Cryptography
The most common attack against cryptographic algorithms is: a. A ciphertext-only attack b. A brute force attack c. A known plaintext attack d. A chosen plaintext attack
a. A ciphertext-only attack
The elliptic curve system uses which of the following to create digital signatures? a. A hash algorithm b. A prime algorithm c. An inversion algorithm d. A linear algorithm
a. A hash algorithm
The Rijndael algorithm uses which of the following? a. Advanced encryption standard, AES b. Data encryption standard, DES c. Digital signature standard, DSS d. Key exchange algorithm, KEA
a. Advanced encryption standard, AES
Which one of the following provides data integrity? a. Cyclic redundancy checks, CRC b. Digitized signatures c. Passwords and PINs d. Biometrics
a. Cyclic redundancy checks, CRC
Which of the following protect the X.509 public key certificate? a. DSA and SHA-1 b. DES and SHA c. 3DES and MD4 d. IDEA and MD5
a. DSA and SHA-1
The SHA and HMAC provide the basis for which of the following? a. Data integrity b. Confidentiality c. Authentication d. Non-repudiation
a. Data integrity
Which of the following is an example of asymmetric encryption algorithm? a. Diffie-Hellman b. DES c. 3DES d. IDEA
a. Diffie-Hellman
Which of the following is primarily required for continued functioning of a public key infrastructure (PKI)? a. Disaster recovery plans b. Service level plans c. Fraud prevention plans d. Legal liability plans
a. Disaster recovery plans
Which of the following methods provide the highest security to protect access from unauthorized people? a. Encryption b. Call-back or dial-back systems c. Magnetic cards with personal identification number d. User ID and password
a. Encryption
Which of the following is not a valid PKI architecture? a. Gateway architecture b. Hierarchical architecture c. Mesh architecture d. Bridge architecture
a. Gateway architecture
A simpler alternative to a digital signature is a: a. Hash function b. Digital certificate c. Handwritten signature d. Certificate authority
a. Hash function
The freeware product, Tripwire is which of the following? a. It is a file integrity checker b. It is a file confidentiality checker c. It is a file availability checker d. It is a file damage checker
a. It is a file integrity checker
Which of the following is not true about one-time pad? a. It is breakable b. Each key is used only once c. It is unbreakable d. Each key is used for only one message
a. It is breakable
Which of the following is not part of cryptographic key management process? a. Key layering b. Key distribution c. Key storage d. Key generation
a. Key layering
The control technique that achieves confidentiality of data in transfer is: a. Line encryption b. One-time password c. File encryption d. End-to-end encryption
a. Line encryption
A birthday attack is targeted at which of the following? a. MD5 b. SSL c. SLIP d. SET
a. MD5
Which of the following will mitigate threat to integrity when private key cryptography is used? a. Message authentication code b. Message identifier c. Message header d. Message trailer
a. Message authentication code
Digital signature is another type of electronic signature. A digital signature is implemented using which of the following cryptographic techniques? a. Public key cryptography b. Key escrow cryptography c. Secret key cryptography d. Hybrid cryptographic systems
a. Public key cryptography
What keys are used to create digital signatures? a. Public-key cryptography b. Private-key cryptography c. Hybrid-key cryptography d. Primary-key cryptography
a. Public-key cryptography
Zero-knowledge proof is used in which of the following applications? a. Public-key encryption process b. Zeriozation process c. Degaussing operation d. Data remanence operation
a. Public-key encryption process
The two protocol algorithms used in cryptographic applications for compressing data are which of the following? a. SHA and MD5 b. 3DES and IDEA c. DSA and DSS d. RSA and SKIPJACK
a. SHA and MD5
Which of the following key algorithms decrypt data with the same key used for encryption? a. Symmetric key algorithm b. Asymmetric key algorithm c. Symmetric and public key algorithms d. Asymmetric and secret key algorithms
a. Symmetric key algorithm
Cryptographic key management is a difficult problem for which of the following? a. Symmetric-key algorithms b. Asymmetric-key algorithms c. Hybrid-key algorithms d. Hash-key algorithms
a. Symmetric-key algorithms
Public-key cryptographic systems are knows as: a. Two-keys or asymmetric systems b. Two-keys or symmetric systems c. One-key or symmetric systems d. One-key or asymmetric systems
a. Two-keys or asymmetric systems
A physical security measure for cryptographic keys is which of the following? a. Zeroization b. Zero-knowledge proof c. Zero defects proof d. Zero quantum proof
a. Zeroization
Elliptic curve systems are which of the following? 1. Asymmetric algorithms 2. Symmetric algorithms 3. Public-key systems 4. Private-key systems a. 2 and 3 b. 1 and 3 c. 2 and 4 d. 1 and 4
b. 1 and 3
The key length of Message Digest 5 (MD5) is which of the following? a. 112 bits b. 128 bits c. 160 bits d. 256 bits
b. 128 bits
What is the bit size of a DES? a. 40 b. 56 c. 64 d. 112
b. 56
The primary goal of a public key infrastructure (PKI) is to create which of the following? a. A closed environment b. A trusted environment c. An open environment d. A bounded environment
b. A trusted environment
During the design of data communication networks, a functional capability of providing link encryption and end-to-end encryption is addressed by which of the following? a. Administrative control b. Access control c. Cost control d. Technical control
b. Access control
Which one of the following encryption keys is slow? a. Symmetric b. Asymmetric c. Semi-symmetric d. Semi-asymmetric
b. Asymmetric
Digital signatures are not used for which of the following? a. Authentication b. Availability c. Non-repudiation d. Integrity
b. Availability
Asymmetric-key cryptography is not ideally suited for which of the following? a. Authentication b. Confidentiality c. Integrity d. Non-repudiation
b. Confidentiality
Which of the following is an example of symmetric key encryption algorithm? a. MD5 b. DES c. RSA d. MD4
b. DES
Which of the following is not included in the digital signature standard (DSS)? a. Digital signature algorithm, DSA b. Data encryption standard, DES c. Rivest, Shamir, Adelman algorithm, RSA d. Elliptic curve digital signature algorithm, ECDSA
b. Data encryption standard, DES
Which of the following provides both integrity and confidentiality services for data and messages? a. Digital signatures b. Encryption c. Cryptographic checksums d. Granular access control
b. Encryption
Which of the following security services or statements is not true with the U.S. digital signature standard (DSS)? a. It generates a digital signature b. It does not require a third-party certificate c. It assures non-repudiation of a message d. It verifies a digital signature
b. It does not require a third-party certificate
21. Which of the following is the best definition of a public key infrastructure (PKI)? a. It is a policy b. It is an infrastructure c. It is hardware d. It is software
b. It is an infrastructure
Which is not true about the Authentication Header (AH) of the IPSEC protocol? a. It protects against modification b. It provides privacy protection c. It provides connectionless integrity d. It protects against replay attacks
b. It provides privacy protection
What is the best way to encrypt data? a. Bulk encryption b. Link encryption c. Transaction encryption d. End-to-end encryption
b. Link encryption
If "N" keys are required to reconstruct the original key, application of the "Split Knowledge" concept requires how many keys to be documented? a. N keys b. N-1 keys c. N+1 keys d. N+2 keys
b. N-1 keys
Which of the following encryption algorithms or schemes is absolutely unbreakable? a. Data encryption standard (DES) b. One-time pad c. International data encryption algorithm (IDEA) d. RC2 and RC4
b. One-time pad
Pretty good privacy (PGP) is an electronic-mail security program. Which of the following statements is true about PGP? a. PGP is a standard b. PGP is a product c. PGP is interoperable d. PGP is not portable
b. PGP is a product
Countermeasures against replay attacks do not include which of the following? a. Time-stamps b. Protocols c. Nonces d. Kerberos
b. Protocols
26. Which of the following will mitigate threat to integrity when public key cryptography is used? a. Data checksums and secure hashes b. Public key signatures and secure hashes c. Cyclic redundancy checks and secure hashes d. Simple checksums and secure hashes
b. Public key signatures and secure hashes
Which of the following algorithms is used to create a message digest? a. SSL b. SHA c. SLIP d. SKIP
b. SHA
The major components of IPSEC include which of the following? a. SPI, FH, and SPE b. SPI, AH, and ESP c. SPI, RH, and PSE d. SPI, KH, and EPS
b. SPI, AH, and ESP
A fundamental principle for protecting cryptographic keys includes which of the following? a. Zeroization and total knowledge b. Split knowledge and dual control c. Single control and formal proof d. Zero-knowledge proof and triple control
b. Split knowledge and dual control
The least significant bit in a bit string is which of the following? a. The left-most bit of a bit string b. The right-most bit of a bit string c. The top-most bit of a bit string d. The bottom-most bit of a bit string
b. The right-most bit of a bit string
The key length of the Rijndael algorithm is which of the following? a. Fixed b. Variable c. Semi-fixed d. Semi-variable
b. Variable
What is the bit size of a RSA? a. Fixed b. Variable c. Semi-fixed d. Semi-variable
b. Variable
The major advantage of a checksum program is that it: a. Adds more bytes to programs b. Verifies integrity of files c. Increases boot-up time d. Misleads a program recompilation
b. Verifies integrity of files
The key length of Secure Hash Algorithm (SHA-1) is which of the following? a. 112 bits b. 128 bits c. 160 bits d. 256 bits
c. 160 bits
A digital certificate is: a. A password-protected file b. An encrypted file c. A password-protected and encrypted file d. A password-protected and modem-protected file
c. A password-protected and encrypted file
A cryptographic module is undergoing testing. Which of the following provides the highest level of testing? a. At the algorithm level b. At the module level c. At the application level d. At the product level
c. At the application level
Public key technology and digital certificates do not provide which of the following security services? a. Authentication b. Non-repudiation c. Availability d. Data integrity
c. Availability
Public-key cryptographic systems are not suitable for which of the following? a. Link encryption b. End-to-end encryption c. Bulk encryption d. Session encryption
c. Bulk encryption
Which of the following symmetric key block cipher algorithms provide authentication services? a. ECB b. CBC c. CBC-MAC d. CFB
c. CBC-MAC
In order for message digests to be effectively used in digital certificates, they must be: a. Access-resistant b. Authorization-resistant c. Collision-resistant d. Attack-resistant
c. Collision-resistant
In the U.S., the Clipper chip is not designed for: a. Telephones b. Facsimiles c. Computer networks d. Low-speed applications
c. Computer networks
Symmetric key algorithms are ideally suited for which of the following? a. Authentication b. Integrity c. Confidentiality d. Non-repudiation
c. Confidentiality
Most cryptographic attacks focus on which of the following? a. Cryptographic keys b. Cryptographic passwords c. Cryptographic parameters d. Cryptographic PINs
c. Cryptographic parameters
Cryptology is defined as which of the following? a. Crypto-algorithm + crypto-operation b. Crypto-period + crypto-security c. Cryptography + cryptanalysis d. Cryptographic authentication + cryptographic key
c. Cryptography + cryptanalysis
Which of the following is good practice for organizations issuing digital certificates? a. Develop a consulting agreement b. Develop an employment agreement c. Develop a subscriber agreement d. Develop a security agreement
c. Develop a subscriber agreement
Which of the following is the best technique to detect duplicate transactions? a. ECDSA and SHA b. ECDSA and SHA-1 c. ECDSA and MID d. ECDSA and MD5
c. ECDSA and MID
When compared to the Rivest, Shamir, Adelman (RSA) algorithm, the Digital Signature Standard (DSS) does not provide: a. Digital signature b. Authentication c. Encryption d. Data integrity
c. Encryption
Which of the following can be used in conjunction with a traffic padding security mechanism? a. Passwords b. Smart tokens c. Encryption d. Memory tokens
c. Encryption
Which of the following statements about encryption is not true? a. Software encryption degrades system performance b. Hardware encryption is faster c. Encryption is a desirable option in a local-area network (LAN) d. Key management is an administrative burden
c. Encryption is a desirable option in a local-area network (LAN)
Which of the following is not a common method of attacking a computer system? a. Password cracking b. Packet sniffing c. Encryption key breaking d. Sendmail
c. Encryption key breaking
Hash-based message authentication code (HMAC) is heavily used in which of the following? a. PPP operations b. SET operations c. IPSEC operations d. PPTP operations
c. IPSEC operations
IPSEC uses which of the following for negotiation to take place? a. Diffie-Hellman exchange b. IPSEC SA c. ISAKMP SA d. RSA exchange
c. ISAKMP SA
Which of the following provides the level of "trust" required for the digital certificates to reliably complete a transaction? a. Certificate policy, CP b. Certification practices statement, CPS c. Identity proofing d. Outsourcing
c. Identity proofing
Which one of the following certificate authorities (CA) is subordinate to another CA and has a CA subordinate to itself? a. Root CA b. Superior CA c. Intermediate CA d. Subordinate CA
c. Intermediate CA
X.509 Version 3 standard, compared to previous versions, provide which of the following? a. Authentication b. Encryption c. Interoperability d. Digital signature
c. Interoperability
Which of the following statements is not true about Secure Sockets Layer (SSL)? a. It uses both symmetric and asymmetric key cryptography b. It is used to perform authentication c. It is a point-to-point protocol d. It is a session-oriented protocol
c. It is a point-to-point protocol
The major requirement for a public key certification authority is that: a. It must be independent b. It must have a proper contract c. It must be trusted d. It must have a good reputation
c. It must be trusted
In cryptographic key management, key zeroization means which of the following? a. Key recovery b. Key re-generation c. Key destruction d. Key correction
c. Key destruction
Which of the following should not be subject to review during a periodic review of a cryptographic system? a. Parameters b. Operation c. Keys d. Controls
c. Keys
Which of the following digital certificate levels provide a stronger identification and authentication? a. Level 1 b. Level 2 c. Level 3 d. Level 4
c. Level 3
Which of the following digital certificate levels provide a photo identification? a. Level 1 b. Level 2 c. Level 3 d. Level 4
c. Level 3
Which of the following are examples of cryptographic hash functions? a. SHA and 3DES b. DES and CBC c. MD5 and SHA-1 d. DAC and MAC
c. MD5 and SHA-1
A hash function is which of the following? a. One-to-one function b. One-to-many function c. Many-to-one function d. Many-to-many function
c. Many-to-one function
Which of the following binds the identity of a user to his public key? a. Private key technology and digital certificates b. Symmetric key technology and digital signatures c. Public key technology and digital certificates d. Cryptographic key technology and electronic signatures
c. Public key technology and digital certificates
Which of the following is true about the Rivest, Shamir, Adelman (RSA) algorithm? a. RSA produces a 160-bit hash b. RSA produces a 128-bit hash c. RSA uses a 512-1024 bit key d. RSA uses an 80-bit key
c. RSA uses a 512-1024 bit key
The National Institute of Standards and Technology (NIST) selected which of the following as the advanced encryption standard (AES)? a. MARS algorithm b. Serpent algorithm c. Rijndael algorithm d. Twofish algorithm
c. Rijndael algorithm
Which one of the following uses a private-key system? a. RSA algorithm b. Knapsack algorithm c. Rijndael algorithm d. El Gamal algorithm
c. Rijndael algorithm
Hash-based message authentication code (HMAC) is which of the following? a. Public key + hash function b. Primary key + hash function c. Secret key + hash function d. Secondary key + hash function
c. Secret key + hash function
Which of the following should be used to prevent an eavesdropping attack from remote access to firewalls? a. File encryption b. Bulk encryption c. Session encryption d. Stream encryption
c. Session encryption
Which one of the following facilitates data/information hiding in computer systems? a. Polygraph b. Holography c. Steganography d. Cryptography
c. Steganography
Which of the following is required to accept digital certificates from multiple vendor certification authorities? a. The application must be PKI-enabled b. The application must be PKI-aware c. The application must use X.509 Version 3 d. The application must use PKI-vendor "plug-ins"
c. The application must use X.509 Version 3
Who is best qualified to evaluate the security of Public Key Infrastructure (PKI) systems and procedures? a. Certification authorities b. Registration authorities c. Third parties d. Subscribers
c. Third parties
The Advanced Encryption Standard (AES) algorithms are: a. Very slow and very strong b. Very fast and very weak c. Very fast and very strong d. Very slow and very weak
c. Very fast and very strong
What is the correct sequence of keys in a triple data encryption standard (3DES) algorithm operating with three keys? a. encrypt-decrypt-encrypt b. decrypt-encrypt-decrypt c. encrypt-encrypt-encrypt d. decrypt-decrypt-decrypt
c. encrypt-encrypt-encrypt
What is the bit size of IDEA? a. 40 b. 56 c. 64 d. 128
d. 128
What is the bit size of a secure hash algorithm (SHA)? a. 40 b. 56 c. 128 d. 160
d. 160
What is the bit size of triple DES with three keys? a. 40 b. 56 c. 128 d. 168
d. 168
The advanced encryption standard (AES) algorithm is currently not capable of using which of the following? a. 128 bits b. 192 bits c. 256 bits d. 320 bits
d. 320 bits
What is the bit size of SKIPJACK? a. 40 b. 56 c. 64 d. 80
d. 80
The key exchange algorithm (KEA) requires which of the following? a. A 256-bit prime modulus b. A 512-bit prime modulus c. A 768-bit prime modulus d. A 1024-bit prime modulus
d. A 1024-bit prime modulus
Which of the following is not a critical component of cryptographic key management system? a. A point-to-point environment b. A key distribution center environment c. A key translation center environment d. A key disclosure center environment
d. A key disclosure center environment
Effective controls to detect attempts to replay an earlier successful authentication exchange do not include: a. A time-stamp b. A sequence number c. An unpredictable value d. A statistical random value
d. A statistical random value
To achieve effective security over transmission, indicate the area where encryption can be applied: a. At packet level b. At record level c. At file level d. At field level
d. At field level
Data encryption standard (DES) cannot provide which of the following security services? a. Encryption b. Access control c. Integrity d. Authentication
d. Authentication
Cryptography provides all of the following services except: a. Authentication b. Confidentiality c. Integrity d. Availability
d. Availability
Which of the following plays a critical role in ensuring the integrity of public keys in the commercial sector PKI? a. Registration authority, RA b. Access Certification for Electronic Services, ACES c. Federal Technology Services, FTS d. Certification authority, CA
d. Certification authority, CA
Criteria for trusting a digital certificate do not depend on which of the following factors? a. Compliance with a X.509 standard b. The strength of the cryptography used c. The identity validation process used d. Compliance with a X.500 standard
d. Compliance with a X.500 standard
Which of the following threats is not addressed by digital signatures and random number challenges? a. Masquerade b. Replay attacks c. Password compromise d. Denial-of-service
d. Denial-of-service
The best technique to thwart network masquerading is through the use of: a. Dial-back technique b. Dial-forward technique c. File encryption only d. Dial-back combined with data encryption
d. Dial-back combined with data encryption
Which of the following will mitigate threat to non-repudiation? a. Secure hashes b. Message digest 4 c. Message digest 5 d. Digital signatures and certificates
d. Digital signatures and certificates
Effective controls to ensure data integrity of messages does not include: a. Encryption algorithms b. Hashing algorithms c. File seals d. File labels
d. File labels
IDEA is which of the following? a. It is asymmetric and uses a 128-bit key b. It is symmetric and uses a 56-bit key c. It is asymmetric and uses a 160-bit key d. It is symmetric and uses a 128-bit key
d. It is symmetric and uses a 128-bit key
Which of the following is not true about the Encapsulating Security Payload (ESP) of the IPSEC protocol? a. It protects replay attacks b. It protects integrity c. It protects confidentiality d. It protects the IP header
d. It protects the IP header
Which of the following is a hash algorithm? a. DES b. IDEA c. 3DES d. MD5
d. MD5
Which of the following encryption schemes is more secure? a. Encrypting once with the same key b. Encrypting twice with the same key c. Encrypting twice with two keys d. Multiple encryption
d. Multiple encryption
The Secure Sockets Layer (SSL) transport protocol provides all of the following services except: a. Mutual authentication b. Message privacy c. Message integrity d. Mutual handshake
d. Mutual handshake
Which of the following is used to encrypt IP packets? a. PPTP b. HTTP c. IPSEC d. PPP
d. PPP
Which of the following is an example of public-key cryptographic systems? a. MAC and DAC b. DES and 3DES c. RSA and IDEA d. RSA and DSS
d. RSA and DSS
Which of the following features of Secure HyperText Transfer Protocol (SHTTP) achieves higher levels of protection? a. Freshness feature b. Algorithm independence feature c. Syntax compatibility feature d. Recursive feature
d. Recursive feature
Which of the following is implemented in the Version 3 of X.509 protocol? a. SSL b. Regular MIME c. SHA d. S/MIME
d. S/MIME
Message digests use which of the following algorithms? a. SSL and MD4 b. DES and RC4 c. IDEA and RC4 d. SHA-1 and MD5
d. SHA-1 and MD5
Which of the following is not part of PKI data structures? a. Public key certificate b. Certificate revocation lists c. Attribute certificate d. Subject certificate
d. Subject certificate
Which of the following is not usually seen on a digital certificate? a. The owner name b. The public key c. The effective dates for keys d. The insurance company name
d. The insurance company name
What is the major purpose of a digital certificate? a. To achieve availability goal b. To maintain more information on the certificate c. To verify the certificate authority d. To establish user authentication
d. To establish user authentication
IPSEC protocols use which of the following modes? a. Main mode and aggressive mode b. Quick mode and informational mode c. State mode and user mode d. Transport mode and tunnel mode
d. Transport mode and tunnel mode
Which of the following provides a unique user ID for a digital certificate? a. User name b. User organization c. User e-mail d. User message digest
d. User message digest
The least powerful method of protecting confidential data or program files is by: a. Scrambling the data b. Encoding the data before transmission c. Decoding the data after transmission d. Using passwords and other identification codes
d. Using passwords and other identification codes
Digital certificates are defined by which of the following International Telecommunications Union (ITU) standards? a. X.400 b. X.25 c. X.12 d. X.509
d. X.509