Security Concepts - Cryptography

Question 1

set of identities, roles, policies and actions for creations, use, management, distribution and revocation of public and private keys

Answer 1

Public Key Infrastructure (PKI)

Question 2

is a set of rules, which can also be called an algorithm, about how to perform encryption and decryption

Answer 2

ciphers

Question 3

a symmetric key cipher (meaning the same key is use to encrypt and decrypt) that operates in a group of bits called block

Answer 3

block cipher

Question 4

Example of block cipher algorithm

Answer 4

• Advanced encryption standard (AES)
• Triple Digitals encryption standard (3DES)
• Blowfish
• Digital encryption standard (DES)
• International Data Encryption Algorithm (IDEA)

Question 5

is a symmetric key cipher where the plaintext data to be encrypted or decrypted is done a bit at a time against the bits of the key stream also called cipher digit stream

Answer 5

stream cipher

Question 6

algorithm that uses same key to decrypt and encrypt

-AES, DES, 3DES, IDEA

Answer 6

symmetric algorithm

Question 7

algorithm that uses different key that mathematically works together as a pair called public and private key
-RSA, Diffie-Hellman

Answer 7

asymmetric algorithm

Question 8

example so asymmetric algorithm

Answer 8

RSA(River,  Shamir and Adleman)
DH (Deffie-Hellman)
ElGamal
DSA
ECC

Question 9

Method to used to verify data integrity

Answer 9

Hashing

Question 10

3 most popular hashes

Answer 10

MD5 (message digest 5) - create 128digest
SHA-1 (Secure Hash Algo 1) 160 digest
SHA-2 (Secure Hash Algo 2) 224 digest

Question 11

uses the mechanism of hashing. it includes in its a calculation a secret key of some type.

Answer 11

HMAC(hashed message authentication code)

Question 12

digital signature core benefits

Answer 12

• authentication
• data intergrity
• nonrepudiation

Question 13

deals with generating, verifying, exchanging, storing keys and destroying keys

Answer 13

key management

Question 14

is a suite of protocols used to protect IP packets. provides the core benefits of confidentiality through encryption, data integrity through hashing and HMAC and authentication using. digital signatures or using a pre-shared key (PSK) that Is just for authentication similar to a password

Answer 14

IPSEC

Question 15

IPSec Components

Answer 15

• ESP and AH
• Encryption algo for confidentiality (DES,3DES and AES)
• Hashing algo for integrity: MD5 and SHA
• Authentication algo: PSK and RSA digital signatures
• Key Management: DH,PKI,IKE(Internet Key Exchange)

Question 16

Encryption of hash using private key and decryption of hash with the senders public key. (RSA Signatures)

Answer 16

Digital Signatures

Question 17

Uses a public-private key pair asymmetrical algorithm but creates final shared secrets (keys) that are then used by symmetrical algorithms. Used in IPSEC

Answer 17

Diffie-Hellman Key Exchange

Question 18

Encryption algorithm provide this by converting clear text into cipher text. (AES,DES,3DES,RSA,IDEA)

Answer 18

Confidentiality

Question 19

Validates data by comparing hash values. (MD5,SHA-1, SHA-2, SHA-3)

Answer 19

Data Integrity

Question 20

Verifies the peer’s identity. (PSK, RSA Signatures)

Answer 20

Authentication

Question 21

is a computer or entity that create and issues digital certificates

Answer 21

Certificates Authorities

Question 22

Certificate that contains public key of the CA server and the other details about the CA server.

Answer 22

Root certificate

Question 23

a certificate similar to root certificate but it describes the client and contains the public key of and individual hosts

Answer 23

Identity certificates

Question 24

is a series of standards focused on directory services and how those directories are organised. (Microsoft Active Directory)

Answer 24

X.500

Question 25

standard for digital certificates that is widely accepted and incorporates many of the same and naming standard. (Lightweight Directory Access Protocol)

Answer 25

X.509v3

Question 26

PKCS> this is a format of a certificate request send to a CA that wants to receive its identity certificate. This type of request would include the public key for the entity desiring a certificate

Answer 26

PKCS#10

Question 27

PKCS> this a format that can be used by a CA as a response to a PKCS#10 request. The response itself will very likely be the identity certificate

Answer 27

PKCS#7

Question 28

PKCS>The RSA cryptography standard

Answer 28

PKCS#1

Question 29

PKCS>A format for storing both public and private keys using a symmetric password-based key to “unlock” the data whenever the key needs to be used for accessed

Answer 29

PKCS#12

Question 30

PKSC. Diffie-Hellman Key exchange

Answer 30

PKCS#3

Question 31

can automate the process for requesting and installing an Identity certificate

Answer 31

Simple Certificate Enrolment Protocol (SCEP)

Question 32

is a list of certificates based on their serial numbers that had initially been issued by. CA but have since been revoked and as a result should not been trusted

Answer 32

Certificate revocation list (CRL)

Question 33

alternative to CRLs. Using this method, a client simply sends a request to find the status of a certificate and gets a response without having to know the complete list of revoked certiciates

Answer 33

Online Certificate Status Protocol (OCSP)

Question 34

Cisco service that provide support for validating digital certificates including check to see wether a certificate has been revoked

Answer 34

Cisco AAA

Question 35

Methods of Cipher - the units of the plaintext are rearranged in a different and usually quite complex order, but the units themselves are left unchanged

Answer 35

Transposition Cipher

Question 36

is a method of encrypting by which units of plaintext are replaced with ciphertext, according to a fixed system; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing the inverse substitution.

Answer 36

Substitution Cipher

Question 37

Relevants Part of Certificate

Answer 37

Serial number
Issuer
Validity Dates
Subject of Certificates
Public key
Thumbprint algo and thumbprint

Question 38

An algorithm that allows two devices to negotiate and establish shared secret keying materials (keys) over untrusted network

Answer 38

Diffie-hellman

Question 39

Common methods used by ciphers

Answer 39

• transposition
• substitution
• polyalphabetic