3.5.10, 7.4.10, 3.3.6, system security unit 3
There are several block cipher modes of operation that can be utilized depending on the application or use. Which of the following block cipher modes of operation uses a nonce combined with a counter that is encrypted?
Counter Mode (CTR)
Which of the following functions are performed by a TPM?
Create a hash of system components
Which of the following algorithms are used in asymmetric encryption? (Select two.)
Diffie-Hellman and RSA
Which of the following cryptographic attacks uses SSL exploitation as a common implementation of this attack?
Downgrade attack
Which of the following security solutions would prevent a user from reading a file that she did not create?
EFS
Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?
Private keys
Mary wants to send a message to Sam in such a way that only Sam can read it. Which key should be used to encrypt the message?
Sam's public key
Which of the following terms means a cryptography mechanism that hides secret communications within various forms of data?
Steganography
Which form of cryptography is BEST suited for bulk encryption because it is so fast?
Symmetric key cryptography
You have transferred an encrypted file across a network using the Server Message Block (SMB) Protocol. What happens to the file's encryption?
The file is unencrypted when moved.
Blockchain is a unique and increasingly popular implementation of cryptography. A blockchain is a decentralized and distributed ledger that records and verifies transactions between two parties. The list on the left describes each step a block goes through as part of the blockchain cryptographic process. From the list on the left, drag a description to its proper step order on the right.
1. )User1 requests a transaction with User2. The request is made 2. using User1's personal secret key and User2's public key. 2.) The transaction is represented online as a block. 3.)The block is distributed to everyone on a peer-to-peer network. 4.)The network users verify the transaction is valid. 5.)The block is added to the chain. his provides a indisputable and transparent record of the transaction. 6.)The contents of the transaction move to User2.
Combining encryption with steganography involves several steps. From the list on the left, drag a description of a step or result in this process to the correct order on the right.
1. Encrypt plaintext with a private key to generate ciphertext. 2. The ciphertext is hidden inside of a media file, such as an image, using steganography. 3.The recipient extracts the ciphertext and decrypts it using the matching public key. 4. Because the ciphertext is hidden in the image file, someone intercepting the message would have to know its there before being able to decrypt it.
As a cybersecurity expert, you are tasked with implementing a secure enclave in your company's new mobile banking application. Which of the following statements best describes the primary function and benefit of a secure enclave in this context?
A secure enclave is a separate, isolated environment within the device's processor where sensitive data can be securely stored and processed.
A private key has been stolen. Which action should you take to deal with this crisis? answer Place the private key in escrow Delete the public key Recover the private key from escrow Add the digital certificate to the CRL
Add the digital certificate to the CRL
A PKI is an implementation for managing which type of encryption? answer Symmetric Hashing Asymmetric Steganography
Asymmetric
You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. You use EFS to encrypt the C:\Secrets folder and its contents. Which of the following is true in this scenario? (Select two.)
By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.,If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state.
Hashing algorithms are used to perform which of the following activities? answer Providing for non-repudiation. Creating a message digest. Encrypting bulk data for communications exchange. Providing a means for exchanging small amounts of data securely over a public network.
Creating a message digest.
Which of the following encryption mechanisms offers the least security because of weak keys?
DES
Which of the following should you set up to ensure encrypted files can still be decrypted if the original user account becomes corrupted?
DRA
What is the primary use of the RACE Integrity Primitives Evaluation Message Digest (RIPEMD)? answer It is primarily used for creating digital watermarks. It is primarily used in Bitcoin and other cryptocurrencies. It is primarily used for file compression. It is primarily used for email encryption.
It is primarily used in Bitcoin and other cryptocurrencies.
You are concerned that if a private key is lost, all documents encrypted with your private key will be inaccessible. Which service should you use to solve this problem? answer OCSP RA Key escrow CSP
Key escrow
Which of the following is no longer valid for security purposes? answer SHA-1 AES MD5 DES
MD5
Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments? answer Key escrow Certificate revocation list Private key recovery Online Certificate Status Protocol
Online Certificate Status Protocol
A medium-sized e-commerce company is planning to upgrade their website's security by acquiring a certificate from a certificate authority (CA). The company wants to ensure that the certificate not only validates their domain ownership but also verifies the legitimacy of their organization. They are also looking for a validation process that can be completed within 1 to 3 days. As the IT manager for the company, which level of CA validation would you recommend? answer Organization validation Extended validation Domain validation Self-signed certificate
Organization validation
An attacker is attempting to crack a system's password by matching the password hash to a hash in a large table of hashes he or she has. Which type of attack is the attacker using? answer Rainbow Brute force RIPEMD Cracking
Rainbow
In the process of obtaining a digital certificate, which entity may a certificate authority rely on to perform the validation of the certificate signing request (CSR)? answer Certificate revocation list Root authority Registration authority Online Certificate Status Protocol
Registration authority
What is the process of adding random characters at the beginning or end of a password to generate a completely different hash called? answer Salting Avalanche Collision Deterministic
Salting
A cyber security analyst wants to reduce the attack surface for a computer that contains top secret data. The analyst installs a cryptoprocessor as a module within the central processing unit (CPU) on the designated computer to accomplish this. What type of cryptoprocessor is the analyst installing?
TPM
An SSL client has determined that the certificate authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity? answer The domain on the server certificate must match the CA's domain name. The CA's public key validates the CA's digital signature on the server certificate. The post-master secret must initiate subsequent communication. The master secret is generated from common key code.
The CA's public key validates the CA's digital signature on the server certificate.
Which of the following would require that a certificate be placed on the CRL? answer The private key is compromised. The certificate validity period is exceeded. The encryption key algorithm is revealed. The signature key size is revealed.
The private key is compromised.
Which of the following statements accurately describes the root of trust model in a public key infrastructure (PKI)? answer The root of trust model defines how users and different CAs can trust one another, with each CA issuing itself a root certificate. In the root of trust model, the root certificate is issued by a third-party CA, not the organization's own CA. The root of trust model involves a root certificate that is issued by a user, not a CA. The root of trust model involves multiple root certificates, each issued by a different certificate authority (CA).
The root of trust model defines how users and different CAs can trust one another, with each CA issuing itself a root certificate.
Which of the following database encryption methods encrypts the entire database and all backups?
Transparent Data Encryption (TDE)
The network administrator for an international e-commerce company that operates multiple online stores must ensure secure communication across various subdomains. To streamline secure sockets layer/transport layer security (SSL/TLS) certificate management and implement a robust public key infrastructure (PKI), the network administrator must identify the most suitable solution for efficiently securing the company's numerous subdomains within the PKI. What is the MOST suitable solution for efficiently securing the multiple subdomains of the company's online stores within the PKI? answer Certificate pinning Wildcard certificates Certificate revocation lists (CRLs) Self-signed certificates
Wildcard certificates
You are a cybersecurity manager at a financial institution. Your team is responsible for managing the cryptographic keys used for secure transactions. Recently, there has been an increase in attempted cyber attacks on your institution. Which of the following key management strategies would be MOST effective in maintaining the security of your cryptographic keys under these circumstances?
You decide to set an expiration date for all current keys and inform users that they will need to renew their keys after this date.
You are a cybersecurity architect at a tech company that is developing a new mobile payment application. The application will handle sensitive user data including credit card information and personal identification numbers (PINs). Which of the following strategies would best leverage the concept of secure enclaves to protect this sensitive data?
You decide to store all sensitive data in a secure enclave on each user's device, accessible only with the user's unique PIN.
You are a cybersecurity analyst at a large corporation. Your team has been tasked with securing sensitive data within the company's database. One of the strategies you are considering is obfuscation. Which of the following scenarios would be the most appropriate application of obfuscation?
You use obfuscation to hide employee personal data within a database field by substituting character strings with x.
You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about the file? answer You are the only one able to open the downloaded file. You can prove the source of the file. Your copy is the same as the copy posted on the website. No one has read the file contents as it was downloaded.
Your copy is the same as the copy posted on the website.
You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose?
BitLocker
Which of the following algorithms are used in symmetric encryption? (Select two.)
Blowfish and DES
When two different messages produce the same hash value, what has occurred? answer Hash value Birthday attack High amplification Collision
Collision
You create a new document and save it to a hard drive on a file server on your company's network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal?
Confidentiality
Which of the following is used to verify that a downloaded file has not been altered? answer Private key Hash Asymmetric encryption Symmetric encryption
Hash
Which of the following types of encryption is specifically designed to allow data to be worked on without decrypting it first?
Homomorphic encryption
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do?
Implement BitLocker with a TPM
You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do?
Enable the TPM in the BIOS.
Which utility would you MOST likely use on OS X to encrypt and decrypt data and messages?
GPG
You are a security analyst at a large corporation. The corporation is implementing a new system that requires secure logon credential exchange between different departments. The corporation decides to use a cryptographic hashing algorithm for this purpose. Which of the following scenarios best demonstrates the correct use of hashing for secure logon credential exchange? answer Each department calculates a hash of their password and sends the actual password along with the hash to the other departments. The receiving department then verifies the password by comparing it with the hash. Each department sends their password to the other departments. The receiving department calculates a hash of the received password and compares it with the hash of the sending department's password they have on file. If the hashes match, the receiving department assumes the sending department has authenticated itself. Each department sha
Each department calculates a hash of their password and sends it to the other departments. The receiving department compares this hash with the hash of the sending department's password they have on file. If the hashes match, the receiving department assumes the sending department has authenticated itself.
What is the main function of a TPM hardware chip?
Generate and store cryptographic keys
Which of the following is a message authentication code that allows a user to verify that a file or message is legitimate? answer MD5 HMAC SHA RIPEMD
HMAC
A cyber technician reduces a computer's attack surface by installing a cryptoprocessor that a plug-in PCIe adaptor card can remove. What type of cryptoprocessor can support this requirement?
HSM
