6. Cryptography and PKI
The web server would create a Certificate Signing Request (CSR) to create a public and private key for a web server. The certificate will provide secure communication between client browsers and the web server using Secure Sockets Layer (SSL). Which of the following would be the preferred cipher to use and represent a key strength in this scenario? (Select two)
128-bit RC4
Which of the following statements about DES (Data Encryption Standard), RC4 (Arcfour), Blowfish, or Twofish is false?
All are stream ciphers
The 802.1x framework establishes several ways for devices and users to be securely authenticated before they are permitted access to LAN (Local Area Network) or WLAN (Wireless LAN). Identify the actual authentication mechanism established.
EAP or extensible authentication protocol
A company deployed wireless access point and wishes to enable the Enterprise mode for secure wireless connections. The servers have certificates, but the supplicants do not. Which of the following options would fit the company's needs? (Select two)
EAP-FAST (Flexible Authentication via Secure Tunneling) PEAP (Protected Extensible Authentication Protocol)
A company using WPA (Wi-Fi Protected Access) wireless security on their WAPs (Wireless Access Points) use LEAP (Lightweight EAP) to authenticate users to the network. LEAP is vulnerable to password cracking. What other options does the company have to mitigate this vulnerability? (Select two)
EAP-FAST/(Flexible Authentication via Secure Tunneling) PEAP (Protected Extensible Authentication Protocol)
The RADIUS server is down, and employees need immediate access to Wi-Fi routers in the office building. The WAPs (Wireless Access Points) service smart phones and tablets. After disabling Enterprise mode, how will users connect to the WAPs?
Use a pre-shared key
A software engineer needs to incorporate asymmetric encryption into a custom application, however, the code does not work well with large keys. Ideally, the engineer does not want to sacrifice the application's encryption and security. Which of the following would best fit the needs of the application?
Elliptical curve
To protect connections to Wireless Access Points (WAPs), an encrypted connection must be established between the WAP and client computer. WPA and WPA2 provide encrypted means stronger than Wired Equivalent Privacy (WEP). Differentiate between WPA and WPA2 and identify what makes WPA2 stronger than WPA. (Select two)
CCMP (Cipher Block Chaining Message Authentication Code Protocol) AES /(Advanced Encryption Standard)
Block ciphers like AES (Advanced Encryption Standard) and 3DES (Triple Data Encrypt Standard) can operate in different modes of operation, each giving a different result of all outputs. Which of the following solves the problem of slow, serial encryption, and improves performance?
CTM (Counter Mode)
Servers designated as a root, intermediate, and issuing server, are examples of which type of implementation?
Certificate Authority (CA)
A custom U.S. government software is in development. The first phase used ECDSA (Elliptic Curve Digital Signature Algorithm) and was not successful. RSA (Rivest, Shamir, Adleman) encryption was also tested, but the developers are looking to test asymmetric encryption options. Which of the following tests is the best candidate?
DSA (Digital Signature Algorithm)
An employee wants to check their corporate email, so they call for support by connecting a Windows 10 laptop to the airport's free Wi-Fi. The wireless network adapter on the laptop seems connected, but email and other web services are not functioning nor updating. What reason supports the employee's inability to connect to the Internet properly?
Did not authenticate to the airport's web portal
An up and coming entrepreneur wants to build an online business. During creation of the website, the owner sends an email to a third-party certificate service, and was able to setup a trusted and secure website in 24 hours. Which process supports the quick turnaround time for web server set up?
Domain validation
Differentiate between Protected Extensible Authentication Protocol (PEAP) and Extensive Authentication Protocol-Transport Layer Security (EAP-TLS).
EAP-TLS uses supplicant public certificate/ Extensive Authentication Protocol-Transport Layer Security
Differentiate between Protected Extensible Authentication Protocol (PEAP) and Extensive Authentication Protocol-Transport Layer Security (EAP-TLS).
EAP-TLS uses supplicant public certificate/Extensive Authentication Protocol-Transport Layer Security
The 802.1x framework establishes several ways for devices and users to be securely authenticated before they are permitted access to LAN (Local Area Network) or WLAN (Wireless LAN). Identify the actual authentication mechanism established.
EAP/extensible authentication protocol
D-H Ephemeral (DHE) mode combined with _______ provides a perfect forward secrecy mechanism for Transport Layer Security (TLS).
ECC(Elliptic Curve Cryptography)
A new business owner recently completed an extended validation process to setup a trusted, valid website for secure public communication.The owner complained about how a domain validation would have been an easier process. Analyze and explain how a domain validation represents an easier solution in this situation.
Email to a point of contact
A network administrator enables WPA and WPA2 on a Cisco Wireless LAN (Local Area Network) Controller. 802.1x is also enabled. How will the network admin complete setup for Enterprise mode?
Enter secret key for RADIUS server/(Remote Access Dial-in User Server)
A network administrator enables WPA(Wireless Authentication Protocol) and WPA2 on a Cisco Wireless LAN (Local Area Network) Controller. 802.1x is also enabled. How will the network admin complete setup for Enterprise mode?
Enter secret key for RADIUS(Remote Access Dial-in User Server) server/A RADIUS (Remote Access Dial-in User Server) is required to complete the 802.1x setup.
A client browser does not support secure connections to web server. A TLS (Transport Layer Security) connection is being established with DHE (Diffie-Hellman Ephemeral mode). Why does the browser not support DHE?
Ephemeral key
A cipher's security depends on its properties for confusion and diffusion. Confusion ensures a key cannot be derived from a ciphertext and diffusion transposes ciphertext if plain text changes. Analyze the situation to determine which of the following options are made most difficult as a result of these properties.
Frequency analysis
A company wants to ensure users can validate the website's certificate and establish a secure connection to mitigate Man-in-the-Middle (MITM) attacks on their public website. If a hacker compromises a certificate, which of the following will most likely circumvent the attack?
HPKP (HTTP Public Key Pinning)
User A sends an encrypted email to User B and signs the email using RSA (Rivest, Shamir, Adleman) encryption. What is most likely to occur during the key exchanges if User A's private key is known by the hacker?
Impersonation
The system administrator is installing a web server certificate and receives an error indicating the server does not accept wild card certificates. After examining the certificate, the system admin notices the problem. Analyze the error to determine the specific location where the admin found the problem.
In the SAN (Subject Alternative Name)
User A wants to establish a secure connection with a web server. Transport encryption is used to ensure data is encrypted as it is sent over the network. This works when both client and server agree on a secret key. How is this secret key exchanged?
In-band
A network administrator wants to stream encrypted data over the network. The data will be encrypted first and sent out either as is, or encrypted again prior to being sent. The cipher of choice is Blowfish. Why is Blowfish preferred in this case? (Select two)
It encrypt 64-bits of data It is a block cipher
A company with multiple types of archived encrypted data is looking to archive the keys needed to decrypt the data. However, the company wants to separate the two in order to heavily guard these keys. Analyze the scenario to determine the most likely key placement.
Key escrow
A new employee at the office is having difficulty sending an encrypted email. The user confirmed with the system administrator the S/MIME (Secure/Multipurpose Internet Mail Extensions) plug-in was installed on the email client. Analyze the scenario to determine the cause of the issue.
Need an email certificate
Distinguishing between Enterprise and Open authentication, determine the easier option for a user to connect to a wireless access point, and identify the reason supporting the selection. (Select two)
No authentication Open
A company deployed a website. The public cannot trust the site since a public key has not been generated. However, it is operational and users can browse its contents. Conclude which of the statements about the website is most true. (Select two)
No private key RSA not implemented
A root CA (Certificate Authority) and intermediate CAs are fully deployed. The system administrator turns off the root CA server. Why is the root CA powered-down?
Prevent certificate compromise
To protect connections to Wireless Access Points (WAPs), an encrypted connection must be established between the WAP and client computer. WPA and WPA2 provide encrypted means stronger than Wired Equivalent Privacy (WEP). Differentiate between WPA and WPA2 and identify what makes WPA weaker than WPA2. (Select two)
RC4 TKIP/(Temporal Key Integrity Protocol)
A Public Key Infrastructure (PKI) can produce many type of certificates with private/public key pairs. In contrast to a self-signed certificate, how does a wildcard certificate benefit an organization?
Reduces management overhead
A network administrator is importing a list of certificates from an online source so employees can trust and communicate securely with public websites. Another set of certificates were imported in order to trust and securely communicate with intranet sites and other internal resources. Which type of certficate is currently being imported?
Root
What are the components of a three-level Certificate Authority (CA) hierarchy? (Select three)
Root Intermediate Issuing
An application crashed after a software engineer implemented RSA with a key size of 2048-bit key for strong encryption. When other encryption algorithms were utilized, elliptical curve worked well and the application worked faster than anticipated. Which solution will make elliptical curve cryptography work better?
Smaller key size
User A employs a secret key cipher such as AES when encrypting a message. That secret key is passed along to User B to decipher the message using a digital envelope. Why is a digital envelope used in this exchange? (Select two)
Symmetric encryption is faster To secure session key
A company has an existing Public Key Infrastructure (PKI) with an established Certificate Authority (CA) hierarchy. Another CA hierarchy is being deployed in a development network with no Internet access. The subordinate CAs are powered on and their respective certificates are installed. After closer inspection, the certificates are not trusted by the root CA. Evaluate and identify the possible issue with these certificates.
The certificates are not signed by the root CA.
A company has two Certificate Authority (CA) hierarchies, one for operations and another in the lab. Both networks are completely isolated and the lab does not have Internet access. Subordinate CAs are being added to the lab hierarchy. Evaluate the scenario and determine how the subordinate CAs can be successfully deployed without access to the operations network.
The certificates are signed by the lab's root CA
A company deployed an internal web portal for company-owned software and services. When user workstations go to the website from Internet Explorer, the site is not trusted. Evaluate the scenario to conclude the likely cause for this issue.
The root certificate is not imported
What type of certificate is issued to *.google.com?
Wildcard
User A sends an encrypted email to user B and signed the email using RSA (Rivest, Shamir, Adleman) encryption. If User A uses a digital envelope, which key in this email process would most likely compromise confidentiality for both this, and future emails?
B's private key
Developers are working on a password vault application. The application will add salt to the password and create a hash of it in several rounds. This process is known as which of the following?
Key stretching
An independent penetration company is invited to test the company's new banking application in development for Android phones. It uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. Penetrations tests reveal the connections with clients were vulnerable to a Man-in-the-Middle (MITM) attack. How can the company prevent this from happening in the public Internet?
Use certificate pinning
A company has two web servers using a load-balance configuration. Users report having periodic trust errors connecting to the website. Both servers are using server-only certificates. Which of the following actions would most likely resolve the issue?
Use correct certificate path
A company has deployed public key infrastructure and will use a chip to issue employees company IDs. Employees will be able to use these cards on any company workstation and Outlook client with a compatible card reader. What type of certificates will most likely be loaded onto these cards? (Select two)
User Email
A new company wants to provide free Wi-Fi access to its customers. The users must be able to easily find the wireless access point and enter a password to gain access. The wireless traffic must be encrypted with the highest setting possible. Which of the following would meet these requirements?
WPA (Wi-Fi Protected Access)
A system admin is tasked to create 20 new certificates to accommodate web and file servers in different sub-domains. This will cause a decrease in management overhead in the future, especially with plans to expand services in different branch locations. Which of the following type of certificates is most effective in alleviating management overhead in this scenario?
Wildcard
A computer terminal processes banking transactions using DES (Data Encryption Standard) and is due for an upgrade. The software engineer is looking for ways to improve the encryption method, while maintaining the validity of the code. Which of the following will most likely be used for the upgrade?
3DES((Triple Data Encryption Standard)
Which of the following use symmetric algorithms? (Select two)
3DES(Triple DES)/Data Encryption Standard AES/(Advanced Encryption Standard)
A bank's payment machine has been completely replaced with better hardware and encryption protocols. The machine comes standard with AES (Advanced Encryption Standard), which provides faster and more secure transactions. What encryption standard may have been used in the previous payment machine model?
3DES/(Triple Data Encryption Standard) is a two-way encryption symmetric block cipher algorithm.
While assisting a customerover the phone to connect a laptop to a new wireless router, the user suddenly reports it is connected. Upon further inquiry into how the connection occurred, the user stated they pushed a circular button. Analyze the situation and determine which button was pressed, and how it functions. (Select two)
8-character PIN WPS/Wi-Fi Protected Setup
Explain what "Enterprise" refers to when configuring a wireless access point for WPA2-Enterprise.
802.1x
Which of the following allows multiple authentication methods to permit users access to the LAN (Local Area Network) or WLAN (Wireless LAN)?
802.1x, which is the Port-based Network Access Control framework.
A computer needs a signed certificate to authenticate to the network. What must the computer initiate with a Certificate Authority (CA)?
A CSR (Certificate Signing Request)
A penetration tester was contracted to apply offline attack methods to test random user and administrator passwords. The penetration tester was able to use brute force attacks on password hashes, but some took longer than others. What may have caused the delay in applying this attack method? (Select two)
Bcrypt/Bcrypt is a software library used to hash and save passwords applying key stretching techniques. PBKDF2/Password-Based Key Derivation Function
A security administrator is implementing a few settings to mitigate vulnerabilities in weak passwords. A complexity policy is in place, but the passwords should also be protected from offline attacks. Which of the following settings will cause hackers to spend a significant amount of time guessing passwords? (Select two)
Bcrypt/Bcrypt is used in key stretching. Key stretching involves the initial key going through thousands of rounds of hashing. This does not make it stronger, but it slows down the attack. PBKDF2/(Password-Based Key Derivation Function 2) is also used for key stretching like Bcrypt.
A mobile application communicates with a central web server and sends blocks of data of 128 bits. The software developer wants to use an optimal cypher algorithm that will support confidentiality in the fastest way possible. Which cipher and mode should be used in this sitation? (Select two)
Block cipher Electronic Code Book
A software developer wants to create an application that utilizes AES (Advanced Encryption Standard) for encrypting data, and send the data to a central server using TLS (Transport Layer Security). The developer wants the app to operate as fast as possible. Which cipher and mode should be used in this scenario? (Select two)
Block cipher Electronic Code Book
A network administrator is configuring a secure network stream. The data will be encrypted at a rate of approximately 64 bits of data at a time, before sending it across. Which cipher will the network administrator use, and why? (Select two)
Blowfish Block cipher
Bcrypt is a software library used to hash and save passwords applying key stretching techniques. Which of the following aligns with this process? (Select two)
Blowfish Rounds of hashing
A system admin installed a new certificate onto a web server. Browsing to the website, the browser shows trust errors. After clicking on the certificate icon, the website's name and information look correct. How would the system administrator troubleshoot further to find a root cause?
Check certificate chain
Wire Equivalent Privacy (WEP) used by older wireless devices was flawed and was later replaced by Wi-Fi Protected Access (WPA). WPA was designed to resolve the 24-bit Initialization Vector (IV) problem. WPA2 improves wireless security further using AES. Which of the following also describes why WPA2 is more secure? (Select two)
Cipher block chaining Counter mode is used
When setting up a secure authentication line for supplicants and an authentication server, EAP-TTLS (EAP-Tunneled TLS) is not working well as an authentication protocol. When using PEAP (Protected Extensible Authentication Protocol), proper authentication occurs and network connection is established. Why is PEAP a better option in this case?
Compatibility with MSCHAPv2 (Microsoft Challenge Handshake Authentication Protocol)
A company has laptops utilizing Windows BitLocker technology. Employees use encrypted thumb drives to move data manually (e.g., drag and drop to a workstation) between offices. Virtual stacks use Hardware Security Modules (HSM) to host Virtual Machines (VMs) protected with data-at-rest encryption. Which of the following cases are these technologies most likely supporting?
Confidentiality
A security engineer is tasked to install a X.509 certificate to a computer system, but it is not accepted. The system requires a Base64 encoded format. What must the security engineer execute to properly install this certificate?
Convert to a .pem file
Two companies are planning to provide their user's easier access to wireless access points at any of the company locations using personal company credentials. Extensible Authentication Protocol (EAP) will be used so users are not required to memorize more passwords. How would a network administrator set up such a wireless network for these users?
Create a RADIUS federation/(Remote Access Dial-in User Server)
Examine the following options and determine which expands approximately two to the power of the size of the key when the key size is longer.
Keyspace
Which of the following authentication protocols were created by Cisco? (Select two)
LEAP (Lightweight EAP) EAP-Fast (Flexible Authentication via Secure Tunneling) is Cisco's replacement for LEAP.
A user purchased a wireless router for their home. After pressing the WPS (Wi-Fi Protected Setup) button, the user was not able to connect a laptop to the wireless router. Which of the following is a reason the laptop was unable to connect, and what is an alternative method for establishing a connection? (Select two)
Laptop is not WPS compatible Enter PIN manually
A custom suite of in-house applications use a variety of encryption methods to process, send, audit, and archive data. Many use various symmetric and key pair encryptions to authenticate messages and ensure the integrity of those message. Which of the following would be a benefit of using these encryption methods?
No single point of failure
When creating a cryptographic module for an application, the developers are concerned with key outputs being the same value, if two identical plaintexts are used as input. Which of the following will ensure all inputs are always different? (Select two)
Nonce/Nonce is a random or counter value that is also added to data before encryption, but it is never reused ("number used once") within the same scope (that is, with the same key value). IV(initialization vector)
A security engineer performed a few auditing tasks and began checking the status of a couple web server certificates. One of the certificate statuses returned with an "unknown", and the other status with "good". Evaluate and determine what the engineer utilized in this case.
OCSP (Online Certificate Status Protocol)
A company has a two-level Certificate Authority (CA) hierarchy. One of the CA servers is offline, while the others are online. What is the difference and benefit to both power states? (Select two)
Online CA publishes CRL Online root adds CA
A private key is being exported to transfer to another server. There is no .pfx option. What other certificate extension can support the transfer of this private key?
P12 /A PFX or .pfx or .p12 extension is used to export a certificate along with its private key. File is password protected and can archive or transport a private key.
The company's current network utilizes EAP-TTLS (EAP-Tunneled TLS) for supplicant clients connecting to the network. Newer model devices and systems are deployed on the network and are not compatible with EAP-TTLS. These systems require MS-CHAPv2 for authentication. Which of the following options will support these new systems?
PEAP (Protected Extensible Authentication Protocol)
Which certificate format allows the transfer of private keys and is password protected?
PFX/ A PFX or .pfx or .p12 extension allows the export of a certificate along with its private key and is password protected. Commonly used to archive or transport a private key.
The Federal Information Processing Standards (FIPS) was developed by the National Institute of Standards and Technology (NIST) for the U.S. government. The standards include a series of security technologies such as the secure hash algorithm (SHA) for use on government systems. Why is Secure Hash Algorithm (SHA) preferred to other hashing alternatives?
SHA replaced MDA or MD5 (message digest algorithm)/SHA (Secure Hash Algorithm) addressed the weaknesses of MD5, like exploited collisions. Therefore, SHA became a part of FIPS.
Which of the following are components of a key stretching process? (Select two)
Salt SHA(Secure Hash Algorithm)
An employee failed to follow company policy for secure communication. As a result, the employee's email was sent as-is after experiencing issues sending a confidential document to a manager. The employee has since requested an email certificate to load onto a CAC (Common Access Card) to prevent future similar issues. Analyze the situation and select the task the user failed to properly execute.
Send an encrypted email
A user calls to request assistance connecting to the company's free guest Wi-Fi access point. The user is selecting the correct "Guest WIFI" wireless name from a brand new Windows 10 laptop. How can the user gain proper access to the Internet?
Sign on to the web portal
What is the purpose of a Certificate Signing Request (CSR)?
To obtain a certificate
User A employs a secret key cipher such as AES when encrypting a message. That secret key is passed along to User B to decipher the message using a digital envelope. Why is a digital envelope used in this exchange? (Select two)
To secure session key Symmetric encryption is faster
A system admin received a support ticket regarding a website error. Browsing to company.com in Internet Explorer, the site looks safe and trusted. However browsing to payment.company.com, the website is no longer trusted. Knowing a wildcard certificate was installed, how would the admin resolve this error?
Update the SAN (Subject Alternative Name)
In a Public Key Infrastructure (PKI), which option best describes how users and multiple Certificate Authorities (CAs) share information and exchange certificates?
Trust model
Which of the following are reversible and will output a set length of characters and numbers based on their pre-defined algorithms? (Select two)
AES (advanced encryption standard) 3DES (triple data encryption standard)
A complex control system for a utility company has been developed. It includes workstations, servers, sensors, control boxes and some operating logic. It is designed to use cryptography so that a compromise of a small part of the system does not compromise the rest of the system. How does cryptography assist with this level or resiliency?
Authentication and integrity of messages
A company has workstation drives encrypted with BitLocker. Employees use a Common Access Card (CAC) to log in to those computers. Public Key Infrastructure (PKI) is available on the network and digital signatures are a requirement on company emails. Which of the following cases do these technologies support? (Select three)
Confidentiality Authentication Non-repudiation
User A sends an encrypted email to User B. That email is also signed by User A. The email includes a link to a file server to download the latest Windows image with a text file saved with the image's hash value. Which of the following are supported in this scenario? (Select three)
Confidentiality Non-repudiation Integrity
Frequency analysis can be used to find patterns in a ciphertext in order to reveal the cipher and key used for the encryption. The security of a cipher are exhibited by the properties of confusion and diffusion. How does confusion and diffusion make a cipher secure? (Select two)
Confusion ensures the key is not derived from ciphertext. Diffusion transposes ciphertext if plain text changes.
Company A wants to share Wi-Fi access with a subsidiary, company B, located in the same building. Extensible Authentication Protocol (EAP) is implemented at both companies using RADIUS (Remote Authentication Dial-in User Service) servers. How can both networks be configured to allow users from either company to use their company credentials to gain access?
Create a federation
A system administrator is trying to decide what encryption algorithm to use for Kerberos in the active directory environment. Kerberos supports several algorithms like DES (56-bit), RC4 (128-bit), or AES (128-bit or better). Applying knowledge of the scenario, which of the following is FALSE?
DES (56-bit) key is stronger
Diffie-Hellman (D-H) is commonly used in IP Security (IPsec) as part of the Internet Key Exchange (IKE) protocol. It can also be used with Transport Layer Security (TLS) protocol to provide perfect forward secrecy. How does D-H use a symmetric encryption algorithm to provide a secure agreement on a key to encrypt messages, and what is it referred to when used with TLS? (Select two)
DHE Groups
A federal agency is digitizing years of written documents. These archives will be encrypted and stored in a vault. There may be the occasional need for these documents that will require approval from authorized personnel. What is the state these archives will most likely be in for the remainder of their time in the vault?
Data at rest
A federal agency is sending encrypted archives to its big data vault from a location in another state. Only authorized personnel can move and access these files. During the transmission, a system administrator fills out a simple text form at the destination to detail the purpose of these documents. Which state is this form most likely in at the vault?
Data in use
Developers are testing an application in the lab where two servers are communicating in a very secure manner. Each session is encrypted using perfect forward secrecy. How is this secured communication possible? (Select two)
Ephemeral key ECDHE (Elliptic curve cryptography with D-H ephemeral mode)
Two servers are deployed in a lab. A systems administrator wants to test implementing a secure means of communication. There is an option to implement ECDHE (ECC with D-H ephemeral mode). Why would this be preferred to other options like RSA? (Select two)
Ephemeral key Perfect forward secrecy
A client browser has difficulty securely connecting with a server via TLS. The browser does not appear to support the cipher suite used by the server. The cipher suite used is written as ECDHE-RSA-AES128-GCM-SHA256. Which of the following may be the reason the cipher suite is unsupported?
Euphemeral key
Block ciphers like AES (Advanced Encryption Standard) can operate in different modes of operation, each giving a different result of all outputs. Which of the following provides a type of authentication?
GCM (Galois/Counter Mode)
Management wants to implement a secure messaging system and will not prioritizing confidentiality. Employees must know who the message is coming from and trust the message. The sender and receiver will share a session key. Which of the following options will meet the company's requirements? (Select two)
HMAC/(Hash-Based Message Authentication Code) MD5/MD5 or MDA (Message Digest Algorithm) is a hashing algorithm. It produces a 128-bit hash value. It can verify both authenticity and message integrity.
Developers are creating an encrypted service for a private company to secure video-conference meetings. As developers are creating the code, they are thinking about reducing the processing overhead from end to end. Why is this process important to consider?
Low latency users
A software developer created a simple application to verify message integrity. Due to the sensitivity of the message traffic, it requires an alternative method to verify both authenticity and message integrity. Which of the following would best fit this criteria? (Select more than one)
MD5 or MDA (Message Digest Algorithm) RIPEMD/(RACE Integrity Primitives Evaluation Message Digest) HMAC (Hash-based message authentication code) is a hashing algorithm. SHA(Secure Hash Algorithm)
A user is setting up a new wireless router at home. The user wants to protect the home wireless network. After pressing the WPS (Wi-Fi Protected Setup) button behind the router, the user's mobile device still cannot connect. Analyze the problem to determine the likely cause of the connection issue.
Must enter PIN
A user at an office usually connects to the company's Wi-Fi, but it is currently out of service. The user connects to the building's free wireless access point and enters a personal password at the prompt, but is still unable to connect. Analyze the scenario and determine the reason the user is unable to connect.
Must use a PSK/(Pre-shared Key) is the password needed to gain access to a WAP(Wireless Authentication Protocol/Wi-Fi Protected Access)
The security and software development team are working on a password storage application. It will store passwords as a secure hash. Which of the following will provide the best protection against brute force attacks? (Select two)
PBKDF2 /Password-Based Key Derivation Function 2 Bcrypt/ is a software library used to hash and save passwords applying key stretching techniques.
A regular user created a private/public key pair. The public key is shared through a public key repository that the user's contacts can use to send and receive encrypted emails. Which of the following standards is most likely making this possible for the users?
PGP (Pretty Good Privacy)
Employees are asking a system administrator about an external solution for a group of users to use outside of the office in order to send encrypted emails to each other. The employees are also looking for something that supports non-repudiation. Which of the following standards would the administrator most likely suggest for use?
PGP (Pretty Good Privacy)
PBKDF2 (Password-Based Key Derivation Function 2) is a software library used with key stretching techniques to hash and save passwords. PBKDF2 is also part of what other cryptographic standard?
PKCS#5/public key cryptography standards (PKCS#5)
PBKDF2 (Password-Based Key Derivation Function 2) is a software library used with key stretching techniques to hash and save passwords. PBKDF2 is also part of what other cryptographic standard?
PKCS#5/public key cryptography standards. It is a key derivation function used in key stretching.
A game developer is creating a code requiring a random set of numbers. Which of the following will satisfy the required task?
PRNG(pseudorandom number generation)
A user connects to an airport's free Wi-Fi network. The user accepts the user policy on the airport's splash page and is connected to the network. The user's Internet access was stopped after 15 minutes of checking email. However, other people appear to be browsing the Internet. What is the most likely cause of the interruption?
Payment for access is required
Diffie-Hellman (D-H) uses 768-bit, 1024-bit and 2048-bit algorithms. What are these algorithms referred to in D-H, and what benefits do they provide when used with the Tranport Layer Security (TLS) protocol? (Select two)
Perfect forward secrecy Groups
A connection cannot be established during a network connection test of a newly deployed WAP (Wireless Access Point) in WPA2 Enterprise (Wi-Fi Protected Access) mode. After checking the wireless controller, the 802.1x option was selected, but another configuration setting did not save. Apply knowledge of the network connection process to determine which of the following did not save.
RADIUS server settings /(Remote Access Dial-in User Server)
What are the differences between RC4 and 3DES ciphers? (Select two)
RC is a stream cipher 3DES block sizes are 64-bit
Which of the following statements about DES (Data Encryption Standard), RC4 (Arcfour), Blowfish, or Twofish is true?
RC4 is a stream cipher
Which of the following use asymmetric algorithms? (Select two)
RSA (Ron's Code) DSA (Digital Signature Algorithm)
The Federal Information Processing Standards (FIPS) was developed by the National Institute of Standards and Technology (NIST) for the U.S. government. The standards include a series of security technologies for use on government systems. Why is the Message Digest Algorithm (MDA) not a part of FIPS?
SHA became a replacement/ Secure Hash Algorithms
A message application performs checks for message integrity. As the message reaches its destination, it requires implementation of an authentication mechanism. The current MD5 hashing algorithm is insufficient for this task. Which of the following would best fit this criteria? (Select more than one)
SHA-1/ (Secure Hash Algorithm) is better than MD5 and is widely used by SSL and IPsec. SHA-2/SHA-2 is another version of Secure Hash Algorithm, which is better than MD5. It addresses the weaknesses found in SHA-1, and uses longer digests. RIPEMD (RACE Integrity Primitives Evaluation Message Digest) HMAC /(Hash-based message authentication code) is a hashing algorithm
Which of the following algorithms are irreversible and will output a set length of characters and numbers? (Select two)
SHA/SHA (secure hash algorithm) is an irreversible hashing algorithm. MD5/MD5 is an irreversible hashing algorithm. MD5, a version of MDA (message digest algorithm), outputs a 128-bit hash size.
Which of the following are components of a key stretching process? (Select two)
Salt SHA(Secure Hash Algorithms)
Over the years, many well-known but deprecated cipher algorithms have been developed. For example, DES (Data Encryption Standard) is a block cipher developed in the 1970s and was improved (because of certain flaws) with the development of 3DES (Triple DES). Why are some cipher algorithms not improved upon, or developed further?
Secret algorithm
What is another term used for a "session key" when being exchanged in a digital envelope?
Secret key
The department's manager is requiring all employees to digitally sign their email for full accountability. The manager requests the IT department create certificates for each employee. How does a digital signature provide accountability, and how does this process work? (Select two)
Sender's private key encrypts the digest Signature is for non-repudiation
A new Wireless Access Point (WAP) is connected to the network. Basic security settings were automatically selected during the set-up wizard. After entering the pre-shared key, the wireless client device does not have access to the LAN (Local Area Network). Several settings were changed to try and remediate the issue. What can the network administrator do to rule out the WAP as the cause?
Set up an open configuration
Digital signatures on an email rely on a Public Key Infrastructure (PKI). The certificate used for this purpose can be safely stored on a smart card. What is the purpose of a digital signature, and how is the sender's private key used? (Select two)
Signature is for non-repudiation Private key encrypts the digest
The ciphertext "Uryyb Jbeyq" means "Hello World". What type of obfuscation technique does this represent, and what is the name of the type of cipher used? (Select two)
Substitution cipher ROT13/(an example of a Caesarian cipher) rotates each letter 13 places (so A becomes N for instance). This is how the ciphertext "Uryyb Jbeyq" means "Hello World".
A network administrator is working to enable a secure wireless protocol for compatibility with older devices. The Wireless Access Point (WAP) will service mobile phones, laptops, and tablets. Which of the following will provide adequate service without sacrificing security? (Select two)
TKIP (Temporal Key Integrity Protocol) WPA2/Wifi protected access
A new wireless access point has been installed in the office. Users are not able to connect to the Wireless Access Point (WAP). All users are using older model smart phones. Which of the following security settings should the network administrator setup to resolve this connection issue? (Select two)
TKIP (Temporal Key Integrity Protocol) WPA2/Wifi protected access
The wireless clients only support connections using RC4 and the devices were manufactured before the 802.11i security standard. If RC4 encryption is required, determine which wireless configuration will best support these clients.
TKIP+WPA2/ (Temporal Key Integrity Protocol +Wifi protected access 2)
A new wireless access point has been installed in the office. Users are not able to connect to the Wireless Access Point (WAP). All users are using older model smart phones. Which of the following security settings should the network administrator setup to resolve this connection issue? (Select two)
TKIP/Temporal Key Integrity Protocol WPA2/Wireless Access Point/WPA2 is fully compliant with the 802.11i WLAN security standard
To resist cryptanalysis, a cryptographic module must apply a value to the message to remove any possibility of the same plaintext outputting to the same encrypted value. How is this value added to a cryptographic algorithm?
XOR operation/An XOR operation encodes a message where a value is combined with the plaintext message. XOR produces 0 if both values are the same, and 1 if the values are different.
The owner of a coffee shop installs a brand new wireless router for customer use. The owner wants to ensure only the customers benefit from the free Internet access, and wants to employ the highest possible level of security out of the box. What should the owner configure on the wireless router?
WPA/Wi-Fi Protected Access
