Chapter 12 - Encryption and Hashing Concepts Flashcards
Which of the following is the proper order of functions for asymmetric keys?
A. Decrypt, validate, and code and verify
B. Sign, encrypt, decrypt, and verify
C. Encrypt, sign, decrypt, and verify
D. Decrypt, decipher, and code and encrypt
C. The proper order of functions for asymmetric keys is as follows: encrypt, sign, decrypt, and verify. This is the case when a digital signature is used to authenticate an asymmetrically encrypted document.
Which type of encryption technology is used with the BitLocker application? A. Symmetric B. Asymmetric C. Hashing D. WPA2
A. BitLocker uses symmetric encryption technology based on AES. Hashing is the process of summarizing a file for integrity purposes. WPA2 is a wireless encryption protocol.
Which of the following will provide an integrity check? A. Public key B. Private key C. WEP D. Hash
D. A hash provides integrity checks, for example, MD5 hash algorithms. Public and private keys are the element of a cipher that allows for output of encrypted information. WEP (Wired Equivalent Privacy) is a deprecated wireless encryption protocol.
Why would a hacker use steganography? A. To hide information B. For data integrity C. To encrypt information D. For wireless access
A. Steganography is the act of writing hidden messages so that only the intended recipients know of the existence of the message. This is a form of security through obscurity. Steganographers are not as concerned with data integrity or encryption because the average person shouldn’t even know that a message exists. Although steganography can be accomplished by using compromised wireless networks, it is not used to gain wireless access.
You need to encrypt and send a large amount of data, which of the following would be the best option? A. Symmetric encryption B. Hashing algorithm C. Asymmetric encryption D. PKI
A. Symmetric encryption is the best option for sending large amounts of data. It is superior to asymmetric encryption. PKI is considered an asymmetric encryption
type, and hashing algorithms don’t play into sending large amounts of data.
Imagine that you are a hacker. Which would be most desirable when attempting to compromise encrypted data?
A. A weak key
B. The algorithm used by the encryption protocol
C. Captured traffic
D. A block cipher
A. The easiest way for a hacker to get at encrypted data is if that encrypted data has a weak encryption key. The algorithm isn’t of much use to a hacker unless it has been broken, which is a far more difficult process than trying to crack an individual key. Captured traffic, if encrypted, still needs to be decrypted, and a weak key will aid in this process. The block cipher is a type of algorithm.
An SHA algorithm will have how many bits? A. 64 B. 128 C. 512 D. 1,024
C. SHA-2 algorithm blocks have 512 bits. SHA-1 is 160-bit. MD5 is 128-bit; 1,024-bit keys are common in asymmetric encryption.
What is another term for secret key encryption? A. PKI B. Asymmetrical C. Symmetrical D. Public key
C. Symmetric key encryption uses a secret key. The term symmetric key is also referred to as the following: private key, single key, and shared key (and sometimes as session key). PKI and public keys at their core are asymmetrical.
Your boss wants you to set up an authentication scheme in which employees will use smart cards to log in to the company network. What kind of key should be used to accomplish this? A. Private key B. Public key C. Cipher key D. Shared key
A. A private key should be used by users when logging in to the network with their smart card. The key should certainly not be public. A key actually determines the function of a cipher. Shared key is another term for symmetric-key
encryption but does not imply privacy.
The IT director wants you to use a cryptographic algorithm that cannot be decoded by being reversed. Which of the following would be the best option? A. Asymmetric B. Symmetric C. PKI D. One way function
D. In cryptography, the one-way function is one option of an algorithm that cannot be reversed, or is difficult to reverse, in an attempt to decode data. An example of this would be a hash such as SHA-2, which creates only a small hashing number from a portion of the file or message. There are ways to crack asymmetric and symmetric encryptions, which enable complete decryption (decoding) of the file.
Which of the following concepts does the Diffie-Hellman algorithm rely on? A. Usernames and passwords B. VPN tunneling C. Biometrics D. Key exchange
D. The Diffie-Hellman algorithm relies on key exchange before data can be sent. Usernames and passwords are considered a type of authentication. VPN tunneling is done to connect a remote client to a network. Biometrics is the science of identifying people by one of their physical attributes.
What does steganography replace in graphic files?
A. The least significant bit of each byte
B. The most significant bit of each byte
C. The least significant byte of each bit
D. The most significant byte of each bit
A. Steganography replaces the least significant bit of each byte. It would be impossible to replace a byte of each bit, because a byte is larger than a bit; a byte is eight bits.
What does it mean if a hashing algorithm creates the same hash for two different downloads? A. A hash is not encrypted. B. A hashing chain has occurred. C. A one-way hash has occurred. D. A collision has occurred.
D. If a hashing algorithm generates the same hash for two different messages within two different downloads, a collision has occurred and the implementation of the hashing algorithm should be investigated.
Which of the following methods will best verify that a download from the Internet has not been modified since the manufacturer released it?
A. Compare the final LANMAN hash with the original.
B. Download the patch file over an AES encrypted VPN connection.
C. Download the patch file through an SSL connection.
D. Compare the final MD5 hash with the original.
D. The purpose of the MD5 hash is to verify the integrity of a download. SHA is another example of a hash that will verify the integrity of downloads. LANMAN hashes are older deprecated hashes used by Microsoft LAN Manager for passwords. Encrypted AES and SSL connections are great for encrypting the
data transfer but do not verify integrity.
Which of the following encryption methods deals with two distinct, large prime numbers and the inability to factor those prime numbers? A. SHA-1 B. RSA C. WPA D. Symmetric
B. The RSA encryption algorithm uses two prime numbers. If used properly they will be large prime numbers that are difficult or impossible to factor. SHA-1 is an example of a Secure Hash Algorithm. WPA is the Wi-Fi Protected Access protocol, and RSA is an example of an asymmetric method of encryption.
Which of the following is not a symmetric key algorithm? A. RC4 B. ECC C. 3DES D. Rijndael
B. ECC or elliptic curve cryptography is an example of public key cryptography that uses an asymmetric key algorithm. All the other answers are symmetric key algorithms.
You are attempting to move data to a USB flash drive. Which of the following enables a rapid and secure connection? A. SHA-1 B. 3DES C. AES256 D. MD5
C. AES256 enables a quick and secure encrypted connection for use with a USB flash drive. It might even be used with a whole disk encryption technology,
such as BitLocker. SHA-1 and MD5 are examples of hashes. 3DES is an example of an encryption algorithm but would not be effective for sending encrypted
information in a highly secure manner and quickly to USB flash drive.
Which of the following is used by PGP to encrypt data. A. Asymmetric key distribution system B. Asymmetric scheme C. Symmetric key distribution system D. Symmetric scheme
D. Pretty Good Privacy (PGP) encryption uses a symmetric-key cryptography scheme and a combination of hashing and data compression. Key distribution systems are part of an entire encryption scheme, such as technologies such as Kerberos (key distribution center) or quantum cryptography.
Which of the following encryption algorithms is used to encrypt and decrypt data? A. SHA-1 B. RC5 C. MD5 D. NTLM
B. RC5 (Rivest Cipher version 5) can encrypt and decrypt data. SHA-1 and MD5 are used as hashing algorithms, and NTLM (NT LAN Manager) is used by Microsoft as an authentication protocol and a password hash.
Of the following, which statement correctly describes the difference between a secure cipher and a secure hash?
A. A hash produces a variable output for any input size; a cipher does not.
B. A cipher produces the same size output for any input size; a hash does not.
C. A hash can be reversed; a cipher cannot.
D. A cipher can be reversed; a hash cannot.
D. Ciphers can be reverse engineered but hashes cannot when attempting to re-create a data file. Hashing is not the same as encryption; hashing is the digital fingerprint, so to speak, of a group of data. Hashes are not reversible.
When encrypting credit card data, which would be the most secure algorithm with the least CPU utilization? A. AES B. 3DES C. SHA-1 D. MD5
A. AES (the Advanced Encryption Standard) is fast and secure, more so than 3DES. SHA-1 and MD5 are hashing algorithms. Not listed is RSA, which is commonly implemented to secure credit card transactions.
A hash algorithm has the capability to avoid the same output from two guessed inputs. What is this known as? A. Collision resistance B. Collision strength C. Collision cipher D. Collision metric
A. A hash is collision-resistant if it is difficult to guess two inputs that hash to the same output.
Which of the following is the weakest encryption type? A. DES B. RSA C. AES D. SHA
A. DES or the Data Encryption Standard was developed in the 1970s; its 56-bit key has been superseded by 3DES (max 168-bit key) and AES (max 256-bit key). DES is now considered to be insecure for many applications. RSA is definitely stronger than DES even when you compare its asymmetric strength to a relative symmetric strength. SHA is a hashing algorithm.
Give two examples of hardware devices that can store keys. (Select the two best answers.) A. Smart card B. Network adapter C. PCI Express card D. PCMCIA card
A and D. Smart cards and PCMCIA cards can be used as devices that carry a token and store keys; this means that they can be used for authentication to systems, often in a multifactor authentication scenario. Network adapters and PCI Express cards are internal to a PC and would not make for good key storage
devices.
