Chapter 7
Which of the following algorithms are used in symmetric encryption? (Select two.)
3DES Blowfish
A private key has been stolen. Which action should you take to deal with this crisis?
Add the digital certificate to the CRL
A PKI is an implementation for managing which type of encryption?
Asymmetric
You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose?
BitLocker
You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. You use EFS to encrypt the C:\Secrets folder and its contents. Which of the following is true in this scenario? (Select two.)
By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it. If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state.
When two different messages produce the same hash value, what has occurred?
Collision
You create a new document and save it to a hard drive on a file server on your company's network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal?
Confidentiality
Cryptographic systems provide which of the following security services?
Confidentiality Non-repudiation
Which of the following functions are performed by a TPM?
Create a hash of systems components
Hashing algorithms are used to perform which of the following activities?
Create a message digest
Which of the following encryption mechanisms offers the least security because of weak keys?
DES
Which of the following should you set up to ensure encrypted files can still be decrypted if the original user account becomes corrupted?
DRA
Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt?
Dictionary attack
Which of the following algorithms are used in asymmetric encryption?
Diffie-Hellman RSA
Which of the following is a direct integrity protection?
Digital signature
What is the most obvious means of providing non-repudiation in a cryptography system?
Digital signatures
Which of the following security solutions would prevent a user from reading a file that she did not create?
EFS
You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do?
Enable the TPM in the BIOS
Which utility would you MOST likely use on OS X to encrypt and decrypt data and messages?
GPG
What is the main function of a TPM hardware chip?
Generate and store cryptographic keys
Which of the following is a message authentication code that allows a user to verify that a file or message is legitimate?
HMAC
Which of the following is used to verify that a downloaded file has not been altered?
Hash
A birthday attack focuses on which of the following?
Hashing algorithms
To obtain a digital certificate and participate in a public key infrastructure (PKI), what must be submitted and where?
Identifying data and a certification request to the registration authority (RA)
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do?
Implement BitLocker without a TPM
You have downloaded a file from the internet. You generate a hash and check it against the original file's hash to ensure the file has not been changed. Which information security goal is this an example of?
Integrity
You are concerned that if a private key is lost, all documents encrypted with your private key will be inaccessible. Which service should you use to solve this problem?
Key escrow
Which of the following are true of Triple DES (3DES)?
Key length is 168 bits
Which of the following is the weakest hashing algorithm?
MD5
Your computer system is a participant in an asymmetric cryptography system. You've crafted a message to be sent to another user. Before transmission, you hash the message and then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. Which protection does the private key-signing activity of this process provide?
Non-repudiation
Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments?
Online Certificate Status Protocol
Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?
Private key
Which of the following can be classified as a stream cipher?
RC4
An attacker is attempting to crack a system's password by matching the password hash to a hash in a large table of hashes he or she has. Which type of attack is the attacker using?
Rainbow
In the certificate authority trust model known as a hierarchy, where does trust start?
Root CA
Which of the following does not or cannot produce a hash value of 128 bits?
SHA-1
What is the process of adding random characters at the beginning or end of a password to generate a completely different hash called?
Salting
Mary wants to send a message to Sam in such a way that only Sam can read it. Which key should be used to encrypt the message?
Sam's public key
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission?
Sender's public key
Which term means a cryptography mechanism that hides secret communications within various forms of data?
Steganography
Which form of cryptography is best suited for bulk encryption because it is so fast?
Symmetric key cryptography
An SSL client has determined that the certificate authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity?
The CA's public key must validate the CA's digital signature on the server certificate.
You have transferred an encrypted file across a network using the Server Message Block (SMB) Protocol. What happens to the file's encryption?
The file is encrypted when moved
Which of the following would require that a certificate be placed on the CRL?
The private key is compromised.
Which of the following database encryption methods encrypts the entire database and all backups?
Transparent Data Encryption (TDE)
When a cryptographic system is used to protect data confidentiality, what actually takes place?
Unauthorized users are prevented from viewing or accessing the resource.
Which of the following items are contained in a digital certificate? (Select two.)
Validity period Public key
Which standard is most widely used for certificates?
X.509
You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about the file?
Your copy is the same as the copy posted on the website
When a sender encrypts a message using their own private key, which security service is being provided to the recipient?
non-repudiation
