Domain 5 - Cryptography Flashcards

1
Q

Which is true about DES?

a. It is based upon public key cryptography
b. It uses stream ciphers
c. It was developed by the Department of Defense
d. It uses private key cryptography

A

d. It uses private key cryptography

Answer a is incorrect because it is the complete opposite of the correct answer. Answer b is incorrect because DES is a block cipher. Answer c is incorrect because DES was developed by IBM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In relationship to cryptography “work factor” is a term that can be defined as:

a. The amount of time it takes an encryption algorithm to encrypt the data
b. The amount of time it takes an encryption algorithm to decrypt the data
c. The amount of effort it takes to defeat an encryption scheme
d. The amount of processing power necessary to create a public/private key pair

A

c. The amount of effort it takes to defeat an encryption scheme

Answer c is correct. Work factor has to do with the amount of effort and not just the length of time it takes a CPU to process something. Answers a, b and d are all incorrect because they all deal with encryption taking place and not the process of defeating encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The IPSEC standard includes a specification for which of the following security components?

a. Authentication headers
b. Support for non-IP protocols
c. High availability
d. Message playback

A

a. Authentication headers

Answer a is the correct answer. Answer b is incorrect because IPSEC does not support non-IP protocols. Answer c is incorrect because encryption mechanisms do not often have high availability options due to security complications. Answer d is incorrect because encryption standards help to eliminate message playback.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In an IPSEC packet what is the goal of an authentication header?

a. To provide integrity and authentication
b. To provide confidentiality and availability
c. To provide advanced routing features
d. To provide the decrypting device with information on what the encrypting protocol used

A

a. To provide integrity and authentication

Answer a is the correct answer. Answer b is incorrect because encryption does not concern itself with availability. Answer c is incorrect because IPSEC does not include advance routing features in the standard. Answer d is incorrect because the security association contains that information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which is not a component of public key infrastructure?

a. Certificate authority
b. Symmetric encryption
c. Digital certificates
d. Certificate revocation

A

b. Symmetric encryption

Answer b is correct public key infrastructure uses asymmetric encryption. Answers a, c, and d are all components of public key infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What application does PGP help protect?

a. Email
b. Web browsing
c. File transfers (FTP)
d. Telnet

A

a. Email

Answer a is correct. Answer b is incorrect because SSL encrypts web traffic. Answer c is incorrect because FTP encryption takes place inside an encrypted tunnel, not with an application. Answer d is incorrect SSH replace telnet and adds encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cryptography addresses which of the following security issues?

a. Confidentiality and availability
b. Integrity and availability
c. Fault tolerance and integrity
d. Confidentiality and integrity

A

d. Confidentiality and integrity

Answer d is correct.

Answers a, b and c are all incorrect because they contain availability or fault tolerance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SHA1 and MD5 are two examples of what?

a. Key exchange mechanisms
b. Hashing algorithms
c. Certificates authorities
d. Symmetric encryption algorithms

A

b. Hashing algorithms

Answer b is the correct answer. Answer a is incorrect because common key exchange mechanisms are private or public key distribution. Answer c is incorrect because certificate authorities are a component of the key exchange for public key cryptography. Answer d is incorrect because it is too large in focus.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which term relates to a cryptographic key exchange?

a. Diffie-Hellman
b. Cipher block chaining
c. Elliptical curve cryptography
d. Steam cipher encryption

A

a. Diffie-Hellman

Answer a is correct. Answer b is incorrect because it is a term that relates to how an algorithm encrypts chunks of data. Answer c is incorrect because it deals with how an asymmetric algorithm uses discrete logarithms to encrypt the data. Answer d is incorrect because it is the opposite to answer b which is also wrong.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Digital certificates are based on what international standard?

a. X.25
b. X.400
c. 802.3
d. X.509

A

d. X.509

Answer d is the correct answer. Answer a is incorrect because X.25 is a WAN protocol. Answer b is incorrect because X.400 is a email directory database standard. Answer c is incorrect because 802.3 is an IPX standard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The concept of non-repudiation means that:

a. The sender can verify that the receiver read the message
b. The receiver can prove the sender sent the message
c. The sender can verify the receivers private key
d. The receiver can verify the certificate authority has not been compromised

A

b. The receiver can prove the sender sent the message

Answer b is the correct answer. Answer a is incorrect because it is a feature of an email client and not encryption. Answer c is incorrect because private keys are not sent out in encryption. Answer d is incorrect because there is no mechanism in any standard to ensure a secure certificate authority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the definition of cryptography?

a. The art or science of secret writing
b. The practice of defeating attempts to hide information
c. The study of secret writing and defeating the science of secret writing
d. The exchange of information securely over a local area network

A

a. The art or science of secret writing

Answer a is correct. Answer b is incorrect because it is the definition of cryptanalysis. Answer c is incorrect because it is the definition of cryptology. Answer d is incorrect because cryptography is not restricted to a local area network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a drawback to using authentication headers?

a. Single factor authentication
b. Increased packet size
c. Authentication headers are proprietary
d. Only 56-bit encryption algorithms support authentication headers

A

b. Increased packet size

Answer b is the correct answer. Answer a is incorrect because single factor authentication is a password for access control. Answer c is incorrect because authentication headers are written into the IPSEC standard. Answer d is incorrect because many protocols specified in the IPSEC standard can use authentication headers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the acronym DES represent?

a. Dual Encryption Standard
b. Data Encryption Standard
c. Data Encryption Scheme
d. Dual Encryption Scheme

A

b. Data Encryption Standard

Answer b is the correct answer, and is taken from Fites & Kratz. While answers a,c, and d all look correct on first glance they all have a misrepresented word.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the definition of cryptanalysis?

a. The art or science of secret writing
b. The practice of defeating attempts to hide information
c. The study of secret writing and defeating the science of secret writing
d. The exchange of information securely over a local area network

A

b. The practice of defeating attempts to hide information

Answer b is the correct answer. Answer a is the definition of cryptography. Answer c is incorrect because it is the definition of cryptanalysis. Answer d is incorrect because local are networking is never a restriction on cryptography.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the greatest challenge to the security of private key cryptographic systems?

a. Keeping the key secure
b. Authenticating the user
c. Export restrictions
d. The security of the certificate authority

A

a. Keeping the key secure

Answer a is the correct answer, and is taken from Fites & Kratz. Answer b is incorrect because no user authentication is required for symmetric encryption. Answer c is incorrect because export restrictions have been relaxed, and the restriction was based on key length, not if the encryption used private or public key. Answer d is incorrect because a certificate authority is used in public key encryption not private key.

17
Q

What is an advantage to using 3-DES over DES?

a. 3-DES supports digital signatures and DES does not
b. IPSEC standards allow the use of 3-DES only
c. 3-DES is standards based, and DES is proprietary
d. 3-DES is based on a longer encryption key than DES

A

d. 3-DES is based on a longer encryption key than DES

Answer d is correct. Answer a is incorrect because DES supports digital signatures. Answer b and c are incorrect because IPSEC is specifies that any encryptions algorithm can be used, but DES is mentioned by name.

18
Q

What makes up a security association?

a. The security parameter index and the source address
b. The security parameter index the MD5 hash
c. The MD5 hash and the source address
d. The security parameter index and the destination address

A

d. The security parameter index and the destination address

Answer d is the correct answer. Answer a is incorrect because the source address is not included in the security association. Answer b and c are incorrect because they both contain the MD5 hash.

19
Q

In public key cryptography which key does the sender use to encrypt the data?

a. Senders public key
b. Senders private key
c. Recipients public key
d. Recipients private key

A

a. Senders public key

Answer a is correct. Answer b is incorrect because the sender’s private key generates the public key, but does not encrypt messages. Answer c is incorrect because the recipient’s public key would be used when he encrypts the message. Answer d is incorrect because it is the key used to decrypt the data.

20
Q

What is the definition of cryptology?

a. The art or science of secret writing
b. The practice of defeating attempts to hide information
c. The study of secret writing and defeating the science of secret writing
d. The exchange of information securely over a local area network

A

c. The study of secret writing and defeating the science of secret writing

Answer c is the correct answer. Answer a is incorrect because it is the definition of cryptography. Answer b is incorrect because it is the definition of cryptanalysis. Answer d is incorrect because a local area network is not necessary for crypto-anything.

21
Q

Which algorithms does PGP support?

a. DES and ElGamal
b. IDEA and DES
c. DES and PPTP
d. PPTP and IDEA

A

b. IDEA and DES

Answer b is correct. Answer c and d are wrong because PPTP is an older version of encryption developed by Microsoft. Answer a is incorrect because PGP does not support ElGamal.

22
Q

In public key cryptography which key does the recipient use to decrypt the data?

a. Senders public key
b. Senders private key
c. Recipients public key
d. Recipients private key

A

d. Recipients private key

Answer d is correct. Answer a is incorrect because it is the key used to encrypt the data. Answer b is incorrect because it will generate the sender’s public key which is used to encrypt the data. Answer c is incorrect because it is the key used when the recipient sends an encrypted message.

23
Q

Manual key exchanges use which of the following mechanisms:

a. PKI
b. Kerberos
c. Shared secrets
d. Diffie-Hellman

A

c. Shared secrets

Answer c is correct. Answer a, b and d are all incorrect because they are all functions of asymmetric encryption.

24
Q

What does the acronym ESP represent?

a. Encrypted secure packet
b. Encrypted secure payload
c. Encapsulated secure packet
d. Encapsulated secure payload

A

d. Encapsulated secure payload

Answer d is the correct answer. While answer a, b and c all look correct on first glance they all have a misrepresented word.

25
Q

In what field of an IPSEC packet might you find the MD5 message digest?

a. In the data field
b. In the encapsulated secure payload
c. In the authentication header
d. In the destination field

A

c. In the authentication header

Answer c is the correct answer. Answer a, b and c are incorrect because they all have other packet information and not the MD5 message digest.

26
Q

In any given scenario, when objective is to ensure ‘confidentiality’,

A

message has to be encrypted using receiver’s public key.

27
Q

In any given scenario, when objective is to ensure ‘authentication’,

A

HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest.

28
Q

In any given scenario, when objective is to ensure ‘integrity’,

A

HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest.

29
Q

In any given scenario, when objective is to ensure ‘confidentiality & authentication’, following treatment is required:

A
  • Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation)
  • Message to be encrypted using receiver’s public key (to ensure confidentiality)
30
Q

In any given scenario, when objective is to ensure ‘confidentiality & authentication & integrity’, following treatment is required:

A
  • Message to be encrypted using receiver’s public key (to ensure confidentiality)
  • Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation and integrity)