Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
200 Cards in this Set
- Front
- Back
|
Blowfish is a symmetric block cipher that works on
|
64 -bit blocks of data and the key length of anywhere from 32 bits up to 448 bits.
|
|
|
In a Blowfish (symmetric block cipher) the data blocks go through
|
16 rounds of cryptographic functions
|
|
|
Bruce Schneier, the creator of blowfish has stated
|
Blowfish is un-patented, and will be remain so in all countries. The algorithm is placed in the public domain
|
|
|
RC4 (symmetric system) is one of the most commonly implemented
|
Stream Ciphers.
|
|
|
RC4 (Stream Cipher has a
|
Variable Key size and is used is SSL Protocol
|
|
|
RC4 was created by Ron Rivest in 1987 and was considered a trade secret for
|
RSA Data Security, Inc. until someone posted the source code on a miling list.
|
|
|
The stolen code of RC4 is sometimes implemented and refered to as
|
ArcFour or ARC4 because RC4 is trademarked.
|
|
|
RC4 algorithm is
|
Very Simple, Fast, and Efficient, which is why is became so popular.
|
|
|
What is the maximum key size for the RC5 algorithm (a blocke cipher)?
|
2040 bit. The block sizes used in RC5 are 32, 64 or 128 bits and the KEY size goes up to 2048 bits.
|
|
|
RC5 has a variety of parameters it can use for block size, key size and the number of rounds used.
|
The number of rounds can go up to 255
|
|
|
RC6 is a block cipher that was built upon
|
RC5. RC6 has all the attributes of RC5
|
|
|
What attribute is included in a X.509-certificate?
|
Distinguished name of the subject
|
|
|
What kind of certificate is used to validate a user identity?
|
Public key certificate
|
|
|
A code, as is pertains to cryptography:
|
Deals with linguistic units.
|
|
|
What is the primary role of smartcards in a PKI?
|
Tamper resistant, mobile storage and application of private keys of the users
|
|
|
Which protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec?
|
Authentication Header (AH)
|
|
|
Block ciphers operates on
|
- Fixed-size blocks of plaintext
- More suitable for software than hardware implementations - Block ciphers can be operated as a stream. |
|
|
Block Ciphers work of blocks of bits and
|
Stream Ciphers work on one bit at a time
|
|
|
Symmetric algorithm is used for
|
Bulk encryption, which means encrypting files and communication paths
|
|
|
Asymmetric Algorithm is used for
|
Key Distribution and Digital signatures
|
|
|
The Security service provided by Symmetric systems is
|
Confidentiality
|
|
|
The Security service provided Asymmetric systems are
|
Authentication and nonrepudation
|
|
|
Hybrid Encryption Methods is
|
The Use of public key encryption to secure a secret key, and message encryption using the secret key
|
|
|
In a message digest
|
- The original file cannot be created from the message digest.
- Two different files should not have the same message digest - Messages digests are usually of fixed size. |
|
|
A strong Cipher contains the right level of two main attributes namely
|
Confussion and Diffusion
|
|
|
Confusion is mainly carried out through
|
Substitution
|
|
|
Diffussion is mainly carried out through
|
Transposition
|
|
|
In a block Cipher the Randomness of the key values and the complexity of the mathematical functions dictate the
|
Level of Confusion and Diffusion involved
|
|
|
Diffusion takes place as individual bits of blocks are
|
Scrambled, or diffused throughout that block
|
|
|
Confusion is provided by carryoing out
|
Complex substitution functions
|
|
|
Block Ciphers use Diffusion and
|
Confusion in their methods
|
|
|
The block Cipher algorithm has two has TWO layers of Four-bit substitution boxes called
|
S-boxes. Each S-box contains a lookup table used by the algorithm as instructions on how the bits should be encrypted
|
|
|
Most block ciphers work with blocks of
|
32, 64 or 128 bits
|
|
|
A block of cipher perfoms
|
Mathematical functions on on blocks of bits
|
|
|
A stream Cipher treats a message as a stream of bits and
|
Performs Mathematical functions on each bit individually
|
|
|
When using a stream cipher, a Plaintext bit will be transformed into a
|
Different Ciphertext bit each time it is encypted
|
|
|
Stream Ciphers use Keystream generators
|
Keystream generators
|
|
|
Keystream generators produce
|
A Stream of bits that is XORed with the plaintext bits to produce Ciphertext
|
|
|
A one-way hash is a function that takes a Variable-Length string and a message and produces a
|
Fixed-Length value called a Hash Value
|
|
|
The hashing one-way function takes place without the use of
|
Any keys
|
|
|
The hashing algorith is not a secret - it is publicly known. The secrecy of the
|
One-way hashing function is its "One-Wayness". One way-hash functions are never used in reverse like the one-way function used in public key cryptography in which the security provided is based not knowing a trapdoor
|
|
|
What algorithm was DES derived from?
|
Lucifer.
|
|
|
Which ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING LARGE NUMBERS?
|
RSA
|
|
|
Multipurpose Internet Mail Extension (MIME) is a technical specification indicating how
|
Multimedia data and e-mail attachments are to be transferred.
|
|
|
If a messgae or document contains a Binary attachment
|
Multipurpose Internet Mail Extension (MIME) dictates how that portion of the messgae should be handled.
|
|
|
Secure Multipurpose Internet Mail Extension (S/MIME) is a standard for
|
Encrypting and digitally signing electonic mail and for providing secure data transmissions.
|
|
|
S/MIME follows the
|
Public Key Cryptography Standards (PKCS)
|
|
|
S/MIME provides Confidentiality through
|
Encryption algorithms
|
|
|
S/MIME provides Integrity through
|
Hashing algorithms
|
|
|
S/MIME provides Authentication through the use of
|
X.509 public key certificates
|
|
|
S/MIME provides Nonrepudation through
|
Cryptographically signed message digests
|
|
|
Which is NOT a suitable method for distributing certificate revocation information?
|
CA revocation mailing list
|
|
|
suitable method for distributing certificate revocation information are
|
- Delta CRL
- OCSP (online certificate status protocol) - Distribution point CRL |
|
|
Which statements pertaining to stream ciphers is correct?
|
A stream cipher generates what is called a keystream.
|
|
|
True 3DES mods are
|
- DES-EEE2 uses two keys
-DES-EEE3 uses three keys -DES-EDE2 uses two keys -DES-EDE3 uses three keys |
|
|
What does the directive of the European Union on Electronic Signatures deal with?
|
Non repudiation
|
|
|
Which would best define a Digital envelope?
|
A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.
|
|
|
The use of Symmetric and Asymmetric cryptography together can be referred to as a
|
Hybrid approach, But more commonly as a Digital Envelope
|
|
|
What kind of Encryption technology does Verisign's SSL utilize?
|
Hybrid: Symmetric and asymmetric cryptography
|
|
|
IPsec is a framework that permits flexibility in choosing particular hashing, encryption, or key exchange mechanisms.
|
Depending on the implementation, key exchange may be a manual process or an automated one.
|
|
|
Internet Key Exchange (IKE). is a
|
Key exchange protocol that may be used in conjunction with ISAKMP.
|
|
|
ISAKMP is the key management protocol typically used with
|
IPsec, but ISAKMP intentionally excludes selection of any particular key exchange method.
|
|
|
Diffie-Hellman is a widely-used
|
Key exchange algorithm used by IKE.
|
|
|
What can be defined as secret communications where the very existence of the message is hidden?
|
Steganography
|
|
|
Key clustering is a situation in which a plaintext message generates
|
Identical ciphertext messages using the same transformation algorithm but with different keys
|
|
|
What type of attack against confidentiality uses algorithm and algebraic manipulation weaknesses to reduce complexity?
|
Analytic
|
|
|
A statistical attack uses a
|
Statistical weakness in the design.
|
|
|
A brute-force attack is a type of attack under which
|
Every possible combination of keys and passwords is tried
|
|
|
In a codebook attack, an attacker attempts to
|
Create a codebook of all possible transformations between plaintext and ciphertext under a single key.
|
|
|
Digital signature is a
|
Value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity
|
|
|
What is the range of SSL (Secure Sockets Layer) 'session key' lengths?
|
40 bit to 256 bit
|
|
|
TCP/IP protocol: TCP protocol controls the handsking and maintains the connection between been the User and the Server and the
|
IP protocol makes sure the file is routed properly throughout the Internet to get from the web server to the user.
|
|
|
HTTP is a stateless protocol which means
|
The Client and the Web Server make and break a connection for each other operation.
|
|
|
HTTP Secure (HTTPS) is
|
HTTP running over SSL..
- HTTP works at the application layer - SSL works at the Transport Layer. |
|
|
Secure Sockets Layer (SSL) uses Public Key Encryptions and provides
|
-Data Encryption
-Server Authentication -Message Integrity and - Optional Client Authentication |
|
|
A FIN Packet in (SSL) is an indication
|
to close out the commnucation channel sent by the CLient to the server
|
|
|
SSL requires an SSL-enabled server and browser. SSL provides security for the connection but does not offer
|
Security for the data ONCE received. This means the data are encrypted while being transmitted, but not after the data is received.
|
|
|
In the protocol stack, SSL lies beneath the Application layer and
|
And above the Network layer. This ensures that SSL is NOT limited to specific application protocols and can still use the communication transport standards of the Internet
|
|
|
For CISSP Exam SSL protocol works at the
|
Transport Layer (SSL is currently in Version 3)
|
|
|
Since SSL was developed by Netscape it is NOT
|
an Open-Community protocol.
|
|
|
The Open-Community version of SSL is
|
Transport Layer Security (TLS)
|
|
|
S-HTTP is a Technology that protects EACH message sent between two computers while
|
HTTPS protects the Communication Channel between two computers messages and all.
|
|
|
SSL Key lengths vary in size. Older browsers only support 40/56 bit key lengths but
|
Newer browsers such as I.E.6.0, Mozillia, and Firefox now support up to 256 bit encryption keys.
|
|
|
A public-key certificate binds
|
a subject name to a public key value, along with information needed to perform certain cryptographic functions.
|
|
|
An attribute certificate is a
|
digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate
|
|
|
Kerberos depends upon what encryption method?
|
Secret Key cryptography.
|
|
|
Kerberos is an Authentication protocol designed in the mid 1980 as part of the MIT's Project Athena. IT works in a
|
Client/Server Model and is based on Symmetric Key Cryptography (Secret Key)
|
|
|
Kerberos has been used for many years in UNIX systems and is currently the defaut
|
Authentication methods for Windows, 200, 2003 and 2008 operating systems
|
|
|
Kerberos is an example of a
|
Single sign-on system for distributed environments and is a de facto standard for heterogeneous networks
|
|
|
Kerberos uses sysmetrik key cryptography and provides
|
End-to-End security.
|
|
|
The Most important Component within a Kerberos Environment is the
|
Key Distribution Center (KDC).
-KDC holds all users's and services secret keys. - KDC provides an authentication service as well as a Key distribution functionality. |
|
|
In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?
|
The client's browser
|
|
|
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?
|
Message integrity.
|
|
|
A keyed hash also called a MAC (message authentication code) is used for
|
Integrity protection.
|
|
|
What is called the standard format that was established to set up and manage Security Associations (SA) on the Internet in IPSec?
|
Internet Key Exchange (IKE)
|
|
|
The Key management for IPSec is called the
|
Internet Key Exchange (IKE)
|
|
|
The IKE protocol is a hybrid of three other protocols:
|
- ISAKMP (Internet Security Association and Key Management Protocol)
- Oakley and - SKEME. |
|
|
ISAKMP provides a framework for
|
Authentication and Key exchange, but does not define them (neither authentication nor key exchange).
|
|
|
The Oakley protocol describes
|
A series of modes for key exchange
|
|
|
The SKEME protocol defines
|
Key exchange techniques.
|
|
|
IKE provides authentication of the IPSec peers,
|
Negotiates IPSec keys, and negotiates IPSec security associations.
|
|
|
IKE automatically negotiates IPSec security associations (SAs) and enables
|
IPSec secure communications without costly manual preconfiguration.
|
|
|
IKE provides these benefits:
|
- Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at both peers.
- Allows you to specify a lifetime for the IPSec security association - Allows encryption keys to change during IPSec sessions - Allows IPSec to provide anti-replay services. -Permits certification authority (CA) support for a manageable, scalable IPSec implementation. - Allows dynamic authentication of peers. |
|
|
ISAKMP provides a framework for Internet key management and provides the specific protocol support for negotiation of security attributes.
|
Alone, it does not establish session keys. However it can be used with various session key establishment protocols, such as Oakley, to provide a complete solution to Internet key management
|
|
|
When ISAKMP is used with Oakley,
|
Key escrow is not feasible.
|
|
|
The Oakley protocol uses a hybrid Diffie-Hellman technique to establish session keys on Internet hosts and routers.
|
Oakley provides the important security property of Perfect Forward Secrecy (PFS) and is based on cryptographic techniques that have survived substantial public scrutiny. Oakley can be used by itself, if no attribute negotiation is needed, or Oakley can be used in conjunction with ISAKMP
|
|
|
IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides
|
Security for transmission of Sensitive information over unprotected networks such as the Internet. It acts at the network level
|
|
|
IPSec implements the following standards:
|
IPSec, Internet Key Exchange (IKE) , Data Encryption Standard (DES)
, MD5 (HMAC variant) , SHA (HMAC variant) , Authentication Header (AH) , Encapsulating Security Payload (ESP) |
|
|
IPSec services provide a robust security solution that is standards-based. IPSec also provides
|
Data authentication and anti-replay services in addition to data confidentiality services.
|
|
|
SKEME constitutes a compact protocol that supports a variety of realistic scenarios and security models over Internet. It provides
|
Clear tradeoffs between security and performance as required by the different scenarios without incurring in unnecessary system complexity. The protocol supports key exchange based on public key, key distribution centers, or manual installation, and provides for fast and secure key refreshment.
|
|
|
SKEME selectively provides perfect forward secrecy, allows for replaceability and
|
Negotiation of the underlying cryptographic primitives, and addresses privacy issues as anonymity and repudiatability
|
|
|
SKEME's basic mode is based on the use of public keys and a
|
Diffie-Hellman shared secret generation.
However, SKEME is not restricted to the use of public keys, but also allows the use of a pre-shared key |
|
|
There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?
|
Public-key certificates
|
|
|
A Kerberos ticket is issued by a trusted third party. It is an encrypted data structure that includes the
|
Service encryption key. In that sense it is similar to a public-key certificate. However, the ticket is not key.
|
|
|
Properties of the Rijndael block cipher algorithm
|
- It employs a round transformation that is comprised of three layers of distinct and invertible transformations.
- It is suited for high speed chips with no area restrictions - It could be used on a smart card. |
|
|
IDEA cipher algorithm operates on
|
64-bit plaintext blocks and uses a 128 bit key.
|
|
|
Rijndael block cipher uses
|
128, 192 or 256 bits.
|
|
|
Secure Sockets Layer (SSL) provides security services at which layer of the OSI model?
|
Transport Layer
|
|
|
Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?
|
The use of session keys.
|
|
|
Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?
|
Elliptic Curve Cryptography (ECC)
|
|
|
Which is the most secure form of triple-DES encryption?
|
DES-EDE3
|
|
|
Which is best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs?
|
A known-plaintext attack
|
|
|
What are two types of ciphers?
|
Transposition and Substitution
|
|
|
In a Public Key Infrastructure (PKI) context, which is a Primary concern with LDAP servers?
|
Availability
|
|
|
Strong" encryption means
|
128-bit or longer key.
|
|
|
You've decided to identify the agent who initiated any particular transfer. You can do this by
|
Having the agent encrypt the hash with his private key.
|
|
|
What kind of encryption is realized in the S/MIME-standard?
|
Public key based, hybrid encryption scheme
|
|
|
The Diffie-Hellman algorithm is primarily used to provide
|
Key exchange
|
|
|
Pre shared key authentication within IKE/IPSec Protocol is normally based on
|
Simple passwords
|
|
|
Within IKE / IPsec protocol Only
|
One preshared key for all VPN connections is needed
|
|
|
How many bits is the effective length of the key of the Data Encryption Standard algorithm
|
56 bits
|
|
|
Internet Security Association and Key Management Protocol (ISAKMP) is an
|
Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.
|
|
|
Simple Key-management for Internet Protocols (SKIP) is a
|
Key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets
|
|
|
What size is an MD5 message digest (hash)?
|
128 bits
|
|
|
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire?
|
Authority revocation list
|
|
|
Certificate revocation list (CRL)
|
A data structure that enumerates digital certificates that have been invalidated by their issuer prior to when they were scheduled to expire.
|
|
|
Authority revocation list (ARL)
|
A data structure that eumerates digital certificates that were issued "TO CAs but have been invalidated" by their issuer prior to when they were scheduled to expire.
|
|
|
Authentication methodS within IKE and IPsec
|
- Pre shared key
- Certificate based authentication - Public key authentication |
|
|
PGP uses which of the following to encrypt DATA (NOTE date is the key word)?
|
A symmetric encryption algorithm BUT it use Asymmetric key algorithm to encrypt KEYS for distribution.
|
|
|
Which BEST provides e-mail message authenticity and confidentiality?
|
Signing the message using the sender's private key and encrypting the message using the receiver's public key
|
|
|
Which offers security to wireless communications?
|
Wireless Transport Layer Security (WTLS)
|
|
|
Electronic signatures can PREVENT messages from being:
|
Repudiated
|
|
|
Digital signature standard (DSS) provides
|
- Integrity
- Digital signature - Authentication |
|
|
What is called the substitution cipher that shifts the alphabet by 13 places?
|
ROT13 cipher
|
|
|
The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as
|
"Computing in Galois fields" RSA is quite feasible for computer use.
|
|
|
In a known plaintext attack, the cryptanalyst has knowledge ?
|
Both the plaintext and the associated ciphertext of several messages
|
|
|
What principle involves encryption keys being separated into two components, each of which does not reveal the other
|
Split knowledge
|
|
|
A Public Key Infrastructure (PKI) is responsible for
|
Issuing, locating, validating, renewing, and revoking certificates.
|
|
|
Which should be used as a replacement for Telnet for secure remote login over an insecure network?
|
SSH
|
|
|
Which would best describe a Concealment cipher?
|
Every X number of words within a text, is a part of the real message.
|
|
|
Which of the following can best define the "revocation request grace period"?
|
Time period between the arrival of a revocation request and the publication of the revocation information
|
|
|
Which is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?
|
OAKLEY
|
|
|
SKIP is a key distribution protocol
|
Hybrid encryption to convey session keys that are used to encrypt data in IP packets.
|
|
|
How long is a DES key sequence?
|
8 Bits
|
|
|
What is another known for a Parity Key
|
Key Sequence?
|
|
|
Which is a protocol used to enable two users using symmetric encryption to exchange a secret key (session key) over an insecure medium without any prior secrets? The negotiated key will subsequently be used for message encryption.
|
Diffie_Hellmann
|
|
|
The Diffie-Hellman key agreement protocol is also called
|
The Exponential key agreement
|
|
|
The Diffie-Hellaman protocol has two system parameters p and g.
|
They are both public and may be used by all the users in a system. Parameter p is a prime number and parameter g (usually called a generator) is an integer less than p, with the following property: for every number n between 1 and p-1 inclusive, there is a power k of g such that n = gk mod p
|
|
|
The Deffie-Hellman protocol depends on the
|
Discrete logarithm problem for its security. But The Diffie-Hellman key exchange is vulnerable to a man-in-the-middle attack
|
|
|
Which of the following would best describe a Concealment cipher?
|
Every X number of words within a text, is a part of the real message.
|
|
|
Which identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard?
|
Rijndael
|
|
|
Rijndael is the new approved method of
|
Sensitive but unclassified information for the U.S. government. and is also widely used in the public arena as well.
|
|
|
Rijndael (for AES) has
|
Low memory requirements and has been constructed to easily defend against timing attacks.
|
|
|
What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity?
|
A digital signature
|
|
|
What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?
|
An attribute
|
|
|
A public-key certificate binds a
|
Subject name to a public key value, along with information needed to perform certain cryptographic functions.
|
|
|
What is related to a Public key infrastructure (PKI)?
|
- A Certificate authority
- A Registration authority - A X.509 certificate |
|
|
A Ticket Granting Service is a part of
|
Kerberos and not PKI
|
|
|
PKI provides
|
Authentication, confidentiality, nonrepudiation, and integrity of the messages exchanged.
|
|
|
PKI is a
|
Hybrid system of symmetric and asymmetric key algorithms and methods.
|
|
|
Which DES modes can best be used for authentication?
|
Cipher Block Chaining and Cipher Feedback.
Because both Cipher Block Chaining and Cipher Feedback create a key that is dependent of the previous block and the final block serves as a Message Authentication Code |
|
|
Electronic Code Book (ECB) is basic
|
Encryption method that provides privacy but not authentication.
|
|
|
Which techniques is used in the ENCRYPTION of data between a web browser and server?
|
SSL
|
|
|
You've decided to identify the agent who initiated any particular transfer. You can do this by:
|
Having the agent encrypt the hash with his private key.
|
|
|
Why does a digital signature CONTAIN a message digest?
|
To detect any alteration of the message
|
|
|
What is the role of IKE within the IPsec protocol?
|
Peer authentication and key exchange
|
|
|
What is the range of SSL (Secure Sockets Layer) 'session key' lengths?
|
40 bit to 256 bit
|
|
|
What is the maximum key size for the RC5 algorithm?
|
2040 bits
|
|
|
Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?
|
IPsec and L2TP
|
|
|
What is the main problem of the renewal of a root CA certificate?
|
It requires the authentic distribution of the new root CA certificate to all PKI participants
|
|
|
Secure Sockets Layer (SSL) provides security services at which layer of the OSI model?
|
Transport Layer
|
|
|
What is called the standard format that was established to set up and manage Security Associations (SA) on the Internet in IPSec?
|
Internet Key Exchange (IKE)
|
|
|
Which of the following algorithms is used today for encryption in PGP?
|
IDEA
|
|
|
The Diffie-Hellman algorithm is used for:
|
Key agreement
|
|
|
Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)?
|
It is believed to require shorter keys for equivalent security.
|
|
|
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?
|
Birthday attack
|
|
|
Key management protocol are?
|
- ISAKMP
- Diffie-Hellman - KEA |
|
|
The Data Encryption Algorithm performs how many rounds of substitution and permutation?
|
16
|
|
|
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?
|
Message integrity.
|
|
|
Which of the following OSI layers provides non-repudiation services?
|
Application layer
|
|
|
ExampleS of a block cipher
|
- Skipjack
- IDEA - Blowfish |
|
|
RC4 is NOT a
|
Block Cipher
|
|
|
Algorithms used in Rijndael
|
- Non-linear layer
- Key addition layer - The linear mixing layer |
|
|
What is the RESULT of a hash algorithm being applied to a message ?
|
A message digest
|
|
|
Which of the following techniques is used in the ENCRYPTION of data between a web browser and server?
|
SSL
|
|
|
Symmetric Key Algorithm is also known as
|
- Secret Key
- Private Key - Single Key - Shared Key - One Key |
|
|
A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the following?
|
Verifying signed messages
|
|
|
A one-way hashing function does NOT
|
Authentication & Confidentiality.
|
|
|
A one way hashing function can only be use for the
|
Integrity of a message
|
|
|
Attributes pertaining to PPTP (Point-to-Point Tunneling Protocol
|
- PPTP is able to only handle IP networks.
- PPTP does not provide strong encryption - PPTP does not support any token-based authentication method for users. |
