Chapter 5 Flashcards
(20 cards)
Identify three situations in which the hasing function can be applied (Choose three.)
DES
PKI
PPoE
IPsec
CHAP
WPA
PKI
IPSEC
CHAP
A user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded?
Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded.
Turn off antivirus on all the computers.
Distribute the program on a thumb drive.
Encrypt the program and require a password after it is downloaded.
Install the program on individual computers.
Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded
A recent email sent throughout the company stated that there would be a change in security policy. The security officer who was presumed to have sent the message stated the message was not sent from the security office and the company may be a victim of a spoofed email. What could have been added to the message to ensure the message actually came from the person?
non-repudiation
digital signature
asymmetric key
hashing
digital signature
What are three NIST-approved digital signature algorithms? (Choose three.)
DSA
ECDSA
SHA256
MD5
RSA
SHA1
DSA
ECDSA
RSA
Alice and Bob use the same password to login into the company network. This means both would have the exact same hash for their passwords. What could be implemented to prevent both password hashes from being the same?
peppering
pseudo-random generator
salting
RSA
salting
What is the step by step process for creating digital signature?
Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document.
Create a message digest; encrypt the digest with the public key of the sender; and bundle the message, encrypted digest, and public key together to sign the document.
Create a message; encrypt the message with a MD5 hash; and send the bundle with a public key.
Create a SHA-1 hash; encrypt the hash with the private key of the sender; and bundle the message, encrypted hash, and public key together to signed document.
Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document.
What is a strength of using a hashing function?
It is a one-way function and not reversible.
Two differetn files cane be created that have the same output.
It has a variable length-output
It is not commonly used in security
It can take only a fixed length message
It is a one-way function and not reversible.
What are three types of attacks that are preventable through the use of salting? (Choose three.)
rainbow tables
social engineering
lookup tables
guessing
phishing
reverse lookup tables
shoulder surfing
rainbow tables
lookup tables
reverse lookup tables
A user has been asked to implement IPsec for inbound external connections. The user plans to use SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the connection. What security tool can the user use?
HMAC
SHA256
ISAKMP
MD5
HMAC
A user downloads an updated driver for a video card from a website. A warning message pops up saying the driver is not approved. What does this piece of software lack?
digital signature
valid ID
source code
code recognition
digital signature
What is the purpose of CSPRNG?
to secure a web site
to generate salt
to process hash lookups
to prevent a computer from being a zombie
to generate salt
A recent breach at a company was traced to the ability of a hacker to access the corporate database through the company website by using malformed data in the login form. What is the problem with the company website?
poor input validation
weak encryption
bad userrnames
lack of operating system patching
poor input validation
What are three validatoin criteria used for a validation rule? (Choose three.)
encryption
size
range
key
type
format
size
range
format
A user is instructed by a boss to find a better method to secure passwords in transit. The user has researched several means to do so and has settled on using HMAC. What are the key elements needed to implement HMAC?
symmetric key and asymmetric key
message digest and asymmetric key
IPsec and checksum
secret key and message digest
secret key and message digest
Whcih method tries all possible passwords until a match is found?
rainbow tables
cryptographic tables
cloud
birthday
brute force
dictionary
brute force
What is the standard of a public key infrastructure to manage digital certificates?
503
PKI
509
NIST-SP800
509
A user is evaluating the security infrastructure of a company and notices that some authentication systems are not using best practices when it comes to storing passwords. The user is able to crack passwords very fast and access sensitive data. The user wants to present a recommendation to the company on the proper implementation of salting to avoid password cracking techniques. What are three best practices in implementing salting? (Choose three.)
A salt shoudl not be reused
A salt must be unique
The same salt should be used for each password
A salt should be unique for each password
Salts are not an effective best practice.
Salts should be short.
A salt should not be reused.
A salt must be unique.
A salt should be unique for each password.
A user is the database administrator for a company. The user has been asked to implement an integrity rule that states every table must have a primary key and that the column or columns chosen to be the primary key must be unique and not null. Which integrity requirement is the user implementing?
domain integrity
entity integrity
anomaly integrity
referential integrity
entity integrity
An investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court?
The investigator found a USB drive and was able to make a copy of it.
An exact cope cannot be made of a device.
The data is all there.
The data in the image is an exact copy and nothing has been altered by the process.
The data in the image is an exact copy and nothing has been altered by the process.
A user is connecting to an e-commerce server to buy some widgets for a company. The user connects to the site and notices there is no lock in the browser security status bar. The site does prompt for a username and password and the user is able to log in. What is the danger in proceeding with this transaction?
The certificate from the site has expired, but is still secure.
The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear.
Ad blocker software is preventing the security bar from working properly, and thus there is no danger with the transaction.
The user is using the wrong browser to perform the transaction.
The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear.
