NETSEC 3
7) ________ ciphers move letters around within a message but characters are not substituted. A) Transposition B) Substitution C) Both A and B D) Neither A nor B
A
81) The sender the uses public key of the recipient in ________. A) public key encryption for confidentiality B) public key encryption for authentication C) Both A and B D) Neither A nor B
A
77) In checking the digital signature, the verifier ________. A) decrypts the digital signature it received with the supplicant's public key to get the message digest B) hashes the plaintext message with the same algorithm used by the sender to get the message digest C) Both A and B D) Neither A nor B
B
8) ________ ciphers leave letters in their original positions. A) Transposition B) Substitution C) Both A and B D) Neither A nor B
B
14) If a key is 43 bits long, how much longer will it take to crack it by exhaustive search if it is extended to 50 bits? A) 7 times as long B) 14 times as long C) 128 times as long D) 256 times as long
C
15) In order to be considered strong today, a symmetric encryption key must be at least ________ bits long. A) 6 B) 8 C) 100 D) 1,000
C
48) What is the hash size of SHA-256? A) 112 bits B) 128 bits C) 160 bits D) 256 bits
D
111) SSL/TLS was developed for remote access VPNs.
FALSE
114) SSL/TLS protection is transparent to applications.
FALSE
22) DES uses block encryption.
TRUE
49) Cryptanalysts have found weaknesses in ________. A) MD5 B) SHA-512 C) Both A and B D) Neither A nor B
A
20) A DES key is ________ bits long. A) 40 B) 56 C) 100 D) 128
B
41) ________ are proofs of identity. A) Certifications B) Credentials C) Cartes D) Verifications
B
44) Hashing is ________. A) reversible B) repeatable C) Both A and B D) Neither A nor B
B
72) Digital signatures are used for ________ authentication. A) initial B) message-by-message C) Both A and B D) Neither A nor B
B
105) Which of the following is a type of VPN? A) Host-to-host B) Remote access C) Both A and B D) Neither A nor B
C
118) Which of the following layers does IPsec protect? A) The transport layer B) The application layer C) Both of the above D) Neither of the above
D
24) Which of the following is one of the effective key lengths in 3DES? A) 40 bits B) 110 bits C) Both A and B D) Neither A nor B
D
57) Public key encryption is ________. A) complex B) slow C) expensive D) All of the above
D
19) A DES key is 40 bits long.
FALSE
63) Symmetric session key exchange can be done with public key encryption.
TRUE
1) ________ is the use of mathematical operations to protect messages travelling between parties or stored on a computer. A) Cryptography B) Encryption C) Authentication D) Confidentiality
A
10) When two parties communicate with each other using symmetric key encryption, how many keys are used in total to encrypt and decrypt? A) 1 B) 2 C) 4 D) 8
A
102) A ________ is a cryptographic system that provides secure communication over an untrusted network. A) virtual private network B) secure link C) complete cryptographic system D) None of the above.
A
103) Companies transmit over the Internet because the Internet ________. A) is inexpensive B) is secure C) Both A and B D) Neither A nor B
A
109) When you make a purchase over the Internet, your sensitive traffic is almost always protected by ________ VPN transmission. A) SSL/TLS B) IPsec C) Both A and B D) Neither A nor B
A
110) SSL/TLS was developed for ________ VPNs. A) host-to-host B) site-to-site C) Both A and B D) Neither A nor B
A
115) A commonly SSL/TLS-aware application is ________. A) webservice B) database C) Both A and B D) Neither A nor B
A
16) Which of the following statements accurately describes RC4? A) RC4 is extremely fast. B) RC4 always uses a 40-bit key. C) Both A and B D) Neither A nor B
A
29) ________ occurs when companies believe they have good security because they are using proprietary ciphers that hackers do not know. A) Security through obscurity B) Weakest link ignorance C) Reasonable protection D) Hidden security
A
31) In cryptographic systems, the negotiation of security methods and options takes place during the ________ handshaking stage. A) first B) second C) third D) None of the above
A
34) When both parties prove their identities to the other, this is called ________. A) mutual authentication B) symmetric authentication C) authentication D) dual authentication
A
38) What usually is the longest stage in a cryptographic system dialogue? A) Ongoing communication B) Negotiation of security methods and parameters C) Keying D) Mutual authentication
A
42) In mutual authentication between two parties, ________. A) there are two verifiers and two supplicants B) there are two verifiers, but there is only one supplicant C) there is one verifier, but there are two supplicants D) None of the above.
A
5) A ________ is a random string of 40 to 4,000 bits (ones and zeros) used to encrypt messages. A) key B) cipher C) plaintext D) code
A
50) MS-CHAP is used for ________ authentication. A) initial B) message-by-message C) Both A and B D) Neither A nor B
A
51) In MS-CHAP, the ________ creates the response message. A) supplicant B) verifier C) Both A and B D) Neither A nor B
A
60) To be strong, ________ keys need to be longer than ________ keys. A) public, symmetric B) symmetric, public C) Public and symmetric keys of about the same length have about equal strength. D) None of the above
A
64) Which of the following can be used as a keying method? A) Public key encryption for confidentiality B) MS-CHAP C) Both A and B D) None of the above
A
66) In public key encryption for authentication, the supplicant uses ________ to encrypt. A) the supplicant's private key B) the supplicant's public key C) the verifier's private key D) the verifier's public key
A
93) HMACs provide the cryptographic protection of ________. A) authentication B) nonrepudiation C) Both A and B D) Neither A nor B
A
94) An attack where an adversary intercepts an encrypted message and transmits it again later is called a ________. A) replay attack B) reflex attack C) reflection attack D) resend attack
A
97) ________ thwart replay attacks by ensuring "freshness" using cutoff values. A) Time stamps B) Sequence numbers C) Nonces D) All of the above.
A
99) Quantum key distribution ________. A) is a way to deliver enormously long keys to communication partners B) creates a major threat to many traditional cryptographic methods C) Both A and B D) Neither A nor B
A
100) Quantum key cracking ________. A) is a way to deliver enormously long keys to communication partners B) creates a major threat to many traditional cryptographic methods C) Both A and B D) Neither A nor B
B
104) Companies transmit over the wireless LANs because WLANs ________. A) are inexpensive B) are secure C) Both A and B D) Neither A nor B
B
108) Which types of VPNs use VPN gateways? A) Host-to-host VPNs B) Remote access VPNs C) Both A and B D) Neither A nor B
B
11) Nearly all encryption for confidentiality uses ________ encryption ciphers. A) public key B) symmetric key C) hashing D) None of the above
B
113) SSL/TLS operates at the ________ layer. A) internet B) transport C) application D) None of the above.
B
116) In SSL/TLS, a specific set of protocols that a particular cryptographic system will use to provide protection is called a ________. A) system standard B) cipher suite C) security method D) security method and options
B
117) IPsec operates at the ________ layer. A) data link B) internet C) transport D) application
B
119) ________ offers transparent protection. A) SSL/TLS B) IPsec C) Both A and B D) Neither A nor B
B
120) IPsec tunnel mode ________. A) provides host-to-host protection B) is firewall-friendly C) Both A and B D) Neither A nor B
B
121) When two parties in an IPsec connection communicate back and forth, there are ________ security associations. A) 1 B) 2 C) 3 D) 4
B
122) Companies can enforce policies for ________. A) SSL/TLS B) IPsec security associations C) Both A and B D) Neither A nor B
B
13) The best way to thwart exhaustive searches by cryptanalysts is ________. A) to use codes B) to make the key very long C) randomize the key thoroughly D) All of the above
B
18) To meet national export limitation in many countries, RC4 often uses a key length of ________ bits. A) 8 B) 40 C) 100 D) 256
B
21) The 56-bit key size ________. A) is sufficient for major business transactions B) is sufficient for most residential consumer applications C) is considered a strong length D) All of the above
B
26) ________ is efficient enough in processing power and RAM requirements to be used on small devices, such as PDAs and cell phones. A) 3DES B) AES C) Both A and B D) Neither A nor B
B
27) Which of the following is one of the key lengths offered by AES? A) 112 bits B) 192 bits C) Both A and B D) Neither A nor B
B
3) Which of the following is transmitted across a network? A) The plaintext B) The ciphertext C) Both A and B D) Neither A nor B
B
39) In SSL/TLS, a ________ is a specific set of security methods and options. A) cryptographic system standard B) cipher suite C) chosen set D) tuple
B
4) A ________ is a mathematical process used in encryption and decryption. A) key B) cipher C) plaintext D) coding method
B
73) The supplicant creates a message digest by ________. A) adding the password to the challenge message and hashing the two B) hashing the plaintext message C) encrypting the message digest with its own private key D) None of the above.
B
86) A digital certificate ________. A) indicates that the person or firm named in the certificate is reasonably trustworthy B) gives the subject's public key C) Both A and B D) Neither A nor B
B
89) To check a certificate's revocation status, the verifier can ________. A) download the CRL from the CA B) send an OCSP message to the CA C) Both A and B D) Neither A nor B
B
98) Nonces can be used in ________. A) all applications B) client/server applications C) time-insensitive applications D) persistent applications
B
112) SSL/TLS is used for ________ VPNs. A) host-to-host B) remote access C) Both A and B D) Neither A nor B
C
17) Which of the following statements accurately describes RC4? A) RC4 is very slow. B) RC4 uses a large amount of RAM. C) RC4 can use a broad range of key lengths. D) All of the above
C
2) ________ is the security guarantee that people who intercept messages cannot read them. A) Integrity B) Availability C) Confidentiality D) Encryption
C
23) Which of the following is one of the effective key lengths in 3DES? A) 56 bits B) 100 bits C) 112 bits D) None of the above
C
30) Packaged sets of cryptographic countermeasures for protecting data transmission are ________. A) cryptographic standards B) metacryptographic systems C) cryptographic systems D) All of the above
C
33) Proving your identity to a communication partner is ________. A) validation B) identification C) authentication D) certification
C
37) Electronic signatures usually provide ________. A) message-by-message authentication B) message integrity C) Both A and B D) Neither A nor B
C
55) When Joshua sends a message to Larry, Joshua will use ________ to encrypt the message. A) the public key B) Joshua's public key C) Larry's public key D) Larry's private key
C
56) When Carol sends a message to Bob, Bob will use ________ to decrypt the message. A) the private key B) Carol's private key C) Bob's private key D) Carol's public key
C
58) The most popular public key encryption cipher is ________. A) AES B) DES C) RSA D) ECC
C
71) In public key encryption for authentication, the supplicant must prove that it knows ________, which nobody else should be able to know. A) the supplicant's public key B) the supplicant's private key C) the true party's private key D) the verifier's private key
C
74) The supplicant creates a digital signature by ________. A) adding the password to the challenge message and hashing the two B) hashing the plain text message C) encrypting the message digest with its own private key D) encrypting the message digest with its own public key
C
75) In public key encryption, "signing" is the act of ________. A) adding the password to the challenge message and hashing the two B) hashing the plain text message C) encrypting the message digest with its own private key D) encrypting the message digest with its own public key
C
79) Digital signatures provide ________. A) message authentication B) message integrity C) Both A and B D) Neither A nor B
C
87) To ensure that a digital certificate is valid, the receiver of the certificate must check ________. A) the digital signature B) the valid period C) Both A and B D) Neither A nor B
C
91) HMACs provide the cryptographic protection of ________. A) message authentication B) message integrity C) Both A and B D) Neither A nor B
C
92) Which of the following measures do HMACs use? A) Symmetric key encryption B) Public key encryption C) Hashing D) All of the above
C
25) 3DES is ________. A) very slow B) strong enough for communication in corporations C) expensive in terms of processing cost D) All of the above
D
32) Someone who pretends to be someone else is ________. A) a social engineer B) a hacker C) a cryptanalyst D) an impostor
D
36) What protection do cryptographic systems provide on a message-by-message basis? A) Message authentication B) Message integrity C) Message confidentiality D) All of the above
D
52) Which encryption method does MS-CHAP use? A) Symmetric key encryption B) Public key encryption C) Both A and B D) Neither A nor B
D
6) Someone who breaks encryption is called a ________. A) cracker B) coder C) hacker D) cryptanalyst
D
61) Strong RSA keys are at least ________ bits long. A) 100 B) 256 C) 512 D) 1,024
D
83) Which of the following fields are contained on a digital certificate? A) Public key B) Digital signature C) Serial number D) All of the above
D
88) To ensure that a digital certificate is valid, the receiver of the certificate must check ________. A) the digital signature B) the valid period C) whether the certificate has been revoked D) All of the above.
D
9) In codes, code symbols may represent ________. A) complete words B) complete phrases C) individual letters D) All of the above
D
90) A digital ________, by itself, provides authentication. A) signature B) certificate C) Both A and B D) Neither A nor B
D
96) Replay attacks can be thwarted by using ________. A) time stamps B) sequence numbers C) nonces D) All of the above.
D
28) Using new and proprietary encryption ciphers is a good idea because cryptanalysts will not know them.
FALSE
35) In cryptographic systems, keying takes place during the second handshaking stage.
FALSE
40) In authentication, the party trying to provide its identity to the other party is called the applicant.
FALSE
43) Hashing is a reversible process.
FALSE
46) The hash size in MD-5 is 160 bits.
FALSE
53) MS-CHAP provides mutual authentication.
FALSE
54) When Emma sends a message to Lucy, Emma will use the public key to encrypt it.
FALSE
62) Julia encrypts a message to David using public key encryption for confidentiality. After encrypting the message, can Julia decrypt it?
FALSE
65) An attacker who captures the keying information in Diffie-Hellman key agreement can compute the symmetric session key.
FALSE
68) In public key encryption for authentication, the verifier decrypts the ciphertext with the supplicant's public key.
FALSE
69) In public key encryption for authentication, the verifier decrypts the ciphertext with the verifier's public key.
FALSE
76) Signing a message digest means encrypting it with the sender's public key.
FALSE
78) To test the digital signature, the verifier will use sender's public key.
FALSE
82) In public key encryption for authentication, the receiver decrypts with the public key of the sender.
FALSE
101) The first task in establishing a cryptographic system is selecting a cryptographic system standard for the dialogue.
TRUE
106) A remote access VPN typically gives users access to multiple resources within a site.
TRUE
107) Site-to-site VPNs typically decrypt messages when they arrive from the outside.
TRUE
12) Nearly all encryption for confidentiality uses symmetric key encryption ciphers.
TRUE
45) When a hashing algorithm is applied, the hash will ALWAYS have a fixed length.
TRUE
47) The hash size in SHA-1 is 160 bits.
TRUE
59) The most popular public key cipher is RSA.
TRUE
67) For message-by-message authentication, each message must contain an electronic signature.
TRUE
70) The person the supplicant claims to be is the true party.
TRUE
80) Most message-by-message authentication methods provide message integrity as a by-products.
TRUE
84) It is OK for a verifier to receive digital certificates from the sender.
TRUE
85) Most CAs are not regulated.
TRUE
95) In a replay attack, the attacker cannot read the contents of the replayed message.
TRUE