Pearson Quiz 1 t o 5 Weaknesses Flashcards
What I do not know will kill me
Ano yung tawag kapag ang hardware at software ay pinag sama-sama mo sa para makapag provide ng load balancing?
Clustering
Clustering ang tawag sa hardware at software na pinag sama-sama para mag provide ng load balancing
Clustering is the use of hardware and software to provide load-balancing
How do you break down the cipher suite ECDHE-RSA-AES128-GCM-SHA256?
ECDHE → Ephemeral Key Exchange (Perfect Forward Secrecy)
RSA → Authentication (Certificate-based)
AES128-GCM → Bulk Encryption (Secure AEAD encryption)
SHA256 → Integrity (Message Authentication in TLS 1.2)
Explain and Identifiefy the following Cipher Suite:
ECDHE-RSA-AES256-GCM-SHA384
Key Exchange = ECDHE (Perfect Forward Secrecy)
Authentication = RSA
Bulk Encryption = AES-256-GCM
Integrity = SHA-384
Tips to Recognize Cipher Suites Quickly:
✅ If you see “ECDHE” or “DHE”, it has forward secrecy.
✅ If “AES-GCM” is present, it is secure & authenticated encryption.
✅ If “CBC” is present, it’s older and less secure (avoid if possible).
✅ If “RSA” is used for key exchange, forward secrecy is NOT present.
✅ TLS 1.3 ciphers are simpler: They don’t include key exchange/authentication explicitly.
Cipher Suite Structure
- Key Exchange 2. Authentication 3. Bulk Encryption 4. Integrity
e.g.
ECDHE-RSA-AES128-GCM-SHA256
Which part of the cipher suite ECDHE-RSA-AES128-GCM-SHA256 is responsible for bulk encryption?
A) ECDHE
B) RSA
C) AES128-GCM
D) SHA256
Answer: ✅ C) AES128-GCM
In the cipher suite DHE-RSA-AES256-CBC-SHA256, the key exchange method is ______, and the bulk encryption method is ______.
Key Exchange: DHE
Bulk Encryption: AES-256-CBC
A security team wants to use a cipher suite that provides Perfect Forward Secrecy (PFS) and AEAD encryption. Which of the following is the best choice?
A) RSA-AES256-CBC-SHA1
B) DHE-RSA-AES128-GCM-SHA256
C) ECDHE-RSA-AES256-GCM-SHA384
D) AES256-CBC-SHA
Answer: ✅ C) ECDHE-RSA-AES256-GCM-SHA384
(Has ECDHE for PFS and AES-GCM for AEAD)
