Practice Exam 4 Flashcards
(25 cards)
Which of the following answers refers to a legacy symmetric-key block cipher encryption algorithm?
Answer: DES (Data Encryption Standard)
Quick Explanation:
DES is an outdated symmetric encryption algorithm that uses a 56-bit key. It’s no longer considered secure due to its vulnerability to brute-force attacks.
Key Points:
Symmetric block cipher
56-bit key length
Now deprecated due to weak security
Replaced by AES for stronger encryption
Memory Tip:
“DES is Dead — too Easy to Smash.”
Which of the answers listed below refers to a deprecated stream cipher used in some legacy applications, such as WEP?
Answer: RC4 (Rivest Cipher 4)
Quick Explanation:
RC4 is a stream cipher that was widely used in protocols like WEP and TLS, but it’s now deprecated due to multiple vulnerabilities and weak security.
Key Points:
Stream cipher
Used in WEP, TLS, SSL
Fast, but insecure
Vulnerable to key reuse attacks
No longer recommended for secure communications
Memory Tip:
“RC4 ran fast but burned out — now it’s banned.”
Which of the following answers refers to a deprecated (largely replaced by AES) symmetric-key block cipher encryption algorithm?
Answer: IDEA (International Data Encryption Algorithm)
Quick Explanation:
IDEA (International Data Encryption Algorithm) was a strong symmetric block cipher in the 1990s but has largely been replaced by AES due to efficiency, flexibility, and broader acceptance.
Key Points:
Symmetric block cipher
Operates on 64-bit blocks with 128-bit key
Strong in its time, but not widely used today
Replaced by AES in most modern systems
Considered obsolete for new implementations
Memory Tip:
“IDEA was good, AES is better — use the new standard.”
What is the recommended replacement for DES?
Answer: AES (Advanced Encryption Standard)
Quick Explanation:
AES (Advanced Encryption Standard) is the modern, more secure replacement for DES (Data Encryption Standard), which is now considered weak due to its short key length.
Key Points:
DES uses a 56-bit key → vulnerable to brute-force attacks
AES supports 128, 192, and 256-bit keys → much stronger security
AES is faster, more efficient, and widely adopted
Approved by NIST as the encryption standard for U.S. federal systems
Memory Tip:
“When DES falls short, AES stands strong.”
An IV is a random or pseudo random value used in cryptography to ensure that the same plaintext input does not produce the same ciphertext output, even when the same encryption key is used. The IV is typically used with encryption algorithms in block cipher modes to enhance security by introducing randomness to the encryption process.
Answer: True
Quick Explanation:
An Initialization Vector (IV) adds randomness to encryption to prevent patterns in the plaintext from showing up in the ciphertext, even with the same key.
Key Points:
Used with block ciphers (e.g., CBC mode)
Ensures unique ciphertexts from identical plaintexts
Does not need to be secret, but must be unique and unpredictable
Helps protect against replay and pattern attacks
Memory Tip:
“IV = Injects Variety” into encryption outcomes.
Which of the answers listed below refers to a logical operation commonly used in the context of cybersecurity, particularly in encryption and obfuscation techniques?
Answer: XOR (Exclusive OR)
Quick Explanation:
XOR (exclusive OR) is a logical operation that outputs true only when inputs differ. It’s widely used in cryptography for simple encryption, data obfuscation, and integrity checks.
Key Points:
XOR flips bits based on a key: A ⊕ B = C
Used in symmetric encryption (e.g., stream ciphers)
Reversible: applying XOR with the same key again returns original data
Efficient and fast for binary operations
Memory Tip:
“XOR: Encrypt once, decrypt by XORing again with the same key.”
Which of the following answers refers to a block cipher mode that works by chaining the ciphertext blocks together, such that each ciphertext block depends on the previous block?
Answer: CBC (Cipher Block Chaining)
Quick Explanation:
CBC is a block cipher mode where each plaintext block is XORed with the previous ciphertext block before encryption, adding randomness and making patterns less predictable.
Key Points:
Requires an Initialization Vector (IV) for the first block
Each block’s encryption depends on the previous block’s output
Helps prevent patterns in encrypted data
Not ideal for parallel processing (encryption must be done sequentially)
Vulnerable to padding oracle attacks if not properly implemented
Memory Tip:
“CBC chains blocks — one depends on the next, like a chain link.”
Which block mode transforms a block cipher into a stream cipher enabling the encryption of individual bits or bytes of data?
Answer: CFB (Cipher Feedback)
CFB turns a block cipher into a stream cipher by feeding encrypted data back into the encryption process, allowing encryption of smaller units (bits or bytes) rather than full blocks.
Key Points:
Converts block cipher → stream-like behavior
Encrypts one byte/bit at a time
Uses an Initialization Vector (IV)
Each encrypted output is fed back into the next operation
Supports real-time encryption (e.g., secure live communications)
Memory Tip:
“CFB Feeds Back like a live stream.”
A block cipher mode that combines a unique counter with encryption key to generate a stream of pseudo random data blocks which are then used for encrypting data is called:
Answer: CTM
Quick Explanation:
CTM (also known as CTR mode) uses a counter value + encryption key to produce a keystream that is XORed with the plaintext for encryption.
Key Points:
Also called CTR (Counter Mode)
Turns block cipher into stream cipher
Encrypts blocks in parallel (fast & efficient)
Uses a unique counter for each block
Offers high performance and random access decryption
Memory Tip:
🔢 “CTM = Counter Turns Mode into a stream cipher.”
Which of the block cipher modes listed below is the simplest/weakest and therefore not recommended for use?
Answer: ECB (Electronic Codebook)
Quick Explanation:
ECB encrypts each block of data independently using the same key, leading to identical ciphertext for identical plaintext blocks—making it easy to detect patterns.
Key Points:
No chaining or randomness
Same plaintext = same ciphertext
Easy to detect patterns
Weakest mode, not secure
Not recommended for modern use
Memory Tip:
“ECB = Easy Code Break.”
Which block cipher mode combines CTM for encryption with an authentication mechanism to ensure both data confidentiality and integrity?
Answer: GCM (Galois/Counter Mode)
Quick Explanation:
GCM uses Counter mode (CTM) for encryption and adds authentication (via Galois field multiplication) to ensure integrity and authenticity of the data.
Key Points:
Combines encryption + authentication
Based on Counter (CTR) mode
Provides confidentiality + integrity
Fast and secure for high-speed systems
Used in TLS, IPsec, SSH
Memory Tip:
“GCM Guards Confidentiality & Message integrity.”
In cryptography, the number of bits in a key used by a cryptographic algorithm is referred to as key size or key length. The key length determines the maximum number of combinations required to break the encryption algorithm, therefore typically a longer key means stronger cryptographic security.
Answer: True
Quick Explanation:
Key length directly affects how secure encryption is. A longer key increases the number of possible combinations, making brute-force attacks much more difficult.
Key Points:
Key length = cryptographic strength
Measured in bits (e.g., 128-bit, 256-bit)
Longer keys = harder to crack
Not the only factor—algorithm strength also matters
Common key sizes: AES-128, AES-256, RSA-2048+
Memory Tip:
“More bits = more brute-force resistance.”
Which AES key length provides the highest level of security?
Answer: 256-bit key
Quick Explanation:
AES (Advanced Encryption Standard) supports three key lengths:
128-bit
192-bit
256-bit
Among these, 256-bit provides the strongest encryption and highest security level, though it may require more processing power.
Key Points:
AES-256 = strongest level of security
More bits = more resistance to brute-force attacks
Widely used in government, military, and financial sectors
Balance of performance vs. security should be considered
Memory Tip:
“AES-256 = Fort Knox of encryption.”
Which of the following answers refers to an embedded microcontroller used for secure boot, disk encryption, and system integrity verification?
Answer: TPM
Quick Explanation:
TPM is a hardware-based security chip embedded on a computer’s motherboard. It stores and manages cryptographic keys securely and supports various security functions.
Key Functions:
Secure Boot: Verifies system integrity before booting.
Disk Encryption: Stores keys used by systems like BitLocker.
System Integrity: Detects tampering by storing trusted measurements.
Key Protection: Prevents unauthorized access to sensitive keys.
Memory Tip:
“TPM = Tiny chip, Powerful protection.”
Which of the answers listed below refers to a piece of hardware and associated software/firmware designed to provide cryptographic and key management functions?
Answer: HSM (Hardware Security Module)
Quick Explanation:
An HSM is a dedicated hardware device used to securely generate, store, and manage cryptographic keys and perform encryption/decryption operations.
Key Features:
Tamper-resistant design to protect keys from physical or logical attacks
High-speed cryptographic processing
Used in PKI, digital signatures, payment systems, and certificate authorities
Often used by organizations requiring strong compliance and security (e.g., banking, government)
Memory Tip:
“HSM = Hardware Safe for your Most sensitive keys.”
Which of the following answers refers to a centralized server that is used to distribute cryptographic keys and authenticate users and services within a computer network?
Answer: KDC (Key Distribution Center)
Quick Explanation:
A KDC is a trusted server used in Kerberos authentication systems to issue session keys and authenticate users and services in a secure network.
Key Functions:
Authenticates users/services
Issues tickets (via Ticket Granting Ticket - TGT)
Helps establish secure communication without sharing passwords directly
Part of Kerberos protocol
Memory Tip:
“KDC = Key Dealer in the Center” — it controls who gets the keys in the network.
In a Kerberos-protected network, this type of secure token is granted to users during their initial login to enable them access to multiple network services without the need to re-enter their login credentials.
Answer: TGT
Quick Explanation:
A TGT is a temporary authentication token issued by the Authentication Server (AS) within a Kerberos system after the user successfully logs in.
Key Points:
Issued at login after initial authentication
Used to request service tickets from the Ticket Granting Server (TGS)
Prevents the need to re-authenticate for every service
Time-limited for security
Memory Tip:
“TGT = Ticket to Get Tickets” — it’s your pass to access multiple services without logging in each time.
In cryptography and security, the term “Secure enclave” typically refers to a protected and isolated hardware or software environment within a computing device, such as a smartphone, tablet, or computer, where sensitive data and cryptographic operations can be stored and processed securely.
Answer: True
Quick Explanation:
A secure enclave is a trusted execution environment (TEE) that provides hardware-level isolation for sensitive operations and data.
Key Points:
Used in devices like smartphones, tablets, and computers
Protects cryptographic keys, biometric data, PINs, etc.
Ensures data is inaccessible to the OS, apps, or malware
Examples: Apple Secure Enclave, Intel SGX, ARM TrustZone
Why It Matters:
Even if the main system is compromised, the secure enclave remains protected, making it vital for strong security.
The term “Obfuscation” is used to describe techniques employed to obscure or hide the true meaning or nature of data, making it challenging for unauthorized parties to decipher or reverse-engineer the information.
Answer: True
Quick Explanation:
Obfuscation hides or disguises data/code to make it difficult to understand or reverse-engineer.
Key Points:
Used to protect code or data from attackers or unauthorized users
Common in software, malware, and data security
Techniques include renaming variables, encoding, encryption, or adding misleading code
Helps slow down attackers but is not a replacement for strong encryption
Why It Matters:
Obfuscation adds a layer of complexity to protect intellectual property and sensitive info from easy analysis.
What is the purpose of steganography?
Answer: Hiding data within another piece of data
Quick Explanation:
Steganography conceals the existence of data by embedding it inside other harmless-looking data.
Key Points:
Used to hide secret info inside images, audio, video, or text
Differs from encryption: it hides data rather than just scrambling it
Goal: avoid detection by making hidden data invisible to casual observers
Common in covert communication and digital watermarking
Why It Matters:
Steganography helps transmit sensitive info without raising suspicion, adding a stealth layer to data protection.
In the field of data security, the term “Tokenization” refers to the process of replacing sensitive data with nonsensitive information which holds a reference to the original data and enables its processing but has no value when breached.
Answer: True
Quick Explanation:
Tokenization replaces sensitive data with a non-sensitive token that references the original data but is useless if stolen.
Key Points:
Protects data by substituting it with tokens
Tokens represent the real data but can’t be reversed without the tokenization system
Commonly used in payment processing (e.g., credit card info)
Helps reduce risk and compliance scope (like PCI DSS)
Why It Matters:
Tokenization secures sensitive info by removing it from systems, so breaches expose only worthless tokens, not actual data.
Replacing password characters in a password field with a series of asterisks is an example of:
Answer: Data Masking
Quick Explanation:
Data Masking hides sensitive data by replacing it with obscured characters (e.g., asterisks) to protect it from unauthorized viewing.
Key Points:
Used to hide actual data from users or interfaces
Common in password fields and screenshots
Helps prevent casual exposure of sensitive info
Different from encryption — data is obscured, not transformed securely
Why It Matters:
Data masking protects sensitive info during display or testing, reducing accidental exposure while keeping systems usable.
A hash function is a mathematical algorithm that maps data of arbitrary size to a fixed-size hash value, typically represented as a short string of characters. The hash function result, also known as a digest or checksum, provides a unique representation of the original data input. The functionality of hash functions relies on the fact that if there is any change to the data after the original hash was generated, the new hash value calculated after content modification will be different from the original result because hash functions are designed to be sensitive to changes in the input data.
Answer: True
Quick Explanation:
A hash function creates a fixed-size unique fingerprint (hash/digest) from any input data. Even a small change in data changes the hash drastically.
Key Points:
Maps any size input to a fixed-length hash
Hash = digest/checksum representing original data
Sensitive to input changes: small data changes → different hash
Used for data integrity verification and digital signatures
Why It Matters:
Hashes ensure data hasn’t been tampered with by comparing hash values before and after transmission or storage.
Hash functions find use in a variety of applications, including:
Answer: Cryptography, Data integrity verification, Password verification and storage, Digital signatures, and Blockchain technology.
Quick Explanation:
Hash functions are widely used in security and data verification processes to protect data and verify authenticity.
Key Points:
Cryptography: Building blocks for encryption and secure communication
Data integrity: Verify data hasn’t changed by comparing hash values
Password storage: Store hashed passwords instead of plaintext
Digital signatures: Validate authenticity and integrity of messages
Blockchain: Secure transaction records using hashing for tamper-proof chains
Why It Matters:
Hash functions help protect data confidentiality, ensure integrity, and enable secure authentication across many systems.
