Part 3

Question 1

What are 3 data categories?

Answer 1

Data at rest - in an information system as a saved file form or database form
Data in use - currently open and being actively edited
Data in motion - data transmitted via telecommunication lines

Question 2

what are procedures that apply to the protection of both transmitting and receiving equipment as well as the data transmitted between?

Answer 2

COMSEC

Question 3

What is the branch of cryptology that treats the principles, means, and methods of designing and using cryptosystems?

Answer 3

Cryptography

Question 4

What is the branch of knowledge that treats the principles of cryptography and cryptoanalysis; and the activities involved in SIGINT and maintaining COMSEC?

Answer 4

Cryptology

Question 5

What is the analysis of encrypted messages; the steps or processes involved in converting encrypted messages into plain text without initial knowledge of the system or key employed in encryption?

Answer 5

Cryptoanalysis

Question 6

What is a derivative of cryptography in the sense that data is hidden in a message, the data is imbedded into a file to become invisible, examples, changing a file extension type?

Answer 6

Steganography

Question 7

What are 3 types of Meta Data?

Answer 7

Descriptive - describes a file for purposes - title, author, key word
Structural - how objects are put together - how pages are ordered into chapters
Administrative - information on how to handle a file - how it was created, who created it, who can access it, file type

Question 8

What are some places to hide data?

Answer 8

Invisible context, headers, footers, notes, custom xml data, hidden rows and collumns

Question 9

What is a type of algorithm that does not contain any encryption

Answer 9

Clear text

Question 10

What type of encryption algorithm is cleartext that is to be encrypted?

Answer 10

Plain text

Question 11

What are procedures for formulas to perform encryption?

Answer 11

Algorithm

Question 12

What are mathematical values entered into the algorithm?

Answer 12

Keys

Question 13

What is encrypted text?

Answer 13

Cipher text

Question 14

What is it called when a hash is not unique and data cannot be deciphered into the origial version?

Answer 14

Collision

Question 15

What are two types of Hash Algorithm?

Answer 15

MD5

SHA

Question 16

What supports all 5 pillars of IA?

Answer 16

The use of cryptography

Question 17

What is a “one way hash” and is the property of a hash function that is configured to make reversing of the hash algorithm mathematically infeasible?

Answer 17

Pre Image Resistance

Question 18

What concept is where hash algorithms cannot be designed to produce fixed outputs?

Answer 18

Hash Originality

Question 19

What are bytes of data within a transmission that is used to authenticate the message itself and ensures the data has not been modified in transit?

Answer 19

MAC - message authentication code

Question 20

What type of encryption is one private key for both users?

Answer 20

Symetric Encryption

Question 21

What is the original encryption method?

Answer 21

DES

Question 22

What is the most secure encryption method?

Answer 22

AES

Question 23

What uses two keys and provides non repudiation?

Answer 23

Asymetric Encryption

Question 24

What is generated by using the private key of a key pair?

Answer 24

Digital signature

All naval networks are required to have digital signature sign ons for non repudiation

Question 25

T or F

All hases are the same size regardless of the size of the text?

Answer 25

True

Question 26

What is a trusted 3rd party agent that issues digital certificates

Answer 26

CA

Question 27

What handles and processes certificate requests as well as authenticates users of the certificates?

Answer 27

RA

RA obtains public keys from the users and verifies the private keys associated with the public keys held

Question 28

When a digital certifcate is expired or is no longer needed it is moved here to ensure it is no longer used…

Answer 28

CRL

Question 29

What is a “holding tank” of certificates

Answer 29

CR

Centralized repository for storage and management of digital certificates

Question 30

What are 2 files needed to run for trust structure for PKI?

Answer 30

A -alpha - DoD digital certificates for DoD root and intermediate CAs

E -echo - Extended Certificate Authority (ECA) root and intermediate CAs

Question 31

If the certificate serial number … the response is?

Is listed on the CRL?

Is not listed on the CRL?

Is not found or accessible?

Answer 31

“REVOKED”

“GOOD”

“UNKNOWN”

Question 32

What is a mathematical formula used to support the Digital Signature Standard (DSS) encryption method?

Answer 32

DSA

Question 33

Where are documentation requirements for DSA found?

Answer 33

FIPS 186-4

Question 34

What dictates the role of Public Key within the certificate?

Answer 34

Key Usage Extensions

Question 35

What uses algorithms to validate authenticity and integrity of software or information?

Answer 35

Digital Signature

Question 36

What are two types of Extended Key Usage?

Answer 36

Critical

Non critical - informational

Question 37

What is a thumbprint algorithm?

Answer 37

Another name for SHA-1 hash function

Question 38

What is used to hide actual key algorithms?

TLS used when McAfee talks to the ePO server

Answer 38

Key encipher

Question 39

What is used to encrypt data in storage or transit but not cryptographic keys?

Answer 39

Data encipher

Question 40

What is used in protocol handshake process?

Answer 40

Record Protocol

Question 41

What allows encryption of telnet communications?

Answer 41

SSH
slogin
SCP

All port 22

Question 42

Why are certificates revoked?

Answer 42

Expired, compromised, no longer needed

Question 43

What are used if higher privlages or more security is required?

Answer 43

Alt tokens

NSS / Sipr tokens

Question 44

What allows a grace period for a user to log on before certificate is revoked?

Answer 44

OCSP

Online Certificate Status Protocol

Question 45

What ensures certificates are current and valid?

Answer 45

Axway VA

Question 46

What is the 5 step process for CLO

Answer 46

1- CAC inserted
2- PIN entered
3- after PKI certificate is retreived from CAC it verifies it is valid and from a trusted issuer
4- workstation verifies the Domain Controller certificate is valid and from a trusted issuer
5- if both valid, user is automatically logged onto the network

Question 47

What is a robust middleware suite designed to seamlessly intergrate between CAC and applications?

Answer 47

CAC SCM 90

Question 48

What validates digital certificates in most frequently used Mircosoft Windows Applications?

Answer 48

Desktop Validator (DV)

Question 49

Where are tokens enrolled?

Answer 49

Enterprise Security Client (ESC)

Question 50

What is the 5 step process for the Token Management System?

Answer 50

1- Token Processing System interacts with CAC by helping it store keys and certificates
2- Token Key Service generates symetric keys used for communication between TPS and CAC
3- the CA creates and revokes certificates stored on the CAC
4- if necessary the DRM archives and recovers keys (as applicable)

Question 51

What is the 6 step data flow process through the NCVI / CLO

Answer 51

1- application is presented a digital certificate
2- CAPI layer is tasked with validating the cert
3- request is transferred from CAPI to DV revocation trust provider which then moves the request onto the DV service running on the system
4- the DV service will first check to see if this cert has been accepted or revoked prior by checking its cache
5- a response by the DV is given or a decision is made that the request has been unable to be verified
6- the DV revocation trust provider then passes the request status back to the application that initiated the validation request

Question 52

What are 2 types of log files

Answer 52

Validation Authority

• Admin log
• Server log

Desktop Validator