Intro to IT Security Chapter 6 Study Guide
Nonrepudiation
A manager working in ABC Consulting shared a list of employees from his team who were eligible for an extra week off. Later, he claimed that he has never shared this list. Which principle or functionality of a secured communication can be used to substantiate or verify the manager's claim?
Blockchain
A new e-commerce startup with global operations is looking for a method to manage its supply-chain data for production. Instead of using bar codes, scanners, paper forms, and individual databases, making the system difficult to use, which method should be used to quickly track shipments?
Cryptography should be implemented because it allows information to be viewed only by authorized users and checks whether the information has been altered or changed by anybody. It also makes the information unclear, even if other users see it. Cryptography is a more advanced technology than steganography. These features make cryptography the right choice for the enterprise to implement.
ABC Enterprise is a global operation. As such, it needs to send regular, confidential messages and data between offices to communicate important market information, employee decisions, financial decisions, etc., for management consideration and senior-level decision making. Since these decisions impact the local employees and global businesses, they suspect that these data may be prone to attacks from threat actors internally and externally. While one of the senior systems administrators suggested implementing steganography to achieve this objective, the IT Department head at another branch suggested implementing cryptography. The management team has now called you for expert advice to select the best method to implement in the enterprise. What should your advice be, and why?
ECC, as it uses sloping curves to generate keys. This makes it very secure for smaller key sizes making it secure and the communication exchange extremely fast.
ABC Enterprises plans to upgrade its internal confidential communication channel for the senior management team, which is geographically spread out, to enhance communication speed and security. They have decided to use cryptography to achieve this but can't decide on which model. The CEO has come to you for your suggestion on whether to use RSA or ECC. What should you recommend to the CEO, and why?
Use encrypted USBs in the enterprise because they automatically encrypt the information and give Alex remote access to the drive to monitor and disable the user.
Alex is working for Alpha Technology as a system administrator. The enterprise's sales team uses multiple external drives, often containing confidential data, that they carry between their offices and their clients' offices. What should Alex do to ensure that data is secure if it is stolen or lost, and why?
Diffusion
Alex needs to find a method that can change a single character of plaintext into multiple characters of ciphertext. Which method should Alex use?
Cryptographic hash algorithms
Blockchain relies on which cryptographic algorithm to make it computationally infeasible to try to replace a block or insert a new block of information without the approval of all entities involved?
Blockchain
Harry works at an automobile parts manufacturer. They sell these parts to retailers and deposit the proceeds in their bank. Using these funds, Harry pays the suppliers and employees. The Accounts Department maintains a ledger of all transactions of materials bought and sold. Similarly, the quality department and operations department also maintain a ledger of all transactions. Over the years, this process has become quite cumbersome, as growing data create confusion. Harry is looking at simplifying the process and has contacted you for a solution. Using which technology can this process be simplified and confusions avoided?
Asymmetric cryptographic
John needs to add an algorithm for his company communication process, in which encryption uses two keys. One is the public key, and the other one is a private key. Which algorithm will be suitable to achieve this?
Digital signature algorithm
John receives an encrypted document using asymmetric cryptography from Alex. Which process should Alex use along with asymmetric cryptography so that John can be sure that the received document is real, from Alex, and unaltered?
ROT13
Kainat is asked to suggest a cipher in which the entire alphabet is rotated (as in, A=N, B=O), making it difficult to identify. Which cipher should she suggest?
Check the digest of the file with the original digest. If the values are different, it can be confirmed that the file has been tampered with
Sigma solutions use hash algorithms in the communications between departments while transferring confidential files. A human resource employee informed you that one of the employees' salary statements sent from her end looks tampered with and requested your help. Which of the following tasks would enable you to identify whether the file is tampered with or not, and how will you make the determination?
Misconfiguration attack; the company should have configured a higher security hash algorithm rather than using the less-secure SHA 256.
Spectrum Technologies uses SHA 256 to share confidential information. The enterprise reported a breach of confidential data by a threat actor. You are asked to verify the cause of the attack that occurred despite implementing secure cryptography in communication. Which type of attack should you consider first, and why?
Symmetric cryptographic algorithm
Which algorithm encrypts and decrypts data using the same key?
Collision attack
Which attack sees an attacker attempt to determine the hash function's input strings that produce the same hash result?
Obfuscation
Which characteristic of cryptography makes information obscure or unclear, and by which the original information becomes impossible to be determined?
Asymmetric
Which cryptographic method should Susanne use to ensure that a document can be encrypted with a key and decrypted with a different key?
USB device encryption
Which encryption device you can use that has the following features? 1. It should allow administrators to remotely prohibit accessing the data on a device until it can verify the user status. 2. It can lock user access completely or even instruct the drive to initiate a selfdestruct sequence to destroy all data.
Trusted platform module
Which encryption is a chip on the motherboard of a computer that provides cryptographic services?
Full disk encryption
Which encryption method in BitLocker prevents attackers from accessing data by booting from another OS or placing the hard drive in another computer?
Nonrepudiation
Which feature of cryptography is used to prove a user's identity and prevent an individual from fraudulently reneging on an action?
Sponge
Which function in cryptography takes a string of any length as input and returns a string of any requested variable length?
SED
Which of the following devices can perform cryptographic erase?
Data in transit
Which of the following is a state of data, where data is transmitted across a network?
PRNG
Which of the following is used to create a sequence of numbers whose output is close to a random number?
A quantum computer is a computer that relies on qubits that can be both 0 and 1 at the same time.
Which of the following statements describe a quantum computer?
Opal
Which of the following uses hardware encryption technology to secure stored data and ensures the inseparability of SEDs among vendors?
Qubit
Which unit is used by quantum computers, making them faster and more efficient than normal computers?
AES
Wilson has requested your help to suggest an encryption method that will provide the highest security against attacks. Which encryption process should you suggest?
Ciphertext attack
Wireless data networks are particularly susceptible to which type of attack?
