CompTIA Security+ Exam SY0-501 Cryptography Quiz
Digital signatures provide: (Select 3 answers) Integrity Authentication Confidentiality Authorization Non-repudiation
Integrity Authentication Non-repudiation
Which of the acronyms listed below refers to a cryptographic attack where the attacker has access to both the plaintext and its encrypted version? KEK POODLE KPA CSRF
KPA
What is a Hash Value?
The hash value is representative of the original string of characters, but is normally smaller than the original.
IPSec (Internet Protocol Security)
A Layer 3 protocol that defines encryption, authentication, and key management for TCP/IP transmissions. IPSec is an enhancement to IPv4 and is native to IPv6. IPSec is unique among authentication methods in that it adds security information to the header of all IP packets.
Data Encryption Key
A data encryption key (DEK) is a type of key designed to encrypt and decrypt data at least once or possibly multiple times. DEKs are created by an encryption engine. Data is encrypted and decrypted with the help of the same DEK; therefore, a DEK must be stored for at least a specified duration for decrypting the generated cipher text.
What is a Digital Signature?
A digital signature guarantees the authenticity of an electronic document or message in digital communication and uses encryption techniques to provide proof of original and unmodified documentation.
EFS (Encrypting File System)
A file-encryption tool available on Windows systems that have partitions formatted with NTFS.
Man-in-the-Middle (MITM) Attack
A hacker placing himself between a client and a host to intercept network traffic; also called session hijacking.
What does Hash Function mean?
A hash function takes a group of characters (called a key) and maps it to a value of a certain length (called a hash value or hash)
WEP (Wired Equivalent Privacy)
A key encryption technique for wireless networks that uses keys both to authenticate network clients and to encrypt data in transit.
PGP (Pretty Good Privacy)
A key-based encryption system for e-mail that uses a two-step verification process.
Hash collisions need
A mechanism to find the keys/ records with the same hash value (like chaining)
Electronic Code Book (ECB)
A mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value, and vice versa
(2) MPLS (Multiprotocol Label Switching)
A network technology defined by a set of IETF specifications that enable Layer 3 devices, such as routers, to establish and manage network traffic.
IPSec (Internet Protocol Security)
A set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet through data authentication and encryption.
Advanced Encryption Standard (AES)
A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES.
key stretching
A technique that strengthens potentially weak cryptographic keys, such as passwords or passphrases created by people, against brute force attacks.
MPLS (Multiprotocol Label Switching)
A type of switching that enables any one of several Layer 2 protocols to carry multiple types of Layer 3 protocols. One of its benefits is the ability to use packet-switched technologies over traditionally circuit-switched networks. MPLS can also create end-to-end paths that act like circuit-switched connections.
Which of the algorithms listed below does not fall into the category of asymmetric encryption? RSA GPG DSA AES DHE ECDHE PGP
AES
Which of the cryptographic algorithms listed below is the least vulnerable to attacks? AES DES RC4 3DES
AES
XSRF (cross-site request forgery)
An attack that causes users to perform actions on websites without their knowledge. In some cases, attackers use header manipulation to steal cookies and harvest passwords.
SSL Certificate
An electronic document that confirms the identity of a website or server and verifies that a public key belongs to a trustworthy individual or company
data in-use
Any data currently being used by a computer. Because the computer needs to process the data, it is not encrypted while in use.
What are the characteristic features of Elliptic Curve Cryptography (ECC)? (Select 3 answers) Asymmetric encryption Low processing power requirements Suitable for small wireless devices High processing power requirements Symmetric encryption Not suitable for small wireless devices
Asymmetric encryption Low processing power requirements Suitable for small wireless devices
A type of encryption scheme that uses a paired public and private key is known as: (Select 2 answers) Secret-key encryption Asymmetric encryption Symmetric encryption Public-key encryption Session-key encryption
Asymmetric encryption Public-key encryption
What is a known plaintext attack?
Attacker has access to the ciphertext. Attacker also knows something about the plaintext that underlies the ciphertext. Most practical attack. Meet-in-the-middle is an example.
Chosen-Plaintext Analysis (CPA)
Attacker uses ciphertext that matches arbitrarily selected plaintext via the same algorithm technique.
Ciphertext-Only Analysis (COA)
Attacker uses known ciphertext collections.
What are the examples of key stretching algorithms? (Select 2 answers) ROT13 Twofish Bcrypt DSA PBKDF2
Bcrypt PBKDF2
Which cryptographic attack relies on the concepts of probability theory? KPA Brute-force Dictionary Birthday
Birthday
An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is known as: Replay attack Brute-force attack Dictionary attack Birthday attack
Brute-force attack
Which of the following terms illustrate(s) the security through obscurity concept? (Select all that apply) Code obfuscation Steganography SSID broadcast suppression Encryption Substitution ciphers
Code obfuscation Steganography SSID broadcast suppression Substitution ciphers
Shim
Collectively, MPLS labels are sometimes called a ____.
Which of the following terms is used in conjunction with the assumption that the output of a cryptographic function should be considerably different from the corresponding plaintext input? Confusion Obfuscation Collision Diffusion
Confusion
XSRF
Cross-Site Request Forgery
What does Cross-Site Request Forgery (CSRF) mean?
Cross-site request forgery (CSRF) is a type of website exploit carried out by issuing unauthorized commands from a trusted website user. CSRF exploits a website's trust for a particular user's browser, as opposed to cross-site scripting, which exploits the user's trust for a website.
What does Cryptanalysis mean?
Cryptanalysis is the decryption and analysis of codes, ciphers or encrypted text. Cryptanalysis uses mathematical formulas to search for algorithm vulnerabilities and break into cryptography or information security systems.
Examples of means that provide randomization during the encryption process include: (Select 3 answers) Cryptographic nonce Obfuscation Salting Initialization Vector (IV) Shimming
Cryptographic nonce Obfuscation Initialization Vector (IV)
(2) Symmetric-key algorithms
DES, 3DES, AES, Twofish, Blowfish, IDEA, Skipjack, RC2,RC4, RC5, RC6
A cryptographic standard for digital signatures is known as: DSA PFS DES RSA
DSA
DES
Data Encryption Standard is a symmetric-key algorithm for the encryption of electronic data. Although its short key length of 56 bits, criticized from the beginning, makes it too insecure for most current applications, it was highly influential in the advancement of modern cryptography.
Ciphertext
Data that has been encrypted.
data in-transit
Data that is in transit across a network, such as an email sent across the Internet.
Which of the three states of digital data requires data to be processed in an unencrypted form? Data-in-transit Data-at-rest Data-in-use
Data-in-use
Which password attack takes advantage of a predefined list of words? Birthday attack Replay attack Dictionary attack Brute-force attack
Dictionary attack
Which of the following answers refers to a commonly used asymmetric algorithm for secure exchange of symmetric keys? RC4 Bcrypt Diffie-Hellman RIPEMD
Diffie-Hellman
Which of the terms listed below is used to describe a situation where a small change introduced to the input data before encryption causes large changes in its encrypted version? Diffusion Confusion Obfuscation Collision
Diffusion
Where is a digital signature used?
Digital signatures are used in e-commerce, software distribution, financial transactions and other situations that rely on forgery or tampering detection techniques.
Which of the following block cipher modes is the simplest/weakest and therefore not recommended for use? CBC GCM ECB CTR
ECB
ECB
Electronic Code Book
Symmetric key algorithms are best used for:
Encryption of large amounts of data
A situation where cryptographic hash function produces two different digests for the same data input is referred to as hash collision. True False
False
Examples of techniques used for encrypting information include symmetric encryption (also called public-key encryption) and asymmetric encryption (also called secret-key encryption, or session-key encryption.) True False
False
Symmetric encryption algorithms require large amounts of processing power for both encryption and decryption of data which makes them much slower in comparison to asymmetric encryption ciphers. True False
False
Why is hashing used?
For confidentiality, a password can be "hashed" and the resulting hash sent over an untrusted network, if needed, for authentication, so the actual password is not transmitted.
Which of the block cipher modes listed below provides both data integrity and confidentiality? CBC GCM ECB CTR
GCM
Which of the following answers refers to the contents of a rainbow table entry? Hash/Password IP address/Domain name Username/Password Account name/Hash
Hash/Password
What is hashing also used for?
Hashing is done for indexing and locating items in databases because it is easier to find the shorter hash value than the longer string. Hashing is also used in encryption.
Which of the following authentication protocols offer(s) countermeasures against replay attacks? (Select all that apply) IPsec ( Your answer) MPLS PAP Kerberos ( Your answer) CHAP ( Your answer)
IPsec Kerberos CHAP
Pseudo-random data used in combination with a secret key in WEP and SSL encryption schemes is known as: Salt Shim IV Seed
IV
Cryptanalysis attack types include:
Known-Plaintext Analysis (KPA) Chosen-Plaintext Analysis (CPA) Ciphertext-Only Analysis (COA) Man-in-the-Middle (MITM) Attack Adaptive Chosen-Plaintext Attack (ACPA)
Which of the following are hashing algorithms? (Select all that apply) MD5 RIPEMD Bcrypt HMAC SHA
MD5 RIPEMD HMAC SHA
Hash collision
Occurs when the hashing algorithm creates the same hash from different passwords
Which of the answers listed below refers to a solution designed to strengthen the security of session keys? ECB PFS EFS PFX
PFS
Which of the following answers lists an example of a cryptographic downgrade attack? MITM KPA POODLE XSRF
POODLE
PFS
Perfect Forward Secrecy
PFX
Personal Exchange Format
Which of the algorithms listed below does not belong to the category of symmetric ciphers? RC4 DES RSA AES Blowfish 3DES Twofish
RSA
Which of the following cryptographic hash functions is the least vulnerable to attacks? SHA-1 RIPEMD SHA-512 MD5
SHA-512
Pseudo-random data added to a password before hashing is called: Shim Salt Seed IV
Salt
Which of the following answers refers to a type of additional input that increases password complexity and provides better protection against brute-force, dictionary, and rainbow table attacks? Seed IV Salt Shim
Salt
SSL
Secure Sockets Layer
A type of encryption scheme where the same key is used to encrypt and decrypt data is referred to as: (Select 3 answers) Session-key encryption Public-key encryption Symmetric encryption Asymmetric encryption Secret-key encryption
Session-key encryption Symmetric encryption Secret-key encryption
Adaptive Chosen-Plaintext Attack (ACPA)
Similar to a CPA, this attack uses chosen plaintext and ciphertext based on data learned from past encryptions.
Which of the answers listed below refer to obfuscation methods? (Select 3 answers) Encryption ( Your answer) Steganography ( Your answer) XOR cipher ( Your answer) Password salting ROT13 ( Missed)
Steganography XOR cipher ROT13
Which of the answers listed below refer to the Advanced Encryption Standard (AES)? (Select 3 answers) Symmetric-key algorithm 128-, 192-, and 256-bit keys Asymmetric-key algorithm Stream cipher algorithm 56-, 112-, and 168-bit keys Block cipher algorithm
Symmetric-key algorithm 128-, 192-, and 256-bit keys Block cipher algorithm
What are some other terms for Hashing Function?
This term is also known as a hashing algorithm or message digest function.
In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted by applying the same algorithm and a matching private key. True False
True
In cryptography, the number of bits in a key used by a cryptographic algorithm is referred to as a key size or key length. The key size determines the maximum number of combinations required to break the encryption algorithm, therefore typically a longer key means stronger cryptographic security. True False
True
In cryptography, the term "Key stretching" refers to a mechanism for extending the length of a cryptographic key to make it more secure against brute-force attacks. True False
True
In cryptography, the term "Secret algorithm" refers to an algorithm designed in a way that prevents the examination of its inner workings. True False
True
One of the measures for bypassing the failed logon attempt account lockout policy is to capture any relevant data that might contain the password and brute force it offline. True False
True
Rainbow tables are lookup tables used to speed up the process of password guessing. True False
True
The term "Ephemeral key" refers to an asymmetric encryption key designed to be used only for the duration of a single session or transaction. True False
True
Unlike stream ciphers which process data by encrypting individual bits, block ciphers divide data into separate fragments and encrypt each fragment separately. True False
True
Symmetric-key algorithms
Use the same key to perform both encryption and decryption
What are the characteristic features of a session key? (Select 2 answers) Used during a single session Asymmetric key Reused during multiple sessions Symmetric key
Used during a single session Symmetric key
What are the examples of weak/deprecated cryptographic solutions? (Select 3 answers) WEP AES SSL DES PGP
WEP SSL DES
What is a digital signature also known as?
electronic signature
Cryptographic nonce
is an arbitrary number that can be used just once in a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. They can also be useful as initialization vectors and in cryptographic hash functions.
CSRF
is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated
Symmetric Encryption
the same key is used to encode and decode
asymmetric encryption
two keys are used; one key encodes the message, and the other key decodes the message
Public Key Encryption
uses two keys: a public key that everyone can have and a private key for only the recipient
