Milestone Exam (part3, modules 6-7)
How is confidentiality achieved through IPsec?
(ESP) Encapsulating Security Payload
Which of the following statements describe a quantum computer?
A quantum computer is a computer that relies on qubits that can be both 0 and 1 at the same time.
Which is an IPsec protocol that authenticates that packets received were sent from the source?
AH (authentication header)
Which of these is the strongest symmetric cryptographic algorithm?
Advanced Encryption Standard
If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?
Alice's Public key
Which of the following is NOT a means by which a newly approved root digital certificate is distributed?
Application updates
Deo has been asked to explain RSA to his colleague. After his explanation, Deo is asked what, if any, weaknesses RSA has. How would Deo respond?
As computers become more powerful, the ability to compute factoring has increased.
Harry works at an automobile parts manufacturer. They sell these parts to retailers and deposit the proceeds in their bank. Using these funds, Harry pays the suppliers and employees. The Accounts Department maintains a ledger of all transactions of materials bought and sold. Similarly, the quality department and operations department also maintain a ledger of all transactions. Over the years, this process has become quite cumbersome, as growing data create confusion. Harry is looking at simplifying the process and has contacted you for a solution. Using which technology can this process be simplified and confusions avoided?
Blockchain
Jane, an IT security expert whose services are sought by XYZ Company, has recommended implementing CTR mode in the network. What is one requirement that needs to be fulfilled for computers to communicate when the CTR mode is implemented?
Both sender and receiver should have access to a counter.
Sigma Technology is a company based in Singapore, with branches in 24 countries. It needs multiple CAs in different locations to verify and sign digital certificates for the company. They are looking for an option where, even in the absence of a CA, other CAs can issue the certificates. Additionally, they are also looking for CAs who will overlook other CAs in different locations. In such a scenario, which PKI trust model should they use?
Bridge trust mode
What is the name of the device protected by a digital certificate?
CN (common name)
Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged?
CTR
A centralized directory of digital certificates is called a(n) _________________.
Certificate Repository (CR)
What is the name of the fields in an X.509 digital certificate that are used when the parties negotiate a secure connection?
Certificate attributes
Which of the following is a combination of encryption, authentication, and MAC algorithms, like a collection of instructions on securing a network?
Cipher suite
Which attack sees an attacker attempt to determine the hash function's input strings that produce the same hash result?
Collision attack
Which of these is NOT a characteristic of a secure hash algorithm?
Collisions should occur no more than 15 percent of the time.
What entity calls in crypto modules to perform cryptographic tasks?
Crypto service provider
Blockchain relies on which cryptographic algorithm to make it computationally infeasible to try to replace a block or insert a new block of information without the approval of all entities involved?
Cryptographic hash algorithms
ABC Enterprise is a global operation. As such, it needs to send regular, confidential messages and data between offices to communicate important market information, employee decisions, financial decisions, etc., for management consideration and senior-level decision making. Since these decisions impact the local employees and global businesses, they suspect that these data may be prone to attacks from threat actors internally and externally. While one of the senior systems administrators suggested implementing steganography to achieve this objective, the IT Department head at another branch suggested implementing cryptography. The management team has now called you for expert advice to select the best method to implement in the enterprise. What should your advice be, and why?
Cryptography should be implemented because it allows information to be viewed only by authorized users and checks whether the information has been altered or changed by anybody. It also makes the information unclear, even if other users see it. Cryptography is a more advanced technology than steganography. These features make cryptography the right choice for the enterprise to implement.
Which of the following is a state of data, where data is transmitted across a network?
Data in transit
Which of the following is not to be decrypted but is only used for comparison purposes?
Digest
John receives an encrypted document using asymmetric cryptography from Alex. Which process should Alex use along with asymmetric cryptography so that John can be sure that the received document is real, from Alex, and unaltered?
Digital Signature Algorithm
John and Sarah are working for Star Alliance. John had to send certain confidential data and messages to Sarah online. The use of which of the following will ensure that the message's sender is, in fact, John?
Digital certificate
Malik and Chris are shopping for shoes on an e-commerce website and need to enter their credit card details. Which of the following can assure them that they are using the retailer's authentic website and not an imposter's look-alike site that will steal their credit card details?
Digital certificate
What is the strongest technology that would assure Alice that Bob is the sender of a message?
Digital certificate
Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need?
Domain Validation
Basil was reading about a new attack that forces the system to abandon a higher cryptographic security mode of operation and instead fall back to an older and less secure mode. What type of attack is this?
Downgrade attack
ABC Enterprises plans to upgrade its internal confidential communication channel for the senior management team, which is geographically spread out, to enhance communication speed and security. They have decided to use cryptography to achieve this but can't decide on which model. The CEO has come to you for your suggestion on whether to use RSA or ECC. What should you recommend to the CEO, and why?
ECC(elliptic curve cryptography), as it uses sloping curves to generate keys. This makes it very secure for smaller key sizes making it secure and the communication exchange extremely fast.
Which of the following is a process where a private key is split into two halves, encrypted, and stored separately for future use?
Escrow
Which encryption method in BitLocker prevents attackers from accessing data by booting from another OS or placing the hard drive in another computer?
Full disk encryption
Which of these provides cryptographic services and is external to the device?
Hardware Security Module (HSM)
Which of the following is FALSE about "security through obscurity"?
It can only provide limited security.
Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)?
It includes a pseudorandom number generator (PRNG)
Which refers to a situation in which keys are managed by a third party, such as a trusted CA?
Key escrow
Which of the following is a process where a key is divided into a specific number of parts and distributed to multiple people, with some of them having the same parts of the key?
M-of-N control
Spectrum Technologies uses SHA 256 to share confidential information. The enterprise reported a breach of confidential data by a threat actor. You are asked to verify the cause of the attack that occurred despite implementing secure cryptography in communication. Which type of attack should you consider first, and why?
Misconfiguration attack; the company should have configured a higher security hash algorithm rather than using the less-secure SHA 256.
A manager working in ABC Consulting shared a list of employees from his team who were eligible for an extra week off. Later, he claimed that he has never shared this list. Which principle or functionality of a secured communication can be used to substantiate or verify the manager's claim?
Nonrepudiation
Alliance Consulting, a company based in France, is shutting down. Louis, the owner of the company, applied to revoke his digital certificate. He is very busy with the other details of shutting the company down and needs to be able to check the certificate's status quickly and easily. Which of the following will help him get a real-time lookup of the certificate's status?
OCSP
Which characteristic of cryptography makes information obscure or unclear, and by which the original information becomes impossible to be determined?
Obfuscation
Elton needs his application to perform a real-time lookup of a digital certificate's status. Which technology would he use?
Online Certificate Status Protocol (OCSP)
What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption?
P7B
Which of the following is defined as a structure for governing all the elements involved in digital certificate management?
PKI
What is data called that is to be encrypted by inputting it into a cryptographic algorithm?
Plaintext
Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this?
ROT13
Fatima is responsible for conducting business transactions for XYZ Company, and she only had the stored private key. She is on leave and currently unavailable, and the organization needs to complete an urgent business transaction. Which of the following methods should enable the organization to access Fatima's private key and digital certificate?
Recovery
Who verifies the authenticity of a CSR?
Registration Authority
Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as?
Repudiation
Which of these is NOT a basic security protection for information that cryptography can provide?
Risk
Which of the following digital certificates are self-signed and do not depend on the higher-level certificate authority (CA) for authentication?
Root digital certificates
Sarah needs to send an email with important documents to her client. Which of the following protocols ensures that the email is secure?
S/MIME
Which of the following devices can perform cryptographic erase?
SED (self-encrypting drives)
Which of the following is NOT a symmetric cryptographic algorithm?
SHA
Cicero is researching hash algorithms. Which algorithm would produce the longest and most secure digest?
SHA3-512
Which of the following protocols can be used as a tool for secure network backups?
SSH
During an investigation, it was found that an attacker did the following: Intercepted the request from the user to the server and established an HTTPS connection between the attacker's computer and the server while having an unsecured HTTP connection with the user. This gave the attacker complete control over the secure webpage. Which protocol helped facilitate this attack?
SSL
Which of the following is the earliest and most general cryptographic protocol?
SSL
Which of the following terms best describes the process in which a user believes that the browser connection they are using is secure and the data sent is encrypted when in reality, the connection is insecure, and the data is sent in plaintext?
SSL stripping
Which is a protocol for securely accessing a remote computer in order to issue a command?
Secure Shell (SSH)
_________________ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.
Session keys
Which of the following hides the existence of information?
Steganography
Which algorithm encrypts and decrypts data using the same key?
Symmetric cryptographic algorithm
Robert has two cryptographic keys, and he needs to determine which of them is less prone to being attacked. The cryptoperiod is limited and equal for both the keys. The first key has a length of 2 and uses 16 characters, while the other key has a length of 3 and uses 15 characters. Which of the following is the best conclusion for Robert to come to?
The second key is more secure than the first key.
What is low latency?
The time between when a byte is input into a cryptographic cipher and when the output is obtained.
Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say?
The user's identity with their public key
Which is the first step in a key exchange?
The web browser sends a message ("ClientHello") to the server.
What is the purpose of certificate chaining?
To group and verify digital certificates
Which of the following can a digital certificate NOT be used for?
To verify the authenticity of the CA
Which encryption is a chip on the motherboard of a computer that provides cryptographic services?
Trusted platform module
Samira is developing a virtual private chat application for ABC Consulting. The following are requirements provided by the organization while making the application: 1. All the communications should happen within the same network, host-to-host. 2. The information shared through this app should be kept confidential. Hence, the whole IP packet should be encrypted, giving access to only authorized personnel. 3. There should be a private network for host-to-host communication Which of the following modes should Sara consider for encryption in this project?
Tunnel mode
What is a collision?
Two flies produce the same digest
Alex is working for Alpha Technology as a system administrator. The enterprise's sales team uses multiple external drives, often containing confidential data, that they carry between their offices and their clients' offices. What should Alex do to ensure that data is secure if it is stolen or lost, and why?
Use encrypted USBs in the enterprise because they automatically encrypt the information and give Alex remote access to the drive to monitor and disable the user.
Egor wanted to use a digital signature. Which of the following benefits will the digital signature NOT provide?
Verify the receiver
What are public key systems that generate different random public keys for each session?
perfect forward secrecy
