Domain 3

Question 1

_____, are always meant to hide the true meaning of a message.

Answer 1

Cyphers

Question 2

Cryptographic systems of symbols that operate on words or phrases and are sometimes secret but don’t always provide confidentiality

Answer 2

Code

Question 3

is a symmetric key cipher where plaintext digits are combined wit pseudorandom cipher digit stream(keystream). In a _____ _____, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the cipher text stream.

Answer 3

Stream Cypher

Question 4

is a method of encrypting text (to produce ciphe rtext) in which a cryptographic key and algorithm are applied to a block of data(for example, 64 contiguous bits) at once as a group rather than to one bit at a time

Answer 4

Block Cypher

Question 5

is a method of encrypting in which units of plaintext are replaced with the ciphertext, in a defined manner, with the help of a key; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth.

Answer 5

Substitution

Question 6

uses an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message.

Answer 6

Transposition

Question 7

is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. ___ are used to create a unique cipher text every time the same message is encrypted with the same key.

Answer 7

Initialization Vector (IV)

Question 8

This stream cypher uses a key of length one

Answer 8

Ceasar

Question 9

This stream cypher uses a longer key (Usually a word or sentence)

Answer 9

Vigenere

Question 10

This stream cypher uses a key that is as long as the message itself

Answer 10

One-time pad

Question 11

One Time Pad Success Factors (4)

Answer 11

The key must be generated randomly without any known pattern.
At least as long as the message to be encrypted.
The pads must be protected against physical disclosure
Each pad must be used only one time and then discarded

Question 12

____________ is a communication concept. A specific type of information is exchanged, but no real data is transferred, as with digital signatures and digital certificates.

Answer 12

Zero-knowledge proof

Question 13

A concept that enabled one to prove knowledge of a fact to another individual without revealing the fact it itself.

Answer 13

Zero-knowledge proof

Question 14

Which concept ensures that no single person has sufficient privileges to compromise the security of the environment

Answer 14

Split knowledge

Question 15

_____ ______ means that the information or privilege required to perform an operation is divided among multiple users.

Answer 15

Split knowledge

Question 16

is a way to measure the strength of a cryptography system by measuring the effort in terms of cost and/ or time to decrypt messages.

Also know as the time and effort required to break a protective measure

Answer 16

Work function or work factor

Question 17

Modern cryptosystems utilize keys that are at least ____ bits long to provide adequate security

Answer 17

128

Question 18

Relies on the use of a shared secret key. Lacks support for scalability, easy key distribution, and nonrepudiation

Answer 18

Symmetric Encryption

Question 19

Public-private key pairs for communication between parties. Supports scalability, easy key distribution, and nonrepudiation

Answer 19

Asymmetric Encryption

Question 20

Which DES or 3DES mode is the Simplest & least secure mode. Processes 64-bit blocks, encrypts block with the chosen key. If same block encountered multiple times, same encrypted block is produced, making it easy to break

Answer 20

Electronic Codebook Mode (ECB)

Question 21

Using this DES or 3DES mode, Each block of unencrypted text is XORed with the block of ciphertext immediately preceding. Decryption process simply decrypts ciphertext and reverses the XOR operation.

Answer 21

Cipher Block Chaining (CBC)

Question 22

This DES or 3DES mode is the streaming version of CBC. Works on data in real time, using memory buffers of same block size. When buffer is full, data is encrypted and transmitted. Uses chaining, so errors propagate.

Answer 22

Cipher Feedback (CFB)

Question 23

This DES or 3DES mode operates similar to CFB, but XORs the plain text with a seed value. No chaining function, so errors do not propagate.

Answer 23

Output Feeback (OFB)

Question 24

This DES or 3DES mode uses an incrementing counter instead of a seed. Errors do not propagate.

Answer 24

Counter (CTR)

Question 25

A Weakness in cryptography where a plain-text message generates identical ciphertext messages using the same algorithm but using different keys.

Answer 25

Key Clustering

Question 26

Good hash functions have five requirements:

Answer 26

1. They must allow input of any length.
2. Provide fixed-length output.
3. Make it relatively easy to compute the hash function for any input.
4. Provide one-way functionality.
5. Must be collision free.

Question 27

Adding salts to the passwords before hashing them reduces the effectiveness of _____ _____ attacks.

Answer 27

Rainbow tables

Question 28

Digital Signature standards or DSS work in conjuction with which 3 encryption algorithms ?

Answer 28

Digital Signature ALgorithm (DSA)
Rivest Shamir ALderman (RSA)
Elliptic curve DSA (ECDSA)

Question 29

Certificate authorities (CAs) generate digital certificates containing the public keys of system users.

Users then distribute certificates to people with whom they want to communicate.

Certificate recipients verify a certificate using the ___ _____ ____.

Answer 29

CA’s public key

Question 30

Which IPSEC mode encrypts the whole packet?

Answer 30

Tunnel mode

Question 31

Protocols used by IPSEC

Answer 31

Authentication Header (AH) and Encapsulating Security Payload (ESP)

Question 32

Which type of cryptographic attack attempts to randomly find the correct cryptographic key. Known plaintext, chosen ciphertext, and chosen plaintext attacks require the attacker to have some extra information in addition to the ciphertext.

Answer 32

Brute-force attack

Question 33

____________ attack exploits protocols that use two rounds of encryption.

Answer 33

Meet in the middle attack

Question 34

__________ attack fools both parties into communicating with the attacker instead of directly with each other

Answer 34

Man in the middle attack

Question 35

__________ attack is an attempt to find collisions in hash functions.

Answer 35

Birthday attack

Question 36

_________ attack is an attempt to reuse authentication requests.

Answer 36

Replay

Question 37

Which symmetric algorithms have a 128 bit block size

Answer 37

AES, RC5, Two Fish

Question 38

Which symmetric algorithm is a stream cypher

Answer 38

RC4

Question 39

Which algorithms have a 64 bit block size?

Answer 39

Blowfish, DES, 3DES, IDEA, RC2, RC5, Skypjack

Question 40

Key Size(s) of AES

Answer 40

128, 192, 256

Question 41

Key Size(s) of Blowfish

Answer 41

32-448 key bit

Question 42

Key Size of DES

Answer 42

56 bit

Question 43

Key size of 3DES

Answer 43

112 or 168 bit

Question 44

Key size of IDEA, RC2 and RC4

Answer 44

128 bit

Question 45

Key size of RC5

Answer 45

0-2040 bit

Question 46

Key size of Twofish

Answer 46

1-256 bit

Question 47

Which hash algorithm has a variable hash value length?

Answer 47

HMAC

Question 48

What is are the possible hash value length of HAVAL hash algorithm?

Answer 48

128, 160, 192, 224, 256

Question 49

What is the hash value length of MD2, MD4, and MD5

Answer 49

128

Question 50

SHA-1 Hash value length

Answer 50

160

Question 51

What are the possible hash value length of SHA-2?

Answer 51

224, 256, 384, 512

Question 52

is the most famous public key cryptosystem; it was developed by ________ in 1977. It depends on the difficulty of factoring the product of prime numbers.

Answer 52

RSA

Question 53

is an extension of the Diffie-Hellman key exchange algorithm that depends on modular arithmetic.

Answer 53

El Gamal

Question 54

Algorithm depends on the ______ _____ discrete logarithm problem and provides more security than other algorithms when both are used with keys of the same length.

Answer 54

Elliptic curve

Question 55

Digital Signatures Rely on public key cryptography and hashing functions. DS algorithms suitable for use in FIPS 186-4 (the Digital Signature Standard) must use ____ hashing functions

Answer 55

SHA-2

Question 56

What are the 3 approved digital signature encryption algorithms?

Answer 56

DSA, RSA and Elliptic Curve DSA (ECDSA)

Question 57

Rank the following algorithms in terms of strength: El Gamal, Diffie-Hellman, ECC and RSA

Answer 57

Diffie Hellman, RSA, El Gamal, ECC

Question 58

This asymmetric algorithm replaced Diffie Hellman

Answer 58

El Gamal

Question 59

Security models focused on integrity

Answer 59

Biba
Clark-Wilson (Access control triple)
Goguen- Meseguer (Non interference model)
Sutherland (Preventing interference)

Question 60

Security models focused on confidentiality

Answer 60

Bell-Lapadula (no read up no write down)
Brewer and Nash (aka chinese wall)
Take Grant

Question 61

Which security model uses a lattice

Answer 61

Biba Model

Question 62

Which security model is used by the government?

Answer 62

Bell-Lapadula

Question 63

Which model is “No read up, no write down”

Answer 63

Bell Lapadula

Question 64

What property describes “ no read up”?

Answer 64

Simple security property

Question 65

What property describes “ no write down” ?

Answer 65

Star * security property

Question 66

What property describes “ no read down”?

Answer 66

Simple integrity property

Question 67

What property describes “ no write up” ?

Answer 67

star * integrity property

Question 68

also called the”Chinese Wall model”. It was developed to prevent conflict of interest (COI) problems.(confidentiality-based)

Answer 68

Brewer and Nash Model

Question 69

another confidentiality-based model that supports four basic operations: take, grant, create, and revoke.

Answer 69

Take Grant Model

Question 70

This model uses a formal set of protection rules for which each object has an owner and a controller. It is focused on the secure creation and deletion of both subjects and objects. A collection of eight primary protection rules or actions that define the boundaries of certain secure actions.

Answer 70

Graham-Denning

Question 71

What is Zachman an example of?

Answer 71

Enterprise security model

Question 72

What is Sabsa an example of?

Answer 72

Enterprise security model

Question 73

What is TOGAF an example of?

Answer 73

Enterprise security model

Question 74

What security includes confidentiality and integrity?

Answer 74

Lipner security model

Question 75

Defines 3 goals of integrity? Access Triple

Answer 75

Clark-Wilson

Question 76

What is NIST 800-53?

Answer 76

Security and privacy controls us federal agencies

Question 77

What is COSO primarily focused on?

Answer 77

Financial Controls

Question 78

What is NIST 800-37?

Answer 78

Risk Management Framework

Question 79

What is knows as the Orange Book?

Answer 79

TCSEC

Question 80

Which level of the Common Criteria is

“Formally verified, designed and tested”

Answer 80

EAL7

Question 81

Which level of the Common Criteria is

“Functionality tested”

Answer 81

EAL1

Question 82

Which level of the Common Criteria is

“Structurally tested”

Answer 82

EAL2

Question 83

Which level of the Common Criteria is

“Methodically tested and checked”

Answer 83

EAL3

Question 84

Which level of the Common Criteria is

“Methodically designed, tested and reviewed”

Answer 84

EAL4

Question 85

Which level of the Common Criteria is

“Semi formally designed and tested”

Answer 85

EAL5

Question 86

Which level of the Common Criteria is

“Semi formally verified, designed and tested”

Answer 86

EAL6

Question 87

Which level of the Common Criteria is

“Formally verified, designed and tested”

Answer 87

EAL7

Question 88

What design principle is the combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy

Answer 88

TCB (Trusted Computing Base)