Section 7: Cryptography Flashcards by Pav Slyzyak

Type: Question & Answer
Question: What is the art and science of hiding the meaning of communications from unintended recipients?

Answer: Cryptography

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: What is the study of methods to defeat codes and cyphers?

Answer: Cryptoanalysis

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: Cryptography and Cryptoanalysis together form:

Answer: Cryptology

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: What are keys sometimes referred to as in cryptography?

Answer: Cryptovariables

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: Converting readable data (plaintext) into a scrambled, unreadable format (ciphertext) to ensure information is only accessible to authorised individuals supports the goal of:

Answer: Confidentiality

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: Making sure that information is protected from unauthorised or accidental changes, often using cryptographic functions like Hash, supports the goal of:

Answer: Integrity

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: Verifying the identity of the user, device, or entity during the communication process, often using digital certificates, supports the goal of:

Answer: Authentication

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: What goal of cryptography prevents an entity from denying its involvement in a transaction or activity, ensured by digital signatures?

Answer: Non-Repudiation

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: What are the methods or ways to encrypt and decrypt data, seen as a recipe or set of instructions for the cryptographic process?

Answer: Cryptographic Algorithms

How well did you know this?

Not at all

Perfectly

Type: True/False
Question: The strength and security of an algorithm are determined by its ability to withstand cryptoanalysis and attacks without being fundamentally flawed.

Answer: True

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: What is a set of strings of bits that are used by algorithms to transform data, making the encrypted data unique?

Answer: Cryptographic Keys

How well did you know this?

Not at all

Perfectly

Type: True/False
Question: The security of encrypted data is directly tied to the length and randomness of the key.

Answer: True

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: What type of cypher encrypts data in fixed-size blocks (e.g., AES operates on 128-bit blocks)?

Answer: Block Cyphers

How well did you know this?

Not at all

Perfectly

Type: True/False
Question: Block cyphers are suitable for processing large amounts of data.

Answer: True

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: What type of cypher encrypts data one bit or byte at a time, often used where data arrives in a stream (e.g., RC4)?

Answer: Stream Cyphers

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: What type of cipher involves replacing each letter in the plaintext with another letter shifted a certain number of places up or down the alphabet?

Answer: Substitution Cipher (e.g., Caesar Cipher)

How well did you know this?

Not at all

Perfectly

Type: True/False
Question: RC4 is an example of a stream cypher, but is now seen as insecure.

Answer: True

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: What type of cypher involves arranging the letters of the plaintext according to a certain system, altering their order but not the actual letters?

Answer: Transposition Cypher

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: What technique enhances the security of passwords or other cryptographic keys by transforming a relatively weak key into a stronger, more attack-resistant one?

Answer: Key Stretching

How well did you know this?

Not at all

Perfectly

Type: True/False
Question: Key stretching involves applying a cryptographic hash function to the original key with additional data (salting), making it resource-intensive.

Answer: True

How well did you know this?

Not at all

Perfectly

Type: Question & Answer
Question: What type of cryptographic algorithm uses the same single key for both encryption and decryption?

Answer: Symmetric Key Algorithms

How well did you know this?

Not at all

Perfectly

Type: True/False
Question: Key sharing in symmetric encryption requires the key to be shared and kept secret between parties.

Answer: True

How well did you know this?

Not at all

Perfectly

Type: True/False
Question: Symmetric Key Algorithms are generally faster and more efficient than Asymmetric Key Algorithms.

Answer: True

How well did you know this?

Not at all

Perfectly

Type: Multiple Choice Question (Select ONE answer)
Question: A major challenge with symmetric cryptography, especially in large networks or systems, is:
A) Computational intensity
B) Key management
C) Lack of strong algorithms
D) Inability to encrypt data in transit

Answer: B) Key management

How well did you know this?

Not at all

Perfectly

Type: True/False Question: In symmetric encryption, if a key is intercepted or leaked during distribution, the security of the encrypted data is compromised.

Answer: True

Type: Question & Answer Question: For N users to communicate securely with each other using symmetric encryption, the number of unique key pairs needed grows significantly, making key management impractical in large systems. This is known as:

Answer: Scalability Issues

Type: True/False Question: Symmetric cryptography does not provide non-repudiation because the same key is used by all parties.

Answer: True

Type: Question & Answer Question: What is an older 64-bit block cypher that uses a 56-bit effective key and is no longer recommended?

Answer: Data Encryption Standard (DES)

Type: Question & Answer Question: What algorithm applies the DES algorithm three times to each 64-bit data block, offering variable key sizes up to 168 bits?

Answer: Triple-DES (3DES)

Type: Question & Answer Question: What 64-bit block cypher was developed to address the short key length of DES, supporting key sizes of 64 or 128 bits?

Answer: International Data Encryption Algorithm (IDEA)

Type: True/False Question: Blowfish is a 64-bit block cypher known for its flexible and large variable key sizes, ranging from 32 bits to 448 bits.

Answer: True

Type: True/False Question: RC4 is a stream cypher widely used in older security protocols like WEP and early SSL/TLS implementations.

Answer: True

Type: Question & Answer Question: What cryptographic system uses pairs of keys (a public key and a private key), where the public key can be disseminated widely and the private key is known only to the owner?

Answer: Asymmetric Encryption (Public-Key Cryptography)

Type: Multiple Choice Question (Select ONE answer) Question: What is the current U.S. government standard for encrypting electronic data, a 128-bit block cypher with variable key sizes (128, 192, or 256 bits)? A) DES B) 3DES C) AES D) RC4

Answer: C) AES

Type: True/False Question: If a sender encrypts data using the recipient's public key, only the recipient's private key can decrypt it.

Answer: True

Type: True/False Question: In asymmetric encryption, the public key is kept private.

Answer: False (The public key is shared with anyone; the private key is kept secret.)

Type: True/False Question: Asymmetric encryption is more computationally intensive and slower than symmetric encryption.

Answer: True

Type: Question & Answer Question: What foundational asymmetric algorithm relies on the difficulty of factoring large prime numbers for its security, widely used for secure data transmission, digital signatures, and key exchange?

Answer: RSA (Rivest-Shamir-Adleman)

Type: Question & Answer Question: What asymmetric algorithm provides strong security with significantly smaller key sizes compared to RSA, due to its basis in elliptic curve mathematics?

Answer: ECC (Elliptic Curve Cryptography)

Type: Multiple Choice Question (Select ONE answer) Question: What is a method to securely establish a shared secret key between two parties over an insecure public channel, commonly used in SSL/TLS? A) RSA B) ECC C) Diffie-Hellman Key Exchange D) ElGamal

Answer: C) Diffie-Hellman Key Exchange

Type: Question & Answer Question: What system combines the advantages of both symmetric and asymmetric encryption?

Answer: Hybrid Cryptosystem

Type: Question & Answer Question: In a hybrid system, which type of encryption is used for secure key exchange?

Answer: Asymmetric Encryption

Type: Question & Answer Question: In a hybrid system, which type of encryption is used for encrypting the actual data, providing faster and more efficient encryption?

Answer: Symmetric Encryption

Type: True/False Question: The process of hybrid encryption typically involves creating a symmetric key, encrypting it with the recipient's public key, sending the encrypted symmetric key with the encrypted data, and the recipient using their private key to decrypt the symmetric key.

Answer: True

Type: True/False Question: Hybrid encryption is widely used in modern secure communication protocols like SSL/TLS for web browsing, secure email, VPNs, and cloud storage services.

Answer: True

Type: Question & Answer Question: What cryptographic function converts an input of any length into a fixed-size string of text (a hash value or hash digest) using a mathematical function?

Answer: Hash Function

Type: True/False Question: A good hash function should produce unique and distinct hash values for every different input, and even the smallest change to the input should have a significant impact on the output.

Answer: True

Type: Question & Answer Question: The characteristic that states the same input always produces the same hash value is called:

Answer: Deterministic

Type: Question & Answer Question: The characteristic that states hash functions are usually fast and efficient to compute is called:

Answer: Fast Computation

Type: Question & Answer Question: What characteristic ensures that the hash value should be computationally infeasible to reconstruct the original input (one-way property)?

Answer: Pre-image Resistance

Type: Question & Answer Question: What characteristic means that a minor change in input produces a completely different hash (avalanche effect)?

Answer: Small change leads to a Large difference

Type: Question & Answer Question: What characteristic means it should be extremely unlikely (though not impossible) for two different inputs to produce the same hash value?

Answer: Collision Resistance

Type: Question & Answer Question: What occurs when two different inputs produce the same hash value output, indicating a weakness?

Answer: Collision Hash

Type: True/False Question: MD5 has multiple known collisions.

Answer: True

Type: True/False Question: A Birthday attack is an example of an attack that exploits hash collisions.

Answer: True

Type: Multiple Choice Question (Select ONE answer) Question: Hash algorithms create unique "fingerprints" of data for: A) Encryption and decryption B) Digital signatures, certificates, and integrity checks C) Key exchange D) Passwordless authentication

Answer: B) Digital signatures, certificates, and integrity checks

Type: True/False Question: SHA-1 has a digest size of 160 bits and is deprecated, meaning it should not be used.

Answer: True

Type: True/False Question: SHA-2 includes versions like SHA-256, SHA-224, SHA-512, and SHA-384.

Answer: True

Type: True/False Question: SHA-256 uses 512-bit blocks for a 256-bit digest.

Answer: True

Type: Question & Answer Question: Which hash algorithm is designed as a "drop-in replacement" for SHA-2, offering similar modes, and is the current standard?

Answer: SHA-3

Type: Multiple Choice Question (Select ONE answer) Question: MD5 (Message Digest 5) has a digest size of 128 bits and is known for: A) Strong collision resistance B) Being secure for integrity checks C) Being prone to collisions and insecure for integrity D) High computational efficiency

Answer: C) Being prone to collisions and insecure for integrity

Type: True/False Question: RIPEMD (RIPE Message Digest) family algorithms are often used in cryptocurrencies and SSL/TLS.

Answer: True

Type: True/False Question: RIPEMD-128 and RIPEMD-256 are considered insecure and should not be used.

Answer: True

Type: Question & Answer Question: What cryptographic technique validates the authenticity and integrity of a message, software, or digital document?

Answer: Digital Signatures

Type: True/False Question: Digital signatures confirm that the signature was created by the known sender (non-repudiation).

Answer: True

Type: Question & Answer Question: Digital signatures ensure that the message has not been changed while in transit. This is the aspect of:

Answer: Integrity

Type: Multiple Choice Question (Select ONE answer) Question: When creating a digital signature, a hash of the message is encrypted using the sender's: A) Public key B) Private key C) Symmetric key D) Session key

Answer: B) Private key

Type: True/False Question: To verify a digital signature, the recipient must use the signer's public key to decrypt the signature.

Answer: True

Type: True/False Question: If the decrypted signature matches the newly generated message digest, it confirms that the signature is valid and the message hasn't been altered.

Answer: True

Type: Question & Answer Question: What standard uses the Digital Signature Algorithm (DSA) and was developed by the U.S. National Security Agency (NSA)?

Answer: Digital Signature Standard (DSS)

Type: True/False Question: DSS generates a digital signature for the authentication of electronic documents.

Answer: True

Type: True/False Question: DSS uses SHA2/SHA3 with RSA, DSA, or ECDSA.

Answer: True

Type: Question & Answer Question: What is a framework used to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption?

Answer: Public Key Infrastructure (PKI)

Type: True/False Question: The purpose of PKI is to simplify the secure electronic transfer of information for network activities like e-commerce, internet banking, and confidential email.

Answer: True

Type: True/False Question: PKI allows users to encrypt and decrypt data using public and private keys.

Answer: True

Type: True/False Question: PKI provides for the creation and verification of digital signatures, ensuring data authenticity and integrity.

Answer: True

Type: Question & Answer Question: In the functioning of PKI, what entity issues and revokes certificates as needed?

Answer: Certificate Management (CA)

Type: Question & Answer Question: What provides communicating parties with the assurance that they are communicating with the expected party?

Answer: Digital Certificates

Type: Multiple Choice Question (Select ONE answer) Question: Certificates are endorsed copies of an individual's: A) Private key B) Symmetric key C) Public key D) Hash value

Answer: C) Public key

Type: True/False Question: Digital certificates provide data integrity, identification, authentication, non-repudiation, confidentiality, encryption, and digital signatures.

Answer: True

Type: True/False Question: Computers/machines, individual users, email addresses, and developers (code-signing certificates) are examples of certificate usage.

Answer: True

Type: Question & Answer Question: What electronic documents contain the public key and a digital signature to bind a public key with an identity (person or organisation)?

Answer: Digital Certificates

Type: Question & Answer Question: What trusted entity issues and manages digital certificates, verifying the identity of a certificate applicant before issuing a certificate?

Answer: Certificate Authority (CA)

Type: Question & Answer Question: What entity often acts as the verifier for the CA before a digital certificate is issued to a requestor?

Answer: Registration Authority (RA)

Type: Question & Answer Question: What entity checks if the certificate is still valid?

Answer: Validation Authority (VA)

Type: Question & Answer Question: What is a request sent to a Certificate Authority (CA) to get a digital certificate, containing your public key and details like organisation name and domain name?

Answer: Certificate Signing Request (CSR)

Type: True/False Question: When creating a CSR, you generate a key pair and include your public key in the request.

Answer: True

Type: Multiple Choice Question (Select ONE answer) Question: CSRs are often created in what format? A) PEM B) PKCS#10 C) DER D) PFX

Answer: B) PKCS#10

Type: True/False Question: When submitting a CSR to a CA, the CA performs a validation check on your details.

Answer: True

Type: Question & Answer Question: What is the standard format for digital certificates, used to verify identities and encrypt communications?

Answer: X.509 Digital Certificates

Type: True/False Question: Key information (attributes) in an X.509 certificate includes version number, Subject Name/Common Name (CN), Subject Public Key, and Issuer Name.

Answer: True

Type: Question & Answer Question: What attribute in an X.509 certificate identifies who the certificate is for (e.g., domain name)?

Answer: Subject Name/Common Name (CN)/Distinguished Name (DN)

Type: Question & Answer Question: What attribute in an X.509 certificate identifies who issued the certificate (the CA)?

Answer: Issuer Name

Type: Question & Answer Question: What type of certificate gives an organisation the power to act as a Certificate Authority?

Answer: CA Certificate

Type: Question & Answer Question: What type of certificates are issued to individuals or organisations (not CAs)?

Answer: End Entity Certificates

Type: Question & Answer Question: What type of End Entity Certificate is issued by proving you control the domain (e.g., via email)?

Answer: Domain Validation (DV)

Type: Question & Answer Question: What type of End Entity Certificate provides higher assurance, where the CA thoroughly verifies the business is legitimate?

Answer: Extended Validation (EV)

Type: Question & Answer Question: What type of certificate secures a main domain AND all its subdomains with a single certificate (e.g., *.example.com)?

Answer: Wildcard Certificates

Type: True/False Question: Digital certificates can be created by yourself (self-signed) or issued by a trusted organisation (Third-party CA).

Answer: True

Type: True/False Question: Self-signed certificates are automatically trusted by most browsers and systems.

Answer: False (Self-signed certificates are NOT automatically trusted by others; trust must be set up separately.)

Type: True/False Question: Self-signed certificates are good for test environments and internal networks where users can easily verify authenticity without an external CA.

Answer: True

Type: True/False Question: Third-party (CA-Signed) certificates are automatically trusted by most browsers and systems.

Answer: True

Type: Question & Answer Question: What is the most trusted starting point in a Public Key Infrastructure (PKI) system, where all other certificates in the network derive their trustworthiness?

Answer: Root Certificate Authority (CA) (Root of Trust)

Type: True/False Question: The purpose of certificate verification is to confirm that a certificate is authentic and trustworthy on your device or app.

Answer: True

Type: Question & Answer Question: What technique involves hardcoding a server's SSL/TLS public key into an app/device to prevent Man-in-the-Middle (MITM) attacks?

Answer: Certificate Pinning

Type: True/False Question: To verify a certificate, it must NOT be on a Certificate Revocation List (CRL) or flagged by Online Certificate Status Protocol (OCSP).

Answer: True

Type: True/False Question: A certificate is revoked if it is compromised, issued by mistake, its details change, or its security association changes.

Answer: True

Type: Question & Answer Question: What is a list of revoked certificate serial numbers?

Answer: Certificate Revocation Lists (CRL)

Type: Question & Answer Question: What method allows clients to send a real-time request to the CA's OCSP server to check a certificate's status?

Answer: Online Certificate Status Protocol (OCSP)

Type: Question & Answer Question: What method involves the web server itself checking the certificate's status with the CA and sending a time-stamped validation directly to the client?

Answer: Certificate Stapling

Type: Question & Answer Question: What is a way to embed, or conceal, a message, image, or file within another message, image, or file?

Answer: Steganography

Type: Question & Answer Question: Hiding a message within an image by manipulating pixels or encoding additional data is called:

Answer: Image Steganography

Type: Question & Answer Question: Hiding information within an audio file, or its metadata, is called:

Answer: Audio Steganography

Type: Question & Answer Question: Embedding data within a video file, which can include manipulation of frames, is called:

Answer: Video Steganography

Type: Question & Answer Question: Hiding information within text through formatting, using white spaces, or altering characters is called:

Answer: Text Steganography

Type: Question & Answer Question: What decentralised and distributed ledger technology is known for its role in cryptocurrency, such as Bitcoin?

Answer: Blockchain

Type: True/False Question: In a blockchain, each block contains a cryptographic hash of the previous block, chaining them together to prevent changes.

Answer: True

Type: True/False Question: Blockchain is resistant to central points of failure or control because it is decentralised and maintained over a network of computers.

Answer: True

Type: Question & Answer Question: What technique enhances the security of stored passwords by adding a unique, random string of characters (salt) to each password before it is hashed?

Answer: Salting

Type: True/False Question: In the salting process, the system creates a random unique "salt" for your password, adds it to your actual password, hashes the combined string, and then stores the final hash AND the salt in the database.

Answer: True

Type: True/False Question: When logging in with a salted password, the system gets the salt, adds it to the typed password, hashes the combined string, and then compares it to the stored hash.

Answer: True

Type: Question & Answer Question: What specialised hardware component is designed to secure hardware by integrating cryptographic keys into devices?

Answer: Trusted Platform Module (TPM)

Type: True/False Question: A TPM is built to be tamper-resistant with physical security.

Answer: True

Type: Multiple Choice Question (Select ONE answer) Question: What is the main goal of a TPM? A) To perform network filtering B) To protect the system at a hardware level C) To manage user accounts D) To encrypt data in transit only

Answer: B) To protect the system at a hardware level

Type: True/False Question: TPMs generate and safely store cryptographic keys (especially private keys) inside the TPM.

Answer: True

Type: True/False Question: TPMs are used in applications like Disk Encryption (storing encryption keys for BitLocker) and Secure Boot/System Integrity (verifying boot process).

Answer: True

Type: Question & Answer Question: What provides a highly secure space where a device with sensitive data can be stored, and cryptographic actions take place, as it's isolated from the main OS and processor?

Answer: Secure Enclave

Type: True/False Question: Hardware Isolation, Limited Access, and Tamper Resistance are key features of a Secure Enclave.

Answer: True

Type: Question & Answer Question: What is the process of disguising confidential or sensitive data to protect it from unauthorised access without making it impossible to understand?

Answer: Data Obfuscation

Type: True/False Question: Data Masking, Encryption, and tokenisation are the three main types of data obfuscation.

Answer: True

Type: Question & Answer Question: What technique involves creating a fake (substitute) version of a dataset, where data values are changed but the original format stays the same, allowing testing/training without risking real user information?

Answer: Data Masking

Type: Question & Answer Question: What process involves substituting sensitive data with non-sensitive equivalents (tokens) that have no explorable meaning or value?

Answer: Tokenisation

Type: True/False Question: In tokenisation, sensitive data (e.g., credit card number) is replaced with a random string of characters called a "token."

Answer: True

Type: True/False Question: In tokenisation, the real sensitive data is stored securely elsewhere, and the token acts as a pointer or reference to that real data.

Answer: True

Type: Question & Answer Question: What process involves securely storing cryptographic keys so that, under certain conditions, a third party can access them, often used for data recovery or law enforcement requests?

Answer: Key Escrow

Type: Question & Answer Question: What physical or cloud computing device provides secure cryptographic processing, key generation, storage, encryption, and decryption services, performing crypto operations inside a tamper-resistant hardware device?

Answer: Hardware Security Module (HSM)

Type: True/False Question: HSMs offer a secure way to manage cryptographic keys through their entire life cycle.

Answer: True

Type: True/False Question: Cloud providers (e.g., AWS) offer HSMs for generating and using cryptographic keys within the cloud environment.

Answer: True

Type: Question & Answer Question: What NIST standard sets requirements for cryptographic modules used in federal IT systems?

Answer: FIPS 140-2

Type: Question & Answer Question: Which FIPS 140-2 Security Level has basic cryptographic functions and production-grade, tamper-evident physical security, used in low-security environments?

Answer: Level 1

Type: True/False Question: The purpose of FIPS 140-2 is to ensure secure handling of cryptographic operations.

Answer: True

Type: Question & Answer Question: Which FIPS 140-2 Security Level adds enhanced physical tamper-evidence and role-based login to Level 1, with visible signs if physical components are accessed, used for moderate security needs?

Answer: Level 2

Type: Question & Answer Question: Which FIPS 140-2 Security Level offers stronger physical protection against accessing sensitive data (CSPs), with hard coverings/enclosures showing tampering and automatic wiping of sensitive data if intrusion is detected?

Answer: Level 3

Type: Question & Answer Question: Which FIPS 140-2 Security Level is the highest, providing robust protection against environmental attacks, complete isolation, strong tamper response, and protection even in extreme environmental conditions?

Answer: Level 4

Section 7: Cryptography Flashcards

(144 cards)