security+ 6

In which attack does an attacker force the system to abandon the current higher-security mode of operation and instead "fall back" to implementing an older, less secure mode? Downgrade attack Known ciphertext attack Collision attack Misconfiguration attack

Downgrade attack

If two segments need to talk to each other in a segmented network, which of the following is required? Router IDS Firewall WAF

Firewall

When implementing segmentation as a proactive measure, which of the following types of segments exist on a network? [Choose all that apply] Guests Users Datacenter Demilitarized Zone (DMZ)

Guests Users Datacenter

Ramesh is looking for an external device solution where software-based malware won't compromise data. Ramesh has shortlisted a device that meets the criteria and includes an onboard random number generator and key storage facility while backing up sensitive material in encrypted form. Which of the following has Ramesh selected for his solution? Self-encrypting drives (SED) Hardware security module (HSM) USB device encryption Trusted platform module (TPM)

Hardware security module (HSM)

Which method combines plaintext with a random key to produce the ciphertext? OTP Key Digest Opal

OTP --- one-time pad (OTP), which combines plaintext with a random key. A pad is a long sequence of random letters. The letters are combined with the plaintext message to produce the ciphertext.

Mary deals with confidential data that needs to be communicated to clients. How should Mary ensure that confidential data is hidden within other data, the hidden data is difficult to identify, and the encrypted data is confidential? Obfuscation Nonrepudiation Integrity Steganography

Steganography

Which of the following processes can conceal a file, message, image, or a video within another file, message, image, or a video? Cryptography Steganography Decryption Encryption

Steganography

Which of the following algorithms are examples of lightweight cryptography? [Choose all that apply] TWINE RSA OTR ECC

TWINE OTR

In asymmetric key encryption, what is the next step when a client initiates a session with a web server that is configured with a certificate? The client takes the public key from the certificate The web server sends a certificate to the web browser The client shares the encrypted key The web server decrypts the asymmetric key

The web server sends a certificate to the web browser

Which of the following is not to be decrypted but is only used for comparison purposes? a. Digest b. Algorithm c. Key d. Stream

a. Digest

Which of the following is FALSE about "security through obscurity"? a. It can only provide limited security. b. Proprietary cryptographic algorithms are an example. c. It attempts to hide the existence from outsiders. d. It is essentially impossible.

a. It can only provide limited security.

Which of the following is NOT a symmetric cryptographic algorithm? a. SHA b. Blowfish c. 3DES d. DES

a. SHA

Basil was reading about a new attack that forces the system to abandon a higher cryptographic security mode of operation and instead fall back to an older and less secure mode. What type of attack is this? a. Pullback attack b. Downgrade attack c. Obfuscation attack d. Deprecation attack

b. Downgrade attack

What are public key systems that generate different random public keys for each session? a. Public Key Exchange (PKE) b. Diffie-Hellman (DH) c. perfect forward secrecy d. Elliptic Curve Diffie-Hellman (ECDH)

c. perfect forward secrecy

Which of these provides cryptographic services and is external to the device? a. encrypted hardware-based USB devices b. self-encrypting hard disk drives (SED) c. Trusted Platform Module (TPM) d. Hardware Security Module (HSM)

d. Hardware Security Module (HSM)

What is data called that is to be encrypted by inputting it into a cryptographic algorithm? a. Cleartext b. Byte-text c. Ciphertext d. Plaintext

d. Plaintext

Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this? a. XAND13 b. Alphabetic c. XOR d. ROT13

d. ROT13

What is the minimum key size in Elliptical Curve Cryptography (ECC)? 521-bits 160-bits 384-bits 256-bits 224-bits

160-bits

Which of the following encryption methods is external to the device and provides cryptographic services? TPM HSM FDE SEDd

HSM Hardware Security Module (HSM) is a removable external cryptographic device. An HSM can be a USB device, an expansion card, a device the connects directly to a computer through a port, or a secure network server.

Which of the following statements are true for application whitelisting and blacklisting? [Choose all that apply] If an application or a specific path that contains the executables is blacklisted, then all executables within the defined path are blacklisted Software Restriction Policy for restricting applications applies only to an individual user and not to a group of users An administrator can blacklist or whitelist applications that the users can run using Software Restriction Policies Application blacklisting and whitelisting is always applied at the domain level

If an application or a specific path that contains the executables is blacklisted, then all executables within the defined path are blacklisted An administrator can blacklist or whitelist applications that the users can run using Software Restriction Policies

To prevent the spread of an attack, which of the following methods of isolation can be used? [Choose all that apply] Isolate the attacker Isolate the users Isolate the affected systems Isolate the network

Isolate the attacker Isolate the affected systems ----- When an incident occurs, isolation is then used to segregate both the attacker and the infected systems from reaching other devices. During isolation, the compromised systems are either disconnected or disabled until the incident is resolved.

How many keys are required in asymmetric encryption? 1 3 2 Depends on the algorithm

2

What is the key length of the Data Encryption Standard (DES) algorithm? 56-bit 128-bit 256-bit 168-bit

56-bit

Which mobile device management method allows the employee to purchase a mobile device, but the organization has complete control over the device? Choose Your Own Device (CYOD) Corporate-Owned, Business Only (COBO) Corporate-Owned, Personally Enabled (COPE) Bring Your Own Device (BYOD)

Choose Your Own Device (CYOD)

What is the attack by which attackers use strong algorithms and capture large sets of ciphertexts to analyze and then inject their own frames? Downgrade attack Ciphertext attack Collision attack Misconfiguration attack

Ciphertext attack

Alice is looking for means of generating random public keys that are different for each session and ensuring that even if the secret key is compromised, it cannot reveal the contents of more than one message. Which of the following is the appropriate solution for Alice? Diffie-Hellman Perfect forward secrecy Diffie-Hellman Ephemeral Elliptic Curve Diffie-Hellman

Perfect forward secrecy

John needs to identify public key systems that generate different, random public keys for each session and, even if a key gets stolen, should not reveal more than one message. Which public key system should John suggest? Diffie-Hellman Diffie-Hellman Ephemeral Perfect forward secrecy Elliptic Curve Diffie-Hellam

Perfect forward secrecy

Wilson is consulting with Abram to buy a new external storage device for Wilson's enterprise. Wilson gives Abram the following requirements for the device: Allows administrators to remotely prohibit accessing the data on a device if the user is not verified Locks the user out completely the next time the device connects Can instruct the drive to initiate a self-destruct sequence to destroy all data What should Abram suggest to Wilson? Hardware security module USB device encryption Blockchain Full disk encryption

USB device encryption

If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message? a. Alice's public key b. Alice's private key c. Bob's private key d. Bob's public key

a. Alice's public key ----- Asymmetric Cryptography Practices -When an encrypted message is to be sent, the recipient's, and not the sender's, key is used. (Public) -An encrypted message can be read only by using the recipient's private key. (Private) -

Deo has been asked to explain RSA to his colleague. After his explanation, Deo is asked what, if any, weaknesses RSA has. How would Deo respond? a. As computers become more powerful, the ability to compute factoring has increased. b. RSA has no known weaknesses. c. RSA weaknesses are based on ECC. d. The digest produced by the RSA algorithm is too short to be secure.

a. As computers become more powerful, the ability to compute factoring has increased. ----- The basis of RSA asymmetric encryption security is factoring, or the prime numbers that make up a value. As computers become faster and more powerful, the ability to "crack" RSA asymmetric encryption by computing the factoring has grown

Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)? a. It includes a pseudorandom number generator (PRNG). b. It provides cryptographic services in hardware instead of software. c. It can easily be transported to another computer. d. It can generate asymmetric cryptographic public and private keys.

a. It includes a pseudorandom number generator (PRNG).

Egor wanted to use a digital signature. Which of the following benefits will the digital signature NOT provide? a. Verify the receiver b. Prove the integrity of the message c. Enforce nonrepudiation d. Verify the sender

a. Verify the receiver

Which of these is the strongest symmetric cryptographic algorithm? a. RC1 b. Triple Data Encryption Standard c. Advanced Encryption Standard d. Data Encryption Standard

c. Advanced Encryption Standard

Which of these is NOT a characteristic of a secure hash algorithm? a. The hash should always be the same fixed size. b. Collisions should occur no more than 15 percent of the time. c. The results of a hash function should not be reversed. d. A message cannot be produced from a predefined hash.

b. Collisions should occur no more than 15 percent of the time. --- secure hash algorithm (SHA-1) A hashing algorithm is considered secure if it has the following characteristics: fixed size Unique original secure

Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as? a. Integrity b. Obfuscation c. Nonrepudiation d. Repudiation

c. Nonrepudiation Repudiation is defined as denial; nonrepudiation is the inability to deny. nonrepudiation is the process of proving that a user performed an action, such as sending an email message. Nonrepudiation prevents an individual from fraudulently reneging ( go back on a promise ) on an action. The nonrepudiation features of cryptography can prevent managers from claiming they never sent lists of employees to be laid off to an unauthorized third party.

Which of these is NOT a basic security protection for information that cryptography can provide? a. Confidentiality b. Integrity c. Risk d. Authenticity

c. Risk

Cicero is researching hash algorithms. Which algorithm would produce the longest and most secure digest? a. SHA6-6 b. MD5 c. SHA3-512 d. SHA-256

c. SHA3-512

Which of the following hides the existence of information? a. Encryption b. Decryption c. Steganography d. Ciphering

c. Steganography

What is low latency? a. The requirements for an IoT device that is using a specific network. b. The delay between when a substitution cipher decrypts the first block and when it finishes with the last block. c. The time between when a byte is input into a cryptographic cipher and when the output is obtained. d. A low-power source requirement of a sensor.

c. The time between when a byte is input into a cryptographic cipher and when the output is obtained.

What is a collision? a. Two ciphertexts have the same length. b. Two algorithms have the same key. c. Two files produce the same digest. d. Two keys are the same length.

c. Two files produce the same digest.