quiz2-week 3 content

Question 1

what is cryptography

Answer 1

Scrambling information so it cannot be read
* Transforms information into secure form so unauthorized persons cannot access it

Question 2

what is Steganography

Answer 2

• Hides the existence of data

Question 3

where can data be hidden in image, video and audio files

Answer 3

header fields and metadata

Question 4

what is encryption

Answer 4

is the process of changing original text into a secret message using
cryptography

Question 5

what is plaintext

Answer 5

s unencrypted data to be encrypted or is the output of decryption

Question 6

ciphertext is

Answer 6

is the scrambled and unreadable output of encryption

Question 7

cleartext data is

Answer 7

is data stored or transmitted without encryption

Question 8

plaintext data is input into a

Answer 8

is input into a cryptographic algorithm (also called a cipher)

Question 9

A key is a ___ ___ entered into the algorithm to produce ____
* The reverse process uses the key to decrypt the message

Answer 9

mathematical value

ciphertext

Question 10

A substitution cipher substitutes one ___ for ____

Answer 10

one character for another

Question 11

ROT13 meaning

Answer 11

rotate alphabet 13 steps clockwise

Question 12

xor cipher compares two ___,
if they are different, __ is returned

Answer 12

bits
1

Question 13

Cryptography can provide several basic protections
___
___
___
___
___

Answer 13

Confidentiality ensures only authorized parties can view it

• Integrity ensures information is correct and unaltered
• Authentication ensures sender can be verified through cryptography
• Nonrepudiation proves that a user performed an action
• Obfuscation is making something obscure or unclear

Question 14

security through obscurity
definition
example

Answer 14

An approach in security where virtually any system can be made secure as long as
outsiders are unaware of it or how it functions

using port 70 instead of port 80

Question 15

Cryptography can provide protection to data as that data resides in any of three states:
* Data in ____ (also called data in use) is data actions being performed by “endpoint
devices”
* Data in _____ are actions that transmit the data across a network
* Data at ____ is data that is stored on electronic media

Answer 15

processing

transit

rest

Question 16

___ vs ___ constraint is a limitation in providing strong cryptography due to the
tug-of-war between available resources (time and energy) and the security provided by
cryptography

Answer 16

resource vs security

Question 17

It is important that there be___ ___in cryptography
* is the ability to quickly recover from these resource vs. security
constraints

Answer 17

high resiliency

Question 18

Which of the following is a term that proves that a user performed an action with a computer or
on data?
a. Confidentiality
b. Nonrepudiation
c. Obfuscation
d. Authentication

Answer 18

b

Question 19

Three categories of cryptographic algorithms
* ___algorithms
* ____cryptographic algorithms
* ____cryptographic algorithms

Answer 19

Three categories of cryptographic algorithms
* Hash algorithms
* Symmetric cryptographic algorithms
* Asymmetric cryptographic algorithms

Question 20

A fundamental difference in cryptographic algorithms is the ___ of __ __ at a
time
* ____ cipher - takes one character and replaces it with another
* ___ cipher - manipulates an entire block of plaintext at one time
* ___ function - takes as input a string of any length and returns a string of any
requested variable length

Answer 20

amount of data processed

stream

block

sponge

Question 21

Hash algorithm creates a unique “___ ___” of a set of data and is commonly called
hashing
* This fingerprint, called a ___ (sometimes called a message ____ or hash), represents
the contents

Answer 21

digital fingerprint
digest

Question 22

Hashing is intended to be __ ___in that its digest cannot be reversed to reveal the original
set of data

Answer 22

one way

Question 23

Secure hashing algorithm characteristics:

• ___ ___ - short and long data sets have the same size hash
• ___ - two different data sets cannot produce the same hash

*___ - data set cannot be created to have a predefined hash

• ___ - resulting hash cannot be reversed to determine original plaintext

Answer 23

fixed size

unique

original

secure

Question 24

SHA-____ is currently considered to be a secure hash
* SHA-____ was announced as a new standard in 2015 and may be suitable for low-power
devices

Answer 24

SHA-2 is currently considered to be a secure hash
* SHA-3 was announced as a new standard in 2015 and may be suitable for low-power
devices

Question 25

____ cryptographic algorithms use the same single key to encrypt and decrypt a
document

Answer 25

Symmetric

Question 26

________ cryptographic algorithms use two mathematically related keys

types of keys

Answer 26

Asymmetric

public
private

Question 27

Digital Signature Algorithm (DSA)
* Creates a _____ ___ - an electronic verification of the sender

Answer 27

Digital Signature Algorithm (DSA)
* Creates a digital signature - an electronic verification of the sender

Question 28

Which of the following is a function of a digital signature?
a. Provides authorization
b. Encrypts transmitted data
c. Decrypts transmitted data
d. Proves message integrity

Answer 28

d
A digital signature can verify the sender of data, prevent a sender from disowning a
message, and prove message integrity.

Question 29

Two of the most common cryptography attacks are ____ attacks and ____ attacks

Answer 29

Two of the most common cryptography attacks are algorithm attacks and collision attacks

Question 30

types of algorithm attacks(2)
___ Statistical tools can be used to attempt to discover a pattern in the ciphertexts, which
can then be used to reveal the plaintext or key
___ A threat actor forces the system to abandon the current higher security mode of
operation and instead “fall back” to implementing an older and less secure mode

Answer 30

known cipher attacks

downgrade attacks

Question 31

collision attacks
When two files have the same ___ this is known as a collision

Answer 31

digest

Question 32

Which type of cryptography attack attempts to find tow input strings of a hash function that
produce the same hash result?
a. Downgrade attack
b. Birthday attack
c. Ciphertext attack
d. Algorithm attack

Answer 32

Answer: b. Birthday attack
A birthday attack is a type of collision attack based on the birthday paradox which
states that there is a 50% chance of any two people sharing a birthday if there are
only 23 people in the room.

Question 33

___ protects all data on a hard drive

Answer 33

FDE

Question 34

Cryptography can be embedded in ____

Answer 34

hardware

Question 35

Hardware encryption options include:
___ ___ module
*___ ___module

Answer 35

Hardware encryption options include:
* Trusted platform module
* Hardware security module

Question 36

___ is a removable external cryptographic device
* It includes an onboard key generator and key storage facility
* Performs accelerated symmetric and asymmetric encryption
* Malware cannot compromise i

Answer 36

Hardware Security Module HSM is a removable external cryptographic device
* It includes an onboard key generator and key storage facility
* Performs accelerated symmetric and asymmetric encryption
* Malware cannot compromise i

Question 37

____ is a chip on a computer’s motherboard that provides cryptographic services
* Includes a true random number generator
* Entirely done in hardware so it cannot be subject to software attack
* Prevents computer from booting if files or data have been altered
* Prompts for password if hard drive moved to a new computer

Answer 37

Trusted Platform Module (TPM)
* TPM is a chip on a computer’s motherboard that provides cryptographic services
* Includes a true random number generator
* Entirely done in hardware so it cannot be subject to software attack
* Prevents computer from booting if files or data have been altered
* Prompts for password if hard drive moved to a new computer

Question 38

A ____ is a shared, immutable ledger that facilitates the process of recording
transactions and tracking assets in a business network

allows a network of computers to agree at regular intervals on the
true state of a distributed ledger

relies on cryptographic hash algorithms to records its transactions

Answer 38

blockchain

Question 39

Which of the following is an example of FDE?
a. BitLocker
b. EFS
c. GNuPG
d. Folder Lock

Answer 39

a

Question 40

_____ ___is a common application of cryptography
involves
* Understanding their purpose
* Knowing how they are managed
* Determining which type of digital certificate is appropriate for different situations

Answer 40

Digital certificates is a common application of cryptography
* Using digital certificates involves
* Understanding their purpose
* Knowing how they are managed
* Determining which type of digital certificate is appropriate for different situations

Question 41

A digital certificate is a technology used to associate a user’s ____ to a public key that
has been “digitally signed” by a trusted third party

Answer 41

identity

Question 42

If a user wants a digital certificate:
* After generating a public and private key, the user must complete a request with
information such as name, address, email address, known as a ____

User electronically signs the CSR and sends it to an___ ___

Answer 42

Certificate Signing
Request (CSR)

User electronically signs the CSR and sends it to an intermediate CA

Question 43

Intermediate CAs are ___ ___designed to handle specific CA tasks such as:
* Processing certificate requests
Verifying the identity of the individual

Answer 43

subordinate entities

Question 44

A common method to ensure security and integrity of a root CA is to keep it in an ___
state from the network ___ ___

Answer 44

offline
offline CA

Question 45

___ ___is a publicly accessible centralized directory of digital
certificates
* It can be used to view certificate status
* The directory can be managed locally by setting it up as a storage area connected to
the CA server

Answer 45

Certificate Repository (CR) is a publicly accessible centralized directory of digital
certificates
* It can be used to view certificate status
* The directory can be managed locally by setting it up as a storage area connected to
the CA server

Question 46

Reasons a certificate would be ____
▶ Certificate is no longer ____
▶ Details of the certificate have ___, such as user’s address
▶ Private key has been lost or exposed (or suspected lost or exposed)

Answer 46

revoked

used

changed

Question 47

A ___ __ __ is a list of digital certificates that have been
revoked

Answer 47

A Certificate Revocation List (CRL) is a list of digital certificates that have been
revoked

Question 48

___ ___ ___ __performs a real-time lookup of a certificate’s
status
* is called a request-response protocol
* The browser sends the certificate’s information to a trusted entity known as an ___
Responder
* The ____ ___ provides immediate revocation information on that certificate

Answer 48

Online Certificate Status Protocol (OCSP) performs a real-time lookup of a certificate’s
status
* OCSP is called a request-response protocol
* The browser sends the certificate’s information to a trusted entity known as an OCSP
Responder
* The OCSP Responder provides immediate revocation information on that certificate

Question 49

OCSP____
* A variation of OCSP where web servers send queries to the OCSP Responder server
at regular intervals to receive a signed time-stamped response

Answer 49

OCSP stapling
* A variation of OCSP where web servers send queries to the OCSP Responder server
at regular intervals to receive a signed time-stamped response

Question 50

___ ___Certificates
* The process of verifying a digital certificate is genuine depends upon certificate ____
* Links several certificates together to establish trust between all the certificates
involved
* The beginning point of the chain is known as a root digital certificate and is created
and verified by a CA
* They are self-signed and do not depend upon any higher-level authority
* Endpoint of the chain is the user digital certificate itself

Answer 50

Root Digital Certificates
* The process of verifying a digital certificate is genuine depends upon certificate chaining
* Links several certificates together to establish trust between all the certificates
involved
* The beginning point of the chain is known as a root digital certificate and is created
and verified by a CA
* They are self-signed and do not depend upon any higher-level authority
* Endpoint of the chain is the user digital certificate itself

Question 51

Web server digital certificates perform two primary functions:
* Ensure the authenticity of the __ __ to the ___
* Ensure the authenticity of the cryptographic connection to the ___ ___

Answer 51

web server to the client

web server

Question 52

Which of the following is the beginning point of a certificate chain?
a. User certificate
b. Intermediate certificate
c. Root certificate
d. Top-level certificate

Answer 52

Answer: c. Root certificate
The beginning point of a certificate chain is the root certificate and they do not
depend on a higher-level authority

Question 53

There are several types of domain digital certificates:

Answer 53

There are several types of domain digital certificates:
* Domain validation digital certificates
* Extended validation (EV) digital certificates
* Wildcard digital certificates
* Subject alternative name (SAN) digital certificates

Question 54

PKI is one of the most important management tools for the use of:
___ __
___ __

Answer 54

PKI is one of the most important management tools for the use of:
* Digital certificates:
* Asymmetric cryptography

Question 55

___ __ ___ (PKI) is a framework for all entities involved in digital certificates
* Certificate management actions facilitated by PKI
* Create
* Store
* Distribute
* Revoke

Answer 55

Public key infrastructure (PKI) is a framework for all entities involved in digital certificates
* Certificate management actions facilitated by PKI
* Create
* Store
* Distribute
* Revoke

Question 56

A ___ ___refers to the type of trust relationship that can exist between individuals and
entities

Answer 56

trust model

Question 57

____ trust is a type of trust model where one person knows the other person

Answer 57

Direct

Question 58

___ is defined as confidence in or reliance on another person or entity

Answer 58

Trust

Question 59

The web of trust model is based on ___ trust
Each user signs a digital certificate then exchanges certificates with all other users

Answer 59

direct

Question 60

The hierarchical trust model assigns a single hierarchy with one master CA called ___, which signs all digital certificate authorities with a single ___

Answer 60

root

key

Question 61

Hierarchical trust model limitations:
* A single CA private key may be ____ rendering all certificates ____
* Having a single CA who must verify and sign all digital certificates may create a
significant ___

Answer 61

compromised, worthless

backlog

Question 62

Distributed Trust Model
* The distributed trust model has multiple CAs that sign digital certificates
* Eliminates limitations of __ ___ __

Answer 62

hierarchical trust model

Question 63

The ___ __model is similar to the distributed trust model

• One CA acts as a facilitator to interconnect connect all other CAs
• Facilitator CA does not issue digital certificates, instead it acts as hub between

hierarchical and distributed trust model
* Allows the different models to be ___

Answer 63

bridge trust

linked

Question 64

Certificate Life Cycle
* ___
* Occurs after user is positively identified

• ___
• May occur when employee on leave of absence
• ____
• Certificate no longer valid
• ___
• Key can no longer be used

Answer 64

Certificate Life Cycle
* Creation
* Occurs after user is positively identified

• Suspension
• May occur when employee on leave of absence
• Revocation
• Certificate no longer valid
• Expiration
• Key can no longer be used

Question 65

Which of the following is considered a non-secure place where PKI encryption keys may be
stored?
a. Smart-card
b. Token
c. In a digital certificate
d. Local system

Answer 65

d
Private keys can be stored on a user’s local system but this can leave keys open to
attacks due to possible vulnerabilities in the OS. Storing keys in hardware such as
tokens and smart-cards is usually a more secure alternative.

Question 66

Public keys can be stored by embedding them within __ __

Answer 66

digital certificates

Question 67

Alternative: storing keys in hardware
__ __
___

Answer 67

Alternative: storing keys in hardware
* Smart-cards
* Tokens

Question 68

one of the most common cryptographic protocol
___ __ __

Answer 68

secure sockets layer (SSL) version3 (current)

Question 69

The most common cryptographic transport algorithms include the following:
* ___ __ __

• ___ __ ___
• __ __
• __ __ __ __
• ___/___
• ___ __ __ __ __
• ___ __

Answer 69

Secure Sockets Layer(SSL)
* Transport Layer Security (TLS)

• Secure Shell (SSH)
• Hypertext Transport Protocol Secure (HTTPS)
• S/MIME - Secure/Multipurpose Internet Mail Extensions
  secures email messages
• Secure Real-time Transport Protocol (SRTP)
  is a secure extension protecting
  transmission using the Real-time Transport Protocol (RTP)
• IP Security
  IPsec is a protocol suite for securing Internet Protocol (IP) communications

Question 70

Which encryption protocol is used for securing email messages?
a. S/MIME
b. SRTP
c. HTTPS
d. TLS

Answer 70

a

Question 71

Three primary characteristics that determine the resiliency of the key to attacks (called __ __)
* Randomness
* Length
* Cryptoperiod – length of time for which a key is authorized for use

Answer 71

key strength

Question 72

Which of the following is NOT a primary characteristic of key strength?
a. Randomness
b. Uniqueness
c. Key length
d. Cryptoperiod

Answer 72

b