9.6.3 Security Pro Practice Questions
Which of the following are characteristics of ECC? (Select two.) Uses multiplication of large prime numbers Symmetric encryption Asymmetric encryption Uses a finite set of values within an algebraic field
Asymmetric encryption Uses a finite set of values within an algebraic field EXPLANATION Elliptic curve cryptography (ECC) is an approach to cryptography that uses a finite set of values within an elliptic curve (an algebraic set of numbers). ECC is an asymmetric encryption algorithm. RSA is an asymmetric algorithm that uses the multiplication of large prime numbers for encryption. REFERENCES LabSim for Security Pro, Section 9.6.
Which of the following is used in conjunction with a local security authority to generate the private and public key pair used in asymmetric cryptography? CRL CA OCSP CSP CPS
CSP EXPLANATION A cryptographic service provider (CSP) resides on the client and generates the key pair. This is a software program that can generate keys using a specific algorithm. The certificate authority (CA) is an entity trusted to issue, store, and revoke digital certificates. The certificate practice statement (CPS) is a declaration of the security that the organization is implementing for all certificates issued by the CA holding the CPS. The certificate revocation list (CRL) resides in the CA and consists of a list of certificates that have been previously revoked. The online certificate status protocol (OCSP) is a protocol used for checking the status of an individual digital certificate to verify whether it is good or has been revoked. REFERENCES LabSim for Security Pro, Section 9.6.
Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5, or any other symmetric cryptography solution? Merkle-Hellman Knapsack RSA Diffie-Hellman Elliptical Curve
Diffie-Hellman EXPLANATION Diffie-Hellman is the only key generation system in this list of options. Diffie-Hellman produces a number that can be used as a key in any symmetric cryptography solution (assuming the number is within the algorithm's keyspace). Merkle-Hellman Knapsack is not a key generation system. Instead, it is an insecure concept that pre-dates public key encryption. Elliptical curve is not a key generation system. Instead, it is a method of applying other systems to gain greater strength from smaller keys. RSA is not a key generation system. Instead, it is an asymmetric cryptography system that can be used for encryption, key exchange, and digital signatures. REFERENCES LabSim for Security Pro, Section 9.6.
Which form of asymmetric cryptography is based upon Diffie-Hellman? El Gamal ECC Merkle-Hellman Knapsack RSA
El Gamal EXPLANATION El Gamal is based upon Diffie-Hellman. REFERENCES LabSim for Security Pro, Section 9.6.
Mary wants to send a message to Sam so that only Sam can read it. Which key would be used to encrypt the message? Sam's private key Sam's public key Mary's public key
Sam's public key EXPLANATION Use Sam's public key to encrypt the message. Only the corresponding private key, which only Sam has, can be used to decrypt the message. Mary cannot use Sam's private key because only Sam has that key. Anything encrypted with the private key can be decrypted by anyone with the public key. Encrypting using Mary's private key would mean that anyone could read the data using Mary's public key. Encrypting with Mary's public key would mean that only Mary would be able to decrypt it using her private key. REFERENCES LabSim for Security Pro, Section 9.6.
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission? Sender's private key Receiver's private key Receiver's public key Sender's public key
Sender's public key EXPLANATION Digital signatures are created using the sender's private key. Thus, only the sender's public key can be used to verify and open any data encrypted with the sender's private key. The recipient's private and public keys are not involved in this type of cryptography situation. Often, the hashing value of a message is protected by the sender's private key (their digital signature). The recipient must extract the original hashing value. REFERENCES LabSim for Security Pro, Section 9.6.
The success of asymmetric encryption is dependent upon which of the following? The secrecy of the algorithm The integrity of the individuals who created the cryptosystem The complexity of the cipher text The secrecy of the key
The secrecy of the key EXPLANATION The strength of an asymmetric encryption system lies in the secrecy and security of its private keys. The strength of a cryptosystem should not be in the secrecy of the algorithm. This means that the algorithm is usually published and can be scrutinized for weaknesses. REFERENCES LabSim for Security Pro, Section 9.6.
Match each public key cryptography key management mechanism on the left with the corresponding description on the right. Each mechanism may be used once, more than once, or not at all. Drag Ephemeral keys Static keys Perfect forward secrecy DHE ECDH Drop Implements the Diffie-Hellman key exchange protocol using elliptic curve cryptography Exist only for the lifetime of a specific communication session Uses no deterministic algorithm when generating public keys Can be reused by multiple communication sessions
Implements the Diffie-Hellman key exchange protocol using elliptic curve cryptography. ECDH Exist only for the lifetime of a specific communication session. Ephemeral keys Uses no deterministic algorithm when generating public keys Perfect forward secrecy Can be reused by multiple communication sessions. Static keys EXPLANATION Public key cryptography can use a variety of mechanisms to manage encryption keys, including the following: - Ephemeral keys are generated every time the key establishment process is executed and only exist for the lifetime of a specific communication session. As such, these keys have a relatively short lifespan. - Static keys can be reused by multiple communication sessions. As such, these keys remain in use for a relatively long period of time. - Perfect forward secrecy can be implemented in public key cryptography system so that random public keys are generated for each session. No deterministic algorithm is used when generating the public keys. - Elliptic curve Diffie-Hellman (ECDH) is an implementation of the Diffie-Hellman key exchange protocol using elliptic curve cryptography. It allows two parties, each having their own elliptic curve public/private key pair, to generate symmetric keys simultaneously over a non-secure channel. REFERENCES LabSim for Security Pro, Section 9.6.
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature? Sam's private key Mary's public key Mary's private key Sam's public key
Mary's private key EXPLANATION Use Mary's private key to create the digital signature. This proves that only Mary could have sent the message because only Mary has access to her private key. Sam would use Mary's public key to verify the digital signature. Use Sam's public key to encrypt a message that only Sam should be able to read. Only the corresponding private key, which only Sam has, can be used to decrypt the message. Mary cannot use Sam's private key because only Sam has that key. Anything encrypted with the private key can be decrypted by anyone with the public key. Encrypting with Mary's public key would mean that only Mary would be able to decrypt it using her private key, but could not prove where the message came from because anyone has access to Mary's public key. REFERENCES LabSim for Security Pro, Section 9.6.
Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates? Cryptographic algorithm Private keys Public keys Hash values
Private keys EXPLANATION The strength of an asymmetric cryptographic system lies in the secrecy and security of its private keys. A digital certificate and a digital signature are little more than unique applications of a private key. If the private keys are compromised for a single user, for a secured network, or for a digital certificate authority, the entire realm of trust is destroyed. REFERENCES LabSim for Security Pro, Section 9.6.
Which of the following algorithms are used in asymmetric encryption? (Select two.) AES Twofish Diffie-Hellman RSA Blowfish
RSA Diffie-Hellman EXPLANATION RSA and Diffie-Hellman are asymmetric algorithms. RSA, one of the earliest encryption algorithms, can also be used for digital signatures. The Diffie-Hellman protocol was created in 1976, but is still in use today in technologies such as SSL, SSH, and IPsec. REFERENCES LabSim for Security Pro, Section 9.6.
How many keys are used with asymmetric (public key) cryptography? One Two Three Four
Two EXPLANATION Public key (asymmetric) cryptography uses two keys: one is referred to as the public key, and the other the private key. This key pair overcomes the difficulties associated with the secure distribution of private keys. The communicating parties do not need to share secret information; only the public keys are shared. Public keys are associated with users through authentication, usually through a mutually trusted directory, such as a certificate authority. The sender transmits a confidential message using only the recipient's public key. The message can only be decrypted with the associated private key possessed solely by the recipient. Public key cryptography not only provides encryption, but is the basis for authentication technologies such as digital signatures. REFERENCES LabSim for Security Pro, Section 9.6.
