4 - Cryptography

Question 1

1. The strength of a crypto system is based on all but which of the following?a. Algorithmb. Size of keyspacec. Intialization vectord. Length of key

Answer 1

B: The size of the keyspace does not have a direct correlation to the strength of the crypto system. The keyspace is simply the range of values defined by the algorithm that can be used to construct keys.

Question 2

2. Which of the following is not a goal of cryptography?a. Confidentialityb. Non-repudiationc. Availabilityd. Integrity

Answer 2

C: Availability is not a goal of cryptography.

Question 3

3. What type of cipher is subject to cracking by means of period analysis?a. transposition cipherb. Vernam cipherc. Running key cipherd. polyalphabetic cipher

Answer 3

D: A polyalphabetic cipher is subject to cracking by means of period analysis.

Question 4

4. The strength of a cryptosystem is based on all but which of the following?a. algorithmb. the length of the plaintextc. secrecy of the keysd. initialization vectors

Answer 4

B: The strength of a cryptosystem is not based on the length of the plaintext or even the content of the plaintext. The message to be encrypted is not a determining factor in the strength of a cryptosystem.

Question 5

5. Which of the following is not a goal of cryptosystems?a. confidentialityb. non-repudiationc. availabilityd. integrity

Answer 5

C: Availability is not a goal of cryptosystems. Cryptosystems do not address the need to make resources available, accessible, or delivered in a timely manner. The goals of cryptosystems is to provide for confidentiality, non-repudiation, integrity, and authenticity.

Question 6

6. The action of dividing a plaintext message into fixed length segments and applying the same algorithm to each segment to hide the message is known as?a. clusteringb. end-to-end encryptionc. encryption streamingd. block ciphering

Answer 6

D: Block ciphering is the action of dividing a plaintext message into fixed length segments and applying the same algorithm to each segment to hide the message.

Question 7

7. An unintelligible message is also called what?a. cryptogramb. cipherc. coded. algorithm

Answer 7

A: A cryptogram or ciphertext is an unintelligible message - it is a plaintext that has been transformed into a protected message through the application of cryptography.

Question 8

8. Which of the following is different than the others?a. Cryptologyb. End to end encryptionc. Link encryptiond. Stream cipher

Answer 8

A: Cryptology is the one item from this list different from the others since it is the parent concept that contains the others. Cryptology is a method of storing and transmitting data in a form that can be read and processed only by the intended recipient.

Question 9

9. The process of hiding the meaning of a message by using a mechanism which shifts each letter of the alphabet by three letters is known as?a. polyalphabetic cipherb. monoalphabetic substitution cipherc. transposition cipherd. running key cipher

Answer 9

B: The process of hiding the meaning of a message by using a mechanism which shifts each letter of the alphabet by three letters is known as a monoalphabetic substitution cipher.

Question 10

10. A cryptosystem is comprised of all but which of the following?a. plaintextb. keyc. a one way hashd. algorithm

Answer 10

C: A cryptosystem may use a one way mathematical function as its algorithm, but not all algorithms are one way. A one way hash is used to check integrity but not for confidentiality.

Question 11

11. The cryptography mechanism which hides information within images is known as?a. steganographyb. codingc. substitutiond. tuple

Answer 11

A: Steganography is the cryptography mechanism which hides information within images.

Question 12

12. Which of the following was selected to replace Triple DES (3DES) in 2001?a. Twofish Algorithmb. Advanced Encryption Standard (AES)c. IDEA cipherd. RC5

Answer 12

B: AES is the replacement for 3DES.

Question 13

13. The art and science of hiding the meaning of communications from unintended recipients is known as? a. Cryptanalysisb. Steganographyc. Cryptographyd. Ciphering

Answer 13

C: Cryptography is art and science of hiding the meaning of communications from unintended recipients. However, this is an incomplete answer for this question since there are additional ways to perform this activity.

Question 14

14. The art of obtaining the plaintext (i.e. the original message) or the key from ciphertext is known as?a. Steganography b. Cryptography c. Ciphering d. Cryptanalysis

Answer 14

D: Cryptanalysis is the art of obtaining the plaintext (i.e. the original message) or the key from ciphertext.

Question 15

15. The set of mathematical rules that dictate how enciphering and deciphering take place is known as the?a. keyb. ciphertextc. coded. algorithm

Answer 15

D: The set of mathematical rules that dictate how enciphering and deciphering take place is known as the algorithm.

Question 16

16. What must be kept secret in order for a cryptosystem to provide any form of protection for messages?a. keyb. algorithmc. keyspaced. block size

Answer 16

A: The key of a cryptosystem must be kept secret in order to protect the security provided by encryption.

Question 17

17. When using end-to-end encryption, the actual process of encryption occurs at what level of the OSI model?a. Physical layerb. Application layerc. Network layerd. Session layer

Answer 17

B: End-to-end encryption performs its encryption at the application layer.

Question 18

18. When using link encryption, the actual process of encryption occurs at what level of the OSI model?a. Application layerb. Session layerc. Presentation layerd. Network layer

Answer 18

D: Link encryption performs its encryption at the network layer.

Question 19

19. The most common mathematical Boolean operation performed by cryptographic systems is?a. Elliptical curveb. Discrete algorithmc. ANDingd. Exlusive OR

Answer 19

D: Exclusive OR is the most common mathematical Boolean operation performed by cryptographic systems.

Question 20

20. Which of the following is not true in regards to a one-time pad?a. Extremely practiced for modern applicationsb. Often used as a stream cipherc. True random codes makes one-time pads unbreakabled. The key length is the same as the length of the original message

Answer 20

A: One-time pads are not suitable for modern applications, primarily due to the inability for a computer to create truly non-repeating random codes and the problem of securely exchanging the pad with communication partners.

Question 21

21. When the same ciphertext is produced when a single plaintext is encrypted using two different keys is known as?a. collusionb. clusteringc. polyinstantiationd. scavenging

Answer 21

B: Clustering occurs when the same ciphertext is produced when a single plaintext is encrypted using two different keys.

Question 22

22. A cryptographic transformation that operates at the word or phrase level is known as?a. cipherb. block cipherc. code cipherd. streaming cipher

Answer 22

C: A code cipher or just a code is a cryptographic transformation that operates as the word or phrase level.

Question 23

23. When data is encrypted for the entire trip across an untrusted network from source to destination is known as?a. work factor encryptionb. link encryptionc. streaming encryptiond. end-to-end encryption

Answer 23

D: End-to-end encryption is a form of communications encryption where the data is encrypted for the entire trip across an untrusted network from source to destination.

Question 24

24. Which of the following mechanisms always encrypts the entire message or data packet including the header?a. link encryptionb. end-to-end encryptionc. IPSec in transport moded. PPTP tunnels with CHAP

Answer 24

A: Link encryption encrypts the entire packet.

Question 25

25. A vernam cipher is an example of what type of cryptographic system? a. transposition cipher b. running key cipher c. polyalphabetic substitution cipher d. one-time pad 

Answer 25

D: Vernam cipher is an example of a one-time pad.    

Question 26

26. The Escrowed Encryption Standard (EES) is embodied in which of the following? a. Clipper chip b. Data Encryption Standard (DES) c. A symmetric cryptographic system d. Digital Signature Standard (DSS) 

Answer 26

A: The Escrowed Encryption Standard (EES) is embodied in the clipper chip. 

Question 27

27. The skipjack algorithm used in the clipper chip used what length of key? a. 56 b. 80 c. 128 d. 256 

Answer 27

B: Skipjack uses an 80-bit key. 

Question 28

28. The goals or benefits of a cryptosystem include protection or support for all but which of the following? a. Availability b. Confidentiality c. Integrity d. Non-repudiation 

Answer 28

A: Availability is not a benefit of a cryptosystem.

Question 29

29. A polyalphabetic cipher is vulnerable to what form of attack? a. birthday attack b. frequency analysis  c. period analysis  d. collision 

Answer 29

C: A polyalphabetic cipher is vulnerable to a period analysis.

Question 30

30. Which crypotographic system is vulnerable to frequency analysis? a. vernam cipher  b. running key cipher c. transposition cipher d. code ciphers 

Answer 30

C: Transposition ciphers are vulnerable to frequency analysis.

Question 31

31. Which of the following terms is out of place when compared to the others? a. symmetric key  b. secret key c. public key d. shared common key

Answer 31

C: Public key is only found in asymmetric cryptographic systems.

Question 32

32. Which of the following terms is out of place when compared to the others? a. asymmetric cryptography  b. public key cryptography c. key pairs d. bulk encryption 

Answer 32

D: Symmetric cryptography is better suited for bulk encryption than asymmetric cryptography.       

Question 33

33. Triple DES (Data Encryption Standard) uses what effective key bit length? a. 168 b. 56 c. 112 d. 256 

Answer 33

A: 3DES uses a 168-bit key (three times DES's 56 bit key).

Question 34

34. All but which of the following is an example of steganography? a. micro dots b. hiding data in a bad sector on a hard drive c. watermarks d. hiding a text message in a visual image 

Answer 34

B: Hiding data in a bad sector on a hard drive is an example of the use of a covert storage channel, not steganography.      

Question 35

35. The time, effort, and/or cost involved in breaking a cryptographic system is known as? a. algorithm b. key length c. work function d. key space 

Answer 35

C: The work function is the time, effort, and/or cost involved in breaking a cryptographic system.

Question 36

36. The strength of a cryptosystem is dependant upon all but which of the following? a. Algorithm  b. Secrecy of the key c. Initialization vector d. Length of ciphertext 

Answer 36

D: The strength of a cryptosystem is not dependant upon the length of the ciphertext, i.e. the output of the system.       

Question 37

37. What asymmetric cryptographic system is based upon the product of two very large prime numbers? a. RSA (Rivest, Shamir, and Addleman) b. Diffie-Hellman c. Merkle-Hellman Knapsack  d. El Gamal 

Answer 37

A: RSA is based upon the product of two very large prime numbers.  

Question 38

38. What cryptographic system includes a method by which secret keys can be exchanged securely over an insecure medium? a. Haval b. Diffie-Hellman c. Rijndael d. El Gamal 

Answer 38

B: Diffie-Hellman is an asymmetric cryptographic system that includes a method by which secret keys can be exchanged securely over an insecure medium.      

Question 39

39. All but which of the following are true regarding elliptic curve cryptosystems (ECC) ? a. can be used to implement Diffie-Hellman, El Gamal, or Schnorr public key algorithms b. smaller key sizes used in ECC can result in higher levels of security than larger non-ECC algorithms c. not suitable for hardware applications d. can be used for digital signatures, encryption, and key management 

Answer 39

C: ECC is suitable for hardware applications.

Question 40

40. What encryption system was selected to replace Triple Data Encryption Standard (3DES)? a. TwoFish b. Advanced Encryption System (AES) c. IDEA d. RC5 

Answer 40

B: Advanced Encryption System (AES) using the Rijndael cipher is the replacement for 3DES.      

Question 41

41. Which of the following is a symmetric block cipher? a. MD5 b. Haval c. TwoFish d. El Gamal 

Answer 41

C: TwoFish is a symmetric block cipher.     

Question 42

42. Which of the following is not a valid key length for Advanced Encryption System (AES)? a. 256 b. 192 c. 128 d. 64 

Answer 42

D: AES does not support the use of a 64-bit key.    

Question 43

43. A certificate issued by a publicly trusted CA will usually contain all but which of the following? a. serial number b. identity information c. signature of issuing authority d. IP address

Answer 43

D: A certificate issued by a publicly trusted CA will not contain IP address information.      

Question 44

44. Which of the following is not true in regards to a Registration Authority system in a PKI solution? a. it issues new certificates b. it confirms the identity of a subject c. it distributes the certificate revocation list (CRL) d. it helps share the workload with the certificate authority (CA) 

Answer 44

A: An RA does not issue new certificates.      

Question 45

45. A message digest provides for which of the following? a. Confidentiality b. Integrity c. Authentication d. Non-repudiation 

Answer 45

B: A message digest (a.k.a. a hash function) provides for integrity.

Question 46

46. The IDEA cipher uses what key length? a. 128 b. 112 c. 64 d. 56 

Answer 46

A: IDEA uses a 128-bit key length.     

Question 47

47. The cryptographic system that uses key pairs, where one key is kept secret and one is freely and publicly distributed is known as? a. symmetric cryptosystem b. asymmetric cryptosystem c. digital signature cryptosystem d. message digest cryptosystem 

Answer 47

B: An asymmetric cryptosystem is one that uses key pairs, where one key is kept secret and one is freely and publicly distributed. 

Question 48

48. Which of the following is not a benefit of a public key cryptographic system? a. no need to exchange secret keys b. the private key cannot be derived from the public key c. no need to perform key distribution d. when one of the keys in a key pair is used to encrypt a message, only the key's partner can be used to decrypt that message 

Answer 48

C: Public key cryptographic systems still require some form of key distribution in order to get the public keys out in the public so recipients of messages can use them to decrypt messages encrypted with a communication partner's private key.     

Question 49

49. What cryptographic system is dependant upon the use of a trapdoor one-way function? a. symmetric key cryptography b. message digest algorithms c. Cryptosystems relying upon key exchange d. asymmetric key cryptography 

Answer 49

D: Asymmetric key cryptography (public key cryptography) is dependant upon the use of a trapdoor one-way function.     

Question 50

50. Which of the following is not an encryption system designed to provide security for Internet based e-mail? a. Privacy Enhanced Mail (PEM) b. MIME Object Security Services (MOSS) c. Pretty Good Privacy (PGP) d. Secure Electronic Transaction (SET) 

Answer 50

D: SET is an e-commerce encryption protocol for used in Web transactions, not e-mail.     

Question 51

51. Which of the following used IDEA for encryption? a. Pretty Good Privacy (PGP) b. MIME Object Security Services (MOSS) c. Privacy Enhanced Mail (PEM) d. Secure Electronic Transaction (SET) 

Answer 51

A: PGP uses IDEA for encryption.     

Question 52

52. Which of the following is similar to a cyclic redundancy check (CRC) that is appended to a message prior to transmission to ensure integrity? a. Secure Electronic Transaction (SET) b. Financial Institution Message Authentication Standard (FIMAS) c. MIME Object Security Services (MOSS) d. Transaction Layer Security (TLS) 

Answer 52

B: FIMAS is similar to a cyclic redundancy check (CRC) that is appended to a message prior to transmission to ensure integrity.    

Question 53

53. ________ authenticates the server to the client using RSA public key cryptography and digital certificates, uses 3DES and MD5 hash functions, and can be used to provide security communications for Telnet, FTP, and HTTP. a. MONDEX b. Message Authentication Code (MAC) c. Secure Sockets Layer (SSL) d. Secure Multipurpose Internet Mail Extensions (S/MIME) 

Answer 53

C: SSL (and TLS) authenticates the server to the client using RSA public key cryptography and digital certificates, uses 3DES and MD5 hash functions, and can be used to provide security communications for Telnet, FTP, and HTTP. 

Question 54

54. Which of the following is not true in regards to hash functions? a. Its secrecy and security is in its one-way-ness b. the hash function algorithm is publicly known c. the original plaintext can be reconstructed from the hash value or message digest d. produces a fixed length hash value no matter what the length of the inputted plaintext 

Answer 54

C: The original plaintext cannot be reconstructed from the hash value or message digest.      

Question 55

55. Which of the following is not true? a. A message can be encrypted for confidentiality.  b. A message can be digitally signed for authentication and integrity. c. A message can be encrypted and digitally signed for confidentiality, integrity, and authentication. d. A message can be hashed for confidentiality. 

Answer 55

D: A message can be hashed for integrity, not confidentiality. 

Question 56

56. Which of the following hash functions results in a 160-bit hash value? a. SHA-1 b. Haval c. MD5 d. MD2 

Answer 56

A: SHA-1 produces a 160-bit hash value.    

Question 57

57. Which of the following are the two components that comprise IPSec? a. RARP and ARP b. IGMP and RIP c. TCP and UDP d. AH and ESP 

Answer 57

D: AH (Authentication Header) and ESP (Encapsulated Security Payload) are the two components of IPSec.     

Question 58

58. IPSec is able to provide all but which of the following? a. availability b. encryption c. non-repudiation d. authentication 

Answer 58

A: IPSec does not provide for availability.    

Question 59

59. In which IPSec mode is the data of the IP packet encrypted but the original header is not? a. Tunnel mode b. Transport mode c. VPN mode d. Link mode 

Answer 59

B: In IPSec transport mode, the data of the IP packet is encrypted, but the original header is not.     

Question 60

60. Which of the following is not a protocol used by IPSec for key management? a. ISAKMP (Internet Security Association and Key Management Protocol) b. Oakley Key Determination Protocol c. Merkle-Hellman Knapsack d. SKEME (Secure Key Exchange Mechanism) 

Answer 60

C: Merkle-Hellman Knapsack is not a public key algorithm found in the Internet Key Exchange (IKE) of IPSec.    

Question 61

61. Which of the following is an alternative to SSL to provide secure Web transactions? a. Internet Key Exchange (IKE) b. Internet Secure Trading Protocol (ISTP) c. Financial Institution Message Authentication Standard (FIMAS) d. Secure Hypertext Transfer Protocol (S-HTTP) 

Answer 61

D: S-HTTP is an alterative to SSL to provide secure Web transactions. 

Question 62

62. All but which of the following statements are true? a. Key length should be long enough to provide the necessary level of protection for the encrypted data.  b. Keys need not be stored and transmitted securely, as long as they are long enough. c. Keys should be truly random and use the full spectrum of the key space.  d. The more often a key is used, the shorter its lifetime should be.  

Answer 62

B: Keys need to be stored and transmitted securely, otherwise the system offers no assurance of security.    

Question 63

63. Which of the following is not a primary goal of e-mail security based on encryption? a. non-repudiation b. authentication of the message source c. guarantee of availability d. message integrity 

Answer 63

C: Encryption in any form, including that developed for e-mail systems, is not capable of providing availability.    

Question 64

64. 11 The authentication header (AH) of IPSec provides for all but which of the following? a. Non-repudiation b. Encryption c. Authentication d. Integrity 

Answer 64

B: The AH component of IPSEC does not provide confidentiality that encryption would provide that would be the benefits of the ESP.  

Question 65

65. The birthday attack is primarily focused on what types of cryptography? a. asymmetric keys b. symmetric keys c. hash values d. digital signatures 

Answer 65

C: The birthday attack is primarily used against hash values, message digests, and hash functions.

Question 66

66. Which of the following is considered a secure replacement for telnet? a. Secure Shell (SSH-2) b. Secure Multipurpose Internet Mail Extensions (S/MIME) c. Secure Electronic Transaction (SET) d. Secure Wide Area Network(S/WAN) 

Answer 66

A: SSH-2 is a secure replacement for telnet.     

Question 67

67. Which of the following is not true? a. Data moving across a Wireless Application Protocol (WAP) gateway will be converted from WTLS to SSL b. Data is temporarily in the clear on a Wireless Application Protocol (WAP) gateway c. The Wireless Application Protocol (WAP) protocol stack includes IPSec.  d. Authentication and authorization can be performed by wireless devices through PKI enabled transactions 

Answer 67

C: The Wireless Application Protocol (WAP) protocol stack does not include IPSec.     

Question 68

68. Within a public key cryptosystem, which of the following is true? a. Requires the exchange of secret keys b. A public key cannot be used to decrypt a message that it was used to encrypt. c. The private key can be derived from the public key. d. The private key can decrypt data encrypted by the public key, but the public key cannot decrypt data encrypted by the private key. 

Answer 68

B: This is a true statement.      

Question 69

69. Public key cryptosystems are possible because they incorporate _________ that allows for a reversal of a one-way function in order to decrypt messages. a. Fixed length hashes b. Unknown key solutions c. Random initialization vectors d. Trapdoors 

Answer 69

D: Public key cryptosystems are possible because they incorporate trapdoors that allows for a reversal of a one-way function in order to decrypt messages.  

Question 70

70. What public key algorithm is based on the difficulty of factoring a number which is the product of two very large prime numbers? a. RSA b. El Gamal c. RC5 d. LEAF 

Answer 70

A: RSA is the public key algorithm that is based on the difficulty of factoring a number which is the product of two very large prime numbers.  

Question 71

71. What form of encryption is best suited for hardware applications because it requires less computational power, has lower memory requirements, and offers a more security with a smaller key size? a. Merkle-Hellman Knapsack b. Elliptic curve algorithms  c. trapdoor one-way function d. IDEA cipher 

Answer 71

B: Elliptic curve algorithms are best suited for hardware applications because it requires less computational power, has lower memory requirements, and offers a more security with a smaller key size.   

Question 72

72. Which of the following hash algorithms supports a variable hash value length output? a. HAVAL b. SHA c. HMAC (Hash Message Authenticating Code) d. MD4 

Answer 72

A: HAVAL supports a variable hash value length output.

Question 73

73. What single sign-on mechanisms uses DES as its encryption scheme? a. SEASAME b. KryptoKnight c. NetSP d. Kerberos

Answer 73

D: Kerberos uses DES.     

Question 74

74. What form of cryptographic attack attempts to break a cryptosystem by trying every possible key pattern? a. known key attack b. key space attack c. sequential referenced attack d. brute force attack 

Answer 74

D: A brute force attack attempts to break a cryptosystem by trying every possible key pattern.     

Question 75

75. What attack attempts to break double encryption schemes by comparing the results of single encrypting known plaintext with a single decryption of ciphertext? a. meet-in-the-middle b. known plaintext c. linear cryptanalysis  d. chosen ciphertext 

Answer 75

A: A meet-in-the-middle attack attempts to break double encryption schemes by comparing the results of a single encrypting a known plaintext with a single decryption of a ciphertext. 

Question 76

76. The primary goal of cryptographic attacks is to? a. explore the key space b. discover the key c. discover the algorithm d. transmit faked encrypted messages 

Answer 76

B: The primary goals of cryptographic attacks are to discover the key used or to extract the original plaintext.     

Question 77

77. The Pretty Good Privacy e-mail encryption tool relies upon what encryption mechanism? a. AES b. Triple DES c. IDEA cipher d. TwoFish 

Answer 77

C: PGP relies upon the IDEA cipher.      

Question 78

78. PKI or Public Key Infrastructure is defined as? a. A set of encryption algorithms b. A collection of public and private keys c. A mechanism to encrypt and decrypt data d. A framework to establish secure communications. 

Answer 78

D: PKI is a framework to establish secure communications.   

Question 79

79. What is the primary purpose of a CA or Certificate Authority? a. Issue and manage public key certificates b. To standardize the size of encryption keys. c. Validate a subject's shared secret key d. Control and support e-commerce 

Answer 79

A: This is the primary purpose of a CA.      

Question 80

80. X.509 is most closely associated with which of the following? a. Certificates b. DNS c. Encryption d. Firewalls 

Answer 80

A: X.509 is the standard for certificates.     

Question 81

81. AES is based on what standard symmetric encryption block cipher? a. Rijendael b. RC5 c. Twofish d. Diffe-Hellman 

Answer 81

A: Rijendael was the chosen symmetric encryption block cipher which AES is based.     

Question 82

82. What block size is not used by RC5? a. 32 bits b. 64 bits c. 96 bits d. 128 bits 

Answer 82

C: RC5 does not use a96 bit block size.     

Question 83

83. What encryption scheme was developed by Netscape to provide a means to secure Web communications? a. HTTPS b. TLS c. MOSS d. SSL 

Answer 83

D: SSL was developed by Netscape to provide a means to secure Web communications.     

Question 84

84. What is it called when two different messages generate the same hash value? a. Convergence b. Collision c. Collusion d. Knapsack referral 

Answer 84

B: A collision is when two different messages generate the same hash value.  

Question 85

85. The bit size of the algorithm used by RSA is what? a. variable b. Fixed c. Time coded d. Randomly generated 

Answer 85

A: The bit size of the algorithm used by RSA is variable. It can range from 512 bits to 2,048 bits as needed.

Question 86

86. Elliptic curve cryptosystems can be employed as all but which of the following? a. Encryption b. Digital signature c. Key distribution d. Hash functions

Answer 86

D: ECC cannot be used as a hash function.

Question 87

87.  A certificate typically includes all but which of the following? a. Serial number b. Lifetime dates c. Physical location of the subject d. Signature of the issuing authority 

Answer 87

C: The physical location of the subject is not typically an element of a certificate. However, a verifiable address is often a component of identity verification for some high-security certificates.

Question 88

88. A one-way hash function when used against a message delivered via PKI provides proof of what? a. confidentiality b. Non-repudiation c. Availability d. Integrity  

Answer 88

D: One-way hash functions when used on a message prove integrity.  

Question 89

89. What tool or mechanism is used to detect unauthorized changes to a delivered message? a. Digital signature b. Digital certificate c. Public key  d. Trap door function 

Answer 89

A: A digital signature is used to verify the integrity of a message.

Question 90

90. What message protection methods must be employed to provide confidentiality, integrity, and authentication while requiring the least amount of work? a. Hashing the message b. Encrypting the message c. Digitally signing the message d. Encrypting and digitally signing the message 

Answer 90

D: Encrypting and digitally signing the message is minimally required to provide confidentiality, integrity, and authentication.

Question 91

91. When an attacker is able to successfully position themselves within the communications stream between a sender and a receiver so that the attacker exchanges secured communications with each without either party being aware of the attacker's present is known as? a. Brute force b. Spoofing c. Spamming d. Man-in-the-middle 

Answer 91

D: When an attacker is able to successfully position themselves within the communications stream between a sender and a receiver so that the attacker exchanges secured communications with each without either party being aware of the attacker's present is known as a man-in-the-middle attack.

Question 92

92. Which of the following is a symmetric algorithm? a. HAVAL b. RSA c. DES d. SHA-1 

Answer 92

C: DES is a symmetric algorithm.     

Question 93

93. The Clipper Chip is designed for use where? a. Computers b. Network switches c. Telephones d. Satellite links 

Answer 93

C: The clipper chip was designed as an eavesdropping device in low-speed communication systems, such as the telephone system.   

Question 94

94. Which of the following is an initiative to define a standard IPSec implementation for VPNs and to promote the use of VPNs on the Internet? a. IKE b. S/WAN c. SONET d. SMDS 

Answer 94

B: S/WAN is an initiative to define a standard IPSec implementation for VPNs and to promote the use of VPNs on the Internet.    

Question 95

95. What is the most common form of attack against encrypted communications? a. Eavesdropping b. Man-in-the-middle c. Cyphertext-only attack d. Replay attack 

Answer 95

C: The most common form of attack against encrypted communications is a cyphertext-only attack.  

Question 96

96. Replay attacks against encrypted communications can be actively prevented using all but which of the following countermeasures? a. Auditing b. Validating session sequencing  c. Time stamps d. Kerberos 

Answer 96

A: Auditing may determine that a replay attack has occurred, but it does not actively prevent replay attacks.    

Question 97

97. What type of encryption is most effective at blocking eavesdropping attacks? a. Link b. S/MIME c. Authentication header d. File encryption 

Answer 97

A: Link encryption is the most effective protection against eavesdropping.

Question 98

98. What Web communication technology is used to provide protection for individual documents rather than an entire session? a. SSL b. S-HTTP c. TLS d. MOSS 

Answer 98

B: S-HTTP is an alternative for SSL which protects individual documents rather than an entire session.    

Question 99

99. Which of the following is not an e-mail security mechanism? a. SMIME b. MOSS c. SET d. PEM

Answer 99

C: SET is an e-commerce security mechanism.    

Question 100

100. Which of the following is the best rule of thumb to follow when designing or implementing a key management system? a. Use the key that is easiest to remember b. Use the key length that will provide just enough security for the environment c. Keys should be partly random and partly time code based d. Key should be completely time code based. 

Answer 100

B: Use the key length that will provide just enough security for the environment is the best rule of thumb to follow when implementing key management.    

Question 101

101. The authentication header (AH) of IPSec provides for all but which of the following? a. Encryption b. Integrity c. Authentication d. Non-repudiation 

Answer 101

A: The Encapsulating Security Payload (ESP) not AH, provides for encryption within IPSec.    

Question 102

102. Which of the following is a secured alternative to Telnet? a. SMIME b. SESAME c. SSH d. TFTP 

Answer 102

C: SSH or Secure Shell is a secure replacement for Telnet.

Question 103

103. What is the key length of 3DES? a. 56 bits b. 64 bits c. 128 bits d. 168 bits 

Answer 103

D: The key length of 3DES is 168 bits (three times 56 bits for DES)  

Question 104

104. The hashing function, in relation to input and output size, is what type of function? a. One to one b. Many to one c. One to many d. Many to many 

Answer 104

B: A hash function is a many to one function. It can take any message of any length and create a fixed length output digest.    

Question 105

105. IKE, the key management process of IPSec, is comprised of all but which of the following? a. KDC (Key Distribution Center) b. ISAKMP (Internet Security Association and Key Management Protocol) c. SKEME (Secure Key Exchange Mechanism) d. Oakley Key Determination Protocol 

Answer 105

A: KDC is not part of IKE, it is a component of Kerberos.

Question 106

106. Which of the following is true of AES? a. AES uses very large keys and needs significant computing power to function efficiently. b. AES is very fast and offers very secure encryption.  c. AES includes a LEAF backdoor. d. AES is used as the primary encryption scheme of the Clipper Chip.

Answer 106

B: This is a true statement.

Question 107

107. Which of the following uses a 160 bit hash value? a. Haval b. MD5 c. MD2 d. SHA-1 1 

Answer 107

D: SHA-1 uses a 160 bit hash value.