Practice Exam 11 Flashcards

1
Q

PE11.1 An attacker employs a Metasploit auxiliary module that exploits a built-in feature of OpenSSL. In the effort, the attacker’s system sends a single byte of data representing it has received 64KB. The target responds by sending back 64KB of data from its memory. Which of the following attacks is being described?

A. POODLE
B. FREAK
C. Heartbleed
D. DROWN

A

C
C. Back when it was discovered in March of 2014, Heartbleed was described as the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet. Heartbleed exploits a small feature in OpenSSL that turned out to present a very big problem. OpenSSL uses a heartbeat during an open session to verify that data was received correctly, and it does this by “echoing” data back to the other system. Basically one system tells the other, “I received what you sent and it’s all good. Go ahead and send more.” In Heartbleed, an attacker sends a single byte of data while telling the server it sent 64KB of data. The server will then send back 64KB of random data from its memory. Items such as usernames and passwords, private keys (which is exceptionally troubling, since future communication could be decrypted), cookies, and a host of other nifty bits of information could be easily stolen.

A is incorrect because this does not describe POODLE. POODLE (Padding Oracle On Downgraded Legacy Encryption) is a vulnerability in the backward-compatibility steps taken by TLS clients.

B is incorrect because this does not describe FREAK. Factoring Attack on RSA-EPORT Keys (FREAK) is a man-in-the-middle attack that forces a downgrade of an RSA key to a weaker length. The attacker forces the use of a weaker encryption key length, enabling successful brute-force attacks.

D is incorrect because this does not describe DROWN. DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS (in particular, SSLv2 connections).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

PE11.2 Which of the following statements is true regarding digital signatures?

A.Digital signatures are issued once per user, to be used on all documents until they expire.
B.A digital signature is a plain hash of the document contents.
C.Digitals signatures are issued per file type, allowing each to be used on multiple files until they expire.
D.A digital signature cannot be moved from one document to another.

A

D
D. If you know how a digital signature is created, this one is easy. The signature is nothing more than a hash of the document contents—making sure the contents don’t change between sender and receiver—encrypted with the sender’s private key. By using the private key, anyone holding the sender’s public key (sent from the CA) can decrypt said hash of document contents, ensuring the sender’s identity and comparing the hash to ensure document authenticity.

A and C are both incorrect for the same reason—digital signatures aren’t used across documents; they are explicitly created once per document.

B is incorrect because a hash of the document is but one portion of the digital signature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

PE11.3 Which of the following statements are true regarding a PKI system? (Choose two.)

A. The CA encrypts all messages.
B.The CA is the trusted root that issues certificates.
C.The CA is the recovery agent for lost certificates.
D.The RA verifies an applicant to the system.
E. The RA issues all certificates.
F. The RA encrypt all messages.

A

B, D. A PKI system consists of a bunch of parts, but the certificate authority is right at the top. The CA issues, maintains, and protects all the certificates for the system and maintains the certificate revocation list (CRL). It is the one place everything in the system can go to for protected data. The registration authority (RA) does several functions to take the load off the CA, and verifying the identity of an applicant wanting to use the system is one of the major tasks.

A, C, E, and F are all incorrect because they do not correctly describe a PKI environment. The CA does not encrypt messages and is not a recovery agent for lost ones. The RA does not issue certificates or encrypt messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

PE11.4 A person approaches a network administrator and wants advice on how to send encrypted e-mail from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following offers a method for sending encrypted e-mail without having to pay for license fees or manage a server?

A. IP Security (IPSec)
B. Multipurpose Internet Mail Extensions (MIME)
C. Pretty Good Privacy (PGP)
D.Hypertext Transfer Protocol with Secure Socket Layer (HTTPS)

A

C. I’m pretty sure you understand this comment already, but I’ll say it again here to reinforce it: sometimes things on your CEH exam simply don’t match up with reality. This question is a prime example. EC-Council, and their documentation up through version 8, defines Pretty Good Privacy (PGP) as a free, open source, e-mail encryption method available for all to use. In truth, PGP is now synonymous with a single company’s offering, based on the original PGP. The true open source, free side of it now is known more as OpenPGP (www.openpgp.org/). OpenPGP uses a decentralized system of trusted introducers that act in the same way as a certificate authority. Basically, in this web-of-trust relationship, if User A signs User B’s certificate, then anyone who trusts User A will also trust User B. You can find downloads for software still using the free, open PGP at www.pgpi.org/.

A is incorrect because IPSec is not intended as an e-mail encryption standard; it creates tunnels for the secure exchange of data from one system to another.

B is incorrect because MIME is an Internet standard that allows the text-only protocol SMTP to transport nontext entities, such as pictures and non-ASCII character sets.

D is incorrect because HTTPS is not intended as an e-mail encryption standard. It sets up a secured means of transporting data within a session and is usually associated with web traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

PE11.5 Which of the following is best defined as an encryption protocol commonly used for e-mail security?

A. PGP
B. Keyczar
C. RSA
D. MD5

A

A. Even though it’s probably best known as an e-mail security protocol/application, Pretty Good Privacy (PGP) can be used for a variety of purposes. PGP is used for encryption and decryption of messaging (including e-mail), data compression, digital signing, and even whole disk encryption. It provides authentication and privacy as well as combines conventional and public-key cryptography. Don’t get this confused with S/MIME. Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standards-based protocol that can also encrypt messages; however, it does not provide many of the other features PGP offers (most importantly, whole disk encryption).

B is incorrect because Keyczar is an open source cryptographic toolkit designed to help developers to use cryptography in their applications.

C is incorrect because RSA is an asymmetric encryption algorithm that makes use of two large prime numbers. Factoring these numbers creates key sizes up to 4096 bits. RSA can be used for encryption and digital signatures, and it’s the modern de facto standard for those purposes.

D is incorrect because MD5 is a hash algorithm, and as we all know, hash algorithms don’t encrypt anything. Sure, they’re great at integrity checks, and, yes, you can pass a hash of something in place of the original (sending a hash of a stored password, for instance, instead of the password itself). However, this is not true encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
PE11.6 You’re describing a basic PKI system to a new member of the team. He asks how the public key can be distributed within the system in an orderly, controlled fashion so that the users can be sure of the sender’s identity. Which of the following would be your answer? 
A.   Digital signature 
B.   Hash value 
C.   Private key 
D.   Digital certificate 
E.   Nonrepudiation
A

D
D. This one is actually easy, yet it is confusing to a lot of folks. You have to remember the goal of this little portion of a PKI system—how does one know this public key really belongs to User Joe and not User Mike, and how can it be delivered safely to everyone? A digital certificate is the answer because it contains the sender’s public key and can be used to identify the sender. Because the CA provides the certificate and key (public), the user can be certain the public key actually belongs to the intended recipient. This simplifies distribution of keys as well, because users can go to a central authority—a key store, if you will—instead of directly to each user in the organization. Without central control and digital certificates, it would be a madhouse, with everyone chucking public keys at one another with wild abandon. And PKI is no place for Mardi Gras, my friend.

A is incorrect because although a digital signature does provide a means for verifying an identity (encryption with your private key, which can be decrypted only with your corresponding public key, proves you are indeed you), it doesn’t provide any means of sending keys anywhere. A digital signature is nothing more than an algorithmic output that is designed to ensure the authenticity (and integrity) of the sender. You need it to prove your certificate’s authenticity, but you need the certificate in order to send keys around.

B is incorrect because a hash value has nothing to do with sending public keys around anywhere. Yes, hash values are “signed” to verify authenticity, but that’s it. There is no transport capability in a hash. It’s just a number and, in this case, a distractor answer.

C is incorrect for a number of reasons, but one should be screaming at you from the page right now: you never, never send a private key anywhere. If you did send your private key off, it wouldn’t be private anymore, now would it? The private key is simply the part of the pair used for encryption. It is never shared with anyone.
E is incorrect because nonrepudiation is a definition term and has nothing to do with the transport of keys. Nonrepudiation is the means by which a recipient can ensure the identity of the sender, and neither party can deny having sent or received the message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

PE11.7 7.After TLS had largely replaced SSL for secure communications, many browsers retained backward compatibility to SSL 3.0. Which vulnerability takes advantage of the degradation of service down to SSL 3.0 in the TLS handshake?

A.Heartbleed
B.FREAK
C.DROWN
D.POODLE

A

D.
D. POODLE (Padding Oracle On Downgraded Legacy Encryption) was discovered by Google’s security team and announced to the public on October 14, 2014.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
PE11.8 Which mode of IPSec is most often chosen for internal communications? 
A.   AH 
B.   ESP 
C.   Tunnel 
D.   Transport
A

D
D. IPSec is a Network layer encryption protocol that can be used in two modes: Tunnel and Transport. In Transport mode, the data payload is encrypted but the rest of the packet (the IP header in particular) is not touched. This works well internally, between end stations, or between an end station and a gateway, if the gateway is being treated as a host. NAT is not supported by Transport mode, although it can be combined with other tunneling protocols.

A is incorrect because the Authentication Header (AH) is a protocol in the IPSec suite, verifying an IP packet’s integrity and determining the validity of its source.
B is incorrect because Encapsulating Security Payload (ESP) is another protocol in the IPSec suite, and it actually encrypts each packet.

C is incorrect because Tunnel mode encrypts the entire packet, including the headers. It’s not that you can’t use Tunnel mode inside the network; it’s just not common or recommended.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

PE11.9 9.An organization is concerned about corporate espionage and has evidence suggesting an internal employee has been communicating trade secrets to a competitor. After some investigation, the employee leaking secrets was identified. Monitoring of the employee’s previous communications outside the company revealed nothing out of the ordinary, save for some large unencrypted e-mails containing image files of humorous pictures to external addresses. Which of the following is the most logical conclusion based on these facts?

A.E-mail encryption allowed the user to hide files.
B.The user hid information in the image files using steganography.
C.Logical watermarking of images and e-mails fed the sensitive files piece by piece to the competitor.
D.SMTP transport fuzzing was used.

A

B
B. In this circumstance, you know the employee has been sending sensitive documents out of the network. IDS obviously hasn’t picked up on anything, and there was nothing overtly done to give away the intent. The only thing out of the ordinary turned out to be large e-mail files holding nothing but images. Given the answers provided, steganography is the most logical choice, and the user simply folded the sensitive data into the latest joke image he found and sent it on its merry way.

A is incorrect because e-mail encryption isn’t in place—it’s specifically called out in the question and wouldn’t necessarily allow external encryption or hide the information from later forensics examinations.

C and D are incorrect because logical watermarking and SMTP transport fuzzing, as far as I know, don’t even exist. They sound cool and may appear legitimate, but they’re definitely not the answer you’re looking for.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

PE11.10 A hacker has gained access to several files. Many are encrypted, but one is not, it happens to be an unencrypted version of an encrypted file. Which of the following is the best choice for possibly providing a successful break into the encrypted files?

A. Cipher text only
B. Known plain text
C. Chosen cipher text
D. Replay

A

B
B.

C is incorrect because chosen cipher text works almost exactly like a cipher-text-only attack. Statistical analysis without a plain-text version for comparison can be performed, but it’s only for portions of gained cipher text. That’s the key word to look for. As an aside, RSA is susceptible to this attack in particular (an attacker can use a user’s public key to encrypt plain text and then decrypt the result to find patterns for exploitation).
D is incorrect because it’s irrelevant to this scenario. Replay attacks catch streams of data and replay them to the intended recipient from another sender.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PE11.11 Which of the following methods should be used to check for the Heartbleed vulnerability?

A.Use the ssl-heartbleed script in nmap.
B.Connect via TLS to each system and examine the response handshake.
C.Use ping -ssl and examine the responses.
D.Use Tripwire.

A

A
A. An nmap scan can show you a variety of information, and thankfully it also provides a quick means to check for Heartbleed. Using the ssl-heartbleed script will return “NOT VULNERABLE” on systems without the vulnerability. Syntax for the script use is nmap -d -script ssl-hearbleed -script-args vulns.showall -sV IPADDRESS (where IPADDRESS is the host, or range, you are testing).
B is incorrect because Heartbleed has nothing to do with TLS.

C is incorrect because there is no such thing as the ping -ssl command.

D is incorrect because Tripwire is a conglomeration of tool actions that perform the overall IT security efforts for an enterprise. Tripwire provides for integrity checks, regulatory compliance, configuration management, among other things, but not Heartbleed scans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
PE11.12 What is the XOR output of 01010101 and 11001100? 
A.01100110 
B.10101010 
C.10011001 
D.0011001
A

C
C. XOR operations are used a lot in various encryption efforts (in addition to many other uses). In an XOR operation, two bits are compared. If the bits match, the output is a zero. If they don’t, the output is a 1. In this example, put 01010101 on top of 11001100 and compare each bit, one by one.

A, B, and D are incorrect because these do not represent the output of an XOR on these two inputs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

PE11.13 Amy and Claire work in an organization that has a PKI system in place for securing messaging. Amy encrypts a message for Claire and sends it on. Claire receives the message and decrypts it. Within a PKI system, which of the following statements is true?

A.Amy encrypts with her private key. Claire decrypts with her private key.
B.Amy encrypts with her public key. Claire decrypts with her public key.
C.Amy encrypts with Claire’s private key. Claire decrypts with her public key.
D.Amy encrypts with Claire’s public key. Claire decrypts with her private key.

A

D. When it comes to PKI encryption questions, remember the golden rule: encrypt with public, decrypt with private. In this instance, Amy wants to send a message to Claire. She will use Claire’s public key—which everyone can get—to encrypt the message, knowing that only Claire, with her corresponding private key, can decrypt it.

A is incorrect because you do not encrypt with a private key in a PKI system. Yes, you can encrypt with it, but what would be the point? Anyone with your public key—which everyone has—could decrypt it! Remember, private = decrypt, public = encrypt.

B is incorrect because, in this case, Amy has gotten her end of the bargain correct, but Claire doesn’t seem to know what she’s doing. PKI encryption is done in key pairs—what one key encrypts, the other decrypts. So, her use of her own public key to decrypt something encrypted with Amy’s key—a key from a completely different pair—is baffling.

C is incorrect because there is no way Amy should have anyone’s private key, other than her own. That’s kind of the point of a private key—you keep it to yourself and don’t share it with anyone. As a note here, the stated steps would actually work—that is, one key encrypts, so the other decrypts—but it’s completely backward for how the system is supposed to work. It’s an abomination to security, if you will.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

PE11.14 Hope works on a security team, and her laptop contains many confidential files. Which of the following is the best choice for protection of those files from loss or theft of the laptop?

A.Set a BIOS password
B.Create hidden folders to store the files in
C.Password protect the files
D.Install Full Disk Encryption

A

D. Full disk encryption (FDE), otherwise known as data-at-rest protection, is designed explicitly for this purpose. In an enterprise-level system, each laptop (or other portable system) disk is encrypted and assigned a password (PIN) only the owner knows and a means to generate and use a recovery key. At boot, the owner enters the key and the disk is unlocked for use. If the password is forgotten, the recovery key can be generated and used to unlock the drive. This protects the data from loss or theft of the system itself.

A is incorrect because while setting a BIOS password isn’t necessarily a bad idea, it’s not a foolproof way to protect the data. The drive itself can simply be pulled out of the drive and forensically examined for data extraction.

B is incorrect because “hidden” folders won’t provide any protection at all.

C is incorrect because, although password protecting the files isn’t necessarily a bad idea, it doesn’t provide for protection of the data. As we’ve discussed on multiple occasions in this and the companion book, passwords can be broken, and usually fairly easily—especially with physical access to the drive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

PE11.15 Which of the following statements is not true regarding steganography?

A.Steganography can use least significant bit insertion, masking, and filtering as techniques to hide messaging.
B.Steganography only works on color images.
C.Image files embedded with steganography may be larger in size and display strange color palettes.
D.Character positioning, text patterns, unusual blank spaces, and language anomalies can all be symptoms of a text file embedded with steganography.

A

B. Steganography is the practice of concealing a message inside another medium (such as another file or an image) in such a way that only the sender and recipient even know of its existence, let alone the manner in which to decipher it. It can be as simple as hiding the message in the text of a written correspondence or as complex as changing bits within a huge media file to carry a message. Steganography can be embedded in color or grayscale images, text files, audio files, and even in video.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

PE11.16 An SSL session requires a client and a server to pass information between each other via a handshake and to agree on a secured channel. Which of the following best describes the session key creation during the setup of an SSL session?

A.The server creates the key after verifying the client’s identity.
B.The server creates the key immediately on the client connection.
C.The client creates the key using the server’s public key.
D.The client creates the key after verifying the server’s identity.

A

D. In the CEH world, SSL has six major steps (others claim seven or more, but we’re studying for the CEH certification here, so we’ll stick with theirs). The six steps are (1) client hello, (2) server hello and certificate, (3) server hello done message, (4) client verifies server identity and sends Client Key Exchange message, (5) client sends Change Cipher Spec and Finish message, and (6) server responds with Change Cipher Spec and Finish message. The session key is created by the client after it verifies the server’s identity (using the certificate provided in step 2).

17
Q

PE11.17 Which encryption algorithm uses variable block sizes (from 32 to 128 bits)?

A.SHA-1
B.RC5
C.3DES
D.AES

A

B. Questions on identifying encryption algorithms really come down to memorization of some key terms. Rivest Cipher (RC) encompasses several versions, from RC2 through RC6. It is an asymmetric block cipher that uses a variable key length up to 2040 bits. RC6, the latest version, uses 128-bit blocks, whereas RC5 uses variable block sizes (32, 64, or 128).

A is incorrect because SHA-1 is a hash algorithm, not an encryption algorithm. If this question were about verifying integrity, this would be a good choice. However, in this case, it is a distractor.

C is incorrect because, although 3DES is a symmetric block cipher, it does not use variable block sizes. 3DES (called triple DES) uses a 168-bit key and can use up to three keys in a multiple-encryption method.

18
Q

PE11.18 Which hash algorithm was developed by the NSA and produces output values up to 512 bits?

A.MD5
B.SHA-1
C.SHA-2
D.SSL

A

C. Both SHA-1 and SHA-2 were developed by the NSA; however, SHA-1 produced only a 160-bit output value. SHA-2 was developed to rectify the shortcomings of its predecessor and is capable of producing outputs of 224, 256, 384, and 512 bits. Although it was designed as a replacement for SHA-1 (which was supposed to have been phased out in 2010), SHA-2 is still not as widely used. As an aside, SHA-3 can produce 512-bit keys as well.

A is incorrect because MD5 produces 128-bit output. It was created by Ronald Rivest for ensuring file integrity; however, serious flaws in the algorithm, and the advancement of other hashes, have resulted in this hash being rendered obsolete (U.S. CERT, August 2010). Despite this, you’ll find MD5 is still used for file verification on downloads and, in many cases, to store passwords.

B is incorrect because SHA-1 produces a 160-bit value output.

19
Q

PE11.19 You are concerned about protecting data on your organization’s laptops from loss or theft. Which of the following technologies best accomplishes this goal?
A.Single sign-on
B.Cloud computing
C.IPSec Tunnel mode
D.Full disk encryption

A

D. Data-at-rest (DAR) protection is a security technology tailor-made for loss and theft protection, with one tiny little catch: full disk encryption in DAR sets up a preboot session that requires valid credentials to unlock the machine. However, it’s important to note the preboot session will only engage after a full system power down. If the user just closes the lid and puts the machine into sleep mode, DAR protection does nothing. Assuming the user does power off the machine before taking it on a trip, preboot protects everything—including the Master Boot Record—and ensures that even if the laptop is stolen or lost, the data inside is protected. If the user doesn’t power off, then DAR is just another security tool that provides the illusion of security—which may be even worse than having nothing at all.

A is incorrect because single sign-on—a method of authentication allowing a user to access multiple resources with one set of…

20
Q

PE11.20 In a discussion on symmetric encryption, a friend mentions that one of the drawbacks with this system is scalability. He goes on to say that for every person you add to the mix, the number of keys increases dramatically. If seven people are in a symmetric encryption pool, how many keys are necessary?

A.7
B.14
C.21
D.28

A

C. Symmetric encryption is really fast and works great with bulk encryption; however, scalability and key exchange are huge drawbacks. To determine the number of keys you need, use the formula N(N – 1)/2. Plugging 7 into this, we have 7(7 – 1)/2 = 21.

A is incorrect because, although symmetric encryption does use the same key for encryption and decryption, each new node requires a…

21
Q

PE11.21 Which of the following is a true statement?

A.Symmetric encryption scales easily and provides for nonrepudiation.
B.Symmetric encryption does not scale easily and does not provide for nonrepudiation.
C.Symmetric encryption is not suited for bulk encryption.
D.Symmetric encryption is slower than asymmetric encryption.

A

B. Symmetric encryption has always been known for strength and speed; however, scalability and key exchange are big drawbacks. Additionally, there is no way to provide for nonrepudiation (within the confines of the encryption system). Symmetric encryption is good for a great many things when you don’t want all the overhead of key management.

A is incorrect because symmetric encryption does not scale easily and does not provide for nonrepudiation. The single key used for each channel makes scalability an issue. Remember, the formula for number of keys is N(N – 1)/2.

C is incorrect because symmetric encryption is perfectly designed for bulk encryption. Assuming you can find a way to ensure the key exchange is…

22
Q

PE11.22 The PKI system you are auditing has a certificate authority (CA) at the top that creates and issues certificates. Users trust each other based on the CA. Which trust model is in use here?

A.Stand-alone CA
B.Web of trust
C.Single authority
D.Hierarchical trust

A

D.Hierarchical trust C. Trust models within PKI systems provide a standardized method for certificate and key exchanges. The valid trust models include web of trust, single authority, and hierarchical. The single authority system has a CA at the top that creates and issues certs. Users then trust each other based on the CA at the top vouching for them. Assuming a single authority model is used, it’s of vital importance to protect it. After all, if it is compromised, your whole system is kaput.

A is incorrect because stand-alone CA doesn’t refer to a trust model. It instead defines a single CA that is usually set up as a trusted offline root in a hierarchy or when extranets and the Internet are involved.

B is incorrect because web of trust refers to a model where users create and manage their own certificates and key exchange, and multiple entities sign certificates for one another. In other words, users within this system trust each other based on certificates they receive from other users on the same system.

D is incorrect…

23
Q

PE11.23 A portion of a digital certificate is shown here:

Version V3
Serial Number 26 43 03 62 e9 6b 39 a4 9e 15 00 c7 cc 21 a2 20
Signature Algorithm sha1RSA
Signature Hash Algorithm sha1
Issuer Verisign Class 3 Secure Server
Valid from Monday, October 17, 2011 8:00pm
Valid to Wednesday, October 17, 2012 7:59:59pm
.
Public Key RSA (2048
.

Which of the following statements is true?

A.The hash created for the digital signature holds 160 bits.
B.The hash created for the digital signature holds 2048 bits.
C.RSA is the hash algorithm used for the digital signature.
D.This certificate contains a private key.

A

A. Questions on the digital certificate are usually easy enough, and this is no exception. The algorithm used to create the hash is clearly defined as Signature Hash Algorithm (SHA-1), and, as we already know, SHA-1 creates a 160-bit hash output. This will then be encrypted by the sender’s private key and decrypted on the recipient’s end with the public key, thus verifying identity.

B is incorrect because it is a distractor: the RSA key size of 2048 is listed in the public key section of the certificate.

C incorrect because RSA is not a hash algorithm. It is, without doubt, used as an encryption algorithm with this certificate (and uses a 2048-bit key to do so) but…

24
Q

PE11.24 Bit streams are run through an XOR operation. Which of the following is a true statement for each bit pair regarding this function?

A.If the first value is 0 and the second value is 1, then the output is 0.
B.If the first value is 1 and the second value is 0, then the output is 0.
C.If the first value is 0 and the second value is 0, then the output is 1.
D.If the first value is 1 and the second value is 1, then the output is 0.

A

D. An XOR operation requires two inputs, and in the case of encryption algorithms, this would be the data bits and the key bits. Each bit is fed into the operation—one from the data, the next from the key—and then XOR makes a determination: if the bits match, the output is 0; if they don’t, it’s 1.

A is incorrect because the two values being compared are different; therefore, the output would be 1.…

25
Q

PE11.25 Which of the following attacks attempts to re-send a portion of a cryptographic exchange in hopes of setting up a communications channel?

A.Known plain text
B.Chosen plain text
C.Man in the middle
D.Replay

A

D. Replay attacks are most often performed within the context of a man-in-the-middle attack and not necessarily just for communications channel setup. They’re also used for DoS attacks against a system, to feed bad data in hopes of corrupting a system, to try to overflow a buffer (send more encrypted data than expected), and so on. The hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel. The attacker doesn’t really have to know the actual data (such as the password) being exchanged; he just has to get the timing right in copying and then replaying the bit stream. Session tokens can be used in the communications process to combat this attack.

A is incorrect because known plain text doesn’t really have anything to do with this scenario. Known plain text refers to having both plain-text and corresponding cipher-text messages, which are scanned for repeatable sequences and then compared to the cipher-text versions.

B is incorrect because it simply doesn’t apply to this scenario. In a chosen plain-text attack, a hacker puts several encrypted messages through statistical analysis to determine repeating code.

C is incorrect because, in this instance, replay refers to the attack being described in the question, not man in the…

26
Q

PE11.26 Within a PKI system, which of the following is an accurate statement?

A.Bill can be sure a message came from Sue by using his public key to decrypt it.
B.Bill can be sure a message came from Sue by using his private key to decrypt it.
C.Bill can be sure a message came from Sue by using her private key to decrypt the digital signature.
D.Bill can be sure a message came from Sue by using her public key to decrypt the digital signature.

A

D. Remember, a digital signature is a hash value that is encrypted with the user’s private key. Because the corresponding public key can decrypt it, this provides the nonrepudiation feature we’re looking for. This is the only instance on the exam where the private key is used for encryption. In general, public encrypts, and private decrypts. The steps for creating an encrypted message with a digital signature are as follows:

  1. Create a hash of the body of the message.
  2. Encrypt that hash with your private key (adding it to the message as your signature).
  3. Encrypt the entire message with the public key of the recipient.

A is incorrect because not only does this have nothing to do with proving identity, but it also cannot work. Bill can’t use his own public key to decrypt a message sent to him. The keys work in pairs—if the message is encrypted with his public key, only his private key can decrypt it.
B is incorrect because this has nothing to do with proving Sue’s…

27
Q

PE11.27 A systems administrator is applying digital certificates for authentication and verification services inside his network. He creates public and private key pairs using Apple’s Keychain and uses the public key to sign documents that are used throughout the network. Which of the following certificate types is in use?

A.Public
B.Private
C.Signed
D.Self-signed

A

D. Security certificates have many uses in networking: for example, applications and network services might use them for authentication. If you are doing business across the Internet, your clients will want to ensure a trusted third party signs your certificates, so they can verify you are indeed legitimate. Internally, though, due to cost and speed of deployment/maintenance, self-signed certificates are the way to go. A self-signed certificate is simply one that is signed by the same entity that created it. Because most of your internal certificate needs can be served without going to an external CA to verify…