Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
47 Cards in this Set
- Front
- Back
Block ciphers use a substitution and transposition function
Large amounts of data processed through a block cipher may begin to show patterns in the cipher text. |
A block cipher takes a fixed-length number of bits, referred to as a block, and encrypts them all at once
|
|
common symmetric block cryptography methods.
9 total. 1-3 |
- SkipJack; Clipper chip, (Very Large Scale Integration) device with an ARM (Advanced RISC Machine).
Became unpopular when a back door was discovered that allowed the NSA to decrypt all messages produced by the Clipper chip. -Data Encryption Standard (DES); 56-bit key and 8-bit parity. Implements a 64-bit block size with 16 rounds of substitution and transposition -3DES*; 168-bit key. Used in IPSec as its strongest and slowest encipherment |
|
common symmetric block cryptography methods.
9 total. 4-6 |
-Advanced Encryption Standard (AES); replacement to DES in 2001. Rijndael Block Cipher which is resistant to all known attacks.
Uses a variable-length block and key length (128-, 192-, or 256-bit keys). -Blowfish; 64-bit blocks and key lengths anywhere from 32 bits to 448 bits. Has no effective known cryptanalysis currently -International Data Encryption Algorithm (IDEA); 64-bit blocks with 128-bit keys. Used by Pretty Good Privacy (PGP) email encryption. |
|
common symmetric block cryptography methods.
9 total. 7-9 |
Twofish; 128-bit blocks and variable key lengths (128-, 192-, or 256-bits).
Uses up to 16 rounds of substitution and transposition -(RC5); Supports 32-, 64- or 128-bit blocks. Supports key sizes 0-2K. Can implement up to 255 rounds of substitution and transposition. Supports variable bit length keys and variable bit block sizes. -MARS; MARS was IBM's offering in the NAS search for a 3DES replacement. |
|
Be aware of the following regarding 3DES:
Encrypting larges amounts of data tends to create patterns in the cipher text. The following table illustrates two implementations of 3DES used to create strong cipher text -EDE2 Encrypt with key1 Decrypt with key2 Encrypt with key1 -EEE3 Encrypt with key1 Encrypt with key2 Encrypt with key3 |
Electronic Code Book (ECB) is a mode of DES in which each block of text is run through the DES encryption and cipher text is created. This method of encipherment is fast, but subject to patterns. It is best used on small amounts of data or on data that is not highly sensitive.
Cipher Block Chaining (CBC) is another mode of DES that increases randomness. In this method an XOR is run on the cipher text of a plaintext block and the result is added to the plaintext of the next block. CBC makes more calculations and therefore more CPU cycles, but it hides the patterns and creates more secure cipher text. Note that the more data is worked in the encryption process, the more CPU cycles are used. |
|
Which of the following is defined as a key establishment protocol based on the
Diffie-Hellman algorithm proposed for IPsec but superseded by IKE? A.) Diffie-Hellman Key Exchange Protocol B.) Internet Security Association and Key Management Protocol (ISAKMP) C.) Simple Key-management for Internet Protocols (SKIP) D.) OAKLEY |
Answer: D
|
|
Which of the following defines the key exchange for Internet Protocol Security (IPSEC)?
A. Internet Security Association Key Management Protocol (ISAKMP) B. Internet Key Exchange (IKE) C. Security Key Exchange (SKE) D. Internet Communication Messaging Protocol (ICMP) |
Answer: A
Because Ipsec is a framework, it does not dictate what hashing and encryption algorithms are to be used or how keys are to be exchanged between devices. Key management can be handled through manual process or automated a key management protocol. The Internet Security Association and Key management Protocol (ISAKMP) is an authentication and key exchange architecture that is independent of the type of keying mechanisms used. |
|
A network of five nodes is using symmetrical keys to securely transmit data. How many
new keys are required to re-establish secure communications to all nodes in the event there is a key compromise? A. 5 B. 10 C. 20 D. 25 |
Answer: A
In a typical vpn using secret keys there would be one key at central office and the same key provided for each telecommuter, in this case 4. If the key was compromised, all 5 keys would have to be changed |
|
Matches between which of the following are important because they represent references
from one relation to another and establish the connection among these relations? A.) foreign key to primary key B.) foreign key to candidate key C.) candidate key to primary key D.) primary key to secondary key |
Answer: A
|
|
Which of the following can best be defined as a key distribution protocol that uses hybrid
encryption to convey session keys that are used to encrypt data in IP packets? A.) Internet Security Association and Key Management Protocol (ISKAMP) B.) Simple Key-Management for Internet Protocols (SKIP) C.) Diffie-Hellman Key Distribution Protocol D.) IPsec Key Exchange (IKE) |
Answer: B
|
|
In a cryptographic key distribution system, the master key is used to exchange?
A. Session keys B. Public keys C. Secret keys D. Private keys |
Answer: A
"The Key Distribution Center (KDC) is the most import component within a Kerberos environment. The KDC holds all users' and services' cryptographic keys. It provides authentication services, as well as key distribution functionality. |
|
Which Application Layer security protocol requires two pair of asymmetric keys and two
digital certificates? A.) PEM B.) S/HTTP C.) SET D.) SSL |
Answer: C
|
|
What key size is used by the Clipper Chip?
A.) 40 bits B.) 56 bits C.) 64 bits D.) 80 bits |
Answer: D
"Each Clipper Chip has a unique serial number and an 80-bit unique unit or secret key |
|
What uses a key of the same length as the message?
A.) Running key cipher B.) One-time pad C.) Steganography D.) Cipher block chaining |
Answer: B
Reference: "A one-time pad is an extremely powerful type of substitution cipher. One-time pads use a different alphabet for each letter of the plaintext message |
|
Simple Key Management for Internet Protocols (SKIP) is similar to Secure Sockets Layer
(SSL), except that it requires no prior communication in order to establish or exchange keys on a: A.) Secure Private keyring basis B.) response-by-session basis C.) Remote Server basis D.) session-by-session basis |
Answer: D
|
|
Security measures that protect message traffic independently on each communication path are called:
A. Link oriented B. Procedure oriented C. Pass-through oriented D. End-to-end oriented |
Answer: A
Link encryption encrypts all the data along a specific communication path like a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data hat are part of the packets are also encrypted |
|
Which of the following best provides e-mail message authenticity and confidentiality?
A.) Signing the message using the sender's public key and encrypting the message using the receiver's private key B.) Signing the message using the sender's private key and encrypting the message using the receiver's public key C.) Signing the message using the receiver's private key and encrypting the message using the sender's public key D.) Signing the message using the receiver's public key and encrypting the message with the sender's private key |
Answer: B
|
|
Cryptography does not help in:
A.) Detecting fraudulent insertion B.) Detecting fraudulent deletion C.) Detecting fraudulent modifications D.) Detecting fraudulent disclosure |
Answer: D
|
|
How much more secure is 56 bit encryption opposed to 40 bit encryption?
A.) 16 times B.) 256 times C.) 32768 times D.) 65,536 times |
Answer: D
2 to the power of 40 = 1099511627776 2 to the power of 56 = 72057594037927936 72057594037927936 / 1099511627776 = 65,536 |
|
Which of the following is not a known type of Message Authentication Code (MAC)?
A.) Hash function-based MAC B.) Block cipher-based MAC C.) Signature-based MAC D.) Stream cipher-based MAC |
Answer: C
|
|
What size is an MD5 message digest (hash)?
A.) 128 bits B.) 160 bits C.) 256 bits D.) 128 bytes |
Answer: A
"MD4 MD4 is a one-way hash function designed by Ron Rivest. It produces 128-bit hash, or message digest, values. It is used for high-speed computation in software implementations and is optimized for microprocessors. MD5 MD5 is the newer version of MD4. It still produces a 128-bit hash, but the algorithm is more complex |
|
Which of the following would best describe a Concealment cipher?
A.) Permutation is used, meaning that letters are scrambled B.) Every X number of words within a text, is a part of the real message C.) Replaces bits, characters, or blocks of characters with different bits, characters, or blocks. D.) Hiding data in another message so that the very existence of the data is concealed. |
Answer: B
|
|
Which of the following ciphers is a subset of the Vignere polyalphabetic cipher?
A.) Caesar B.) Jefferson C.) Alberti D.) SIGABA |
Answer: A
"The Caesar Cipher,...., is a simple substitution cipher that involves shifting the alphabet three positions to the right. The Caesar Cipher is a subset of the Vigenere polyalphabetic cipher |
|
Which of the following is not a property of the Rijndael block cipher algorithm?
A.) Resistance against all known attacks B.) Design simplicity C.) 512 bits maximum key size D.) Code compactness on a wide variety of platforms |
Answer: C
|
|
What are two types of ciphers?
A.) Transposition and Permutation B.) Transposition and Shift C.) Transposition and Substitution D.) Substitution and Replacement |
Answer: C
"Classical Ciphers: Substitution Transposition (Permutation) Vernam (One-Time Pad) Book or Running Key Codes Steganography" |
|
Which one of the following, if embedded within the ciphertext, will decrease the likelihood of a message being replayed?
A. Stop bit B. Checksum C. Timestamp D. Digital signature |
CBC is the CBC mode of some block cipher, HMAC is a keyed message digest, MD
is a plain message digest, and timestamp is to protect against replay attacks |
|
The repeated use of the algorithm to encipher a message consisting of many blocks is called
A. Cipher feedback B. Elliptical curve C. Cipher block chaining D. Triple DES |
Answer: C
"There are two main types of symmetric algorithms: stream and block ciphers. Like their names sound, block ciphers work on blocks of plaintext and ciphertext, whereas stream ciphers work on streams of plaintext and ciphertext, on bit or byte at a time |
|
When block chaining cryptography is used, what type of code is calculated and appended to the data to
ensure authenticity? A. Message authentication code. B. Ciphertext authentication code C. Cyclic redundancy check D. Electronic digital signature |
Answer: A
a message authentication code (MAC) can be computed and appended to the message. The computation is a function of the entire message and a secret key;A MAC can be used to provide authenticity for unencrypted messages as well as for encrypted ones. The National Institute of Standards and Technology (NIST) has adopted a standard for computing a MAC |
|
Which of the following is a symmetric encryption algorithm?
A.) RSA B.) Elliptic Curve C.) RC5 D.) El Gamal |
Answer: C
|
|
Compared to RSA, which of the following is true of elliptic curse cryptography?
A.) It has been mathematically proved to be the more secure B.) It has been mathematically proved to be less secure C.) It is believed to require longer keys for equivalent security D.) It is believed to require shorter keys for equivalent security |
Answer: D
|
|
Which of the following is not a one-way algorithm?
A.) MD2 B.) RC2 C.) SHA-1 D.) DSA |
Answer: B
Not: A, C or D. "Hash Functions SHA MD2 MD4 MD5" DSA, Digital Signature Algorithm, is a approved standard for Digital Signatures that utilizes SHA-1 hashing function. |
|
A public key algorithm that does both encryption and digital signature is which of the
following? A.) RSA B.) DES C.) IDEA D.) DSS |
Answer: A
|
|
Which of the following encryption algorithms does not deal with discrete logarithms?
A.) El Gamal B.) Diffie-Hellman C.) RSA D.) Elliptic Curve |
Answer: C
|
|
How many rounds are used by DES?
A.) 16 B.) 32 C.) 64 D.) 48 |
Answer: A
|
|
Which of the following algorithms does *NOT* provide hashing?
A.) SHA-1 B.) MD2 C.) RC4 D.) MD5 |
Answer: C
"Hashed Algorithms SHA-1 HMAC-SHA-1 MD5 HMAC-MD5" |
|
Which of the following is *NOT* a symmetric key algorithm?
A.) Blowfish B.) Digital Signature Standard (DSS) C.) Triple DES (3DES) D.) RC5 |
Answer: B
|
|
What is the basis for the Rivest-Shamir-Adelman (RSA) algorithm scheme?
A. Permutations B. Work factor C. Factorability D. Reversivibility |
Answer: C
|
|
Which of the following offers confidentiality to an e-mail message?
A.) The sender encrypting it with it's private key B.) The sender encrypting it with it's public key C.) The sender encrypting it with it's receiver's public key D.) The sender encrypting it with the receiver's private key |
Answer: C
|
|
What encryption algorithm is best suited for communication with handheld wireless
devices? A.) ECC B.) RSA C.) SHA D.) RC4 |
Answer: A
|
|
What level of assurance for a digital certificate only requires an e-mail address?
A.) Level 0 B.) Level 1 C.) Level 2 D.) Level 3 |
Answer: B
|
|
What enables users to validate each other's certificate when they are certified under
different certification hierarchies? A.) Cross-certification B.) Multiple certificates C.) Redundant certificate authorities D.) Root certification authorities |
Answer: A
|
|
Digital signature users register their public keys with a certification authority, which
distributes a certificate containing the user's public key and digital signature of the certification authority. In creating the certificate, the user's public key and the validity period are combined with what other information before computing the digital signature? A. Certificate issuer and the Digital Signature Algorithm identifier B. User's private key and the identifier of the master key code C. Name of secure channel and the identifier of the protocol type D. Key authorization and identifier of key distribution center |
Answer: A
The key word is 'In create the certificate.." Certificates Certificates that conform to X.509 contain the following data: Version of X.509 to which the certificate conforms; Serial number (from the certificate cerator); Signature algorithm identifier (specifies the technique used by the certified authority to digitally sign the contents of the certificate); |
|
What level of assurance for digital certificate verifies a user's name, address, social security
number, and other information against a credit bureau database? A.) Level 1 B.) Level 2 C.) Level 3 D.) Level 4 |
Answer: B
|
|
The primary role of cross certification is:
A.) Creating trust between different PKIs B.) Build an overall PKI hierarchy C.) set up direct trust to a second root CA D.) Prevent the nullification of user certifications by CA certificate revocation |
Answer: A
|
|
In what type of attack does an attacker try, from several encrypted messages, to figure out
the key using the encryption process? A.) Known-plaintext attack B.) Ciphertext-only attack C.) Chosen-Ciphertext attack D.) Known Ciphertext attack |
Answer: B
"Ciphertext-Only Attack In this type of attack, the attacker has the ciphertext of several messages. Each of the messages has been encrypted using the same encryption algorithm. The attacker's goal is to discover the key that was used in the encryption process. Once the attacker figures out the key, she can decrypt all other messages encrypted with the same key. A ciphertext-only attack is the most common because it is very easy to get ciphertext by sniffing someone's traffic |
|
When combined with unique session values, message authentication can protect against which of the
following? A. Reverse engineering, frequency analysis, factoring attacks, and ciphertext-only attack. B. Masquerading, frequency analysis, sequence manipulation, and ciphertext-only attack. C. Reverse engineering, content modification, factoring attacks, and submission notification. D. Masquerading, content modification, sequence manipulation, and submission notification. |
Answer: C
|
|
Which type of attack is based on the probability of two different messages using the same
hash function producing a common message digest? A.) Differential cryptanalysis B.) Differential linear cryptanalysis C.) Birthday attack D.) Statistical attack |
Attacks Against One-Way Hash Functions: A good hashing algorithm should not produce the
same hash value for two different messages. If the algorithm does produce the same value for two distinctly different messages, this is referred to as a collision. If an attacker finds an instance of a collision, he has more information to use when trying to break the cryptographic methods used. A complex way of attacking a one-way hash function is called the birthday attack. |