Formative 8 Flashcards
What is the purpose of the DH algorithm?
to provide nonrepuditation support
to support email data confidentiality
to encrypt data traffic after a vPN is established
to generate a sharred secret between two hosts that have not communicated before
to generate a share secret between two hosts that have not communicated before
Which statement is a feature of HMAC?
HMAC is based on the RSA hash function.
HMAC uses a secret key that is only known to the sender and defeats man-in-the-middle attacks.
HMAC uses protocols such as SSL or TLS to provide session layer confidentiality.
HMAC uses a secret key as input to the hash function, adding authentication to integirty assurance.
HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.
Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?
confidentiality
authentication
integrity
nonrepudiation
integrity
Which two statements correctly describe certificate classes used in the PKI? (Choose two.)
A class 0 certificate is for testing purposes.
A class 0 certificate is more trusted than a class 1 certificate.
The lower the class number, the more trusted the certificate.
A class 5 certificate is for users with a focus on verification of email.
A class 4 certificate is for online business transactions between companies.
A class 0 certificate is for testing purposes.
A class 4 certificate is for online business transactions between companies.
Which statement describes the use of certificate classes in the PKI?
The lower the class number, the more trusted the certificate.
A vendor must issue only one class of certificates when acting as a CA.
A class 5 certificate is more trustworthy than a class 4 certificate.
Email security is provided by the vendor, not by a certificate.
A class 5 certificate is more trustworthy than a class 4 certificate.
What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?
asymmetric key
algorithm
digital signature
encryption
hash algorithm
digital signature
What two assurances does digital signing provide about code that is downloaded from the Internet? (Choose two.)
The code is authentic and is actually sourced by the publisher.
The code contains no errors.
The code was encrypted with both a private and public key.
The code has not been modified since it left the software publisher.
The code contains no viruses.
The code is authentic and is actually sourced by the publisher.
The code has not been modified since it left the software publisher.
What term is used to describe the technology that replaces sensitive information with a nonsensitive version?
hiding
masking
retracting
whiteout
blanking
masking
What term is used to describe concealing data in another file such as a graphic, audio, or other text file?
masking
obfuscation
steganography
hiding
steganography
what is a strength of using a hasing function?
It is a one-way function and not reversible.
It can take only a fixed length message
It has a variabe length output.
Two different files can be created that have the same output.
It is not commonly used in security
It is a one-way function and not reversible.
An investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court?
he investigator found a USB drive and was able to make a copy of it.
The data is all there.
An exact copy cannot be made of a device.
The data in the image is an exact copy and nothing has been altered by the process.
The data in the image is an exact copy and nothing has been altered by the process.
In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?
HTTPS traffic is much faster than HTTP traffic.
HTTPS traffic enables end-to-end encryption.
HTTPS traffic does not require authentication.
HTTPS traffic can carry a much larger data payload than HTTP can carry.
HTTPS traffic enables end-to-end encryption.
In the asymmetric encryption, encryption and decryption use the same key.
True
False
False
What is an example of a symmetric encryption algorithm?
Internet Key Exchange (IKE)
Secure Socket Layer (SSL)
Secure Shell (SSA)
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)
Which algorithm provides asymmetric encryption?
Data Encryption Standard (DES)
Diffie Hellman (DH)
3DES
AES
Diffie Hellman (DH)
Which hash function is the most secure?
MD5
3DES
IKE
SHA-3
SHA-3
Which certificate is the most trusted?
Class 0
Class 1
Class 2
Class 3
Class 4
Class 5
Class 5
On large networks, which two of the following methods are used to link PKI CAs?
Cross-certified CA Topologies
individually-certified CA Topologies
Hierarchical CA Topologies
Top-down CA Topologies
Cross-certified CA Topologies
Hierarchical CA Topologies
Which of the following is NOT an X.509 v3 application?
SSL
LDAP
EAP-TLS
IPSec
LDAP
Which two of the following methods are used to revoke a digital certificate?
POTS
OCSP
OOB
CRL
OCSP
CRL
Instant messaging can be encrypted using PKI.
True
False
True
PKI can be used by the enterprise to secure USB storage devices.
True
False
True
What must be specified by the X509v3 validity data range? (Choose two)
after
before
not after
not before
not after
not before
Which of the following is not a key component of the cipher suite?
message authentication code (MAC)
authentication algorithm
encryption algorithm
the key exchange algorithm
authorization algorithm
authorization algorithm