Chapter 7

Question 1

When a cryptographic system is used to protect data confidentiality, what actually takes place?

Data is protected from corruption or change.

Encrypted data transmission is prohibited.

Unauthorized users are prevented from viewing or accessing the resource.

Data is available for access whenever authorized users need it.

Answer 1

Unauthorized users are prevented from viewing or accessing the resource.

Question 2

Which term means a cryptography mechanism that hides secret communications within various forms of data?

Ciphertext
Cryptanalysis
Steganography
Algorithm

Answer 2

Steganography

Question 3

Which of the following algorithms are used in asymmetric encryption? (Select two.)

Diffie-Hellman
Blowfish
RSA
AES
Twofish

Answer 3

Diffie-Hellman
RSA

Question 4

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender.

Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission?

Sender’s private key
Sender’s public key
Receiver’s public key
Receiver’s private key

Answer 4

Sender’s public key

Question 5

Mary wants to send a message to Sam in such a way that only Sam can read it. Which key should be used to encrypt the message?

Sam’s private key
Mary’s private key
Sam’s public key
Mary’s public key

Answer 5

Sam’s public key

Question 6

Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?

Hash values
Private keys
Public keys
Cryptographic algorithm

Answer 6

Private keys

Question 7

Which of the following algorithms are used in symmetric encryption? (Select two.)

Blowfish
Diffie-Hellman
3DES
ECC
RSA

Answer 7

Blowfish
3DES

Question 8

Which of the following encryption mechanisms offers the least security because of weak keys?

TwoFish
AES
DES
IDEA

Answer 8

DES

Question 9

Which of the following can be classified as a stream cipher?

Twofish
RC4
Blowfish
AES

Answer 9

RC4

Question 10

Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt?

Downgrade attack
Collision attack
Birthday attack
Dictionary attack

Answer 10

Dictionary attack

Question 11

Cryptographic systems provide which of the following security services? (Select two.)

Cryptanalysis
Decryption
Non-repudiation
Encryption
Confidentiality

Answer 11

Non-repudiation
Confidentiality

Question 12

You have downloaded a file from the internet. You generate a hash and check it against the original file’s hash to ensure the file has not been changed. Which information security goal is this an example of?

Integrity
Authenticity
Confidentiality
Non-repudiation

Answer 12

Integrity

Question 13

Which of the following are true of Triple DES (3DES)?

Can easily be broken
Uses the Rijndael block cipher
Key length is 168 bits
Uses 64-bit blocks with 128-bit keys

Answer 13

Key length is 168 bits

Question 14

When a sender encrypts a message using their own private key, which security service is being provided to the recipient?

Integrity
Availability
Confidentiality
Non-repudiation

Answer 14

Non-repudiation

Question 15

Which of the following is a direct integrity protection?

Asymmetric encryption
Symmetric encryption
Digital signature
Digital envelope

Answer 15

Digital signature

Question 16

What is the most obvious means of providing non-repudiation in a cryptography system?

Public keys
Shared secret keys
Digital signatures
Hashing values

Answer 16

Digital signatures

Question 17

Which form of cryptography is best suited for bulk encryption because it is so fast?

Asymmetric cryptography
Symmetric key cryptography
Hashing cryptography
Public key cryptography

Answer 17

Symmetric key cryptography

Question 18

Your computer system is a participant in an asymmetric cryptography system. You’ve crafted a message to be sent to another user. Before transmission, you hash the message and then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user.

Which protection does the private key-signing activity of this process provide?

Integrity
Availability
Non-repudiation
Confidentiality

Answer 18

Non-repudiation

Question 19

What is the main function of a TPM hardware chip?

Provide authentication credentials on a hardware device
Control access to removable media
Generate and store cryptographic keys
Perform bulk encryption in a hardware processor

Answer 19

Generate and store cryptographic keys

Question 20

Which of the following functions are performed by a TPM?

Provide authentication credentials
Perform bulk encryption
Create a hash of system components
Encrypt network data using IPsec

Answer 20

Create a hash of system components

Question 21

A birthday attack focuses on which of the following?

E-commerce
VPN links
Encrypted files
Hashing algorithms

Answer 21

Hashing algorithms

Question 22

An attacker is attempting to crack a system’s password by matching the password hash to a hash in a large table of hashes he or she has.

Which type of attack is the attacker using?

Brute force
RIPEMD
Cracking
Rainbow

Answer 22

Rainbow

Question 23

When two different messages produce the same hash value, what has occurred?

Collision
Birthday attack
Hash value
High amplification

Answer 23

Collision

Question 24

Hashing algorithms are used to perform which of the following activities?

Provide a means for exchanging small amounts of data securely over a public network.
Encrypt bulk data for communications exchange.
Create a message digest.
Provide for non-repudiation.

Answer 24

Create a message digest.

Question 25

Which of the following is used to verify that a downloaded file has not been altered?

Hash
Private key
Symmetric encryption
Asymmetric encryption

Answer 25

Hash

Question 26

You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match.

What do you know about the file?

No one has read the file contents as it was downloaded.

Your copy is the same as the copy posted on the website.

You can prove the source of the file.

You are the only one able to open the downloaded file.

Answer 26

Your copy is the same as the copy posted on the website.

Question 27

Which of the following does not or cannot produce a hash value of 128 bits?

RIPEMD
MD5
SHA-1
MD2

Answer 27

SHA-1

Question 28

Which of the following is a message authentication code that allows a user to verify that a file or message is legitimate?

HMAC
MD5
RIPEMD
SHA

Answer 28

HMAC

Question 29

What is the process of adding random characters at the beginning or end of a password to generate a completely different hash called?

Collision
Avalanche
Deterministic
Salting

Answer 29

Salting

Question 30

Which of the following is the weakest hashing algorithm?

MD5
AES
SHA-1
DES

Answer 30

MD5

Question 31

You create a new document and save it to a hard drive on a file server on your company’s network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal?

Confidentiality
Integrity
Availability
Non-repudiation

Answer 31

Confidentiality

Question 32

Which of the following should you set up to ensure encrypted files can still be decrypted if the original user account becomes corrupted?

PGP
GPG
DRA
VPN

Answer 32

DRA

Question 33

You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose?

VPN
BitLocker
IPsec
EFS

Answer 33

BitLocker

Question 34

Which of the following security solutions would prevent a user from reading a file that she did not create?

EFS
VPN
IPsec

Answer 34

EFS

Question 35

You’ve used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you’ve used an external USB flash drive to store the BitLocker startup key.

You use EFS to encrypt the C:\Secrets folder and its contents.

Which of the following is true in this scenario? (Select two.)

If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state.

Only the user who encrypted the C:\Secrets\confidential.docx file is able to boot the computer from the encrypted hard disk.

If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will remain in an encrypted state.

The EFS encryption process will fail.

By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.

Any user who is able to boot the computer from the encrypted hard disk will be able to open the C:\Secrets\confidential.docx file.

Answer 35

If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state.

By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.

Question 36

Which utility would you MOST likely use on OS X to encrypt and decrypt data and messages?

VPN
PGP
IPsec
GPG

Answer 36

GPG

Question 37

You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device.

What should you do?

Use a PIN instead of a startup key.
Save the startup key to the boot partition.
Disable USB devices in the BIOS.
Enable the TPM in the BIOS.

Answer 37

Enable the TPM in the BIOS.

Question 38

You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files.

What should you do?

Have each user encrypt the entire volume with EFS.
Implement BitLocker without a TPM.
Implement BitLocker with a TPM.
Have each user encrypt user files with EFS.

Answer 38

Implement BitLocker with a TPM.

Question 39

Which of the following database encryption methods encrypts the entire database and all backups?

Column-level
Application-level
Transparent Data Encryption (TDE)
Bitlocker

Answer 39

Transparent Data Encryption (TDE)

Question 40

You have transferred an encrypted file across a network using the Server Message Block (SMB) Protocol. What happens to the file’s encryption?

The encryption carries over to the new location.
The file is unencrypted when moved.
The encryption inherits from the new location.
An encrypted file cannot be moved using SMB.

Answer 40

The file is unencrypted when moved.

Question 41

An SSL client has determined that the certificate authority (CA) issuing a server’s certificate is on its list of trusted CAs. What is the next step in verifying the server’s identity?

The CA’s public key must validate the CA’s digital signature on the server certificate.

The master secret is generated from common key code.

The domain on the server certificate must match the CA’s domain name.

The post-master secret must initiate subsequent communication.

Answer 41

The CA’s public key must validate the CA’s digital signature on the server certificate.

Question 42

Which of the following would require that a certificate be placed on the CRL?

The encryption key algorithm is revealed.
The certificate validity period is exceeded.
The private key is compromised.
The signature key size is revealed.

Answer 42

The private key is compromised.

Question 43

Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments?

Online Certificate Status Protocol
Key escrow
Certificate Revocation List
Private key recovery

Answer 43

Online Certificate Status Protocol

Question 44

A PKI is an implementation for managing which type of encryption?

Symmetric
Asymmetric
Hashing
Steganography

Answer 44

Asymmetric

Question 45

To obtain a digital certificate and participate in a public key infrastructure (PKI), what must be submitted and where?

Identifying data and a secret key request to the subordinate distribution authority (DA)

Identifying data and a certification request to the registration authority (RA)

Identifying data with the MAC and IP addresses to the root certificate authority (CA)

Identifying data with the 3DES block cipher to the hosting certificate authority (CA)

Answer 45

Identifying data and a certification request to the registration authority (RA)

Question 46

In the certificate authority trust model known as a hierarchy, where does trust start?

Root CA
Issuing CA
Third-party CA
Registration authority

Answer 46

Root CA

Question 47

Which standard is most widely used for certificates?

802.1x
HTTP 1.1
SSL v.3.0
X.509

Answer 47

X.509

Question 48

A private key has been stolen. Which action should you take to deal with this crisis?

Add the digital certificate to the CRL
Recover the private key from escrow
Place the private key in escrow
Delete the public key

Answer 48

Add the digital certificate to the CRL

Question 49

You are concerned that if a private key is lost, all documents encrypted with your private key will be inaccessible. Which service should you use to solve this problem?

RA
Key escrow
CSP
OCSP

Answer 49

Key escrow

Question 50

Which of the following items are contained in a digital certificate? (Select two.)

Private key
Root CA secret key
Validity period
Public key

Answer 50

Validity period

Public key