Chapter 7

Question 1

in asymmetric cryptography, which key is used to encrypt a message?

Answer 1

receiver’s public key

Question 2

Which international standard was created by Rivest, Shamir, and Adleman?

Answer 2

RSA public key algorithm

Question 3

which algorithm relies on a component of set theory known as super-increasing sets, rather than large prime numbers?

Answer 3

Merkle-Hellman

Question 4

this algorithm is an extension of Diffie-Hallman, but its major disadvantage is that it doubles the size of any message that it encrypts

Answer 4

ElGamal

Question 5

this algorithm involves the equation Q = xP; and even if Q and P are known, x is incredibly difficult to solve. The major advantage of this algorithm is that you do not need a large key size to obtain the same amount of security as very large keys used in other algorithms

Answer 5

Elliptic Curve

Question 6

this algorithm relies on the ability of two users to generate a shared secret that they both know without ever actually transmitting it, and is used to set up TLS

Answer 6

Diffie-Hellman Key Exchange

Question 7

5 requirements of hash functions

Answer 7

1. input can be any length
2. output is fixed length
3. relatively easy to compute
4. one-way function
5. collision resistant

Question 8

block size of HAVAL

Answer 8

1024-bit

Question 9

hash values of HAVAL

Answer 9

128, 160, 192, 224, and 256-bits

Question 10

SHA1 block size

Answer 10

512-bits

Question 11

SHA-1 message digest size

Answer 11

160-bit

Question 12

SHA-256 message digest size

Answer 12

256-bit

Question 13

SHA-256 block size

Answer 13

512-bit

Question 14

SHA-224 block size

Answer 14

512-bits

Question 15

SHA-224 message digest size

Answer 15

224-bits

Question 16

SHA-512 message digest size

Answer 16

512

Question 17

SHA-512 block size

Answer 17

1024

Question 18

SHA-384 message digest size

Answer 18

384

Question 19

SHA-384 block size

Answer 19

1024-bits

Question 20

which algorithm is the SHA-3 standard

Answer 20

Keccak

Question 21

This standard provides the same security as SHA-2, but is slower so it is not commonly used

Answer 21

SHA-3

Question 22

This hash algorithm was developed by Ronald Rivest, but collisions are possible

Answer 22

MD2, MD4, MD5

Question 23

MD5 block size

Answer 23

512

Question 24

MD5 message digest length

Answer 24

128 bits

Question 25

what group of hashing functions is used as an alternative to SHA?

Answer 25

RIPEMD

Question 26

RIPEMD message digest length

Answer 26

128-bit

Question 27

Which variant of RIPEMD is still secure today?

Answer 27

RIPEMD-160

Question 28

Which two major concepts do digital signature algorithms rely on?

Answer 28

public key encryption and hashing functions

Question 29

4 steps of sending a digitally signed message

Answer 29

1. hash the message
2. encrypt the message digest using private key - this is the signature
3. appends signature to plaintext message
4. send the messages

Question 30

3 steps of validating digital signatures.

Answer 30

1. decrypt digital signature using sender’s public key
2. hash the plaintext message
3. compare the decrypted digest to the new digest to make sure they are the same

Question 31

Which aspect of the CIA triad do digital signatures alone not address, and how can it be acheived?

Answer 31

they do not provide confidentiality. It can be acheived by encrypting the signed message with the receiver’s public key.

Question 32

this signature algorithm is a partial digital signature. it guarantees the integrity of a message but not nonrepudiation.

Answer 32

HMAC

Question 33

what is the FIPS standard for digital signatures?

Answer 33

DSS - Digital Signature Standard

Question 34

what is the DSS for hashing functions?

Answer 34

SHA-3

Question 35

what are the 3 acceptable DSS encryption algorithms?

Answer 35

DSA (Digital Signature Algorithm)
RSA
ECDSA

Question 36

what are endorsed copies of a public key?

Answer 36

digital certificates

Question 37

what is the international standard for digital certificates?

Answer 37

X.509

Question 38

what information is included on a X.509 certificate? (7 items)

Answer 38

1. version of X.509
2. serial number
3. signature algorithm
4. issuer name (name of CA)
5. validity period
6. subject name (CN, DN)
7. subject’s public key

Question 39

what entities assist CAs by allowing them to remotely validate user identities?

Answer 39

Registration Authorities (RAs)

Question 40

how do CAs protect their root certificates?

Answer 40

using an offline CA that is used as needed to create intermediate CAs

Question 41

3 Certificate Lifecycle steps

Answer 41

1. Enrollment
2. Verification
3. Revocation

Question 42

which step of the certificate lifecycle involves proving your identity to the CA?

Answer 42

1. Enrollment

Question 43

which step of the certificate lifecycle involves the certificate signing request?

Answer 43

1. Enrollment

Question 44

which kind of certificate does the CA verify that the certificate subject has control of the domain name?

Answer 44

Domain validation certificate (DV)

Question 45

which kind of certificate does the CA take steps to verify that the certificate owner is a legitimate business before issuing the certificate?

Answer 45

Extended Validation (EV) certificate

Question 46

which step of the certificate lifecycle involves checking the validity of the various components of a certificate?

Answer 46

Verification

Question 47

which protocol is used to check if certificates have been revoked?

Answer 47

OCSP (Online Certificate Status Protocol)

Question 48

what do CAs distribute to revoke groups of certificates?

Answer 48

CRL - Certificate Revocation Lists

Question 49

when browsers attach a certificate to a subject for an extended period of time

Answer 49

certificate pinning

Question 50

this is an extension to the OCSP; where the web server sends clients a timestamped response from an OCSP server to alleviate some of the burden of all the clients individually sending requests

Answer 50

Certificate Stapling

Question 51

maximum response time within which a CA will perform a requested revocation

Answer 51

revocation request grace period

Question 52

4 reasons to revoke a certificate

Answer 52

1. certificate was compromised
2. erroneously issued
3. details changed
4. security association changed

Question 53

4 digital certificate formats

Answer 53

Distinguished Encoding Rules (DER)
Privacy Enhanced Mail (PEM)
Personal Information Exchange (PFX)
P7B

Question 54

Binary digital certificate formats (2)

Answer 54

DER and PFX

Question 55

Text digital certificate formats (2)

Answer 55

PEM and P7B

Question 56

.der digital certificate format

Answer 56

DER - Digital Encoding Rules

Question 57

.crt Digital certificate format

Answer 57

DER - Distinguished Encoding Rules
PEM - Privacy Enhanced Mail

Question 58

.cer digital certificate format

Answer 58

DER - Distinguished Encoding Rules

Question 59

.pem digital certificate format

Answer 59

PEM - Privacy Enhanced Mail

Question 61

.pfx digital certificate format

Answer 61

PFX - Personal Information Exchange

Question 62

.p12 digital certificate format

Answer 62

PFX - Personal Information Exchange

Question 63

most common binary digital certificate format

Answer 63

DER - Digital Encoding Rules

Question 64

ASCII text version of DER format

Answer 64

PEM - Privacy Enhanced Mail

Question 65

can you tell if a .crt file is binary or text without looking at the contents of the file?

Answer 65

No, this extension is used for both DER (binary) and PEM (text) formats,

Question 66

digital certificate that is commonly used by windows systems

Answer 66

PFX - Personal Information Exchange

Question 67

ASCII text Windows digital certificate format

Answer 67

P7B

Question 68

most well known example of hybrid cryptography

Answer 68

TLS - Transport Layer Security

Question 69

in hybrid cryptography, what method is used to distribute keys?

Answer 69

asymmetric/public key cryptography

Question 70

a chip that resides on the motherboard of the devices that can store and manage keys used for full disk encryption

Answer 70

TPM - Trusted Platform Module

Question 71

which secure email system combines the CA hierarchy with the “web of trust”

Answer 71

PGP - Pretty Good Privacy

Question 72

which secure email system uses the RSA encryption algorithm?

Answer 72

S/MIME

Question 73

How can you protect your organization from POODLE attacks?

Answer 73

Only allow connections to sites using TLS (via active directory browser configurations or a proxy)

Question 74

what is the minimum secure version of TLS?

Answer 74

TLS 1.2

Question 75

hiding messages within another message by altering the least significant bits

Answer 75

steganography

Question 76

two methods of circuit encryption

Answer 76

1. Link encryption
2. end-to-end encryption

Question 77

which type of circuit encryption encrypts the header data?

Answer 77

link encryption

Question 78

which kind of encryption is SSH?

Answer 78

end-to-end

Question 79

what are the two big components of an IPsec connection?

Answer 79

AH - Authentication Header
ESP - Encapsulating Security Payload

Question 80

which part of IPsec provides message integrity and non-repudiation?

Answer 80

AH - Authentication Header

Question 81

which part of IPsec provides confidentiality with encryption?

Answer 81

Encapsulating Security Payload (ESP)

Question 82

IPsec modes of operation

Answer 82

transport mode - only the payload is encrypted (end-to-end encryption)
tunnel mode - header is encrypted (link encryption)

Question 83

a distributed and immutable public ledger

Answer 83

blockchain

Question 84

cryptography in situations where computing power and energy are limited

Answer 84

lightweight cryptography

Question 85

purpose of homomorphic encryption

Answer 85

being able to perform calculations on data that may include PII or PHI so that the data is never revealed to the researcher.

Question 86

attacks that use algebraic manipulation to reduce the complexity of the algorithm

Answer 86

analytic attack

Question 87

exploits weaknesses in the implementation of a crypto system - exploits the software code used to program the encryption

Answer 87

implementation attack

Question 88

exploits statistical weaknesses in a cryptosystem

Answer 88

statistical attack

Question 89

compromising the integrity of a device by causing some kind of external fault (high-voltage, temperature extremes) to induce a malfunction

Answer 89

fault injection attack

Question 90

using information like power consumption or EM radiation to monitor system activity and retrieve information that is actively being encrypted

Answer 90

Side-Channel Attack

Question 91

a random value added to the end of a password before the OS hashes the password

Answer 91

salt

Question 92

counting the number of times each letter appears in the cipher text and using knowledge of language and frequently used letters to attempt to crack cyphertext

Answer 92

freqency analysis/ciphertext-only attack

Question 93

attack cracks an encryption code by having both a ciphertext and plain text version of a message

Answer 93

known plaintext attack

Question 94

attacker obtains the ciphertexts corresponding to a set of plaintexts of their own choosing in order to derive the key used

Answer 94

chosen plaintext

Question 95

attacker decrypts chosen portions of the ciphertext message to discover the key

Answer 95

chosen ciphertext

Question 96

attacker encrypts plaintext message using every possible key (k1) and the ciphertext is decrypted using all possible keys (k2). When a match is found, the key pair is used to defeat the double encryption method in use.

Answer 96

Meet in the Middle

Question 97

attacker intercepts all communications between two parties, including the setup of a cryptographic session

Answer 97

man in the middle

Question 98

attacker finds flaws in a hashing function where two inputs can produce the same output

Answer 98

Birthday attack, collision attak, reverse hash matching

Question 99

attacker intercepts a request for authentication and then replays the captured message to open a new session

Answer 99

replay attack