itm 446 cyber security

A certificate repository (CR) is a publicly accessible centralized directory of digital certificates A) True B) False

A

A collision attack is an attempt to find two input strings of a hash function that produce the same hash result. A) True B) False

A

What protocol developed by Netscape in 1994 is designed to create an encrypted data path between a client? A) SSL B) TLS C) PEAP D) EAP

A

What term best describes when cryptography is applied to entire disks instead of individual files or groups of files? A) full disk encryption B) system encryption C) OS encryption D) disk encryption

A

What type of cryptographic algorithm creates a unique digital fingerprint of a set of data? A) hash B) key C) digest D) block

A

What type of cryptography uses two keys instead of just one generating both a private and a public key? A) asymmetric B) symmetric C) shared D) open

A

When Bob needs to send Alice a message with a digital signature whose private key is used to encrypt the hash? A) Bob's private key B) Alice's private key C) Bob and Alice's key D) Bob's private key and Alice's public key

A

Wireless data networks are particularly susceptible to known ciphertext attacks. A) True B) False

A

Secure Shell (SSH)

A Linux/UNIX-based command interface and protocol for securely accessing a remote computer.

Secure Sockets Layer (SSL)

A Protocol developed by Netscape for securely transmitting documents over the Internet that uses a private key to encrypt data. uses AES

root digital certificate

A certificate that is created and verified by a CA.

Trusted Platform Module (TPM)

A chip on the motherboard of the computer that provides cryptographic services.

Block Cipher

A cipher that manipulates an entire block of plaintext at one time.

Public Key Infrastructure (PKI)

A framework for managing all of the entities involved in creating, storing, distributing, and revoking digital certificates.

cryptographic algorithm

A mathematical computation used to encrypt and decrypt data. (cipher)

key

A mathematical value entered into a cryptographic algorithm to produce cyphertext

Certificate Repository (CR)

A publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate.

Certificate Revocation List (CRL)

A repository that lists revoked digital certificates.

Secure Hash Algorithm (SHA)

A secure hash algorithm that creates hash values of longer lengths than Message Digest (MD) algorithms.

TLS (Transport Layer Security)

A security protocol that uses certificates and public key cryptography for mutual authentication and data encryption over a TCP/IP connection.

Certificate Signing Request (CSR)

A structured message sent to a certificate authority requesting a digital certificate.

digital certificate

A technology used to associate a user's identity to a public key, in which the user's public key is digitally signed by a trusted third party.

Stream Cipher

An algorithm that takes one character and replaces it with one character.

Downgrade Attack

An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode.

Collision Attack

An attempt to find two input strings of a hash function that produce the same hash result.

A common use of TLS and SSL to secure a communication between browser and web server A) http B) https C) ftp D) ssh

B

Digital certificates should last forever A) True B) False

B

Stream ciphers work on multiple characters at a time. A) True B) False

B

The simplest type of stream cipher, one in which one letter or character is exchanged for another is known as what? A) shift B) substitution C) lock D) loop

B

What alternative term can be used to describe asymmetric cryptographic algorithms? A) user key cryptography B) public key cryptography C) private key cryptography D) cipher-text cryptography

B

Which of the following asymmetric cryptography algorithms is most commonly used? A) AES B) RSA C) Twofish D)TPM

B

Why is IPsec considered dto be a transparent security protocol? A) Ipsec packets can be viewed by anyone B) IPsec is designed to not require modifications of programs, or additional training, or additional client C) IPsec's design and packet header contents are open sourced technologies D)IPsec uses the Transparent Encryption (TE) algorithm

B

In which type of encryption is the same key used to encrypt and decrypt data? A) private B) public C) symmetric D) asymmetric

C

Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates: A) Registration Authority B) Delegation Authority C) Certification Authority D) Participation Authority

C

What term best represent the resiliency of a cryptographic key to attacks? A) key bits B) key resiliency C) key strength D) key space

C

Which of the following is more secure than software encryption? A) private encryption B) application encryption C) hardware encryption D) full disk encryption

C

wildcard digital certificate

Certificate used to validate a main domain along with all subdomains.

decryption

Changing secret message back to original form

Certificate Life Cycle

Creation Suspension Revocation Expiration

asymmetric cryptographic algorithm

Cryptography that uses two mathematically related keys. also known as public key cryptography.

At what stage can a certificate no longer be used for any type of authentication? A) creation B) suspension C) revocation D) expiration

D

Data that is in an unencrypted form is referred to as which of the following? A) cryptext B) plain text C) simpletext D) cleartext

D

In cryptography, which of the five basic protections ensures that the information is correct and no unauthorized person or malicious software has altered that data? A) confidentiality B) availability C) encryption D) integrity

D

What cryptographic transport algorithm is considered to be significantly more secure than SSL? A) AES B) HTTPS C) ESSL D) TLS

D

What term describes data actions being performed by endpoint devices such as printing a report from a desktop computer? A) data-in-transit B) data-in-play C) data-at-rest D) data-in-use

D

Which of the following is not one of the function of a digital signature? A) verification of the sender B) prevention of the sender from disowning the message C) prove the integrity of the message D) protect the public key

D

cleartext data

Data stored or transmitted without encryption

confidentiality

Ensures that only authorized parties can view the information

Asymmetric cryptographic algorithms are also known as private key cryptography

False

Obfuscation is making something well known or clear

False

Steganography

Hiding the existence of data within a text, audio, image, or video file. something can contain hidden messages embedded in the file may hide data in the file header fields that describe the file.

certificate chaining

Linking several certificates together to establish trust between all the certificates involved.

obfuscation

Making something obscure or unclear.

Improper implementation

Many cryptographic algorithms have several configuration options • Unless careful consideration is given to these options the cryptography may be improperly implemented

using deprecated algorithms

Means to use a cryptographic algorithm that should not be used because of known vulnerabilities

non-repudiation

Proves that a user performed an action

user digital certificate

The end-point of the certificate chain.

key strength

The resiliency of a key to resist attacks.

two encryption modes of IPsec

Transport: leaves header unencrypted tunnel: Encrypts both the header and the data portion

Ciphertext is the scrambled and unreadable output of encryption

True

In information technology, non-repudiation is the process of proving that a user performed an action

True

Plaintext

Unencoded data. Also known as cleartext.

Pretty Good Privacy (PGP)

Widely used asymmetric cryptography system Used for files and e-mails on Windows systems

HTTPS (Hypertext Transfer Protocol Secure)

a common use of TLS and SSL. secure version is actually "plain" http sent over SSL or TLS

key escrow

a control procedure whereby a trusted party is given a copy of a key used to encrypt database data. both halves are encrypted. They expire after a set period of time and can be renewed

Secure/Multipurpose Internet Mail Extensions

a protocol for securing messages allows users to send encrypted messages that are also digitally signed

IP Security (IPsec)

a transparent security protocol 3 areas of protection: authentication confidentiality key management

pseudorandom number generator

an algorithm for creating a sequence of numbers whose properties approximate those of a random number.

XOR cipher

based on the binary operation exclusive or that compares two bits.

Birthday Attack

based on the birthday paradox, which says that for there to be a 50 percent chance that someone in a given room shares your birthday, 253 people would need to be in the room

encryption

changing original text into a secret message using cryptography

Hash algorithm

creates a unique 'digital fingerprint" of a set of data and is commonly called 'hashing'

what 3 states can cryptography provide protection to data?

data in-use data in-transit data at-rest

What is metadata?

data used to describe the content or structure of the actual data.

File and File System Cryptography

encryption softare can be used to encrypt or decrypt files one-by-one

integrity

ensures info is correct and unaltered

authentication

ensures sender can be verified through cryptography

Encryption is the practice of transforming information so that it is secure and cannot be accessed by unauthorized parties

false

diffusion

if a single character of plaintext is changed then it should result in multiple characters of the ciphertext changing

Cryptographic Transport Protocols

most common cryptographic transport algorithms: Secure Sockets Layer • Transport Layer Security • Secure Shell • Hypertext Transport Protocol Secure • S/MIME • Secure Real-time Transport Protocol • IP Security

Message Digest 5 (MD5)

most well known of the md hash algorithms

weaknesses of digital signature

only shows that the private key of the sender was used to encrypt the digital signature imposter could post a public key under a senders name

three primary characteristics that determine the resiliency of the key to attacks

randomness length cryptoperiod

Certificate Authority (CA)

responsible for digital certificates. also called root CA

Types of Digital Certificates

root domain hardware and software

cryptography

scrambling information so that it cannot be read. transforms information into secure form so unauthorized people cannot access it.

Substitution Cipher

substitute one value for another ROT13 is one type.

sponge function

takes as input a string of any length and returns a string of any requested variable length

confusion

the key does not relate in a simple way to the ciphertext

ciphertext

the scrambled and unreadable output of encryption

symmetric cryptographic algorithm

use the same single key to encrypt and decrypt a document. also called private key cryptography

Trusted third party

used to help solve the problem of verifying identity verifies the owner and that the public key belongs to that owner

digital signature

used to prove a document originated from a valid sender

Domain Validation

verifies the identity of the entity that has control over the domain name