Module 15

Question 1

To ensure secure communications across both the public and private infrastructure, the network
administrator’s first goal is to

Answer 1

secure the network
infrastructure, including routers, switches, servers, and hosts.

Question 2

There are three primary objectives of securing
communications:

Answer 2

• Authentication
• Integrity
• Confidentiality

Question 3

Authentication

There are two primary methods for validating a source in network communications:

Answer 3

authentication services and
data nonrepudiation services.

Question 4

In network communications, authentication can be accomplished using

Answer 4

cryptographic methods.

Question 5

is a similar service that allows the sender of a message to be uniquely
identified.

Answer 5

Data nonrepudiation

With nonrepudiation services in place, a sender cannot deny having been the source
of that message.

Question 6

ensures that messages are not altered in transit. With___, the receiver can verify that the received message is identical to the sent message and that no manipulation occurred.

Answer 6

Data integrity

Question 7

ensures privacy so that only the receiver can read the message. This can be achieved through encryption.

Answer 7

Data confidentiality

Question 8

is the process of scrambling data so that it cannot
be easily read by unauthorized parties.

Answer 8

Encryption

Question 9

When enabling encryption, readable data is called ____ while the encrypted
version is called __.

Answer 9

readable data = plaintext, or cleartext,

encrypted version = encrypted text or ciphertext

The plaintext readable message is converted to
ciphertext, which is the unreadable, disguised message.

Question 10

reverses the process of encryption

Answer 10

Decryption

Question 11

A __ is required to encrypt and decrypt a message. The ___ is the link between the plaintext
and ciphertext.

Answer 11

key

Question 12

Using a ____ is another way to ensure data confidentiality. A____ transforms
a string of characters into a usually shorter, fixed-length value or key that represents the
original string.

Answer 12

hash function

Question 13

The difference between hashing and encryption is

Answer 13

in how the data is stored.

Question 14

The ___ was an electromechanical
encryption device that was developed and used by Nazi Germany during World War II. The device depended on the distribution of pre-shared keys that were used to encrypt and decrypt messages.

Answer 14

Enigma machine

Question 15

depended on the distribution of pre-shared keys that were used to encrypt and decrypt messages.

Answer 15

Enigma machine

Question 16

In ____, no letters are replaced; they are simply rearranged.

Answer 16

transposition ciphers

Question 17

Another example of a transposition cipher is known as the ____. They are staggered, some in front, some in the middle and some in back, across several parallel lines.

Answer 17

rail fence cipher

Question 18

Modern encryption block cipher algorithms, such as ____, still use transposition as part of the algorithm.

Answer 18

AES and the legacy 3DES,

Question 19

____ substitute one letter for another. In their simplest form, ____ retain the letter frequency of the original message.

Answer 19

Substitution ciphers

Question 20

The ____ is based
on the Caesar cipher, except
that it encrypts text by using a
different polyalphabetic key
shift for every plaintext letter.

The different key shift is
identified using a shared key
between sender and receiver.

Answer 20

Vigenère cipher

Question 21

__ was an AT&T Bell Labs engineer who, in 1917, invented, and later patented, the stream cipher. He also co-invented the one-time pad cipher.

Answer 21

Gilbert Vernam

Question 22

Vernam proposed a teletype cipher in which a prepared key consisting of an arbitrarily long, non-repeating sequence of numbers was
kept on paper tape. It was then combined character by character with the plaintext message to produce the ciphertext.

To decipher the ciphertext, the same paper tape key was again combined character by character, producing the plaintext. Each tape was used only once; hence, the name one-time pad. Several difficulties are inherent in using onetime pads in the real world.

Answer 22

one-time pad ciphers

the stream cipher

Question 23

is the practice and study of determining the meaning of encrypted information
(cracking the code), without access to the shared secret key. This is also known as

Answer 23

Cryptanalysis or codebreaking.

Question 24

Throughout history, there have been many instances of cryptanalysis:

Answer 24

• The Vigenère cipher had been absolutely secure until it was broken in the 19th century by English cryptographer Charles Babbage.
• Mary, Queen of Scots, was plotting to overthrow Queen Elizabeth I from the throne and sent encrypted messages to her co-conspirators. The cracking of the code used in this plot led to the beheading of Mary in 1587.
• The Enigma-encrypted communications were used by the Germans to navigate and direct their U-boats in the Atlantic. Polish and British cryptanalysts broke the German Enigma code. Winston Churchill was of the opinion that it was a turning point in WWII.

Question 25

Methods of Cracking Code

Several methods are used in cryptanalysis:

Answer 25

• Brute-force method
• Ciphertext method
• Known-Plaintext method
• Chosen-Plaintext method
• Chosen-Ciphertext method
• Meet-in-the-Middle method

Question 26

• The attacker tries every possible key knowing that eventually one of them will work.

Answer 26

• Brute-force method

Question 27

• The attacker has the ciphertext of several encrypted messages but no knowledge of the underlying plaintext.

Answer 27

• Ciphertext method

Question 28

• The attacker has access to the ciphertext of several messages and knows something about the plaintext underlying that ciphertext.

Answer 28

• Known-Plaintext method

Question 29

• The attacker chooses which data the encryption device encrypts and observes the ciphertext output.

Answer 29

• Chosen-Plaintext method

Question 30

• The attacker can choose different ciphertext to be decrypted and has access to the decrypted plaintext.

Answer 30

• Chosen-Ciphertext method

Question 31

• The attacker knows a portion of the plaintext and the corresponding ciphertext.

Answer 31

• Meet-in-the-Middle method

Question 32

A more scientific approach is to use the
fact that some characters in the English
alphabet are used more often than
others. This method is called

Answer 32

frequency
analysis.

Question 33

When choosing a cryptanalysis method,
consider the Caesar cipher encrypted
code. The best way to crack the code is
to use ____. Because there are
only 25 possible rotations, the effort is
relatively small to try all possible
rotations and see which one returns
something that makes sense.

Answer 33

brute force

Question 34

is the science of making and breaking
secret codes.

Answer 34

Cryptology

Question 35

cryptology combines two separate disciplines:

Answer 35

*Cryptography - the development and use
of codes

*Cryptanalysis - the breaking of those
codes

Question 36

is often used by governments in military and diplomatic surveillance, by enterprises in testing the strength of security procedures, and by malicious hackers in exploiting weaknesses
in websites.

Answer 36

Cryptanalysis

Question 37

are individuals who perform cryptanalysis to crack secret codes.

Answer 37

Cryptanalysts

Question 38

MD5 (legacy)
SHA

Answer 38

Integrity

H for hashing

Question 39

HMAC-MD5 (legacy)
HMAC-SHA-256
RSA and DSA

Answer 39

Authenticity

Question 40

3DES (legacy)
AES

Answer 40

Confidentiality

E for encrypting

Question 41

The three primary objectives of securing communications are

Answer 41

authentication, integrity, and confidentiality.

Question 42

Authentication may be secured by

Answer 42

HMAC.

Question 43

is ensured through the use of the SHA family of hash generating algorithms.

Answer 43

Integrity

Question 44

is ensured through symmetric encryption algorithms, such as AES, and
asymmetric algorithms, such RSA and PKI.

Answer 44

Data confidentiality

Question 45

proves that a message actually comes from a valid source.

Answer 45

Authentication

Question 46

is a similar service to authentication in that it allows the sender of a message to be uniquely identified.

Answer 46

Data nonrepudiation

Question 47

ensures that messages are not altered in transit.

Answer 47

Data integrity

Question 48

ensures privacy so that only the intended receiver can read the message.

Answer 48

Data confidentiality

Question 49

Three types of cipher are

Answer 49

transposition, substitution, and one-time pad

Question 50

is the practice and study of determining the meaning of encrypted information (cracking the code), without access to the shared secret key.

Answer 50

Cryptanalysis, or codebreaking,

Question 51

The objective of modern cryptographers is

Answer 51

to have a keyspace large enough that it takes too much time and money to accomplish a brute-force attack.

Question 52

is the science of making and breaking secret codes. It combines cryptography and
cryptanalysis.

Answer 52

Cryptology

Question 53

The choice of algorithm varies depending on the security requirements, the hardware resources
that are available for encryption and decryption, and the acceptance of the algorithm in the security community.

Answer 53

True

Question 54

With most modern algorithms, the security of encryption lies in the secrecy of the __ not the
algorithm.

Answer 54

keys

Question 55

Ensures privacy so that only the receiver can read the message.

Answer 55

confidentiality

Question 56

Ensures that messages are not altered in transit.

Answer 56

integrity

Question 57

Guarantees that a message comes from the source that it claims to come from.

Answer 57

authentication

Question 58

In banking, it can be achieved by requiring a secure personal identification number (PIN) at an ATM.

Answer 58

authentication

Question 59

Encryption and hashing are used to make certain that only authorized entities can read the message.

Answer 59

confidentiality

Question 60

A key is required to encrypt and decrypt a message.

Answer 60

confidentiality

Question 61

The receiver can verify that the received message is identical to the sent message and that no manipulation occurred.

Answer 61

integrity

Question 62

What is a cipher that replaces one letter for another, possibly retaining the letter frequency of the original message?

Answer 62

A substitution cipher replaces one letter for another, possibly retaining the letter frequency in the cleartext language.

Question 63

What is a method of cryptanalysis in which an attacker tries every possible key knowing that eventually one of them will work?

Answer 63

In a brute-force attempt to decipher a coded message, every possible value is attempted.

Question 64

What cipher method does 3DES use as part of the algorithm?

Answer 64

A transposition cipher is used in part by the legacy 3DES algorithm.

Question 65

What is the term for when a device cannot refute the validity of a message that it has received?

Answer 65

Nonrepudiation means that a device cannot refute the validity of a message sent.

Question 66

What is the practice and study of determining the meaning of encrypted information, without access to the shared secret key?

Answer 66

Cryptanalysis is the study of determining the meaning of coded messages without access to message key.

Question 67

Refer to the exhibit. Which type of cipher method is depicted?

Answer 67

transposition cipher

There are many cipher methods developed for message encryptions. In transposition ciphers, no letters are replaced; they are simply rearranged. An example of this type of cipher is known as the rail fence cipher. In this transposition, the words are spelled out as if they were a rail fence, meaning some are in front and some in back across several parallel lines.

Question 68

What are two objectives of ensuring data integrity? (Choose two.)

Answer 68

data is unaltered during transit

data is not changed by unauthorized entities

The objectives for data integrity include data not being altered during transit and not being changed by unauthorized entities. Authentication and encryption are methods to ensure confidentiality. Data being available all the time is the goal of availability.

Question 69

A network security specialist is tasked to implement a security measure that monitors the status of critical files in the data center and sends an immediate alert if any file is modified. Which aspect of secure communications is addressed by this security measure?

Answer 69

data integrity

Secure communications consists of four elements:
Data confidentiality - guarantees that only authorized users can read the message
Data integrity - guarantees that the message was not altered
Origin authentication - guarantees that the message is not a forgery and does actually come from whom it states
Data nonrepudiation – guarantees that the sender cannot repudiate, or refute, the validity of a message sent

Question 70

To answer the question, you do not need to consider the exhibit. The exhibit shows a lock with the word “PASSWORD” above a window that is on the front of the lock. Within the window the following information appears : ***8 OK.
Which type of attack allows an attacker to use a brute force approach?

Answer 70

password cracking

Common ways used to crack Wi-Fi passwords include social engineering, brute-force attacks, and network sniffing.

Question 71

Why would HMAC be used to help secure the data as it travels across various links?

Answer 71

it is a hashing algorithm used to guarantee that the message is not a forgery and actually comes from the authentic source

MD5 is a hashing algorithm that guarantees that no one intercepted the message and altered it. Advanced Encryption Standard (AES) is a popular symmetric encryption algorithm where each communicating party needs to know the pre-shared key. Public key infrastructure (PKI) is an asymmetric encryption algorithm based on the assumption that the two communicating parties have not previously shared a secret key. HMAC is a hash message authentication code that guarantees that the message is not a forgery and actually comes from the authentic source.

Question 72

What is the focus of cryptanalysis?

Answer 72

breaking encrypted codes

Cryptology is the science of making and breaking secret codes. There are two separate disciplines in cryptology, cryptography and cryptanalysis. Cryptography is the development and use of codes. Cryptanalysis is the breaking of those secret (encrypted) codes.

Question 73

What is cryptology?

Answer 73

the science of making and breaking secret codes

Cryptography is the science of creating transposition and substitution ciphers. Cryptanalysis is the science of cracking the code without access to the shared secret key. Cryptology is the science of making and breaking secret codes. Cryptology combines cryptography and cryptanalysis.

Question 74

Which objective of secure communications is achieved by encrypting data?

Answer 74

confidentiality

When data is encrypted, it is scrambled to keep the data private and confidential so that only authorized recipients can read the message. A hash function is another way of providing confidentiality.

Question 75

What is the purpose of a nonrepudiation service in secure communications?

Answer 75

to ensure that the source of the communications is confirmed

Nonrepudiation uses the unique characteristics of the sender of a message to confirm that the reputed sender is in fact the actual sender.

Question 76

A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?

Answer 76

confidentiality

Confidentiality ensures that data is accessed only by authorized individuals. Authentication will help verify the identity of the individuals.

Question 76

What is an example of the transposition cipher?

Answer 76

rail fence

RC4 is an example of the one-time pad cipher, and it is widely used on the Internet. The Caesar cipher is a simple substitution cipher, and the Vigenère cipher is based on the Caesar cipher. An example of the transposition cipher is the rail fence cipher.​

Question 77

To answer the question, you do not need to consider the exhibit. The graphic displays a conveyor belt with items on it. The items include a combination of the characters 10100 going through a box and as they exit the box they are being modified into the characters %&@.
As data is being stored on a local hard disk, which method would secure the data from unauthorized access?

Answer 77

data encryption

Data encryption is the process of converting data into a form where only a trusted, authorized person with a secret key or password can decrypt the data and access the original form.