C845 - Chapter 5: Cryptography
How many bits of keying material does the Data Encryption Standard use for encrypting information? A. 56 bits B. 64 bits C. 128 bits D. 256 bits
A. 56 bits
Raj is selecting an encryption algorithm for use in his organization and would like to be able to vary the strength of the encryption with the sensitivity of the information. Which one of the following algorithms allows the use of different key strengths? A. Blowfish B. DES C. Skipjack D. IDEA
A. Blowfish
Kevin is an internal auditor at a major retailer and would like to ensure that the information contained in audit logs is not changed after it is created. Which one of the following controls would best meet his goal? A. Cryptographic hashing B. Data loss prevention C. File encryption D. Certificate management
A. Cryptographic hashing
Fred is preparing to send backup tapes off-site to a secure third-party storage facility. What steps should Fred take before sending the tapes to that facility? A. Ensure that the tapes are handled the same way the original media would be handled based on their classification. B. Increase the classification level of the tapes because they are leaving the possession of the company. C. Purge the tapes to ensure that classified data is not lost. D. Decrypt the tapes in case they are lost in transit.
A. Ensure that the tapes are handled the same way the original media would be handled based on their classification.
In Transport Layer Security, what type of key is used to encrypt the actual content of communications between a web server and a client? A. Ephemeral session key B. Client's public key C. Server's public key D. Server's private key
A. Ephemeral session key
Max is the security administrator for an organization that uses a remote access VPN. The VPN depends upon RADIUS authentication, and Max would like to assess the security of that service. Which one of the following hash functions is the strongest cryptographic hash protocol supported by RADIUS? A. MD5 B. SHA 2 C. SHA-512 D. HMAC
A. MD5
Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which one of these technologies should she replace because it is no longer considered secure? A. MD5 B. 3DES C. PGP D. WPA2
A. MD5
Which attack helped drive vendors to move away from SSL toward TLS-only by default? A. POODLE B. Stuxnet C. BEAST D. CRIME
A. POODLE
Information maintained about an individual that can be used to distinguish or trace their identity is known as what type of information? A. Personally identifiable information (PII) B. Personal health information (PHI) C. Social Security number (SSN) D. Secure identity information (SII)
A. Personally identifiable information (PII)
Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement? A. RSA B. DES C. AES D. Blowfish
A. RSA
Skip needs to transfer files from his PC to a remote server. What protocol should he use instead of FTP? A. SCP B. SSH C. HTTP D. Telnet
A. SCP
Todd wants to add a certificate to a certificate revocation list. What element of the certificate goes on the list? A. Serial number B. Public key C. Digital signature D. Private key
A. Serial number
Alison is examining a digital certificate presented to her by her bank's website. Which one of the following requirements is not necessary for her to trust the digital certificate? A. She knows that the server belongs to the bank. B. She trusts the certificate authority. C. She verifies that the certificate is not listed on a CRL. D. She verifies the digital signature on the certificate.
A. She knows that the server belongs to the bank.
Which one of the following is not one of the basic requirements for a cryptographic hash function? A. The function must work on fixed-length input. B. The function must be relatively easy to compute for any input. C. The function must be one way. D. The function must be collision free.
A. The function must work on fixed-length input.
Which one of the following is not an attribute of a hashing algorithm? A. They require a cryptographic key. B. They are irreversible. C. It is very difficult to find two messages with the same hash value. D. They take variable-length input.
A. They require a cryptographic key.
What standard governs the creation and validation of digital certificates for use in a public key infrastructure? A. X.509 B. TLS C. SSL D. 802.1x
A. X.509
What type of encryption should you use on the file servers for the proprietary data, and how might you secure the data when it is in motion? A. TLS at rest and AES in motion B. AES at rest and TLS in motion C. VPN at rest and TLS in motion D. DES at rest and AES in motion
B. AES at rest and TLS in motion
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. Which one of the following keys would Bob not possess in this scenario? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key
B. Alice's private key
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key
B. Alice's private key
Florian and Tobias would like to begin communicating using a symmetric cryptosystem, but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key? A. IDEA B. Diffie-Hellman C. RSA D. MD5
B. Diffie-Hellman
Susan would like to configure IPsec in a manner that provides confidentiality for the content of packets. What component of IPsec provides this capability? A. AH B. ESP C. IKE D. ISAKMP
B. ESP
What is the best way to secure files that are sent from workstation A via the Internet service (C) to remote server E? A. Use AES at rest at point A, and use TLS in transit via B and D. B. Encrypt the data files and send them. C. Use 3DES and TLS to provide double security. D. Use full disk encryption at A and E, and use SSL at B and D.
B. Encrypt the data files and send them.
What problem with FTP and Telnet makes using SFTP and SSH better alternatives? A. FTP and Telnet aren't installed on many systems. B. FTP and Telnet do not encrypt data. C. FTP and Telnet have known bugs and are no longer maintained. D. FTP and Telnet are difficult to use, making SFTP and SSH the preferred solution.
B. FTP and Telnet do not encrypt data.
What cryptographic principle stands behind the idea that cryptographic algorithms should be open to public inspection? A. Security through obscurity B. Kerckhoff's principle C. Defense in depth D. Heisenburg principle
B. Kerckhoff's principle
What name is given to the random value added to a password in an attempt to defeat rainbow table attacks? A. Hash B. Salt C. Extender D. Rebar
B. Salt
Margot is considering the use of a self-signed certificate to reduce the costs associated with maintaining a public-facing web server. What is the primary risk associated with the use of self-signed certificates? A. Self-signed certificates use weak encryption. B. Self-signed certificates are not trusted by default. C. Self-signed certificates have short expiration periods. D. Self-signed certificates cannot be used with most browsers.
B. Self-signed certificates are not trusted by default.
What type of encryption is typically used for data at rest? A. Asymmetric encryption B. Symmetric encryption C. DES D. OTP
B. Symmetric encryption
Alice is designing a cryptosystem for use by six users and would like to use a symmetric encryption algorithm. She wants any two users to be able to communicate with each other without worrying about eavesdropping by a third user. How many symmetric encryption keys will she need to generate? A. 6 B. 12 C. 15 D. 30
C. 15
Chris is designing a cryptographic system for use within his company. The company has 1,000 employees, and they plan to use an asymmetric encryption system. How many total keys will they need? A. 500 B. 1,000 C. 2,000 D. 4,950
C. 2,000
How many possible keys exist for a cipher that uses a key containing 5 bits? A. 10 B. 16 C. 32 D. 64
C. 32
Which letters on this diagram are locations where you might find data at rest? A. A, B, and C B. C and E C. A and E D. B, D, and F
C. A and E
What encryption algorithm is used by both BitLocker and Microsoft's Encrypting File System? A. Blowfish B. Serpent C. AES D. 3DES
C. AES
What encryption algorithm would provide strong protection for data stored on a USB thumb drive? A. TLS B. SHA1 C. AES D. DES
C. AES
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. If Alice wants to send Bob an encrypted message, what key does she use to encrypt the message? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key
C. Bob's public key
Quantum Computing regularly ships tapes of backup data across the country to a secondary facility. These tapes contain confidential information. What is the most important security control that Quantum can use to protect these tapes? A. Locked shipping containers B. Private couriers C. Data encryption D. Media rotation
C. Data encryption
What scenario describes data at rest? A. Data in an IPSec tunnel B. Data in an e-commerce transaction C. Data stored on a hard drive D. Data stored in RAM
C. Data stored on a hard drive
Carla's organization recently suffered a data breach when an employee misplaced a laptop containing sensitive customer information. Which one of the following controls would be least likely to prevent this type of breach from reoccurring in the future? A. Full disk encryption B. File encryption C. File integrity monitoring D. Data minimization
C. File integrity monitoring
Which one of the following would be a reasonable application for the use of self-signed digital certificates? A. E-commerce website B. Banking application C. Internal scheduling application D. Customer portal
C. Internal scheduling application
Tom is a cryptanalyst and is working on breaking a cryptographic algorithm's secret key. He has a copy of an intercepted message that is encrypted, and he also has a copy of the decrypted version of that message. He wants to use both the encrypted message and its decrypted plaintext to retrieve the secret key for use in decrypting other messages. What type of attack is Tom engaging in? A. Chosen ciphertext B. Chosen plaintext C. Known plaintext D. Brute force
C. Known plaintext
Alice sent a message to Bob. Bob would like to demonstrate to Charlie that the message he received definitely came from Alice. What goal of cryptography is Bob attempting to achieve? A. Authentication B. Confidentiality C. Nonrepudiation D. Integrity
C. Nonrepudiation
Ed has been asked to send data that his organization classifies as confidential and proprietary via email. What encryption technology would be appropriate to ensure that the contents of the files attached to the email remain confidential as they traverse the Internet? A. SSL B. TLS C. PGP D. VPN
C. PGP
Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations. What civilian data classifications best fit this data? A. Unclassified, confidential, top secret B. Public, sensitive, private C. Public, sensitive, proprietary D. Public, confidential, private
C. Public, sensitive, proprietary
Attackers who compromise websites often acquire databases of hashed passwords. What technique can best protect these passwords against automated password cracking attacks that use precomputed values? A. Using the MD5 hashing algorithm B. Using the SHA-1 hashing algorithm C. Salting D. Double-hashing
C. Salting
Angela is an information security architect at a bank and has been assigned to ensure that transactions are secure as they traverse the network. She recommends that all transactions use TLS. What threat is she most likely attempting to stop, and what method is she using to protect against it? A. Man-in-the-middle, VPN B. Packet injection, encryption C. Sniffing, encryption D. Sniffing, TEMPEST
C. Sniffing, encryption
What encryption technology would be appropriate for HIPAA documents in transit? A. BitLocker B. DES C. TLS D. SSL
C. TLS
What would be the best way to secure data at points B, D, and F? A. AES-256 B. SSL C. TLS D. 3DES
C. TLS
Greg is designing a defense-in-depth approach to securing his organization's information and would like to select cryptographic tools that are appropriate for different use cases and provide strong encryption. Which one of the following pairings is the best use of encryption tools? A. SSL for data in motion and AES for data at rest B. VPN for data in motion and SSL for data at rest C. TLS for data in motion and AES for data at rest D. SSL for data in motion and TLS for data at rest
C. TLS for data in motion and AES for data at rest
Andrew believes that a digital certificate belonging to his organization was compromised and would like to add it to a Certificate Revocation List. Who must add the certificate to the CRL? A. Andrew B. The root authority for the top-level domain C. The CA that issued the certificate D. The revocation authority for the top-level domain
C. The CA that issued the certificate
Sally is using IPsec's ESP component in transport mode. What important information should she be aware of about transport mode? A. Transport mode provides full encryption of the entire IP packet. B. Transport mode adds a new, unencrypted header to ensure that packets reach their destination. C. Transport mode does not encrypt the header of the packet. D. Transport mode provides no encryption; only tunnel mode provides encryption.
C. Transport mode does not encrypt the header of the packet.
Alan intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message? A. Substitution cipher B. AES C. Transposition cipher D. 3DES
C. Transposition cipher
What technique could you use to mark your trade secret information in case it was released or stolen and you need to identify it? A. Classification B. Symmetric encryption C. Watermarks D. Metadata
C. Watermarks
Linux systems that use bcrypt are using a tool based on what DES alternative encryption scheme? A. 3DES B. AES C. Diffie-Hellman D. Blowfish
D. Blowfish
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. When Bob receives the encrypted message from Alice, what key does he use to decrypt the message? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key
D. Bob's private key
Which one of the following cryptographic goals protects against the risks posed when a device is lost or stolen? A. Nonrepudiation B. Authentication C. Integrity D. Confidentiality
D. Confidentiality
Joe works at a major pharmaceutical research and development company and has been tasked with writing his organization's data retention policy. As part of its legal requirements, the organization must comply with the U.S. Food and Drug Administration's Code of Federal Regulations Title 21. To do so, it is required to retain records with electronic signatures. Why would a signature be part of a retention requirement? A. It ensures that someone has reviewed the data. B. It provides confidentiality. C. It ensures that the data has not been changed. D. It validates who approved the data.
D. It validates who approved the data.
Which one of the following cryptographic systems is most closely associated with the Web of Trust? A. RC4 B. SHA C. AES D. PGP
D. PGP
Which one of the following cryptographic algorithms supports the goal of nonrepudiation? A. Blowfish B. DES C. AES D. RSA
D. RSA
Chris wants to verify that a software package that he downloaded matches the original version. What hashing tool should he use if he believes that technically sophisticated attackers may have replaced the software package with a version containing a backdoor? A. MD5 B. 3DES C. SHA1 D. SHA 256
D. SHA 256
What protocol is preferred over Telnet for remote server administration via the command line? A. SCP B. SFTP C. WDS D. SSH
D. SSH
Barry recently received a message from Melody that Melody encrypted using symmetric cryptography. What key should Barry use to decrypt the message? A. Barry's public key B. Barry's private key C. Melody's public key D. Shared secret key
D. Shared secret key
What methods are often used to protect data in transit? A. Telnet, ISDN, UDP B. BitLocker, FileVault C. AES, Serpent, IDEA D. TLS, VPN, IPSec
D. TLS, VPN, IPSec
What security measure can provide an additional security control in the event that backup tapes are stolen or lost? A. Keep multiple copies of the tapes. B. Replace tape media with hard drives. C. Use appropriate security labels. D. Use AES-256 encryption.
D. Use AES-256 encryption.
Which one of the following is not considered PII under U.S. federal government regulations? A. Name B. Social Security number C. Student ID number D. ZIP code
D. ZIP code
