# 4 - Cryptography Flashcards

1
Q
1. The strength of a crypto system is based on all but which of the following?a. Algorithmb. Size of keyspacec. Intialization vectord. Length of key
A

B: The size of the keyspace does not have a direct correlation to the strength of the crypto system. The keyspace is simply the range of values defined by the algorithm that can be used to construct keys.

2
Q
1. Which of the following is not a goal of cryptography?a. Confidentialityb. Non-repudiationc. Availabilityd. Integrity
A

C: Availability is not a goal of cryptography.

3
Q
1. What type of cipher is subject to cracking by means of period analysis?a. transposition cipherb. Vernam cipherc. Running key cipherd. polyalphabetic cipher
A

D: A polyalphabetic cipher is subject to cracking by means of period analysis.

4
Q
1. The strength of a cryptosystem is based on all but which of the following?a. algorithmb. the length of the plaintextc. secrecy of the keysd. initialization vectors
A

B: The strength of a cryptosystem is not based on the length of the plaintext or even the content of the plaintext. The message to be encrypted is not a determining factor in the strength of a cryptosystem.

5
Q
1. Which of the following is not a goal of cryptosystems?a. confidentialityb. non-repudiationc. availabilityd. integrity
A

C: Availability is not a goal of cryptosystems. Cryptosystems do not address the need to make resources available, accessible, or delivered in a timely manner. The goals of cryptosystems is to provide for confidentiality, non-repudiation, integrity, and authenticity.

6
Q
1. The action of dividing a plaintext message into fixed length segments and applying the same algorithm to each segment to hide the message is known as?a. clusteringb. end-to-end encryptionc. encryption streamingd. block ciphering
A

D: Block ciphering is the action of dividing a plaintext message into fixed length segments and applying the same algorithm to each segment to hide the message.

7
Q
1. An unintelligible message is also called what?a. cryptogramb. cipherc. coded. algorithm
A

A: A cryptogram or ciphertext is an unintelligible message - it is a plaintext that has been transformed into a protected message through the application of cryptography.

8
Q
1. Which of the following is different than the others?a. Cryptologyb. End to end encryptionc. Link encryptiond. Stream cipher
A

A: Cryptology is the one item from this list different from the others since it is the parent concept that contains the others. Cryptology is a method of storing and transmitting data in a form that can be read and processed only by the intended recipient.

9
Q
1. The process of hiding the meaning of a message by using a mechanism which shifts each letter of the alphabet by three letters is known as?a. polyalphabetic cipherb. monoalphabetic substitution cipherc. transposition cipherd. running key cipher
A

B: The process of hiding the meaning of a message by using a mechanism which shifts each letter of the alphabet by three letters is known as a monoalphabetic substitution cipher.

10
Q
1. A cryptosystem is comprised of all but which of the following?a. plaintextb. keyc. a one way hashd. algorithm
A

C: A cryptosystem may use a one way mathematical function as its algorithm, but not all algorithms are one way. A one way hash is used to check integrity but not for confidentiality.

11
Q
1. The cryptography mechanism which hides information within images is known as?a. steganographyb. codingc. substitutiond. tuple
A

A: Steganography is the cryptography mechanism which hides information within images.

12
Q
1. Which of the following was selected to replace Triple DES (3DES) in 2001?a. Twofish Algorithmb. Advanced Encryption Standard (AES)c. IDEA cipherd. RC5
A

B: AES is the replacement for 3DES.

13
Q
1. The art and science of hiding the meaning of communications from unintended recipients is known as? a. Cryptanalysisb. Steganographyc. Cryptographyd. Ciphering
A

C: Cryptography is art and science of hiding the meaning of communications from unintended recipients. However, this is an incomplete answer for this question since there are additional ways to perform this activity.

14
Q
1. The art of obtaining the plaintext (i.e. the original message) or the key from ciphertext is known as?a. Steganography b. Cryptography c. Ciphering d. Cryptanalysis
A

D: Cryptanalysis is the art of obtaining the plaintext (i.e. the original message) or the key from ciphertext.

15
Q
1. The set of mathematical rules that dictate how enciphering and deciphering take place is known as the?a. keyb. ciphertextc. coded. algorithm
A

D: The set of mathematical rules that dictate how enciphering and deciphering take place is known as the algorithm.

16
Q
1. What must be kept secret in order for a cryptosystem to provide any form of protection for messages?a. keyb. algorithmc. keyspaced. block size
A

A: The key of a cryptosystem must be kept secret in order to protect the security provided by encryption.

17
Q
1. When using end-to-end encryption, the actual process of encryption occurs at what level of the OSI model?a. Physical layerb. Application layerc. Network layerd. Session layer
A

B: End-to-end encryption performs its encryption at the application layer.

18
Q
1. When using link encryption, the actual process of encryption occurs at what level of the OSI model?a. Application layerb. Session layerc. Presentation layerd. Network layer
A

D: Link encryption performs its encryption at the network layer.

19
Q
1. The most common mathematical Boolean operation performed by cryptographic systems is?a. Elliptical curveb. Discrete algorithmc. ANDingd. Exlusive OR
A

D: Exclusive OR is the most common mathematical Boolean operation performed by cryptographic systems.

20
Q
1. Which of the following is not true in regards to a one-time pad?a. Extremely practiced for modern applicationsb. Often used as a stream cipherc. True random codes makes one-time pads unbreakabled. The key length is the same as the length of the original message
A

A: One-time pads are not suitable for modern applications, primarily due to the inability for a computer to create truly non-repeating random codes and the problem of securely exchanging the pad with communication partners.

21
Q
1. When the same ciphertext is produced when a single plaintext is encrypted using two different keys is known as?a. collusionb. clusteringc. polyinstantiationd. scavenging
A

B: Clustering occurs when the same ciphertext is produced when a single plaintext is encrypted using two different keys.

22
Q
1. A cryptographic transformation that operates at the word or phrase level is known as?a. cipherb. block cipherc. code cipherd. streaming cipher
A

C: A code cipher or just a code is a cryptographic transformation that operates as the word or phrase level.

23
Q
1. When data is encrypted for the entire trip across an untrusted network from source to destination is known as?a. work factor encryptionb. link encryptionc. streaming encryptiond. end-to-end encryption
A

D: End-to-end encryption is a form of communications encryption where the data is encrypted for the entire trip across an untrusted network from source to destination.

24
Q
1. Which of the following mechanisms always encrypts the entire message or data packet including the header?a. link encryptionb. end-to-end encryptionc. IPSec in transport moded. PPTP tunnels with CHAP
A

A: Link encryption encrypts the entire packet.

25
Q
1. A vernam cipher is an example of what type of cryptographic system?a. transposition cipherb. running key cipherc. polyalphabetic substitution cipherd. one-time pad
A

D: Vernam cipher is an example of a one-time pad.

26
Q
1. The Escrowed Encryption Standard (EES) is embodied in which of the following?a. Clipper chipb. Data Encryption Standard (DES)c. A symmetric cryptographic systemd. Digital Signature Standard (DSS)
A

A: The Escrowed Encryption Standard (EES) is embodied in the clipper chip.

27
Q
1. The skipjack algorithm used in the clipper chip used what length of key?a. 56b. 80c. 128d. 256
A

B: Skipjack uses an 80-bit key.

28
Q
1. The goals or benefits of a cryptosystem include protection or support for all but which of the following?a. Availabilityb. Confidentialityc. Integrityd. Non-repudiation
A

A: Availability is not a benefit of a cryptosystem.

29
Q
1. A polyalphabetic cipher is vulnerable to what form of attack?a. birthday attackb. frequency analysis c. period analysis d. collision
A

C: A polyalphabetic cipher is vulnerable to a period analysis.

30
Q
1. Which crypotographic system is vulnerable to frequency analysis?a. vernam cipher b. running key cipherc. transposition cipherd. code ciphers
A

C: Transposition ciphers are vulnerable to frequency analysis.

31
Q
1. Which of the following terms is out of place when compared to the others?a. symmetric key b. secret keyc. public keyd. shared common key
A

C: Public key is only found in asymmetric cryptographic systems.

32
Q
1. Which of the following terms is out of place when compared to the others?a. asymmetric cryptography b. public key cryptographyc. key pairsd. bulk encryption
A

D: Symmetric cryptography is better suited for bulk encryption than asymmetric cryptography.

33
Q
1. Triple DES (Data Encryption Standard) uses what effective key bit length?a. 168b. 56c. 112d. 256
A

A: 3DES uses a 168-bit key (three times DES’s 56 bit key).

34
Q
1. All but which of the following is an example of steganography?a. micro dotsb. hiding data in a bad sector on a hard drivec. watermarksd. hiding a text message in a visual image
A

B: Hiding data in a bad sector on a hard drive is an example of the use of a covert storage channel, not steganography.

35
Q
1. The time, effort, and/or cost involved in breaking a cryptographic system is known as?a. algorithmb. key lengthc. work functiond. key space
A

C: The work function is the time, effort, and/or cost involved in breaking a cryptographic system.

36
Q
1. The strength of a cryptosystem is dependant upon all but which of the following?a. Algorithm b. Secrecy of the keyc. Initialization vectord. Length of ciphertext
A

D: The strength of a cryptosystem is not dependant upon the length of the ciphertext, i.e. the output of the system.

37
Q
1. What asymmetric cryptographic system is based upon the product of two very large prime numbers?a. RSA (Rivest, Shamir, and Addleman)b. Diffie-Hellmanc. Merkle-Hellman Knapsack d. El Gamal
A

A: RSA is based upon the product of two very large prime numbers.

38
Q
1. What cryptographic system includes a method by which secret keys can be exchanged securely over an insecure medium?a. Havalb. Diffie-Hellmanc. Rijndaeld. El Gamal
A

B: Diffie-Hellman is an asymmetric cryptographic system that includes a method by which secret keys can be exchanged securely over an insecure medium.

39
Q
1. All but which of the following are true regarding elliptic curve cryptosystems (ECC) ?a. can be used to implement Diffie-Hellman, El Gamal, or Schnorr public key algorithmsb. smaller key sizes used in ECC can result in higher levels of security than larger non-ECC algorithmsc. not suitable for hardware applicationsd. can be used for digital signatures, encryption, and key management
A

C: ECC is suitable for hardware applications.

40
Q
1. What encryption system was selected to replace Triple Data Encryption Standard (3DES)?a. TwoFishb. Advanced Encryption System (AES)c. IDEAd. RC5
A

B: Advanced Encryption System (AES) using the Rijndael cipher is the replacement for 3DES.

41
Q
1. Which of the following is a symmetric block cipher?a. MD5b. Havalc. TwoFishd. El Gamal
A

C: TwoFish is a symmetric block cipher.

42
Q
1. Which of the following is not a valid key length for Advanced Encryption System (AES)?a. 256b. 192c. 128d. 64
A

D: AES does not support the use of a 64-bit key.

43
Q
1. A certificate issued by a publicly trusted CA will usually contain all but which of the following?a. serial numberb. identity informationc. signature of issuing authorityd. IP address
A

D: A certificate issued by a publicly trusted CA will not contain IP address information.

44
Q
1. Which of the following is not true in regards to a Registration Authority system in a PKI solution?a. it issues new certificatesb. it confirms the identity of a subjectc. it distributes the certificate revocation list (CRL)d. it helps share the workload with the certificate authority (CA)
A

A: An RA does not issue new certificates.

45
Q
1. A message digest provides for which of the following?a. Confidentialityb. Integrityc. Authenticationd. Non-repudiation
A

B: A message digest (a.k.a. a hash function) provides for integrity.

46
Q
1. The IDEA cipher uses what key length?a. 128b. 112c. 64d. 56
A

A: IDEA uses a 128-bit key length.

47
Q
1. The cryptographic system that uses key pairs, where one key is kept secret and one is freely and publicly distributed is known as?a. symmetric cryptosystemb. asymmetric cryptosystemc. digital signature cryptosystemd. message digest cryptosystem
A

B: An asymmetric cryptosystem is one that uses key pairs, where one key is kept secret and one is freely and publicly distributed.

48
Q
1. Which of the following is not a benefit of a public key cryptographic system?a. no need to exchange secret keysb. the private key cannot be derived from the public keyc. no need to perform key distributiond. when one of the keys in a key pair is used to encrypt a message, only the key’s partner can be used to decrypt that message
A

C: Public key cryptographic systems still require some form of key distribution in order to get the public keys out in the public so recipients of messages can use them to decrypt messages encrypted with a communication partner’s private key.

49
Q
1. What cryptographic system is dependant upon the use of a trapdoor one-way function?a. symmetric key cryptographyb. message digest algorithmsc. Cryptosystems relying upon key exchanged. asymmetric key cryptography
A

D: Asymmetric key cryptography (public key cryptography) is dependant upon the use of a trapdoor one-way function.

50
Q
1. Which of the following is not an encryption system designed to provide security for Internet based e-mail?a. Privacy Enhanced Mail (PEM)b. MIME Object Security Services (MOSS)c. Pretty Good Privacy (PGP)d. Secure Electronic Transaction (SET)
A

D: SET is an e-commerce encryption protocol for used in Web transactions, not e-mail.

51
Q
1. Which of the following used IDEA for encryption?a. Pretty Good Privacy (PGP)b. MIME Object Security Services (MOSS)c. Privacy Enhanced Mail (PEM)d. Secure Electronic Transaction (SET)
A

A: PGP uses IDEA for encryption.

52
Q
1. Which of the following is similar to a cyclic redundancy check (CRC) that is appended to a message prior to transmission to ensure integrity?a. Secure Electronic Transaction (SET)b. Financial Institution Message Authentication Standard (FIMAS)c. MIME Object Security Services (MOSS)d. Transaction Layer Security (TLS)
A

B: FIMAS is similar to a cyclic redundancy check (CRC) that is appended to a message prior to transmission to ensure integrity.

53
Q
1. ________ authenticates the server to the client using RSA public key cryptography and digital certificates, uses 3DES and MD5 hash functions, and can be used to provide security communications for Telnet, FTP, and HTTP.a. MONDEXb. Message Authentication Code (MAC)c. Secure Sockets Layer (SSL)d. Secure Multipurpose Internet Mail Extensions (S/MIME)
A

C: SSL (and TLS) authenticates the server to the client using RSA public key cryptography and digital certificates, uses 3DES and MD5 hash functions, and can be used to provide security communications for Telnet, FTP, and HTTP.

54
Q
1. Which of the following is not true in regards to hash functions?a. Its secrecy and security is in its one-way-nessb. the hash function algorithm is publicly knownc. the original plaintext can be reconstructed from the hash value or message digestd. produces a fixed length hash value no matter what the length of the inputted plaintext
A

C: The original plaintext cannot be reconstructed from the hash value or message digest.

55
Q
1. Which of the following is not true?a. A message can be encrypted for confidentiality. b. A message can be digitally signed for authentication and integrity.c. A message can be encrypted and digitally signed for confidentiality, integrity, and authentication.d. A message can be hashed for confidentiality.
A

D: A message can be hashed for integrity, not confidentiality.

56
Q
1. Which of the following hash functions results in a 160-bit hash value?a. SHA-1b. Havalc. MD5d. MD2
A

A: SHA-1 produces a 160-bit hash value.

57
Q
1. Which of the following are the two components that comprise IPSec?a. RARP and ARPb. IGMP and RIPc. TCP and UDPd. AH and ESP
A

D: AH (Authentication Header) and ESP (Encapsulated Security Payload) are the two components of IPSec.

58
Q
1. IPSec is able to provide all but which of the following?a. availabilityb. encryptionc. non-repudiationd. authentication
A

A: IPSec does not provide for availability.

59
Q
1. In which IPSec mode is the data of the IP packet encrypted but the original header is not?a. Tunnel modeb. Transport modec. VPN moded. Link mode
A

B: In IPSec transport mode, the data of the IP packet is encrypted, but the original header is not.

60
Q
1. Which of the following is not a protocol used by IPSec for key management?a. ISAKMP (Internet Security Association and Key Management Protocol)b. Oakley Key Determination Protocolc. Merkle-Hellman Knapsackd. SKEME (Secure Key Exchange Mechanism)
A

C: Merkle-Hellman Knapsack is not a public key algorithm found in the Internet Key Exchange (IKE) of IPSec.

61
Q
1. Which of the following is an alternative to SSL to provide secure Web transactions?a. Internet Key Exchange (IKE)b. Internet Secure Trading Protocol (ISTP)c. Financial Institution Message Authentication Standard (FIMAS)d. Secure Hypertext Transfer Protocol (S-HTTP)
A

D: S-HTTP is an alterative to SSL to provide secure Web transactions.

62
Q
1. All but which of the following statements are true?a. Key length should be long enough to provide the necessary level of protection for the encrypted data. b. Keys need not be stored and transmitted securely, as long as they are long enough.c. Keys should be truly random and use the full spectrum of the key space. d. The more often a key is used, the shorter its lifetime should be.
A

B: Keys need to be stored and transmitted securely, otherwise the system offers no assurance of security.

63
Q
1. Which of the following is not a primary goal of e-mail security based on encryption?a. non-repudiationb. authentication of the message sourcec. guarantee of availabilityd. message integrity
A

C: Encryption in any form, including that developed for e-mail systems, is not capable of providing availability.

64
Q
1. 11 The authentication header (AH) of IPSec provides for all but which of the following?a. Non-repudiationb. Encryptionc. Authenticationd. Integrity
A

B: The AH component of IPSEC does not provide confidentiality that encryption would provide that would be the benefits of the ESP.

65
Q
1. The birthday attack is primarily focused on what types of cryptography?a. asymmetric keysb. symmetric keysc. hash valuesd. digital signatures
A

C: The birthday attack is primarily used against hash values, message digests, and hash functions.

66
Q
1. Which of the following is considered a secure replacement for telnet?a. Secure Shell (SSH-2)b. Secure Multipurpose Internet Mail Extensions (S/MIME)c. Secure Electronic Transaction (SET)d. Secure Wide Area Network(S/WAN)
A

A: SSH-2 is a secure replacement for telnet.

67
Q
1. Which of the following is not true?a. Data moving across a Wireless Application Protocol (WAP) gateway will be converted from WTLS to SSLb. Data is temporarily in the clear on a Wireless Application Protocol (WAP) gatewayc. The Wireless Application Protocol (WAP) protocol stack includes IPSec. d. Authentication and authorization can be performed by wireless devices through PKI enabled transactions
A

C: The Wireless Application Protocol (WAP) protocol stack does not include IPSec.

68
Q
1. Within a public key cryptosystem, which of the following is true?a. Requires the exchange of secret keysb. A public key cannot be used to decrypt a message that it was used to encrypt.c. The private key can be derived from the public key.d. The private key can decrypt data encrypted by the public key, but the public key cannot decrypt data encrypted by the private key.
A

B: This is a true statement.

69
Q
1. Public key cryptosystems are possible because they incorporate _________ that allows for a reversal of a one-way function in order to decrypt messages.a. Fixed length hashesb. Unknown key solutionsc. Random initialization vectorsd. Trapdoors
A

D: Public key cryptosystems are possible because they incorporate trapdoors that allows for a reversal of a one-way function in order to decrypt messages.

70
Q
1. What public key algorithm is based on the difficulty of factoring a number which is the product of two very large prime numbers?a. RSAb. El Gamalc. RC5d. LEAF
A

A: RSA is the public key algorithm that is based on the difficulty of factoring a number which is the product of two very large prime numbers.

71
Q
1. What form of encryption is best suited for hardware applications because it requires less computational power, has lower memory requirements, and offers a more security with a smaller key size?a. Merkle-Hellman Knapsackb. Elliptic curve algorithms c. trapdoor one-way functiond. IDEA cipher
A

B: Elliptic curve algorithms are best suited for hardware applications because it requires less computational power, has lower memory requirements, and offers a more security with a smaller key size.

72
Q
1. Which of the following hash algorithms supports a variable hash value length output?a. HAVALb. SHAc. HMAC (Hash Message Authenticating Code)d. MD4
A

A: HAVAL supports a variable hash value length output.

73
Q
1. What single sign-on mechanisms uses DES as its encryption scheme?a. SEASAMEb. KryptoKnightc. NetSPd. Kerberos
A

D: Kerberos uses DES.

74
Q
1. What form of cryptographic attack attempts to break a cryptosystem by trying every possible key pattern?a. known key attackb. key space attackc. sequential referenced attackd. brute force attack
A

D: A brute force attack attempts to break a cryptosystem by trying every possible key pattern.

75
Q
1. What attack attempts to break double encryption schemes by comparing the results of single encrypting known plaintext with a single decryption of ciphertext?a. meet-in-the-middleb. known plaintextc. linear cryptanalysis d. chosen ciphertext
A

A: A meet-in-the-middle attack attempts to break double encryption schemes by comparing the results of a single encrypting a known plaintext with a single decryption of a ciphertext.

76
Q
1. The primary goal of cryptographic attacks is to?a. explore the key spaceb. discover the keyc. discover the algorithmd. transmit faked encrypted messages
A

B: The primary goals of cryptographic attacks are to discover the key used or to extract the original plaintext.

77
Q
1. The Pretty Good Privacy e-mail encryption tool relies upon what encryption mechanism?a. AESb. Triple DESc. IDEA cipherd. TwoFish
A

C: PGP relies upon the IDEA cipher.

78
Q
1. PKI or Public Key Infrastructure is defined as?a. A set of encryption algorithmsb. A collection of public and private keysc. A mechanism to encrypt and decrypt datad. A framework to establish secure communications.
A

D: PKI is a framework to establish secure communications.

79
Q
1. What is the primary purpose of a CA or Certificate Authority?a. Issue and manage public key certificatesb. To standardize the size of encryption keys.c. Validate a subject’s shared secret keyd. Control and support e-commerce
A

A: This is the primary purpose of a CA.

80
Q
1. X.509 is most closely associated with which of the following?a. Certificatesb. DNSc. Encryptiond. Firewalls
A

A: X.509 is the standard for certificates.

81
Q
1. AES is based on what standard symmetric encryption block cipher?a. Rijendaelb. RC5c. Twofishd. Diffe-Hellman
A

A: Rijendael was the chosen symmetric encryption block cipher which AES is based.

82
Q
1. What block size is not used by RC5?a. 32 bitsb. 64 bitsc. 96 bitsd. 128 bits
A

C: RC5 does not use a96 bit block size.

83
Q
1. What encryption scheme was developed by Netscape to provide a means to secure Web communications?a. HTTPSb. TLSc. MOSSd. SSL
A

D: SSL was developed by Netscape to provide a means to secure Web communications.

84
Q
1. What is it called when two different messages generate the same hash value?a. Convergenceb. Collisionc. Collusiond. Knapsack referral
A

B: A collision is when two different messages generate the same hash value.

85
Q
1. The bit size of the algorithm used by RSA is what?a. variableb. Fixedc. Time codedd. Randomly generated
A

A: The bit size of the algorithm used by RSA is variable. It can range from 512 bits to 2,048 bits as needed.

86
Q
1. Elliptic curve cryptosystems can be employed as all but which of the following?a. Encryptionb. Digital signaturec. Key distributiond. Hash functions
A

D: ECC cannot be used as a hash function.

87
Q
1. A certificate typically includes all but which of the following?a. Serial numberb. Lifetime datesc. Physical location of the subjectd. Signature of the issuing authority
A

C: The physical location of the subject is not typically an element of a certificate. However, a verifiable address is often a component of identity verification for some high-security certificates.

88
Q
1. A one-way hash function when used against a message delivered via PKI provides proof of what?a. confidentialityb. Non-repudiationc. Availabilityd. Integrity
A

D: One-way hash functions when used on a message prove integrity.

89
Q
1. What tool or mechanism is used to detect unauthorized changes to a delivered message?a. Digital signatureb. Digital certificatec. Public key d. Trap door function
A

A: A digital signature is used to verify the integrity of a message.

90
Q
1. What message protection methods must be employed to provide confidentiality, integrity, and authentication while requiring the least amount of work?a. Hashing the messageb. Encrypting the messagec. Digitally signing the messaged. Encrypting and digitally signing the message
A

D: Encrypting and digitally signing the message is minimally required to provide confidentiality, integrity, and authentication.

91
Q
1. When an attacker is able to successfully position themselves within the communications stream between a sender and a receiver so that the attacker exchanges secured communications with each without either party being aware of the attacker’s present is known as?a. Brute forceb. Spoofingc. Spammingd. Man-in-the-middle
A

D: When an attacker is able to successfully position themselves within the communications stream between a sender and a receiver so that the attacker exchanges secured communications with each without either party being aware of the attacker’s present is known as a man-in-the-middle attack.

92
Q
1. Which of the following is a symmetric algorithm?a. HAVALb. RSAc. DESd. SHA-1
A

C: DES is a symmetric algorithm.

93
Q
1. The Clipper Chip is designed for use where?a. Computersb. Network switchesc. Telephonesd. Satellite links
A

C: The clipper chip was designed as an eavesdropping device in low-speed communication systems, such as the telephone system.

94
Q
1. Which of the following is an initiative to define a standard IPSec implementation for VPNs and to promote the use of VPNs on the Internet?a. IKEb. S/WANc. SONETd. SMDS
A

B: S/WAN is an initiative to define a standard IPSec implementation for VPNs and to promote the use of VPNs on the Internet.

95
Q
1. What is the most common form of attack against encrypted communications?a. Eavesdroppingb. Man-in-the-middlec. Cyphertext-only attackd. Replay attack
A

C: The most common form of attack against encrypted communications is a cyphertext-only attack.

96
Q
1. Replay attacks against encrypted communications can be actively prevented using all but which of the following countermeasures?a. Auditingb. Validating session sequencing c. Time stampsd. Kerberos
A

A: Auditing may determine that a replay attack has occurred, but it does not actively prevent replay attacks.

97
Q
1. What type of encryption is most effective at blocking eavesdropping attacks?a. Linkb. S/MIMEc. Authentication headerd. File encryption
A

A: Link encryption is the most effective protection against eavesdropping.

98
Q
1. What Web communication technology is used to provide protection for individual documents rather than an entire session?a. SSLb. S-HTTPc. TLSd. MOSS
A

B: S-HTTP is an alternative for SSL which protects individual documents rather than an entire session.

99
Q
1. Which of the following is not an e-mail security mechanism?a. SMIMEb. MOSSc. SETd. PEM
A

C: SET is an e-commerce security mechanism.

100
Q
1. Which of the following is the best rule of thumb to follow when designing or implementing a key management system?a. Use the key that is easiest to rememberb. Use the key length that will provide just enough security for the environmentc. Keys should be partly random and partly time code basedd. Key should be completely time code based.
A

B: Use the key length that will provide just enough security for the environment is the best rule of thumb to follow when implementing key management.

101
Q
1. The authentication header (AH) of IPSec provides for all but which of the following?a. Encryptionb. Integrityc. Authenticationd. Non-repudiation
A

A: The Encapsulating Security Payload (ESP) not AH, provides for encryption within IPSec.

102
Q
1. Which of the following is a secured alternative to Telnet?a. SMIMEb. SESAMEc. SSHd. TFTP
A

C: SSH or Secure Shell is a secure replacement for Telnet.

103
Q
1. What is the key length of 3DES?a. 56 bitsb. 64 bitsc. 128 bitsd. 168 bits
A

D: The key length of 3DES is 168 bits (three times 56 bits for DES)

104
Q
1. The hashing function, in relation to input and output size, is what type of function?a. One to oneb. Many to onec. One to manyd. Many to many
A

B: A hash function is a many to one function. It can take any message of any length and create a fixed length output digest.

105
Q
1. IKE, the key management process of IPSec, is comprised of all but which of the following?a. KDC (Key Distribution Center)b. ISAKMP (Internet Security Association and Key Management Protocol)c. SKEME (Secure Key Exchange Mechanism)d. Oakley Key Determination Protocol
A

A: KDC is not part of IKE, it is a component of Kerberos.

106
Q
1. Which of the following is true of AES?a. AES uses very large keys and needs significant computing power to function efficiently.b. AES is very fast and offers very secure encryption. c. AES includes a LEAF backdoor.d. AES is used as the primary encryption scheme of the Clipper Chip.
A

B: This is a true statement.

107
Q
1. Which of the following uses a 160 bit hash value?a. Havalb. MD5c. MD2d. SHA-11
A

D: SHA-1 uses a 160 bit hash value.