CASP Chapter 1
15. You were given a disk full of applications by a friend but are unsure about installing a couple on your company laptop. Is there an easy way to verify if the programs are original or if they have been tampered with? A. Verify with a hashing algorithm. B. Submit to a certificate authority. C. Scan with symmetric encryption. D. Check the programs against the CRL.
A. Comparing the hash of a program to that on the developer's website is an easy way to verify the integrity of an application.
20. Which of the following can be used to describe a physical security component that is used for cryptoprocessing and can be used to securely store digital keys? A. HSM B. TPM C. HMAC D. OCSP
A. Hardware Security Modules (HSMs) are physical devices that are used to securely store cryptographic keys and are widely used in high-security systems and hard devices such as ATMs.
6. A junior administrator comes to you in a panic after seeing the cost for certificates. She would like to know if there is a way to get one certificate to cover all domains and subdomains for the organization. What solution can you offer? A. Wildcards B. Blanket certificates C. Distributed certificates D. No solution exists
A. Wildcard certificates allow the purchaser to secure an unlimited number of subdomain certificates on a domain name.
3. A coworker is concerned about the veracity of a claim because the sender of an email denies sending it. The coworker wants a way to prove the authenticity of an email. Which would you recommend? A. Hashing B. Digital signature C. Symmetric encryption D. Asymmetric encryption
B. A digital signature is a hash value that has been encrypted with the private key of the sender. It is used for authentication and integrity.
10. Which type of encryption best offers easy key exchange and key management? A. Symmetric B. Asymmetric C. Hashing D. Digital signatures
B. Asymmetric encryption offers easy key exchange and key management. However, it requires a much larger key to have the same strength as symmetric encryption.
14. A mobile user calls you from the road and informs you that he has been asked to travel to China on business. He wants suggestions for securing his hard drive. What do you recommend he use? A. S/MIME B. BitLocker C. Secure SMTP D. PKI
B. BitLocker is an example of an application that can provide full disk encryption.
18. Which of the following would properly describe a system that uses a symmetric key distributed by an asymmetric process? A. Digital signature B. Hybrid encryption C. HMAC D. Message digest
B. Hybrid encryption combines symmetric and asymmetric encryption. The process works by using an asymmetric process to exchange a symmetric key.
1. You have been asked by a member of senior management to explain the importance of encryption and define what symmetric encryption offers. Which of the following offers the best explanation? A. Non-repudiation B. Confidentiality C. Hashing D. Privacy and authentication
B. Symmetric encryption offers privacy as a feature but suffers from problems with key distribution and key management.
19. A CASP must understand the importance of encryption and cryptography. It is one of the key concepts used for the protection of data in transit, while being processed, or while at rest. With that in mind, DES ECB is an example of which of the following? A. Disk encryption B. Block encryption C. Port encryption D. Record encryption
B. There are many ways that cryptographic solutions can be applied. DES ECB is an example of block encryption. DES works with 64-bit blocks of data.
12. You're explaining the basics of cryptography to management in an attempt to obtain an increase in the budget. Which of the following is not symmetric encryption? A. DES B. RSA C. Blowfish D. Twofish
B. While DES, Blowfish, and Twofish are all examples of symmetric encryption, RSA is not.
8. Most authentication systems make use of a one-way encryption process. Which of the following best offers an example of one-way encryption? A. Asymmetric encryption B. Symmetric encryption C. Hashing D. PKI
C. Most authentication systems make use of a one-way encryption process known as hashing. One of the strengths of a hash is that it cannot be easily reversed.
2. As the security administrator for your organization, you must be aware of all types of hashing algorithms. Which algorithm was developed by Ron Rivest and offers a 128-bit output? A. AES B. DES C. MD5 D. RC4
C. The MD algorithms are a series of cryptographic algorithms that were developed by Ron Rivest. MD5 processes a variable-size input and produces a fixed 128-bit output.
4. A junior administrator at a sister company called to report a possible exposed private key that is used for PKI transactions. The administrator would like to know the easiest way to check whether the lost key has been flagged by the system. What are you going to tell the administrator? A. Hashing B. Issuance to entities C. Online Certificate Status Protocol D. Wildcard verification
C. The easiest way to check whether the lost key has been flagged by the system is to use the Online Certificate Status Protocol to check the certificate and verify if it is valid.
5. You've discovered that an expired certificate is being used repeatedly to gain logon privileges. To what list should the certificate have been added? A. Wildcard verification B. Expired key revocation list C. Online Certificate Status Protocol D. Certificate revocation list (CRL)
D. A CRL lists revoked certificates.
11. SSL and TLS can best be categorized as which of the following? A. A symmetric encryption system B. An asymmetric encryption system C. A hashing system D. A hybrid encryption system
D. Both SSL and TLS are examples of hybrid encryption. These services use both symmetric and asymmetric algorithms.
9. Which of the following is an early form of encryption also known as ROT3? A. Transposition cipher B. Substitution cipher C. Scytale D. Caesar's cipher
D. Caesar's cipher is known as ROT3 cipher, because you move forward by three characters to encrypt and back by three characters to decrypt.
13. Which of the following is not a hashing algorithm? A. SHA B. HAVAL C. MD5 D. IDEA
D. IDEA is a symmetric encryption standard that is similar to DES and was invented in Switzerland.
7. Which of the following is not an advantage of symmetric encryption? A. It's powerful. B. A small key works well for bulk encryption. C. It offers confidentiality. D. Key exchange is easy.
D. Symmetric encryption does not provide for easy key exchange.
17. You have been asked to suggest a simple trust system for distribution of encryption keys. Your client is a three-person company and wants a low-cost or free solution. Which of the following would you suggest? A. Single authority trust B. Hierarchical trust C. Spoke/hub trust D. Web of trust
D. The web of trust is easy to set up and has little or no cost. Users can distribute keys directly by attaching them to the bottom of their email messages.
16. What is the correct term for when two different files are hashed and produce the same hashed output? A. Session key B. Digital signature C. Message digest D. Collision
D. When two different messages result in the same output, it's called a collision. Collisions can be a problem with hashing programs that output shorter hashes, such as 128 bits. That is why many programs that rely on a hash use 256-bit or 512-bit outputs. Larger hashes are less likely to suffer from collision.