Chapter 10

Question 1

Integrity

Answer 1

One of the three main goals of information security known as the CIA security triad

Integrity provides assurance that data or system configurations have not been modified

Audit logs and hashing are two methods used to ensure integrity

Compare with availability and confidentiality

Question 2

Hash

Answer 2

A number created by executing a hashtag algorithm against data, such as a file or message

Hashing is commonly used for integrity

Common hashing algorithms are MD5, SHA-1, and HMAC

Question 3

Confidentiality

Answer 3

One of three main goals of information security known as the CIA security triad

Confidentiality ensures that unauthorized entities cannot access data

Encryption and access controls help protect against the loss of confidentiality

Compare with availability and integrity

Question 4

Encryption

Answer 4

A process that scrambles, or ciphers, data to make it unreadable

Encryption normally includes a public algorithm and a private key

Compare with Asymmetric and Symmetric Encryption

Question 5

Digital Signature

Answer 5

An encryption hash of a message, encrypted with the sender’s private key

It provides authentication, non-reputation, and integrity

Question 6

Authentication

Answer 6

The process that occurs when a user proves an identity, such as with a password

Question 7

Non-Repudiation

Answer 7

The ability to prevent a party from denying an action

Digital Signatures and access logs provide non-repudiation

Question 8

Patch File

Answer 8

Filler

Question 9

SHA-1 Checksum

Answer 9

Filler

Question 10

MD5

Answer 10

Message Digest 5 is a hashing function used to provide integrity

MD5 creates 128-bit hashes, which are also referred to as MD5 checksums

Experts consider MD5 cracked

Question 11

SHA

Answer 11

Secure Hash Algorithm is a hashing function used to provide integrity

Versions include SHA-1, SHA-2, SHA-3

Question 12

HMAC

Answer 12

Hash-based Message Authentication Code is a hashing algorithm used to verify integrity and authenticity of a message with the use of a shared secret

It is typically combined with another hashing algorithm such as SHA

Question 13

RIPEMD

Answer 13

RACE Integrity Primitives Evaluation Message Digest is a hash function used for integrity

It creates fixed-length hashes of 128, 160, 256, or 320 bits

Question 14

Key Stretching

Answer 14

A technique used to increase the strength of stored passwords

It adds additional bits (called salts) and can help thwart brute force and rainbow table attacks

Question 15

Salt

Answer 15

A random set of data added to a password when creatig the hash

PBKDF2 and bcrypt are two protocols that use salts

Question 16

Bcrypt

Answer 16

A key stretching algorithm

It is used to protect passwords

Bcrypt salts passwords with additional bits before encrypting them with Blowfish

This thwarts rainbow table attacks

Question 17

PBKDF2

Answer 17

Password-Based Key Derivation Function 2 is a key stretching technique that adds additional bits to a password as a salt

It helps prevent brute force and rainbow table attacks

Question 18

Data-at-rest

Answer 18

Any data stored on media

It’s common to encrypt sensitive data-at-rest

Question 19

Data-In-Transit

Answer 19

Any data sent over a network

It’s common to encrypt sensitive data-in-transit

Question 20

Data-In-Use

Answer 20

Any data currently being used y a computer

Because the computer needs to process the data, it is not encrypted while in use

Question 21

Algorithm

Answer 21

Filler

Question 22

Key

Answer 22

Filler

Question 23

Random and Pseudo-Random Numbers

Answer 23

Filler

Question 24

IV

Answer 24

Initialization Vector attack is a wireless attack that attempts to discover the IV

Legacy wireless security protocols are susceptible to IV attacks

Question 25

Nonce

Answer 25

A number used once Cryptography elements frequently use a nonce to add randomness

Question 26

XOR

Answer 26

A logical operation used in some encryption schemes XOR operations compare two inputs If the two inputs are the same, it outputs True If the two inputs are different, it outputs False

Question 27

Confusion

Answer 27

A cryptography concept that indicates ciphertext is significantly different than plaintext

Question 28

Diffusion

Answer 28

A cryptography concept that ensures that small changes in plaintext result in significant changes in ciphertext

Question 29

Secret Algorithm

Answer 29

Filler

Question 30

Weak/Deprecated Algorithms

Answer 30

Filler

Question 31

High Resiliency

Answer 31

Filler

Question 32

Block Cipher

Answer 32

An encryption method that encrypts data in fixed-sized blocks Compare with stream cipher

Question 33

StreamCipher

Answer 33

An encryption method that encrypts data as a stream of bits or bytes Compare with block cipher

Question 34

ECB

Answer 34

Electronic Codebook is a legacy mode of operation used for encryption It is weak and should not be used

Question 35

CBC

Answer 35

Cipher Block Chaining is a mode of operation used for encryption that effectively converts a block cipher into a stream cipher It uses an IV for the first block and each subsequent block is combined with the previous block

Question 36

CTM

Answer 36

Counter mode is a mode of operation used for encryption that combines an IV with a counter The combined result is used to encrypt blocks

Question 37

GCM

Answer 37

Galois/Counter Mode is a mode of operation used for incryption It combines the counter (CTM) mode with hashing techniques for data authenticity and confidentiality

Question 38

Symmetric Encryption

Answer 38

A type of encryption using a single key to encrypt and decrypt data Compare with asymmetric encryption

Question 39

Encryption Algorithm

Answer 39

Filler

Question 40

Decryption Algorithm

Answer 40

Filler

Question 41

Substitution Cipher

Answer 41

An encryption method that replaces characters with other characters

Question 42

Plaintext

Answer 42

Text displayed in a readable format Encryption converts plaintext to ciphertext

Question 43

Ciphertext

Answer 43

The result of encrypting plaintext Ciphertext is not in an easily readable format until it is decrypted

Question 44

ROT13

Answer 44

A substitution cipher that uses a key of 13 To encrypt a message, you would rotate each letter 13 spaces To decrypt a message, you would rotate each letter 13 spaces

Question 45

Obfuscation

Answer 45

An attempt to make something unclear or difficult to understand Steganography methods use obfuscation to hide data within data

Question 46

AES

Answer 46

Advanced Encryption Standard is a strong symmetric block cipher that encrypts data in 128-bit blocks AES can use key sizes of 128 bits, 192 bits, 256 bits

Question 47

Fast

Answer 47

Filler

Question 48

Efficient

Answer 48

Filler

Question 49

Strong

Answer 49

Filler

Question 50

DES

Answer 50

Data Encryption Standard is a legacy symmetric encryption standard used to provide confidentiality It has been compromised and AES or 3DES should be used instead

Question 51

3DES

Answer 51

Triple Digital Encryption Standard is a symmetric algorithm used to encrypt data and provide confidentiality It is a block cipher that encrypts data in 64-bit blocks

Question 52

RC4

Answer 52

A symmetric stream cipher that can use between 40 and 2,048 bits Experts consider it cracked and recommend using stronger alternatives

Question 53

Blowfish

Answer 53

A strong symmetric block cipher It encrypts data in 64-bit blocks and supports key sized between 32 and 448 bits Compare with Twofish

Question 54

Twofish

Answer 54

A symmetric key block cipher It encrypts data in 128-bit blocks and supports 128-, 192-, or 256-bit keys Compare with Blowfish

Question 55

Asymmetric Encryption

Answer 55

A type of encryption using two keys to encrypt and decrypt data It uses a public key and a private key Compare with symmetric encryption

Question 56

Public Key

Answer 56

Part of a matched key pair used in asymmetric encryption The public key is publicly available Compare with private key

Question 57

Private Key

Answer 57

Part of a matched key pair used

Question 58

Certificate

Answer 58

A digital file used for encryption, authentication, digital signatures, and more Public certificates include a public key used for asymmetric encryption

Question 59

Serial Number

Answer 59

Filler

Question 60

Issuer

Answer 60

Filler

Question 61

Validity Dates

Answer 61

Filler

Question 62

Subject

Answer 62

Filler

Question 63

Usage

Answer 63

Filler

Question 64

RSA

Answer 64

Rivest, Shamir, and Adleman is an asymmetric algorithm used to encrypt data and digitally sign transmissions It is named after its creators, Rivest, Shamir, and Adleman

Question 65

Ephemeral

Answer 65

An ephemeral key is a type of key used in cryptography Ephemeral keys have very short lifetimes and are re-created for each session

Question 66

Perfect Forward Secrecy

Answer 66

A characteristic of encryption keys ensuring that keys are random Perfect forward secrecy methods do not use deterministic algorithms

Question 67

DHE

Answer 67

Filler

Question 68

ECDHE

Answer 68

Filler

Question 69

Steganography

Answer 69

The practice of hiding data within data For example, it's possible to embed text files within an image, hiding them from casual users It is one way to obscure data to hide it

Question 70

DSA

Answer 70

Digital Signature Algorithm is an encrypted hash of a message used for authentication, non-repudiation, and integrity The sender's private key encrypts the hash of the message

Question 71

Hashing

Answer 71

Filler

Question 72

S/MIME

Answer 72

Secure/Multipurpose Internet Mail Extensions is a popular standard used to secure email S/MIMI provides confidentiality, integrity, authentication, and non-repudiation

Question 73

Cipher Suites

Answer 73

Filler

Question 74

Crypto Module

Answer 74

A set of hardware, software, and/or firmware that implements cryptographic functions Compare with crypto service provider

Question 75

Crypto Service Providers

Answer 75

A software library of cryptographic standards and algorithms These libraries are typically distributed within crypto modules

Question 76

Downgrade Attack

Answer 76

A type of attack that forces a system to downgrade its security The attacker then exploits the lesser security control

Question 77

PKI

Answer 77

Filler

Question 78

Root Certificate

Answer 78

A PKI certificate identifying a root CA

Question 79

Certificate Chaining

Answer 79

A process that combines all certificates within a trust model It includes all the certificates in the trust chain from the root CCA down to the certificate issued to the end user

Question 80

CSR

Answer 80

Certificate signing request is a method of requesting a certificate from a CA It starts by creating an RSA-based private/public key pair and then including the public key in the CSR

Question 81

Expired

Answer 81

Filler

Question 82

Certificate Not trusted

Answer 82

Filler

Question 83

Improper Certificate and Key management

Answer 83

Filler

Question 84

OCSP

Answer 84

Online Certificate Status Protocol is an alternative to using a CRL It allows entities to query a CA with the serial number of a certificate The CA answers with good, revoked, or unknown

Question 85

Stapling

Answer 85

The process of appending a digitally signed OCSP response to a certificate It reduces the overall OCSP traffic sent to CA

Question 86

Pinning

Answer 86

A security mechanism used by some web sites to prevent web site impersonation Web sites provide clients with a list of public key hashes Clients store the list and use it to validate the web site

Question 87

Key Escrow

Answer 87

The process of placing a copy of a private key in a safe environment

Question 88

Machine/Computer

Answer 88

Filler

Question 89

User

Answer 89

Filler

Question 90

Email

Answer 90

Filler

Question 91

Code Signing

Answer 91

The process of assigning a certificate to code The certificate includes a digital signature and validates the code

Question 92

Self-Signed

Answer 92

Filler

Question 93

Wildcard

Answer 93

Filler

Question 94

SAN

Answer 94

Filler

Question 95

Domain Validation

Answer 95

Filler

Question 96

Extended Validation

Answer 96

Filler

Question 97

CER

Answer 97

Canonical Encoding Rules are a base format for PKI certificates They are binary encoded files Compare with DER

Question 98

DER

Answer 98

Distinguished Encoding Rules are a base format for PKI certificates They are BASE64 ASCII encoded files Compare with CER

Question 99

PEM

Answer 99

Privacy Enhanced Mail is a common format for PKI certificates It can use either CER (ASCII) or DER (Binary) formats and can be used for almost any type of certificates

Question 100

P7B

Answer 100

PKCS#7 is a common format for PKI certificates They are DER-based (ASCII) and commonly used to share public keys

Question 101

P12

Answer 101

PKCS#12 is a common format for PKI certificates They are CER-based (Binary) and often hold certificates with the private key They are commonly encrypted

Question 102

PFX

Answer 102

Personal information Exchange is a common format for PKI certificates It is the predecessor to P12 certificates