Domain 5 - Cryptography Flashcards
- Which is true about DES?
a. It is based upon public key cryptography
b. It uses stream ciphers
c. It was developed by the Department of Defense
d. It uses private key cryptography
Explanation: Answer d is the correct answer. Answer a is incorrect because it is the complete opposite of the correct answer. Answer b is incorrect because DES is a block cipher. Answer c is incorrect because DES was developed by IBM.
- In relationship to cryptography “work factor” is a term that can be defined as:
a. The amount of time it takes an encryption algorithm to encrypt the data
b. The amount of time it takes an encryption algorithm to decrypt the data
c. The amount of effort it takes to defeat an encryption scheme
d. The amount of processing power necessary to create a public/private key pair
Explanation: Answer c is correct. Work factor has to do with the amount of effort and not just the length of time it takes a CPU to process something. Answers a, b and d are all incorrect because they all deal with encryption taking place and not the process of defeating encryption.
- The IPSEC standard includes a specification for which of the following security components?
a. Authentication headers
b. Support for non-IP protocols
c. High availability
d. Message playback
Explanation: Answer a is the correct answer. Answer b is incorrect because IPSEC does not support non-IP protocols. Answer c is incorrect because encryption mechanisms do not often have high availability options due to security complications. Answer d is incorrect because encryption standards help to eliminate message playback.
- In an IPSEC packet what is the goal of an authentication header?
a. To provide integrity and authentication
b. To provide confidentiality and availability
c. To provide advanced routing features
d. To provide the decrypting device with information on what the encrypting protocol used
Explanation: Answer a is the correct answer. Answer b is incorrect because encryption does not concern itself with availability. Answer c is incorrect because IPSEC does not include advance routing features in the standard. Answer d is incorrect because the security association contains that information.
- Which is not a component of public key infrastructure?
a. Certificate authority
b. Symmetric encryption
c. Digital certificates
d. Certificate revocation
Explanation: Answer b is correct public key infrastructure uses asymmetric encryption. Answers a, c, and d are all components of public key infrastructure.
- What application does PGP help protect?
a. Email
b. Web browsing
c. File transfers (FTP)
d. Telnet
Explanation: Answer a is correct. Answer b is incorrect because SSL encrypts web traffic. Answer c is incorrect because FTP encryption takes place inside an encrypted tunnel, not with an application. Answer d is incorrect SSH replace telnet and adds encryption.
- Cryptography addresses which of the following security issues?
a. Confidentiality and availability
b. Integrity and availability
c. Fault tolerance and integrity
d. Confidentiality and integrity
Explanation: Answer d is correct. Answers a, b and c are all incorrect because they contain availability or fault tolerance.
- SHA1 and MD5 are two examples of what?
a. Key exchange mechanisms
b. Hashing algorithms
c. Certificates authorities
d. Symmetric encryption algorithms
Explanation: Answer b is the correct answer. Answer a is incorrect because common key exchange mechanisms are private or public key distribution. Answer c is incorrect because certificate authorities are a component of the key exchange for public key cryptography. Answer d is incorrect because it is too large in focus.
- Which term relates to a cryptographic key exchange?
a. Diffie-Hellman
b. Cipher block chaining
c. Elliptical curve cryptography
d. Steam cipher encryption
Explanation: Answer a is correct. Answer b is incorrect because it is a term that relates to how an algorithm encrypts chunks of data. Answer c is incorrect because it deals with how an asymmetric algorithm uses discrete logarithms to encrypt the data. Answer d is incorrect because it is the opposite to answer b which is also wrong.
- Digital certificates are based on what international standard?
a. X.25
b. X.400
c. 802.3
d. X.509
Explanation: Answer d is the correct answer. Answer a is incorrect because X.25 is a WAN protocol. Answer b is incorrect because X.400 is a email directory database standard. Answer c is incorrect because 802.3 is an IPX standard.
- The concept of non-repudiation means that:
a. The sender can verify that the receiver read the message
b. The receiver can prove the sender sent the message
c. The sender can verify the receivers private key
d. The receiver can verify the certificate authority has not been compromised
Explanation: Answer b is the correct answer. Answer a is incorrect because it is a feature of an email client and not encryption. Answer c is incorrect because private keys are not sent out in encryption. Answer d is incorrect because there is no mechanism in any standard to ensure a secure certificate authority.
- What is the definition of cryptography?
a. The art or science of secret writing
b. The practice of defeating attempts to hide information
c. The study of secret writing and defeating the science of secret writing
d. The exchange of information securely over a local area network
Explanation: Answer a is correct. Answer b is incorrect because it is the definition of cryptanalysis. Answer c is incorrect because it is the definition of cryptology. Answer d is incorrect because cryptography is not restricted to a local area network
- What is a drawback to using authentication headers?
a. Single factor authentication
b. Increased packet size
c. Authentication headers are proprietary
d. Only 56-bit encryption algorithms support authentication headers
Explanation: Answer b is the correct answer. Answer a is incorrect because single factor authentication is a password for access control. Answer c is incorrect because authentication headers are written into the IPSEC standard. Answer d is incorrect because many protocols specified in the IPSEC standard can use authentication headers.
- What does the acronym DES represent?
a. Dual Encryption Standard
b. Data Encryption Standard
c. Data Encryption Scheme
d. Dual Encryption Scheme
Explanation: Answer b is the correct answer, and is taken from Fites & Kratz. While answers a,c, and d all look correct on first glance they all have a misrepresented word.
- What is the definition of cryptanalysis?
a. The art or science of secret writing
b. The practice of defeating attempts to hide information
c. The study of secret writing and defeating the science of secret writing
d. The exchange of information securely over a local area network
Explanation: Answer b is the correct answer. Answer a is the definition of cryptography. Answer c is incorrect because it is the definition of cryptanalysis. Answer d is incorrect because local are networking is never a restriction on cryptography.