Comp Sec Chapter 7

The SHA-1 hashing algorithm creates a digest that is how many bits in length?

160 bits

After the DES cipher was broken and no longer considered secure what encryption algorithm was made as its successor?

3DES

What length SSL and TLS keys are generally considered to be strong?

4096

If using the MD5 hashing algorithm what is the length to which each message is padded?

512 bits

Which standard was approved by NIST in late 2000 as a replacement for DES?

AES

What is a block cipher algorithm that operates on 64-bit blocks and can have a key length from 32 to 448 bits?

Blowfish

When Bob needs to send Alice a message with a digital signature whose private key is used to encrypt the hash?

Bob's private key

If Bob receives an encrypted reply message from Alice whose private key is used to decrypt the received message?

Bob's private key.

A document that describes in detail how a CA uses and manages certificates as well as how end users register for a digital certificate is known as?

Certificate practice statement (CPS)

Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates:

Certification Authority

Which key exchange requires Alice and Bob to each agree upon a large prime number and related integer?

Diffie-Hellman

What is the U.S. federal government standard for digital signatures?

Digital Signature Algorithm

What cryptographic method first proposed in the mid-1980s makes use of sloping curves instead of large prime numbers?

ECC

What block cipher mode of operation uses the most basic approach where the plaintext is divided into blocks and each block is then encrypted separately?

Electronic Code Book

Which of the following are considered to be common asymmetric cryptographic algorithms? (Choose all that apply.)

Elliptic Curve Cryptography, Digital Signature Algorithm

Which of the following is an enhanced type of domain digital certificate?

Extended Validation

A digital certificate is a technology used to associate a user's identity to a private key.

False

Asymmetric cryptographic algorithms are also known as private key cryptography.

False

Digital certificates should last forever.

False

Encryption is the practice of transforming information so that it is secure and cannot be accessed by unauthorized parties.

False

GNU Privacy Guard a proprietary software that runs on different operating systems.

False

Obfuscation is making something well known or clear.

False

One of the first popular symmetric cryptography algorithms was RSA.

False

Root digital certificates are should never be self-signed.

False

Stream ciphers work on multiple characters at a time.

False

What block cipher mode of operation encrypts plaintext and computes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission?

Galois/Counter

What type of message authentication code uses hashing to authenticate the sender by using both a hash function and a secret cryptographic key?

HMAC

The Authentication Header (AH) protocol is a part of what encryption protocol suite below?

IPSec

What protocol below supports two encryption modes: transport and tunnel?

IPSec

Why is IPsec considered to be a transparent security protocol?

IPsec is designed to not require modifications of programs, or additional training, or additional client setup.

What common method is used to ensure the security and integrity of a root CA?

Keep it in an offline state from the network.

Which of the following is a valid way to check the status of a certificate? (Choose all that apply.)

Online Certificate Status Protocol, Certificate Revocation List

What widely used commercial asymmetric cryptography software can be used for encrypting files and email messages?

PGP

Which hash algorithm's primary design feature is two different and independent parallel chains of computation the results of which are then combined at the end of the process?

RIPEMD

Which of the following asymmetric cryptography algorithms is most commonly used?

RSA

Select the secure alternative to the telnet protocol:

SSH

What protocol developed by Netscape in 1994 is designed to create an encrypted data path between a client and server that could be used on any platform or operating system?

SSL

What cryptographic transport algorithm is considered to be significantly more secure than SSL?

TLS

What technology uses a chip on the motherboard of the computer to provide cryptographic services?

TPM

A Subject Alternative Name (SAN) digital certificate is also known as a Unified Communications Certificate (UCC).

True

A certificate repository (CR) is a publicly accessible centralized directory of digital certificates.

True

A collision attack is an attempt to find two input strings of a hash function that produce the same hash result.

True

A user electronically signs a Certificate Signing Request (CSR) by affixing their public key and then sending it to an intermediate certificate authority.

True

Ciphertext is the scrambled and unreadable output of encryption.

True

In information technology non-repudiation is the process of proving that a user performed an action.

True

SSL v3.0 served as the basis for TLS v1.0.

True

Some CAs issue only entry-level certificates that provide domain-only validation.

True

Some cryptographic algorithms require that in addition to a key another value can or must be input.

True

The XOR cipher is based on the binary operation eXclusive OR that compares two bits.

True

Wireless data networks are particularly susceptible to known ciphertext attacks.

True

What type of cryptography uses two keys instead of just one generating both a private and a public key?

asymmetric

What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs?

bridge trust

What process links several certificates together to establish trust between all the certificates involved?

certificate chaining

Data that is in an unencrypted form is referred to as which of the following?

cleartext

What allows an application to implement an encryption algorithm for execution?

crypto service providers

What term describes data actions being performed by endpoint devices such as printing a report from a desktop computer?

data-in-use

What process will remove all private and public keys along with the user's identification information in the CA?

destruction

What type of trust model is used as the basis for most digital certificates used on the Internet?

distributed trust

Which of the following certificates verifies the identity of the entity that has control over the domain name?

domain validation digital certificate

At what stage can a certificate no longer be used for any type of authentication?

expiration

What term best describes when cryptography is applied to entire disks instead of individual files or groups of files?

full disk encryption

Which of the following is more secure than software encryption?

hardware encryption

What type of cryptographic algorithm creates a unique digital fingerprint of a set of data?

hash

In cryptography which of the five basic protections ensures that the information is correct and no unauthorized person or malicious software has altered that data?

integrity

The process by which keys are managed by a third party such as a trusted CA is known as?

key escrow

What term best represents the resiliency of a cryptographic key to attacks?

key strength

What is used to create session keys?

master secret

Which of the following is an input value that must be unique within some specified scope such as for a given period or an entire session?

nonce

Which of the following is a public key system that generates random public keys that are different for each session?

perfect forward secrecy

Which of the following is not one of the functions of a digital signature?

protect the public key

What alternative term can be used to describe asymmetric cryptographic algorithms?

public key cryptography

A framework for all of the entities involved in digital certificates for digital certificate management is known as:

public key infrastructure

Which of the following certificates are self-signed?

root digital certificates

What is a value that can be used to ensure that plaintext when hashed will not consistently result in the same digest?

salt

Which type of cryptographic algorithm takes an input string of any length and returns a string of any requested variable length?

sponge

What type of cipher takes one character and replaces it with one character working one character at a time?

stream cipher

The simplest type of stream cipher one in which one letter or character is exchanged for another is known as what?

substitution

In which type of encryption is the same key used to encrypt and decrypt data?

symmetric

When two individuals trust each other because of the trust that exists between the individuals and a separate entity what type of trust has been established?

third-party

What kind of digital certificate is typically used to ensure the authenticity of a web server to a client?

web server