Study Guide 763 - 917
C. Deals with linguistic units.
A code, as is pertains to cryptography: A. Is a generic term for encryption. B. Is specific to substitution ciphers. C. Deals with linguistic units. D. Is specific to transposition ciphers.
A. Confidentiality, Authentication, Non-repudiation, and Integrity.
A message can be encrypted and digitally signed, which provides... A. Confidentiality, Authentication, Non-repudiation, and Integrity. B. Confidentiality and Authentication C. Confidentiality and Non-repudiation D. Confidentiality and Integrity.
A. Ring Architecture.
An Architecture where there are more than two execution domains or privilege levels is called: A. Ring Architecture. B. Ring Layering C. Network Environment. D. Security Models
D. Operational Assurance and Life-Cycle Assurance.
As per the Orange Book, what are two types of system assurance? A. Operational Assurance and Architectural Assurance. B. Design Assurance and Implementation Assurance. C. Architectural Assurance and Implementation Assurance. D. Operational Assurance and Life-Cycle Assurance.
C. B1 and above.
At what Orange Book evaluation levels are design specification and verification first required? A. C1 and above. B. C2 and above. C. B1 and above. D. B2 and above.
D. B2 and above.
At which of the Orange Book evaluation levels is configuration management required? A. C1 and above. B. C2 and above. C. B1 and above. D. B2 and above.
A. Confidentiality
Complete the following sentence. A message can be encrypted, which provides... A. Confidentiality B. Non-Repudiation C. Authentication D. Integrity
D. Auditing and controlling any changes to the Trusted Computing Base.
Configuration Management controls what? A. Auditing of changes to the Trusted Computing Base. B. Control of changes to the Trusted Computing Base. C. Changes in the configuration access to the Trusted Computing Base. D. Auditing and controlling any changes to the Trusted Computing Base.
C. B2 and above.
Covert Channel Analysis is first introduced at what level of the TCSEC rating? A. C2 and above. B. B1 and above. C. B2 and above. D. B3 and above.
B. Detecting fraudulent deletion.
Cryptography does NOT help in: A. Detecting fraudulent insertion. B. Detecting fraudulent deletion. C. Detecting fraudulent modification. D. Detecting fraudulent disclosure.
C. Hardware and software cryptographic modules
FIPS-140 is a standard for the security of which of the following? A. Cryptographic service providers B. Smartcards C. Hardware and software cryptographic modules D. Hardware security modules
A. Both client and server
In an SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? A. Both client and server B. The client's browser C. The web server D. The merchant's Certificate Server
B. Ciphertext-only attack
In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process? A. Known-plaintext attack B. Ciphertext-only attack C. Chosen-Ciphertext attack D. Plaintext-only attack
A. Electronic Code Book (ECB)
In which mode of DES, will a block of plaintext and a key always give the same ciphertext? A. Electronic Code Book (ECB) B. Output Feedback (OFB) C. Counter Mode (CTR) D. Cipher Feedback (CFB)
D. message integrity.
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? A. message non-repudiation. B. message confidentiality. C. message interleave checking. D. message integrity.
B. 16
The Data Encryption Algorithm performs how many rounds of substitution and permutation? A. 4 B. 16 C. 54 D. 64
B. Key Agreement
The Diffie-Hellman algorithm is primarily used to provide which of the following? A. Confidentiality B. Key Agreement C. Integrity D. Non-repudiation
C. Key agreement
The Diffie-Hellman algorithm is used for: A. Encryption B. Digital signature C. Key agreement D. Non-repudiation
C. integrity and availability
The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address? A. integrity and confidentiality B. confidentiality and availability C. integrity and availability D. none of the above
A. A and B.
The Orange Book describes four hierarchical levels to categorize security systems. Which of the following levels require mandatory protection? A. A and B. B. B and C. C. A, B, and C. D. B and D.
B. C2 and above.
The Orange Book requires auditing mechanisms for any systems evaluated at which of the following levels? A. C1 and above. B. C2 and above. C. B1 and above. D. B2 and above.
C. System Integrity.
The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]." This statement is the formal requirement for: A. Security Testing. B. Design Verification. C. System Integrity. D. System Architecture Specification.
A. computing in Galois fields
The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for computer use. A. computing in Galois fields B. computing in Gladden fields C. computing in Gallipoli fields D. computing in Galbraith fields
D. N(N - 1)/ 2
The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to communicate securely with each other is given by which of the following? A. K(N - 1)/ 2 B. N(K - 1)/ 2 C. K(N + 1)/ 2 D. N(N - 1)/ 2
A. Chosen-Ciphertext attack
This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I? A. Chosen-Ciphertext attack B. Ciphertext-only attack C. Plaintext Only Attack D. Adaptive-Chosen-Plaintext attack
C. Rijndael
What algorithm has been selected as the AES algorithm, replacing the DES algorithm? A. RC6 B. Twofish C. Rijndael D. Blowfish
D. A single classification and a Compartment Set.
What are the components of an object's sensitivity label? A. A Classification Set and a single Compartment. B. A single classification and a single compartment. C. A Classification Set and user credentials. D. A single classification and a Compartment Set.
C. Authority revocation list
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? A. Certificate revocation list B. Certificate revocation tree C. Authority revocation list D. Untrusted certificate list
B. An attribute certificate
What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public key certificate? A. A public-key certificate B. An attribute certificate C. A digital certificate D. A descriptive certificate
D. A digital signature
What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity? A. A digital envelope B. A cryptographic hash C. A Message Authentication Code D. A digital signature
B. Key clustering
What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext? A. Key collision B. Key clustering C. Hashing D. Ciphertext collision
D. Neither label contains all the categories of the other.
What does it mean to say that sensitivity labels are "incomparable"? A. The number of classifications in the two labels is different. B. Neither label contains all the classifications of the other. C. the number of categories in the two labels are different. D. Neither label contains all the categories of the other.
C. Non repudiation
What does the directive of the European Union on Electronic Signatures deal with? A. Encryption of classified data B. Encryption of secret data C. Non repudiation D. Authentication of web servers
A. Cross-certification
What enables users to validate each other's certificate when they are certified under different certification hierarchies? A. Cross-certification B. Multiple certificates C. Redundant certification authorities D. Root certification authorities
A. It provides authentication of the message
What is NOT true about a one-way hashing function? A. It provides authentication of the message B. A hash cannot be reverse to get the message used to create the hash C. The results of a one-way hash is a message digest D. It provides integrity of the message
A. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.
What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)? A. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates. B. The OCSP (Online Certificate Status Protocol) is a proprietary certificate mechanism developed by Microsoft and a Certificate Revocation List (CRL) is an open standard. C. The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate Revocation List (CRL) is used by Certificate Authorities D. The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate and a Certificate Revocation List (CRL) is used by Certificate Authorities.
B. 128 bits
What is the key size of the International Data Encryption Algorithm (IDEA)? A. 64 bits B. 128 bits C. 160 bits D. 192 bits
D. 2040 bits
What is the maximum key size for the RC5 algorithm? A. 128 bits B. 256 bits C. 1024 bits D. 2040 bits
C. 3
What is the maximum number of different keys that can be used when encrypting with Triple DES? A. 1 B. 2 C. 3 D. 4
C. ROT13 cipher
What is the name for a substitution cipher that shifts the alphabet by 13 places? A. Caesar cipher B. Polyalphabetic cipher C. ROT13 cipher D. Transposition cipher
A. Internet Key Exchange (IKE)
What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)? A. Internet Key Exchange (IKE) B. Secure Key Exchange Mechanism C. Oakley D. Internet Security Association and Key Management Protocol
C. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
What is the purpose of Trusted Distribution? A. To ensure that messages sent from a central office to remote locations are free from tampering. B. To prevent the sniffing of data as it travels through an untrusted network enroute to a trusted network. C. To ensure that the Trusted Computing Base is not tampered with during shipment or installation. D. To ensure that messages received at the Trusted Computing Base are not old messages being resent as part of a replay attack.
D. 80 bits
What key size is used by the Clipper Chip? A. 40 bits B. 56 bits C. 64 bits D. 80 bits
B. Hybrid (both Symmetric and Asymmetric)
What kind of Encryption technology does SSL utilize? A. Secret or Symmetric key B. Hybrid (both Symmetric and Asymmetric) C. Public Key D. Private key
B. Level 2/Class 2
What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database? A. Level 1/Class 1 B. Level 2/Class 2 C. Level 3/Class 3 D. Level 4/Class 4
B. Reference Monitor.
What mechanism does a system use to compare the security labels of a subject and an object? A. Validation Module. B. Reference Monitor. C. Clearance Check. D. Security Module.
C. Split knowledge
What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It is sometimes referred to as "what each must bring" and joined together when getting access or decrypting a file. Each of which does not reveal the other? A. Dual control B. Separation of duties C. Split knowledge D. Need to know
B. One-time pad
What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition? A. Running key cipher B. One-time pad C. Steganography D. Cipher block chaining
C. B2
Which Orange Book evaluation level is described as "Structured Protection"? A. A1 B. B3 C. B2 D. B1
A. ECC (Elliptic Curve Cryptosystem)
Which encryption algorithm is BEST suited for communication with handheld wireless devices? A. ECC (Elliptic Curve Cryptosystem) B. RSA C. SHA D. RC4
A. MQV
Which key agreement scheme uses implicit signatures? A. MQV B. DH C. ECC D. RSA
C. RSA
Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING LARGE NUMBERS? A. El Gamal B. Elliptic Curve Cryptosystems (ECCs) C. RSA D. International Data Encryption Algorithm (IDEA)
A. Message Authentication Code - MAC
Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender? A. Message Authentication Code - MAC B. PAM - Pluggable Authentication Module C. NAM - Negative Acknowledgement Message D. Digital Signature Certificate
C. Security Testing and Trusted distribution
Which of the following are required for Life-Cycle Assurance? A. System Architecture and Design specification B. Security Testing and Covert Channel Analysis C. Security Testing and Trusted distribution D. Configuration Management and Trusted Facility Management
B. A public key infrastructure
Which of the following binds a subject name to a public key value? A. A public-key certificate B. A public key infrastructure C. A secret key infrastructure D. A private key certificate
B. Digital watermarking
Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later? A. Steganography B. Digital watermarking C. Digital enveloping D. Digital signature
A. A known-plaintext attack
Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs? A. A known-plaintext attack B. A known-algorithm attack C. A chosen-ciphertext attack D. A chosen-plaintext attack
B. Simple Key-management for Internet Protocols (SKIP)
Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys? This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis? A. Internet Security Association and Key Management Protocol (ISAKMP) B. Simple Key-management for Internet Protocols (SKIP) C. Diffie-Hellman Key Distribution Protocol D. IPsec Key exchange (IKE)
C. Maximum response time for performing a revocation by the CA
Which of the following can best define the "revocation request grace period"? A. The period of time allotted within which the user must make a revocation request upon a revocation reason B. Minimum response time for performing a revocation by the CA C. Maximum response time for performing a revocation by the CA D. Time period between the arrival of a revocation request and the publication of the revocation information
C. PKCS#1
Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA? A. PKCS #17799 B. PKCS-RSA C. PKCS#1 D. PKCS#11
C. Both block size and key length can be extended to multiples of 64 bits.
Which of the following concerning the Rijndael block cipher algorithm is false? A. The design of Rijndael was strongly influenced by the design of the block cipher Square. B. A total of 25 combinations of key length and block length are possible C. Both block size and key length can be extended to multiples of 64 bits. D. The cipher has a variable block length and key length.
D. Internet Key Exchange (IKE)
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? A. Timestamping B. Repository C. Certificate revocation D. Internet Key Exchange (IKE)
C. RSA
Which of the following encryption algorithms does not deal with discrete logarithms? A. El Gamal B. Diffie-Hellman C. RSA D. Elliptic Curve
C. Signature-based MAC (SMAC)
Which of the following is NOT a known type of Message Authentication Code (MAC)? A. Keyed-hash message authentication code (HMAC) B. DES-CBC C. Signature-based MAC (SMAC) D. Universal Hashing Based MAC (UMAC)
C. Maximum key size is 512 bits
Which of the following is NOT a property of the Rijndael block cipher algorithm? A. The key sizes must be a multiple of 32 bits B. Maximum block size is 256 bits C. Maximum key size is 512 bits D. The key size does not have to match the block size
B. Digital Signature Standard (DSS)
Which of the following is NOT a symmetric key algorithm? A. Blowfish B. Digital Signature Standard (DSS) C. Triple DES (3DES) D. RC5
D. Data Encryption Standard (DES)
Which of the following is NOT an asymmetric key algorithm? A. RSA B. Elliptic Curve Cryptosystem (ECC) C. El Gamal D. Data Encryption Standard (DES)
C. Advanced Encryption Standard (AES)
Which of the following is NOT an example of an asymmetric key algorithm? A. Elliptic curve cryptosystem (ECC) B. Diffie-Hellman C. Advanced Encryption Standard (AES) D. Merkle-Hellman Knapsack
C. RC5
Which of the following is a symmetric encryption algorithm? A. RSA B. Elliptic Curve C. RC5 D. El Gamal
B. Internet Security Association and Key Management Protocol (ISAKMP)
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism? A. OAKLEY B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. IPsec Key exchange (IKE)
B. Polyalphabetic cipher
Which of the following is best at defeating frequency analysis? A. Substitution cipher B. Polyalphabetic cipher C. Transposition cipher D. Ceasar Cipher
A. Confidentiality
Which of the following is best provided by symmetric cryptography? A. Confidentiality B. Integrity C. Availability D. Non-repudiation
D. OAKLEY
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE? A. Diffie-Hellman Key Exchange Protocol B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY
A. Internet Key exchange (IKE)
Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations? A. Internet Key exchange (IKE) B. Security Association Authentication Protocol (SAAP) C. Simple Key-management for Internet Protocols (SKIP) D. Key Exchange Algorithm (KEA)
D. L2F
Which of the following is less likely to be used today in creating a Virtual Private Network? A. L2TP B. PPTP C. IPSec D. L2F
A. Stream ciphers
Which of the following is more suitable for a hardware implementation? A. Stream ciphers B. Block ciphers C. Cipher block chaining D. Electronic code book
C. Speed
Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric Ciphers? A. Provides Limited security services B. Has no built in Key distribution C. Speed D. Large number of keys are needed
C. It operates on 64-bit plaintext blocks and uses a 128 bit key.
Which of the following is not a property of the Rijndael block cipher algorithm? A. It employs a round transformation that is comprised of three layers of distinct and invertible transformations. B. It is suited for high speed chips with no area restrictions. C. It operates on 64-bit plaintext blocks and uses a 128 bit key. D. It could be used on a smart card.
B. Electronic credential proving that the person the certificate was issued to is who they claim to be
Which of the following is true about digital certificate? A. It is the same as digital signature proving Integrity and Authenticity of the data B. Electronic credential proving that the person the certificate was issued to is who they claim to be C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user. D. Can't contain geography data such as country for example.
C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised.
Which of the following is true about link encryption? A. Each entity has a common key with the destination node. B. Encrypted messages are only decrypted by the final node. C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. D. Only secure nodes are used in this type of transmission.
A. Electronic Code Book (ECB)
Which of the following modes of DES is MOST Likely used for Database Encryption A. Electronic Code Book (ECB) B. Cipher Block Chaining (CBC) C. Cipher Feedback (CFB) D. Output Feedback (OFB)
B. WTLS
Which of the following offers security to wireless communications? A. S-WAP B. WTLS C. WSP D. WDP
A. Encryption
Which of the following services is NOT provided by the digital signature standard (DSS)? A. Encryption B. Integrity C. Digital signature D. Authentication
C. It allows the recipient of data to prove the source and integrity of data.
Which of the following statements is most accurate regarding a digital signature? A. It is a method used to encrypt confidential data. B. It is the art of transferring handwritten signature to electronic media. C. It allows the recipient of data to prove the source and integrity of data. D. It can be used as a signature system and a cryptosystem.
D. PPTP is derived from L2TP.
Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect? A. PPTP allows the tunnelling of any protocols that can be carried within PPP. B. PPTP does not provide strong encryption. C. PPTP does not support any token-based authentication method for users. D. PPTP is derived from L2TP.
B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates.
Which of the following statements pertaining to Secure Sockets Layer (SSL) is false? A. The SSL protocol was developed by Netscape to secure Internet client-server transactions. B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates. C. Web pages using the SSL protocol start with HTTPS D. SSL can be used with applications such as Telnet, FTP and email protocols.
C. Plain text is encrypted with a public key and decrypted with a private key.
Which of the following statements pertaining to block ciphers is incorrect? A. It operates on fixed-size blocks of plaintext. B. It is more suitable for software than hardware implementations. C. Plain text is encrypted with a public key and decrypted with a private key. D. Some Block ciphers can operate internally as a stream.
B. When not using the full keyspace, the key should be extremely random.
Which of the following statements pertaining to key management is incorrect? A. The more a key is used, the shorter its lifetime should be. B. When not using the full keyspace, the key should be extremely random. C. Keys should be backed up or escrowed in case of emergencies. D. A key's lifetime should correspond with the sensitivity of the data it is protecting.
C. Information stays encrypted from one end of its journey to the other.
Which of the following statements pertaining to link encryption is false? A. It encrypts all the data along a specific communication path. B. It provides protection against packet sniffers and eavesdroppers. C. Information stays encrypted from one end of its journey to the other. D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
C. The message digest should be calculated using at least 128 bytes of the file.
Which of the following statements pertaining to message digests is incorrect? A. The original file cannot be created from the message digest. B. Two different files should not have the same message digest. C. The message digest should be calculated using at least 128 bytes of the file. D. Message digests are usually of fixed size.
B. A stream cipher generates what is called a keystream.
Which of the following statements pertaining to stream ciphers is correct? A. A stream cipher is a type of asymmetric encryption algorithm. B. A stream cipher generates what is called a keystream. C. A stream cipher is slower than a block cipher. D. A stream cipher is not appropriate for hardware-based encryption.
B. Message Authentication Code (MAC)
Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission? A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundancy Check (CRC) D. Secure Hash Standard (SHS)
C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.
Which of the following would best define a digital envelope? A. A message that is encrypted and signed with a digital certificate. B. A message that is signed with a secret key and encrypted with the sender's private key. C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver. D. A message that is encrypted with the recipient's public key and signed with the sender's private key.
B. Every X number of words within a text, is a part of the real message.
Which of the following would best describe a Concealment cipher? A. Permutation is used, meaning that letters are scrambled. B. Every X number of words within a text, is a part of the real message. C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks. D. Hiding data in another message so that the very existence of the data is concealed.
A. Verification of the validity of all certificates of the certificate chain to the root certificate
Which of the following would best describe certificate path validation? A. Verification of the validity of all certificates of the certificate chain to the root certificate B. Verification of the integrity of the associated root certificate C. Verification of the integrity of the concerned private key D. Verification of the revocation status of the concerned certificate
C. Birthday attack
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack
B. Packet Header Source or Destination address
While using IPsec, the ESP and AH protocols both provide integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the most? A. Key session exchange B. Packet Header Source or Destination address C. VPN cryptographic key size D. Crypotographic algorithm used
B. Certification authority
Who vouches for the binding between the data items in a digital certificate? A. Registration authority B. Certification authority C. Issuing authority D. Vouching authority
A. Non-repudiation
You are an information systems security officer at a mid-sized business and are called upon to investigate a threat conveyed in an email from one employee to another. You gather the evidence from both the email server transaction logs and from the computers of the two individuals involved in the incident and prepare an executive summary. You find that a threat was sent from one user to the other in a digitally signed email. The sender of the threat says he didn't send the email in question. What concept of PKI - Public Key Infrastructure will implicate the sender? A. Non-repudiation B. The digital signature of the recipient C. Authentication D. Integrity
