Network Security (Version 1.0) Modules 15 – 17: Cryptography Group Exam Answers
1. Which algorithm can ensure data integrity?
2. What is the keyspace of an encryption algorithm?
- the set of all possible values used to generate a key
- the set of procedures used to calculate asymmetric keys
- the set of hash functions used to generate a key
- the mathematical equation that is used to create a key
3. Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice?
- private key from Bob
- private key from Alice
- public key from Bob
- username and password from Alice
4. Which three security services are provided by digital signatures? (Choose three.)
- provides nonrepudiation using HMAC functions
- guarantees data has not changed in transit
- provides data encryption
- authenticates the source
- provides confidentiality of digitally signed data
- authenticates the destination
5. What is another name for confidentiality of information?
6. As data is being stored on a local hard disk, which method would secure the data from unauthorized access?
- a duplicate hard drive copy
- deletion of sensitive files
- two factor authentication
- data encryption
7. What popular encryption algorithm requires that both the sender and receiver know a pre-shared key?
8. In which method used in cryptanalysis does the attacker know a portion of the plaintext and the corresponding ciphertext?
9. Match the disciplines or roles to the descriptions.
10. What technology supports asymmetric key encryption used in IPsec VPNs?
11. What are two symmetric encryption algorithms? (Choose two.)
12. Which two items are used in asymmetric encryption? (Choose two.)
- a token
- a TPM
- a private key
- a DES key
- a public key
13. What are two properties of a cryptographic hash function? (Choose two.)
- Complex inputs will produce complex hashes.
- Hash functions can be duplicated for authentication purposes.
- The hash function is one way and irreversible.
- The input for a particular hash algorithm has to have a fixed size.
- The output is a fixed length.
14. Which statement describes asymmetric encryption algorithms?
- They have key lengths ranging from 80 to 256 bits.
- They include DES, 3DES, and AES.
- They are also called shared-secret key algorithms.
- They are relatively slow because they are based on difficult computational algorithms.
15. An IT enterprise is recommending the use of PKI applications to securely exchange information between the employees. In which two cases might an organization use PKI applications to securely exchange information between users? (Choose two.)
- HTTPS web service
- 802.1x authentication
- local NTP server
- FTP transfers
- file and directory access permission
16. Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure?
- The users must obtain the certificate of the CA and then their own certificate.
- The CA is always required, even after user verification is complete.
- CA certificates are retrieved out-of-band using the PSTN, and the authentication is done in-band over a network.
- After user verification is complete, the CA is no longer required, even if one of the involved certificates expires.
17. The following message was encrypted using a Caesar cipher with a key of 2:
fghgpf vjg ecuvng
What is the plaintext message?
- invade the castle
- defend the castle
- defend the region
- invade the region
18. In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself?
- from the root CA or another subordinate CA at a higher level
- from the root CA or another subordinate CA at the same level
- from the root CA or from self-generation
- from the root CA only
- from the root CA or another subordinate CA anywhere in the tree
19. What is the purpose for using digital signatures for code signing?
- to establish an encrypted connection to exchange confidential data with a vendor website
- to verify the integrity of executable files downloaded from a vendor website
- to authenticate the identity of the system with a vendor website
- to generate a virtual ID
20. What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?
- digital signatures
- hashing algorithms
- PKI certificates
- symmetric keys
21. Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?
22. What is an example of the one-time pad cipher?
- rail fence
23. A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?
- data integrity
- data confidentiality
- origin authentication
24. What is the purpose of a digital certificate?
- It guarantees that a website has not been hacked.
- It provides proof that data has a traditional signature attached.
- It ensures that the person who is gaining access to a network device is authorized.
- It authenticates a website and establishes a secure connection to exchange confidential data.