Domain 5 - Cryptography

Question 1

7. Which is true about DES?

a. It is based upon public key cryptography
b. It uses stream ciphers
c. It was developed by the Department of Defense
d. It uses private key cryptography

Answer 1

Explanation: Answer d is the correct answer. Answer a is incorrect because it is the complete opposite of the correct answer. Answer b is incorrect because DES is a block cipher. Answer c is incorrect because DES was developed by IBM.

Question 2

40. In relationship to cryptography “work factor” is a term that can be defined as:

a. The amount of time it takes an encryption algorithm to encrypt the data
b. The amount of time it takes an encryption algorithm to decrypt the data
c. The amount of effort it takes to defeat an encryption scheme
d. The amount of processing power necessary to create a public/private key pair

Answer 2

Explanation: Answer c is correct. Work factor has to do with the amount of effort and not just the length of time it takes a CPU to process something. Answers a, b and d are all incorrect because they all deal with encryption taking place and not the process of defeating encryption.

Question 3

49. The IPSEC standard includes a specification for which of the following security components?

a. Authentication headers
b. Support for non-IP protocols
c. High availability
d. Message playback

Answer 3

Explanation: Answer a is the correct answer. Answer b is incorrect because IPSEC does not support non-IP protocols. Answer c is incorrect because encryption mechanisms do not often have high availability options due to security complications. Answer d is incorrect because encryption standards help to eliminate message playback.

Question 4

51. In an IPSEC packet what is the goal of an authentication header?

a. To provide integrity and authentication
b. To provide confidentiality and availability
c. To provide advanced routing features
d. To provide the decrypting device with information on what the encrypting protocol used

Answer 4

Explanation: Answer a is the correct answer. Answer b is incorrect because encryption does not concern itself with availability. Answer c is incorrect because IPSEC does not include advance routing features in the standard. Answer d is incorrect because the security association contains that information.

Question 5

69. Which is not a component of public key infrastructure?

a. Certificate authority
b. Symmetric encryption
c. Digital certificates
d. Certificate revocation

Answer 5

Explanation: Answer b is correct public key infrastructure uses asymmetric encryption. Answers a, c, and d are all components of public key infrastructure.

Question 6

83. What application does PGP help protect?

a. Email
b. Web browsing
c. File transfers (FTP)
d. Telnet

Answer 6

Explanation: Answer a is correct. Answer b is incorrect because SSL encrypts web traffic. Answer c is incorrect because FTP encryption takes place inside an encrypted tunnel, not with an application. Answer d is incorrect SSH replace telnet and adds encryption.

Question 7

88. Cryptography addresses which of the following security issues?
    a. Confidentiality and availability
    b. Integrity and availability
    c. Fault tolerance and integrity
    d. Confidentiality and integrity

Answer 7

Explanation: Answer d is correct. Answers a, b and c are all incorrect because they contain availability or fault tolerance.

Question 8

95. SHA1 and MD5 are two examples of what?

a. Key exchange mechanisms
b. Hashing algorithms
c. Certificates authorities
d. Symmetric encryption algorithms

Answer 8

Explanation: Answer b is the correct answer. Answer a is incorrect because common key exchange mechanisms are private or public key distribution. Answer c is incorrect because certificate authorities are a component of the key exchange for public key cryptography. Answer d is incorrect because it is too large in focus.

Question 9

98. Which term relates to a cryptographic key exchange?

a. Diffie-Hellman
b. Cipher block chaining
c. Elliptical curve cryptography
d. Steam cipher encryption

Answer 9

Explanation: Answer a is correct. Answer b is incorrect because it is a term that relates to how an algorithm encrypts chunks of data. Answer c is incorrect because it deals with how an asymmetric algorithm uses discrete logarithms to encrypt the data. Answer d is incorrect because it is the opposite to answer b which is also wrong.

Question 10

102. Digital certificates are based on what international standard?

a. X.25
b. X.400
c. 802.3
d. X.509

Answer 10

Explanation: Answer d is the correct answer. Answer a is incorrect because X.25 is a WAN protocol. Answer b is incorrect because X.400 is a email directory database standard. Answer c is incorrect because 802.3 is an IPX standard.

Question 11

121. The concept of non-repudiation means that:

a. The sender can verify that the receiver read the message
b. The receiver can prove the sender sent the message
c. The sender can verify the receivers private key
d. The receiver can verify the certificate authority has not been compromised

Answer 11

Explanation: Answer b is the correct answer. Answer a is incorrect because it is a feature of an email client and not encryption. Answer c is incorrect because private keys are not sent out in encryption. Answer d is incorrect because there is no mechanism in any standard to ensure a secure certificate authority.

Question 12

126. What is the definition of cryptography?

a. The art or science of secret writing
b. The practice of defeating attempts to hide information
c. The study of secret writing and defeating the science of secret writing
d. The exchange of information securely over a local area network

Answer 12

Explanation: Answer a is correct. Answer b is incorrect because it is the definition of cryptanalysis. Answer c is incorrect because it is the definition of cryptology. Answer d is incorrect because cryptography is not restricted to a local area network

Question 13

128. What is a drawback to using authentication headers?

a. Single factor authentication
b. Increased packet size
c. Authentication headers are proprietary
d. Only 56-bit encryption algorithms support authentication headers

Answer 13

Explanation: Answer b is the correct answer. Answer a is incorrect because single factor authentication is a password for access control. Answer c is incorrect because authentication headers are written into the IPSEC standard. Answer d is incorrect because many protocols specified in the IPSEC standard can use authentication headers.

Question 14

129. What does the acronym DES represent?

a. Dual Encryption Standard
b. Data Encryption Standard
c. Data Encryption Scheme
d. Dual Encryption Scheme

Answer 14

Explanation: Answer b is the correct answer, and is taken from Fites & Kratz. While answers a,c, and d all look correct on first glance they all have a misrepresented word.

Question 15

153. What is the definition of cryptanalysis?

a. The art or science of secret writing
b. The practice of defeating attempts to hide information
c. The study of secret writing and defeating the science of secret writing
d. The exchange of information securely over a local area network

Answer 15

Explanation: Answer b is the correct answer. Answer a is the definition of cryptography. Answer c is incorrect because it is the definition of cryptanalysis. Answer d is incorrect because local are networking is never a restriction on cryptography.

Question 16

154. What is the greatest challenge to the security of private key cryptographic systems?

a. Keeping the key secure
b. Authenticating the user
c. Export restrictions
d. The security of the certificate authority

Answer 16

Explanation: Answer a is the correct answer, and is taken from Fites & Kratz. Answer b is incorrect because no user authentication is required for symmetric encryption. Answer c is incorrect because export restrictions have been relaxed, and the restriction was based on key length, not if the encryption used private or public key. Answer d is incorrect because a certificate authority is used in public key encryption not private key.

Question 17

156. What is an advantage to using 3-DES over DES?

a. 3-DES supports digital signatures and DES does not
b. IPSEC standards allow the use of 3-DES only
c. 3-DES is standards based, and DES is proprietary
d. 3-DES is based on a longer encryption key than DES

Answer 17

Explanation: Answer d is correct. Answer a is incorrect because DES supports digital signatures. Answer b and c are incorrect because IPSEC is specifies that any encryptions algorithm can be used, but DES is mentioned by name.

Question 18

167. What makes up a security association?

a. The security parameter index and the source address
b. The security parameter index the MD5 hash
c. The MD5 hash and the source address
d. The security parameter index and the destination address

Answer 18

Explanation: Answer d is the correct answer. Answer a is incorrect because the source address is not included in the security association. Answer b and c are incorrect because they both contain the MD5 hash.

Question 19

169. In public key cryptography which key does the sender use to encrypt the data?

a. Senders public key
b. Senders private key
c. Recipients public key
d. Recipients private key

Answer 19

Explanation: Answer a is correct. Answer b is incorrect because the sender’s private key generates the public key, but does not encrypt messages. Answer c is incorrect because the recipient’s public key would be used when he encrypts the message. Answer d is incorrect because it is the key used to decrypt the data.

Question 20

201. What is the definition of cryptology?

a. The art or science of secret writing
b. The practice of defeating attempts to hide information
c. The study of secret writing and defeating the science of secret writing
d. The exchange of information securely over a local area network

Answer 20

Explanation: Answer c is the correct answer. Answer a is incorrect because it is the definition of cryptography. Answer b is incorrect because it is the definition of cryptanalysis. Answer d is incorrect because a local area network is not necessary for crypto-anything.

Question 21

215. Which algorithms does PGP support?

a. DES and ElGamal
b. IDEA and DES
c. DES and PPTP
d. PPTP and IDEA

Answer 21

Explanation: Answer b is correct. Answer c and d are wrong because PPTP is an older version of encryption developed by Microsoft. Answer a is incorrect because PGP does not support ElGamal.

Question 22

220. In public key cryptography which key does the recipient use to decrypt the data?

a. Senders public key
b. Senders private key
c. Recipients public key
d. Recipients private key

Answer 22

Explanation: Answer d is correct. Answer a is incorrect because it is the key used to encrypt the data. Answer b is incorrect because it will generate the sender’s public key which is used to encrypt the data. Answer c is incorrect because it is the key used when the recipient sends an encrypted message.

Question 23

233. Manual key exchanges use which of the following mechanisms:

a. PKI
b. Kerberos
c. Shared secrets
d. Diffie-Hellman

Answer 23

Explanation: Answer c is correct. Answer a, b and d are all incorrect because they are all functions of asymmetric encryption.

Question 24

242. What does the acronym ESP represent?

a. Encrypted secure packet
b. Encrypted secure payload
c. Encapsulated secure packet
d. Encapsulated secure payload

Answer 24

Explanation: Answer d is the correct answer. While answer a, b and c all look correct on first glance they all have a misrepresented word.

Question 25

243. In what field of an IPSEC packet might you find the MD5 message digest?

a. In the data field
b. In the encapsulated secure payload
c. In the authentication header
d. In the destination field

Answer 25

Explanation: Answer c is the correct answer. Answer a, b and c are incorrect because they all have other packet information and not the MD5 message digest.