Module 16 Flashcards

Question 1

Q

four elements of secure communications:

Answer

A

data integrity
origin authentication
data confidentiality
data non-repudiation

Question 2

Q

Guarantees that the message is not a forgery and does actually come from whom it states. Many modern networks ensure authentication with algorithms such as hash-based message authentication code (HMAC).

Answer

A

Origin Authentication

Question 3

Q

Guarantees that the message was not altered. Any changes to data in transit will be detected. Integrity is ensured by implementing either of the Secure Hash Algorithms (SHA-2 or SHA-3).
The MD5 message digest algorithm is still widely in use. However, it is inherently insecure and creates vulnerabilities in a network. Note that MD5 should be avoided.

Answer

A

Data Integrity

Question 4

Q

Guarantees that the sender cannot repudiate, or refute, the validity of a message sent. Nonrepudiation relies on the fact that only the sender has the unique characteristics or
signature for how that message is treated.

Answer

A

Data Non-Repudiation

Question 5

Q

Guarantees that only authorized users can read the message. If the message is intercepted, it cannot be deciphered within a reasonable amount of time. Data confidentiality is
implemented using symmetric and asymmetric encryption algorithms.

Answer

A

Data Confidentiality

Question 6

Q

__ are used to verify and ensure data integrity.

Question 7

Q

is based on a one-way mathematical function that is relatively easy to compute, but significantly harder to reverse.

Question 8

Q

a hash function takes a variable block
of binary data, called the message, and
produces a fixedlength, condensed representation, called the hash.
The resulting hash is also sometimes called the message digest, digest, or digital fingerprint.

Question 9

Q

With hash functions, it is computationally infeasible for two different sets of data to come up with the same hash output.

Question 10

Q

Cryptographic hash values are often called

Answer

A

“digital fingerprints”.

Question 11

Q

the equation h= H(x) is used to

Answer

A

explain how a hash algorithm operates.

Question 12

Q

are used to ensure the integrity of a message. They help ensure data has not accidentally changed and that what was sent is indeed what was received.

Answer

A

Hash functions

Question 13

Q

There are four well-known hash functions:

Answer

A

MD5 with 128-bit digest
SHA-1
SHA-2
SHA-3

Question 14

Q

While hashing can be used to detect accidental changes, it cannot be used to guard against
deliberate changes that are made by a threat actor. Therefore, hashing is vulnerable to ____ and does not provide security to transmitted data.

Answer

A

man-inthe-middle attacks

To provide integrity against man-in-the-middle attacks, origin authentication is also required.

Question 15

Q

To add origin authentication and integrity assurance, use a ___ uses an additional secret key as input to the hash function.

Answer

A

keyed-hash message authentication code
(HMAC). HMAC

Question 16

Q

an HMAC is calculated using any cryptographic algorithm that combines a cryptographic hash function with a secret key. Hash functions are the basis of the protection mechanism of HMACs.
Only the sender and the receiver know the secret
key, and the output of the hash function now depends on the input data and the secret key. Only parties who have access to that secret key can compute the digest of an HMAC function. This defeats man-in-themiddle attacks and provides authentication of the data origin.

Question 17

Q

is often considered the most difficult part of designing a cryptosystem.

Answer

A

Key management

Question 18

Q

there are several essential characteristics of key management to consider.

Answer

A

Key generation
Key verification
Key exchange
Key storage
Key lifetime
Key revocation and destruction

Question 19

Q

It was up to Caesar to choose the key of his cipher. The Vigenère cipher key is also chosen by the sender and receiver. In a modern cryptographic system, ___ is usually automated and not left to the end user. The use of good random number generators is needed to ensure that all keys are equally generated so that the attacker cannot predict which keys are more likely to be used.

Answer

A

Key generation

Question 20

Q

Some keys are better than others. Almost all cryptographic algorithms have some weak keys that should not be used. With the help of key verification procedures, weak keys can be identified and regenerated to provide a more secure encryption. With the Caesar cipher, using a key of 0 or 25 does not encrypt the message, so it should not be used.

Answer

A

Key verification

Question 21

Q

Key management procedures should provide a secure key exchange mechanism that allows secure agreement on the keying material with the other party, probably over an untrusted medium.

Answer

A

Key exchange

Question 22

Q

On a modern multi‐user operating system that uses cryptography, a key can be stored in memory. This presents a possible problem when that memory is swapped to the disk, because a Trojan horse program installed on the PC of a user could then have access to the private keys of that user.

Answer

A

Key storage

Question 23

Q

Using short key lifetimes improves the security of legacy ciphers that are used on high‐speed connections. In IPsec a 24‐hour lifetime is typical. However, changing the lifetime to 30 minutes improves the security of the algorithms.

Answer

A

Key lifetime

Question 24

Q

__ notifies all interested parties that a certain key has been compromised and should no longer be used.

Answer

A

Key revocation

Question 25

Q

__ erases old keys in a manner that prevents malicious attackers from recovering them.

Answer

A

Key destruction

Question 26

Q

Two terms that are used to describe keys are:

Answer

A

Key length
Keyspace

Question 27

Q

Also called the key size, this is the measure in bits. In this course, we will use the term key length.

Answer

A

key length

Question 28

Q

This is the number of possibilities that can be generated by a specific key length

Question 29

Q

AES type of algorithm

Answer

A

symmetric

Question 30

Q

The __ of an algorithm is the set of all possible key values. A key that has n bits produces a keyspace that has 2n possible key values. By adding one bit to the key, the keyspace is effectively doubled.

Question 31

Q

The rule “the longer the key, the better” is valid, except for possible performance reasons.
Shorter keys equal faster processing but are less secure. Longer keys equal slower processing
but are more secure.

Question 32

Q

such as Data Encryption Standard (DES), 3DES, and Advanced Encryption Standard (AES) are based on the premise that each communicating party knows the pre-shared key.

Answer

A

Symmetric encryption algorithms

Question 33

Q

Data confidentiality can also be ensured using ___, including Rivest, Shamir, and Adleman (RSA) and the public key infrastructure (PKI).

Answer

A

asymmetric algorithms

Question 34

Q

use the same pre-shared key to encrypt and decrypt data. A pre-shared key, also called a secret key, is known by the sender and receiver before any encrypted communications can take place.

Answer

A

Symmetric algorithms

Question 35

Q

Symmetric encryption algorithms are sometimes classified as either

Answer

A

a block cipher or a stream cipher.

Question 36

Q

transform a fixed-length block of plaintext into a common block of ciphertext of 64 or 128 bits.

Common ___ include DES with a 64-bit block size and AES with a 128-bit block size.

Answer

A

Block ciphers

Question 37

Q

encrypt plaintext one byte or one bit at a time. ___ are basically a block cipher with a block size of one byte or bit. Stream ciphers are typically faster than block ciphers because data is continuously encrypted.

Answer

A

Stream ciphers

Question 38

Q

Well-known symmetric encryption algorithms are

Answer

A

Data encryption standard (DES)
3DES (triple DES)
Advanced encryption standard (AES)
Software-optimized encryption algorithm (SEAL)
Rivest ciphers (RC) series algorithms

Question 39

Q

This is a legacy symmetric encryption algorithm. It uses a short key length that makes it insecure for most current uses.

Answer

A

Data encryption standard (DES)

Question 40

Q

The is the replacement for DES and repeats the DES algorithm process three times. It should be avoided if possible as it is scheduled to be retired in 2023. If implemented, use very short key lifetimes.

Answer

A

3DES (triple DES)

Question 41

Q

AES is a popular and recommended symmetric encryption algorithm. It offers combinations of 128‐, 192‐, or 256‐bit keys to encrypt 128, 192, or 256 bit‐long data blocks.

Answer

A

Advanced encryption standard (AES)

Question 42

Q

SEAL is a faster alternative symmetric encryption algorithm to AES. SEAL is a stream cypher that uses a 160‐bit encryption key and has a lower impact on the CPU compared to other software‐based algorithms.

Answer

A

Software-optimized encryption algorithm (SEAL)

Question 43

Q

This algorithm was developed by Ron Rivest. Several variations have been developed, but
RC4 was the most prevalent in use. RC4 is a stream cipher that was used to secure web
traffic. It has been found to have multiple vulnerabilities which have made it insecure.
RC4 should not be used.

Answer

A

Rivest ciphers (RC) series algorithms

Question 44

Q

, also called public-key algorithms, are designed so that the key that is used for encryption
is different from the key that is used for decryption, as shown in the figure. The decryption key cannot, in any reasonable amount of time, be calculated from the encryption key and vice versa.

Answer

A

Asymmetric algorithms

Question 45

Q

Examples of protocols that use asymmetric key algorithms include:

Answer

A

Internet Key Exchange (IKE)
Secure Socket Layer (SSL)
Secure Shell (SSH)
Pretty Good Privacy (PGP)

Question 46

Q

This is a fundamental component of IPsec VPNs.

Answer

A

Internet Key Exchange (IKE)

Question 47

Q

This is now implemented as IETF standard Transport Layer Security (TLS).

Answer

A

Secure Socket Layer (SSL)

Question 48

Q

This protocol provides a secure remote access connection to network devices.

Answer

A

Secure Shell (SSH)

Question 49

Q

This computer program provides cryptographic privacy and authentication. It is often used to increase the security of email communications.

Answer

A

Pretty Good Privacy (PGP)

Question 50

Q

Asymmetric encryption algorithms

Answer

A

Diffie-Hellman (DH)

Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA)

Rivest, Shamir, and Adleman encryption algorithms (RSA)

EIGamal

Elliptic curve techniques

Question 51

Q

The Diffie‐Hellman algorithm allows two parties to agree on a key that they can use to encrypt messages they want to send to each other. The security of this algorithm depends on the assumption that it is easy to raise a number to a certain power, but difficult to compute which power was used given the number and
the outcome.

Answer

A

512, 1024, 2048, 3072, 4096

Diffie-Hellman (DH)

Question 52

Q

DSS specifies DSA as the algorithm for digital signatures. DSA is a public key algorithm based on the ElGamal signature scheme. Signature creation speed is similar to RSA, but is 10 to 40 times slower for verification.

Answer

A

512 ‐ 1024

Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA)

Question 53

Q

RSA is for public‐key cryptography that is based on the current difficulty of factoring very large numbers. It is the first algorithm known to be suitable for signing, as well as encryption. It is widely used in electronic commerce protocols and is believed to be secure given sufficiently long keys and the use of up‐to‐date implementations.

Answer

A

512 ‐ 2048

Rivest, Shamir, and Adleman encryption algorithms (RSA)

Question 54

Q

An asymmetric key encryption algorithm for public‐key cryptography which is based on the Diffie‐Hellman key agreement. A disadvantage of the ElGamal system is that the encrypted message becomes very big, about twice the size of the original message and for this reason it is only used for small messages such as secret keys.

Answer

A

512 ‐ 1024

EIGamal

Question 55

Q

Elliptic curve cryptography can be used to adapt many cryptographic algorithms, such as Diffie‐Hellman or ElGamal. The main advantage of elliptic curve cryptography is that the keys can be much smaller.

Answer

A

224 or higher

Elliptic curve techniques

Question 56

Q

Asymmetric Encryption - Confidentiality

The process can be summarized using the formula:

Answer

A

Public Key (Encrypt) + Private Key (Decrypt) = Confidentiality

When the public key is used to encrypt the data, the private key must be used to decrypt the data.
Only one host has the private key; therefore, confidentiality is achieved.

Question 57

Q

Asymmetric Encryption - Authentication

The process can be summarized using the formula:

Answer

A

Private Key (Encrypt) + Public Key (Decrypt) = Authentication

The authentication objective of asymmetric algorithms is initiated when the encryption process is started with the private key.

Question 58

Q

Asymmetric Encryption - Integrity

Answer

A

Combining the two asymmetric encryption processes provides message confidentiality, authentication, and integrity. The following example will be used to illustrate this process. In this example, a message will be ciphered using Bob’s public key and a ciphered hash will be encrypted using Alice’s private key to provide
confidentiality, authenticity, and integrity.

Question 59

Q

is an asymmetric mathematical algorithm that allows two computers to generate an identical shared secret without having communicated before. The new shared key is never actually exchanged between the sender and receiver. However, because both parties know it, the key can be used by an encryption algorithm to encrypt traffic between the two systems.

Answer

A

Diffie-Hellman (DH)

Question 60

Q

Here are two examples of instances when DH is
commonly used:

Answer

A

Data is exchanged using an IPsec VPN
SSH data is exchanged

Question 61

Q

Diffie-Hellman uses different DH groups to determine the strength of the key that is used in the key agreement process. The higher group numbers are more secure but require additional time to compute the key.

The following identifies the DH groups supported by Cisco IOS Software and their associated
prime number value:

Answer

A

DH Group 1: 768 bits
DH Group 2: 1024 bits
DH Group 5: 1536 bits
DH Group 14: 2048 bits
DH Group 15: 3072 bits
DH Group 16: 4096 bits

Question 62

Q

The four elements of secure communications are

Answer

A

data integrity, origin authentication, data
confidentiality, and data non-repudiation.

Question 63

Q

is based on a one-way mathematical function that is relatively easy to compute, but
significantly harder to reverse.

Question 64

Q

A __ H takes an input x and returns a fixed-size string hash value h

Answer

A

hash function

Answer 56

A

MD5 with 128 bit digest, SHA-1, SHA-2, and SHA-3.

Answer 57

A

keyed-hash message authentication code (HMAC).

Answer 58

A

key generation, key verification, key exchange, key storage, key lifetime, and key revocation and destruction.

Answer 59

A

length and keyspace.

Answer 60

A

keyspace.

Answer 61

A

symmetric keys, asymmetric keys, digital signatures, and hash keys.

Answer 62

A

size of the key.

Answer 63

A

Symmetric encryption algorithms

Answer 64

A

asymmetric and symmetric.

Answer 65

A

Asymmetric encryption algorithms

Answer 66

A

Key verification helps identify weak keys and will regenerate a new replacement key.

Answer 67

A

Key generation creates new keys for cryptography.

Answer 68

A

Key exchange is a mechanism that allows secure agreement on the keying material with the other party.

Answer 69

A

False. In asymmetric encryption, encryption and decryption use different keys.

Answer 70

A

Advanced Encryption Standard (AES) is a symmetric encryption standard that is widely used.

Answer 71

A

Diffie-Hellman (DH) uses asymmetric encryption.

Answer 72

A

SHA-3 is the most secure of the commonly used hash functions.

Answer 73

A

confidentiality

Encryption algorithms are used to provide data confidentiality, which ensures that if data is intercepted in transit, it cannot be read.

Answer 74

A

digital signatures

Typical usage of cryptographic keys includes the following:
Symmetric keys, which can be exchanged between two routers supporting a VPN.
Digital signatures, which are used when connecting to a secure website.
Hash keys, which are used in symmetric and asymmetric key generation, digital signatures, and other types of applications.

Answer 75

A

man in the middle

Because only the sender and receiver know the secret key, only parties that have access to that key can compute the digest of an HMAC function. This defeats man-in-the-middle attacks and provides authentication of where the data originated.

Answer 76

A

key management

Most attacks on cryptographic systems are aimed at the key management level, rather than the cryptographic algorithm itself.

Answer 77

A

different keys are used to encrypt and decrypt data

Asymmetric encryption algorithms use different keys for encryption and decryption. These are known as private and public keys. The longer key lengths used by asymmetric algorithms make them slower than symmetrical encryption and inefficient for bulk data.

Answer 78

A

to provide authentication

Answer 79

A

to generate a shared secret between two hosts that have not communicated before

DH is an asymmetric mathematical algorithm that allows two computers to generate an identical shared secret, without having communicated before. Asymmetric key systems are extremely slow for any sort of bulk encryption. It is common to encrypt the bulk of the traffic using a symmetric algorithm such as DES, 3DES, or AES, and use the DH algorithm to create keys that will be used by the symmetric encryption algorithm.

Answer 80

A

SEAL is a stream cipher

SEAL is a stream cipher that uses a 160-bit encryption key. It is a symmetric encryption algorithm that has a lower impact on the CPU resources compared to other software-based algorithms, such as software-based DES, 3DES, and AES.

Answer 81

A

integrity

Hashing algorithms are used to provide message integrity, which ensures that data in transit has not changed or been altered.

Answer 82

A

MD5

SHA

Hashing algorithms are used to provide data integrity, which ensures that the data has not changed during transmission. MD5 and SHA are commonly used hashing algorithms.

Answer 83

A

verification

o make a key strong, there are several essential characteristics of key management that should be considered:
Generation - The use of good random number generators is needed to ensure that all keys are likely to be equally generated so that the attacker cannot predict which keys are more likely to be used.
Verification - Almost all cryptographic algorithms have some weak keys that should not be used. With the help of key verification procedures, these keys can be regenerated if they occur.
Exchange - Key management procedures should provide a secure key exchange mechanism that allows secure agreement on the keying material with the other party, probably over an untrusted medium.
Revocation and Destruction - Revocation notifies all interested parties that a certain key has been compromised and should no longer be used. Destruction erases old keys in a manner that prevents malicious attackers from recovering them.

Answer 84

A

allows peers to exchange shared keys

The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. DH (Diffie-Hellman) is an algorithm used for key exchange. DH is a public key exchange method that allows two IPsec peers to establish a shared secret key over an insecure channel.

Brainscape's Knowledge GenomeTM

Module 16 Flashcards

Brainscape's Knowledge Genome^TM