Formative 8 Flashcards

1
Q

What is the purpose of the DH algorithm?

to provide nonrepuditation support

to support email data confidentiality

to encrypt data traffic after a vPN is established

to generate a sharred secret between two hosts that have not communicated before

A

to generate a share secret between two hosts that have not communicated before

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which statement is a feature of HMAC?

HMAC is based on the RSA hash function.

HMAC uses a secret key that is only known to the sender and defeats man-in-the-middle attacks.

HMAC uses protocols such as SSL or TLS to provide session layer confidentiality.

HMAC uses a secret key as input to the hash function, adding authentication to integirty assurance.

A

HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?​

confidentiality

authentication

integrity

nonrepudiation

A

integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which two statements correctly describe certificate classes used in the PKI? (Choose two.)

A class 0 certificate is for testing purposes.

A class 0 certificate is more trusted than a class 1 certificate.

The lower the class number, the more trusted the certificate.

A class 5 certificate is for users with a focus on verification of email.

A class 4 certificate is for online business transactions between companies.

A

A class 0 certificate is for testing purposes.

A class 4 certificate is for online business transactions between companies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which statement describes the use of certificate classes in the PKI?

The lower the class number, the more trusted the certificate.

A vendor must issue only one class of certificates when acting as a CA.

A class 5 certificate is more trustworthy than a class 4 certificate.

Email security is provided by the vendor, not by a certificate.

A

A class 5 certificate is more trustworthy than a class 4 certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?

asymmetric key
algorithm

digital signature

encryption

hash algorithm

A

digital signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What two assurances does digital signing provide about code that is downloaded from the Internet? (Choose two.)

The code is authentic and is actually sourced by the publisher.

The code contains no errors.

The code was encrypted with both a private and public key.

The code has not been modified since it left the software publisher.

The code contains no viruses.

A

The code is authentic and is actually sourced by the publisher.

The code has not been modified since it left the software publisher.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What term is used to describe the technology that replaces sensitive information with a nonsensitive version?

hiding

masking

retracting

whiteout

blanking

A

masking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What term is used to describe concealing data in another file such as a graphic, audio, or other text file?

masking

obfuscation

steganography

hiding

A

steganography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what is a strength of using a hasing function?

It is a one-way function and not reversible.

It can take only a fixed length message

It has a variabe length output.

Two different files can be created that have the same output.

It is not commonly used in security

A

It is a one-way function and not reversible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court?

he investigator found a USB drive and was able to make a copy of it.

The data is all there.

An exact copy cannot be made of a device.

The data in the image is an exact copy and nothing has been altered by the process.

A

The data in the image is an exact copy and nothing has been altered by the process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?

HTTPS traffic is much faster than HTTP traffic.

HTTPS traffic enables end-to-end encryption.

HTTPS traffic does not require authentication.

HTTPS traffic can carry a much larger data payload than HTTP can carry.

A

HTTPS traffic enables end-to-end encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In the asymmetric encryption, encryption and decryption use the same key.

True

False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an example of a symmetric encryption algorithm?

Internet Key Exchange (IKE)

Secure Socket Layer (SSL)

Secure Shell (SSA)

Advanced Encryption Standard (AES)

A

Advanced Encryption Standard (AES)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which algorithm provides asymmetric encryption?

Data Encryption Standard (DES)

Diffie Hellman (DH)

3DES

AES

A

Diffie Hellman (DH)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which hash function is the most secure?

MD5

3DES

IKE

SHA-3

17
Q

Which certificate is the most trusted?

Class 0

Class 1

Class 2

Class 3

Class 4

Class 5

18
Q

On large networks, which two of the following methods are used to link PKI CAs?

Cross-certified CA Topologies

individually-certified CA Topologies

Hierarchical CA Topologies

Top-down CA Topologies

A

Cross-certified CA Topologies

Hierarchical CA Topologies

19
Q

Which of the following is NOT an X.509 v3 application?

SSL

LDAP

EAP-TLS

IPSec

20
Q

Which two of the following methods are used to revoke a digital certificate?

POTS

OCSP

OOB

CRL

21
Q

Instant messaging can be encrypted using PKI.

True

False

22
Q

PKI can be used by the enterprise to secure USB storage devices.

True

False

23
Q

What must be specified by the X509v3 validity data range? (Choose two)

after

before

not after

not before

A

not after

not before

24
Q

Which of the following is not a key component of the cipher suite?

message authentication code (MAC)

authentication algorithm

encryption algorithm

the key exchange algorithm

authorization algorithm

A

authorization algorithm