• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/20

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

20 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)
1 CH8
What is the process of deriving an encrypted value from a mathematical process called?
1
A) Hashing
B) Asymmetric
C) Symmetric
D) Social engineering
1 A
Hashing algorithms are used to derive an encrypted value from a message or word.
2 CH8
During a training session, you want to impress upon users how serious security and, in particular, cryptography is. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency should you mention is primarily responsible for establishing government standards involving cryptography for general-purpose government use?
2
A) NSA
B) NIST
C) IEEE
D) ITU
2 B
NIST is responsible for establishing the standards for general-purpose government encryption. NIST is also becoming involved in private-sector cryptography.
3 CH8
Assuming asymmetric encryption, if data is encoded with a value of 5, what would be used to decode it?
3
A) 5
B) 1
C) 1/5
D) 0
3 C
With asymmetric encryption, two keys are used—one to encode and the other to decode. The two keys are mathematical reciprocals of each other.
4 CH8
You’re a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come across a solution and now wants to propose it. The process of proposing a new standard or method on the Internet is referred to by which acronym?
4
A) WBS
B) X.509
C) RFC
D) IEEE
4 C
The Request for Comments (RFC) process allows all users and interested parties to comment on proposed standards for the Internet. The RFC editor manages the RFC process. The editor is responsible for cataloging, updating, and tracking RFCs through the process.
5 CH8
Mary claims that she didn’t make a phone call from her office to a competitor and tell them about developments her company is working on. Telephone logs, however, show that such a call was placed from her phone, and time clock records show she was the only person working at the time. What do these records provide?
5
A) Integrity
B) Confidentiality
C) Authentication
D) Non-repudiation
5 D
Non-repudiation offers undisputable proof that a party was involved in an action.
6 CH8
Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL can offer. Which of the following protocols is similar to SSL but offers the ability to use additional security protocols?
6
A) TLS
B) SSH
C) RSH
D) X.509
6 A
TLS is a security protocol that uses SSL, and it allows the use of other security protocols.
7 CH8
MAC is an acronym for what as it relates to cryptography?
7
A) Media access control
B) Mandatory access control
C) Message authentication code
D) Multiple advisory committees
7 C
A MAC as it relates to cryptography is a method of verifying the integrity of an encrypted message. The MAC is derived from the message and the key.
8 CH8
You’ve been brought in as a security consultant for a small bicycle manufacturing firm. Immediately you notice that it’s using a centralized key-generating process, and you make a note to dissuade them from that without delay. What problem is created by using a centralized key-generating process?
8
A) Network security
B) Key transmission
C) Certificate revocation
D) Private key security
8 B
Key transmission is the largest problem from among the choices given. Transmitting private keys is a major concern. Private keys are typically transported using out-of-band methods to ensure security.
9 CH8
Which of the following terms refers to the prevention of unauthorized disclosure of keys?
9
A) Authentication
B) Integrity
C) Access control
D) Non-repudiation
9 C
Access control refers to the process of ensuring that sensitive keys aren’t divulged to unauthorized personnel.
10 CH8
As the head of IT for MTS, you’re explaining some security concerns to a junior administrator who has just been hired. You’re trying to emphasize the need to know what is important and what isn’t. Which of the following is not  a consideration in key storage?
10
A) Environmental controls
B) Physical security
C) Hardened servers
D) Administrative controls
10 A
Proper key storage requires that the keys be physically stored in a secure environment. This may include using locked cabinets, hardened servers, and effective physical and administrative controls.
11 CH8
What is the primary organization for maintaining certificates called?
11
A) CA
B) RA
C) LRA
D) CRL
11 A
A certificate authority (CA) is responsible for maintaining certificates in the PKI environment.
12 CH8
Due to a breach, a certificate must be permanently revoked, and you don’t want it to ever be used again. What is often used to revoke a certificate?
12
A) CRA
B) CYA
C) CRL
D) PKI
12 C
A Certificate Revocation List (CRL) is created and distributed to all CAs to revoke a certificate or key.
13 CH8
Which organization can be used to identify an individual for certificate issue in a PKI environment?
13
A) RA
B) LRA
C) PKE
D) SHA
13 B
A local registration authority (LRA) can establish an applicant’s identity and verify that the applicant for a certificate is valid. The LRA sends verification to the CA that issues the certificate.
14 CH8
Kristin, from Payroll, has left the office on maternity leave and won’t return for at least six weeks. You’ve been instructed to suspend her key. Which of the following statements is true?
14
A) In order to be used, suspended keys must be revoked.
B) Suspended keys don’t expire.
C) Suspended keys can be reactivated.
D) Suspending keys is a bad practice.
14 C
Suspending keys is a good practice: It disables a key, making it unusable for a certain period of time. This can prevent the key from being used while someone is gone. The key can be reactivated when that person returns.
15 CH8
What document describes how a CA issues certificates and what they are used for?
15
A) Certificate policies
B) Certificate practices
C) Revocation authority
D) CRL
15 A
The certificate policies document defines what certificates can be used for.
16 CH8
After returning from a conference in Jamaica, your manager informs you that he has learned that law enforcement has the right, under subpoena, to conduct investigations using keys. He wants you to implement measures to make such an event run smoothly should it ever happen. What is the process of storing keys for use by law enforcement called?
16
A) Key escrow
B) Key archival
C) Key renewal
D) Certificate rollover
16 A
Key escrow is the process of storing keys or certificates for use by law enforcement. Law enforcement has the right, under subpoena, to conduct investigations using these keys.
17 CH8
The CRL takes time to be fully disseminated. Which protocol allows a certificate’s authenticity to be immediately verified?
17
A) CA
B) CP
C) CRC
D) OCSP
17 D
Online Certificate Status Protocol (OCSP) can be used to immediately verify a certificate’s authenticity.
18 CH8
Which set of specifications is designed to allow XML-based programs access to PKI services?
18
A) XKMS
B) XMLS
C) PKXMS
D) PKIXMLS
18 A
XML Key Management Specification (XKMS) is designed to allow XML-based programs access to PKI services.
19 CH8
Which of the following is similar to Blowfish but works on 128-bit blocks?
19
A) Twofish
B) IDEA
C) CCITT
D) AES
19 A
Twofish was created by the same creator of Blowfish. It performs a similar function on 128-bit blocks instead of 64-bit blocks.
20 CH8
A brainstorming session has been called. The moderator tells you to pull out a sheet of paper and write down your security concerns based on the technologies that your company uses. If your company uses public keys, what should you write as the primary security concern?
20
A) Privacy
B) Authenticity
C) Access control
D) Integrity
20 D
Public keys are created to be distributed to a wide audience. The biggest security concern regarding their use is ensuring that the public keys maintain their integrity. This can be accomplished by using a thumbprint or a second encryption scheme in the certificate or key.