Cryptology

Question 1

You have encrypted an e-mail message that is only meant to be seen by the recipient. A hacker has intercepted the message. When he views the message, what does he see?

A. The plain text of the e-mail
B. One-way hash of the message
C. The recipient’s certificate information
D. Ciphertext

Answer 1

D. Clear text is transformed into ciphertext after being put through some type of cipher or encryption algorithm system. The ciphertext is unreadable unless it is decrypted back into clear-text form.

Question 2

You have been tasked to implement information assurance principles within your organization’s security and encryption functions. Which of the following isn’t a function of information assurance within encryption systems?

A. Efficiency
B. Confidentiality
C. Integrity
D. Nonrepudiation

Answer 2

A. Efficiency is not a function of information assurance within encryption systems. The four basic functions pertaining to information assurance are confidentiality, integrity, authentication, and nonrepudiation.

Question 3

You have sent your friend a secret, encrypted message. The key you used to encrypt the message is the same key with which your friend will decrypt the message. What type of encryption scheme is used?

A. Asymmetric
B. Symmetric
C. RSA
D. Diffie-Hellman

Answer 3

B. In a symmetric encryption scheme, both parties use the same key for encryption and decryption purposes. Both users must possess the same key to send encrypted messages to each other.

Question 4

Which of the following encryption schemes would you use if your company wants to create an invisible watermark hidden within the images on their web site to identify the images if they are used by another company?

A. One-time pad
B. Elliptical curve
C. One-way hash
D.Steganography

Answer 4

D. Steganography hides data in another type of media that effectively conceals the existence of the data.

Question 5

Your organization wants you to implement an encryption system that ensures the sender and receiver of the encrypted message use different keys for encryption and decryption. Which type of encryption scheme would you use?

A. Elliptical curve
B. Non-symmetric
C. Asymmetric
D. Symmetric

Answer 5

C. An asymmetric encryption scheme relies on the sender and receiver of a message to use different keys for encryption and decryption. The keys are mathematically related but can’t be derived from each other.

Question 6

Which of the following protocols would you use for message authentication and integrity in your encryption systems?

A. Steganography
B. Elliptical curve
C. HMAC
D. One-time pad

Answer 6

C. HMAC (Hash-based Message Authentication Code) is used to authentic a message and provide data integrity. The Message Authentication Code (MAC) is sent along with
the message itself so that the receiver can authenticate the sender of the message and verify the integrity of the message contents.

Question 7

You have been asked to implement hashing protocols that have a low possibility of a hashing collision. Which of the following describes a hashing collision?

A. The greater probability that two or more people in a group of 23 share the same birthday
B. That the hash values of two different messages result in the same value
C. An invalid digital signature
D. When a 128-bit message digest is mixed
with a 256-bit message digest

Answer 7

B. A collision occurs within a hashing algorithm when the hashed values of two different messages result in the same value. Collisions can be used to aid in cracking a hacking algorithm.

Question 8

When you connect to a secure web site, you are asked to accept the server certificate. What is the function of the digital certificate?

A. Securely validates the identity of the server and its public key
B. Identifies you to a certificate authority
C. Provides your ID required by the government to request a public key
D. Allows you to encrypt your web sessions

Answer 8

A. A digital certificate is a credential required by PKI systems that can securely identify an organization’s server, as well as create an association between the server’s authenticated identity and its public keys.

Question 9

You want to start a secure web session to your banking web site to prevent your credentials and financial information from passing as clear text. Which of the following protocols do you use?

A. SSL
B. SSH
C. HTTPS
D. HTTP

Answer 9

C. HTTP communications send all data in clear-text form. For secure web communications, HTTPS is a secure means of communicating HTTP data between a web browser and a web server. HTTPS protects the communication channel by using SSL to provide encrypted and protected communications.

Question 10

When you connect to a secure HTTPS web page, which of the following actions is performed
first?

A. The username and password are sent for authentication.
B. A digital certificate establishes the web site identity to the browser.
C. The web page is displayed, and then authentication is performed.
D. The client establishes its identity to the web server.

Answer 10

B. When a client connects to the secure HTTPS site, the web server sends a certificate to the web browser to establish its identity. If the browser accepts the certificate and finds no validation issues with the certificate, SSL is activated between the server and client. No other communication can occur between the server and client until the certificate is validated and accepted.

Question 11

Which of the following is a cipher that is used to encrypt a data stream?
A. One-Time Pad
B. PGP
C. GPG
D. HMAC

Answer 11

A. One-Time Pad

Question 12

Which of the following is used to add a secret key as input to a hash function?
A. DES
B. SHA-1
C. HMAC
D. Twofish

Answer 12

C. HMAC

Question 13

What will always create a fixed size string of bits regardless of the size of the original data?
   I. MD5
   II. SHA
   III. One-time pad
   IV. CRL

Answer 13

I,ii
Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) are both hashing algorithm that create hashes of a fixed length. MD5 creates a 128-bit hash and SHA-256 creates a 256-bit hash.

Question 14

What are two basic components of encryption?
(A) Algorithms and keys
(B) CAs and CRLs
(C) Certificates and private keys
(D) Public keys and session keys

Answer 14

A

Question 15

A system encrypts data prior to transmitting it over a network, and the system on the other end of the transmission media decrypts it. If the systems are using a symmetric encryption algorithm for encryption and decryption, which of the following statements are true?
(A) A symmetric encryption algorithm uses the same key to encrypt and decrypt data at both ends of the transmission media.
(B) A symmetric encryption algorithm uses different keys to encrypt and decrypt data at both ends of the transmission media.
(C) A symmetric encryption algorithm does not use keys to encrypt and decrypt data at both ends of the transmission media.
(D) A symmetric encryption algorithm is an insecure method used to encrypt data transmitted over transmission media.

Answer 15

A

Question 16

Of the following choices, what is an encryption algorithm that is commonly used in small portable devices such as mobile phones?
(A) Steganography
(B) 3DES
(C) PGP
(D) Elliptic curve

Answer 16

D Elliptic curve cryptography is an encryption technology commonly used with small mobile devices and it provides strong confidentiality using the least amount of computing resources.

Question 17

A web site includes graphic files. A security professional is comparing the hash of a graphic file captured last week, with the hash of what appears to be the same graphic file today. What is the security professional looking for?
(A) CRL
(B) Steganography
(C) Key
(D) Digital signature

Answer 17

B

Question 18

Which of the following protocols requires a CA for authentication?
(A) FTP
(B) PEAP-TLS
(C) AES
(D) PKI

Answer 18

B Protected Extensible Authentication Protocol Transport Layer Security (PEAP-TLS) uses TLS for the authentication process and TLS requires a certificate provided by a certification authority (CA).

Question 19

An organization wants to verify the identity of anyone sending emails. The solution should also verify integrity of the emails. What can they use?
(A) AES
(B) Encryption
(C) CRL
(D) Digital signatures

Answer 19

D

Question 20

Sally is sending an email and she encrypted a portion of the email with her private key. What can this provide?
(A) Confidentiality
(B) Validation of her certificate
(C) Non-repudiation
(D) One-time pad

Answer 20

C

Question 21

Sally sent an encrypted email with a digital signature to Joe. Joe wants to verify the email came from Sally. How can this be achieved?
(A) Use Sally’s private key to verify the digital signature
(B) Use Sally’s private key to decrypt the email
(C) Use Sally’s public key to verify the digital signature
(D) Use Sally’s public key to decrypt the email

Answer 21

C

Question 22

What type of key is used to sign an email message?
(A) Senders public key
(B) Senders private key
(C) Recipients public key
(D) Recipients private key

Answer 22

B

Question 23

A system administrator wants to create a unique identifier for an executable file. Of the following choices, what can be used?
(A) RC4
(B) Public key
(C) Private key
(D) SHA

Answer 23

D Secure Hash Algorithm (SHA) is a hashing algorithm that can ensure the integrity of data including executable files.

Question 24

Of the following choices, what can ensure the integrity of email messages?
(A) MD5
(B) AES
(C) TwoFish
(D) RSA

Answer 24

A Message Digest 5 (MD5) is a hashing algorithm that can ensure the integrity of data including email messages

Question 25

Which of the following is an encryption algorithm that uses 128-bit keys?
(A) DES
(B) AES
(C) 3DES
(D) MD5

Answer 25

B Advanced Encryption Standard (AES) uses 128, 192, or 256-bit keys.

Question 26

How many bits does DES use?

Answer 26

Data Encryption Standard (DES) uses 56-bit keys

Question 27

How many bits does 3 DES use?

Answer 27

3DES uses 56, 112, or 168-bit keys

Question 28

Which of the following uses 56-bit keys for encryption?
(A) AES
(B) DES
(C) MD5
(D) SHA

Answer 28

B Data Encryption Standard (DES) uses 56-bit keys and is a weak encryption protocol.

Question 29

Which of the following is an encryption algorithm that uses multiple keys and encrypts data multiple times?
(A) DES
(B) AES
(C) 3DES
(D) MD5

Answer 29

C Triple Data Encryption Standard (3DES) is an improvement over DES and encrypts data using multiple keys and multiple passes of the DES algorithm.

Question 30

if hardware doesn’t support AES what encryption may be used?

Answer 30

3DES

Question 31

Of the following choices, what can you use to encrypt email?
(A) HMAC
(B) RIPEMD
(C) PII
(D) S/MIME

Answer 31

D Secure/Multipurpose Internet Mail Extensions (S/MIME) can encrypt email at rest (stored on a drive) and in transit (sent over the network).

Question 32

Sally and Joe decide to use PGP to exchange secure email. What should Sally provide to Joe so that Joe can encrypt email before sending it to her?
(A) Her private key
(B) Her public key
(C) Her recovery key
(D) Her steganography key

Answer 32

B Pretty Good Privacy (PGP) uses RSA and public key cryptography and email is encrypted with the recipient’s public key (Sally’s public key).

Question 33

How can a forensic analysis ensure the integrity of an image of a computers memory?
(A) Use AES-128
(B) Use SHA-256
(C) Encrypt the image
(D) Power the system down before capturing the image

Answer 33

B You can ensure integrity with hashing algorithms such as SHA-256, and this includes images of memory and images of disks.

Question 34

Which of the following statements accurately describes the relationship between keys in a PKI?
(A) Data encrypted with a public key can only be decrypted with the matching private key.
(B) Data encrypted with a public key can only be decrypted with the matching public key.
(C) Data encrypted with a private key can only be decrypted with the matching private key.
(D) The public key always encrypts and the private key always decrypts.

Answer 34

A Data encrypted with a public key can only be decrypted with the matching private key, and data encrypted with the private key can only be encrypted with the matching public key.

Question 35

Which encryption algorithm uses prime numbers to generate keys?
(A) RSA
(B) SHA
(C) S/MIME
(D) PGP

Answer 35

A

Question 36

Sally is sending data to Joe. She uses asymmetric encryption to encrypt the data to ensure that only Joe can decrypt it. What key does Sally use to encrypt the data?
(A) Sally's public key
(B) Sally's private key
(C) Joe's public key
(D) Joe's private key

Answer 36

C Sally uses Joe’s public key (the recipients public key) to encrypt the data. Because Joe is the only person with Joe’s private key, Joe is the only person that can decrypt the data.

Question 37

A user visits an ecommerce web site and initiates a secure connection. What type of key does the web site provide to the user?
(A) Symmetric key
(B) Private key
(C) Public key
(D) MD5 key

Answer 37

C The web site provides its public key in a certificate and the users system uses this to encrypt a symmetric key.

Question 38

Two systems need to establish a secure session between each other without any prior communication. What is needed to support this?
(A) Symmetric encryption
(B) PKI
(C) AES
(D) MD5

Answer 38

B A Public Key Infrastructure (PKI) is a group of technologies used to request, create, manage, store, distribute, and revoke digital certificates used with asymmetric encryption.

Question 39

What entity verifies the authenticity of certificates?
(A) CRILL
(B) Digital signature
(C) CA
(D) Recovery agent

Answer 39

C

Question 40

A company is using a key escrow for their PKI. What does this provide?
(A) It maintains a copy of a private key for recovery purposes
(B) It maintains a copy of a public key for recovery purposes
(C) It provides a copy of revoked certificates
(D) It provides a digital signature

Answer 40

A

Question 41

What can a PKI recovery agent recover?
(A) Public key
(B) CRL
(C) Private key
(D) MD5 key

Answer 41

C

Question 42

Sally encrypted a project file with her public key. Later, an administrator accidentally deleted her account that had exclusive access to her private key. Can this project file be retrieved?
(A)
No. If the private key is lost, the data cannot be retrieved.
(B) Yes. The public key can decrypt the file.
(C) Yes, if a copy of her public key is stored in escrow.
(D) Yes, if the organization uses a recovery agent.

Answer 42

D If an organization uses a recovery agent, the recovery agent can decrypt the file, in some cases by recovering a copy of the private key, and in other cases by using a special recovery agent key.

Question 43

A user browses to a web site and sees this message: ‘The sites certificate is not trusted’. Â What is a likely reason?
(A) The CAs root certificate is in the trusted root certification authority store
(B) The certificate is listed in the CRL
(C) The CA is not a trusted root CA
(D) The certificate is not in the CRL

Answer 43

C If the certificate authority (CA) isn’t trusted, web browsers will display a message indicating that the sites certificate is not trusted.

Question 44

What will always create a fixed size string of bits regardless of the size of the original data?
   I. MD5
   II. SHA
   III. One-time pad
   IV. CRL
(A) I and II
(B) II and III
(C) III and IV
(D) I and IV

Answer 44

A Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) are both hashing algorithm that create hashes of a fixed length. MD5 creates a 128-bit hash and SHA-256 creates a 256-bit hash.

Question 45

Sally and Joe decide to use PGP to exchange secure email. What should Sally provide to Joe so that Joe can encrypt email before sending it to her?
(A) Her private key
(B) Her public key
(C) Her recovery key
(D) Her steganography key

Answer 45

B Pretty Good Privacy (PGP) uses RSA and public key cryptography and email is encrypted with the recipient’s public key (Sally’s public key).

Question 46

Which of the following choices are valid reasons to revoke a certificate holding a key?
   I. Key compromise
   II. CA compromise
   III. Loss of data
   IV. Database breach
(A) I and II
(B) II and III
(C) III and IV
(D) I and IV

Answer 46

A Valid reasons to revoke a certificate include key compromise and CA compromise.

Question 47

What is MD5 used for?

Answer 47

Integrity. It creates a fixed length numeric string known as a hash.

Question 48

What does SHA-2 create?

Answer 48

A fixed length numeric string known as a hash

Question 49

What’s the minimum number of bits used in an AES encryption key?

Answer 49

128 bits

Question 50

What is used to encrypt HTTPS?

Answer 50

SSL or TLS

Question 51

What asymmetric key is used to encrypt data in an email?

Answer 51

The recipients public key

Question 52

What type of encryption is used to encrypt data within an HTTPS session?

Answer 52

Symmetric

Question 53

What type of encryption is used to privately share a session key in an HTTPS session?

Answer 53

Asymmetric

Question 54

Which type of cipher encrypts data in fixed-size

blocks?

Answer 54

Block

Question 55

What is encrypted in IPSec tunnel mode: the header,

the payload, or both?

Answer 55

Both

Question 56

Which Application-layer protocol supports public-key

encryption and key distribution centers (KDCs)?

Answer 56

Internet Key Management Protocol (IKMP)

Question 57

Which algorithms are symmetric key algorithms?

Answer 57

Data Encryption Standard (DES), Triple DES (3DES), Blowfish, IDEA, RC4, RC5, RC6, and Advanced Encryption Standard (AES)

Question 58

Which protocol provides connectionless integrity,
data origin authentication, replay protection, and
confidentiality (encryption) using Authentication
Header (AH) and Encapsulating Security Payload
(ESP)?

Answer 58

Internet Protocol Security (IPSec)

Question 59

What does PKCS stand for?

Answer 59

Public-Key Cryptography Standard

Question 60

What are the three issues that symmetric data

encryption fails to address?

Answer 60

Data integrity, repudiation, scalable key distribution

Question 61

Which security protocol is the standard
encryption protocol for use with the WPA2
standard?

Answer 61

Counter Mode Cipher Block Chaining Message
Authentication Code Protocol (often abbreviated
CCMP)

Question 62

What is the name for an encryption key that
can be easily reverse-engineered from the
encrypted data by brute force methods?

Answer 62

A weak key

Question 63

Which built-in algorithm (or mechanism) provides
encryption and security for 802.11 wireless
networks?

Answer 63

Wired Equivalent Privacy (WEP)

Question 64

Which key should be encrypted and protected with
a password when stored: a public key or a private
key?

Answer 64

A private key

Question 65

How is a digital signature created from a message

digest?

Answer 65

It is encrypted using the sender’s private key.

Question 66

What is the component included with Windows
Vista and higher operating systems that
encrypts an entire volume with 128-bit
encryption to prevent information from being
read if the drive is lost or stolen?

Answer 66

BitLocker

Question 67

Which key is used to decrypt a digital signature:

public or private?

Answer 67

Public

Question 68

What is the purpose of mobile device encryption?

Answer 68

Ensure that the contents of the mobile device are confidential