Which algorithm can ensure data integrity?
RSA
AES
MD5
PKI
MD5
What is the keyspace of an encryption algorithm?
a) The set of all possible values used to generate a key
b) The set of procedures used to calculate asymmetric keys
c) The set of hash functions used to generate a key
d) The mathematical equation that is used to create a key
Answer:
a) The set of all possible values used to generate a key
Explanation:
An n-bit key yields a keyspace with 2ⁿ possible key values.
Cisco Explanation:
The keyspace of an encryption algorithm is the set of all possible key values. Keys with n bits produce a keyspace with 2^ n possible key values.
Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign so Bob can verify it came from Alice?
a) Private key from Bob
b) Private key from Alice
c) Public key from Bob
d) Username and password from Alice
Answer:
b) Private key from Alice
Explanation:
The signer uses their private key to create the signature; others verify with the signer’s public key.
Which three security services are provided by digital signatures? (Choose three.)
a) Provides nonrepudiation using HMAC functions
b) Guarantees data has not changed in transit
c) Provides data encryption
d) Authenticates the source
e) Provides confidentiality of digitally signed data
f) Authenticates the destination
Answer:
b) Guarantees data has not changed in transit
d) Authenticates the source
Provides nonrepudiation of transactions
Explanation:
Digital signatures provide authentication, integrity, and non-repudiation.
Cisco Explanation:
Digital signatures are a mathematical technique used to provide three basic security services. Digital signatures have specific properties that enable entity authentication and data integrity.
In addition, digital signatures provide nonrepudiation of the transaction. In other words, the digital signature serves as legal proof that the data exchange did take place.
What is another name for confidentiality of information?
a) Consistency
b) Trustworthiness
c) Accuracy
d) Privacy
Answer:
d) Privacy
Explanation:
Confidentiality is another term for privacy, ensuring information is accessible only to authorised users.
Cisco Explanation:
Privacy is another name for confidentiality. Accuracy, consistency, and trustworthiness describe integrity of data.
As data is being stored on a local hard disk, which method would secure it from unauthorised access?
a) A duplicate hard drive copy
b) Deletion of sensitive files
c) Two-factor authentication
d) Data encryption
Answer:
d) Data encryption
Explanation:
Encryption protects stored data by converting it into an unreadable form unless decrypted by an authorised user.
Cisco Explanation:
Data encryption is the process of converting data into a form where only a trusted, authorized person with a secret key or password can decrypt the data and access the original form.
What popular encryption algorithm requires that both the sender and receiver know a pre-shared key?
a) PKI
b) MD5
c) AES
d) HMAC
Answer:
c) AES
Explanation:
AES is symmetric; both parties share the same secret key.
Cisco Explanation:
MD5 is a hashing algorithm that guarantees that no one intercepted the message and altered it.
Advanced Encryption Standard (AES) is a popular symmetric encryption algorithm where each communicating party needs to know the pre-shared key.
Public key infrastructure (PKI) is an asymmetric encryption algorithm based on the assumption that the two communicating parties have not previously shared a secret key.
HMAC is a hash message authentication code that guarantees that the message is not a forgery and actually comes from the authentic source.
In which method used in cryptanalysis does the attacker know a portion of the plaintext and the corresponding ciphertext?
a) Meet-in-the-middle
b) Brute-force
c) Chosen-plaintext
d) Ciphertext
Answer:
a) Meet-in-the-middle
Explanation:
In a meet-in-the-middle attack, the attacker knows some plaintext–ciphertext pairs and uses them to reduce the complexity of cracking the encryption.
Cisco Explanation:
There are several methods used in cryptanalysis:
- Brute-force: The attacker tries every possible key knowing that eventually one will work.
- Ciphertext: The attacker has ciphertext but no knowledge of plaintext.
- Known-Plaintext: The attacker has access to ciphertext and some plaintext.
- Chosen-Plaintext: The attacker chooses data to be encrypted and observes the output.
- Meet-in-the-Middle: The attacker knows part of the plaintext and the corresponding ciphertext.
Match the disciplines or roles to the descriptions.
Answer:
Cryptanalyst — individuals who try to crack secret codes
Cryptology — the science of making and breaking secret codes
Cryptography — the development and use of codes
Cryptanalysis — testing the strength of security by breaking secret codes
Explanation:
Cryptography covers making and using codes, while cryptanalysis is focused on breaking them.
Cisco Explanation:
Place the options in the following order:
Cryptanalyst — individuals who try to crack secret codes
Cryptology — the science of making and breaking secret codes
Cryptography — the development and use of codes
Cryptanalysis — testing the strength of security by breaking secret codes
What technology supports asymmetric key encryption used in IPsec VPNs?
a) 3DES
b) IKE
c) SEAL
d) AES
Answer:
b) IKE
Explanation:
Internet Key Exchange (IKE) establishes secure sessions and supports asymmetric encryption for IPsec VPNs.
Cisco Explanation:
IKE, or Internet Key Exchange, is a protocol to support asymmetric encryption algorithms. It is used to securely exchange encryption keys in the setup of IPsec VPNs.
What are two symmetric encryption algorithms? (Choose two.)
a) 3DES
b) MD5
c) AES
d) HMAC
e) SHA
Answer:
a) 3DES
c) AES
Explanation:
Symmetric algorithms use the same key for encryption and decryption.
Cisco Explanation:
MD5, HMAC, and SHA are hashing algorithms. 3DES and AES are symmetric encryption algorithms.
Which two items are used in asymmetric encryption? (Choose two.)
a) A token
b) A TPM
c) A private key
d) A DES key
e) A public key
Answer:
c) A private key
e) A public key
Explanation:
Asymmetric encryption relies on a key pair: a public key for encryption and a private key for decryption.
Cisco Explanation:
A token is something that is used to provide two-factor authentication. DES is using an identical key to encrypt and decrypt. Asymmetric encryption uses a private key associated with a public key.
What are two properties of a cryptographic hash function? (Choose two.)
a) Complex inputs will produce complex hashes
b) Hash functions can be duplicated for authentication purposes
c) The hash function is one way and irreversible
d) The input for a particular hash algorithm has to have a fixed size
e) The output is a fixed length
Answer:
c) The hash function is one way and irreversible
e) The output is a fixed length
Explanation:
A hash function always produces a fixed-length output and is designed to be irreversible.
Cisco Explanation:
A cryptographic hash function should have the following properties:
The input can be any length.
The output has a fixed length.
The hash value is relatively easy to compute.
The hash is one way and not reversible.
The hash is collision-free, meaning two different inputs produce different hash values.
Which statement describes asymmetric encryption algorithms?
a) They have key lengths ranging from 80 to 256 bits.
b) They include DES, 3DES, and AES.
c) They are also called shared-secret key algorithms.
d) They are relatively slow because they are based on difficult computational algorithms.
Answer:
d) They are relatively slow because they are based on difficult computational algorithms.
Explanation:
Asymmetric encryption uses complex mathematical algorithms and larger key sizes, which makes it slower than symmetric encryption.
Cisco Explanation:
DES, 3DES, and AES are symmetric encryption algorithms. Asymmetric algorithms are relatively slow because they are based on difficult computational algorithms.
In which two cases might an organization use PKI applications to securely exchange information between users? (Choose two.)
a) HTTPS web service
b) 802.1x authentication
c) Local NTP server
d) FTP transfers
e) File and directory access permission
Answer:
a) HTTPS web service
b) 802.1x authentication
Explanation:
PKI supports encrypted communications and authentication through digital certificates, used in HTTPS and 802.1x.
Cisco Explanation:
Common PKI applications include:
SSL/TLS certificate-based authentication
IPsec VPNs
HTTPS Web traffic
Network access control with 802.1x authentication
Secure email using S/MIME
Code signing and EFS encryption
Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure?
a) The users must obtain the certificate of the CA and then their own certificate.
b) The CA is always required, even after user verification is complete.
c) CA certificates are retrieved out-of-band using PSTN, and authentication is done in-band.
d) After user verification is complete, the CA is no longer required, even if one of the certificates expires.
Answer:
a) The users must obtain the certificate of the CA and then their own certificate.
Explanation:
Each user gets their certificate from a CA, which verifies and signs it. Once issued, users can authenticate each other using the CA’s public key.
Cisco Explanation:
When two users authenticate using certificates, both obtain their digital certificate from a CA. After installation, they exchange certificates and verify each other using the CA’s public key. Once verified, the CA is no longer needed for communication.
The following message was encrypted using a Caesar cipher with a key of 2:
“fghgpf vjg ecuvng”
a) Invade the castle
b) Defend the castle
c) Defend the region
d) Invade the region
Answer:
b) Defend the castle
Explanation:
Shifting each letter back by two (the cipher key) reveals the plaintext “defend the castle.”
Cisco Explanation:
If the Caesar cipher key is 2, each letter is moved two spaces to the right. Thus “f” becomes “d”, “g” becomes “e”, etc. The decrypted plaintext reads “defend the castle.”
In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself?
a) From the root CA or another subordinate CA at a higher level
b) From the root CA or another subordinate CA at the same level
c) From the root CA or from self-generation
d) From the root CA only
e) From the root CA or another subordinate CA anywhere in the tree
Answer:
a) From the root CA or another subordinate CA at a higher level
Explanation:
A subordinate CA must be issued a certificate by a higher-level CA in the hierarchy.
Cisco Explanation:
In a hierarchical CA topology, subordinate CAs can receive certificates from the root CA or a higher-level subordinate CA. Only the root CA can issue a self-signed certificate.
What is the purpose for using digital signatures for code signing?
a) To establish an encrypted connection to exchange confidential data with a vendor website
b) To verify the integrity of executable files downloaded from a vendor website
c) To authenticate the identity of the system with a vendor website
d) To generate a virtual ID
Answer:
b) To verify the integrity of executable files downloaded from a vendor website
Explanation:
Code signing ensures the file hasn’t been altered and confirms its authenticity before execution.
Cisco Explanation:
Code signing is used to verify the integrity of executable files downloaded from a vendor website. Code signing uses digital certificates to authenticate and verify the identity of a website.
What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?
a) Digital signatures
b) Hashing algorithms
c) PKI certificates
d) Symmetric keys
Answer:
c) PKI certificates
Explanation:
Public Key Infrastructure (PKI) uses trusted third parties (Certificate Authorities) to issue verifiable digital identities.
Cisco Explanation:
A PKI Certificate Authority is a trusted third-party entity that issues PKI certificates. PKI provides authenticity, confidentiality, integrity, and nonrepudiation services that scale to large environments.
Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?
a) Nonrepudiation
b) Authentication
c) Integrity
d) Confidentiality
Answer:
c) Integrity
Explanation:
Hash functions like MD5 and SHA verify data integrity, ensuring information hasn’t been modified in transit.
Cisco Explanation:
Integrity is ensured by implementing either MD5 or SHA hash generating algorithms. Many modern networks ensure authentication with HMAC, while confidentiality is maintained through encryption algorithms like DES, 3DES, and AES.
What is an example of the one-time pad cipher?
a) RC4
b) Rail fence
c) Caesar
d) Vigenère
Answer:
a) RC4
Explanation:
RC4 is a stream cipher that can function as a one-time pad when the key stream is random and used once.
Cisco Explanation:
RC4 is an example of the one-time pad cipher. The Caesar cipher is a simple substitution cipher, and the Vigenère cipher is based on Caesar’s method. The rail fence cipher is an example of a transposition cipher.
A company is developing a security policy for secure communication. In the exchange of critical messages between offices, a hash value should only be recalculated with a predetermined code, ensuring the validity of the data source. Which aspect of secure communications is addressed?
a) Data integrity
b) Nonrepudiation
c) Data confidentiality
d) Origin authentication
Answer:
d) Origin authentication
Explanation:
Origin authentication ensures that the message truly comes from the stated sender.
Cisco Explanation:
Secure communications consist of four elements:
Data confidentiality – guarantees only authorised users can read the message.
Data integrity – ensures the message wasn’t altered.
Origin authentication – confirms the message’s source is legitimate.
Data nonrepudiation – ensures the sender cannot deny sending it.
What is the purpose of a digital certificate?
a) It guarantees that a website has not been hacked.
b) It provides proof that data has a traditional signature attached.
c) It ensures that the person accessing a network device is authorised.
d) It authenticates a website and establishes a secure connection to exchange confidential data.
Answer:
d) It authenticates a website and establishes a secure connection to exchange confidential data.
Explanation:
A digital certificate verifies a website’s authenticity and enables secure encrypted communication (e.g., HTTPS).
Cisco Explanation:
Digital signatures commonly use digital certificates to verify the identity of the originator. These certificates authenticate a vendor website and establish an encrypted connection to exchange confidential data, such as when logging into a financial institution online.
-
Questions58
-
Chapter 1 Questions24
-
Chapter 2 Questions25
-
Chapter 3 Questions23
-
Chapter 4 Questions25
-
Module 1-4 Questions73
-
Modules 5-765
-
Modules 8-1049
-
Modules 13-1452
-
Firewalls47
-
Tutorial 611
-
Modules 11-1222
-
Modules 15-1724
-
Modules 18-1922
-
Modules 20-2221
-
Network Security Practice Final64
-
Tutorial Week 913
-
Tutorial 824
-
Tutorial 710
-
Mock Theory A14
-
Internet Security Theory Exam 22/2315
-
Internet Secuirty Theory Exam 25-2615
