CIS-2337 Chap 6
Data in transit
Data that is in motion
Secure Real-time Transport Protocol (SRTP)
A network protocol for securely delivering audio and video over IP networks.
Pretty Good Privacy (PGP)
A popular program used to encrypt and decrypt email and files
Message integrity
A crucial component of message security
Digital signature
A cryptographic implementation designed to demonstrate authenticity and identity associated with a message
Bcrypt
A key stretching algorithm. It is used to protect passwords. Bcrypt salts passwords with additional bits before encrypting them with Blowfish. This thwarts rainbow table attacks.
Password-Based Key Derivation Function 2 (PBKDF2)
A key-derivation designed to produce a key derived from a password
DNSSEC (Domain Name System Security Extensions)
A set of extensions to the DNS protocol that, through the use of cryptography, enables origin authentication of DNS data, authenticated denial of existence, and data integrity, but does not extend to availability or confidentiality
Birthday Attack
A special type of brute-force attack that gets its name from something known as the birthday paradox, which states that in a group of at least 23 people, the chance that two individuals will have the same birthday is greater than 50 percent.
Simple Network Management Protocol version 3 (SNMPv3)
A standard for managing devices on IP-based networks. SNMPv3 was developed to specifically address the security concerns and vulnerabilities of SNMPv1 and SNMPv2.
Secure/Multipurpose Internet Mail Extensions (S/MIME)
A standard for public key encryption and signing of Multipurpose Internet Mail Extensions data in e-mails. S/MIME is designed to provide cryptographic protections to e-mails and is built into the majority of modern e-mail software to facilitate interoperability.
3. Transport Layer Security consists of which two protocols? A. The TLS Record Protocol and TLS Handshake Protocol B. The TLS Record Protocol and TLS Certificate Protocol C. The TLS Certificate Protocol and TLS Handshake Protocol D. The TLS Key Protocol and TLS Handshake Protocol
A. The TLS Record Protocol and TLS Handshake Protocol
7. What makes a digitally signed message different from an encrypted message? A. The digitally signed message has encryption protections for integrity and nonrepudiation. B. A digitally signed message uses much stronger encryption and is harder to break. C. The encrypted message only uses symmetric encryption. D. There is no difference.
A. The digitally signed message has encryption protections for integrity and nonrepudiation.
Transport Layer Security (TLS)
An IETF standard for the employment of encryption technology and replaces SSL.
Cipher Suite
An arranged group of algorithms
Secure Shell (SSH)
An encrypted remote terminal connection program used for remote connections to a server
Steganography
An offshoot of cryptography technology, gets its meaning from the Greek word steganos, meaning covered.
5. Which of the following is a detailed standard for creating and implementing security policies? A. PKIX B. ISO/IEC 27002 C. FIPS D. X.509
B. ISO/IEC 27002
4. What is the advantage of using a crypto module? A. Custom hardware adds key entropy. B. It performs operations and maintains the key material in a physical or logical boundary. C. It performs encryption much faster than general-purpose computing devices. D. None of the above.
B. It performs operations and maintains the key material in a physical or logical boundary.
6. Why does ECC work well on low-power devices? A. Less entropy is needed for a given key strength. B. Less computational power is needed for a given key strength. C. Less memory is needed for a given key strength. D. None of the above.
B. Less computational power is needed for a given key strength.
1. Which of the following is used to strengthen passwords from brute force attacks? A. Bcrypt2 B. PBKDF2 C. DNSSEC D. SSH-enabled logins
B. PBKDF2
10. Transport Layer Security for HTTP uses what port to communicate? A. 53 B. 80 C. 143 D. 443
D. 443
2. Why is LSB encoding the preferred method for steganography? A. It uses much stronger encryption. B. It applies a digital signature to the message. C. It alters the picture the least amount possible. D. It adds no additional entropy.
C. It alters the picture the least amount possible.
9. Which of the following is not an advantage of TLS v1.3 over TLS v1.2 and earlier? A. Removal of RC4 B. Reduction in round trips during handshakes C. Use of AES D. Restriction to AEAD ciphers
C. Use of AES
7. The use of multiple nearly identical messages can lead to the _______________ cryptographic attack method.
Collision
5. A _______________ is a software library that implements cryptographic functions.
Cryotographic Service Provider
Ephemeral keys
Cryptographic keys that are used only once after they are generated
8. Which of the following is a secure e-mail standard? A. POP3 B. IMAP C. SMTP D. S/MIME
D. S/MIME
1. _______________ is a protocol used to secure DNS packets during transmission across a network.
DNSSEC
Meet-in-the-middle attack
Involves attacking the problem from two directions and looking for the match
SFTP (Secure File Transfer Protocol)
Involves the use of FTP over an SSH channel. This leverages the encryption protections of SSH to secure FTP transfers. Because of its reliance on SSH, it uses TCP port 22.
4. ___________ provide precomputed answers to a problem.
Rainbow tables
Rainbow tables
Precomputed tables or hash values associated with passwords
10. _______________ is a popular encryption program that has the ability to encrypt and digitally sign e-mail and files.
Pretty Good Privacy (PGP)
9. Reusing previous user input to bypass security is an example of a(n) _______________ attack.
Replay
8. The _______________ is a network protocol for securely delivering audio and video over IP networks.
Secure Real-time Transport Protocol (SRTP)
2. A common encryption method designed to encrypt above the network layer, enabling secure sessions between hosts, is called ______________.
Secure Sockets Layer (SSL)
3. _______________ is the use of special encoding to hide messages within other messages.
Steganography
Data in use
Term used to describe data that is stored in a nonpersistent state of either RAM, CPU caches, or CPU registers
Downgrade attack
The attacker takes advantage of a commonly employed principle to support backward compatibility to downgrade the security to a lower or nonexistent state.
Data at rest
The most prominent use of encryption and is typically referred to as data encryption
Digital rights management (DRM)
The process for protecting intellectual property from unauthorized use
6. E-mails and their attachments can be secured using _______________.
Transport Encryption
Collision Attack
Where two different inputs yield the same output of a hash function.
Replay attack
Work against cryptographic systems like they do against other systems.
Cryptographic Service Provider (CSP)
a software library that implements cryptographic functions
Session key
a symmetric key used for encrypting messages during a communication session
Secure IMAP
are basically POP3 and IMAP, respectively, over an SSL/TLS session. Secure IMAP uses TCP port 993.
Secure POP3
are basically POP3 and IMAP, respectively, over an SSL/TLS session. Secure POP3 utilizes TCP port 995
Crypto Modules
use a hardware, software, or hybrid cryptographic engine contained within the boundary, and cryptographic keys that do not leave the boundary, maintaining a level of security.
Transport encryption
used to protect data that is in motion