701 - Chapter 10 Flashcards
(109 cards)
1
Q
What provides assurances that data has not been modified? And what verifies whether #DATA has retained this?
A
Integrity…hash
2
Q
What is a string of alpha numeric characters derived from performing a mathematical calculation on data such as a message, patch, or file? And what is special about this?
A
Hash… it cannot be reversed, engineered to re-create the original #DATA
3
Q
What is a common hashing algorithm used today?
A
SHA-3
4
Q
What ensures that data is only viewable by authorized users? And what are two methods to ensure this?
A
Confidentiality… encryption and access control
5
Q
What scramble #DATA to make it un unreadable if intercepted? It normally includes an algorithm and a key.
A
Encryption
6
Q
What form of encryption uses the same key to encrypt and decrypt?
A
Symmetric encryption
7
Q
What type of cipher encrypts data one bit at a time? And which cipher encrypts’s data and blocks?
A
Stream…block
8
Q
What encryption uses a public and private key created as a matched key pair?
A
Asymmetric encryption
9
Q
Which encryption requires PKI to issue certificates?
A
Asymmetric encryption
10
Q
And how do the private and public key work with asymmetric encryption?
A
Anything encrypted with the public key can only be decrypted with the matching private key and anything encrypted with the private key can only be decrypted with the matching public key
11
Q
What provides a level of confidentiality by hiding #DATA within other files?
A
Steganography
12
Q
What validates an identity?
A
Authentication
13
Q
What prevents a party from successfully disputing having performed an action?
A
Non-repudiation
14
Q
What provides authentication, non-reputation, and integrity?
A
A digital signature
15
Q
What is one of the main differences between a hash and checksum?
A
A check sum is typically a small piece of data and is used to quickly verify the integrity of the data and they are not intended to be crypto graphically secure
16
Q
What is an example of a check sum usage?
A
A 16 digit credit card, the last digit is a checksum and is used to verify that the first 15 numbers were entered correctly
17
Q
What is a common hashing algorithm that is discouraged from being used as a cryptographic cash? And in what instances is it still in use today?
A
Message Digest 5 MD5… To verify the integrity of Files similar to a checksum
18
Q
What does hash based message authentication code HMAC do that’s a little bit different than the other hashing algorithms?
A
It hashes using an initial hashing algorithm such as MD5 or SHA – 256, and then, using a secret key known only by the sender and receiver, it performs another hash
19
Q
In addition to integrity, what does HMAC also provide? And what often uses HMAC?
A
Authenticity because only the sender and receiver know the secret key… IPSec and TLS
20
Q
True or false hashing also encrypts the data?
A
False
21
Q
Which hash helps solve the problem of an attacker intercepting and modifying the hash and the contents of the message or file? And how/why?
A
HMAC… through the use of a shared secret known only by the two parties exchanging the data
22
Q
What hashing algorithm is recommended for password usage and why?
A
A strong algorithm such as SHA-3 with a salt…adding the salt protects against an attack against known common password hashes
23
Q
What occurs when the hashing rhythm creates the same hash from different inputs? And which hashing algorithm is highly susceptible to this?
A
A hash collision…MD5
24
Q
Which type of password attack attempts to guess the password of an online system?
A
Online attacks
25
Which type of password attack attempts to guess the password stored within a downloaded file?
Off-line attacks
26
As a system admin, how can you discover an online attack?
By reviewing the event log and looking for ID 4625, failed, log attempt and/or 4740, account lockout
27
What type of attack attempts to avoid the account lockout but the logs will still show a large volume of failed log on attempts, but with a time lapse between each entry?
Spraying attacks
28
What type of attack uses a listing of words and character combinations? And what protects against this type of attack?
Dictionary…complex passwords
29
Which type of attack attempts to guess all possible character combinations? And what helps to protect against this type of attack?
Brute force… complex passwords
30
What attack is when the attacker discovers the hash of the users password and then uses it to log onto the system as the user?
Pass the hash attack
31
What is an indicator of a pass the hash attack?
Event ID 46224 with a log on process of NTLMSSP and/or an authentication package of NTLM
32
What do birthday attacks exploit? What is good protection against a birthday attack
Collisions in hashing algorithms… Increasing the number of bits used in the hash to increase the number of possible ashes
33
What is a rainbow table attack? What prevents against this type of attack?
An attack that uses a rainbow table which is a huge database of possible passwords with pre-computed hashes for each… salting
34
What is a salt? And what types of attacks do salts protect against?
A set of random data that is added as additional characters to a password before hashing … Rainbow table attacks, brute force, dictionary attacks
35
What is an advanced technique used to increase the strength of stored passwords by applying a cryptographic stretching algorithm to the salted password?
Key stretching
36
What are three key stretching techniques? And which type of attacks do they protect against?
Bcrypt, PBKDF2, Argon2… brute force and rainbow table attacks
37
Between data at rest, data in motion or data in use, which of these is not encrypted? What methods are used to ensure as much confidentiality as possible with this one?
#DATA in use… Purging memory of any sensitive data after processing it
38
What are the two elements for encryption methods?
The algorithm and the key
39
What type of encryption always uses the same key to encrypt and encrypt the data?
Symmetric encryption
40
True or false symmetric, encryption algorithms always use the same key?
False these keys are changed very often
41
Which cipher divides large miles or messages into specific size blocks, 64 bit or 128 bit, and then encrypts each individual block separately? Which cipher encrypt #DATA has a stream of bites or bits rather than dividing it into blocks?
A block cipher… a stream cipher
42
When is a stream cipher more efficient than a block cipher?
When encrypting data in a continuous stream such as with audio or video
43
What is the current NIST standard and is a strong symmetric block cipher that encrypt data in 128 192 or 256 bit key sizes? an increase in key size results in what? And what is the block size used?
Advanced encryption standard AES… a stronger key which means stronger protection…128 bit
44
What are three strengths to using AES?
It is fast, it is efficient and less resource intensive, it is strong
45
What is a symmetric block cipher design as an improvement over the known weaknesses of the legacy data encryption standard DES? What is the block size used? Is it a suitable alternative to AES? And when is it used?
3DES or triple DES… 64 bit…yes, although it isn’t as fast or efficient as AES, it is a suitable alternative… in cases where legacy hardware doesn’t support AES
46
What encryption uses two keys in a match pair to encrypt and encrypt data? And what are these two keys referred to as? What is a drawback to a symmetric encryption?
Asymmetric encryption… public and private keys… it is very resource intensive
47
What is a digital document that typically includes the public key and other information on the owner of the certificate? And who issues these and manages these?
Digital certificate… certificate authorities CA
48
How are public keys shared?
By a certificate owner sharing a copy of their digital certificate
49
What are some other common elements on a digital certificate?
a CA issued serial number, the CA who issued the certificate, the validity, dates, subject, public key, key, key usage, certificate attributes (CN, organization, locality, state, country name)
50
What refers to something that last a short time? And how does that work for ephemeral key pairs? And what is an important characteristic that these keys will be totally random (non deterministic)?
Ephemeral… they are used for a single session and then discarded…perfect forward secrecy
51
What type of cryptography doesn’t take as much processing power as other cryptographic methods? And what is a key benefit?
Elliptic curve cryptography ECC… the ECC keys can be much smaller when compared with non-ECC keys
52
What is the act of deliberately making something unclear, confusing, or difficult to understand… It is often used to conceal distort or obscure information to mislead or deceive? What are the three techniques of this?
Obfuscation…steganography, tokenization and masking
53
What form of obfuscation hides data inside other data? How can this be detected? What are the three primary file types using this?
Steganography… using hashes… audio, image, video
54
What is an obfuscation technique that replaces sensitive data with non-sensitive placeholders or tokens? And how does it work?
Tokenization… The sensitive data is stored in a separate database, called a token vault and has various unique tokens mapped to it for usage
55
What is an obfuscation technique that partially or fully conceal sensitive data with character, symbols or other data?
Masking
56
For email digital signatures, the senders private key does what and the senders public key does what?
Encrypts…decrypts
57
For email encryption, the recipients public key does what and the recipients private key does what?
Encrypts…decrypts
58
For website encryption, the website public key does what and the websites private key does what? And what encrypt data in the website session?
Encrypts…decrypts…symmetric key
59
If a senders digital signature, which is the message hashed and encrypted with the senders private key, can be decrypted by the recipient using the senders public key, then what are the three security benefits provided?
Authentication, non-repudiation, integrity
60
With digital signatures, what identifies the sender? what verifies the message has not been modified? And what prevent the senders from denying they sent the message?
Authentication, integrity non-repudiation
61
True or false… When sending encrypted emails with asymmetric encryption, only the recipients keys are involved?
True
62
True or false encrypting email with only asymmetric encryption is exceptionally fast?
False, it is slow and inefficient
63
What is another way of encrypting email other than asymmetric only?
Using asymmetric to encrypt a symmetric key, and then using that symmetric key to encrypt the email contents
64
What is the popular standard used for digitally signing and encrypting email?
S/MIME
65
What are the three ports used for S/MIME?
Port 995, POP3 over TLS… port 587, SMTP over TLS… port 993, IMAP over TLS
66
What is the replacement protocol for SSL? And what does it require? And what traffic can this protocol encrypt?
TLS… Certificates issued by a certificate authority… https traffic and others such as FTPS…
67
What does HTTPS use asymmetric encryption for? And what does it use symmetric encryption for?
To securely share the symmetric key… To encrypt the sessions data
68
What is another name for the symmetric key that is used for encrypting data and an hTTPS session?
A session key
69
What is a type of attack that forces a system to downgrade its security? And what is this attack most often associated with?
A downgrade attack… cryptographic attacks due to weak implementations of cipher suites…
70
How does a downgrade attack work?
If a server has both ELS and SSL installed, if the client is not able to use TLS, the server would downgrade it security and use SSL to accommodate the client. At that point SSL based attacks can occur.
71
How do administrators protect against downgrade attacks?
By disabling weak cipher suites and weak protocols on the servers
72
What is a distributed, decentralized, public ledger? And what is it also known as?
Block chain… a database of public records
73
What are the three parts to each block in a block chain?
Information about a transaction, such as date, time and amount… information on the parties involved with a transaction, which is their digital signatures… a unique hash for the block
74
What are the four things that have to happen for a block to be added to the block chain?
A transaction has to have occurred..:the transaction has been verified by network of computers…the transaction is accurately recorded in a block…the block is assigned a unique hash
75
What is the algorithm limitation when considering resources?
The resource versus security constraints
76
When is it advantageous to use a fast algorithm? And when is it advantageous to use a slow algorithm?
Encrypting and decrypting #DATA… when salting and hashing passwords
77
When is size in computational overhead taken into consideration when choosing an algorithm?
When using smaller devices that don’t have adequate memory and processing power
78
What refers to the randomness of a cryptographic algorithm? And what does a higher level of this mean?
Entropy… a higher level of security
79
Why is a pseudo random number generator a problem with encryption?
Because it uses a deterministic algorithm, and if an attacker knows what’s used as the input, it increases the likelihood that they can predict the key
80
What refers to how long you can expect to use an algorithm? And what impacts negatively and what positively?
Longevity… improvements in processing power and or increasing the key size
81
True or false with symmetric encryption, it is OK to use the same keys in the same stream
False… if any key is used twice in the same stream, the algorithm is vulnerable to attacks
82
What attack is possible if an attacker has some known plain text data and the cipher text created from this plain text?
A plaintext attack
83
What is a group of technologies used to request, create, manage, store, distribute, and revoke digital certificates?
Public key infrastructure PKI
84
What issues, manages, validates and revokes digital certificates?
A certificate authority CA
85
It is important for a public CA to be what? And why? And what concept is this?
Trusted… If the CA is trusted, all certificates issued by the CA are trusted… root of trust
86
How are CAs trusted on a computer?
By placing a copy of the root certificate in an operating systems trusted route certificate store
87
What is the most common trust model? And what kind of CA does it use? And what kind of certificates can they issue?
The hierarchical trust model… an intermediate CA… leaf certificates to end entities such as organizations, governments, or end users
88
What is when all certificates from the root CA down to the certificate issued to the end entities
Certificate chaining
89
What is used to request a certificate? And what is the first step? What is it included in the request to the CA?
A certificate signing request CSR… to create the RSA based private key, which is then used to create the public key… the public key
90
True or false the private key is also sent to the CA
False
91
Why do large organizations typically keep the root CA off-line? And why is this important?
To reduce the risk of compromise… if the root CA is compromised, the entire certification path is compromised
92
True or false when an intermediate CA is compromised the entire certification path is also compromised
False… The root CA can issue new intermediate certificates to replace the compromised ones
93
What are the reasons a CA can revoke a certificate?
Private key compromise, CA compromise, change of affiliation, superseded by another certificate, cease of operation, certificate hold, certificate holders request
94
What includes a list of revoked certificates and is publicly available? And what is an alternative to using this list? And how does it work and what does it return?
The certificate revocation list CRL… online certificate status protocol OCSP… the client will query the CA with the serial number of the certificate and the CA responds with a good, revoked or unknown status
95
What are three issues that can result in an invalid certificate from the browser?
Certificate has expired, certificate is not trusted, certificate is revoked
96
And what is an alternative to OSCP? And how does it work? And how does it help?
Stapling:.. The certificate presenter such as a web server appends the certificate with a timestamped digitally signed OSCP response from the CA… it reduces traffic to and from the CA
97
What is a security mechanism designed to prevent attackers from impersonating a website using fraudulent certificates? And what is included in the response back to the client?
Certificate pinning… a list of ashes, derived from valid public keys, used by the website and a max age field defining how long to use the data
98
What is the process of placing a copy of a private key in a safe environment called? And why is this done?
Key escrow.. if an organization determines that the loss of encrypted data is unacceptable, it will implement a key escrow process
99
What is a centralized system or service responsible for the secure management of cryptographic keys using various security applications?
Key management system KMS
100
What are some of the task handled by a KMS?
Key generation, key storage, key distribution, key rotation, key retirement/revocation/destruction
101
What is a certificate issue to a device or computer commonly called?
Machine or computer certificates
102
What do developers often use to validate the authenticity of executable applications or scripts?
Code signing certificates
103
What type of certificate is not issued by a trusted CA but rather by a private CA, and they are not trusted by default?
Self signed
104
What type of certificate starts with an asterisk and can be used for multiple subdomains if each domain name has the same route domain?
Wild card
105
What type of certificate is used for multiple domains that have different names but are owned by the same organization?
Subject alternate name SAN
106
Which base format for a certificate is in ACSII? and which is binary?
CER… DER
107
Which is the most used certificate format and can be used for just about any certificate type?
Privacy enhanced mail PEM
108
What type of file is commonly used to share public keys? Can they contain a private key?
P7B…never
109
Which two file types are commonly used to hold the private key?
P12 and PFX
