Practice Exam 3 Flashcards
(25 cards)
The MIME specification extends the email message format beyond plain text, enabling the transfer of graphics, audio, and video files over the Internet mail system. S/MIME is an enhanced version of the MIME protocol that enables email security features by providing encryption, authentication, message integrity, and other related services.
Answer: True
Q: What do MIME and S/MIME do?
MIME: Extends email format beyond plain text (supports graphics, audio, video)
S/MIME: Adds email security (encryption, authentication, integrity) on top of MIME
Quick Explanation:
MIME lets emails carry multimedia; S/MIME secures those emails.
Memory Tip:
“MIME = More media in email; S/MIME = Secure MIME.”
What is the name of a network protocol that enables secure file transfer over SSH?
Answer: SFTP
Q: What is SFTP?
Secure File Transfer Protocol
Transfers files securely over SSH
Provides encryption, integrity, and authentication
Preferred over FTP for secure file transfers
Quick Explanation:
SFTP uses SSH to safely move files between systems without exposing data.
Memory Tip:
“SFTP = Secure File Transfer via SSH.”
SFTP is an extension of the FTP protocol that adds support for SSL/TLS encryption.
Answer: False
Q: Is SFTP an extension of FTP that uses SSL/TLS?
Key Points:
SFTP uses SSH, not SSL/TLS
FTP with SSL/TLS is called FTPS, not SFTP
SFTP and FTPS are different secure file transfer methods
Memory Tip:
“SFTP = SSH-based, FTPS = SSL/TLS-based.”
A type of cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers is known as:
Answer: SSH
Q: What is SSH?
Secure Shell protocol
Provides secure remote login and command execution
Encrypts data for confidentiality and integrity
Used for secure network services between two computers
Quick Explanation:
SSH lets you securely control and manage another computer over a network.
Memory Tip:
“SSH = Secure remote shell access.”
Which of the answers listed below refers to a suite of protocols and technologies providing encryption, authentication, and data integrity for network traffic?
Answer: IPsec
Q: What is IPsec?
Suite of protocols for securing IP network traffic
Provides encryption, authentication, and data integrity
Works at the network layer (Layer 3)
Used in VPNs and secure communications
Quick Explanation:
IPsec protects data traveling across networks by encrypting and authenticating IP packets.
Memory Tip:
“IPsec = Internet Protocol Security for safe networking.”
Which part of IPsec provides authentication, integrity, and confidentiality?
Answer: ESP (Encapsulating Security Payload)
Q: What does ESP in IPsec do?
Provides encryption (confidentiality)
Ensures authentication of the data source
Guarantees data integrity during transmission
Quick Explanation:
ESP protects IP packets by encrypting them and verifying they aren’t tampered with.
Memory Tip:
“ESP = Encrypts and Secures Payload.”
A system that uses public network (such as the Internet) as a means for creating private encrypted connections between remote locations is referred to as:
Answer: VPN (Virtual Private Network)
Q: What is a VPN?
Uses a public network (like the Internet)
Creates private, encrypted connections (tunnels)
Connects remote locations or users securely
Ensures privacy and data protection over unsecured networks
Quick Explanation:
VPNs let you safely send data over the Internet as if on a private network.
Memory Tip:
“VPN = Private network over public Internet.”
Which protocol enables secure, real-time delivery of audio and video over an IP network?
Answer: SRTP
Q: What is SRTP?
Secure Real-Time Transport Protocol
Provides encryption, message authentication, and integrity
Used for secure, real-time audio and video delivery over IP networks
Common in VoIP and video conferencing
Quick Explanation:
SRTP protects live audio/video streams from eavesdropping and tampering.
Memory Tip:
“SRTP = Secure streaming of real-time media.”
An encryption protocol primarily used in Wi-Fi networks implementing the WPA2 security standard is called:
Answer: CCMP (Computer Mode with Cipher Block Chaining Message Authentication Code Protocol)
Q: What is CCMP?
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
Encryption protocol used in WPA2
Provides data confidentiality, integrity, and authentication
Based on the Advanced Encryption Standard (AES)
Operates with a 128-bit key and 128-bit block size
Replaces the less secure TKIP used in WPA
Quick Explanation:
CCMP secures wireless communications by encrypting data and verifying its integrity, ensuring safe transmission over Wi-Fi networks.
Memory Tip:
“CCMP = AES-based encryption for secure Wi-Fi.
A security protocol designed to improve the security of existing WEP implementations is known as:
Answer: TKIP (Temporal Key Integrity Protocol)
Q: What is TKIP?
Temporal Key Integrity Protocol
Designed to improve security of WEP (legacy Wi-Fi encryption)
Used in WPA (Wi-Fi Protected Access)
Provides per-packet key mixing, message integrity, and replay protection
Replaced by stronger protocols like CCMP (WPA2) due to weaknesses
Quick Explanation:
TKIP upgrades WEP’s weaknesses to secure Wi-Fi but is now outdated.
Memory Tip:
“TKIP = Temporary fix for WEP’s weak encryption.”
Which of the following answers refer(s) to deprecated/insecure encryption protocols and cryptographic hash functions? (Select all that apply)
Answer: DES, MD5, SHA-1, SSL, and RC4
Q: Which encryption protocols and hash functions are deprecated or insecure?
DES (Data Encryption Standard) — weak key length
MD5 — vulnerable to collisions
SHA-1 — vulnerable to collisions
SSL — outdated protocol replaced by TLS
RC4 — weak stream cipher, prone to attacks
Quick Explanation:
These algorithms/protocols are no longer secure due to vulnerabilities and should be avoided.
Memory Tip:
“Old = Weak: DES, MD5, SHA-1, SSL, RC4.”
Which cryptographic protocol is designed to provide secure communications over a computer network and is the successor to SSL?
Answer: TLS (Transport Layer Security)
Q: What is TLS?
Transport Layer Security
Successor to SSL
Provides encryption, authentication, and data integrity for network communications
Widely used to secure web traffic, email, VPNs, and more
Continually updated for stronger security
Quick Explanation:
TLS is the modern standard for secure communication on networks, replacing SSL.
Memory Tip:
“TLS = The safer, newer SSL.”
Examples of techniques used for encrypting information include symmetric encryption (also called public-key encryption) and asymmetric encryption (also called secret-key encryption, or session-key encryption).
Answer: False
Q: Are symmetric encryption and asymmetric encryption the same?
No
Symmetric encryption = uses one secret key for both encryption and decryption (aka secret-key or session-key encryption)
Asymmetric encryption = uses two keys (public key to encrypt, private key to decrypt) (aka public-key encryption)
Quick Explanation:
Symmetric and asymmetric encryption are different methods, not interchangeable terms.
Memory Tip:
“Symmetric = same key, Asymmetric = two keys (public/private).”
In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted by applying the same algorithm and a matching private key (and vice versa).
Answer: True
Q: In asymmetric encryption, can a message encrypted with a public key only be decrypted by the matching private key?
Key Points:
Uses public key to encrypt
Only the matching private key can decrypt
Works vice versa for digital signatures (private key encrypts, public key decrypts)
Ensures confidentiality and authentication
Memory Tip:
“Public key locks it, private key unlocks it.”
Which of the algorithms listed below are not symmetric ciphers? (Select 3 answers)
Answer: DHE, ECC, and RSA
Q: Which of these are NOT symmetric ciphers?
DHE (Diffie-Hellman Ephemeral) — key exchange, asymmetric
ECC (Elliptic Curve Cryptography) — asymmetric
RSA — asymmetric
Key Points:
These are asymmetric algorithms used for key exchange, encryption, or digital signatures
Symmetric ciphers use one key, these use key pairs
Memory Tip:
“DHE, ECC, RSA = Asymmetric; not secret-key.”
Which of the following algorithms do(es) not fall into the category of asymmetric encryption? (Select all that apply)
Answer: AES, DES, IDEA, and RC4
Q: Which of these are NOT asymmetric encryption algorithms?
AES
DES
IDEA
RC4
Key Points:
All are symmetric encryption algorithms (use a single secret key)
Asymmetric algorithms use public/private key pairs (e.g., RSA, ECC)
Quick Explanation:
These are all symmetric ciphers—they use one secret key for both encrypting and decrypting. Asymmetric encryption uses a pair of keys (public/private), which these are not.
Memory Tip:
“AES, DES, IDEA, RC4 = Symmetric (one key), NOT asymmetric.”
The term “KEK” refers to a type of cryptographic key often used in key management systems to add an additional layer of security when encrypting and decrypting other cryptographic keys.
Answer: True
Q: Does “KEK” refer to a key used to encrypt/decrypt other keys for extra security?
Quick Explanation:
KEK stands for Key Encryption Key — it’s a key specifically used to encrypt other keys, protecting them during storage or transmission.
Key Points:
KEK encrypts/decrypts other keys
Adds an extra layer of security in key management
Helps keep encryption keys safe
Memory Tip:
“KEK locks the keys!”
Which of the answers listed below refers to a shared secret authentication method used in WPA, WPA2, and EAP?\
Answer: PSK (Pre-Shared Key)
Q: What is the shared secret authentication method used in WPA, WPA2, and EAP?
Quick Explanation:
PSK is a shared password/key known by both the user and the network, used to authenticate devices in wireless security protocols like WPA/WPA2.
Key Points:
PSK = shared password for authentication
Common in Wi-Fi security (WPA, WPA2, EAP)
Simple but needs strong passwords to stay secure
Memory Tip:
“PSK = Password for Wi-Fi access.”
Which of the following answers refers to a protocol used to set up secure connections and exchange of cryptographic keys in IPsec VPNs?
Answer: IKE (Internet Key Exchange)
Q: Which protocol sets up secure connections and key exchange in IPsec VPNs?
Quick Explanation:
IKE establishes and manages the secure tunnel by negotiating cryptographic keys between VPN endpoints in IPsec.
Key Points:
IKE = key exchange & tunnel setup in IPsec
Automates secure negotiation of keys
Essential for IPsec VPN security
Memory Tip:
“IKE builds the secure IPsec bridge.”
Which of the answers listed below refers to a key exchange protocol that generates temporary keys for each session, providing forward secrecy to protect past and future communications?
Answer: DHE (Diffie-Hellman Ephemeral
Q: What key exchange protocol generates temporary keys per session to provide forward secrecy?
Quick Explanation:
DHE creates temporary (ephemeral) keys for each session, so if one key is compromised, past and future sessions remain secure.
Key Points:
DHE = temporary session keys
Provides forward secrecy
Protects past and future communication even if keys leak
Memory Tip:
“DHE = New keys every time, keeping secrets safe forever.”
Which of the following answers refers to a cryptographic key exchange protocol that leverages ECC for enhanced security and efficiency?
Answer: ECDHE (Elliptic Curve Diffie-Hellman Ephemeral
Q: What key exchange protocol uses ECC for better security and efficiency?
Quick Explanation:
ECDHE uses elliptic curve math to generate temporary session keys, offering strong security with faster performance and smaller key sizes.
Key Points:
ECDHE = ECC-based ephemeral keys
Provides forward secrecy
More efficient than traditional DHE
Memory Tip:
“ECDHE = Fast, secure keys using elliptic curves.”
Which of the answers listed below refers to a solution designed to strengthen the security of session keys?
Answer: PFS (Perfect Forward Secrecy)
Q: What solution strengthens session key security by ensuring past keys stay safe even if current keys are compromised?
Quick Explanation:
PFS ensures each session uses a unique key that can’t be used to decrypt past or future sessions, protecting data even if a key is exposed later.
Key Points:
PFS = unique keys per session
Protects past and future data
Common in protocols like TLS, VPNs
Memory Tip:
“PFS = Past keys stay secret, forever.”
Which of the following answers refers to a public-key cryptosystem used for digital signatures, secure key exchange, and encryption?
Answer: RSA (Rivest-Shamir-Adleman)
Q: What public-key cryptosystem is used for digital signatures, secure key exchange, and encryption?
Quick Explanation:
RSA uses two keys (public and private) for encrypting data and verifying identities, making it popular for secure communications and digital signatures.
Key Points:
RSA = asymmetric encryption
Supports encryption & digital signatures
Widely used in SSL/TLS, email security
Memory Tip:
“RSA = Reliable Secure Algorithm for keys & signatures.”
Which cryptographic solution would be best suited for low-power devices, such as IoT devices, embedded systems, and mobile devices?
Answer: ECC (Elliptic Curve Cryptography)
Q: Which cryptographic solution is best for low-power devices like IoT and mobile devices?
Quick Explanation:
ECC provides strong security with smaller keys, making it efficient and ideal for devices with limited processing power and battery life.
Key Points:
ECC = smaller keys, same security as bigger RSA keys
Low CPU and power usage
Perfect for IoT, mobiles, embedded systems
Memory Tip:
“ECC = Efficient Crypto for Energy-Conscious Devices.”
