Cryptography

Question 1

This is a simple substitution cipher that shifts the alphabet by three positions.

A. Scytale cipher
B. Concealment cipher
C. Vigenere
D. Caesar cipher

Answer 1

Caesar cipher

Question 2

This encryption method involves wrapping a message around a rod.

A. Scytale cipher
B. Vernam
C. Vigenere
D. Caesar cipher

Answer 2

Scytale cipher

Question 3

This is the first polyalphabetic cipher. To encrypt, the first letter of the key is matched with the first letter of the message on a polyalphabetic table.

A. Scytale cipher
B. Vernam
C. Vigenere
D. Caesar cipher

Answer 3

Vigenere

Question 4

This cryptography method involved using a specially made device with 3 or 4 rotors. The devices on each end of transmission would need to put the rotors in the same configuration.

Answer 4

Enigma machine

Question 5

This is the only mathematically unbreakable form of cryptography. Often referred to as a one-time pad, it requires:

1. The key be used only once
2. The pad must be at least as long as the message
3. The key pad must be statistically unpredictable
4. The key must be delivered and stored securely

Answer 5

Vernam cipher

Question 6

The science of studying and breaking the secrecy of encryption processes, compromising authentication schemes, and reverse engineering algorithms and keys.

Answer 6

Cryptanalysis

Question 7

A cyptovariable which has a value that comprises a large sequence of random bits

Answer 7

Key

Question 8

The RANGE of values that can be used to construct a key.

Answer 8

Keyspace

Question 9

PGP is an example of a cryptosystem. Cryptosystems must be made of at least the following four things:

Answer 9

Software
Protocols
Algorithms
Keys

Question 10

This principal asserts that algorithms should be publicly known in order to reduce the chance of more vulnerabilities.

Answer 10

Kerckhoff’s Principle

Question 11

What unit of measure is used for attacks on cryptosystems?

Answer 11

The number of instructions a million-instruction-per-second (MIPS) system can execute in a year.

Question 12

Name five services that cryptosystems can provide:

Answer 12

1 Confidentiality
2 Integrity
3 Authentication
4 Authorization (Upon proving identity, the individual is provided with a key or password that will allow access to some other resource.)
5 Nonrepudiation

Question 13

XOR the following into a ciphertext stream:

Message Stream: 100101
Keystream: 010111

Answer 13

Ciphertext: 110010

Question 14

Bob uses a 32-bit one-time pad to encrypt a 64 bit message. Sally was able to crack the code. How is this possible?

Answer 14

Bob used a pad that was shorter than the message. This can cause patterns to appear in the ciphertext.

Question 15

This cipher uses objects in the physical world, like a book, to act as a key.

A. Scytale cipher
B. Concealment cipher
C. Running key cipher
D. Caesar cipher

Answer 15

Running key cipher

Question 16

This cipher hides a message within a message and is a type of stenography.

A. Scytale cipher
B. Concealment cipher
C. Running key cipher
D. Caesar cipher

Answer 16

Concealment cipher

Question 17

The method of embedding a message into some types of media (stenography) is to use the LSB. What does LSB stand for?

Answer 17

Least-significant bit

Question 18

Symmetric encryption algorithms use two basic types of ciphers: substitution and transposition (permutation). What form of attack are simple versions of these ciphers susceptible to?

Answer 18

Frequency Analysis

Question 19

___________ are used to generate subkeys that are made up of random values.

Answer 19

Key Derivation Functions (KDFs)

Question 20

Which of the following is a strength of symmetric key systems:

A. Much faster than asymmetric systems
B. Hard to break if using a large key size
C. Provides confidentiality but not authenticity and non-repudiation.
D. Both A and B.

Answer 20

D

Question 21

Which of the following is a strength of asymmetric key systems:

A. Works more slowly than symmetric systems.
B. Can provide authentication and non-repudiation.
C. Much faster than symmetric key systems.
D. Doesn’t scale as fast as symmetric key systems.

Answer 21

B

Question 22

For asymmetric systems, what is the equation used to determine the number of keys to manage given a certain number of people (N)?

A. N(N-1)/2 = Number of Keys
B. N(N-2)/2 = Number of Keys
C. N(N-1) = Number of Keys
D. 2N

Answer 22

2N

Question 23

For symmetric systems, what is the equation used to determine the number of keys to manage given a certain number of people (N)?

A. N(N-1)/2 = Number of Keys
B. N(N-2)/2 = Number of Keys
C. N(N-1) = Number of Keys
D. 2N

Answer 23

A
N(N-1)/2 = Number of Keys

Question 24

Which of the following are examples of asymmetric algorithms? (You can choose more than one.)

A. DES
B. RC4
C. ECC
D. Diffie-Hellman

Answer 24

C and D

Question 25

Which of the following are examples of symmetric algorithms? (You can choose more than one.)

A. El Gamal
B. RC4
C. SHA
D. DSA

Answer 25

B

Question 26

Which of the following are examples of asymmetric algorithms? (You can choose more than one.)

A. ECC
B. RSA
C. Blowfish
D. Diffie-Hellman

Answer 26

A, B, and D

Question 27

Which of the following are examples of symmetric algorithms? (You can choose more than one.)

A. DSA
B. SHA
C. AES
D. IDEA

Answer 27

C and D

Question 28

Which of the following are examples of asymmetric algorithms? (You can choose more than one.)

A. DSA
B. Knapsack
C. El Gamal
D. Triple-DES

Answer 28

A, B, C

FYI - Knapsack has been shown to be insecure.

Question 29

Buddy system for memorizing Asymmetric algorithms.

Answer 29

RSA and DSA
ECC and El Gamal
DH (Diffie Helman) and Knapsack

Question 30

What type of cryptography does SSL/TLS use?

A. Symmetric
B. Asymmetric
C. Neither
D. Triple-DES

Answer 30

B

It actually uses both, but hybrid or “both” was not an option.

Question 31

What type of cryptography does SSL/TLS use for data encryption?

A. Symmetric
B. Asymmetric
C. Neither
D. Diffie-Helman

Answer 31

A

Asymmetric is used to exchange keys. Symmetric is used to encrypt the data.

Question 32

This algorithm uses factorization with prime numbers, (called the trapdoor function), and is currently the standard for digital signatures. It can also be used for Key distribution and encryption.

A. Diffie-Helman
B. RSA
C. DSA
D. El Gamal

Answer 32

RSA

DSA can only be used for digital signing.

Question 33

This is the first asymmetric algorithm and can only be used for key distribution. (Not encryption, Digital signature, nor hashing.)

A. AES
B. ECC
C. El Gamal
D. Diffie-Helman

Answer 33

D

Question 34

This asymmetric algorithm is very efficient but only works in very specific environments.

A. AES
B. ECC
C. El Gamal
D. Diffie-Helman

Answer 34

ECC

Question 35

Stream Ciphers use ____________ which produce a stream of bits that is XORed with plaintext bits to create ciphertext.

A. S-Boxes
B. one-time pads
C. keystream generators
D. initialization vectors

Answer 35

keystream generators

Question 36

Stream Ciphers must use ________ which are random values that are used with algorithms to ensure patterns are not created when being sent to the destination.

A. S-Boxes
B. one-time pads
C. keystream generators
D. initialization vectors

Answer 36

initialization vectors

Question 37

Stream Ciphers must use ________ which are random values that are used with algorithms to ensure patterns are not created when being sent to the destination.

A. S-Boxes
B. one-time pads
C. keystream generators
D. initialization vectors

Answer 37

initialization vectors

Question 38

This block cipher mode of operation is FAST but usable only for the encryption of very short messages b/c the encrypting identical plaintext with the same key will produce identical ciphertext.

A. Cipher Block Chaining (CBC) mode
B. Output Feedback (OFB) mode
C. Counter Mode (CTR)
D. Electronic Code Book (ECB) mode

Answer 38

Electronic Code Book (ECB) mode

Question 39

This block cipher mode of operation does not reveal a pattern because each block of text, the key, and the value based on the previous block are processed in the algorithm and applied to the next block of text, resulting in more random ciphertext. The first block is encrypted with an initialization vector (IV).

A. Cipher Block Chaining (CBC) mode
B. Output Feedback (OFB) mode
C. Counter Mode (CTR)
D. Cipher Feedback (CFB) mode

Answer 39

Cipher Block Chaining (CBC) mode

Question 40

This block cipher mode of operation emulates a stream cipher which is useful for encrypting small (think 8-bit key commands) over a remote connection to a server.

A. Cipher Block Chaining (CBC) mode
B. Cipher Feedback (CFB) mode
C. Counter Mode (CTR)
D. Electronic Code Book (ECB) mode

Answer 40

Cipher Feedback (CFB) mode

Question 41

This block cipher mode of operation is like Cipher Feedback mode but ensures possible errors don’t affect encryption and decryption processes. Good for transmission sensitive to errors like digitized video or digitized voice.

A. Counter Mode (CTR)
B. Cipher Feedback (CFB) mode
C. Output Feedback (OFB) mode
D. Cipher Block Chaining (CBC) mode

Answer 41

Output Feedback (OFB) mode

Question 42

This block cipher mode of operation uses and IV counter tha increments for each plaintext block that needs to be encrypted. There is no chaining involved and is used in encrypting ATM cells for virtual circuits, in IPSec, and in the wireless security standard IEEE 802.11i

A. Counter Mode (CTR)
B. Cipher Feedback (CFB) mode
C. Output Feedback (OFB) mode
D. Cipher Block Chaining (CBC) mode

Answer 42

Counter Mode (CTR)

Question 43

This symmetric algorithm is the standard for encrypting sensitive but unclassified U.S. government information.

A. RC5
B. AES
C. MD5
D. 3DES

Answer 43

AES

Question 44

This symmetric algorithm is uses 48 rounds in its computation, making it resistant to differential cryptanalysis, but it takes a heavy performance hit as a result.

A. Blowfish
B. AES
C. RC6
D. 3DES

Answer 44

3DES

Question 45

This symmetric algorithm uses a 128 bit key and is faster than DES when implemented in hardware.

A. Blowfish
B. RC4
C. IDEA
D. 3DES

Answer 45

IDEA

Question 46

All but one of the following can provide integrity and data origin authentication. Which one can not?

A. Hash
B. HMAC
C. CBC-MAC
D. CMAC

Answer 46

Hash

Question 47

Which of the following can ensure that a message has not been changed intentionally?

A. One-Way hash
B. HMAC
C. Message Integrity
D. MD4

Answer 47

HMAC

A generic one-way hash protects against unintentional errors that change the message.

Question 48

What length hash value does MD4 and MD5 create?

Answer 48

128-bit

Question 49

What length hash value does SHA1 create?

Answer 49

160-bit

Question 50

Which of the following algorithms is the only one considered secure for hashing? What type of attack are the others susceptible to?

A. MD5
B. 3DES
C. SHA-256
D. RSA

Answer 50

C

Birthday attack

Question 51

A ________________ is a hash value that has been encrypted with the sender’s private key.

Answer 51

Digital Signature

Question 52

What standard is for how a CA creates a certificate? It dictates what fields to use in the certificate and what can be valid values in those fields.

Answer 52

X.509

Version 3 is the most commonly used.

Question 53

Which of the following do you request a certificate from?

A. CA
B. RA
C. Certificate Repository
D. Certificate Revocation System

Answer 53

RA

Registration Authority

Question 54

Which of the following is not a rule for keys and key management?

A. Keys should use the full spectrum of the keyspace
B. The more the key is used, the shorter its lifetime should be.
C. Keys should never be destroyed.
D. Keys should be stored and transmitted by secure means.

Answer 54

C.

Keys should be properly destroyed when their lifetime comes to an end.

Question 55

All of the following keys are found in TPM’s versatile (dynamic) memory modules except for:

A. Storage Keys - used to encrypt the storage media of the system.
B. Attestation Identity Key (AIK) - Used for attestation of the TPM chip itself to service providers. Ensures the integrity of the EK.
C. Platform Configuration Registers (PCR) - Used to store cryptographic hashes of data for TPM’s “sealing” function.
D. Endorsement Key - A public/private key pair that is installed in the TPM at the time of manufacture and cannot be modified.

Answer 55

D

Question 56

Name the protocol that is responsible for checking the CRL during a certificate validation process.

Answer 56

Online Certificate Status Protocol (OCSP)

Note: Chrome does not use OCSP. It pushes CRL updates daily through it’s own update mechanism.

All other major browers appear to support OCSP.

Question 57

Attacker has ciphertext and tries to figure out key.

A. Chosen Plaintext Attack
B. Known-Plaintext Attack
C. Chosen-cipher Attack
D. Ciphertext-Only Attack

Answer 57

Ciphertext-Only Attack

Question 58

Attacker has ciphertext and a portion of plain text attack (like an automatic signature) and tries to figure out key.

A. Chosen Plaintext Attack
B. Known-Plaintext Attack
C. Chosen-cipher Attack
D. Ciphertext-Only Attack

Answer 58

Known-Plaintext Attack

Question 59

Attacker can see the full text encrypted and decrypted. Usually the attacker has initiated the message.

A. Chosen Plaintext Attack
B. Known-Plaintext Attack
C. Chosen-cipher Attack
D. Ciphertext-Only Attack

Answer 59

Chosen Plaintext Attack

Question 60

Attacker can chose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Usually attacker has compromised a workstation.

A. Chosen Plaintext Attack
B. Known-Plaintext Attack
C. Chosen-cipher Attack
D. Ciphertext-Only Attack

Answer 60

Chosen-cipher Attack

Question 61

This attack works by encrypting from one end and decrypting from the other end. Targeted towards algorithms like 3DES where there are multiple keys.

Answer 61

Meet-in-the-middle attack

Question 62

This attack gathers “outside” information with the goal of using it to uncover the encryption key.

Answer 62

Side-Channel Attack

Question 63

Attacker captures some type of data and resubmits it in hopes of fooling the receiving device into thinking it is legitimate information.

Answer 63

Replay attack

Question 64

The _____________ of a cryptosystem is the amount of time and resources it takes to break the cryptosystem or its encryption process.

Answer 64

Work Factor

Question 65

This programming language is susceptible to buffer-overflow attacks b/c it allows for direct pointer manipulations to take place.

Answer 65

C programming language

Question 66

What does HMAC stand for?

Answer 66

Hash Message Authentication Code

Question 67

CBC-MAC is not as secure mathematically as CMAC. Both provide system authentication aka this ___________, not user authentication.

Answer 67

Data origin authentication