Cryptography and PKI (1) Flashcards
Which of the following would a public key be used for?
To decrypt a hash of a digital signature
To encrypt TLS traffic
To digitally sign messages
To decrypt a hash of a digital signature
A digital signature is a one-way hash and encrypted with the private key. The public key is used to decrypt the hash and validate the integrity of the digital signature. Digital signatures supports non-repudiation; where the sender can not refute sending the message
Your company’s web server certificate has been revoked and external customers are receiving errors when they connect to the website. Which of following actions must you take?
Create and use a self-signed certificate.
Request a certificate from the key escrow.
Generate a new key pair and new certificate.
Generate a new key pair and new certificate.
A revoked certificate is no longer valid for the intended purpose, and a new key pair and certificate will need to be generated
Mary is concerned about the validity of an email because a coworker denies sending it. How can Mary prove the authenticity of the email?
Symmetric algorithm
Digital signature
CRL
Digital signature
Digital signatures are created by using the user’s or computer’s private key that is accessible only to that user or computer. Nonrepudiation is the assurance that someone cannot deny something
Wi-Fi Alliance recommends that a passphrase be how many characters in length for WPA2-Personal security?
6 characters
8 characters
12 characters
8 characters
WiFi Alliance, a nonprofit organization that promotes WiFi technology, recommends a passphrase be at least eight characters long and include a mixture of upper- and lowercase letters and symbols
Which of the following digital certificate management practices will ensure that a lost certificate is not compromised?
CRL
Key escrow
Nonrepudiation
CRL
A CRL (certificate revocation list) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should not be trusted
Which of the following are restricted to 64-bit block sizes? (Choose two.)
DES
SHA
MD5
3DES
DES
3DES
DES and 3DES are symmetric-key block ciphers using a 64-bit block size
Your company has implemented a RADIUS server and has clients that are capable of using multiple EAP types, including one configured for use on the RADIUS server. Your security manager wants to implement a WPA2-Enterprise system. Since you have the RADIUS server and clients, what piece of the network would you need?
Network access control
Authenticator
Supplicant
Supplicant
You would need the supplicant. The authenticator, an AP or wireless controller, sends authentication messages between the supplicant and authentication server
You are given the task of selecting an asymmetric encryption type that has an appropriate level of encryption strength but uses a smaller key length than is typically required. Which of the following encryption methods will accomplish your requirement?
RSA
DHE
ECC
ECC
ECC (elliptic curve cryptography) is an asymmetric algorithm that uses smaller keys and has the same level of strength compared to longer key length asymmetric algorithm
Matt has been told that successful attacks have been taking place and data that has been encrypted by his company’s software system has leaked to the company’s competitors. Matt, through investigation, has discovered patterns due to the lack of randomness in the seeding values used by the encryption algorithm in the company’s software. This discovery has led to successful reverse engineering. What can the company use to ensure patterns are not created during the encryption process?
One-time pad
Initialization vector
Stream cipher
Initialization vector
Initialization vectors (IVs) are random values that are used with algorithms to ensure patterns are not created during the encryption process. IVs are used with keys and are not encrypted when being sent to the destination
You are asked to configure a WLAN that does not require a user to provide any credentials to associate with a wireless AP and access a WLAN. What type of authentication is said to be in use?
IV
WEP
Open
Open
An open wireless network does not require a user to enter credentials for access
The CIO at your company no longer wants to use asymmetric algorithms because of the cost. Of the following algorithms, which should the CIO discontinue using?
AES
RC4
RSA
RSA
RSA is an asymmetric algorithm and should be discontinued
Which of the following would you use to verify certificate status by receiving a response of “good,” “revoked,” or “unknown”?
CRL
OSCP
RA
OSCP
OCSP (Online Certificate Status Protocol) is a protocol that can be used to query a certificate authority about the revocation status of a given certificate. It validates certificates by returning responses such as “good,” “revoked,” and “unknown”
Which of the following symmetric key algorithms are block ciphers? (Choose two.)
MD5
3DES
RC4
Blowfish
3DES
Blowfish
3DES and Blowfish are a symmetric-key block cipher. 3DES and Blowfish use a block size of 64 bits
Which of the following encryption algorithms is the weakest?
Blowfish
AES
DES
DES
DES (Data Encryption Standard) is a 56-bit key and is superseded by 3DES. DES is considered to be insurance for many applications
What encryption protocol does WEP improperly use?
RC6
RC4
AES
RC4
WEP uses the encryption protocol RC4 and is considered insecure
James, an IT manager, expresses a concern during a monthly meeting about weak user passwords used on company servers and how they may be susceptible to brute-force password attacks. Which concept can James implement to make the weak passwords stronger?
Key stretching
Key escrow
Key strength
Key stretching
Key stretching increases the strength of stored passwords and protects passwords from brute-force attacks and rainbow table attacks
You are installing a network for a small business named Matrix Interior Design that the owner is operating out of their home. There are only four devices that will use the wireless LAN, and you are installing a SOHO wireless router between the wireless LAN clients and the broadband connection. To ensure better security from outside threats connecting to the wireless SOHO router, which of the following would be a good choice for the WPA2-PSK passphrase?
123456
XXrcERr6Euex9pRCdn3h3
HomeBusiness
XXrcERr6Euex9pRCdn3h3
Complex passwords of 16 or more ASCII characters are considered strong. Passwords should follow the complexity rule of having three of the four following items: lowercase letter, uppercase letter, number, and special character
You set up your wireless SOHO router to encrypt wireless traffic, and you configure the router to require wireless clients to authenticate against a RADIUS server. What type of security have you configured?
WPA2 Enterprise
WPA2 Personal
TKIP
WPA2 Enterprise
WPA2 Enterprise uses an authentication server such as a RADIUS server to control access to a WLAN
You must implement a cryptography system that applies encryption to a group of data at a time. Which of the following would you choose?
Stream
Block
Asymmetric
Block
Block ciphers encrypt data one block, or fixed block, at a time. Cryptographic service provider, a cryptographic module, performs block and stream cryptography algorithms
Which symmetric block cipher supersedes Blowfish?
RSA
Twofish
PBKDF2
Twofish
Twofish is a symmetric block cipher that replaced Blowfish
Root CAs can delegate their authority to which of the following to issue certificates to users?
Registered authorities
Intermediate CAs
CRL
Intermediate CAs
In a certification hierarchy, the root CA certifies the intermediate CA and can issue certificates to users, computers, or services
Which of the following protocols should be used to authenticate remote access users with smartcards?
PEAP
EAP-TLS
CHAP
EAP-TLS
EAP-TLS is a remote access authentication protocol that supports the use of smartcards
Tom is sending Mary a document and wants to show the document came from him. Which of the following should Tom use to digitally sign the document?
Intermediate CA
Public key
Private key
Private key
Digital signatures are created by using the user’s or computer’s private key that is accessible only to that user or computer. Nonrepudiation is the assurance that someone cannot deny something
Which of the following EAP types offers support for legacy authentication protocols such as PAP, CHAP, MS-CHAP, or MS-CHAPv2?
EAP-FAST
EAP-TLS
EAP-TTLS
EAP-TTLS
EAP-TTLS determines how user authentication will perform during phase 2. The user authentication may be a legacy protocol such as PAP, CHAP, MS-CHAP, or MS-CHAPV2
You are conducting a training program for new network administrators for your company. You talk about the benefits of asymmetric encryption. Which of the following are considered asymmetric algorithms? (Choose two.)
RC4
DES
RSA
ECC
RSA
ECC
RSA is an asymmetric algorithm (also known as public key cryptography) that uses a public and a private key to encrypt and decrypt data during transmissions. ECC (elliptical curve cryptography) is based on elliptic curve theory that uses points on a curve to define more efficient public and private keys
hich of the following is a form of encryption also known as ROT13?
Substitution cipher
Transposition cipher
Diffusion
Substitution cipher
Substitution ROT13 replaces a letter with the 13th letter after it in the alphabet
Matt needs to calculate the number of keys that must be generated for 480 employees using the company’s PKI asymmetric algorithm. How many keys must Matt create?
114,960
480
960
960
With asymmetric algorithms, every user must have at least one pair of keys (private and public). The two keys are mathematically related. If a message is encrypted with one key, the other key is required to decrypt the message. The formula to determine the number of keys needed is N × 2, where N is the number of people
You are conducting a one-time electronic transaction with another company. The transaction needs to be encrypted, and for efficiency and simplicity, you want to use a single key for encryption and decryption of the data. Which of the following types would you use?
Asymmetric
Symmetric
Hashing
Symmetric
A symmetric algorithm, also known as a secret key algorithm, uses the same key to encrypt and decrypt data
Which of the following uses two mathematically related keys to secure data during transmission?
3DES
RC4
RSA
RSA
RSA is an asymmetric algorithm (also known as public key cryptography) that uses a public and a private key to encrypt and decrypt data during transmissions
You have been instructed by the security manager to protect the server’s data-at-rest. Which of the following would provide the strongest protection?
Implement a full-disk encryption system.
Implement biometric controls on data entry points.
Implement a host-based intrusion detection system.
Implement a full-disk encryption system.
Full-disk encryption on data-at-rest will help protect the inactive data should the storage device be stolen. The thief would not be able to read the data
