Introduction to Cryptography Flashcards
Which cryptographic operations use an asymmetric private key? (Choose two.)
Creating a digital signature
Verifying a digital signature
Encrypting a message
Decrypting messages
Creating a digital signature
Decrypting messages
Digital signatures assure the recipient of a message that it is authentic and has not been modified. The message sender’s private key is used to create a digital signature thus constituting nonrepudiation; the sender cannot deny having sent and signed the message because only the sender has access to their private key. Private keys are also used to decrypt messages, such as e-mail messages
Which cryptographic operation does not use a cryptographic key?
Encrypting
Hashing
Decrypting
Hashing
Hashing is used to verify that a file or message has not changed. The origin data is fed into a one-way cryptographic algorithm resulting in a unique value called a hash; a cryptographic key is not used. One-way algorithms are easy to compute given input, but it is very difficult to take a hash and determine the original value
Which type of key is used by an IPSec VPN configured with a pre-shared key (PSK)?
Private
Asymmetric
Symmetric
Symmetric
With symmetric encryption, the same key is used for encryption and decryption. The IPSec VPN PSK must be configured on both ends of the VPN tunnel
You are evaluating a secure network management solution that will be used to monitor and configure network infrastructure devices remotely. Which of the following is the best choice?
SFTP
FTPS
SNMPv3
SNMPv3
The Simple Network Management Protocol (SNMP) version 3 supports authenticated and encrypted messages when remotely monitoring and managing devices running an SNMP agent such as routers, switches, and server operating systems. SNMP normally uses UDP port 161
Your company provides remote word processing and spreadsheet file access using FTP. After a security audit, the findings suggest employing TLS to harden FTP access. Which protocol should you configure to address this concern?
SFTP
FTPS
SNMPv3
FTPS
FTPS uses TLS to enable the secure transfer of files between FTP hosts over TCP port 21 (explicit FTPS) or 990 (implicit FTPS); traditional FTP passes credentials and data over the network in clear text
You are reviewing network perimeter firewall rules for the firewall public interface and notice allowances for incoming UDP port 161 and TCP port 443 traffic. What type of traffic will be allowed through the firewall public interface, assuming default ports are being used? (Choose two.)
SFTP
SNMPv3
FTPS
HTTPS
SNMPv3
HTTPS
SNMP uses UDP port 161 and HTTPS uses TCP 443
Which encryption algorithms can SNMPv3 use?
AES, MD5
SHA-256, 3DES
3DES, AES
3DES, AES
SNMPv3 can use Triple Digital Encryption Standard (3DES) or the newer Advanced Encryption Standard (AES) algorithm to encrypt SNMP data sent over the network
You are configuring SNMPv3 authentication. Which of the following hashing algorithms are available?
MD5, RSA
MD5, SHA
SHA, AES
MD5, SHA
MD5 and SHA are hashing algorithms that are used to verify the integrity of data and can be used for authentication SNMPv3 connections over the network
You have configured LDAP over SSL (LDAPS) with default settings to secure directory service queries across subnets. Which port must be open on the subnet firewall?
TCP 389
TCP 22
TCP 636
TCP 636
Lightweight Directory Access Protocol Secure (LDAPS) uses a PKI certificate to secure LDAP connections over the network and uses TCP port 636. LDAP is used to connect to and query a centralized network directory service database such as Microsoft Active Directory
Secure POP mail transmissions use which standard port number?
995
110
993
995
The Post Office Protocol (POP) is a client mail retrieval standard and can be secured using a PKI certificate. Secure POP uses a standard port number of TCP 995
Which IPSec configuration mode encapsulates origin IP packets?
ESP
AH
Tunnel
Tunnel
IPSec tunnel mode can place an entire IP packet within another IP packet (encapsulation) and encrypt that payload
You are planning your SMTP mail system so that mail transfers are encrypted. Which protocol should you use?
NTS
SRTP
S/MIME
S/MIME
Mail traffic can be encrypted and digitally signed through the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol, which requires SMTP hosts to be configured with a PKI certificate
Which term refers to providing random data as additional input to a hashing algorithm?
Key stretching
Salting
Perfect forward secrecy
Salting
Salting enhances hashing security using random bits in addition to origin data, such as a passphrase that is fed into a one-way hashing algorithm. To calculate the original passphrase value, the salt value must be known. Salting makes dictionary attacks much less likely to succeed
Which cryptographic operations use a public key? (Choose two.)
Verifying digital signatures
Encrypting messages
Creating digital signatures
Decrypting messages
Verifying digital signatures
Encrypting messages
Private keys create a digital signature and the related public key is used to verify the signature. The sender of an encrypted message must have access to the public key of message recipients to encrypt the message for them
Which technology is described as “a secure distributed public ledger of transactions”?
Quantum computing
Steganography
Blockchain
Blockchain
Blockchain provides a distributed public ledger of transactions that cannot be modified. Because the blockchain of transactions is managed by thousands of computers, it is not controlled by a single central organization or government. Bitcoin digital currency transactions are one example of how blockchain can be used. Bitcoin transactions are considered anonymous, since the transactions are linked to a digital identity
A government informant embeds sensitive drug cartel data in an e-mail attachment. The attachment appears to be a picture of a dog. Which data secrecy technique is being used?
Steganography
Encryption
Hashing
Steganography
Steganography is a technique used to hide sensitive data within other nonsensitive items, such as hiding a secret message within a photo of a dog, which often requires special software to hide and unhide the message. Messages can he hidden in many types of files, including audio and video
Which cryptographic attribute mitigates brute-force key attacks?
Key length
Key exchange
Authentication
Key length
In general, the longer a cryptographic key (number of bits), the more difficult it becomes to brute-force key values due to the increased number of possible key combinations. The strength and implementation of an encryption algorithm (and not only the key size) determine its resilience to attacks
Which of the following is a cryptographic stream cipher?
AES
Blowfish
RC4
RC4
The Rivest Cipher 4 (RC4) algorithm is a stream cipher, meaning that data is encrypted 1 byte at a time instead of an entire data block (more than 1 byte) being encrypted at once
Which of the following are symmetric encryption block ciphers? (Choose two.)
AES
CBC
RC5
RC4
AES
RC5
AES and RC5 are symmetric block encryption ciphers. Block ciphers encrypt entire data blocks as opposed to individual bytes of data
Which public key cryptographic design can use smaller keys while maintaining cryptographic strength?
CBC
S/MIME
ECC
ECC
Elliptic curve cryptography uses a set of points for a curve over a finite field instead of using prime number factoring for encryption. This allows for smaller key lengths, which minimizes required compute power. ECC small keys have the strength of much longer keys. For example, a 256-bit ECC key is equivalent to a 3072-bit RSA key
Which encryption technique is designed to run on devices with constraints such as low power and low processing capabilities?
Homomorphic encryption
Lightweight cryptography
Entropy
Lightweight cryptography
Lightweight encryption requires less compute power than traditional encryption algorithms and is well suited for mobile devices. ECC is a lightweight encryption technique that uses small keys to achieve strong security. A small key size means less computational requirements
Which cryptographic technique allows the analysis of data without first decrypting it?
Lightweight encryption
Homomorphic encryption
Entropy
Homomorphic encryption
Homomorphic encryption provides data confidentiality and is a computationally expensive cryptographic technique that allows encrypted data to be analyzed without fully decrypting it. Decrypting data, while it is accessed, presents a risk of unauthorized access while in a decrypted state
Which benefit is derived from using a HSM to carry out cryptographic operations as opposed to a standard operating system such as Microsoft Windows?
Ability to store cloud-generated certificates
Lower cost
Lower computational latency
Lower computational latency
A hardware security module (HSM) is a tamper-proof dedicated appliance that can securely store cryptographic keys and perform cryptographic operations. Offloading these tasks from a Microsoft Windows computer results in lower computational latency, since dedicated firmware is generally faster and more reliable than a general purpose operating system
Which statements regarding PKI certificates are correct? (Choose two.)
A certificate can be used for more than one cryptographic purpose.
A 2048-bit key is considered weak.
Certificates cannot be issued to routers.
Certificates have an expiry date.
A certificate can be used for more than one cryptographic purpose.
Certificates have an expiry date.
PKI certificates can be used for multiple purposes such as message encryption, digital signatures, and file encryption. Certificates have an expiry date upon which the certificate is no longer valid
For security and performance reasons, you would like IP phone VoIP traffic to be isolated from regular TCP/IP network traffic. Which network protocol will allow this end result?
S/MIME
SSH
DHCP
DHCP
You can configure DHCP vendor-class options to identity the type of device making a DHCP request (IP phone), and then assign IP settings such as IP address range and default gateway
You plan on using a web browser secured connection to manage your public cloud subscription. Which outbound port number must be allowed on your network firewall?
636
993
443
443
HTTPS secured connections use TCP port 443
Which service is provided by DNSSEC?
Confidentiality
Integrity
Network address allocation
Integrity
DNSSEC protects DNS clients from forged DNS answers in response to client DNS queries. With DNSSEC, DNS zone records are digitally signed. DNS clients verify the signature of DNS query results using a public key to ensure that the response is valid. (DNS clients trust the private key used to sign the DNS zone)
Which network security protocol can encrypt all network traffic using a single configuration?
TLS
SSL
IPSec
IPSec
IPSec can be configured to secure some or all network traffic using a single configuration, unlike application security protocols like HTTPS, which apply only to web servers, where each server requires a PKI certificate
Which cryptographic technique is often referred to as “hiding in plain sight”?
Quantum computing
Hashing
Steganography
Steganography
Steganography is a technique used to hide sensitive data within other nonsensitive items, such as hiding a secret message within a photo of a dog, which requires special software to hide and unhide the message
