Chapter 2 Security +
Unlock all answers in this set
Unlock answersquestion
When a cryptographic system is used to protect the confidentiality of data what is actually protected?
answer
Unauthorized users are prevented from viewing or accessing the resource
question
Which of the following is not a valid example of steganography?
answer
Encrypting a data file with an encryption key
question
By definition which security concept ensures that only authorized parties can access data?
answer
Confidentiality
question
What is the cryptography mechanism which hides secret communication within various forms of data?
answer
Steganography
question
Which of the following encryption methods combines a random value with the plaintext to produce a cipher text?
answer
one-time pad
question
You create a new document and save it to the hard drive on a file server on your company's network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing what security goal?
answer
confidentiality
question
By definition, which security concept uses the ability to prove that a sender sent an encrypted message ?
answer
Non-repudiation
question
When two different messages produce the same hash value what has occurred?
answer
collision
question
Your computer system is a participant in an asymmetric cryptography system. You've crafted a message to be sent to another user. Before transmission you hash the message then encrypt the hash using your private key. You then attach this encrypted hash into your message as a digital signature before sending it to the other user. In this example what protection does the hashing activity provide?
answer
Integrity
question
Which of the following best describes high amplification when applied to hashing algorithms?
answer
A small change in the message results in a big change in the hashing value
question
Which of the following has the weakest hashing algorithm?
answer
MD-5
question
Which of the following has the strongest hashing algorithm?
answer
SHA-1
question
You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about this file?
answer
Your copy is the same as the copy posted on the website
question
Hashing algorithms are used to perform what activity?
answer
Create a message digest
question
Which of the following is used to verify a downloaded file has not been altered?
answer
hash
question
What form of cryptography is best suited for bulk encryption because it's so fast?
answer
symmetric cryptography
question
You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible?
answer
AES
question
What type of key or keys are used in symmetric cryptography?
answer
a shared private key
question
Which of the following algorithms are used in symmetric encryption?
answer
3DES Blowfish AES
question
How many keys are used with symmetric key cryptography?
answer
one
question
Which of the following is the weakest encryption method?
answer
DES
question
Which of the following is not true concerning symmetric key cryptography?
answer
key management is easy when implemented on a large scale.
question
Which of the following generates the key pair us in asymmetric cryptography?
answer
CSP
question
Which of the following is employment of two separate key pairs in order to separate the security functions of confidentiality and integrity of a communications system?
answer
dual key pair
question
Certificates can be invalidated by the trusted third-party that originally issued the certificate. What is the name of the mechanism that is used to distribute information about invalid certificates?
answer
CRL
question
Which of the following identifies someone who can retrieve private keys from storage?
answer
Recovery Agent
question
Which of the following is an entity that accepts and validates information contained within a request for a certificate?
answer
Registration Authority
question
Which of the following protocols are most likely used with a digital signature?
answer
ECC RSA
question
Which aspect of certificates makes them a reliable and useful mechanism for proving the identity of a person system or service on the internet?
answer
Trusted third party
question
Which of the following would you find on a CPS?
answer
A declaration of the security that the organization is implementing for all certificates
question
Which of the following items are contained in a digital certificate?
answer
Validity key public key
question
What is the most obvious means of providing non-repudiation in a cryptography system?
answer
Digital signatures
question
Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution especially if it is widely used for digital certificates?
answer
Private keys
question
Which of the following conditions does not result in a certificate being added to the certificate revocation list?
answer
certificate expiration
question
What is a PKI?
answer
a hierarchy of computers for issuing certificates
question
Which standard is most widely used for certificates ?
answer
X.509
question
In the certificate authority trust model known as hierarchy where does trust start?
answer
Root CA
question
What is the purpose of key escrow?
answer
To provide a means for legal authorities to access confidential data
question
In what form of key management solution is key recovery possible?
answer
Centralized
question
Which of the following best describes the contents of the CRL?
answer
A list of all revoked certificates
question
When protection of the content of a message is required which of the following cryptography solutions should be employed?
answer
symmetric encryption
question
An SSL client has determined the certificate authority (CA) issuing a server's certificate is on its list of trusted CA's. What is the next step in verifying the servers identity?
answer
The CA's public key must validate the CA's digital signature on the server certificate
question
What technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large complex environments?
answer
Online Certificate Status Protocol
question
You have lost the private key that you have used to encrypt files. You need to get a copy of the private key open some encrypted files. Who should you contact?
answer
recovery agent
question
Which of the following functions are performed by TPM?
answer
Create a hash of system components
question
Which of the following statements is true when comparing symmetric and asymmetric cryptography?
answer
Asymmetric key cryptography is used to distribute symmetric keys
question
A private key has been stolen. What action should be taken to deal with the crisis?
answer
Add a digital certificate to the CRL
question
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted and you want to prevent the laptops from booting unless a special USB drive is instated. In addition the system should not boot if a change is detected in any of the boot files. What should you do?
answer
Implement BitLocker with a TPM
question
Mary wants to send a message to Sam so that only Sam can read it. Which key should be used to encrypt the message?
answer
Sam's public key
question
Which of the following security measures encrypts the entire contents of data?
answer
DriveLock
question
Which of the following security solutions would prevent a user from reading a file which she did not create?
answer
EFS
question
Certificate revocation should occur under all but which of the following conditions?
answer
The certificate owner had held the certificate beyond the established lifetime timer
question
You have a web server that will be used for secure transactions for customers who access the web site over the internet. The web server requires a certificate to support SSL .Which method would you use to get a certificate to a server?
answer
Obtain a certificate from a public PKI
question
Which of the following is the best countermeasure for the man-in-the-middle attack?
answer
Public Key Infrastructure (PKI)
question
You are concerned that if a private key is lost all documents encrypted using your private key will be inaccessible. What service should you use to solve this problem?
answer
key escrow
question
You want a security solution that protects the entire hard drive preventing access even when its moved to another system. What solution should you choose?
answer
BitLocker
question
To get a digital certificate and participate in a Public Key Infrastructure (PKI) what must be submitted and where should it be submitted?
answer
Identifying data and a certification request to the registration authority (RA)
question
What action is taken when the private key associated with a digital certificate is compromised?
answer
The certificate is revoked and added to the Certificate Revocation List
question
Mary wants to send a message to Sam. She wants to digitally sign the message to prove she sent it. Which key would Mary use to create a digital signature?
answer
Mary's private key
question
You use BitLocker to encrypt the hard drive of a laptop. The Laptop stores the startup key in the TPM and a PIN is also required to start the system. Because of a hardware failure, the system will not boot. You want to gain access to the data of the hard drive. What should you do?
answer
Move the hard drive to another system. Use the recovery key to unlock the disk
question
You would like to implement BitLocker to encrypt data on a hard disk even if its moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do?
answer
Enable the TPM in Bios
question
Telnet is inherently insecure because its communications is in plain text and easily intercepted. Which of the following is an acceptable alternative to Telnet?
answer
SSH
question
What protocol does HTTPS use to offer greater security in Web transactions?
answer
SSL
question
You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations including airports, hotels and public access points such as coffee shops and libraries. As such you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols will be most likely to be allowed through the widest number of firewalls?
answer
SSL
question
Which protocol is used for securely browsing a website?
answer
HTTPS
question
You are purchasing a hard disk over the internet from an online retailer. What does your browser use to ensure that others cannot see your credit card number on the internet?
answer
SSL
question
Which of the following protocols are often added to other protocols to provide secure transmission of data?
answer
TLS SSL
question
The session keys employed by SSL (Secure Sockets Layer) are available in what bit lengths?
answer
128 bit at 40 bit
question
Which of the following is the best counter measure against man-in-the-middle attacks?
answer
IPsec
question
Which IPsec subprotocol provides data encryption?
answer
Encapsulating Security Payload (ESP)
question
Which of the following technologies is based upon SSL (Secure Socket Layer) ?
answer
TLS (Transport Layer Security)
question
Which of the following protocols can be used to securely manage a network device from a remote connection?
answer
SSH
question
Which of the following protocols can TLS use for key exchange?
answer
Diffie-Hellman RSA
question
What is the primary function of the IKE protocol used with IPsec?
answer
Creates a security association between communicating partners
question
Which of the following can be used to encrypt web email telnet transfer and SNMP traffic ?
answer
IPsec
question
IPsec is implemented through two separate protocols. What are these protocols called?
answer
ESP AH
question
Which of the following network layer protocols provides authentication and encryption services for IP based network traffic?
answer
IPsec
question
SHA-1 uses with of the following bit length hashing algorithms
answer
only 160 - bit
question
Which of the following does not or cannot produce a hash value of 128 bits
answer
SHA-1
question
A birthday attack focuses on what ?
answer
hashing algorithms
question
If two different messages or files produce the same hashing digest, then a collision has occurred. What form of cryptographic attacks exploits this condition?
answer
Birthday Attack
question
If a birthday attack is successful meaning the attacker discovers a password that generates the same hash as that captured from user's logon credentials which of the following is true?
answer
The discovered password will allow the attacker to logon as the user even if its not the same as the user's password A collision was discovered
question
Which of the following are true of Triple DES (3DES)?
answer
Is used in IPsec Uses a 168 bit key
question
Which of the following are true concerning the Advanced Encryption Standard (AES) symmetric block cipher?
answer
AES uses the Rijindel block cipher AES uses variable length block key and key length (128-192-, or 256 keys)
question
Which of the following symmetric block ciphers does not use a variable block length?
answer
International Data Encryption Algorithm (IDEA)
question
Which of the following encryption mechanisms offers the least security because of weak keys?
answer
DES
question
Which version of the River Cipher is a block cipher that supports variable bit length keys and variable bit block sizes?
answer
RC5
question
Bob Jones uses the RC5 cryptosystem to encrypt a sensitive and confidential file on his notebook. He used 32 bit blocks a 64 bit key and he only used the selected key once. He moved the key onto a USB hard drive which was stored in a safety deposit box. Bob's notebook was stolen. Within a few days Bob discovered the contents of his encrypted file on the Internet. What is the primary reason Bob's file was opened so quickly?
answer
Weak key
question
What type of key or keys are used in symmetric cryptography?
answer
A shared private key
question
How many keys are used in symmetric key cryptography?
answer
one
question
Which of the following is not true concerning symmetric key cryptography?
answer
Key management is easy when implemented on a large scale
question
Which of the following is classified as a stream cipher?
answer
RC4
question
You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible?
answer
AES
question
Which of the following algorithms are used in symmetric encryption?
answer
Blowfish 3DES AES
question
You are concerned about the strength of your cryptographic keys so you implement a system that does the following: The initial key is fed into the input of the bcrypt utility on a Linux workstation The bcrypt key utility produces an enhanced key that is 128 bits long The resulting enhanced key is much more difficult to crack than the original key. Which kind of encryption mechanism was used in the scenario?
answer
key stretching
question
Which of the following is considered an out of band distribution method for private key encryption?
answer
copying the key to a USB drive
question
1. The senders key is sent to a recipient using a Diffie-Hellman key exchange 2. The senders key is copied to a USB drive and handed to the recipient 3.The senders key is sent to the recipient using public-key cryptography 4.The senders key is burned to a CD and handed to the recipient
answer
1. In band distribution 2. Out of band distribution 3. In band distribution 4.Out of band distribution
question
How many keys are used with asymmetric or publicly key cryptography?
answer
Two
question
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. What must the receiver use to access the hashing value to verify the integrity of the transmission?
answer
Senders public key
question
A PKI is a method for managing which type of encryption?
answer
Asymmetric
question
When is the best time to apply for a certificate renewal ?
answer
near the end of the certificates valid lifetime