9.5.4 Security Pro Practice Questions
What type of key or keys are used in symmetric cryptography? Two unique sets of key pairs A unique key for each participant A single key pair A shared private key
A shared private key EXPLANATION Symmetric cryptography uses a shared private key. Both communication partners must be in possession of the same key in order to exchanged encrypted data. Asymmetric cryptography uses a unique key pair for each participant. This key pair consists of a public key and a private key. REFERENCES LabSim for Security Pro, Section 9.5.
You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible? AES RSA SHA-1 3DES
AES EXPLANATION AES is stronger and faster than 3DES when implemented with a large key size (256-bits). DES was one of the first symmetric encryption methods and is now obsolete (known weaknesses can be used to break the encryption). 3DES improves upon DES by applying the encryption three times. It is an acceptable alternative to DES. RSA is an asymmetric encryption algorithm. Asymmetric encryption is not typically used for bulk encryption of data. SHA-1 is a hashing algorithm, not an encryption algorithm. REFERENCES LabSim for Security Pro, Section 9.5.
Which of the following is considered an out-of-band distribution method for private key encryption? Using a key distribution algorithm Using a private fiber network Copying the key to a USB drive Sending a secured email
Copying the key to a USB drive EXPLANATION Out-of-band distribution involves manually distributing the key (for example, as copying the key to a USB drive and sending it to the other party). Sending an email, using a key distribution algorithm, or using a private fiber network are all considered in-band distribution methods. REFERENCES LabSim for Security Pro, Section 9.5.
Which of the following encryption mechanisms offers the least security because of weak keys? AES TwoFish IDEA
DES EXPLANATION DES offers the least encryption security from the cryptography systems in this list. DES has a limitation of 56-bit keys, the weakest of those listed here. The strength of a cryptosystem lies not only in long keys but in the algorithm, initialization vector or method, the proper use of the keyspace, and the protection and management of keys. AES (128, 192, 256 bit keys), TwoFish (up to 256 bit keys), and IDEA (128 bit keys) all support stronger keys than DES. REFERENCES LabSim for Security Pro, Section 9.5.
Which of the following is the weakest symmetric encryption method? Twofish Blowfish 3DES AES DES
DES EXPLANATION DES was one of the first symmetric encryption methods and is now obsolete (known weaknesses can be used to break the encryption). 3DES improves upon DES by applying the encryption three times. It is an acceptable alternative to DES. AES is stronger and faster than 3DES when implemented with a large key size (256-bits). Blowfish and Twofish were alternatives to DES, but AES was chosen to replace DES. REFERENCES LabSim for Security Pro, Section 9.5.
Which of the following symmetric cryptography systems does not support a variable block size? RC5 IDEA AES Rijndael
IDEA EXPLANATION IDEA is a symmetric cryptography system that does not support a variable block size. IDEA only supports a 64-bit block size. RC5, AES, and AES's algorithm Rijndael all support variable block sizes. RC5's supported block sizes are 32, 64, and 128. AES (Rijndael) supports any block size. REFERENCES LabSim for Security Pro, Section 9.5.
Which of the following symmetric block ciphers does not use a variable block length? Advanced Encryption Standard (AES) International Data Encryption Algorithm (IDEA) Elliptic Curve (EC) Ron's Cipher v5 (RC5)
International Data Encryption Algorithm (IDEA) EXPLANATION International Data Encryption Algorithm (IDEA) does not use variable block lengths. In addition to IDEA, the following symmetric block ciphers also do not use variable block lengths: - Data Encryption Standard (DES) - Ron's Cipher v2 or Ron's Code v2 (RC2) - Blowfish - Twofish - SkipJack AES uses variable block lengths. RC5 uses 32-, 64- or 128-bit block lengths. Elliptic Curve (EC) is an asymmetric cipher. REFERENCES LabSim for Security Pro, Section 9.5.
Which of the following are true of Triple DES (3DES)? (Select two.) Is used in IPsec Uses the Rijndael block cipher Can easily be broken Uses a 168-bit key Uses 64-bit blocks with 128-bit keys
Is used in IPSec Uses a 168bit key EXPLANATION Triple DES: - Applies DES three times - Uses a 168-bit key - Used in IPsec as its strongest and slowest encipherment Advanced Encryption Standard (AES) uses the Rijndael block cipher. DES can easily be broken. International Data Encryption Algorithm (IDEA) uses 64-bit blocks with 128-bit keys. REFERENCES LabSim for Security Pro, Section 9.5.
How many keys are used with symmetric key cryptography? One Two Four Five
One EXPLANATION Private key, or symmetric, cryptography uses a single shared key. Both communicating parties must possess the shared key to encrypt and decrypt messages. The biggest challenge to symmetric cryptography is the constant need to protect the shared private key. This protection must be applied at all times, including during the initial transmission of the shared key between the parties. REFERENCES LabSim for Security Pro, Section 9.5.
Which of the following can be classified as a stream cipher? RC4 AES Blowfish Twofish
RC4 EXPLANATION The most frequently used implementation of symmetric key stream ciphers is Ron's code (or Ron's cipher) v4, known as RC4. RC4 uses a variable key up to 256 bits and is commonly used with WEP and SSL. It uses the Key Scheduling Algorithm (KSA) and the Pseudo-Random Generation Algorithm (PRGA). Blowfish, Twofish, and AES are all block ciphers. REFERENCES LabSim for Security Pro, Section 9.5.
Which version of the Rivest cipher is a block cipher that supports variable bit length keys and variable bit block sizes? RC4 RC5 RC2 RSA
RC5 EXPLANATION RC5 is a block cipher that supports variable bit length keys and variable bit block sizes. RC4 is a stream cipher. RC2 is limited to 64 bit blocks. RSA is not a Rivest cipher; rather, it is an asymmetric cryptography system developed by the same organization. REFERENCES LabSim for Security Pro, Section 9.5.
Which of the following is the most frequently used symmetric key stream cipher? Advanced Encryption Standard (AES) Ron's Cipher v4 (RC4) Ron's Cipher v2 (RC2) Blowfish
Ron's Cipher v4 (RC4) EXPLANATION RC4 is the most frequently used symmetric key stream cipher. RC4 is commonly used with WEP and SSL. AES, RC2, and Blowfish are all symmetric block ciphers. REFERENCES LabSim for Security Pro, Section 9.5.
What form of cryptography is best suited for bulk encryption because it is so fast? Public key cryptography Hashing cryptography Symmetric key cryptography Asymmetric cryptography
Symmetric key cryptography EXPLANATION Symmetric cryptography is best suited for bulk encryption because it is much faster than asymmetric cryptography. Hashing is not used for encryption; it is only used to verify the integrity of data. Public key cryptography, also known as asymmetric cryptography, is best suited for small amounts of data. Often, asymmetric cryptography is used to exchange symmetric cryptography keys, and then the symmetric cryptography keys are used to encrypt communication traffic. REFERENCES LabSim for Security Pro, Section 9.5
Which of the following forms of cryptography is best implemented in hardware? Asymmetric Symmetric stream Symmetric block Public key
Symmetric stream EXPLANATION Symmetric stream cryptography is best implemented in hardware because the data size makes it infeasible to have enough RAM or CPU cycles to process the data. Symmetric block cryptography is primarily implemented in software. Asymmetric cryptography, also known as public key cryptography, is mainly used for key distribution, digital signatures, and data encryption for small amounts of data. REFERENCES LabSim for Security Pro, Section 9.5.
Match the symmetric key distribution mechanism on the left with the appropriate description on the right. Each distribution mechanism may be used once, more than once, or not at all. Drag Out-of-band distribution In-band distribution Drop The sender's key is sent to a recipient using a Diffie-Hellman key exchange. The sender's key is copied to a USB drive and handed to the recipient. The sender's key is sent to the recipient using public key cryptography. The sender's key is burned to a CD and handed to the recipient.
The sender's key is sent to a recipient using a Diffie-Hellman key exchange. In-band distribution The sender's key is copied to a USB drive and handed to the recipient Out-of-band distribution The sender's key is sent to the recipient using public key cryptography. In-band distribution The sender's key is burned to a CD and handed to the recipient. Out-of-band distribution EXPLANATION Before communications can begin using symmetric encryption, both parties must exchange the shared secret key using a secure channel. Symmetric key encryption can use the following key distribution methods: - Out-of-band distribution involves manually distributing the key, such as copying the key to a USB drive and sending it to the other party. - In-band distribution can use a key distribution algorithm, such as Diffie-Hellman, to send the key to the recipient. It can also use asymmetric encryption technology to encrypt the key for distribution. REFERENCES LabSim for Security Pro, Section 9.5.