Cryptography and PKI (3)

Question 1

Which of the following statements is true regarding symmetric key systems?

They use different keys on each end of the transported data.

They use multiple keys for creating digital signatures.

They use the same key on each end of the transported data.

Answer 1

They use the same key on each end of the transported data.

A symmetric key system uses the same key to encrypt and decrypt data during the transport

Question 2

Which of the following ciphers was created from the foundation of the Rijndael algorithm?

TKIP

AES

DES

Answer 2

AES

AES is a subset of the Rijndael cipher developed by Vincent Rijmen and Joan Daemen. Rijndael is a family of ciphers with different key and block sizes

Question 3

Katelyn is sending an important email to Zackary, the manager of human resources. Company policy states messages to human resources must be digitally signed. Which of the following statements is correct?

Katelyn’s public key is used to verify the digital signature.

Katelyn’s private key is used to verify the digital signature.

Zackary’s public key is used to verify the digital signature.

Answer 3

Katelyn’s public key is used to verify the digital signature.

Digital signatures are created with the sender’s private key and verified by the sender’s public key

Question 4

Data integrity is provided by which of the following?

3DES

MD5

AES

Answer 4

MD5

MD5 is a hashing algorithm that transforms a string of characters into a fixed-length value or key, also known as a hash value. Hashes ensure the integrity of data or messages

Question 5

Which of the following is a symmetric encryption algorithm that is available in 128-bit, 192-bit, and 256-bit key versions?

AES

DES

RSA

Answer 5

AES

AES is a symmetric encryption that supports key sizes of 128, 192, and 256 bits

Question 6

Which of the following items are found within a digital certificate? (Choose two.)

Serial number

Default gateway

Public key

Session key

Answer 6

Serial number

Public key

The structure of an X.509 digital signature includes a serial number and public key of the user or device

Question 7

In an 802.1x implementation, which of the following devices mutually authenticate with each other? (Choose two.)

Authentication server

Certificate authority

Domain controller

Supplicant

Answer 7

Authentication server

Supplicant

The authentication server and supplicant mutually authenticate with each other. This helps prevent rogue devices from connecting to the network

Question 8

Which of the following statements is true regarding the confusion encryption method?

It puts one item in the place of another; for example, one letter for another or one letter for a number.

It scrambles data by reordering the plain text in a certain way.

It uses a relationship between the plain text and the key that is so complicated the plain text can’t be altered and the key can’t be determined.

Answer 8

It uses a relationship between the plain text and the key that is so complicated the plain text can’t be altered and the key can’t be determined.

Confusion encryption is a method that uses a relationship between the plain text and the key that is so complicated the plain text can’t be altered and the key can’t be determined by a threat actor

Question 9

Which of the following is required when employing PKI and preserving data is important?

CA

CRL

Key escrow

Answer 9

Key escrow

Key escrow is a database of stored keys that can be retrieved should the original user’s key be lost or compromised. The stored key can be used to decrypt encrypted material, allowing restoration of the original material to its unencrypted state

Question 10

You need to encrypt the signature of an email within a PKI system. Which of the following would you use?

Public key

Shared key

Private key

Answer 10

Private key

The private key is used to encrypt the signature of an email, and the sender’s public key is used to decrypt the signature and verify the hash value

Question 11

Which of the following standards was developed by the Wi-Fi Alliance and implements the requirements of IEEE 802.11i?

NIC

WPA

WPA2

Answer 11

WPA2

802.11i is an amendment to the original IEEE 802.11 and is implemented as WPA2. The amendment deprecated WEP

Question 12

You are asked to create a wireless network for your company that implements a wireless protocol that provides maximum security while providing support for older wireless devices. Which protocol should you use?

WPA

WPA2

WEP

Answer 12

WPA

WPA (WiFi Protected Access) is a security standard that replaced and improved on WEP and is designed to work with older wireless clients

Question 13

Bob is a security administrator and needs to encrypt and authenticate messages that are sent and received between two systems. Which of the following would Bob choose to accomplish his task?

MD5

SHA-256

RSA

Answer 13

RSA

RSA is a public key encryption algorithm that can both encrypt and authenticate messages

Question 14

Which of the following algorithms is generally used in mobile devices?

3DES

DES

ECC

Answer 14

ECC

ECC (elliptical curve cryptography) uses less processing power and works best in devices such as wireless devices and cellular phones. ECC generates keys faster than other asymmetric algorithms. Determining the correct set of security and resource constraints is an important beginning step when planning a cryptographic implementation

Question 15

Which of the following statements best describes the difference between public key cryptography and public key infrastructure?

Public key cryptography is another name for an asymmetric algorithm, whereas public key infrastructure is another name for a symmetric algorithm.

Public key cryptography uses one key to encrypt and decrypt the data, and public key infrastructure uses two keys to encrypt and decrypt the data.

Public key cryptography is another name for asymmetric cryptography, whereas public key infrastructure contains the public key cryptographic mechanisms.

Answer 15

Public key cryptography is another name for asymmetric cryptography, whereas public key infrastructure contains the public key cryptographic mechanisms.

Public key cryptography is also known as asymmetric cryptography. Public key cryptography is one piece of the PKI (public key infrastructure)

Question 16

Your company has a public key infrastructure (PKI) in place to issue digital certificates to users. Recently, your company hired temporary contractors for a project that is now complete. Management has requested that all digital certificates issued to the contractors be revoked. Which PKI component would you consult for the management’s request?

CA

CRL

CSR

Answer 16

CRL

A CRL (certificate revocation list) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should not be trusted

Question 17

Which of the following security setup modes are intended for use in a small office or home office environment? (Choose two.)

WPS

WPA-Enterprise

WPA2-Enterprise

WPA2-Personal

Answer 17

WPS

WPA2-Personal

Most small office, home office (SOHO) networks use WPS and WPA2-Personal. WPS is a network security standard that allows home users to easily add new devices to an existing wireless network without entering long passphrases. WPA2-Personal uses a passphrase that is entered into the SOHO router

Question 18

Which of the following automatically updates browsers with a list of root certificates from an online source to track which certificates are to be trusted?

Trust model

Key escrow

PKI

Answer 18

Trust model

A trust model is a collection of rules that informs applications as to how to decide the validity of a digital certificate

Question 19

Which of the following EAP types uses the concepts of public key infrastructure (PKI)?

EAP-TLS

PEAP

EAP-FAST

Answer 19

EAP-TLS

EAP-TLS uses the concepts of public key infrastructure (PKI). It eliminates the need for a shared secret between the client and the server. Digital certificates are used instead

Question 20

Which of the following use PSK authentication? (Choose two.)

WPA-Enterprise

WPA-Personal

WPA2-Personal

WPA2-Enterprise

Answer 20

WPA-Personal

WPA2-Personal

Security used in SOHO environments is PSK (preshared key) authentication. WPA-Personal and WPA2-Personal use the PSK authentication method

Question 21

You are receiving calls from users who are connected to the company’s network and are being redirected to a login page with the company’s logo after they type a popular social media web address in an Internet browser. Which of the following is causing this to happen?

Key stretching

MAC filtering

Captive portal

Answer 21

Captive portal

A captive portal is a web page where the user must view and agree to the terms before access to the network is granted. They are typically used by business centers, airports, hotels, and coffee shops

Question 22

Elliptic curve cryptosystem (ECC) is an asymmetric algorithm. Which of the following statements best describe why ECC is different from other asymmetric algorithms? (Choose two.)

It is more efficient.

It provides digital signatures, secure key distribution, and encryption.

It uses more processing power to perform encryption.

It provides fast key generation.

Answer 22

It is more efficient.

It provides fast key generation.

Elliptic curve cryptosystem (ECC) differs from other asymmetric algorithms due to its efficiency. ECC uses less processing power and works best in low power devices such as wireless devices and cellular phones. ECC generates keys faster than other asymmetric algorithms

Question 23

WEP’s RC4 approach to encryption uses a 24-bit string of characters added to data that are transmitted. The same plain text data frame will not appear as the same WEP-encrypted data frame. What is this string of characters called?

Diffusion

IV

Session key

Answer 23

IV

IV (initialization vector) is an arbitrary number that is used with a secret key for data encryption. IV makes it more difficult for hackers to break a cipher

Question 24

Your manager has recently purchased a RADIUS server that will be used by remote employees to connect to internal resources. Several client computers need to connect to the RADIUS server in a secure manner. What should your manager deploy?

HIDS

VLAN

802.1x

Answer 24

802. 1x
803. 1x enhances security within a WLAN by providing an authentication framework. Users are authenticated by a central authority before they are allowed within the network

Question 25

Katelyn, a network administrator, has deleted the account for a user who left the company last week. The user’s files were encrypted with a private key. How can Katelyn view the user’s files?

The data can be decrypted using the backup user account.

The data can be decrypted using the recovery agent.

She must re-create the former user’s account.

Answer 25

The data can be decrypted using the recovery agent.

The data can be decrypted with a recovery agent if the company configured one before. If there is no recovery agent, the encrypted file will be unrecoverable

Question 26

Your company has recently implemented an encryption system on the network. The system uses a secret key between two parties and must be kept secret. Which system was implemented?

Asymmetric algorithm

Symmetric algorithm

Hashing algorithm

Answer 26

Symmetric algorithm

A symmetric algorithm, also known as a secret key algorithm, uses the same key to encrypt and decrypt data

Question 27

Tim, a wireless administrator, has been tasked with securing the company’s WLAN.

Which of the following cryptographic protocols would Tim use to provide the most secure environment for the company?

WPA2 CCMP

WPA

WPA2 TKIP

Answer 27

WPA2 CCMP

WPA2 CCMP replaced TKIP and is a more advanced encryption standard. CCMP provides data confidentiality and authentication

Question 28

Which of the following defines a hashing algorithm creating the same hash value from two different messages?

MD5

Hashing

Collision

Answer 28

Collision

A collision occurs when a hashing algorithm creates the same hash from two different messages

Question 29

Matt, a network administrator, is deciding which credential-type authentication to use within the company’s planned 802.1x deployment. He is searching for a method that requires a client certificate and a server-side certificate, and that uses tunnels for encryption. Which credential-type authentication method would Matt use?

EAP-TLS

EAP-FAST

PEAP

Answer 29

EAP-TLS

EAP-TLS is a remote access authentication protocol that supports the use of smartcards or user and computer certificates, also known as machine certificates, to authenticate wireless access clients. EAP-TLS can use tunnels for encryption by use of TLS

Question 30

A coworker is connecting to a secure website using HTTPS. The coworker informs you that before the website loads, their web browser displays an error indicating that the site certificate is invalid and the site is not trusted. Which of the following is most likely the issue?

The web browser is requiring an update.

The server is using a self-signed certificate.

A web proxy is blocking the connection.

Answer 30

The server is using a self-signed certificate.

A self-signed certificate will display an error in the browser stating the site is not trusted because the self-signed certificate is not from a trusted certificate authority