Section 3

Question 1

What is encryption

Answer 1

the process of transforming readable data, called plaintext or cleartext, into an unreadable form, called ciphertext.

Question 2

What is decryption

Answer 2

the process of recovering the plaintext message from the ciphertext.

Question 3

What are keys used for in cryptography

Answer 3

to encrypt or decrypt a message

Question 4

What is a substitution cipher

Answer 4

substitutes each letter in the alphabet with a different one.

Question 5

What is “security through obscurity”

Answer 5

secrecy surrounding the equipment and the configurations used for specific messages could provide good security

Question 6

What is an important aspect of a cryptographic algorithm

Answer 6

cryptographic algorithms should be robust enough that even if people know every bit of the encryption process except for the key itself, they should still not be able to break the encryption.

Question 7

What are “one-way problems”

Answer 7

are easy to perform in one direction but difficult to perform in the other direction.

Question 8

What are keyword ciphers

Answer 8

Rather than shifting all letters by the same number of spaces in the alphabet, you’d shift each letter to match the corresponding letter in the keyword. a keyword alphabet is made with the keyword and appending the regular alphabet to the end without having 2 of the same letters

Question 9

What is frequency analysis

Answer 9

means you can make guesses about what the message contents might be based on the frequency of characters used, where those characters appear in words, and when they’re repeated.

Question 10

What is a one-time pad

Answer 10

where you get a paper with numbers and use those numbers to shift each character by the number specified to encrypt/decrypt a message

Question 11

What is symmetric key cryptography

Answer 11

uses a single key to both encrypt the plaintext and decrypt the ciphertext.

Question 12

What is a block cipher

Answer 12

takes a predetermined number of bits (or binary digits, which are either a 1 or a 0), known as a block, and encrypts that block. Blocks typically have 64 bits, but they can be larger or smaller depending on the algorithm used and the various modes the algorithm can operate in.

Question 13

What is a stream cipher

Answer 13

encrypts each bit in the plaintext message one bit at a time. You can make a block cipher act as a stream cipher by setting the block size to one bit.

Question 14

What are 3 common symmetric key algorithms and how do they work

Answer 14

DES - a block cipher that uses a 56-bit key (meaning the key used by its cryptographic algorithm is 56 bits long).

3DES - DES used to encrypt each block three times, with three different keys.

AES - a set of symmetric block ciphers. AES uses three different ciphers: one with a 128-bit key, one with a 192-bit key, and one with a 256-bit key, all of which encrypt blocks of 128 bits.

Question 15

What is asymmetric key cryptography

Answer 15

also known as public key cryptography, uses two keys: a public key and a private key. You use the public key to encrypt data, and anyone can access the public key

Question 16

What is asymmetric key cryptography

Answer 16

also known as public key cryptography, uses two keys: a public key and a private key. You use the public key to encrypt data, and anyone can access the public key. Private keys, used to decrypt messages, are carefully guarded by the receiver.

Question 17

What is elliptic curve cryptography (ECC)

Answer 17

a class of cryptographic algorithms.

ECC can use short keys while maintaining a higher cryptographic strength than many other types of algorithms.

Question 18

What are hash functions

Answer 18

keyless cryptography. Instead of using a key, hash functions, or message digests, convert the plaintext into a largely unique and fixed-length value, commonly referred to as a hash.

Question 19

What is a collision

Answer 19

to engineer a matching hash for 2 different sets of data. difficult and usually only happens if you’re using a broken hashing algorithm.

Question 20

What is a digital signature

Answer 20

allows you to sign a message so that others can detect any changes to the message after you’ve sent it, ensure that the message was legitimately sent by the expected party, and implementing nonrepudiation

Question 21

How does a digital signature work

Answer 21

the sender generates a hash of the message and then uses their private key to encrypt the hash. The sender then sends this digital signature along with the message, usually by appending it to the message itself.
When the message arrives at the receiving end, the receiver uses the public key corresponding to the sender’s private key to decrypt the digital signature, thus restoring the original hash of the message.

Question 22

What is a digital certificate

Answer 22

link a public key to an individual by validating that the key belongs to the proper owner, and they’re often used as a form of electronic identification for that person

Question 23

What is a CA (certificate authority)

Answer 23

the entity that issues certificates. It acts as a trusted third party to both sides of transactions that involve certificates by signing the certificate to begin with and later verifying that it is still valid. One well-known certificate authority is VeriSign.

Question 24

What are the 2 main components of public key infrastructure (PKI)

Answer 24

the certificate authorities that issue and verify certificates, and the registration authorities that verify the identity of the individual associated with the certificate

Question 25

What is compliance

Answer 25

the rules and regulations that govern the information you handle and the industry within which you operate.

Question 26

What is regulatory compliance

Answer 26

your adherence to the laws specific to the industry in which you’re operating.

Question 27

What is industry compliance

Answer 27

adherence to regulations that aren’t mandated by law but that can nonetheless have severe impacts upon your ability to conduct business.

Question 28

What is an information security policy

Answer 28

a document that defines information security for an organization. almost every standard or regulation requires you to have one

Question 29

What are “key controls”

Answer 29

the primary controls used to manage risk in your environment and have the following characteristics:

1.They provide a reasonable degree of assurance that the risk will be mitigated.
2.If the control fails, it is unlikely that another control could take over for it.
3.The failure of this control will affect an entire process.

Question 30

What are “compensating controls”

Answer 30

controls that replace impractical or unfeasible key controls. When you put a compensating control in place, you’ll likely have to explain to auditors how it will fulfill the intent and purpose of the control you’re replacing.

Question 31

What are the steps to cycle through in order to maintain compliance

Answer 31

monitoring- you must monitor your controls

reviewing - controls need to undergo a periodic review

documenting - you should document the results of the reviews

reporting - after monitoring, reviewing, and documenting, you must report the results to your leadership

Question 32

What is FISMA

Answer 32

requires each federal agency to develop, document, and implement an information security program to protect its information and information systems.

Question 33

What is HIPPA

Answer 33

require privacy protections for individually identifiable health information, also known as protected health information, or PHI. These provisions, collectively known as the HIPAA Privacy Rule, mandate safeguards to protect patient privacy.

Question 34

What is FERPA

Answer 34

protects the privacy of students and their parents. FERPA requires all schools that receive funds from programs administered by the U.S. Department of Education to comply with standards regarding the disclosure and maintenance of educational records, including educational information, personally identifiable information, and directory information.

Question 35

What is SOX

Answer 35

mandates standards in regards to areas such as corporate board responsibility, auditor independence, fraud accountability, internal controls assessment, and enhanced financial disclosures.

Question 36

What is GLBA

Answer 36

requires financial institutions to safeguard a consumer’s “nonpublic personal information,” or NPI. GLBA also mandates the disclosure of an institution’s information collection and information sharing practices and establishes requirements for providing privacy notices and opt-outs to consumers.

Question 37

What is GDPR

Answer 37

an EU regulation that requires that organizations get consent before collecting people’s data, report data breaches, give individuals the right to access and remove collected data, and set specific guidelines for privacy and privacy programs.

Question 38

What is CIPA

Answer 38

requires schools and libraries to prevent children from accessing obscene or harmful content over the Internet. CIPA requires these institutions to have policies and technical protection measures in place to block or filter such content.

Question 39

What is COPPA

Answer 39

protects the privacy of minors younger than 13 by restricting organizations from collecting their PII, requiring the organizations to post a privacy policy online, make reasonable efforts to obtain parental consent, and notify parents that information is being collected.

Question 40

What is a disadvantage of logging?

Answer 40

takes up storage space