Cryptography Concepts and Algorithms

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process.
Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?

A. 768 bit key B. 1536 bit key C. 2048 bit key D. 1025 bit key

After gaining access to the password hashes used to protect access to a web-based application, the
knowledge of which cryptographic algorithms would be useful to gain access to the application?

A. Diffie-Helman B. RSA C. SHA1 D. AES

Which of the following is an example of an asymmetric encryption implementation?

A. SHA1 B. PGP C. 3DES D. MD5

Anyone can send an encrypted message to Bob but only Bob can read it. Using PKI, when Alice
wishes to send an encrypted message to Bob, she looks up Bob’s public key in a directory, uses it
to encrypt the message, and sends it off. Bob then uses his private key to decrypt the message and
read it. No one listening in can decrypt the message. Thus, although many people may know the
public key of Bob and use it to verify Bob’s signatures, they cannot discover Bob’s private key and
use it to forge digital signatures. This is referred to as the principle of:

A. Irreversibility B. Non-repudiation C. Symmetry D. Asymmetry

Which property ensures that a hash function will not produce the same hashed value for two
different messages?

A. Collision resistance B. Bit length C. Key strength D. Entropy

Which of the following is optimized for confidential communications, such as bidirectional voice
and video?

A. RC4 B. RC5 C. MD4 D. MD5

Advanced encryption standard is an algorithm used for which of the following?

A. Data integrity B. Key discovery C. Bulk data encryption D. Key recovery

What is the primary drawback of using Advanced Encryption Standard (AES) algorithm with a 256-
bit key to share sensitive data?

A. Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient
communication.
B. To get messaging programs to function with this algorithm requires complex configurations.
C. It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.
D. It is a symmetric key algorithm, meaning each recipient must receive the key through a
different channel than the message.

When setting up a wireless network, an administrator enters a preshared key for security. Which
of the following is true?

A. The key entered is a symmetric key used to encrypt the wireless data.
B. The key entered is a hash that is used to prove the integrity of the wireless data.
C. The key entered is based on the Diffie-Hellman method.
D. The key is an RSA key used to encrypt the wireless data.

What is the default port used by IPSEC IKE protocol?

A. Port 500 B. Port 4500 C. Port 50 D. Port 51

Public Key Infrastructure (PKI)

Which of the following defines the role of a root certificate authority (CA) in a public key
infrastructure (PKI)?

A. The root CA is the recovery agent used to encrypt data when a user's certificate is lost.
B. The root CA stores the user's hash value for safekeeping.
C. The CA is the trusted root that issues certificates.
D. The root CA is used to encrypt e-mail messages to prevent unintended disclosure of data.

A network security administrator is worried about potential man-in-the-middle attacks when users
access a corporate website from their workstations. Which of the following is the best
remediation against this type of attack?

A. Requiring strong authentication for all DNS queries

B. Implementing server-side PKI certificates for all connections
C. Requiring client and server PKI certificates for all connections
D. Mandating only client-side PKI certificates for all connections

Company A and Company B have just merged and each has its own public key infrastructure (PKI).
What must the certificate authorities (CAs) establish so that the private PKIs for Company A and
Company B trust one another and each private PKI can validate digital certificates from the other
company?

A. Poly key exchange B. Cross certification C. Poly key reference D. Cross-site exchange

Which of the PKI components is responsible for issuing and verifying digital certificate?

A. Validation authority (VA) B. Certificate authority (CA)

C. Registration authority (RA) D. End user
A person approaches a network administrator and wants advice on how to send encrypted e-mail
from home. The end user does not want to have to pay for any license fees or manage server
services. Which of the following is the most secure encryption protocol that the network
administrator should recommend?

A. IP Security (IPsec) B. Multipurpose Internet Mail Extensions (MIME)

C. Pretty Good Privacy (PGP) D. Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

To send a PGP-encrypted message, which piece of information from the recipient must the sender
have before encrypting the message?

A. Recipient's private key B. Recipient's public key

C. Master encryption key D. Sender's public key

Which of the following describes a component of public key infrastructure (PKI) where a copy of a
private key is stored to provide third-party access and to facilitate recovery operations?

A. Directory B. Key registry C. Recovery agent D. Key escrow

Which element of public key infrastructure (PKI) verifies the applicant?

A. Certificate authority B. Validation authority

C. Registration authority D. Verification authority

Steve is the new CISO for a global corporation; he hired Dayna as a security consultant to do a
security assessment. Steve wants to protect the corporate webpage with encryption and asks
Dayna about the procedure to do that. Which of the following is the correct option?

A. You need to use digital certificates. B. You need to use digital signature.
C. You need to use quantum encryption. D. You need to use Blowfish encryption.

For messages sent through an insecure channel, a properly implemented digital signature gives the
receiver reason to believe the message was sent by the claimed sender. While using a digital
signature, the message digest is encrypted with which key?

A. Receiver's public key B. Sender's public key

C. Sender's private key D. Receiver's private key

Which of the following is a characteristic of public key infrastructure (PKI)?

A. Public-key cryptosystems are faster than symmetric-key cryptosystems.

B. Public-key cryptosystems distribute public-keys within digital signatures.
C. Public-key cryptosystems do not require a secure key distribution channel.
D. Public-key cryptosystems do not provide technical nonrepudiation via digital signatures.

Which of the following contains a public key and the identity of the owner and the corresponding
private key is kept secret by the certification authorities?

A. Validation authority (VA) B. Self-signed certificate

C. Signed certificates D. Registration authority (RA)

A certificate authority (CA) generates a key pair that will be used for encryption and decryption of
e-mails. The integrity of the encrypted e-mail is dependent on the security of which of the
following?

A. Modulus length B. Private key C. Email server certificate D. Public key

Cryptography Attacks
Which of the following cryptography attack methods is usually performed without the use of a
computer?

A. Ciphertext-only attack B. Chosen key attack

C. Rubber hose attack D. Rainbow table attack

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. Which
cryptanalytic technique can the attacker use now in his attempt to discover the encryption key?

A. Birthday attack B. Known plaintext attack

C. Meet in the middle attack D. Chosen ciphertext attack

An attacker has captured a target file that is encrypted with public key cryptography. Which of the
attacks below is likely to be used to crack the target file?

A. Timing attack B. Replay attack

C. Memory trade-off attack D. Chosen plain-text attack

Which of the following cryptanalysis methods is applicable to symmetric key algorithms?

A. Linear cryptanalysis B. Differential cryptanalysis

C. Integral cryptanalysis D. Frequency Cryptanalysis

An attacker tries to recover the plaintext of a message without knowing the required key in
advance. For this he may first try to recover the key, or may go after the message itself by trying
every possible combination of characters. Which code breaking method is he using?

A. Brute force B. Frequency analysis C. One-time pad D. Trickery and deceit

In which of the following attacks, can an attacker obtain ciphertexts encrypted under two different
keys and gather plaintext and matching ciphertext?

A. Ciphertext-only attack B. Adaptive chosen-plaintext attack

C. Related-key attack D. Chosen-plaintext attack

An attacker breaks an n bit key cipher into 2 n/2 number of operations in order to recover the key.
Which cryptography attack is he performing?

A. Known-plaintext attack B. Rubber hose attack

C. Chosen-key attack D. Timing attack

Out of the following attacks, which attack is a physical attack that is performed on a cryptographic
device/cryptosystem to gain sensitive information?

A. Side channel attack B. MITM attack

C. Hash collision attack D. DUHK attack

Which of the following attacks mainly affects any hardware/software using an ANSI X9.31 random
number generator (RNG)?

A. Hash collision attack B. DUHK attack

C. Rainbow table attack D. Side channel attack

Out of the following, identify the attack that is used for cracking a cryptographic algorithm using
multiple keys for encryption.

A. Meet-in-the-middle Attack B. Rainbow Table Attack

C. Side Channel Attack D. DUHK Attack

Which cipher encrypts the plain text digit (bit or byte) one by one?

A. Classical cipher B. Block cipher C. Modern cipher D. Stream cipher

The fundamental difference between symmetric and asymmetric key cryptographic systems is that
symmetric key cryptography uses__________________?

A. Multiple keys for non-repudiation of bulk data

B. Different keys on both ends of the transport medium
C. Bulk encryption for data transmission over fiber
D. The same key on each end of the transmission medium

Which of the following processes of PKI (public key infrastructure) ensures that a trust relationship
exists and that a certificate is still valid for specific operations?

A. Certificate issuance B. Certificate validation

C. Certificate cryptography D. Certificate revocation