Cryptography and PKI (1)

Question 1

Which of the following would a public key be used for?

To decrypt a hash of a digital signature

To encrypt TLS traffic

To digitally sign messages

Answer 1

To decrypt a hash of a digital signature

A digital signature is a one-way hash and encrypted with the private key. The public key is used to decrypt the hash and validate the integrity of the digital signature. Digital signatures supports non-repudiation; where the sender can not refute sending the message

Question 2

Your company’s web server certificate has been revoked and external customers are receiving errors when they connect to the website. Which of following actions must you take?

Create and use a self-signed certificate.

Request a certificate from the key escrow.

Generate a new key pair and new certificate.

Answer 2

Generate a new key pair and new certificate.

A revoked certificate is no longer valid for the intended purpose, and a new key pair and certificate will need to be generated

Question 3

Mary is concerned about the validity of an email because a coworker denies sending it. How can Mary prove the authenticity of the email?

Symmetric algorithm

Digital signature

CRL

Answer 3

Digital signature

Digital signatures are created by using the user’s or computer’s private key that is accessible only to that user or computer. Nonrepudiation is the assurance that someone cannot deny something

Question 4

Wi-Fi Alliance recommends that a passphrase be how many characters in length for WPA2-Personal security?

6 characters

8 characters

12 characters

Answer 4

8 characters

WiFi Alliance, a nonprofit organization that promotes WiFi technology, recommends a passphrase be at least eight characters long and include a mixture of upper- and lowercase letters and symbols

Question 5

Which of the following digital certificate management practices will ensure that a lost certificate is not compromised?

CRL

Key escrow

Nonrepudiation

Answer 5

CRL

A CRL (certificate revocation list) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should not be trusted

Question 6

Which of the following are restricted to 64-bit block sizes? (Choose two.)

DES

SHA

MD5

3DES

Answer 6

DES

3DES

DES and 3DES are symmetric-key block ciphers using a 64-bit block size

Question 7

Your company has implemented a RADIUS server and has clients that are capable of using multiple EAP types, including one configured for use on the RADIUS server. Your security manager wants to implement a WPA2-Enterprise system. Since you have the RADIUS server and clients, what piece of the network would you need?

Network access control

Authenticator

Supplicant

Answer 7

Supplicant

You would need the supplicant. The authenticator, an AP or wireless controller, sends authentication messages between the supplicant and authentication server

Question 8

You are given the task of selecting an asymmetric encryption type that has an appropriate level of encryption strength but uses a smaller key length than is typically required. Which of the following encryption methods will accomplish your requirement?

RSA

DHE

ECC

Answer 8

ECC

ECC (elliptic curve cryptography) is an asymmetric algorithm that uses smaller keys and has the same level of strength compared to longer key length asymmetric algorithm

Question 9

Matt has been told that successful attacks have been taking place and data that has been encrypted by his company’s software system has leaked to the company’s competitors. Matt, through investigation, has discovered patterns due to the lack of randomness in the seeding values used by the encryption algorithm in the company’s software. This discovery has led to successful reverse engineering. What can the company use to ensure patterns are not created during the encryption process?

One-time pad

Initialization vector

Stream cipher

Answer 9

Initialization vector

Initialization vectors (IVs) are random values that are used with algorithms to ensure patterns are not created during the encryption process. IVs are used with keys and are not encrypted when being sent to the destination

Question 10

You are asked to configure a WLAN that does not require a user to provide any credentials to associate with a wireless AP and access a WLAN. What type of authentication is said to be in use?

IV

WEP

Open

Answer 10

Open

An open wireless network does not require a user to enter credentials for access

Question 11

The CIO at your company no longer wants to use asymmetric algorithms because of the cost. Of the following algorithms, which should the CIO discontinue using?

AES

RC4

RSA

Answer 11

RSA

RSA is an asymmetric algorithm and should be discontinued

Question 12

Which of the following would you use to verify certificate status by receiving a response of “good,” “revoked,” or “unknown”?

CRL

OSCP

RA

Answer 12

OSCP

OCSP (Online Certificate Status Protocol) is a protocol that can be used to query a certificate authority about the revocation status of a given certificate. It validates certificates by returning responses such as “good,” “revoked,” and “unknown”

Question 13

Which of the following symmetric key algorithms are block ciphers? (Choose two.)

MD5

3DES

RC4

Blowfish

Answer 13

3DES

Blowfish

3DES and Blowfish are a symmetric-key block cipher. 3DES and Blowfish use a block size of 64 bits

Question 14

Which of the following encryption algorithms is the weakest?

Blowfish

AES

DES

Answer 14

DES

DES (Data Encryption Standard) is a 56-bit key and is superseded by 3DES. DES is considered to be insurance for many applications

Question 15

What encryption protocol does WEP improperly use?

RC6

RC4

AES

Answer 15

RC4

WEP uses the encryption protocol RC4 and is considered insecure

Question 16

James, an IT manager, expresses a concern during a monthly meeting about weak user passwords used on company servers and how they may be susceptible to brute-force password attacks. Which concept can James implement to make the weak passwords stronger?

Key stretching

Key escrow

Key strength

Answer 16

Key stretching

Key stretching increases the strength of stored passwords and protects passwords from brute-force attacks and rainbow table attacks

Question 17

You are installing a network for a small business named Matrix Interior Design that the owner is operating out of their home. There are only four devices that will use the wireless LAN, and you are installing a SOHO wireless router between the wireless LAN clients and the broadband connection. To ensure better security from outside threats connecting to the wireless SOHO router, which of the following would be a good choice for the WPA2-PSK passphrase?

123456

XXrcERr6Euex9pRCdn3h3

HomeBusiness

Answer 17

XXrcERr6Euex9pRCdn3h3

Complex passwords of 16 or more ASCII characters are considered strong. Passwords should follow the complexity rule of having three of the four following items: lowercase letter, uppercase letter, number, and special character

Question 18

You set up your wireless SOHO router to encrypt wireless traffic, and you configure the router to require wireless clients to authenticate against a RADIUS server. What type of security have you configured?

WPA2 Enterprise

WPA2 Personal

TKIP

Answer 18

WPA2 Enterprise

WPA2 Enterprise uses an authentication server such as a RADIUS server to control access to a WLAN

Question 19

You must implement a cryptography system that applies encryption to a group of data at a time. Which of the following would you choose?

Stream

Block

Asymmetric

Answer 19

Block

Block ciphers encrypt data one block, or fixed block, at a time. Cryptographic service provider, a cryptographic module, performs block and stream cryptography algorithms

Question 20

Which symmetric block cipher supersedes Blowfish?

RSA

Twofish

PBKDF2

Answer 20

Twofish

Twofish is a symmetric block cipher that replaced Blowfish

Question 21

Root CAs can delegate their authority to which of the following to issue certificates to users?

Registered authorities

Intermediate CAs

CRL

Answer 21

Intermediate CAs

In a certification hierarchy, the root CA certifies the intermediate CA and can issue certificates to users, computers, or services

Question 22

Which of the following protocols should be used to authenticate remote access users with smartcards?

PEAP

EAP-TLS

CHAP

Answer 22

EAP-TLS

EAP-TLS is a remote access authentication protocol that supports the use of smartcards

Question 23

Tom is sending Mary a document and wants to show the document came from him. Which of the following should Tom use to digitally sign the document?

Intermediate CA

Public key

Private key

Answer 23

Private key

Digital signatures are created by using the user’s or computer’s private key that is accessible only to that user or computer. Nonrepudiation is the assurance that someone cannot deny something

Question 24

Which of the following EAP types offers support for legacy authentication protocols such as PAP, CHAP, MS-CHAP, or MS-CHAPv2?

EAP-FAST

EAP-TLS

EAP-TTLS

Answer 24

EAP-TTLS

EAP-TTLS determines how user authentication will perform during phase 2. The user authentication may be a legacy protocol such as PAP, CHAP, MS-CHAP, or MS-CHAPV2

Question 25

You are conducting a training program for new network administrators for your company. You talk about the benefits of asymmetric encryption. Which of the following are considered asymmetric algorithms? (Choose two.)

RC4

DES

RSA

ECC

Answer 25

RSA

ECC

RSA is an asymmetric algorithm (also known as public key cryptography) that uses a public and a private key to encrypt and decrypt data during transmissions. ECC (elliptical curve cryptography) is based on elliptic curve theory that uses points on a curve to define more efficient public and private keys

Question 26

hich of the following is a form of encryption also known as ROT13?

Substitution cipher

Transposition cipher

Diffusion

Answer 26

Substitution cipher

Substitution ROT13 replaces a letter with the 13th letter after it in the alphabet

Question 27

Matt needs to calculate the number of keys that must be generated for 480 employees using the company’s PKI asymmetric algorithm. How many keys must Matt create?

114,960

480

960

Answer 27

960

With asymmetric algorithms, every user must have at least one pair of keys (private and public). The two keys are mathematically related. If a message is encrypted with one key, the other key is required to decrypt the message. The formula to determine the number of keys needed is N × 2, where N is the number of people

Question 28

You are conducting a one-time electronic transaction with another company. The transaction needs to be encrypted, and for efficiency and simplicity, you want to use a single key for encryption and decryption of the data. Which of the following types would you use?

Asymmetric

Symmetric

Hashing

Answer 28

Symmetric

A symmetric algorithm, also known as a secret key algorithm, uses the same key to encrypt and decrypt data

Question 29

Which of the following uses two mathematically related keys to secure data during transmission?

3DES

RC4

RSA

Answer 29

RSA

RSA is an asymmetric algorithm (also known as public key cryptography) that uses a public and a private key to encrypt and decrypt data during transmissions

Question 30

You have been instructed by the security manager to protect the server’s data-at-rest. Which of the following would provide the strongest protection?

Implement a full-disk encryption system.

Implement biometric controls on data entry points.

Implement a host-based intrusion detection system.

Answer 30

Implement a full-disk encryption system.

Full-disk encryption on data-at-rest will help protect the inactive data should the storage device be stolen. The thief would not be able to read the data