CompTIA Security+ Exam SY0-501 Cryptography Quiz

Ace your homework & exams now with Quizwiz!

Digital signatures provide: (Select 3 answers) Integrity Authentication Confidentiality Authorization Non-repudiation

Integrity Authentication Non-repudiation

Which of the acronyms listed below refers to a cryptographic attack where the attacker has access to both the plaintext and its encrypted version? KEK POODLE KPA CSRF

KPA

What is a Hash Value?

The hash value is representative of the original string of characters, but is normally smaller than the original.

IPSec (Internet Protocol Security)

A Layer 3 protocol that defines encryption, authentication, and key management for TCP/IP transmissions. IPSec is an enhancement to IPv4 and is native to IPv6. IPSec is unique among authentication methods in that it adds security information to the header of all IP packets.

Data Encryption Key

A data encryption key (DEK) is a type of key designed to encrypt and decrypt data at least once or possibly multiple times. DEKs are created by an encryption engine. Data is encrypted and decrypted with the help of the same DEK; therefore, a DEK must be stored for at least a specified duration for decrypting the generated cipher text.

What is a Digital Signature?

A digital signature guarantees the authenticity of an electronic document or message in digital communication and uses encryption techniques to provide proof of original and unmodified documentation.

EFS (Encrypting File System)

A file-encryption tool available on Windows systems that have partitions formatted with NTFS.

Man-in-the-Middle (MITM) Attack

A hacker placing himself between a client and a host to intercept network traffic; also called session hijacking.

What does Hash Function mean?

A hash function takes a group of characters (called a key) and maps it to a value of a certain length (called a hash value or hash)

WEP (Wired Equivalent Privacy)

A key encryption technique for wireless networks that uses keys both to authenticate network clients and to encrypt data in transit.

PGP (Pretty Good Privacy)

A key-based encryption system for e-mail that uses a two-step verification process.

Hash collisions need

A mechanism to find the keys/ records with the same hash value (like chaining)

Electronic Code Book (ECB)

A mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value, and vice versa

(2) MPLS (Multiprotocol Label Switching)

A network technology defined by a set of IETF specifications that enable Layer 3 devices, such as routers, to establish and manage network traffic.

IPSec (Internet Protocol Security)

A set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet through data authentication and encryption.

Advanced Encryption Standard (AES)

A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES.

key stretching

A technique that strengthens potentially weak cryptographic keys, such as passwords or passphrases created by people, against brute force attacks.

MPLS (Multiprotocol Label Switching)

A type of switching that enables any one of several Layer 2 protocols to carry multiple types of Layer 3 protocols. One of its benefits is the ability to use packet-switched technologies over traditionally circuit-switched networks. MPLS can also create end-to-end paths that act like circuit-switched connections.

Which of the algorithms listed below does not fall into the category of asymmetric encryption? RSA GPG DSA AES DHE ECDHE PGP

AES

Which of the cryptographic algorithms listed below is the least vulnerable to attacks? AES DES RC4 3DES

AES

XSRF (cross-site request forgery)

An attack that causes users to perform actions on websites without their knowledge. In some cases, attackers use header manipulation to steal cookies and harvest passwords.

SSL Certificate

An electronic document that confirms the identity of a website or server and verifies that a public key belongs to a trustworthy individual or company

data in-use

Any data currently being used by a computer. Because the computer needs to process the data, it is not encrypted while in use.

What are the characteristic features of Elliptic Curve Cryptography (ECC)? (Select 3 answers) Asymmetric encryption Low processing power requirements Suitable for small wireless devices High processing power requirements Symmetric encryption Not suitable for small wireless devices

Asymmetric encryption Low processing power requirements Suitable for small wireless devices

A type of encryption scheme that uses a paired public and private key is known as: (Select 2 answers) Secret-key encryption Asymmetric encryption Symmetric encryption Public-key encryption Session-key encryption

Asymmetric encryption Public-key encryption

What is a known plaintext attack?

Attacker has access to the ciphertext. Attacker also knows something about the plaintext that underlies the ciphertext. Most practical attack. Meet-in-the-middle is an example.

Chosen-Plaintext Analysis (CPA)

Attacker uses ciphertext that matches arbitrarily selected plaintext via the same algorithm technique.

Ciphertext-Only Analysis (COA)

Attacker uses known ciphertext collections.

What are the examples of key stretching algorithms? (Select 2 answers) ROT13 Twofish Bcrypt DSA PBKDF2

Bcrypt PBKDF2

Which cryptographic attack relies on the concepts of probability theory? KPA Brute-force Dictionary Birthday

Birthday

An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is known as: Replay attack Brute-force attack Dictionary attack Birthday attack

Brute-force attack

Which of the following terms illustrate(s) the security through obscurity concept? (Select all that apply) Code obfuscation Steganography SSID broadcast suppression Encryption Substitution ciphers

Code obfuscation Steganography SSID broadcast suppression Substitution ciphers

Shim

Collectively, MPLS labels are sometimes called a ____.

Which of the following terms is used in conjunction with the assumption that the output of a cryptographic function should be considerably different from the corresponding plaintext input? Confusion Obfuscation Collision Diffusion

Confusion

XSRF

Cross-Site Request Forgery

What does Cross-Site Request Forgery (CSRF) mean?

Cross-site request forgery (CSRF) is a type of website exploit carried out by issuing unauthorized commands from a trusted website user. CSRF exploits a website's trust for a particular user's browser, as opposed to cross-site scripting, which exploits the user's trust for a website.

What does Cryptanalysis mean?

Cryptanalysis is the decryption and analysis of codes, ciphers or encrypted text. Cryptanalysis uses mathematical formulas to search for algorithm vulnerabilities and break into cryptography or information security systems.

Examples of means that provide randomization during the encryption process include: (Select 3 answers) Cryptographic nonce Obfuscation Salting Initialization Vector (IV) Shimming

Cryptographic nonce Obfuscation Initialization Vector (IV)

(2) Symmetric-key algorithms

DES, 3DES, AES, Twofish, Blowfish, IDEA, Skipjack, RC2,RC4, RC5, RC6

A cryptographic standard for digital signatures is known as: DSA PFS DES RSA

DSA

DES

Data Encryption Standard is a symmetric-key algorithm for the encryption of electronic data. Although its short key length of 56 bits, criticized from the beginning, makes it too insecure for most current applications, it was highly influential in the advancement of modern cryptography.

Ciphertext

Data that has been encrypted.

data in-transit

Data that is in transit across a network, such as an email sent across the Internet.

Which of the three states of digital data requires data to be processed in an unencrypted form? Data-in-transit Data-at-rest Data-in-use

Data-in-use

Which password attack takes advantage of a predefined list of words? Birthday attack Replay attack Dictionary attack Brute-force attack

Dictionary attack

Which of the following answers refers to a commonly used asymmetric algorithm for secure exchange of symmetric keys? RC4 Bcrypt Diffie-Hellman RIPEMD

Diffie-Hellman

Which of the terms listed below is used to describe a situation where a small change introduced to the input data before encryption causes large changes in its encrypted version? Diffusion Confusion Obfuscation Collision

Diffusion

Where is a digital signature used?

Digital signatures are used in e-commerce, software distribution, financial transactions and other situations that rely on forgery or tampering detection techniques.

Which of the following block cipher modes is the simplest/weakest and therefore not recommended for use? CBC GCM ECB CTR

ECB

ECB

Electronic Code Book

Symmetric key algorithms are best used for:

Encryption of large amounts of data

A situation where cryptographic hash function produces two different digests for the same data input is referred to as hash collision. True False

False

Examples of techniques used for encrypting information include symmetric encryption (also called public-key encryption) and asymmetric encryption (also called secret-key encryption, or session-key encryption.) True False

False

Symmetric encryption algorithms require large amounts of processing power for both encryption and decryption of data which makes them much slower in comparison to asymmetric encryption ciphers. True False

False

Why is hashing used?

For confidentiality, a password can be "hashed" and the resulting hash sent over an untrusted network, if needed, for authentication, so the actual password is not transmitted.

Which of the block cipher modes listed below provides both data integrity and confidentiality? CBC GCM ECB CTR

GCM

Which of the following answers refers to the contents of a rainbow table entry? Hash/Password IP address/Domain name Username/Password Account name/Hash

Hash/Password

What is hashing also used for?

Hashing is done for indexing and locating items in databases because it is easier to find the shorter hash value than the longer string. Hashing is also used in encryption.

Which of the following authentication protocols offer(s) countermeasures against replay attacks? (Select all that apply) IPsec ( Your answer) MPLS PAP Kerberos ( Your answer) CHAP ( Your answer)

IPsec Kerberos CHAP

Pseudo-random data used in combination with a secret key in WEP and SSL encryption schemes is known as: Salt Shim IV Seed

IV

Cryptanalysis attack types include:

Known-Plaintext Analysis (KPA) Chosen-Plaintext Analysis (CPA) Ciphertext-Only Analysis (COA) Man-in-the-Middle (MITM) Attack Adaptive Chosen-Plaintext Attack (ACPA)

Which of the following are hashing algorithms? (Select all that apply) MD5 RIPEMD Bcrypt HMAC SHA

MD5 RIPEMD HMAC SHA

Hash collision

Occurs when the hashing algorithm creates the same hash from different passwords

Which of the answers listed below refers to a solution designed to strengthen the security of session keys? ECB PFS EFS PFX

PFS

Which of the following answers lists an example of a cryptographic downgrade attack? MITM KPA POODLE XSRF

POODLE

PFS

Perfect Forward Secrecy

PFX

Personal Exchange Format

Which of the algorithms listed below does not belong to the category of symmetric ciphers? RC4 DES RSA AES Blowfish 3DES Twofish

RSA

Which of the following cryptographic hash functions is the least vulnerable to attacks? SHA-1 RIPEMD SHA-512 MD5

SHA-512

Pseudo-random data added to a password before hashing is called: Shim Salt Seed IV

Salt

Which of the following answers refers to a type of additional input that increases password complexity and provides better protection against brute-force, dictionary, and rainbow table attacks? Seed IV Salt Shim

Salt

SSL

Secure Sockets Layer

A type of encryption scheme where the same key is used to encrypt and decrypt data is referred to as: (Select 3 answers) Session-key encryption Public-key encryption Symmetric encryption Asymmetric encryption Secret-key encryption

Session-key encryption Symmetric encryption Secret-key encryption

Adaptive Chosen-Plaintext Attack (ACPA)

Similar to a CPA, this attack uses chosen plaintext and ciphertext based on data learned from past encryptions.

Which of the answers listed below refer to obfuscation methods? (Select 3 answers) Encryption ( Your answer) Steganography ( Your answer) XOR cipher ( Your answer) Password salting ROT13 ( Missed)

Steganography XOR cipher ROT13

Which of the answers listed below refer to the Advanced Encryption Standard (AES)? (Select 3 answers) Symmetric-key algorithm 128-, 192-, and 256-bit keys Asymmetric-key algorithm Stream cipher algorithm 56-, 112-, and 168-bit keys Block cipher algorithm

Symmetric-key algorithm 128-, 192-, and 256-bit keys Block cipher algorithm

What are some other terms for Hashing Function?

This term is also known as a hashing algorithm or message digest function.

In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted by applying the same algorithm and a matching private key. True False

True

In cryptography, the number of bits in a key used by a cryptographic algorithm is referred to as a key size or key length. The key size determines the maximum number of combinations required to break the encryption algorithm, therefore typically a longer key means stronger cryptographic security. True False

True

In cryptography, the term "Key stretching" refers to a mechanism for extending the length of a cryptographic key to make it more secure against brute-force attacks. True False

True

In cryptography, the term "Secret algorithm" refers to an algorithm designed in a way that prevents the examination of its inner workings. True False

True

One of the measures for bypassing the failed logon attempt account lockout policy is to capture any relevant data that might contain the password and brute force it offline. True False

True

Rainbow tables are lookup tables used to speed up the process of password guessing. True False

True

The term "Ephemeral key" refers to an asymmetric encryption key designed to be used only for the duration of a single session or transaction. True False

True

Unlike stream ciphers which process data by encrypting individual bits, block ciphers divide data into separate fragments and encrypt each fragment separately. True False

True

Symmetric-key algorithms

Use the same key to perform both encryption and decryption

What are the characteristic features of a session key? (Select 2 answers) Used during a single session Asymmetric key Reused during multiple sessions Symmetric key

Used during a single session Symmetric key

What are the examples of weak/deprecated cryptographic solutions? (Select 3 answers) WEP AES SSL DES PGP

WEP SSL DES

What is a digital signature also known as?

electronic signature

Cryptographic nonce

is an arbitrary number that can be used just once in a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. They can also be useful as initialization vectors and in cryptographic hash functions.

CSRF

is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated

Symmetric Encryption

the same key is used to encode and decode

asymmetric encryption

two keys are used; one key encodes the message, and the other key decodes the message

Public Key Encryption

uses two keys: a public key that everyone can have and a private key for only the recipient


Related study sets

Heartsaver Ch. 1 - First Aid Basics

View Set

Preferred Stock and Stock Classifications

View Set

F420 Chapter 24: Portfolio Performance Evaluation

View Set

Digital Media Forensics - Cengage/MIndTap Labs

View Set