N2K - Flash Cards - General Security Concepts - Explain the importance of using appropriate cryptographic solutions

Question 1

Which type of encryption can encrypt an entire drive or series of drives?

Answer 1

Volume-Level

Question 2

Which key-pair key should be encrypted and protected with a password when stored?

Answer 2

A private key

Question 3

Which type of key management does Secure Multipurpose Internet Mail Extensions (S/MIME) use: centralized or decentralized?

Answer 3

Centralized

Question 4

What are trusted entities issuing digital certificates validating the identity of entities in secure communication?

Answer 4

Certificate Authorities

Question 5

Which certificates are used to secure multiple websites with a single SSL certificate?

Answer 5

Wildcard Certificates

Question 6

How many levels up do wildcard certificates support?

Answer 6

Only one level up in the fully qualified domain name (FQDN)

Question 7

What is the difference between TPM and HSM chips?

Answer 7

Trusted Platform Module (TPM) chips are part of the motherboard. Hardware Security Module (HSM) chips are part of a PCI card that is mounted in a slot on the motherboard.

Question 8

Which algorithms are asymmetric key algorithms?

Answer 8

Rivest, Shamir, and Adleman (RSA)
Elliptic Curve Cryptosystem (ECC)
Diffie-Hellman
El Gamal
Digital Signature Algorithm (DSA)
Knapsack

Question 9

What is the default automated key-management protocol for IPSec?

Answer 9

Internet Key Exchange (IKE)

Question 10

What is the technique of replacing sensitive data with unique identifiers to protect confidentiality during storage or transmission?

Answer 10

Tokenization

Question 11

What is a TPM?

Answer 11

A dedicated processor that uses cryptographic keys to perform a variety of tasks

Question 12

What can be described as a distributed database accessible to all participants, recording transactions transparently, like in blockchain technology?

Answer 12

Open Public Ledger

Question 13

What is the term for unencrypted network traffic?

Answer 13

Cleartext Communication

Question 14

What is the initial certificate in a hierarchy, ensuring authenticity and integrity of subsequent certificates in secure communications.

Answer 14

Root of Trust

Question 15

What portion(s) of the IP packet are encrypted in IPSec transport mode?

Answer 15

The payload

Question 16

Which two chips are used to implement hardware-based encryption?

Answer 16

Trusted Platform Module (TPM) and Hardware Security Module (HSM) chips

Question 17

What is often found in mobile devices that is an isolated hardware/software environment for processing sensitive data?

Answer 17

Secure Enclave

Question 18

What is key escrow?

Answer 18

When you maintain a secured copy of a user’s private to ensure that you can recover the lost key

Question 19

What is the key length used by a one-time pad?

Answer 19

The key length is the same length as the message that is to be encrypted. The message length determines the key length.

Question 20

How is a digital signature created from a message digest?

Answer 20

It is encrypted using the sender’s private key.

Question 21

What type of encryption works with individual data entries in a database?

Answer 21

Record-Level

Question 22

Which public-key algorithm was the first to allow two users to exchange a secret key over an insecure medium without any prior secret keys?

Answer 22

Diffie-Hellman

Question 23

If Alice wants to encrypt a message using asymmetric encryption that only Bob can read, which key must she use?

Answer 23

Bob’s Public Key

Question 24

What is a digital proof of identity issued by an entity other than the recipient, facilitating secure online transactions?

Answer 24

Third-Party Certificate

Question 25

Which component performs peer authentication and key exchange within the Internet Protocol Security (IPSec) protocol?

Answer 25

The Internet Key Exchange (IKE)

Question 26

Which type of encryption safeguards the structure of a database and its contents?

Answer 26

Database-Level

Question 27

Which hashing algorithm produces a message digest of 160 bits in length?

Answer 27

Secure Hash Algorithm (SHA-1)

Question 28

What is the process of concealing original data with fictitious, but realistic, values to preserve usability while protecting sensitive information?

Answer 28

Data Masking

Question 29

What is the term for the process of hiding data in an image?

Answer 29

Steganography

Question 30

Certificate enrollment procedures typically require a user to provide proof of identity and which other item to a certification authority (CA)?

Answer 30

Public Key

Question 31

What is contained within an X.509 CRL?

Answer 31

A list of serial numbers of unexpired or revoked digital certificates that should be considered invalid

Question 32

Which type of cryptography is more secure: symmetric or asymmetric?

Answer 32

Asymmetric

Question 33

Which private-key encryption algorithm does Pretty Good Privacy (PGP) use to encrypt data?

Answer 33

International Data Encryption Algorithm (IDEA)

Question 34

What are the three issues that symmetric data encryption fails to address?

Answer 34

Data Integrity
Repudiation
Scalable Key Distribution