Knowledge Exam 8
A bank's payment machine has been completely replaced with better hardware and encryption protocols. The machine comes standard with AES, which provides faster and more secure transactions. What encryption standard may have been used in the previous payment machine model?
3DES
Which of the following best describes the term of key escrow?
A trusted third party with copies of decryption keys in addition to existing original keys
You need to encrypt the contents of a USB flash drive using the strongest possible encryption. Which type of encryption should you use?
AES
Which of the following is the strongest symmetric cryptographic function?
Advanced Encryption Standards
If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?
Alice's public key
Which of the following statements about DES, RC4, Blowfish, or Twofish is false?
All are stream ciphers
You want email sent from users in your organization to be encrypted to make messages more secure. Which of the following is an option you can use in order to enhance the encryption of email messages?
An asymmetric key exchange
The security and software development team are working on a password storage application. It will store passwords as a secure hash. Which of the following will provide the best protection against brute force attacks? Two
BCRYPT / PBKDF2
What does an incremental backup do during the backup?
Backs up all files with the archive bit set; resets the archive bit.
You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution would you choose?
BitLocker
An organization needs to implement a large PKI. Network engineers are concerned that repeated transmission of the OCSP will impact network performance. Which of the following should the security analyst recommend in lieu of an OCSP?
CRL
Which of the following is used in conjunction with a local security Authority to generate the private and public key pair used in asymmetric cryptography?
CSP
Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plain text to see the resulting cipher text. What type of attack is this?
Chosen plaintext
A hard drive contains sensitive data that the owner has recently applied restricted access as internal/official use only. Considering the different data classification levels, what is the appropriate level of data classification in this scenario?
Classified
To secure your server, you would like to ensure server hard disk data cannot be accessed if the hard disks are stolen. What should you do?
Configure TPM with PKI encryption keys
What is the primary function of the IKE protocol used with IPSec?
Create a security association between communicating partners
Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization?
DLP
Which of the following relies on both a public and private key for encryption and decryption?
Diffie-Hellman
Which of the following is a term used that is not encrypted but is used only for comparison purposes?
Digest
A company network allows multiple computers to work together to solve compound transactions. A central processor divides the transactions and distributes it across nodes for action. If a node fails, the processor will no longer task it, but processing between the other nodes will continues. What does the company achieve with this setup?
Distributive allocation for high availability
Which of the following is a secure alternative to FTP that uses SSL for encryption?
FTPS
You have developed a PKI within your organization. To meet legal reporting requirements, you need to implement a way to provide decryption keys to a third party on an as needed basis. What should you do?
Implement a key escrow arrangement
User A wants to establish a secure connection with a web server. Transport encryption is used to ensure data is encrypted as it is sent over the network. This works when both client and server agree on a secret key. How is this secret key exchanged?
In band
An application's executable is digitally signed using a software developer's private key. What does this ensure?
Integrity
Developers are creating an encrypted service for a private company to secure video conference meetings. As developers are creating the code, they are thinking about reducing the processing overhead from end to end. Why is this process important to consider?
Low latency uses
Which of the following cryptography algorithms will produce a fixed length, irreversible output?
MD5
The CA signature exists in all digital certificates that it issues. Which key does the CA use to create a signature?
Private
An application is being designed to digitally sign files as it publishes them for distribution. What algorithm should be used for this purpose?
RSA
Which of the following is an entity that accepts and validates information contained within a request for a certificate?
Registration Authority
Which of the following is the most frequently used in symmetric key stream ciphers?
Ron's Cipher v4 (RC4)
Which of the following is designed to perform one way encryption?
SHA
Telnet is inherently insecure because its communication is in plain text and is easily intercepted. Which of the following is an acceptable alternative to Telnet?
SSH
Which of the following are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity?
Session keys
A major power incident has impacted a local transportation company and all systems have powered off. While the IT department is waiting for the power to be restored, they have been reviewing the situation and creating an order of restoration plan. Evaluate the following options and select the plan that would best follow standard guidelines.
Step 1. Enable and test power. Step 2. Enable and test critical network servers. Step 3. Enable and test infrastructure.
What form of cryptography would you use for bulk encryption because it is fast?
Symmetric key cryptography
Which of the following is considered the strongest cryptographic transport protocol?
TLS v1.2
Your colleagues report that there is a short time frame in which a revoked certificate can still be used. What is the reason for this?
The CRL is published periodically
Which action is taken when the private key associated with a digital certificate becomes compromised?
The certificate is revoked and added to the Certificate Revocation List
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within a digital signature of the sender. Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission?
The sender's public key
A digital certificate would associate which of the following?
The user's identity with his public key
In a Public Key Infrastructure (PKI), which option best describes how users and multiple Certificate Authorities (CAs) share information and exchange certificates?
Trust model
User A sends an encrypted email to User B and signed the email using RSA encryption. If User A uses a digital envelope, which key in this email process would most likely compromise confidentiality for both this and future emails?
User B's private Key
