Cryptography and PKI (3) Flashcards
Which of the following statements is true regarding symmetric key systems?
They use different keys on each end of the transported data.
They use multiple keys for creating digital signatures.
They use the same key on each end of the transported data.
They use the same key on each end of the transported data.
A symmetric key system uses the same key to encrypt and decrypt data during the transport
Which of the following ciphers was created from the foundation of the Rijndael algorithm?
TKIP
AES
DES
AES
AES is a subset of the Rijndael cipher developed by Vincent Rijmen and Joan Daemen. Rijndael is a family of ciphers with different key and block sizes
Katelyn is sending an important email to Zackary, the manager of human resources. Company policy states messages to human resources must be digitally signed. Which of the following statements is correct?
Katelyn’s public key is used to verify the digital signature.
Katelyn’s private key is used to verify the digital signature.
Zackary’s public key is used to verify the digital signature.
Katelyn’s public key is used to verify the digital signature.
Digital signatures are created with the sender’s private key and verified by the sender’s public key
Data integrity is provided by which of the following?
3DES
MD5
AES
MD5
MD5 is a hashing algorithm that transforms a string of characters into a fixed-length value or key, also known as a hash value. Hashes ensure the integrity of data or messages
Which of the following is a symmetric encryption algorithm that is available in 128-bit, 192-bit, and 256-bit key versions?
AES
DES
RSA
AES
AES is a symmetric encryption that supports key sizes of 128, 192, and 256 bits
Which of the following items are found within a digital certificate? (Choose two.)
Serial number
Default gateway
Public key
Session key
Serial number
Public key
The structure of an X.509 digital signature includes a serial number and public key of the user or device
In an 802.1x implementation, which of the following devices mutually authenticate with each other? (Choose two.)
Authentication server
Certificate authority
Domain controller
Supplicant
Authentication server
Supplicant
The authentication server and supplicant mutually authenticate with each other. This helps prevent rogue devices from connecting to the network
Which of the following statements is true regarding the confusion encryption method?
It puts one item in the place of another; for example, one letter for another or one letter for a number.
It scrambles data by reordering the plain text in a certain way.
It uses a relationship between the plain text and the key that is so complicated the plain text can’t be altered and the key can’t be determined.
It uses a relationship between the plain text and the key that is so complicated the plain text can’t be altered and the key can’t be determined.
Confusion encryption is a method that uses a relationship between the plain text and the key that is so complicated the plain text can’t be altered and the key can’t be determined by a threat actor
Which of the following is required when employing PKI and preserving data is important?
CA
CRL
Key escrow
Key escrow
Key escrow is a database of stored keys that can be retrieved should the original user’s key be lost or compromised. The stored key can be used to decrypt encrypted material, allowing restoration of the original material to its unencrypted state
You need to encrypt the signature of an email within a PKI system. Which of the following would you use?
Public key
Shared key
Private key
Private key
The private key is used to encrypt the signature of an email, and the sender’s public key is used to decrypt the signature and verify the hash value
Which of the following standards was developed by the Wi-Fi Alliance and implements the requirements of IEEE 802.11i?
NIC
WPA
WPA2
WPA2
802.11i is an amendment to the original IEEE 802.11 and is implemented as WPA2. The amendment deprecated WEP
You are asked to create a wireless network for your company that implements a wireless protocol that provides maximum security while providing support for older wireless devices. Which protocol should you use?
WPA
WPA2
WEP
WPA
WPA (WiFi Protected Access) is a security standard that replaced and improved on WEP and is designed to work with older wireless clients
Bob is a security administrator and needs to encrypt and authenticate messages that are sent and received between two systems. Which of the following would Bob choose to accomplish his task?
MD5
SHA-256
RSA
RSA
RSA is a public key encryption algorithm that can both encrypt and authenticate messages
Which of the following algorithms is generally used in mobile devices?
3DES
DES
ECC
ECC
ECC (elliptical curve cryptography) uses less processing power and works best in devices such as wireless devices and cellular phones. ECC generates keys faster than other asymmetric algorithms. Determining the correct set of security and resource constraints is an important beginning step when planning a cryptographic implementation
Which of the following statements best describes the difference between public key cryptography and public key infrastructure?
Public key cryptography is another name for an asymmetric algorithm, whereas public key infrastructure is another name for a symmetric algorithm.
Public key cryptography uses one key to encrypt and decrypt the data, and public key infrastructure uses two keys to encrypt and decrypt the data.
Public key cryptography is another name for asymmetric cryptography, whereas public key infrastructure contains the public key cryptographic mechanisms.
Public key cryptography is another name for asymmetric cryptography, whereas public key infrastructure contains the public key cryptographic mechanisms.
Public key cryptography is also known as asymmetric cryptography. Public key cryptography is one piece of the PKI (public key infrastructure)
Your company has a public key infrastructure (PKI) in place to issue digital certificates to users. Recently, your company hired temporary contractors for a project that is now complete. Management has requested that all digital certificates issued to the contractors be revoked. Which PKI component would you consult for the management’s request?
CA
CRL
CSR
CRL
A CRL (certificate revocation list) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should not be trusted
Which of the following security setup modes are intended for use in a small office or home office environment? (Choose two.)
WPS
WPA-Enterprise
WPA2-Enterprise
WPA2-Personal
WPS
WPA2-Personal
Most small office, home office (SOHO) networks use WPS and WPA2-Personal. WPS is a network security standard that allows home users to easily add new devices to an existing wireless network without entering long passphrases. WPA2-Personal uses a passphrase that is entered into the SOHO router
Which of the following automatically updates browsers with a list of root certificates from an online source to track which certificates are to be trusted?
Trust model
Key escrow
PKI
Trust model
A trust model is a collection of rules that informs applications as to how to decide the validity of a digital certificate
Which of the following EAP types uses the concepts of public key infrastructure (PKI)?
EAP-TLS
PEAP
EAP-FAST
EAP-TLS
EAP-TLS uses the concepts of public key infrastructure (PKI). It eliminates the need for a shared secret between the client and the server. Digital certificates are used instead
Which of the following use PSK authentication? (Choose two.)
WPA-Enterprise
WPA-Personal
WPA2-Personal
WPA2-Enterprise
WPA-Personal
WPA2-Personal
Security used in SOHO environments is PSK (preshared key) authentication. WPA-Personal and WPA2-Personal use the PSK authentication method
You are receiving calls from users who are connected to the company’s network and are being redirected to a login page with the company’s logo after they type a popular social media web address in an Internet browser. Which of the following is causing this to happen?
Key stretching
MAC filtering
Captive portal
Captive portal
A captive portal is a web page where the user must view and agree to the terms before access to the network is granted. They are typically used by business centers, airports, hotels, and coffee shops
Elliptic curve cryptosystem (ECC) is an asymmetric algorithm. Which of the following statements best describe why ECC is different from other asymmetric algorithms? (Choose two.)
It is more efficient.
It provides digital signatures, secure key distribution, and encryption.
It uses more processing power to perform encryption.
It provides fast key generation.
It is more efficient.
It provides fast key generation.
Elliptic curve cryptosystem (ECC) differs from other asymmetric algorithms due to its efficiency. ECC uses less processing power and works best in low power devices such as wireless devices and cellular phones. ECC generates keys faster than other asymmetric algorithms
WEP’s RC4 approach to encryption uses a 24-bit string of characters added to data that are transmitted. The same plain text data frame will not appear as the same WEP-encrypted data frame. What is this string of characters called?
Diffusion
IV
Session key
IV
IV (initialization vector) is an arbitrary number that is used with a secret key for data encryption. IV makes it more difficult for hackers to break a cipher
Your manager has recently purchased a RADIUS server that will be used by remote employees to connect to internal resources. Several client computers need to connect to the RADIUS server in a secure manner. What should your manager deploy?
HIDS
VLAN
802.1x
- 1x
- 1x enhances security within a WLAN by providing an authentication framework. Users are authenticated by a central authority before they are allowed within the network
Katelyn, a network administrator, has deleted the account for a user who left the company last week. The user’s files were encrypted with a private key. How can Katelyn view the user’s files?
The data can be decrypted using the backup user account.
The data can be decrypted using the recovery agent.
She must re-create the former user’s account.
The data can be decrypted using the recovery agent.
The data can be decrypted with a recovery agent if the company configured one before. If there is no recovery agent, the encrypted file will be unrecoverable
Your company has recently implemented an encryption system on the network. The system uses a secret key between two parties and must be kept secret. Which system was implemented?
Asymmetric algorithm
Symmetric algorithm
Hashing algorithm
Symmetric algorithm
A symmetric algorithm, also known as a secret key algorithm, uses the same key to encrypt and decrypt data
Tim, a wireless administrator, has been tasked with securing the company’s WLAN.
Which of the following cryptographic protocols would Tim use to provide the most secure environment for the company?
WPA2 CCMP
WPA
WPA2 TKIP
WPA2 CCMP
WPA2 CCMP replaced TKIP and is a more advanced encryption standard. CCMP provides data confidentiality and authentication
Which of the following defines a hashing algorithm creating the same hash value from two different messages?
MD5
Hashing
Collision
Collision
A collision occurs when a hashing algorithm creates the same hash from two different messages
Matt, a network administrator, is deciding which credential-type authentication to use within the company’s planned 802.1x deployment. He is searching for a method that requires a client certificate and a server-side certificate, and that uses tunnels for encryption. Which credential-type authentication method would Matt use?
EAP-TLS
EAP-FAST
PEAP
EAP-TLS
EAP-TLS is a remote access authentication protocol that supports the use of smartcards or user and computer certificates, also known as machine certificates, to authenticate wireless access clients. EAP-TLS can use tunnels for encryption by use of TLS
A coworker is connecting to a secure website using HTTPS. The coworker informs you that before the website loads, their web browser displays an error indicating that the site certificate is invalid and the site is not trusted. Which of the following is most likely the issue?
The web browser is requiring an update.
The server is using a self-signed certificate.
A web proxy is blocking the connection.
The server is using a self-signed certificate.
A self-signed certificate will display an error in the browser stating the site is not trusted because the self-signed certificate is not from a trusted certificate authority
