CHAPTER 6 Questions

Question 1

Ryan is responsible for managing the cryptographic keys used by his organization. Which of the following statements are correct about how he should select and manage those keys? (Choose all that apply.)

A. Keys should be sufficiently long to protect against future attacks if the data is expected to remain sensitive.
B. Keys should be chosen using an approach that generates them from a predictable pattern.
C. Keys should be maintained indefinitely.
D. Longer keys provide greater levels of security.

Answer 1

A. Keys should be sufficiently long to protect against future attacks if the data is expected to remain sensitive.
D. Longer keys provide greater levels of security.

Keys must be long enough to withstand attack for as long as the data is expected to remain sensitive. They should not be generated in a predictable way but, rather, should be randomly generated. Keys should be securely destroyed when they are no longer needed and not indefinitely retained. Longer keys do indeed provide greater security against brute-force attacks.

Question 2

John recently received an email message from Bill. What cryptographic goal would need to be met to convince John that Bill was actually the sender of the message?

A. Nonrepudiation
B. Confidentiality
C. Availability
D. Integrity

Answer 2

A. Nonrepudiation

Nonrepudiation prevents the sender of a message from later denying that they sent it. Confidentiality protects the contents of encrypted data from unauthorized disclosure. Integrity protects data from unauthorized modification. Availability is not a goal of cryptography.

Question 3

You are implementing AES encryption for files that your organization plans to store in a cloud storage service and wish to have the strongest encryption possible. What key length should you choose?

A. 192 bits
B. 256 bits
C. 512 bits
D. 1,024 bits

Answer 3

B. 256 bits

The strongest keys supported by the Advanced Encryption Standard are 256 bits. The valid AES key lengths are 128, 192, and 256 bits.

Question 4

You are creating a security product that must facilitate the exchange of symmetric encryption keys between two parties that have no way to securely exchange keys in person. What algorithm might you use to facilitate the exchange?

A. Rijndael
B. Blowfish
C. Vernam
D. Diffie–Hellman

Answer 4

D. Diffie–Hellman

The Diffie–Hellman algorithm allows the exchange of symmetric encryption keys between two parties over an insecure channel.

Question 5

What occurs when the relationship between the plaintext and the key is complicated enough that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key? (Choose all that apply.)

A. Confusion
B. Transposition
C. Polymorphism
D. Diffusion

Answer 5

A. Confusion
D. Diffusion

Confusion and diffusion are two principles underlying most cryptosystems. Confusion occurs when the relationship between the plaintext and the key is so complicated that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key. Diffusion occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

Question 6

Randy is implementing an AES-based cryptosystem for use within his organization. He would like to better understand how he might use this cryptosystem to achieve his goals. Which of the following goals are achievable with AES? (Choose all that apply.)

A. Nonrepudiation
B. Confidentiality
C. Authentication
D. Integrity

Answer 6

B. Confidentiality
C. Authentication
D. Integrity

AES provides confidentiality, integrity, and authentication when implemented properly. Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely denying that they originated a message and cannot be achieved with a symmetric cryptosystem, such as AES.

Question 7

Brian encountered encrypted data left on one of his systems by attackers who were communicating with one another. He has tried many cryptanalytic techniques and was unable to decrypt the data. He believes that the data may be protected with an unbreakable system. When correctly implemented, what is the only cryptosystem known to be unbreakable?

A. Transposition cipher
B. Substitution cipher
C. Advanced Encryption Standard
D. One-time pad

Answer 7

D. One-time pad

Assuming that it is used properly, the one-time pad is the only known cryptosystem that is not vulnerable to attacks. All other cryptosystems, including transposition ciphers, substitution ciphers, and even AES, are vulnerable to attack, even if no attack has yet been discovered.

Question 8

Helen is planning to use a one-time pad to meet a unique cryptographic requirement in her organization. She is trying to identify the requirements for using this cryptosystem. Which of the following are requirements for the use of a one-time pad? (Choose all that apply.)

A. The encryption key must be at least one-half the length of the message to be encrypted.
B. The encryption key must be randomly generated.
C. Each one-time pad must be used only once.
D. The one-time pad must be physically protected against disclosure.

Answer 8

B. The encryption key must be randomly generated.
C. Each one-time pad must be used only once.
D. The one-time pad must be physically protected against disclosure.

The encryption key must be at least as long as the message to be encrypted. This is because each key element is used to encode only one character of the message. The three other facts listed are all characteristics of one-time pad systems.

Question 9

Brian administers a symmetric cryptosystem used by 20 users, each of whom has the ability to communicate privately with any other user. One of those users lost control of their account and Brian believes that user’s keys were compromised. How many keys must he change?

A. 1
B. 2
C. 19
D. 190

Answer 9

C. 19

In a symmetric cryptosystem, a unique key exists for each pair of users. In this case, every key involving the compromised user must be changed, meaning that the key that the user shared with each of the other 19 users must be changed.

Question 10

Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message?

A. Stream cipher
B. Caesar cipher
C. Block cipher
D. ROT3 cipher

Answer 10

C. Block cipher

Block ciphers operate on message “chunks” rather than on individual characters or bits. The other ciphers mentioned are all types of stream ciphers that operate on individual bits or characters of a message.

Question 11

James is the administrator for his organization’s symmetric key cryptographic system. He issues keys to users when the need arises. Mary and Beth recently approached him and presented a need to be able to exchange encrypted files securely. How many keys must James generate?

A. One
B. Two
C. Three
D. Four

Answer 11

A. One

Symmetric key cryptography uses a shared secret key. All communicating parties utilize the same key for communication in any direction. Therefore, James only needs to create a single symmetric key to facilitate this communication.

Question 12

Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present. What type of technique is he using?

A. Split knowledge
B. M of N Control
C. Work function
D. Zero-knowledge proof

Answer 12

B. M of N Control

. M of N Control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks. M of N Control is an example of a split knowledge technique, but not all split knowledge techniques are used for key escrow.

Question 13

What is used to increase the strength of cryptography by creating a unique ciphertext every time the same message is encrypted with the same key?

A. Initialization vector
B. Vigenère cipher
C. Steganography
D. Stream cipher

Answer 13

A. Initialization vector

An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique ciphertext every time the same message is encrypted with the same key. Vigenère ciphers are an example of a substitution cipher technique. Steganography is a technique used to embed hidden messages within a binary file. Stream ciphers are used to encrypt continuous streams of data.

Question 14

Tammy is choosing a mode of operation for a symmetric cryptosystem that she will be using in her organization. She wants to choose a mode that is capable of providing both confidentiality and data authenticity. What mode would best meet her needs?

A. ECB
B. GCM
C. OFB
D. CTR

Answer 14

B. GCM

Galois/Counter Mode (GCM) and Counter with Cipher Block Chaining Message Authentication Code mode (CCM) are the only two modes that provide both confidentiality and data authenticity. Other modes, including Electronic Code Book (ECB), Output Feedback (OFB), and Counter (CTR) modes, only provide confidentiality.

Question 15

Julie is designing a highly secure system and is concerned about the storage of unencrypted data in RAM. What use case is she considering?

A. Data in motion
B. Data at rest
C. Data in destruction
D. Data in use

Answer 15

D. Data in use

Data that is stored in memory is being actively used by a system and is considered data in use. Data at rest is data that is stored on nonvolatile media, such as a disk. Data in motion is being actively transferred over a network.

Question 16

Renee conducted an inventory of encryption algorithms used in her organization and found that they are using all of the algorithms below. Which of these algorithms should be discontinued? (Choose all that apply.)

A. AES
B. DES
C. 3DES
D. RC5

Answer 16

B. DES
C. 3DES

The Advanced Encryption Standard (AES) and Rivest Cipher 6 (RC6) are modern, secure algorithms. The Data Encryption Standard (DES) and Triple DES (3DES) are outdated and no longer considered secure.

Question 17

Which one of the following encryption algorithm modes suffers from the undesirable characteristic of errors propagating between blocks?

A. Electronic Code Book
B. Cipher Block Chaining
C. Output Feedback
D. Counter

Answer 17

B. Cipher Block Chaining

One important consideration when using CBC mode is that errors propagate—if one block is corrupted during transmission, it becomes impossible to decrypt that block and the next block as well. The other modes listed here do not suffer from this flaw.

Question 18

Which one of the following key distribution methods is most cumbersome when users are located in different geographic locations?

A. Diffie–Hellman
B. Public key encryption
C. Offline
D. Escrow

Answer 18

C. Offline

Offline key distribution requires a side channel of trusted communication, such as in-person contact. This can be difficult to arrange when users are geographically separated. Alternatively, the individuals could use the Diffie–Hellman algorithm or other asymmetric/public key encryption technique to exchange a secret key. Key escrow is a method for managing the recovery of lost keys and is not used for key distribution.

Question 19

Victoria is choosing an encryption algorithm for use within her organization and would like to choose the most secure symmetric algorithm from a list of those supported by the software package she intends to use. If the package supports the following algorithms, which would be the best option?

A. AES-256
B. 3DES
C. RC4
D. Skipjack

Answer 19

A. AES-256
The AES-256 algorithm is a modern, secure cryptographic algorithm. 3DES, RC4, and Skipjack are all outdated algorithms that suffer from significant security issues.

Question 20

The Jones Institute has six employees and uses a symmetric key encryption system to ensure confidentiality of communications. If each employee needs to communicate privately with every other employee, how many keys are necessary?

A. 1
B. 6
C. 15
D. 30

Answer 20

C. 15

A separate key is required for each pair of users who want to communicate privately. In a group of six users, this would require a total of 15 secret keys. You can calculate this value by using the formula (n * (n – 1) / 2). In this case, n = 6, resulting in (6 * 5) / 2 = 15 keys.