Module 18 - Cryptography Flashcards
(210 cards)
1
Q
Which two major classes of encryption are used to ensure data confidentiality?
A
Symmetric and asymmetric encryption
2
Q
Which encryption type uses the same key for both encryption and decryption?
A
Symmetric encryption
3
Q
Which encryption type uses one key to encrypt and a different key to decrypt data?
A
Asymmetric encryption
4
Q
Which encryption type uses different keys for encryption and decryption, making it slower but ideal for secure transactions like HTTPS?
A
Asymmetric encryption
5
Q
Which encryption class typically uses shorter key lengths between 40 and 256 bits and is faster in processing?
A
Symmetric encryption
5
Q
Which encryption class can use keys as long as 4096 bits and is computationally taxing?
A
Asymmetric encryption
6
Q
Which encryption approach is preferred for encrypting bulk data such as VPN traffic due to its speed?
A
Symmetric encryption
7
Q
Which key-based mechanism must be established before any symmetric encryption can occur?
A
A PSK (Pre-shared key)
7
Q
Which encryption algorithm uses 64-bit block sizes and is considered a legacy method that should not be used?
A
DES (Data encryption standard)
8
Q
Which symmetric stream cipher is known for using a 160-bit key and offers a CPU-efficient alternative to AES?
A
SEAL (Software Optimized encryption Algorithm)
9
Q
Which algorithm repeats the DES process three times and is set to retire in 2023, and should only be used with very short key lifetimes?
A
3DES (Triple Data encryption standard)
9
Q
Which symmetric encryption standard offers flexible key lengths of 128, 192, or 256 bits and encrypts matching-sized data blocks?
A
AES (Advanced Encryption Standard)
10
Q
Which stream cipher developed by Ron Rivest was widely used to secure web traffic but is now considered insecure due to vulnerabilities?
A
RC4
11
Q
Which symmetric cipher category transforms fixed-length plaintext blocks into ciphertext blocks, such as 64 or 128 bits?
A
Block cipher
12
Q
Which symmetric cipher category encrypts one byte or bit at a time and continuously encrypts data as it flows?
A
Stream cipher
13
Q
Which type of cipher is typically faster in real-time applications due to its continuous encryption model?
A
Stream cipher
14
Q
Which older cipher method is still referenced as an example of stream ciphers, despite no longer being secure?
A
RC4
14
Q
Which stream cipher is specifically used for encrypting GSM cellular communications?
A
A5
15
Q
Which minimum key length should be used in symmetric encryption to ensure reasonable security against key discovery?
A
128 bits
15
Q
Which key length range is generally used in modern symmetric encryption to balance performance and security?
A
112 to 256 bits
15
Q
Which cipher mode is AES an example of, given its 128-bit block size and multi-key length options?
A
Block cipher
16
Q
Which encryption approach would be appropriate for encrypting large amounts of traffic over a VPN due to low CPU usage?
A
Symmetric encryption
17
Q
Which encryption algorithm was designed by Rivest, Shamir, and Adleman and falls under asymmetric encryption?
A
RSA
18
Q
Which infrastructure is associated with managing public/private keys in asymmetric encryption?
A
PKI (Public key infrastructure)
18
Which encryption method uses a public key and a private key, where each can encrypt but only the matching key can decrypt?
Asymmetric encryption
19
Which encryption class requires very long key lengths—typically 2048 bits or more—to ensure security because there is no shared secret?
Asymmetric encryption
20
Which encryption class is computationally slower due to its reliance on problems like factoring large numbers or discrete logarithms?
Asymmetric encryption
21
Which encryption algorithm allows two users to agree on a shared key without actually exchanging the key directly?
DH (Diffie Hellman)
22
Which asymmetric encryption algorithm is based on the difficulty of factoring very large numbers and is widely used in electronic commerce protocols?
RSA (Rivest, Shamir, Adleman)
22
Which key agreement algorithm relies on the difficulty of computing the original exponent from a result and base?
DH (Diffie Hellman)
23
Which algorithm is defined by the DSS standard and is based on the ElGamal signature scheme?
DSA (Digital Signature Algorithm)
23
Which asymmetric algorithm causes encrypted data to double in size and is therefore limited to encrypting small data like secret keys?
ElGamal
23
Which asymmetric encryption algorithm is specifically designed for digital signatures and offers fast signature creation but slower verification?
DSA (Digital signature algorithm)
24
Which cryptographic technique enables shorter key lengths while maintaining security, and can adapt other algorithms like DH or ElGamal?
ECC (Elliptic Curve Cryptography)
24
Which asymmetric key size is considered untrustworthy by modern standards and should be avoided?
1024 bits or less
25
Which protocol uses asymmetric encryption to provide secure remote access to devices and systems?
SSH (Secure Shell)
26
Which minimum key length is considered safe for modern asymmetric encryption?
2048 bits
26
Which email-focused cryptographic program uses asymmetric encryption to ensure privacy and authentication?
PGP (Pretty good privacy)
26
Which key in asymmetric encryption must be kept secret to maintain the confidentiality of communications?
Private key
27
Which fundamental component of IPsec VPNs relies on asymmetric encryption to establish secure communication channels?
IKE (Internet Key Exchange)
27
Which key in asymmetric encryption can be freely distributed without compromising security?
Public key
28
Which encryption algorithm increases the size of an encrypted message significantly, making it suitable only for short data like secret keys?
Elgamal
28
Which encryption process uses the public key for encryption and the private key for decryption to ensure only one host can access the data?
Asymmetric encryption for confidentiality
29
Which asymmetric algorithm's main advantage is offering strong security with smaller key sizes?
ECC (Elliptic curve Cryptography)
30
Which key does Alice use to ensure only Bob can read her encrypted message in an asymmetric confidentiality setup?
Bobs public key
30
Which formula summarizes the confidentiality objective in asymmetric encryption?
Public key (encryption) + Private key (Decryption) = Confidentiality
31
Which encryption process starts when Alice obtains Bob's public key and uses it to encrypt a message?
Asymmetric encryption for confidentiality
32
Which step does Alice perform to let Bob verify that a message originated from her in an asymmetric authentication flow?
Encrypt the message using her private key
32
Which key is used by Bob to decrypt a message that Alice encrypted using his public key?
His private key
33
Which encryption process begins when a private key is used to encrypt a message in asymmetric authentication?
Asymmetric encryption for authentication
33
Which formula describes the authentication function of asymmetric encryption?
Private key (encrypt) + Public Key (decrypt) = Authentication
34
Which property is achieved when the received hash matches the locally generated hash during decryption?
Integrity
34
Which key must Bob obtain to authenticate a message that was encrypted by Alice’s private key?
Alice's public key
34
Which action does Bob take after receiving Alice’s message to confirm it truly came from her?
Decrypt it using Alice's public key
34
Which encryption process is used by Alice to ensure only Bob can read a message, thus providing confidentiality?
Encrypting the message using Bob's public key
35
Which unique feature of Diffie-Hellman makes it possible to derive a shared key without transmitting the secret?
The shared key is never exchanged
35
Which asymmetric algorithm allows two parties to generate a shared secret key without having communicated before?
DH (Diffie Hellman)
35
Which cryptographic method is commonly used for establishing keys in IPsec VPNs and SSH connections?
DH (Diffie Hellman)
36
Which characteristic of Diffie-Hellman ensures that it is computationally secure?
The use of extremely large numbers
36
Which DH group uses a 1024-bit key?
Group 2
36
Which approximate decimal length corresponds to a 1024-bit DH number?
309 digits
37
Which DH group supports the strongest standard prime number size mentioned (4096 bits)?
Group 16
37
Which symmetric encryption algorithms are typically used for bulk encryption after DH establishes the key?
3DES and AES
38
Which elliptic curve–based DH groups are supported by Cisco IOS Software?
Groups 19, 20 and 24
39
Which data protection method secures sensitive information by replacing it with non-sensitive versions that behave like the original?
Data masking
39
Which drawback of asymmetric encryption makes it unsuitable for high-volume data encryption?
It is slow
40
Which data security method can apply protection in real-time by reacting to risky user requests?
Dynamic data masking
41
Which data masking technique replaces real data with authentic-looking alternative values to maintain anonymity?
Substitution
41
Which masking technique creates substitute values by rearranging data within the same column?
Shuffling
42
Which masking method entirely hides data by assigning a null value to a field?
Nulling
42
Which data-hiding technique conceals secret messages inside files such as images, audio, or video?
Steganography
42
Which technique provides secrecy without attracting attention, unlike encryption which signals the presence of protected data?
Steganography
43
Which term describes the hidden message inside a steganographic file?
Imbedded data
44
Which term refers to the original file used to conceal a hidden message in steganography?
Cover image/text or audio file
44
Which method embeds hidden data into the least significant portion of each pixel’s color component?
LSB (least significant bit) technique
44
Which element in a digital image represents the smallest programmable color unit?
A pixel
45
Which color components are combined to define each pixel in a standard computer image?
RGB (Red, green and Blue)
45
How many bytes are used to define color in a 24-bit image system?
3 bytes (one byte for each RGB component)
46
What is the average proportion of image bits that must change to embed a secret message using LSB?
No more than half of the image's bits
46
Which type of steganography hides messages in normal-looking phrases or posts that can be interpreted differently based on secret rules?
Social steganography
46
Which method is commonly used by teens to send coded messages through innocent phrases?
Steganography
46
Which process attempts to detect hidden messages inside files that use steganography?
Steganalysis
47
What types of patterns can raise suspicion during steganalysis of digital files?
The use of reserved but unused disk areas
47
Which utility can uncover hidden information in unused clusters on a storage device?
Disk analysis tools
48
Which type of traffic requires the highest priority for protection due to its transmission beyond the organization’s internal boundaries?
External traffic
48
Which element of secure communication ensures that data was not modified during transit?
Data integrity
48
Which algorithms are recommended to ensure data integrity in secure communications? (2)
SHA-2 and SHA-3
49
Which message digest algorithm is still in use but considered insecure due to vulnerabilities?
MD5
49
Which element of secure communication confirms the true identity of the message sender?
Original authentication
49
Which authentication method uses hashes to ensure a message is not forged?
HMAC (Hash based message authentication code)
49
Which element of secure communication ensures that intercepted data cannot be understood by unauthorized parties?
Confidentiality
50
Which two encryption techniques are used to achieve data confidentiality?
Symmetric and asymmetric encryption algorithms
51
Which element of secure communication ensures the sender cannot deny having sent the message?
Data non-repudiation
52
Which principle does data non-repudiation rely on to confirm the sender's identity?
The senders unique signature or identifiable characteristics in the message
53
Which security tool ensures data integrity by generating a unique, fixed-length representation of data?
Cryptographic hash function
53
Which property of a hash function makes it impossible to recreate the original input from the hash output?
It is a one way function
54
Which real-world analogy helps describe how hashing is irreversible?
Coffee grinding
54
What is the fixed-length output of a hash function commonly called?
A hash or message digest
55
What happens to the hash value when the original data changes?
The hash value/message digest also changes
56
Which property of hashing prevents two different inputs from producing the same hash output?
Collision resistance
56
Which nickname is often used for hash values because of their uniqueness and detection ability?
Digital fingerprints
56
Which formula is used to represent the output of a cryptographic hash function?
h=H(x)
56
Which function verifies message integrity by generating a fixed-length value from variable input data?
Cryptographic hash function
57
Which process cannot be guaranteed by hashing alone because anyone can recalculate a hash?
Origin authentication
58
Which type of attack are basic hash functions vulnerable to, due to their lack of secret-key authentication?
MiTM attacks
58
Which function enhances hashing with a secret key to ensure both message integrity and origin authentication?
HMAC (Hash based message authentication)
58
Which hash algorithm, developed by Ron Rivest, produces a 128-bit hash and is now considered insecure?
MD5
59
Which 160-bit hashing algorithm, developed by the NSA (National Security Agency) in 1995, is similar to MD5 but has known flaws?
SHA-1
59
Which hashing family, developed by the NSA (National Security Agency), includes SHA-224, SHA-256, SHA-384, and SHA-512?
SHA-2
60
Which variants of the SHA-2 family are recommended for use when possible? (3)
SHA-256, SHA-384, SHA-512
61
Which hash family was introduced by NIST (National institute of standards and technology) as an eventual replacement for SHA-2?
SHA-3
62
Which SHA-3 versions are considered next-generation and preferred where possible?
SHA-224, SHA-256, SHA-384, SHA-512
62
Which process ensures data was not accidentally altered during transmission but cannot prevent deliberate tampering?
Hashing
62
Which kind of changes does hashing detect, as opposed to intentional ones?
Accidental changes
62
Which method combines a cryptographic hash with a secret key to verify both data integrity and origin?
HMAC (Hash based message authentication code)
63
Which shared element between sender and receiver ensures that only they can create or verify an HMAC digest?
A secret key
64
Which form of authentication does a matching HMAC digest confirm between sender and receiver?
Origin authentication
65
Which protocols or systems commonly use HMAC for origin authentication and integrity? (3)
SSL, SSH , IPsec
66
Which input combination is used to calculate the HMAC value on the sending device?
The message and secret key
66
Which protocol in Cisco routers uses HMAC to authenticate routing information?
OSPF (Open shortest path first)
67
Which two hash algorithms are provided by Cisco to verify the integrity of IOS image files?
MD5 and SHA
67
Which concept is established when two identical hash values prove that a forensic copy is unchanged from the original?
fixity
68
Which function converts any data input into a fixed-length value that is irreversible?
A cryptographic hash function
69
Which security method allows systems to verify passwords without storing the actual password?
Password hashing
69
Which type of attack compares known password hashes against a system’s stored hash values using common phrases?
A dictionary attack
70
Which method tries every possible character combination until the correct password is discovered?
A brute force attack
71
Which attack technique relies on computing power and time rather than predefined word lists?
Brute force attack
71
Which defense strategy makes brute-force attacks impractical by increasing the number of possible combinations?
Using long passwords
72
Which technique adds a random string to a password before hashing to ensure identical passwords generate different hashes?
Salting
72
Which problem does salting solve when two users have the same password?
It ensures their hashes are different
72
Which quality must a salt have to be cryptographically secure and unpredictable?
It must be generated by CSPRNG (Cryptographically secure pseudo random number generator)
73
Which tool should be used to generate a strong and unpredictable salt?
A CSPRNG (Cryptographically secure pseudo random number generator)
74
Which guideline ensures the effectiveness of the salt in resisting attacks?
Salt length must match hash functions length
75
Which hashing function is commonly recommended when combining salt and password for secure hashing?
SHA-256
75
Which attack is rendered ineffective by salting because it relies on precomputed password-hash pairs?
Dictionary attacks using lookup tables
76
Which attack uses a data structure of precomputed hashes to rapidly guess passwords?
A lookup table attack
77
Which attack hashes each guess and then maps it to users in a breached hash database?
A reverse lookup table attack
78
Which table-based method reduces hash-cracking storage needs at the cost of speed?
A rainbow table attack
79
Which technique makes high-speed, large-scale hash-guessing hardware less effective?
Key stretching
80
Which cryptographic technique provides authenticity, integrity, and nonrepudiation in a message or transaction?
Digital signatures
81
Which cryptographic method do digital signatures rely on to function?
Asymmetric encryption
82
Which property prevents the digital signature from being applied to a different document than the original one?
Non-reusability
82
Which property of digital signatures provides legal proof that the data exchange took place and identifies the signer?
Non-repudiation
83
Which process uses digital signatures to verify executable file integrity and authenticate the source of downloads?
Code signing
84
Which digital security tool acts like a virtual ID card, verifying identity and enabling secure connections?
Digital certificates
84
Which algorithm is the original standard for creating public/private keys and verifying digital signatures?
DSA (Digital Signature Algorithm)
85
Which commonly used asymmetric algorithm supports digital signature generation and verification?
RSA (Rivest, Shamir, Adelman)
85
Which modern variant of DSA offers small signatures and better computational efficiency?
ECDSA (Elliptic curve digital signature algorithm)
86
Which digital signature algorithm is ideal for environments with limited processing power or bandwidth?
ECDSA (Elliptic curve digital signature algorithm)
86
Which set of specifications were introduced in the 1990s by RSA Security Inc. to promote public-key cryptography?
PKCS (Public key cryptography standards)
86
How many Public-Key Cryptography Standards (PKCS) documents were originally published?
15, with one now removed
87
Which process ensures software code has not been altered and originates from the publisher?
Digitally signing the code
87
Which type of file is typically wrapped in a digitally signed envelope to verify authenticity before installation?
Executable files
88
Which tab in a file’s properties shows if a downloaded executable has a valid digital signature?
Digital signatures tab
89
Which tab in the Certificate Information window shows the certificate issuer, recipient, purpose, and validity period?
General tab
89
Which tab confirms that a file was signed by Cisco and verified by DigiCert?
Certification path tab
90
Which digital entity functions like an electronic passport for verifying identities online?
A digital certificate
90
Which cryptographic element verifies that a message comes from a verified identity, like a file or message origin?
Digital signature
91
What must be stored in Alice’s system to verify the digital signature using Bob’s public key?
Bob's digital certificate
91
Which property of the digital signature process ensures that only Bob could have signed the message?
Use of Bobs private key for encryption
91
Which cryptographic key is exchanged between hosts during an asymmetric connection?
A public key
92
Which certificate confirms the identity of a website and is issued after a third-party investigation?
An SSL Certificate
92
Which party conducts in-depth identity verification before issuing digital credentials for a website?
The SSL Certificate provider
92
Which protocol causes a web browser to check a website's digital certificate for validity and origin?
HTTPS
93
What is included in a website’s SSL certificate that is used to verify future communication?
The websites public key
93
Which infrastructure system is used to manage, distribute, and revoke digital certificates securely?
The PKI (Public key Infrastructure)
94
Which organization issues digital certificates after tying a public key to a verified identity?
The CA (Certificate Authority)
94
Which digital artifact ties a public key to a specific entity or person?
A PKI(Public Key infrastructure) Certificate
95
Which system contains hardware, software, policies, and procedures to govern certificate lifecycle?
PKI framework
95
Which non-profit CA offers free digital certificates?
Lets Encrypt
95
Which example organizations act as Certificate Authorities that charge for issuing certificates? (2)
DigiCert and GoDaddy
95
Which database contains all the digital certificates that have been approved by a CA?
A Certificate database
95
Which local system stores issued certificates and private keys for use on a computer?
A certificate store
96
Which step does Alice take after receiving Bob’s certificate to validate it?
Contacts a CA to confirm Bobs identity
96
Which intermediary authority can issue certificates under the authority of a root CA?
A RA (registration authority)
97
Which certificate-issuing entity is sometimes not the original CA, but acts under its certification?
The RA (Registration Authority)
98
99
100
101
102
102
103
103
103
104
104
104
105
105
106
106
106
107
108
108
108
108
109
109
109
109
110
110
110
110
110
110
110
111
