Module 21: Public Key Cryptography Quiz Answers

1. Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?

  • SEAL is a stream cipher.
  • It is an example of an asymmetric algorithm.
  • It requires more CPU resources than software-based AES does.
  • It uses a 112-bit encryption key.

Explanation: SEAL is a stream cipher that uses a 160-bit encryption key. It is a symmetric encryption algorithm that has a lower impact on the CPU resources compared to other software-based algorithms, such as software-based DES, 3DES, and AES.

2. Which statement is a feature of HMAC?

  • HMAC is based on the RSA hash function.
  • HMAC uses protocols such as SSL or TLS to provide session layer confidentiality.
  • HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.
  • HMAC uses a secret key that is only known to the sender and defeats man-in-the-middle attacks.

Explanation: A keyed-hash message authentication code (HMAC or KHMAC) is a type of message authentication code (MAC). HMACs use an additional secret key as input to the hash function, adding authentication to data integrity assurance.

3. Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?​

  • authentication
  • confidentiality
  • integrity
  • nonrepudiation

Explanation: Integrity is ensured by implementing either MD5 or SHA hash generating algorithms. Many modern networks ensure authentication with protocols, such as HMAC. Data confidentiality is ensured through symmetric encryption algorithms, including DES, 3DES, and AES. Data confidentiality can also be ensured using asymmetric algorithms, including RSA and PKI.​

4. Which algorithm can ensure data confidentiality?

  • PKI
  • RSA
  • MD5
  • AES

Explanation: Data confidentiality is ensured through symmetric encryption algorithms, including DES, 3DES, and AES.

5. In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?

  • HTTPS traffic enables end-to-end encryption.
  • HTTPS traffic can carry a much larger data payload than HTTP can carry.
  • HTTPS traffic does not require authentication.
  • HTTPS traffic is much faster than HTTP traffic.

Explanation: HTTPS enables end-to-end encrypted network communication, which adds further challenges for network administrators to monitor the content of packets to catch malicious attacks.

6. Which protocol is an IETF standard that defines the PKI digital certificate format?

  • X.509
  • LDAP
  • X.500

Explanation: To address the interoperability of different PKI vendors, IETF published the Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 2527). The standard defines the format of a digital certificate.

7. What are two symmetric encryption algorithms? (Choose two.)

  • MD5
  • AES
  • 3DES
  • HMAC
  • SHA

Explanation: MD5, HMAC, and SHA are hashing algorithms.

8. What is the purpose of code signing?

  • integrity of source .EXE files
  • data encryption
  • source identity secrecy
  • reliable transfer of data

Explanation: Code signing is used to verify the integrity of executable files downloaded from a vendor website. Code signing uses digital certificates to authenticate and verify the identity of a website.

9. Which statement describes the use of certificate classes in the PKI?

  • A vendor must issue only one class of certificates when acting as a CA.
  • A class 5 certificate is more trustworthy than a class 4 certificate.
  • Email security is provided by the vendor, not by a certificate.
  • The lower the class number, the more trusted the certificate.

Explanation: The higher the certificate number, the more trustworthy the certificate. Class 1 certificates are for individuals, with a focus on email verification. An enterprise can act as its own CA and implement PKI for internal use. In that situation, the vendor can issue certificates as needed for various purposes.​

10. What role does an RA play in PKI?

  • a subordinate CA
  • a super CA
  • a backup root CA
  • a root CA

Explanation: A registration authority (RA) is a subordinate CA. It is certified by a root CA to issue certificates for specific uses.

11. What technology supports asymmetric key encryption used in IPsec VPNs?

  • IKE
  • 3DES
  • SEAL
  • AES

Explanation: IKE, or Internet Key Exchange, is a protocol to support asymmetric encryption algorithms. It is used to securely exchange encryption keys in the setup of IPsec VPNs.

12. What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?

  • digital signature
  • hash algorithm
  • asymmetric key algorithm
  • encryption

Explanation: Digital signatures provide assurance of the authenticity and integrity of software codes. They provide the ability to trust code that is downloaded from the Internet.

Inline Feedbacks
View all comments