TestOut Security Pro All Section Quizzes (English 7.0)

You create a new document and save it to a hard drive on a file server on your company's network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal? Confidentiality Non-repudiation Integrity Availability

Confidentiality

Which of the following are often identified as the three main goals of security? (Select three.) -Non-repudiation -Assets -Employees -Policies -Confidentiality -Availability -Integrity

Confidentiality Availability Integrity Physical security includes all hardware and software necessary to secure data, such as firewalls and antivirus software.

You want to connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do? Configure the connection with a pre-shared key and AES encryption. Configure the connection to use 802.1x authentication and TKIP encryption. Configure the connection with a pre-shared key and TKIP encryption. Configure the connection to use 802.1x authentication and AES encryption.

Configure the connection with a pre-shared key and AES encryption.

You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you use them in the future? Encrypt the logs. Make two copies of each log and store each copy in a different location. Create a hash of each log. Store the logs in an offsite facility.

Create a hash of each log.

Which of the following functions are performed by a TPM? Provide authentication credentials Create a hash of system components Encrypt network data using IPsec Perform bulk encryption

Create a hash of system components

Hashing algorithms are used to perform which of the following activities? Provide for non-repudiation. Provide a means for exchanging small amounts of data securely over a public network. Create a message digest. Encrypt bulk data for communications exchange.

Create a message digest.

Which of the following encryption mechanisms offers the least security because of weak keys? DES AES TwoFish IDEA

DES

Which of the following should you set up to ensure encrypted files can still be decrypted if the original user account becomes corrupted? DRA GPG PGP VPN

DRA

Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt? Birthday attack Collision attack Dictionary attack Downgrade attack

Dictionary attack

Which of the following is a direct integrity protection? Asymmetric encryption Digital envelope Digital signature Symmetric encryption

Digital signature

What is the most obvious means of providing non-repudiation in a cryptography system? Hashing values Shared secret keys Public keys Digital signatures

Digital signatures

Which of the following security solutions would prevent a user from reading a file that she did not create? VPN EFS BitLocker IPsec

EFS

Which IPSec subprotocol provides data encryption? -AES -SSL -AH -ESP

ESP Encapsulating Security Payload (ESP) Protocol provides data encryption for IPSec traffic.

You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do? Implement BitLocker without a TPM. Have each user encrypt the entire volume with EFS. Have each user encrypt user files with EFS. Implement BitLocker with a TPM.

Implement BitLocker without a TPM.

You have downloaded a file from the internet. You generate a hash and check it against the original file's hash to ensure the file has not been changed. Which information security goal is this an example of? Authenticity Integrity Confidentiality Non-repudiation

Integrity

Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, which protection does the hashing activity provide? -Confidentiality -Availability -Integrity -Non-repudiation

Integrity Hashing of any sort, including within a digital signature, provides data integrity.

You are concerned that if a private key is lost, all documents encrypted with your private key will be inaccessible. Which service should you use to solve this problem? CSP RA OCSP Key escrow

Key escrow

Which of the following is the weakest hashing algorithm? AES SHA-1 MD5 DES

MD5

When a sender encrypts a message using their own private key, which security service is being provided to the recipient? Non-repudiation Availability Confidentiality Integrity

Non-repudiation

Your computer system is a participant in an asymmetric cryptography system. You've crafted a message to be sent to another user. Before transmission, you hash the message and then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. Which protection does the private key-signing activity of this process provide? Non-repudiation Confidentiality Availability Integrity

Non-repudiation

By definition, which security concept uses the ability to prove that a sender undeniably sent an encrypted message? -Non-repudiation -Integrity -Privacy -Authentication

Non-repudiation The ability to prove that a sender undeniably sent a message is known as non-repudiation. By various mechanisms in different cryptographic solutions, you can prove that only the sender would be able to have initiated a certain communication. Therefore, the sender cannot repute that they originated a message.

Cryptographic systems provide which of the following security services? (Select two.) Non-repudiation Encryption Confidentiality Cryptanalysis Decryption

Non-repudiation Confidentiality

Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments? Certificate Revocation List Private key recovery Online Certificate Status Protocol Key escrow

Online Certificate Status Protocol

Which of the following techniques involves adding random bits of data to a password before it is stored as a hash? Password salting Password sniffing Pass-the-hash attack Keylogging

Password salting

Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates? Hash values Private keys Cryptographic algorithm Public keys

Private keys

What does the hashing of log files provide? Prevention of log files being altered or overwritten Sequencing of files and log entries to recreate a timeline of events Prevention of the system running when the log files are full Confidentiality to prevent unauthorized reading of the files Proof that the files have not been altered

Proof that the files have not been altered

Which of the following can be classified as a stream cipher? Twofish RC4 AES Blowfish

RC4

An attacker is attempting to crack a system's password by matching the password hash to a hash in a large table of hashes he or she has. Which type of attack is the attacker using? RIPEMD Correct Answer:Cracking Brute force Rainbow

Rainbow

Which of the following password attacks uses preconfigured matrices of hashed dictionary words? Rainbow table attack Dictionary attack Hybrid attack Brute-force attack

Rainbow table attack

In the certificate authority trust model known as a hierarchy, where does trust start? Registration authority Third-party CA Issuing CA Root CA

Root CA

Which of the following does not or cannot produce a hash value of 128 bits? RIPEMD SHA-1 MD2 MD5

SHA-1

What is the process of adding random characters at the beginning or end of a password to generate a completely different hash called? Salting Collision Avalanche Deterministic

Salting

Mary wants to send a message to Sam in such a way that only Sam can read it. Which key should be used to encrypt the message? Sam's public key Mary's private key Mary's public key Sam's private key

Sam's public key

Which term means a cryptography mechanism that hides secret communications within various forms of data? Steganography Cryptanalysis Ciphertext Algorithm

Steganography

Which form of cryptography is best suited for bulk encryption because it is so fast? Asymmetric cryptography Symmetric key cryptography Hashing cryptography Public key cryptography

Symmetric key cryptography

An SSL client has determined that the certificate authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity? The master secret is generated from common key code. The CA's public key must validate the CA's digital signature on the server certificate. The post-master secret must initiate subsequent communication. The domain on the server certificate must match the CA's domain name.

The CA's public key must validate the CA's digital signature on the server certificate.

You have transferred an encrypted file across a network using the Server Message Block (SMB) Protocol. What happens to the file's encryption? The encryption carries over to the new location. An encrypted file cannot be moved using SMB. The encryption inherits from the new location. The file is unencrypted when moved.

The file is unencrypted when moved.

Which of the following would require that a certificate be placed on the CRL? The private key is compromised. The certificate validity period is exceeded. The encryption key algorithm is revealed. The signature key size is revealed.

The private key is compromised.

Which of the following database encryption methods encrypts the entire database and all backups? Transparent Data Encryption (TDE) Column-level Application-level Bitlocker

Transparent Data Encryption (TDE)

When a cryptographic system is used to protect data confidentiality, what actually takes place? Data is available for access whenever authorized users need it. Unauthorized users are prevented from viewing or accessing the resource. Encrypted data transmission is prohibited. Data is protected from corruption or change.

Unauthorized users are prevented from viewing or accessing the resource.

Which of the following items are contained in a digital certificate? (Select two.) Validity period Root CA secret key Private key Public key

Validity period Public key

Which standard is most widely used for certificates? 802.1x X.509 SSL v.3.0 HTTP 1.1

X.509

Your browser has blocked your from your crucial secure intranet sites. What could be the problem? The firewall administrator set up a rule that blocked the users. Your SSL certificate status has been revoked. You are using HTTP instead of HTTPS. You misconfigured a content filter.

Your SSL certificate status has been revoked.

You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about the file? Your copy is the same as the copy posted on the website. You can prove the source of the file. You are the only one able to open the downloaded file. No one has read the file contents as it was downloaded.

Your copy is the same as the copy posted on the website.

You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose? VPN BitLocker EFS IPsec

BitLocker

When two different messages produce the same hash value, what has occurred? Collision Hash value High amplification Birthday attack

Collision

Which method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence? File directory listing Serial number notation Hashing Photographs

Hashing

A birthday attack focuses on which of the following? VPN links Hashing algorithms E-commerce Encrypted files

Hashing algorithms

To obtain a digital certificate and participate in a public key infrastructure (PKI), what must be submitted and where? Identifying data with the MAC and IP addresses to the root certificate authority (CA) Identifying data and a secret key request to the subordinate distribution authority (DA) Identifying data with the 3DES block cipher to the hosting certificate authority (CA) Identifying data and a certification request to the registration authority (RA)

Identifying data and a certification request to the registration authority (RA)

You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. You use EFS to encrypt the C:\Secrets folder and its contents. Which of the following is true in this scenario? (Select two.) -------------------------------------- The EFS encryption process will fail. If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state. Only the user who encrypted the C:\Secrets\confidential.docx file is able to boot the computer from the encrypted hard disk. Any user who is able to boot the computer from the encrypted hard disk will be able to open the C:\Secrets\confidential.docx file. If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will remain in an encrypted state. By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.

If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state. By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.

You need to configure a wireless network using WPA2-Enterprise. Which of the following components should be part of your design? (Select two.) Open authentication TKIP encryption 802.1x Pre-shared keys WEP encryption AES encryption

802.1x AES encryption

Which of the following strategies can protect against a rainbow table password attack? Educate users to resist social engineering attacks Add random bits to the password before hashing takes place Encrypt the password file with one-way encryption Enforce strict password restrictions

Add random bits to the password before hashing takes place

A private key has been stolen. Which action should you take to deal with this crisis? Add the digital certificate to the CRL Delete the public key Recover the private key from escrow Place the private key in escrow

Add the digital certificate to the CRL

A PKI is an implementation for managing which type of encryption? Hashing Symmetric Asymmetric Steganography

Asymmetric

You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do? Use a PIN instead of a startup key. Save the startup key to the boot partition. Disable USB devices in the BIOS. Enable the TPM in the BIOS.

Enable the TPM in the BIOS.

In addition to Authentication Header (AH), IPsec is comprised of what other service? -Extended Authentication Protocol (EAP) -Encryption File System (EFS) -Advanced Encryption Standard (AES) -Encapsulating Security Payload (ESP)

Encapsulating Security Payload (ESP)

Travis is sending a highly confidential email to Craig that contains sensitive data. Which of the following should Travis implement to ensure that only Craig is able to read the email? -Spam filter -Virus scanner -Anti-phishing software -Encryption

Encryption Encryption causes data, such as the content of an email, to be unintelligible except to those who have the proper key to decrypt it.

Which utility would you MOST likely use on OS X to encrypt and decrypt data and messages? VPN IPsec GPG PGP

GPG

KWalletManager is a Linux-based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials? (Select two.) -GPG -HMAC-SHA1 -Kerberos -Twofish -Blowfish

GPG Blowfish KWalletManager offers two encryption options for protecting stored account credentials. These two encryption options are Blowfish and GPG.

What is the main function of a TPM hardware chip? Perform bulk encryption in a hardware processor Control access to removable media Provide authentication credentials on a hardware device Generate and store cryptographic keys

Generate and store cryptographic keys

Which of the following is a message authentication code that allows a user to verify that a file or message is legitimate? MD5 RIPEMD SHA HMAC

HMAC

Which of the following is used to verify that a downloaded file has not been altered? Symmetric encryption Private key Asymmetric encryption Hash

Hash