Cryptography & PKI

Question 1

Define Cipher Text

Answer 1

Text that has been encrypted for confidentiallity

Question 2

Define Plain Text

Answer 2

Readable text for human comprehension

Question 3

Define Symmetric Encryption

Answer 3

Encryption using a shared secret key, typically used for bulk encryption

Question 4

Define Asymmetric Encrytpion

Answer 4

Encryption using a key pair consisting of a private and a public key

Question 5

Goals of Cryptology

Answer 5

Confidentiality
Integrity
Authentication
Non-Repudiation

Question 6

Define a Code

Answer 6

Substitutes one word or phrase for another

Question 7

Define a Cipher

Answer 7

A mathematical algorithm for encryption

Question 8

Types of Ciphers

Answer 8

Stream verses Block

Substitution verses Transposition

Question 9

Define a Stream Cipher

Answer 9

Encrypts a single character at a time

Question 10

Define a Block Cipher

Answer 10

Encrypts a chunk of text at a time

Question 11

Define a Substitution Cipher

Answer 11

Encrypts by changing individual characters

Question 12

Define a Transposition Cipher

Answer 12

Encrypts by scrambling letters

Question 13

Define XOR

Answer 13

Exclusive Or;

True when only one input of two or more are true

Question 14

Explain the Confusion Principle

Answer 14

Hide connection between cipher and key, can be used in stream and block ciphers

Question 15

Explain the Diffusion Principle

Answer 15

Any change in input creates 50% or greater change in output

Question 16

Explain the Obfuscation Principle

Answer 16

Action taken to make something unclear, unintelligible, or obscure

Question 17

One-Time Pad Criteria

Answer 17

2 identical pads
Equal length
Single Use

Question 18

Explain Security through Obscurity

Answer 18

Security reliant upon secrecy,

Generally disparaged

Question 19

5 Stages of NIST Crypto Lifecycle

Answer 19

Initiation
Develop and Acquire
Implement and Assess
Operate and Maintain
Sunset; stop, destroy, or archive

Question 20

DES Key Facts

Answer 20

Symmetric
64 bit blocks
56 bit key
Insecure

Question 21

3DES Key Facts

Answer 21

Symmetric
64 bit blocks
168 bit key (112 effective key length)
Secure utilizing 3 separate keys
Used in IPsec

Question 22

AES Key Facts

Answer 22

Symmetric
128 bit blocks
128, 192, or 256 bit key
Secure
Uses Rijndael block Cipher

Question 23

Blowfish Key Facts

Answer 23

Symmetric
64 bit blocks
32-448 bit key
Secure (at larger key sizes)

Question 24

Twofish Key Facts

Answer 24

Symmetric
128 bit block
128, 192, or 256 bit key
Secure (more complex and faster then Blowfish)

Question 25

RC4 Key Facts

Answer 25

Symmetric
Stream cipher
40-2048 bit key
Not secure/most common
Used in WEP and SSL

Question 26

Cipher Block Modes

Answer 26

ECB
CBC
CR
GCM

Question 27

Describe ECB Mode

Answer 27

Electronic Codebook;

Utilize same encryption key for each block

Question 28

Describe CBC Mode

Answer 28

Cipher Block Chaining;

Use previous cipher block as key for subsequent blocks

Question 29

Describe CR Mode

Answer 29

Counter Mode;
Uses nonce plus a counter for encryption key.
Counter increases for each block

Question 30

Describe GCM

Answer 30

Galois Counter Mode;

Adds authentication ability to CR

Question 31

Define Stegonography

Answer 31

Hiding data in large files

Question 32

RSA Key Facts

Answer 32

Asymmetric
1024-4096 bit key
Digital certificate with key distribution
Secure

Question 33

Define PGP/GnuPG

Answer 33

Pretty Good Privacy;
Encrypt with random shared key (symmetric)
Encrypt random key with public key (asymmetric)
GnuPG is open source version

Question 34

Define Perfect Forward Secrecy

Answer 34

Nodes work independent of one another so that no node knows both final source and destination

Question 35

Key Exchange Methods

Answer 35

Out-of-band

In-Band

Question 36

Explain the Diffie-Hellman Process

Answer 36

Select common number and share
Choose secret number and compute results
Share results
Use shared results to create shared secret

Question 37

Define DH Group 1

Answer 37

768 bit group

Insecure

Question 38

Define DH Group 2

Answer 38

1024 big group

Insecure

Question 39

Define DH Group 5

Answer 39

1536 bit group

Insecure

Question 40

Define DH Group 14

Answer 40

2048 bit group

Secure

Question 41

Define DH Group 20

Answer 41

384 bit elliptic curve

Secure

Question 42

Define DH Group 21

Answer 42

521 bit elliptic curve

Secure

Question 43

Define DH Group 24

Answer 43

2048 bit group
256 bit subgroup
Secure

Question 44

Purpose of Key Escrow

Answer 44

Government access to keys pending court orders

Key storage backups (debatable)

Question 45

Define Key Stretching

Answer 45

Increase strength of passwords by increasing length and/or complexity

Question 46

Key Stretching Methods

Answer 46

Salting

Hashing

Question 47

Define Password/Key Salting

Answer 47

Add value to a key to increase length

Question 48

Define Password/Key Hashing

Answer 48

Adds time with additional math

Question 49

Key Stretching Functions

Answer 49

PBKDF2

Bcrypt

Question 50

Define PBKDF2

Answer 50

Password Based Key Derivation Function v2;
Uses salt and hash
Minimum of 4000 iterations

Question 51

Define Bcrypt

Answer 51

Key stretching utilizing Blowfish algorithm

Question 52

Factors of a Good Hash

Answer 52

One way, not reversible
Collision Resistant
Small input change creates large output change

Question 53

Define a Collision

Answer 53

Two separate inputs create the same hashed output

Question 54

MD5 Key Facts

Answer 54

Message Digest 5
128 bit hash
Not secure

Question 55

SHA1 Key Facts

Answer 55

Secure Hash Algorithm
160 bit hash
Not secure

Question 56

SHA2 Key Facts

Answer 56

Secure Hash Algorithm 2
224, 256, 384, 512 bit hashes
Secure

Question 57

SHA3 Key Facts

Answer 57

Secure Hash Algorithm 3
Produce hash at any fixed input length
Secure?

Question 58

RIPEMD Key Facts

Answer 58

RACE Integrity Primitive Message Digest
128, 160, 256, and 320 bit hashes
Secure greater then 128 bit

Question 59

Define HMAC

Answer 59

Hash-Based Message Authentication Code;

Compares hashes to verify integrity

Question 60

NIST Approved DSSs

Answer 60

DSA
RSA
ECDSA

Question 61

X.509 Digital Certification Process

Answer 61

Create key pair
CSR
CA validates ID
CA encrypts Certificate with CA’s private key

Question 62

Certificate Revocation Methods

Answer 62

CRL

OCSP

Question 63

Define Certificate Stapling

Answer 63

Time stamped certificates with expiration

Question 64

Define Certificate Chaining

Answer 64

Transitive trust between CAs, internal CA trusted by 3rd party CA leading to chain of trust

Question 65

Purpose of OIDs

Answer 65

Object Identifiers, can be used to trace certificate origins

Question 66

Define Certificate Pinning

Answer 66

Ties cert to subject for a period of time

Question 67

Certificate Types

Answer 67

Root
Wildcard
Code Signing
Machine/Computer
SAN
DV
OV
EV

Question 68

Explain a Root Certificate

Answer 68

Protected highest level of CA with private keys, often taken offline except when needed

Question 69

Define a Wildcard Certificate

Answer 69

Match entire domains up to one layer deep

Question 70

Define a DV

Answer 70

Domain Validation;

lowest level of validation

Question 71

Define a OV

Answer 71

Organizational Validation;

Verify business name

Question 72

Define an EV

Answer 72

Extended Validation;
Extensive investigation
Sometimes portrayed as a green locked icon to the left of a browser’s search bar

Question 73

DER File Usage and Extensions

Answer 73

Distinguished Encoding Rules (binary format, largely used by Java Platform);
.der
.crt
.cer

Question 74

PEM File Usage and Extensions

Answer 74

Privacy Enhanced Mail (ASCII format, largely Linux/Unix systems);
.pem
.crt
.key
.cer

Question 75

PFX File Usage and Extensions

Answer 75

Personal Information Exchange;
(binary format, used by Microsoft systems)
.pfx
.p12
(ASCII format, provide Cert chain)
.p7b
.p7c

Question 76

Knowledge Based Attack Types

Answer 76

Frequency/pattern
Known plain text
Chosen plain text

Question 77

Define DRM

Answer 77

Digital Rights Management;

Watermarking protected content/protecting with encryption

Question 78

Explain Low Power Effect on Encryption

Answer 78

May limit key space

Question 79

Explain Encryption Effect on Latency

Answer 79

May bottleneck network traffic

Question 80

Explain Cryptographic Resiliance

Answer 80

A cipher/algorithm’s resistance to attacks

Question 81

Define Kerckhoff’s Principle

Answer 81

Security of algorithm depends on secrecy of the key

Question 82

Define Access Recertification

Answer 82

Auditing of account access privileges and permissions for alignment with security policies

Question 83

Define a Nonce

Answer 83

A random or pseudo random number used one time to prevent replay attacks

Question 84

DSA Key Facts

Answer 84

Digital Signature Algorithm

Similar to RSA but used for authentication only

Question 85

Define ECDSA

Answer 85

Elliptic Curve Digital Signature Algorithm

Question 86

Out-of-Band Key Exchange Methods

Answer 86

In person
Over the phone
Via courier
DH

Question 87

In-Band Key Exchange Methods

Answer 87

Over the network using encryption with recipients public key

Question 88

Common SSL Certificate Errors

Answer 88

SSL Certificate Not Trusted
Name Mismatch
Mixed Content
Expired SSL Certificate

Question 89

Describe SSL Certificate Not Trusted Error and Remediation

Answer 89

Browser does not recognize CA. Remediate by purchasing and installing certificate from trusted CA.

Question 90

Describe Name Mismatch Certificate Error and Remediation

Answer 90

Domain name does not match URL. Double check URL for accuracy and possibly upgrade to dedicated IP address.

Question 91

Describe Mixed Content Error and Remediation

Answer 91

Website displays mixed HTTP and HTTPS content. Identify mixed content and adjust source code (if possible).

Question 92

Describe Expired SSL Certificate and Remediation

Answer 92

Certificate no longer valid with CA. Renew the certificate.

Question 93

Define SAN Certificate

Answer 93

Subject Alternate Name; allows multiple host names to be protected by a single certificate (also called Unified Communications Certificate, UCC)

Question 94

Define a Atbash Cipher

Answer 94

Cipher text is alphabetically inverted plain text

Question 95

Define a Caesar Cipher

Answer 95

Cipher text is rotated X places from plain text

Question 96

Define ROT13

Answer 96

Cipher text is rotated 13 places from plain text

Question 97

Define S/MIME and purpose

Answer 97

Secure Multipurpose Internet Mail Extensions, encrypt emails

Question 98

Define DH Group 16

Answer 98

4096 bit MODP

Question 99

Define DH Group 17

Answer 99

6144 bit MODP

Question 100

Define DH Group 18

Answer 100

8192 bit MODP

Question 101

Define DH Group 19

Answer 101

256 bit Elliptic Curve

Question 102

Define DH Group 15

Answer 102

3072 bit MODP

Question 103

Non-Variable Block Ciphers

Answer 103

DES
RC2
Blowfish
Twofish
SkipJack
IDEA

Question 104

RC5 Key Facts

Answer 104

Symmetric block cipher

0-2048 bits

Question 105

DH alternative

Answer 105

El Gamal

Question 106

Define a CSP

Answer 106

Cryptographic Service Provider, generates key pairs for the client

Question 107

Benefit of Centralized Key Management Solutions

Answer 107

Key escrow

Question 108

Define a Registration Authority

Answer 108

Validates information contained within certificate requests

Question 109

Define a CPS

Answer 109

Certificate Practice Statement; an organizations certificate issuing policy