statistically predictable
C. Long periods of no repeating patterns
D. Keystream not linearly related to key

Answer 117

B. Statistically predictable

Question 118

Which of the following best describes how a digital signature is created?
A. The sender encrypts a message digest with his private key
B. The sender encrypts a message digest with his public key
C. The receiver encrypts a message with his private key
D. The receiver encrypts a message digest with his public key

Answer 118

A. The sender encrypts a message digest with his private key

Question 119

In cryptography, different steps and algorithms provide different types of security services. Which of the following provides only authentication, non-repudiation, and integrity?
A. Encryption algorithm
B. Hash algorithm
C. Digital signature
D. Encryption paired with a digital signature

Answer 119

C. Digital signature

Question 120

What security service does an encryption algorithm provide?

Answer 120

confidentiality

Question 121

What security service does a hashing algorithm provide?

Answer 121

data integrity

Question 122

Advanced Encryption Standard is an algorithm used for which of the following?
A. Data integrity
B. Bulk data encryption
C. Key recovery
D. Distribution of symmetric keys

Answer 122

B. Bulk data encryption

Question 123

SSL is a de facto protocol used for securing transactions that occur over untrusted networks. Which of the following best describes what takes place during an SSL connection setup process?
A. The server creates a session key and encrypts it with a public key
B. The server creates a session key and encrypts it with a private key
C. The client creates a session key and encrypts it with a private key
D. The client creates a session key and encrypts it with a public key

Answer 123

D. The client creates a session key and encrypts it with a public key

Question 124

The CA is responsible for revoking certificates when necessary. Which of the following correctly describes a CRL and OCSP?
A. The CRL was developed as a more streamlined approach to OCSP
B. OCSP is a protocol that submits revoked certificates to the CRL
C. OCSP is a protocol developed specifically to check the CRL during a certificate validation process.
D. CRL carries out real-time validation of a certificate and reports to the OCSP

Answer 124

C. OCSP is a protocol developed specifically to check the CRL during a certificate validation process.

Question 125

End to end encryption is used by users, and link encryption is used by service providers. Which of the following correctly describes these technologies?
A. Link encryption does not encrypt headers and trailers
B. Link encryption encrypts everything but data link messaging
C. End to end encryption requires headers to be decrypted at each hop
D. End to end encryption encrypts all headers and trailers

Answer 125

B. Link encryption encrypts everything but data link messaging

Question 126

What is encrypted in end to end encryption?

Answer 126

data payload

Question 127

What is encrypted in link encryption?

Answer 127

headers, trailers, payload

Question 128

If Marge uses her private key to create a digital signature on a message she is sending to George, but she does not show or share her private key with George, what is it an example of?
A. key clustering
B. avoiding a birthday attack
C. providing data confidentiality
D. zero knowledge proof

Answer 128

D. zero knowledge proof

Question 129

How do you determine keyspace size?

Answer 129

2 to the key size.

keysize 8 = 2 to the 8th power - 256

Question 130

What is Kerchkhoff’s principle and why is it relevant?
A. One-time pads should be just as long as the message, otherwise patterns will be shown.
B. A public key needs to be associated with an individual’s identity for true non-repudiation.
C. The only secret portion to a crypto system should be the key so the algorithms can be stronger.
D. More than one alphabet should be used in substitution ciphers to increase the workfactor.

Answer 130

C. The only secret portion to a crypto system should be the key so the algorithms can be stronger.

Question 131

Which of the following is a requirement for a secure Vernam cipher?
A. The pad must be used just one time
B. A symmetric key must be encrypted with an asymmetric key.
C. The private key must be only known to the owner
D. It needs to hid the existence of a message.

Answer 131

A. The pad must be used just one time

Question 132

What is another name for a Vernam cipher?

Answer 132

One time pad

Question 133

Which of the following is not addressed in the Wassenaar arrangment?
A. Symmetric Algorithms
B. Asymmetric algorithms
C. Intangibles that could be downloaded from the internet
D. Products exported to terrorist countries

Answer 133

C. Intangibles that could be downloaded from the internet

Question 134

Which of the following is a true difference between an asymmetric and symmetric algorithm?
A. Symmetric algorithms are faster because they use substitution and transposition.
B. Asymmetric algorithms are slower because they use substitution and transposition.
C. Asymmetric algorithms are best implemented in hardware and symmetric in software
D. Asymmetric algorithms are more vulnerable to frequency analysis attacks

Answer 134

A. Symmetric algorithms are faster because they use substitution and transposition.