Domain 1, Quiz 2 Flashcards
What is the primary purpose of a backout plan in the change management process?
a. To define the steps to revert to the original state if the change is unsuccessful.
b. To analyze the impact of the change on the organization.
c. To identify the stakeholders involved in the change.
d. To document the version control of the change.
To define the steps to revert to the original state if the change is unsuccessful.
A backout plan is a recovery plan designed to revert a system to its original state if a change fails or causes unforeseen negative effects.
Which of the following tools is used to generate, store, and manage cryptographic keys securely?
a. Secure enclave
b. Online Certificate Status Protocol (OCSP)
c. Hardware security module (HSM)
d. Data masking
Hardware security module (HSM)
A hardware security module (HSM) is a physical device that provides secure storage and management of cryptographic keys.
Which of the following is an asymmetric encryption algorithm?
a. Triple DES
b. RSA
c. AES
d. Blowfish
RSA
RSA (Rivest–Shamir–Adleman) is an asymmetric encryption algorithm that uses a pair of keys: a public key and a private key.
What is the primary purpose of salting a password before hashing it?
a. To ensure the same password does not produce the same hash value.
b. To obfuscate the password using steganography.
c. To encrypt the password using a public key.
d. To increase the key length of the password.
To ensure the same password does not produce the same hash value.
Salting a password involves adding a random value (the salt) to the password before hashing it. This ensures that even if two users have the same password, their hashes will differ because of the unique salts.
What is the main purpose of key stretching?
a. To reduce the length of the key.
b. To speed up the encryption and decryption process.
c. To make brute force attacks more computationally intensive.
d. To obfuscate the key using steganography.
To make brute force attacks more computationally intensive.
Key stretching involves applying a hash function repeatedly to a password, making it more computationally intensive for an attacker to brute force the password.
What is the main purpose of a Certificate Authority (CA)?
a. To manage cryptographic keys.
b. To issue, renew, and revoke digital certificates.
c. To obfuscate data using steganography.
d. To generate certificate signing requests (CSRs).
To issue, renew, and revoke digital certificates.
A Certificate Authority (CA) is a trusted entity that issues, renews, and revokes digital certificates, which establish a chain of trust, allowing the users to verify unknown public keys are legitimate.
What does the term ‘ownership’ refer to in the context of change management?
a. The person or group responsible for testing the change.
b. The person or group responsible for approving the change.
c. The person or group who will be affected by the change.
d. The person or group responsible for implementing and managing the change.
The person or group responsible for implementing and managing the change.
‘Ownership’ in the context of change management refers to the person or group responsible for implementing and managing the change. They are accountable for the success of the change.
Which of the following is a technique used for obfuscating data?
a. Key stretching
b. Steganography
c. Salting
d. Digital signatures
Steganography
Steganography is a technique used for obfuscating data by hiding it within other data.
What is the primary purpose of a maintenance window in the change management process?
a. To analyze the impact of the change on the organization.
b. To schedule a specific time frame for performing maintenance or changes to the IT systems.
c. To document the approval process of the change.
d. To define the steps to revert to the original state if the change is unsuccessful.
To schedule a specific time frame for performing maintenance or changes to the IT systems.
A maintenance window is a scheduled period during which changes such as updates, patches, or installations can be made to the IT systems with minimal impact on the organization’s operations.
What is the purpose of key escrow in public key infrastructure (PKI)?
a. To generate certificate signing requests (CSRs).
b. To revoke digital certificates.
c. To securely store a copy of cryptographic keys.
d. To obfuscate data using steganography.
To securely store a copy of cryptographic keys.
Key escrow is the process of storing a copy of cryptographic keys in a secure location, typically managed by a trusted third party, to ensure that the keys can be recovered if necessary.
What is the primary purpose of a certificate signing request (CSR)?
a. To revoke a digital certificate.
b. To request a digital certificate from a certificate authority (CA).
c. To securely store a copy of cryptographic keys.
d. To verify the integrity and authenticity of a digital message.
To request a digital certificate from a certificate authority (CA).
A certificate signing request (CSR) is a message sent from an applicant to a certificate authority (CA) to apply for a digital certificate. It usually contains the public key and some personal identity information.
What is the primary purpose of tokenization in cryptographic solutions?
a. To increase the computational effort required to brute force a password.
b. To hide data within other data.
c. To establish a chain of trust to verify unknown public keys.
d. To replace sensitive data with non-sensitive placeholders.
To replace sensitive data with non-sensitive placeholders.
Tokenization is the process of replacing sensitive data with non-sensitive placeholders, called tokens, to reduce the risk of data breaches.
Which of the following is a characteristic of asymmetric encryption?
a. It is faster than symmetric encryption.
b. It uses a pair of keys: a public key and a private key.
c. The same key is used for both encryption and decryption.
d. It is less secure than symmetric encryption.
It uses a pair of keys: a public key and a private key.
Asymmetric encryption uses a pair of keys: a public key (which can be shared publicly) and a private key (which is kept secret by the owner).
In the context of change management, what is the significance of a stakeholder analysis?
a. To document the version control of the change.
b. To identify and analyze the impact of the change on various stakeholders.
c. To define the steps to revert to the original state if the change is unsuccessful.
d. To schedule a specific time frame for performing maintenance or changes to the IT systems.
To identify and analyze the impact of the change on various stakeholders.
Stakeholder analysis is a process that involves identifying and analyzing the impact of the change on various stakeholders. It helps in understanding the stakeholders’ interests, expectations, and potential resistance.
What is the primary purpose of digital signatures?
a. To verify the integrity and authenticity of a digital message or document.
b. To encrypt data for secure transmission.
c. To check the revocation status of digital certificates in real-time.
d. To replace sensitive data with non-sensitive placeholders.
To verify the integrity and authenticity of a digital message or document.
Digital signatures are used to verify the integrity and authenticity of a digital message or document. It ensures that the message or document has not been altered and was actually sent by the person claiming to send it.