Objective 1 Flashcards
Which asymmetric encryption technique provides a comparable level of security with shorter key lengths, making it efficient for cryptographic operations?
DSA
ECC
Diffie-Hellman
RSA
ECC is the correct answer. Elliptic Curve Cryptography (ECC) provides a comparable level of security with shorter key lengths compared to other asymmetric encryption methods like RSA. This makes it more efficient in terms of computational power and storage requirements, which is particularly advantageous in resource-constrained environments like mobile devices.
DSA is incorrect because it is primarily used for digital signatures rather than encryption and does not specifically offer efficiency through shorter key lengths. Diffie-Hellman is also incorrect because, while it is used for secure key exchange, it is not primarily focused on shorter key lengths for comparable security. RSA is incorrect because, although it is widely used, it requires much longer key lengths than ECC to achieve the same level of security, making it less efficient.
Kelly Innovations Corp, an IT company, is implementing a process of encryption where two parties establish a shared secret for communication purposes. Which of the following MOST accurately describes this process?
Hashing
Asymmetric encryption
Key exchange
Symmetric encryption
Key exchange is the correct answer. The process of establishing a shared secret for communication purposes typically involves a key exchange mechanism, such as the Diffie-Hellman protocol. This allows two parties to securely agree on a symmetric key over an insecure channel, which is then used for encryption.
Hashing is incorrect because hashing does not involve shared secrets or encryption; it is used to ensure data integrity by creating a unique, fixed-size hash value for data. Asymmetric encryption is incorrect because it uses a pair of public and private keys for encryption and decryption, not a shared secret. Symmetric encryption is incorrect in this context because it uses the shared key for actual encryption and decryption but does not describe the process of establishing the shared key itself.
Lexicon, an AI company, wants to implement a security measure to identify and evaluate potential threats to their systems and networks. Which of the following is an example of a managerial security control that the company could implement?
Risk assessments
Intrusion detection system
Firewall
Security guards
Risk assessments are the correct answer. A risk assessment is a managerial security control because it involves identifying, analyzing, and evaluating potential threats and vulnerabilities to determine how they might impact the organization. This is a high-level process focused on planning and decision-making.
An intrusion detection system is incorrect because it is a technical security control that monitors and analyzes network traffic for suspicious activity. A firewall is also incorrect because it is another example of a technical control that enforces security policies by controlling incoming and outgoing network traffic. Security guards are incorrect because they are a physical security control, focusing on protecting physical assets rather than evaluating threats through managerial processes.
When sending an encrypted message to Dion Training, a client would use which of the following to ensure only Dion Training can decrypt and read the message?
Private key
Wildcard certificate
Key escrow
Public key
Public key is the correct answer. When sending an encrypted message to Dion Training, the client would use Dion Training’s public key to encrypt the message. Only Dion Training can decrypt it using their corresponding private key, ensuring the confidentiality of the communication.
Private key is incorrect because it is kept secret by Dion Training and is used to decrypt the message, not for the sender to encrypt it. A wildcard certificate is incorrect because it is used to secure multiple subdomains with SSL/TLS and is not directly related to encrypting messages for confidentiality. Key escrow is incorrect because it refers to storing and managing cryptographic keys securely, not to the encryption process itself.
Reginald, an IT Manager, is the owner of a file on a server and wants to grant his colleagues access to the file. He is the only one who can decide who is allowed access to the file and what actions they can perform on it. Which authorization model is being used in this scenario?
RBAC
MAC
ABAC
DAC
DAC is the correct answer. Discretionary Access Control (DAC) allows the owner of a resource, in this case, Reginald, to determine who has access to the file and what actions they can perform on it. This model provides flexibility and gives the resource owner full control over access permissions.
RBAC is incorrect because Role-Based Access Control assigns permissions based on roles within the organization rather than individual resource ownership. MAC is incorrect because Mandatory Access Control relies on predefined policies set by a central authority, not by the resource owner. ABAC is incorrect because Attribute-Based Access Control uses attributes like user characteristics or environmental factors to define access permissions, rather than granting access at the discretion of the owner.
At Kelly Innovations Corp., Sarah noticed that their core business application, which tracks customer orders, was not updating inventory levels accurately. A recent update seemed to have introduced a bug. Which of the following would offer the BEST solution?
Application rollback
Dependency check
Patch management
Application restart
Application rollback is the correct answer. Rolling back the application to a previous, stable version would resolve the issue by reverting the changes introduced by the buggy update, ensuring that inventory levels are updated accurately while the problem is addressed.
Dependency check is incorrect because it focuses on ensuring that all required software components or libraries are in place, but it would not directly fix an issue caused by the update itself. Patch management is incorrect because it involves applying updates to address security vulnerabilities or bugs, but in this case, the update introduced the problem rather than solving one. Application restart is incorrect because while it might temporarily clear minor glitches, it would not resolve a deeper issue caused by the update’s faulty implementation.
When considering the RSA algorithm, which description BEST captures its underlying mathematical property used for public key cryptography?
Hash function
Trapdoor function
Symmetric encryption
Digital signature
Trapdoor function is the correct answer. The RSA algorithm relies on a mathematical trapdoor function, which is easy to compute in one direction (encryption with the public key) but extremely difficult to reverse (decryption) without specific knowledge, such as the private key. This property makes RSA suitable for public key cryptography.
Hash function is incorrect because it refers to generating a fixed-size output from input data for integrity checks, not encryption or key exchange. Symmetric encryption is incorrect because RSA uses asymmetric cryptography, involving a public-private key pair instead of a shared secret. Digital signature is incorrect because, while RSA can be used to create digital signatures, this is an application of the algorithm, not its underlying mathematical property.
