Section 4: Understanding Bsic Cryptography Concepts

What does a digital certificate certify about an entity? A digital certificate certifies the ownership of the public key of the named subject of the certificate. A digital certificate certifies the ownership of the private key of the named subject of the certificate. A digital certificate certifies the ownership of the symmetric key of the named subject of the certificate. A digital certificate certifies the ownership of the bulk encryption key of the named subject of the certificate.

A digital certificate certifies the ownership of the public key of the named subject of the certificate.

Why is using ECDHE_ECDSA stronger than using RSA? ECDHE_ECDSA provides both data authenticity and confidentiality. ECDHE_ECDSA uses a much larger key size. ECDHE_ECDSA uses a pseudorandom function to generate the keying materials. If the server's private key is later compromised, all the prior TLS handshakes that are done using the cipher suite cannot be compromised.

If the server's private key is later compromised, all the prior TLS handshakes that are done using the cipher suite cannot be compromised.

Which two are true regarding the CA in a PKI deployment? (Choose two.) The CA is the trusted third party that signs the public keys of entities in a PKI-based system. The CA issues either a certificate revocation list (CRL) or uses an OCSP process to determine certificate validity. The CA becomes the center point of communications between two hosts using certificates that are issued by the CA. A root CA is not necessary in a PKI.

The CA is the trusted third party that signs the public keys of entities in a PKI-based system. The CA issues either a certificate revocation list (CRL) or uses an OCSP process to determine certificate validity.

Which statement describes the risk of not destroying a session key that is no longer used for completed communication of encrypted data? The attacker could have captured the encrypted communication and stored it while waiting for an opportunity to acquire the key. Systems can only store a certain number of keys and could be unable to generate new keys for communication. It increases the risk of duplicate keys existing for the key space of the algorithm. The risk of weaker keys being generated increases as the number of keys stored increases.

The attacker could have captured the encrypted communication and stored it while waiting for an opportunity to acquire the key.

What best describes a brute-force attack? breaking and entering into a physical building or network closet an attacker's attempt to decode a cipher by attempting each possible key combination to find the correct one a rogue DHCP server that is posing as a legitimate DHCP server on a network segment an attacker inserting itself between two devices in a communication session and then taking over the session.

an attacker's attempt to decode a cipher by attempting each possible key combination to find the correct one

Which option describes the concept of using a different key for encrypting and decrypting data? symmetric encryption avalanche effect asymmetric encryption cipher text

asymmetric encryption

Which type of encryption algorithm use different but related keys to encrypt and decrypt data? symmetric encryption algorithm Diffie-Hellman algorithm asymmetric encryption algorithm dodecaphonic algorithm

asymmetric encryption algorithm

What describes the concept of small changes in data causing a large change in the hash algorithm output? butterfly effect Fibonacci effect keyed effect avalanche effect

avalanche effect

To provide origin authentication, the sender encrypts the message using an asymmetric encryption algorithm. In this case, what must the receiver of the message use to decrypt the message? sender's digital signature sender's shared key sender's private key sender's public key

sender's public key

What are five components of the X.509v3 certificate standard? (Choose five.) serial number username issuer validity date range subject subject public key info department name

serial number issuer validity date range subject subject public key info

To facilitate encrypted bulk data transfer using the TLS protocol, the shared secret key that is sent from the client to the server is encrypted with which key? client public key client private key server's public key server's private key

server's public key

Which two options must be included in the CSR that is to be signed by a CA? (Choose two.) subject's public key information written invitation code to join the CA subject identity information certificate intended usage

subjects public key info subject identity info

Which type of encryption algorithm uses the same key to encrypt and decrypt data? symmetric encryption algorithm Diffie-Hellman algorithm asymmetric encryption algorithm dodecaphonic algorithm

symmetric encryption algorithm

If a client connected to a server using SSHv1 previously, how should the client be able to authenticate the server? The same encryption algorithm will be used each time and will be in the client cache. The server will autofill the stored password for the client upon connection. The client will receive the same public key that it had stored for the server. The server will not use any asymmetric encryption, and jump right to symmetric encryption.

the client will receive the same public key that it had stored for the server

What three things does the client validate on inspection of a server certificate? (Choose three.) The subject matches the URL that is being visited. The website was already in the browser's cache. A root DNS server provided the IP address for the URL. The current time is within the certificate's validity date. The signature of the CA that is in the certificate is valid. The client already has a session key for the URL.

the subject matches the URL that is being visited the current time is within the certs validity rate the signature of the CA that is in the cert is valid

How many encryption key bits are needed to double the number of possible key values that are available with a 40-bit encryption key? 41 bits term-7 80 bits 120 bits 160 bits

41 bits

Which encryption algorithm is the preferred symmetrical algorithm that is intended to replace 3DES? DES SHA256 DSA AES MD5 RSA

AES

Which four encryption protocols and protective algorithms are identified in the NSA Suite B specification? (Choose four.) AES MD5 ECDSA Diffie-Hellman Group5 ECDH 3DES SHA-2

AES ECDSA ECDH SHA-2

Which part of the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 cipher suite is used to specify the bulk encryption algorithm? ECDHE_ECDSA AES_128_CBC SHA256 P384

AES_128_CBC

Why isn't asymmetric encryption used to perform bulk encryption? Asymmetric algorithms are substantially slower than symmetric algorithms. Asymmetric algorithms are easier to break than symmetric algorithms. Symmetric algorithms can provide authentication and confidentiality. Symmetric algorithms use a much larger key size.

Asymmetric algorithms are substantially slower than symmetric algorithms.

What are two examples of the impacts of cryptography on security investigations that an analyst must know? (Choose two.) Attackers can attack the cryptographic algorithms. Cryptographic algorithms make it impossible for an attacker to carry out an attack. Attackers can use cryptography to hide their attacks. Cryptography does not offer any security against attacks.

Attackers can attack the cryptographic algorithms. Attackers can use cryptography to hide their attacks.

Which method allows you to verify entity authentication, data integrity, and authenticity of communications, without encrypting the actual data? Both parties calculate an authenticated MD5 hash value of the data accompanying the message—one party uses the private key, while the other party uses the public key. Both parties to the communication use the same secret key to produce a message authentication code to accompany the message. Both parties calculate a CRC32 of the data before and after transmission of the message. Both parties obfuscate the data with XOR and a known key before and after transmission of the message.

Both parties to the communication use the same secret key to produce a message authentication code to accompany the message.

Which option is the block cipher mode that uses an encryption method which has a feedback mechanism where each plaintext block is XORed with the previously encrypted block, and then is encrypted with the DES key? ECB DES CBC 3DES

CBC

When using PKI, which two of the following are true? (Choose two.) Currently, PKI digital identity certificates use the X.509 version 3 structure. Currently, the PKI architecture requires that the client devices stay in constant contact with the CA to trust a certificate that is issued by the CA. A client device must trust the CA to validate another device certificate that is issued by the same CA. The CA does not sign the user or device certificate; it only signs its own root certificate.

Currently, PKI digital identity certificates use the X.509 version 3 structure. A client device must trust the CA to validate another device certificate that is issued by the same CA.

What are two key factors in determining the key length requirement? (Choose two.) Data that is more sensitive and needs to be kept secret longer must use longer keys. Choose the key length according to the type of encryption algorithm that is to be used. You should choose the key length so that it protects data confidentiality or integrity for enough time. Key length depends on the support of the device that will be using the key.

Data that is more sensitive and needs to be kept secret longer must use longer keys. You should choose the key length so that it protects data confidentiality or integrity for enough time.

Which encryption methodology allows you to maintain the privacy of an email communication, and ensure the origin of the message using PGP? Encrypt the message with your public key and send your private key to the destination in a separate email so that the recipients can decrypt your message and know that you sent them the key. Encrypt the message with your private key, and again with the destination's public key, so that the recipients can decrypt the message with their private key and your public key. Encrypt the message with your public key, and again with the destination's private key, so that the recipients can decrypt the message with your private key and their public key. Encrypt the message with the destination's private key so that the recipients can decrypt it with their private key and know that they are the only party who generated the private key.

Encrypt the message with your private key, and again with the destination's public key, so that the recipients can decrypt the message with their private key and your public key.

When hashing different data sets, which algorithm is most susceptible to collision? MD5 SHA-1 SHA-256 SHA-512

MD5 dont use this swine

Which two methods might be used by an analyst to detect SSL/TLS encrypted CnC communication? (Choose two.) Perform decryption and inspection of SSL/TLS traffic. Perform firewall HTTP application inspection to detect the CnC traffic. Perform IPS HTTP deep packets inspection to detect the CnC traffic. Perform analysis of the NetFlow data to detect anomalous TLS/SSL flows.

Perform decryption and inspection of SSL/TLS traffic. Perform analysis of the NetFlow data to detect anomalous TLS/SSL flows.

Which TCP port does SSL/TLS use for HTTPS communications? TCP 563 TCP 626 TCP 80 TCP 443

TCP 443

Which PKI operation would likely cause out-of-band communication over the phone? The client checks with the CA to determine whether a certificate has been revoked. The client validates with the CA to determine if the peer that they are communicating with is the entity that is identified in a certificate. A new signed certificate is received by the certificate applicant from the CA. The CA administrator contacts the certificate applicant to verify enrollment data before the request can be approved.

The CA administrator contacts the certificate applicant to verify enrollment data before the request can be approved.

Regarding the Diffie-Hellman Key Agreement, which statement is true? The higher the Diffie-Hellman group number indicates a smaller key size. The higher the Diffie-Hellman group number indicates a larger key size. The higher the Diffie-Hellman group number indicates no difference in processing requirements. The higher the Diffie-Hellman group number indicates a smaller prime number (p).

The higher the Diffie-Hellman group number indicates a larger key size.

What is the first exchange during SSHv1 authentication negotiation? The server requests a username and password from the user. The server sends a public key to the client. The client generates a session key. The client and server agree upon the encryption algorithm.

The server sends a public key to the client.

Which two statements are correct regarding NSA Suite B? (Choose two.) Use AES with 128- or 256-bit keys in the GCM mode. The SHA-1 message digest has stronger security than SHA-2. NSA Suite B calls for AES CBC mode because it can provide authenticated encryption. NSA Suite B calls for ECDH, which is a more advanced variant of the Diffie-Hellman algorithm using the elliptic curve mathematics model.

Use AES with 128- or 256-bit keys in the GCM mode. NSA Suite B calls for ECDH, which is a more advanced variant of the Diffie-Hellman algorithm using the elliptic curve mathematics model.

Which attack can be used to find collisions in a cryptographic hash function? birthday attack chosen-plaintext attack ciphertext-only attack chosen-ciphertext attack

birthday attack

In which type of an attack does the attacker try every possible key with the decryption algorithm, knowing that eventually one key will work? chosen-ciphertext attack ciphertext-only attack brute-force attack birthday attack

brute force attack

Many legacy cipher suites available in TLS are deemed insecure. Which three of the following traits make them insecure? (Choose three.) cipher suites using DES cipher suites using RC4 cipher suites using AES cipher suites using MD5 cipher suites using SHA-256

cipher suites using DES cipher suites using RC4 cipher suites using MD5

After encryption has been applied to a message, what is the message identified as? message digest ciphertext hash result fingerprint

ciphertext

Which method of cryptanalysis should you use if you only have access to the cipher text messages (all of which have been encrypted using the same encryption algorithm), and want to perform statistical analysis to attempt to determine the potentially weak keys? birthday attack chosen-plaintext attack ciphertext-only attack chosen-ciphertext attack

ciphertext-only attack

Which two statements best describe the impact of cryptography on security investigations? (Choose two.) All the employee's SSL/TLS outbound traffic should be decrypted and inspected since it requires minimal resources on the security appliance. Cryptographic attacks can be used to find a weakness in the cryptographic algorithms. With the increased legitimate usage of HTTPS traffic, attackers have taken advantage of this blind spot to launch attacks over HTTPS more than ever before. Encryption does not pose a threat to the ability of law enforcement authorities to gain access to information for investigating and prosecuting cybercriminal activities.

cryptographic attacks can be used to find a weakness in the cryptographic algorithms With the increased legitimate usage of HTTPS traffic, attackers have taken advantage of this blind spot to launch attacks over HTTPS more than ever before.

What is the main reason to use a hash algorithm for a message? authentication confidentiality availability integrity

integrity

Why is a digital signature used to provide the authenticity of digitally signed data? Both the signer and the recipient must first agree on a shared secret key that is only known to both parties. Both the signer and the recipient must first agree on the public/private key pair that is only known to both parties. Only the signer has sole possession of the private key. Only the recipient has a copy of the private key to decrypt the signature

only the signer had sole possession of the private key

Non-repudiation

original source of a message cant deny having produced the message

Which two parts of the Diffie-Hellman process are arbitrary items that are agreed upon by both parties before any mathematical calculations? (Choose two.) prime number secret key public key generator

prime number generator

Which five of the following options does the process of key management deal with? (Choose five.) subject identity secure generation verification identification exchange storage matching destruction of keys

secure generation verification exchange storage destruction of keys

What best explains key space as it relates to cryptography? the amount of time that a brute force attempt would take to discover the key the number of possible keys that could be generated by an algorithm the number of bits that are contained in a key the randomness of a generated key

the number of possible keys that could be generated by an algorithm

Which type of ciphers rearrange or permutate letters? transposition poly alphabetic substitution one-time pad

transposition

Which option was used by Diffie-Hellman to determine the strength of the key that is used in the key agreement process? DH prime number (p) DH base generator (g) DH group DH modulus

DH Group

To communicate that a document is using a digital signature, what is the next step in the process after a hash of the document is calculated by the sender? The hash is appended to the end of the document. The hash is stored by the sender. The hash is encrypted using the private key of the sender. The hash is encrypted using a symmetric encryption algorithm. The hash is signed using the public key of the receiver.

The hash is encrypted using the private key of the sender.

Which statement best describes cryptanalysis? The practice of creating codes to obscure the meaning of plaintext data. The practice of breaking codes to obtain the fingerprint of encrypted data. The practice of creating one-way encryption cryptographic algorithms. The practice of breaking codes to obtain the meaning of encrypted data.

The practice of breaking codes to obtain the meaning of encrypted data.

Origin Authentication

any received messages were actually sent from the perceived origin

Data Integrity

changes to data in transit will be detected and rejected

What is the main reason to use an encryption algorithm on a message? authentication confidentiality availability integrity

confidentiality

Which three security services are provided by digital signatures? (Choose three.) confidentiality integrity non-repudiation authenticity availability

integrity non-repudiation authenticity

What is used to determine the strength of a modern encryption algorithm? encryption operations OSI layer cipher block size key size message digest (fingerprint) size

key size

One cryptanalysis method that is used to defeat a multi-step encryption process uses both the original cleartext to work forward toward an intermediate value, and the ending ciphertext to work backward toward an intermediate value so that the key space that is to be defeated is smaller and more computationally manageable. Which one of the following terms describes this method? brute-force attack meet-in-the-middle attack ciphertext-only attack birthday attack

meet in the middle attack

Confidentiality

only authorized parties can read a message