Lesson 3 Review Questions Flashcards
(21 cards)
A sole proprietorship construction company contacted an information technology (IT) consultant for technical support for a computer issue. After resolving that issue, the consultant suggested the construction company enable computer encryption. Why might the company want to enable encryption on its computers’ hard drives?
A. To slow down data removal from a stolen device.
B. To prevent phishing
C. To prevent unauthorized access to data on a stolen device
D. To prevent theft
To prevent unauthorized access to data on a stolen device
Enabling hard drive encryption is a basic step to prevent data loss in the event of a stolen device. Without it, anyone can easily access the stolen device, regardless of needing a password.
A small development company just set up a web server and must ensure a secure customer connection. Regarding digital certificates, what is a file containing the information that the subject wants to use in the certificate, including its public key?
A. CA
B. CSR
C. CRL
D. PKI
CSR
The Certificate Signing Request (CSR) is a file containing the information that the subject wants to use in the certificate, including its public key.
A small company needs to ensure it protects the SQL data against theft while in use. What type of encryption would BEST fit its needs?
A. Database-level encryption
B. Full-disk encryption
C. Using a cloud provider
D. Using a security guard
Database-level encryption
Database- or page-level encryption and decryption occur when data transfers between disk and memory. Database-level encryption would be the best option for the small company to protect its Structured Query Language (SQL) data.
What is the process used to encrypt and decrypt a message?
A. Cryptanalysis
B. Plaintext
C. Ciphertext
D. Algorithm
Algorithm
An algorithm refers to the operations that transform plaintext into ciphertext with cryptographic properties, also called a cipher. There are symmetric, asymmetric, and hash cipher types of algorithms.
A security engineer noticed a high volume of images sent from the company networks to a popular gaming social media platform. After reviewing the images, the security engineer saw that the images were seemingly benign. Why might these images still be a threat?
A. They contain plaintext
B. They contain ciphertext
C. They contain steganography
D. They contain phishing
They contain steganography
Steganography embeds information within an unexpected source, such as a message hidden in a picture. Covertext describes the container document or file that it resides within.
After deploying a mobile device management system to all its computers, a company noticed a small subset failed to encrypt their hard drives. After inspection, those devices do not have the correct component required for the drive encryption to function. Which security component would the company need to install for the drive encryption to work?
A. CRL
B. CPU
C. TPM
D. RAM
TPM
The Trusted Platform Module (TPM) chip holds the cryptographic secrets and hardware state to help secure an encrypted hard drive.
A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after testing the website, an error message in the browser stated that the connection was insecure. What should the marketing firm purchase and set up so that the page shows that it is secure?
A. Digital certificate
B. Certificate Authority
C. Cryptoanalysis
D. Certificate Signing Request
Digital certificate
A digital certificate is a wrapper for a subject’s public key. It contains information about the subject and the certificate’s issuer. The certificate is digitally signed to prove it came from a particular Certificate Authority (CA).
A cancer diagnostic clinic must transfer a large amount of data to a cloud vendor to migrate from its on-premises server. However, the amount of data would make the transfer over the internet take extensive time due to the limited bandwidth the clinic’s internet provides. Instead, it wants to ship an encrypted copy of the data to the vendor. What type of encryption would BEST fit the clinic’s needs?
A. Symmetric algorithm
B. Asymmetric algorithm
C. Plaintext
D. Cryptography
Symmetric algorithm
In this scenario, the best option is to use a symmetric algorithm, as it uses the same secret key to perform encryption and decryption and allows for efficiency, security, and speed.
A news reporter received an anonymous message containing a potential Pulitzer Prize-winning story. However, the anonymous sender requested the reporter set up a communication system that enforced encryption before sending over details for the story. What is the anonymous sender trying to ensure?
A. The reporter needs to show an interest in the story.
B. The anonymous sender is suspicious of the reporter.
C. Encryption prevents the theft of intellectual property.
D. Encryption allows for confidentiality.
Encryption allows for confidentiality
The purpose of encryption is to allow for confidentiality. It prevents third parties from listening in and knowing what communication is occurring. Encryption is important for things like whistleblower reporting.
A consultancy recommended that a large construction company should encrypt its wireless network. Currently, the network is set to open and allows any device to connect to it, even employees’ personal devices. What encryption product would help the company secure its wireless networks?
A. Transport Layer Security
B. Trusted Platform Module
C. Internet Protocol Security
D. Wi-Fi Protected Access
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA), particularly Wi-Fi Protected Access 3 (WPA3), secures the traffic sent over a wireless network. Based on this scenario, the company needs to encrypt the wireless traffic.
A Certificate Authority (CA) had its issuing authority revoked, and its certificates expired. How might those certificates still appear valid, even though they should be on the Certificate Revocation List (CRL)?
A. The company was a Root CA.
B. The CA blocked companies from adding it to the CRL.
C. The company did not implement a CRL.
D. The CRL still requires updating.
The CRL still requires updating
When an entity revokes a certificate, they add it to a Certificate Revocation List. However, it requires a browser to check the list and for the Certificate Authority (CA) to provide the list. If this does not happen, an invalid certificate may still work.
A large certificate-issuing company lost its reputation due to poor business practices. Its higher signing authority revoked the ability to issue new certificates, and browsers now show it as invalid. What describes the position that the company once had but has now lost?
A. Root Certificate Authority
B. Certificate Signing Request
C. Certificate Authority
D. Certificate Revocation List
Certificate Authority
A Certificate Authority (CA) is a server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.
Why might a company want a longer key length?
A. To improve the performance of the algorithm
B. To slow down the initial encryption
C. To increase the chances of the ciphertext cracking
D. To decrease the chances of the ciphertext cracking
To decrease the chances of the ciphertext cracking
Increasing the key length will improve the algorithm’s security by decreasing the chance of cracking the ciphertext. Furthermore, adding salting and hashing will greatly reduce the chances of malicious actors gaining access to the data.
A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after running a test on the website, an error message in the browser stated that the connection was insecure. What framework should the marketing firm use to ensure this error message does not show up?
A. Public key infrastructure
B. Certificate authority
C. Cryptanalysis
D. Typosquatting
Public key infrastructure
Public key infrastructure (PKI) refers to a framework of Certificate Authorities (CAs), digital certificates, software, services, and other cryptographic components deployed to validate subject identities.
What BEST describes text that is not encrypted?
A. Plaintext
B. Ciphertext
C. Algorithm
D. Cryptanalysis
Plaintext
Plaintext refers to data that is not encrypted. An attacker can easily intercept data that is in plaintext form.
A small enterprise needs a key exchange method to ensure perfect forward secrecy. It needs something that can help future-proof its security while it grows. Which key exchange method would meet the needs of the enterprise?
A. Hash
B. Diffie-Hellman
C. Advanced Encryption Standard
D. Salt
Diffie-Hellman
Perfect Forward Secrecy (PFS) mitigates this risk from a basic key exchange. PFS uses Diffie-Hellman (D-H) key agreement to create ephemeral session keys without using the server’s private key.
A chief executive officer pushed back against the information technology department’s proposal to set up disk encryption on all devices. What BEST describes why the CEO should approve the proposal instead of pushing back against it?
A. Disk encryption protects stolen devices from data theft.
B. Disk encryption slows down a computer’s performance.
C. The cost of disk encryption is not worth incurring.
D. The company does not have enough sensitive data.
Disk encryption protects stolen devices from data theft
Disk encryption protects against data loss when a malicious actor steals a device. The data remains safe as long as the malicious actor does not have the keys.
A recent security flaw allowed a malicious actor to access sensitive data even though the data never left the server and there is full drive encryption. Which data state did the malicious actor MOST likely compromise?
A. In transit
B. At rest
C. In use
D. Through Bluetooth
In use
Data in Use (or data in processing) refers to the state in which data is present in volatile memory, such as system Random Access Memory (RAM) or Central Processing Unit (CPU) registers and cache. The security flaw allows for data exploitation while in use.
An indie game developer created a browser based on the Chromium project. The developer must ensure that anyone using the browser is safe from invalid certificates. What should the developer use to ensure that the browser blocks revoked certificates?
A. CRL
B. CA
C. CSR
D. PKI
CRL
A Certificate Authority (CA) or owner can revoke or suspend a certificate for many reasons. A Certificate Revocation List (CRL) is a list of no longer valid certificates.
A security consultant is working with a client to improve security practices. How can the consultant best describe the cryptographic hashing process?
A. Hashing speeds up the encryption process.
B. Hashing slows down the encryption process.
C. Hashing produces a fixed-length string of bits(a hash) from an input plaintext that can be of any length.
D. Hashing allows the same length of plaintext to be different lengths of ciphertext.
Hashing produces a fixed-length string of bits(a hash) from an input plaintext that can be of any length
Hashing encrypted data makes it much more difficult to break. Hashing takes any length string and makes it the same length. A hashing algorithm is also useful for proving integrity.
A security engineer investigates the impacts of a recent breach in which a threat actor was able to exfiltrate company data. What cryptographic solution serves as a countermeasure that mitigates the impact of hash table attacks by adding a random value to each plaintext input?
A. Trusted Platform Module
B. Salt
C. Internet Protocol Security
D. Plaintext
Salt
A salt is a security countermeasure that mitigates the impact of precomputed hash table attacks by adding (“salting”) a random value to each plaintext input.
