8.8.2 Module 8: Public Key Cryptography Quiz Answers

Dec 4, 2022 Last Updated: Dec 4, 2022 Network Defense No Comments
Tweet Share Pin it

Network Defense Module 8.8.2 Module 8: Public Key Cryptography Quiz Questions Exam Answers

1. What is the purpose of the DH algorithm?

  • to provide nonrepudiation support
  • to support email data confidentiality
  • to encrypt data traffic after a VPN is established
  • to generate a shared secret between two hosts that have not communicated before

Explanation: DH is an asymmetric mathematical algorithm that allows two computers to generate an identical shared secret, without having communicated before. Asymmetric key systems are extremely slow for any sort of bulk encryption. It is common to encrypt the bulk of the traffic using a symmetric algorithm such as DES, 3DES, or AES, and use the DH algorithm to create keys that will be used by the symmetric encryption algorithm.

2. Which statement is a feature of HMAC?

  • HMAC is based on the RSA hash function.
  • HMAC uses a secret key that is only known to the sender and defeats man-in-the-middle attacks.
  • HMAC uses protocols such as SSL or TLS to provide session layer confidentiality.
  • HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.

Explanation: A keyed-hash message authentication code (HMAC or KHMAC) is a type of message authentication code (MAC). HMACs use an additional secret key as input to the hash function, adding authentication to data integrity assurance.

3. Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?​

  • confidentiality
  • authentication
  • integrity
  • nonrepudiation

Explanation: Integrity is ensured by implementing either MD5 or SHA hash generating algorithms. Many modern networks ensure authentication with protocols, such as HMAC. Data confidentiality is ensured through symmetric encryption algorithms, including DES, 3DES, and AES. Data confidentiality can also be ensured using asymmetric algorithms, including RSA and PKI.

4. Which two statements correctly describe certificate classes used in the PKI? (Choose two.)

  • A class 0 certificate is for testing purposes.
  • A class 0 certificate is more trusted than a class 1 certificate.
  • The lower the class number, the more trusted the certificate.
  • A class 5 certificate is for users with a focus on verification of email.
  • A class 4 certificate is for online business transactions between companies.

Explanation: A digital certificate class is identified by a number. The higher the number, the more trusted the certificate. The classes include the following:

  • Class 0 is for testing purposes in which no checks have been performed.
  • Class 1 is for individuals with a focus on verification of email.
  • Class 2 is for organizations for which proof of identity is required.
  • Class 3 is for servers and software signing for which independent verification and checking of identity and authority is done by the issuing certificate authority.
  • Class 4 is for online business transactions between companies.
  • Class 5 is for private organizations or governmental security.

5. Which statement describes the use of certificate classes in the PKI?

  • The lower the class number, the more trusted the certificate.
  • A vendor must issue only one class of certificates when acting as a CA.
  • A class 5 certificate is more trustworthy than a class 4 certificate.
  • Email security is provided by the vendor, not by a certificate.

Explanation: The higher the certificate number, the more trustworthy the certificate. Class 1 certificates are for individuals, with a focus on email verification. An enterprise can act as its own CA and implement PKI for internal use. In that situation, the vendor can issue certificates as needed for various purposes.

6. What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?

  • asymmetric key algorithm
  • digital signature
  • encryption
  • hash algorithm

Explanation: Digital signatures provide assurance of the authenticity and integrity of software codes. They provide the ability to trust code that is downloaded from the Internet.

7. What two assurances does digital signing provide about code that is downloaded from the Internet? (Choose two.)

  • The code is authentic and is actually sourced by the publisher.
  • The code contains no errors.
  • The code was encrypted with both a private and public key.
  • The code has not been modified since it left the software publisher.
  • The code contains no viruses.

Explanation: Digitally signing code provides several assurances about the code:

  • The code is authentic and is actually sourced by the publisher.
  • The code has not been modified since it left the software publisher.
  • The publisher undeniably published the code. This provides nonrepudiation of the act of publishing.

8. What term is used to describe the technology that replaces sensitive information with a nonsensitive version?

  • hiding
  • masking
  • retracting
  • whiteout
  • blanking

Explanation: Data masking replaces sensitive information with nonsensitive information. After replacement, the nonsensitive version looks and acts like the original.

9. What term is used to describe concealing data in another file such as a graphic, audio, or other text file?

  • masking
  • obfuscation
  • steganography
  • hiding

Explanation: Steganography conceals data in a file such as a graphic, audio, or other text file and is used to prevent extra attention to the encrypted data because the data is not easily viewed.

10. What is a strength of using a hashing function?

  • It is a one-way function and not reversible.
  • It can take only a fixed length message.
  • It has a variable length output.
  • Two different files can be created that have the same output.
  • It is not commonly used in security.

Explanation: Understanding the properties of a hash function shows its applicability such as one-way function, arbitrary input length, and fixed output.

11. An investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court?

  • The investigator found a USB drive and was able to make a copy of it.
  • The data is all there.
  • An exact copy cannot be made of a device.
  • The data in the image is an exact copy and nothing has been altered by the process.

Explanation: A hash function ensures the integrity of a program, file, or device.

12. In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?

  • HTTPS traffic is much faster than HTTP traffic.
  • HTTPS traffic enables end-to-end encryption.
  • HTTPS traffic does not require authentication.
  • HTTPS traffic can carry a much larger data payload than HTTP can carry.

Explanation: HTTPS enables end-to-end encrypted network communication, which adds further challenges for network administrators to monitor the content of packets to catch malicious attacks.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x