Domain Six: PKI and Cryptography Flashcards

1
Q

What are the PAIN concepts that ryptography should address ?

A

Privacy, Authentication, Integrity, Non - Repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Data in Use ?

A

This is data that is actively in use by the computer system. This includes data stored in memory while being processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the main protection for data in transit ?

A

Encyption via tls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is data at rest ?

A

Data that is stored in storage media - encryption is an obvious protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a cipher ?

A

The actual algorithm used to carry out cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the two categories that ciphers fall into ?

A

Block and Stream

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the advantage of block ciphers ?

A

High diffusion and immune to insertion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the disadvantage of block ciphers ?

A

Slow and error propagation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the advantage of stream ciphers ?

A

Speed and low error propagation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the disadvantages of stream ciphers ?

A

Low diffusion and susceptibiltiy to malicious insertion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a block cipher ?

A

Encrypts data in whole or in chunks and used when we know the size of the data to be encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a stream cipher ?

A

Encrypts each individual bit as part of a stream

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the concept of confusion in cryptography ?

A

Makes the relationship between the cipher and data as complex as possible. Confusion means that each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two.[3]

The property of confusion hides the relationship between the ciphertext and the key.

This property makes it difficult to find the key from the ciphertext and if a single bit in a key is changed, the calculation of most or all of the bits in the ciphertext will be affected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the concept of diffusion in cryptography ?

A

Diffusion means that if we change a single bit of the plaintext, then about half of the bits in the ciphertext should change, and similarly, if we change one bit of the ciphertext, then about half of the plaintext bits should change.[5] This is equivalent to the expectation that encryption schemes exhibit an avalanche effect.

The purpose of diffusion is to hide the statistical relationship between the ciphertext and the plain text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What kind of algorithm is DiffieHelman ?

A

Asymmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What kind of algorithm is DSA ?

A

Asymmetric - Good for digital signatures but does little for confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What kind of algorithm is Elliptical Curve ?

A

Asymmetric - Very fast uses real and rational numbers and requires smaller key sizes to provide same security as other algorithms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What kind of algorithm is RSA ?

A

Standard for Asymmetric - Key 2048 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What kind of agorithm is 3DES ?

A

Symmetric - Comes in four different types and the key length is 112 to 168 256 and 356. The different flavours use a key multiple times

DES - EEE2 Two key are used in the encryption process three times
DES - EDE2 Two key are used in the encryption process twice and once in the decryption process
DES - EEE3 Three keys are used in the encryption process three times
DES - EDE3 Three key are used in the encryption process twice and once in the decryption process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What kind of algorithm is AES ?

A

Symmetric - 3DES was only ever a stopgap and AES was the preferred standard and was based on the Rijndael algorithm. The key lengths are 128, 192 or 256 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What kind of algorithm is DES ?

A

Symmetric - DES uses a 64 bit key but 8 bits are used for parity checking so in actuality the key is only 56bits. This is a deprecated mechanism because it was shown that the algorithm could be cracked in less that 24 hours.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What kind of algorithm is RC4 ?

A

Symmetric - Ron Rivest came up with these ciphers. They are fast steam ciphers which are perfect for WiFi WEP. The key length is 40 bits plus a 24 bit initialisation vector making it 64 in total length.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a cipher mode ?

A

These are the primary ways of using the ciphers that adds additional functionality. So you would never use AES on its own but in conjunction with a cipher mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Describe the ECB cipher mode ?

A

Electronic Block will pad when there is a partial block. It is the easiest mode to break and is the native mode of DES. Its advantage is that it provides the highest throughput.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is Cipher Block Chaining mode ?

A

Very similar to ECB has a slightly higher error rate meaning some block could become undecipherable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are counter cipher modes ?

A

Turns block ciphers into stream ciphers by the use of a counter function which is used alongside an IV.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is Galois Counter Mode ?

A

Uses the Galois authentication with standard Counter Mode. Used specifically with 128 bit encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Describe the HMAC hashing algorithm ?

A

Designed to avoid collisions that other algorithms are prone to. This is done by the use of a shared private key but it does require that the key is sent out of bounds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is MD5 ?

A

Hashing Algorithm - Takes a variable length input and produces a 128 bit output

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is the SHA algorithm ?

A

Hashing - SHA 1 and 0 are deprecated. SHA 2 is the most commonly used algorithm today

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is key stretching ?

A

Improving of weak keys for examples multiple rounds of either hashing or encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is perfect forward secrecy ?

A

Used to change keys ensuring that even though a compromise occurs the blast radius is small.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What does the term east-west traffic mean ?

A

Lateral movement within a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What are PEAP and EAP-TLS and what is the difference between the two ?

A

They are protocols for securing wireless communications with TLS. PEAP uses passwords whereas EAP-TLS uses server side certificates

35
Q

Why use a site survey for wireless placement ?

A

Discovery of dead zones and optimal placement.

36
Q

Give an example of a stream cipher ?

A

Caesar

37
Q

What is the minimum key length in todays cryptographic systems ?

A

128 bit

38
Q

Does symmetric encryption offer non repudiation ?

A

No - Only confidentiality

39
Q

What are the main issues with symmetric encryption ?

A

Key exchange is a problem
Does not implement non-repudiation as anyone with the key can encrypt and decrypt
Algorithm is not scalable - Difficult to manage large numbers of users
Key Regeneration overhead - Every time someone leaves a key has to be regenerated

40
Q

What are the main advantages of asymmetric encryption ?

A

Overhead - New or leaving users only need their key pair generated or removed
Blast Radius - Keys only need to be regenerated when the private key is compromised
Provides Non-Repudiation, Confidentiality, Integrity and Authentication
Key Exchange is simplified - There is no method to derive the private key from the public key

41
Q

What key lengths does AES support ?

A

128,192,256

42
Q

I want to exchange keys in order to use symmetric encryption but the PKI and Offline options are not available to me what should I use ?

A

Diffie Hellman

43
Q

In symmetric cryptography what is split knowledge ?

A

Where two people own half of the key

44
Q

What is a key escrow service ?

A

Key is stored with a third party service

45
Q

Whats a weakness of the MD5 hashing protocol ?

A

It is prone to collisions

46
Q

What cryptographic goals are satisfied by digital signatures ?

A

Authentication, Integrity and Non Repudiation

47
Q

Whats the process in creating a digital signature ?

A

Sender creates message digest by hashing original plain text
Sender encrypts the digest with their private key
Sender attaches the message digest to plain text message
Sender transmits message

Receiver decrypts message digest with Senders public key
Receiver uses same hashing function on plain text
Receiver then compares that their result and the received hash are the same

48
Q

What extra step should you take to ensure privacy after you have created a digital signature ?

A

Encrypt it with the recipents public key

49
Q

What key should I use if I want to send an encrypted message to a recipient ?

A

Recipients public key

50
Q

What key should I use if I recieve an encrypted message ?

A

My private key

51
Q

What key should I use if I want to create a digital signature ?

A

My private key

52
Q

What key should I use to verify a digital signature ?

A

Senders public key

53
Q

What hashing algorithm uses a shared private key ?

A

HMAC

54
Q

What does the common name (CN) of certificates contain ?

A

Fully Qualified Domain Name (FQDN)

55
Q

How is the root certificate of the CA stored ?

A

Offline

56
Q

What is certificate chaining ?

A

In the CA trust model, the use of a series of intermediate CA’s is known as certificate chaining and the browser has to verify all the certificates in the chain.

57
Q

What is the role of the registration authority (RA)

A

Help with identification but does not issue certificates

58
Q

What are some of the items mandated by the X509 standard for certificates ?

A

Version
Serial Number
Signature Algorithm Identifier
Issuer Name - The CA authority name
Validity Period - Start, Expiration date and time
Subjects Common Name (CN) - FQDN of domain owner
Subject Alternative Names (SAN) - Additional optional items such as IP addresses and domain names
Subjects Public Key

59
Q

What is enrolment in the certificate process ?

A

The supplying of identity documents to prove to the CA you are genuine

60
Q

What is a CSR (Certificate Signing Request) ?

A

The submitting of your public key to the CA after your identity has been verified.

61
Q

What is a domain validation certificate (DV) ?

A

The lowest level which just identifies that you own the domain is known as a Domain Validation (DV) certificate

62
Q

What is the name of the certificate that requires more validation than just the DV ?

A

Extended validation (EV) certificate

63
Q

What is a primary use case for Eliptical Curve cryptography ?

A

Key Exchange and digital signatures

64
Q

What is XSS ?

A

XSS is a web-based vulnerability that occurs when an attacker injects malicious code into a web page that is then executed by the browser of a user who visits the page. The code can steal cookies, session tokens, or other sensitive information from the user or the web server.

65
Q

Which attribute of a threat actor refers to their ability to develop unique exploit techniques and tools?

A

Capability

66
Q

Do SIEMS maintain a database ?

A

Yes

67
Q

What is the difference between recurring and continuous risk assessment ?

A

Recurring risk assessment involves conducting risk assessments at regular intervals to adapt to changing threats and vulnerabilities over time whereas continuous is all the time to help with operational security

68
Q

What is the difference between SASE and WAN ?

A

SASE (Secure access service edge) combines network security and WAN capabilities in a single cloud-based service, making it an ideal solution for ensuring secure and reliable access to data and applications irrespective of user/device location where as WAN just covers networking capabilities

69
Q

What is infrastructure monitoring ?

A

Infrastructure monitoring is focused on ensuring the foundational IT components, like servers, data centers, and networking equipment, are both functional and secure

70
Q

What is systems monitoring?

A

Systems monitoring evaluates the hardware, operating systems, and the essential services that applications run on but not the broader foundational structures of IT.

71
Q

What is directory traversal ?

A

A directory traversal attack is a type of application attack that involves manipulating the input parameters to access files or directories that are not intended to be accessible by the user, such as configuration files, source code, or system files.

72
Q

What is the primary purpose of package monitoring ?

A

Package monitoring involves keeping track of software package versions and security patches, which helps identify potential vulnerabilities and ensures that appropriate actions are taken to mitigate risks.

73
Q

Is the file extension normally included in the files metadata ?

A

No

74
Q

Which of the following BEST describes a system that allocates permissions and access based on pre-defined organizational guidelines, strategies, codes, roles, or requirements?

A

Policy Driven

75
Q

Can a single tool be two types of control ?

A

Yes Antimalware is a detective control and a corrective one

76
Q

What is a directive control give an example ?

A

Sets the standards of behaviour for org normally a policy or document such as AUP

77
Q

What is a POA&M ?

A

Plan of action and milestones to rectify gaps found in a gap analysis

78
Q

What is zero trust ?

A

Zero Trust demands verification for every device, every user and every transaction regardless of where it came from.

79
Q

In zero trust architecture what is the control plane ?

A

Is the overarching set of components responsible for defining, enforcing and managing the policies related to user and system access within the organisation

80
Q

In zero trust what is the control planes adaptive identity ?

A

leverages Context based authentication, considers where the user is logging in from, whether the device they are using meets security requirements and will either request additional info or request if standards are not met. The assumption is a users identity is not set in stone we need to take into account context based information such as behaviour and device location.

81
Q

What is the control planes threat scope reduction ?

A

Limiting the blast radius determined by least privilege and identity base network segmentation rather than the more traditional network segmentation methods such as VLAN and IP addresses

82
Q

What is the role of the policy engine in Zero Trust ?

A

Policy engines make decisions based on rules and external systems such as identity management and SIEM. They use a trust algorithm that makes a decision to grant, deny or revoke access to a given resource. Once the decision has been made it is logged and then the policy administrator takes action.

83
Q

What is the role of the policy enforcement in Zero Trust ?

A

To carry out the decisions made by the policy engine such as terminating connections

84
Q
A