1. Which security function is provided by encryption algorithms?
- key management
Explanation: Encryption algorithms are used to provide data confidentiality, which ensures that if data is intercepted in transit, it cannot be read.
2. Which type of cryptographic key would be used when connecting to a secure website?
- symmetric keys
- digital signatures
- DES key
- hash keys
Explanation: Typical usage of cryptographic keys includes the following:
- Symmetric keys, which can be exchanged between two routers supporting a VPN.
- Digital signatures, which are used when connecting to a secure website.
- Hash keys, which are used in symmetric and asymmetric key generation, digital signatures, and other types of applications.
3. What do most cryptographic system attacks seek to target?
- user information
- the cryptographic algorithm
- key management
- the actual data packet
Explanation: Most attacks on cryptographic systems are aimed at the key management level, rather than the cryptographic algorithm itself.
4. Which type of attack does the use of HMACs protect against?
- brute force
Explanation: Because only the sender and receiver know the secret key, only parties that have access to that key can compute the digest of an HMAC function. This defeats man-in-the-middle attacks and provides authentication of where the data originated.
5. What is a feature of asymmetrical encryption?
- Different keys are used to encrypt and decrypt data.
- It requires fewer computations than symmetric encryption requires.
- Key lengths are short.
- It encrypts bulk data quickly.
Explanation: Asymmetric encryption algorithms use different keys for encryption and decryption. These are known as private and public keys. The longer key lengths used by asymmetric algorithms make them slower than symmetrical encryption and inefficient for bulk data.
6. What is the reason for HMAC to use an additional secret key as input to the hash function?
- to provide integrity verification
- to provide encryption
- to provide authentication
- to prevent DoS attacks
7. What is the purpose of the DH algorithm?
- to support email data confidentiality
- to encrypt data traffic after a VPN is established
- to generate a shared secret between two hosts that have not communicated before
- to provide nonrepudiation support
Explanation: DH is an asymmetric mathematical algorithm that allows two computers to generate an identical shared secret, without having communicated before. Asymmetric key systems are extremely slow for any sort of bulk encryption. It is common to encrypt the bulk of the traffic using a symmetric algorithm such as DES, 3DES, or AES, and use the DH algorithm to create keys that will be used by the symmetric encryption algorithm.
8. Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?
- SEAL is a stream cipher.
- It is an example of an asymmetric algorithm.
- It uses a 112-bit encryption key.
- It requires more CPU resources than software-based AES does.
Explanation: SEAL is a stream cipher that uses a 160-bit encryption key. It is a symmetric encryption algorithm that has a lower impact on the CPU resources compared to other software-based algorithms, such as software-based DES, 3DES, and AES.
9. Which data security component is provided by hashing algorithms?
- key exchange
Explanation: Hashing algorithms are used to provide message integrity, which ensures that data in transit has not changed or been altered.
10. Which two algorithms use a hashing function to ensure message integrity? (Choose two.)
Explanation: Hashing algorithms are used to provide data integrity, which ensures that the data has not changed during transmission. MD5 and SHA are commonly used hashing algorithms.
11. Which characteristic of security key management is responsible for making certain that weak cryptographic keys are not used?
- revocation and destruction
Explanation: To make a key strong, there are several essential characteristics of key management that should be considered:
- Generation – The use of good random number generators is needed to ensure that all keys are likely to be equally generated so that the attacker cannot predict which keys are more likely to be used.
- Verification – Almost all cryptographic algorithms have some weak keys that should not be used. With the help of key verification procedures, these keys can be regenerated if they occur.
- Exchange – Key management procedures should provide a secure key exchange mechanism that allows secure agreement on the keying material with the other party, probably over an untrusted medium.
- Revocation and Destruction – Revocation notifies all interested parties that a certain key has been compromised and should no longer be used. Destruction erases old keys in a manner that prevents malicious attackers from recovering them.
12. What is the function of the Diffie-Hellman algorithm within the IPsec framework?
- provides authentication
- allows peers to exchange shared keys
- guarantees message integrity
- provides strong data encryption
Explanation: The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. DH (Diffie-Hellman) is an algorithm used for key exchange. DH is a public key exchange method that allows two IPsec peers to establish a shared secret key over an insecure channel.