Cryptography and PKI (2) Flashcards
Which of the following EAP types use a three-phase operation?
EAP-FAST
EAP-TLS
EAP-TTLS
EAP-FAST
EAP-FAST is for situations where strong password policy cannot be enforced and certificates are not used. EAP-FAST consists of three phases: EAP-FAST authentication, establishment of a secure tunnel, and client authentication
Which of the following is an encryption standard that uses a single 56-bit symmetric key?
DES
3DES
AES
DES
DES is a symmetric encryption standard that uses a key length of 56 bits
Which of the following cryptography concepts converts output data into a fixed-length value and cannot be reversed?
Steganography
Hashing
Collision
Hashing
Hashing is a one-way encryption that transforms a string of characters into a fixed-length value or key, also known as a hash value. Hashes ensure the integrity of data or messages
SSL is a protocol used for securing transactions transmitting over an untrusted network such as the Internet. Which of the following best describes the action that occurs during the SSL connection setup process?
The client creates a session key and encrypts it with the server’s private key.
The client creates a session key and encrypts it with the server’s public key.
The server creates a session key and encrypts it with the client’s private key.
The client creates a session key and encrypts it with the server’s public key.
SSL (Secure Socket Layer) uses public key encryption. When a client accesses a secured website, it will generate a session key and encrypt it with the server’s public key. The session key is decrypted with the server’s private key, and the session key is used to encrypt and decrypt data sent back and forth
Which of the following EAP types requires both server and client certificates?
EAP-FAST
PEAP
EAP-TLS
EAP-TLS
EAP-TLS requires both client and server to have certificates. The authentication is mutual where the server authenticates to the client and the client authenticates to the server
You are the network administrator for a small office of 35 users and need to utilize mail encryption that will allow specific users to encrypt outgoing email messages. You are looking for an inexpensive onsite encryption server. Which of the following would you implement?
PGP/GPG
WPA2
CRL
PGP/GPG
PGP (Pretty Good Privacy) or GPG (GNU Privacy Guard) provides a low-cost or open source alternative solution that allows users to encrypt their outgoing emails
You have been promoted to security administrator for your company and you need to be aware of all types of hashing algorithms for integrity checks. Which algorithm offers a 160-bit digest?
MD5
RC4
SHA-1
SHA-1
SHA-1 is a hashing algorithm that produces a 160-bit digest
You are the security manager for your company, and a system administrator wants to know if there is a way to reduce the cost of certificates by purchasing a certificate to cover all domains and subdomains for the company. Which of the following solutions would you offer?
Wildcards
Object identifiers
Key escrow
Wildcards
Wildcard certificates allow the company to secure an unlimited number of subdomain certificates on a domain name from a third party
Which of the following are authentication protocols? (Choose two.)
WPS
EAP
IPSec
IEEE 802.1x
EAP
IEEE 802.1x
EAP and IEEE 802.1x are authentication protocols that transfer authentication data between two devices
Your company is looking to accept electronic orders from a vendor and wants to ensure nonauthorized people cannot send orders. Your manager wants a solution that provides nonrepudiation. Which of the following options would meet the requirements?
Digital signatures
Hashes
Steganography
Digital signatures
Digital signatures are created by using the user’s or computer’s private key that is accessible only to that user or computer. Nonrepudiation is the assurance that someone cannot deny something
You are tasked to implement a solution to ensure data that are stored on a removable USB drive hasn’t been tampered with. Which of the following would you implement?
File backup
File encryption
File hashing
File hashing
Hashing is a one-way encryption that transforms a string of characters into a fixed-length value or key, also known as a hash value. Hashes ensure the integrity of data or messages
Which of the following is mainly used for remote access into a network?
XTACACS
Kerberos
RADIUS
RADIUS
RADIUS is a client-server protocol that enables remote access servers to communicate with a central server to authenticate users. RADIUS uses symmetric encryption for security
A security manager has asked you to explain why encryption is important and what symmetric encryption offers. Which of the following is the best explanation?
Confidentiality
Nonrepudiation
Steganography
Confidentiality
Encryption provides confidentiality because the data is scrambled and cannot be read by an unauthorized user. Symmetric encryption uses one key to encrypt, and decrypting data with one key is considered fast
You are a security administrator and have discovered one of the employees has been encoding confidential information into graphic files. Your employee is sharing these pictures on their social media account. What concept was the employee using?
Hashing
Steganography
Symmetric algorithm
Steganography
Steganography is a process of hiding data within data. This technique can be applied to images, video files, or audio files
Your company’s branch offices connect to the main office through a VPN. You recently discovered the key used on the VPN has been compromised. What should you do to ensure the key isn’t compromised in the future?
Enable perfect forward secrecy at the main office and branch office ends of the VPN.
Enable perfect forward secrecy at the branch office end of the VPN.
Disable perfect forward secrecy at the main office and branch office ends of the VPN.
Enable perfect forward secrecy at the main office and branch office ends of the VPN.
Enable perfect forward secrecy (PFS) at the main office and branch office end of the VPN. Perfect forward secrecy is a way to ensure the safety of session keys from future abuse by threat actors
You are configuring your friend’s new wireless SOHO router and discover a PIN on the back of the router. Which of the following best describes the purpose of the PIN?
This is a WEP PIN.
This is a WPS PIN.
This is a WPA PIN.
This is a WPS PIN.
WPS is a network security standard that allows home users to easily add new devices to an existing wireless network without entering long passphrases. Users enter a PIN to allow the device to connect after pressing the WPS button on the SOHO router
Which of the following benefits do digital signatures provide? (Choose two.)
Nonrepudiation
Authentication
Encryption
Key exchange
Nonrepudiation
Authentication
Digital signatures provide three core benefits: authentication, integrity, and nonrepudiation
Your company has asked you to recommend a secure method for password storage. Which of the following would provide the best protection against brute-force attacks? (Choose two.)
ROT13
MD5
PBKDF2
BCRYPT
PBKDF2
BCRYPT
PBKDF2 applies a pseudo-random function such as a HMAC to the password along with a salt value and produces a derived key. PBKDF2 is designed to protect against brute-force attacks. BCRYPT is a password-hashing function derived from the Blowfish cipher. It adds a salt value to protect against rainbow table attacks
Your IT support center is receiving a high number of calls stating that users trying to access the company’s website are receiving certificate errors within their browsers. Which of the following statements best describes what the issue is?
The website certificate has expired.
Users have forgotten their usernames or passwords.
The domain name has expired.
The website certificate has expired.
Users are receiving the error because the website certificate has expired. The user can continue accessing the website, but the error will state the user could be accessing an untrusted site
In asymmetric encryption, what is used to decrypt an encrypted file?
Private key
Public key
Message digest
Private key
In asymmetric encryption, sometimes referred to as public key encryption, the private key is used to decrypt an encrypted file
You are performing a vulnerability assessment on a company’s LAN and determine they are using 802.1x for secure access. Which of the following attacks can a threat actor use to bypass the network security?
MAC spoofing
ARP poisoning
Ping of death
MAC spoofing
A threat actor can spoof a device’s MAC address and bypass 802.1x authentication. Using 802.1x with client certificates or tunneled authentication can help prevent this attack
Your security manager is looking to implement a one-time pad scheme for the company’s salespeople to use when traveling. Which of the following best describes a requirement for this implementation? (Choose three.)
The pad must be distributed securely and protected at its destination.
The pad must always be the same length.
The pad must be used only one time.
The pad must be made up of truly random values.
The pad must be distributed securely and protected at its destination.
The pad must be used only one time.
The pad must be made up of truly random values.
A one-time pad must be delivered by a secure method and properly guarded at each destination. The pad must be used one time only to avoid introducing patterns, and it must be made up of truly random values. Today’s computer systems have pseudo-random-number generators, which are seeded by an initial value from some component within the computer system
A threat actor has created a man-in-the-middle attack and captured encrypted communication between two users. The threat actor was unable to decrypt the messages. Which of the following is the reason the threat actor is unable to decrypt the messages?
Hashing
Symmetric encryption
Asymmetric encryption
Asymmetric encryption
In asymmetric encryption, sometimes referred to as public key encryption, the private key is used to decrypt an encrypted file
You have implemented a PKI to send signed and encrypted data. The user sending data must have which of the following? (Choose two.)
The receiver’s private key
The sender’s private key
The sender’s public key
The receiver’s public key
The sender’s private key
The receiver’s public key
To sign the data for nonrepudiation purposes, the sender uses their private key and when encrypting the data, the sender uses the receiver’s public key
Which of the following best describes the drawback of symmetric key systems?
You must use different keys for encryption and decryption.
The algorithm is more complex.
The key must be delivered in a secure manner.
The key must be delivered in a secure manner.
Symmetric encryption uses the same key to encrypt and decrypt data, so the key must be sent to the receiver in a secure manner. If a person were to get the key somewhere in the middle, they would be able to decrypt the information and read the data or inject it with malware
Your company is looking for a secure backup mechanism for key storage in a PKI. Which of the following would you recommend?
CSR
Key escrow
CA
Key escrow
Key escrow is a security measure where cryptographic keys are held in escrow by a third party and under normal circumstances, the key should not be released to someone other than the sender or receiver without proper authorization
Which cryptography concept uses points on a curve to define public and private key pairs?
Obfuscation
ECC
Stream cipher
ECC
ECC (elliptical curve cryptography) is based on elliptic curve theory that uses points on a curve to define more efficient public and private keys
You are a security administrator and have been given instructions to update the access points to provide a more secure connection. The access points are currently set to use WPA TKIP for encryption. Which of the following would you configure to accomplish the task of providing a more secure connection?
WEP
WPA2 CCMP
Enable MAC filtering
WPA2 CCMP
WPA2 CCMP replaced TKIP and is a more advanced encryption standard. CCMP provides data confidentiality and authentication
Which of the following is an example of a stream cipher?
AES
3DES
RC4
RC4
RC4 is an example of a stream cipher that encrypts data one bit at a time
Which of the following are negotiation protocols commonly used by TLS? (Choose two.)
DHE
ECDHE
RSA
SHA
DHE
ECDHE
DHE (Diffie-Hellman Ephemeral) and ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) are commonly used with TLS to provide perfect forward secrecy
