Introduction to Cryptography Flashcards

1
Q

A network technician notices TCP port 80 traffic when users authenticate to their mail server. What should the technician configure to protect the confidentiality of these transmissions?

MD5

SHA-512

HTTPS

A

HTTPS

TCP port 80 is Hypertext Transfer Protocol (HTTP) network traffic. Web browsers use HTTP to connect to web servers. In this case, users are using web-based e-mail that is not encrypted. Hypertext Transfer Protocol Secure (HTTPS) uses either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to encrypt HTTP traffic. This requires the installation of a digital certificate on the server. Remember that digital certificates have an expiration date. If time is not properly synchronized on device, the certificate chain of trust could be broken

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following allows secured remote access to a UNIX host?

SSH

SSL

SSO

A

SSH

Secure Shell (SSH) listens on TCP port 22 and is used commonly on UNIX and Linux hosts to allow secure remote administration. An SSH daemon must be running on the server, and an SSH client (such as PuTTY) is required to make the connection. Unlike its predecessor, Telnet, SSH encrypts network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An IT manager asks you to recommend a LAN encryption solution. The solution must support current and future software that does not have encryption of its own. What should you recommend?

SSL

SSH

IPSec

A

IPSec

IP Security (IPSec) is not specific to an application; all network traffic is encrypted and authenticated. Both sides of the secured connection must be configured to use IPSec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which protocol supersedes SSL?

TLS

SSO

TKIP

A

TLS

Transport Layer Security (TLS) replaces Secure Sockets Layer (SSL). For example, TLS offers more secure data authentication to ensure data has not been tampered with while in transit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which TCP port would a firewall administrator configure to enable users to access SSL-enabled web sites?

443

80

3389

A

443

Secure Sockets Layer (SSL) users TCP port 443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data integrity is provided by which of the following?

RC4

AES

MD5

A

MD5

Message Digest 5 (MD5) is a hashing algorithm that computes a digest from provided data. Any change in the data will invalidate the digest; thus, data integrity is attained

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You are configuring a network encryption device and must account for other devices that may not support newer and stronger algorithms. Which of the following lists encryption standards from weakest to strongest?

DES, 3DES, RSA

3DES, DES, AES

RSA, DES, Blowfish

A

DES, 3DES, RSA

Digital Encryption Standard (DES) is a 56-bit cipher, and 3DES is a 168-bit cipher; both are symmetric encryption algorithms. RSA (named after its creators, Rivest, Shamir, and Adleman) is a public and private key (asymmetric) encryption and digital signing standard whose bit strength varies. The bit length of a cipher is not the only factor influencing its strength; the specific implementation of the cryptographic functions also plays a role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following uses two mathematically related keys to secure data transmissions?

AES

RSA

3DES

A

RSA

RSA is an asymmetric cryptographic algorithm that uses mathematically related public and private key pairs to digitally sign and encrypt data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your company has implemented a PKI. You would like to encrypt e-mail messages you send to another employee, Amy. What do you require to encrypt messages to Amy?

Amy’s private key

Amy’s public key

Your private key

A

Amy’s public key

A public key infrastructure (PKI) implies the use of public and private key pairs. To encrypt messages for Amy, you must have her public key. This can be installed locally on a computer or published centrally on a directory server that should be secured using protocols such as Lightweight Directory Access Protocol Secure (LDAPS). The related private key, which only Amy should have access to, is used to decrypt the message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You decide that your LAN computers will use asymmetric encryption with IPSec to secure LAN traffic. While evaluating how this can be done, you are presented with an array of encryption choices. Choose the correct classification of cryptography standards.

Symmetric: 3DES, DES

Asymmetric: Blowfish, RSA

Symmetric: 3DES, DES

Asymmetric: RC4, RSA

Symmetric: AES, 3DES

Asymmetric: RSA

A

Symmetric: AES, 3DES

Asymmetric: RSA

Advanced Encryption Standard (AES) and Triple Digital Encryption Standard (3DES) are cryptographic standards using symmetric algorithms. This means a single key is used both to encrypt and decrypt. RSA (named after its creators, Rivest, Shamir, and Adleman) is an asymmetric encryption algorithm. This means two mathematically related keys (public and private) are used to secure data; normally, a public key encrypts data and a private key decrypts it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data is provided confidentially by which of the following?

MD5

Disk encryption

E-mail digital signatures

A

Disk encryption

Encryption provides data confidentiality. Only authorized parties have the ability to decrypt disk contents. Encrypting stored data is referred to the encryption of data-at-rest, encrypting data being transmitted is called encryption of data-in-transit, and the encryption of data being used is called encryption of data-in-use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which symmetric block cipher supersedes Blowfish?

Twofish

Fourfish

RSA

A

Twofish

Twofish is a symmetric block cipher that replaces Blowfish

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A user connects to a secured online banking web site. Which of the following statements is incorrect?

The workstation public key is used to encrypt data transmitted to the web server. The web server private key performs the decryption.

The workstation session key is encrypted with the server public key and transmitted to the web server. The web server private key performs the decryption.

The workstation-generated session key is used to encrypt data sent to the web server.

A

The workstation public key is used to encrypt data transmitted to the web server. The web server private key performs the decryption.

It is not the workstation public key that is used; it is the server’s. The workstation-generated session key is encrypted with the server public key and transmitted to the web server where a related private key decrypts the message to reveal the session key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which term describes the process of concealing messages within a file?

Trojan

Steganography

Encryption

A

Steganography

Steganography can be used to hides messages within files. For example, a message could be hidden within an inconspicuous JPEG picture file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which term best describes the assurance that a message is authentic and neither party can dispute its transmission or receipt?

Digital signature

Encryption

Nonrepudiation

A

Nonrepudiation

Nonrepudiation means neither the sending nor receiving party can dispute the fact that a transmission occurred. The recipient is assured of data authenticity and integrity via a digital signature applied with the sender’s private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are a developer at a software development firm. Your latest software build must be made available on the corporate web site. Internet users require a method of ensuring that they have downloaded an authentic version of the software. What should you do?

Generate a file hash for the download file and make it available on the web site.

Make sure Internet users have antivirus software installed.

Configure the web site to use TLS.

A

Generate a file hash for the download file and make it available on the web site.

File hashing performs a calculation on a file resulting in a hash. Changing a file in some way and then performing the same calculation would result in a different hash. This is one way to verify that the file is the correct version. The probability of a hash collision (different data inputs resulting in the same hash output) is very small

17
Q

Which cryptographic approach uses points on a curve to define public and private key pairs?

RSA

DES

ECC

A

ECC

Elliptic curve cryptography (ECC) is public key cryptography based on points on an elliptic curve

18
Q

Your company currently uses an FTP server, and you have been asked to make FTP traffic secure using SSL. What should you configure?

FTPS

SFTP

IPSec

A

FTPS

File Transfer Protocol Secure (FTPS) can use Secure Sockets Layer (SSL) to secure FTP traffic

19
Q

On which protocol is SCP built?

FTP

SSL

SSH

A

SSH

Secure Copy (SCP) is a secure way of copying files between computers over an SSH session

20
Q

Which of the following are true regarding ciphers? (Choose two.)

Block ciphers analyze data patterns and block malicious data from being encrypted.

Stream ciphers encrypt data one byte at a time.

Block ciphers encrypt chunks of data.

Stream ciphers encrypt streaming media traffic.

A

Stream ciphers encrypt data one byte at a time.

Block ciphers encrypt chunks of data.

Stream ciphers encrypt data a bit or a byte at a time, whereas block ciphers encrypt segments (blocks) of data at one time in various block sizes

21
Q

Which of the following are block ciphers? (Choose two.)

DES

RSA

RC4

AES

A

DES

AES

Block ciphers encrypt data a block at a time (rather than a bit or byte at a time). Digital Encryption Standard (DES) and Advanced Encryption Standard (AES) are both block ciphers

22
Q

Which of the following are message digest algorithms? (Choose two.)

3DES

RIPEMD

Blowfish

HMAC

A

RIPEMD

HMAC

RACE Integrity Primitives Evaluation Message Digest (RIPEMD) and Hash-based Message Authentication Code (HMAC) are both cryptographic hashing functions

23
Q

A military institution requires the utmost in security for transmitting messages during wartime. What provides the best security?

AES

3DES

One-time pad

A

One-time pad

One-time pads are used to combine completely random keys with plain text resulting in cipher text, after which one-time pads are not used again. A randomized initialization vector (IV), or salt, is used to derive keys. An item used only once is referred to as a nonce. Both communicating parties must have the same one-time pads, which presents a problem if communicating with a large number of entities. No amount of computing power or time can increase the likelihood of breaking this type of cipher text. Pseudo-random numbers, on the other hand, are not considered completely random due to the process that generates them

24
Q

When hardening a VPN, what should you consider? (Choose two.)

Enabling PAP

Disabling PAP

Disabling EAP-TLS

Enabling EAP-TLS

A

Disabling PAP

Enabling EAP-TLS

Password Authentication Protocol (PAP) should be disabled. PAP sends unencrypted passwords across the network during authentication. Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) should not be disabled when hardening VPNs; it is considered very secure because of its mutual authentication of both VPN client and VPN server

25
Q

Encrypting and digitally signing e-mail with public and private keys can be done with which technology?

3DES

DES

PGP

A

PGP

Pretty Good Privacy (PGP) uses public and private key pairs to encrypt and digitally sign messages. Gnu Privacy Guard (GPG) is an implementation of open PGP standards

26
Q

Which of the following is considered the least secure?

NTLM v2

EAP-TLS

PAP

A

PAP

Password Authentication Protocol (PAP) is considered insecure because it does not encrypt transmitted credentials

27
Q

A user digitally signs a sent e-mail message. What security principle does this apply to?

Least privilege

Integrity

Confidentiality

A

Integrity

Integrity is achieved when digitally signing an e-mail message. The sender’s private key creates the unique signature, which is verified on the receiving end using the sender’s related public key. If the message has not changed since it was sent, the signature will be considered valid

28
Q

Which of the following are true regarding a user’s private key? (Choose two.)

It is used to encrypt sent messages.

It is used to decrypt received messages.

It is used to create digital signatures.

It is used to verify digital signatures.

A

It is used to decrypt received messages.

It is used to create digital signatures.

Because the recipient’s public key is used to encrypt a message, the related private key is used for decryption. Digitally signing a message must assure the recipient that it came from who it says it came from. Because only the owner of a private key has access to it, the private key is used to create digital signatures. The related public key verifies the validity of that signature

29
Q

You are the IT director for a company with military contracts. An employee, Sandra, leaves the company, and her user account is removed. A few weeks later, somebody requires access to Sandra’s old files but is denied access. After investigating the issue, you determine that Sandra’s files are encrypted with a key generated from a passphrase. What type of encryption is this?

WEP

Asymmetric

Symmetric

A

Symmetric

Symmetric encryption uses the same key for encryption and decryption. In this case, if the same passphrase is used, the data can be decrypted

30
Q

Which of the following best describes the Diffie-Hellman protocol?

It is a key exchange protocol for asymmetric encryption.

It is a symmetric encryption algorithm.

It is a key exchange protocol for symmetric encryption.

A

It is a key exchange protocol for asymmetric encryption.

Diffie-Hellman is a secure key exchange protocol used for asymmetric encryption and is provide through a cryptographic service provider, often in the form of an API library or module

31
Q

Which of the following apply to symmetrical keys? (Choose two.)

The public key is used for encryption.

The private key is used for decryption.

The same key is used for encryption and decryption.

They are exchanged out-of-band.

A

The same key is used for encryption and decryption.

They are exchanged out-of-band.

The same symmetrical key is used on both sides of a secured connection, and the keys are exchanged out-of-band. (Outside of the normal message communication channel, for example, the key is communicated over the telephone or in person on a USB flash drive.) Keys exchanged within the normal communication channel, as is the case with the Diffie-Hellman protocol, is referred to as in-band key exchange

32
Q

Which of the following are two common negotiation protocols used by TLS? (Choose two.)

Quantum cryptography

DHE

RSA

ECDHE

A

DHE

ECDHE

Diffie-Hellman Ephemeral (DHE) and Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) are commonly used with Transport Layer Security (TLS) to provide perfect forward secrecy. Diffie-Hellman groups are used in security negotiation processes to determine the key strength

33
Q

What is another name for an ephemeral key?

PKI private key

SHA

Session key

A

Session key

Ephemeral keys are short-lived keys, such as a unique session key. Diffie-Hellman Ephemeral (DHE) and Elliptic Curve Diffie-Hellman Ephemeral (ECDHC) are common key negotiation protocols

34
Q

During the monthly IT meeting in your office, your IT manager, Julia, expresses concern about weak user passwords on corporate servers and how they might be susceptible to brute-force password attacks. When allaying Julia about her concerns, which term might you use?

Key forging

Key escrow

Key stretching

A

Key stretching

Key stretching converts weak keys such as passwords into stronger keys that are less susceptible to brute-force attacks. Bcrypt and PBKDF2 are common key-stretching algorithms

35
Q

After reviewing the results of a network security audit, your IT team decides to implement auditor recommendations to secure internal traffic. Which solution addresses the potential poisoning of name resolution server records?

IPsec

DNSSEC

SSL

A

DNSSEC

DNS security extensions (DNSSEC) uses signatures for DNS records that get verified on clients to establish trust when client issue domain name resolution queries. This prevents DNS records from being tampered with and then trusted

36
Q

Management has asked you, the head of IT security, to implement a centralized and unified IT threat management system for all six offices, which are spread throughout Western Europe. There is a very limited IT security budget available. Which solution can properly secure the six locations with minimal cost?

Use a subscription-based service.

Purchase the appropriate hardware and licenses for each location. Configure the solution to monitor threats at all sites.

Update the anti-malware software on devices at all six locations.

A

Use a subscription-based service.

Security as a Service (SECaaS) provides a subscription-based cloud service that enables organizations to outsource the acquisition and maintenance of security hardware and software while allowing customized threat management configurations. This is much less expensive initially, since hardware, software, and licenses do not need to be purchased, configured, and maintained

37
Q

Which block cipher mode uses a feedback-based encryption method to ensure that repetitive data results in unique cipher text?

ECB

GCM

CBC

A

CBC

Cipher Block Chaining (CBC) mode uses feedback information to help ensure that the current block cipher text differs from other blocks even if the exact same data is being encrypted

38
Q

Which term describes multiple inputs resulting in the same hash value?

Collision

Confusion

Obfuscation

A

Collision

Collisions occur in hashing when different inputs result in the exact same hash. This is very rare but has been proven possible even with Secure Hashing Algorithm 1 (SHA-1)

39
Q

Which term most accurately describes smartcards?

Low power

Something you know

PKI certificate authority

A

Low power

Low-power devices such as smartcards can still perform sufficient cryptographic calculations to be used in secure IT environments