Chapter 7

Question 1

What is the most popular and widely used public key cryptosystem?

Answer 1

RSA

Question 2

What uses large integers and modular arithmetic to facilitate the secure exchange of secret keys over insecure communications channels.

Answer 2

Diffie-Hellman

Question 3

What cryptographic algorithm doubles the size of any message that it encrypts?

Answer 3

ElGamal

Question 4

What are the five requirements for a cryptographic hash function?

Answer 4

The input can be of any length
The output has a fixed length
The hash function is east to compute for any input
Has one-way functionality
Collision resistant

Question 5

What SHA algorithm produces a message digest using a 1,024-bit block size?

Answer 5

SHA-512

Question 6

What SHA uses a truncated version of the SHA-512 hash that drop 128 bits to produce a message digest using a 1,024-bit block size?

Answer 6

SHA-384

Question 7

What SHA produces a message digest using a 512-bit block size?

Answer 7

SHA-256

Question 8

What SHA uses a truncated version of the SHA-256 hash that drops 32 bits to produce a message digest using a 512-bit block size.

Answer 8

SHA-224

Question 9

What is based on the Keccak algorithm, provides the same level of security as SHA-2, but is slower than SHA-2?

Answer 9

SHA-3

Question 10

What message digest algorithm is vulnerable to collisions, preventing its use for ensuring message integrity?

Answer 10

MD5

Question 11

What hashing algorithm is an alternative to the SHA-2 family that is used in applications such as Bitcoin cryptocurrency implementations?

Answer 11

RIPEMD

Question 12

What is the most secure version of RIPEMD today?

Answer 12

RIPEMD-160

Question 13

What security goals are met with the implementation of a digital signature system?

Answer 13

Non-repudiation
Integrity
Authentication

Question 14

What digital signature algorithm implements a partial digital signature and guarantees the integrity of a message during transmission but doesn’t provide non-repudiation.

Answer 14

HMAC

Question 15

What are the four rules for public key cryptography and digital signatures?

Answer 15

If you want to encrypt a confidential message, use the recipient’s public key

If you want to decrypt a confidential message sent to you, use your private key

If you want to digitally sign a message you are sending to someone else, use your private key

If you want to verify the signature on a message sent by someone else, use the sender’s public key

Question 16

What can be combined with MD5, SHA-2, SHA-3 and is more efficient than the digital signature standard.

Answer 16

HMAC

Question 17

What cryptographic algorithm relies on a shared secret key and does not provide any non-repudiation?

Answer 17

HMAC

Question 18

What provides communicating parties the assurance that the people they are communicating with truly are who they claim to be.

Answer 18

Digital Certificates

Question 19

What international standard governs the information contained within digital certificates?

Answer 19

X.509

Question 20

What describes the use of a series of intermediate CAs?

Answer 20

Certificate Chaining

Question 21

What type of certificate where the CA simply verifies that the certificate subject has control of the domain name?

Answer 21

Domain Validation Certificates

Question 22

What type of certificate provides a higher level of assurance, and the CA verifies that the certificate owner is a legitimate business?

Answer 22

Extended Validation Certificates

Question 23

What are the requirements that must be performed before communicating with someone who provided you their digital certificate.

Answer 23

Verify the digital signature of the CA is authentic
You trust the CA
The certificate is not listed on a CRL or OCSP
The certificate contains the data you are trusting

Question 24

What method instructs browsers to attach a certificate to a subject for an extended period of time?

Answer 24

Certificate Pinning

Question 25

What document states the practices a CA employs when issuing or managing certificates?

Answer 25

CPS

Question 26

What are three techniques someone can use to verify the authenticity of certificates and identify revoked certificates?

Answer 26

CRL
OCSP
CS

Question 27

What are maintained by various CAs and contain the serial numbers of certificates that have been issued by a CA and that have been revoked.

Answer 27

CRL

Question 28

What certificate technique has a disadvantage where certificates must be downloaded and cross-referenced periodically, introducing a period of latency.

Answer 28

CRL

Question 29

What certificate protocol eliminates the latency when using a CRL by providing a means for real-time certificate verification?

Answer 29

OCSP

Question 30

What is an extension to OCSP that relieves some of the burden placed on CAs by the original protocol?

Answer 30

Certificate Stapling

Question 31

What describes the process where the web server contacts the OCSP server itself and receives a signed and timestamped response from the OCSP server and then staples it to the user’s digital certificate?

Answer 31

Certificate Stapling

Question 32

What is the most common binary format for digital certificate files?

Answer 32

DER

Question 33

What are the extensions for DER certificates?

Answer 33

.DER
.CRT
.CER

Question 34

What format is an ASCII text version of the DER format?

Answer 34

PEM
Privacy Enhanced Mail

Question 35

What are the extensions for PEM certificates?

Answer 35

.PEM
.CRT

Question 36

What certificate file format is commonly used by Windows systems?

Answer 36

PFX

Question 37

What are the extensions for PFX certificates?

Answer 37

.PFX
.P12

Question 38

What windows certificate file is stored in ASCII text format?

Answer 38

P7B

Question 39

What web application encryption framework method is used to create secure communications channels that remain open for an entire web session?

Answer 39

TLS

Question 40

What encryption technique protects entire communications circuits by creating a secure tunnel between two points using either hardware or software.

Answer 40

Link Encryption

Question 41

What are the two main components that IPsec uses for security?

Answer 41

AH
ESP

Question 42

What provides assurances of message integrity, non-repudiation, and authentication?

Answer 42

AH

Question 43

What provides confidentiality and integrity of packet contents ?

Answer 43

ESP

Question 44

What IPsec security mechanisms prevents replay attacks?

Answer 44

AH
ESP

Question 45

What are the two modes of IPsec?

Answer 45

Transport
Tunnel

Question 46

What IPsec mode is designed for end-to-end encryption, encrypts only the packet payload and is for peer-to-peer communication?

Answer 46

Transport Mode

Question 47

What IPsec mode encrypts the entire packet including the header and is designed for link encryption ?

Answer 47

Tunnel Mode

Question 48

What represents the communication session and records any configuration and status information about the connection ?

Answer 48

SA

Question 49

What is required for pairs of users or gateways to establish IPsec links?

Answer 49

SA

Question 50

What can create a data store that nobody can tamper with or destroy ?

Answer 50

Blockchain

Question 51

What type of encryption technology allows you to perform calculations on data without affecting the actual data ?

Answer 51

Homomorphic Encryption

Question 52

What are the different cryptographic attacks ?

Answer 52

Analytic
Implementation
Statistical
Brute-Force
Fault Injection
Side-Channel
Timing

Question 53

What is an algebraic manipulation that attempts to reduce the complexity of an algorithm?

Answer 53

Analytic Attack

Question 54

What cryptographic attack focuses on exploiting the software coding flaws and errors but also the methodology used to program the system ?

Answer 54

Implementation Attack

Question 55

What cryptographic attack exploits weaknesses in a crypto-system such as floating point errors and the inability to produce truly random numbers.

Answer 55

Statistical Attack

Question 56

What attack uses massive amounts of processing power to methodically guess the key used to secure cryptographic communications.

Answer 56

Brute-Force Attack

Question 57

What attack attempts to use factors such as high or low temperatures to cause a malfunction in a device ?

Answer 57

Fault Injection Attack

Question 58

What attack monitors system activity and retrieve information that is actively being encrypted.

Answer 58

Side-Channel Attack

Question 59

What attack is where the attacker measures precisely how long cryptographic operations take to complete and gains info about the process.

Answer 59

Timing Attack

Question 60

What attack is where the attacker obtains the ciphertexts corresponding to a set of plaintexts of their own choosing.

Answer 60

Chosen Plaintext

Question 61

What attack is where the attacker has the ability to decrypt chosen portions of the cipher text message.

Answer 61

Chosen Ciphertext

Question 62

What attack seeks to substitute in a digitally signed communication a different message that produces the same message digest.

Answer 62

Birthday Attack

Question 63

What attack is used against cryptographic algorithms that don’t incorporate temporal protections ?

Answer 63

Replay Attacks