QUESTION DRILL CRYPTOGRAPHY 020504 - Answers
advertisement
QUESTION DRILL CRYPTOGRAPHY 020504 - Answers 1.The strength of a crypto system is based on all but which of the following? B: The size of the keyspace does not have a direct correlation to the strength of the crypto system. The keyspace is simply the range of values defined by the algorithm that can be used to construct keys. 2.Which of the following is not a goal of cryptography? C: Availability is not a goal of cryptography. 3.What type of cipher is subject to cracking by means of period analysis? D: A polyalphabetic cipher is subject to cracking by means of period analysis. 4.The strength of a cryptosystem is based on all but which of the following? B: The strength of a cryptosystem is not based on the length of the plaintext or even the content of the plaintext. The message to be encrypted is not a determining factor in the strength of a cryptosystem. 5.Which of the following is not a goal of cryptosystems? C: Availability is not a goal of cryptosystems. Cryptosystems do not address the need to make resources available, accessible, or delivered in a timely manner. The goals of cryptosystems is to provide for confidentiality, nonrepudiation, integrity, and authenticity. 6.The action of dividing a plaintext message into fixed length segments and applying the same algorithm to each segment to hide the message is known as? D: Block ciphering is the action of dividing a plaintext message into fixed length segments and applying the same algorithm to each segment to hide the message. 7.An unintelligible message is also called what? A: A cryptogram or ciphertext is an unintelligible message - it is a plaintext that has been transformed into a protected message through the application of cryptography. 8.Which of the following is different than the others? A: Cryptology is the one item from this list different from the others since it is the parent concept that contains the others. Cryptology is a method of storing and transmitting data in a form that can be read and processed only by the intended recipient. 9.The process of hiding the meaning of a message by using a mechanism which shifts each letter of the alphabet by three letters is known as? B: The process of hiding the meaning of a message by using a mechanism which shifts each letter of the alphabet by three letters is known as a monoalphabetic substitution cipher. 10. A cryptosystem is comprised of all but which of the following? C: A cryptosystem may use a one way mathematical function as its algorithm, but not all algorithms are one way. 11. The cryptography mechanism which hides information within images is known as? A: Steganography is the cryptography mechanism which hides information within images. 12. Which of the following was selected to replace Triple DES (3DES) in 2001? B: AES is the replacement for 3DES. 13. The art and science of hiding the meaning of communications from unintended recipients is known as? C: Cryptography is art and science of hiding the meaning of communications from unintended recipients. However, this is an incomplete answer for this question since there are additional ways to perform this activity. 14. The art of obtaining the plaintext (i.e. the original message) or the key from ciphertext is known as? D: Cryptanalysis is the art of obtaining the plaintext (i.e. the original message) or the key from ciphertext. 15. The set of mathematical rules that dictate how enciphering and deciphering take place is known as the? D: The set of mathematical rules that dictate how enciphering and deciphering take place is known as the algorithm. 16. What must be kept secret in order for a cryptosystem to provide any form of protection for messages? A: The key of a cryptosystem must be kept secret in order to protect the security provided by encryption. 17. When using end-to-end encryption, the actual process of encryption occurs at what level of the OSI model? B: End-to-end encryption performs its encryption at the application layer. 18. When using link encryption, the actual process of encryption occurs at what level of the OSI model? C: Link encryption performs its encryption at the physical layer. 19. The most common mathematical Boolean operation performed by cryptographic systems is? D: Exclusive OR is the most common mathematical Boolean operation performed by cryptographic systems. 20. Which of the following is not true in regards to a one-time pad? A: One-time pads are not suitable for modern applications, primarily due to the inability for a computer to create truly non-repeating random codes and the problem of securely exchanging the pad with communication partners. 21. When the same ciphertext is produced when a single plaintext is encrypted using two different keys is known as? B: Clustering occurs when the same ciphertext is produced when a single plaintext is encrypted using two different keys. 22. A cryptographic transformation that operates at the word or phrase level is known as? C: A code cipher or just a code is a cryptographic transformation that operates as the word or phrase level. 23. When data is encrypted for the entire trip across an untrusted network from source to destination is known as? D: End-to-end encryption is a form of communications encryption where the data is encrypted for the entire trip across an untrusted network from source to destination. 24. Which of the following mechanisms always encrypts the entire message or data packet including the header? A: Link encryption encrypts the entire packet. 25. A vernam cipher is an example of what type of cryptographic system? D: Vernam cipher is an example of a one-time pad. 26. The Escrowed Encryption Standard (EES) is embodied in which of the following? A: The Escrowed Encryption Standard (EES) is embodied in the clipper chip. 27. The skipjack algorithm used in the clipper chip used what length of key? B: Skipjack uses an 80-bit key. 28. The goals or benefits of a cryptosystem include protection or support for all but which of the following? A: Availability is not a benefit of a cryptosystem. 29. A polyalphabetic cipher is vulnerable to what form of attack? C: A polyalphabetic cipher is vulnerable to a period analysis. 30. In addition to polyalphabetic ciphers, what other crypotographic system is also vulnerable to frequency analysis? C: Transposition ciphers are vulnerable to frequency analysis. 31. Which of the following terms is out of place when compared to the others? C: Public key is only found in asymmetric cryptographic systems. 32. Which of the following terms is out of place when compared to the others? D: Symmetric cryptography is better suited for bulk encryption than asymmetric cryptography. 33. Triple Data Encryption Standard (3DES) uses what key bit length? A: 3DES uses a 168-bit key (three times DES's 56 bit key). 34. All but which of the following is an example of steganongraphy? B: Hiding data in a bad sector on a hard drive is an example of the use of a covert storage channel, not steganography. 35. The time, effort, and/or cost involved in breaking a cryptographic system is known as? C: The work function is the time, effort, and/or cost involved in breaking a cryptographic system. 36. The strength of a cryptosystem is dependant upon all but which of the following? D: The strength of a cryptosystem is not dependant upon the length of the ciphertext, i.e. the output of the system. 37. What asymmetric cryptographic system is based upon the product of two very large prime numbers? A: RSA is based upon the product of two very large prime numbers. 38. What cryptographic system includes a method by which secret keys can be exchanged securely over an insecure medium? B: Diffie-Helloman is an asymmetric cryptographic system that includes a method by which secret keys can be exchanged securely over an insecure medium. 39. All but which of the following are true regarding elliptic curve cryptosystems (ECC) except for? C: ECC is suitable for hardware applications. 40. What encryption system was selected to replace Triple Data Encryption Standard (3DES)? B: Advanced Encryption System (AES) using the Rijndael cipher is the replacement for 3DES. 41. Which of the following is a symmetric block cipher? C: TwoFish is a symmetric block cipher. 42. Which of the following is not a valid key length for Advanced Encryption System (AES)? D: AES does not support the use of a 64-bit key. 43. A certificate issued by a publicly trusted CA will usually contain all but which of the following? D: A certificate issued by a publicly trusted CA will not contain IP address information. 44. Which of the following is not true in regards to a Registration Authority system in a PKI solution? A: An RA does not issue new certificates. 45. A message digest provides for which of the following? B: A message digest (a.k.a. a hash function) provides for integrity. 46. The IDEA cipher uses what key length? A: IDEA uses a 128-bit key length. 47. The cryptographic system that uses key pairs, where one key is kept secret and one is freely and publicly distributed is known as? B: An asymmetric cryptosystem is one that uses key pairs, where one key is kept secret and one is freely and publicly distributed. 48. Which of the following is not a benefit of a public key cryptographic system? C: Public key cryptographic systems still require some form of key distribution in order to get the public keys out in the public so recipients of messages can use them to decrypt messages encrypted with a communication partner's private key. 49. What cryptographic system is dependant upon the use of a trapdoor one-way function? D: Asymmetric key cryptography (public key cryptography) is dependant upon the use of a trapdoor one-way function. 50. Which of the following is not an encryption system designed to provide security for Internet based e-mail? D: SET is an e-commerce encryption protocol for used in Web transactions, not e-mail. 51. Which of the following used IDEA for encryption? A: PGP uses IDEA for encryption. 52. Which of the following is similar to a cyclic redundancy check (CRC) that is appended to a message prior to transmission to ensure integrity? B: FIMAS is similar to a cyclic redundancy check (CRC) that is appended to a message prior to transmission to ensure integrity. 53. ________ authenticates the server to the client using RSA public key cryptography and digital certificates, uses 3DES and MD5 hash functions, and can be used to provide security communications for Telnet, FTP, HTTP, and email. C: SSL (and TLS) authenticates the server to the client using RSA public key cryptography and digital certificates, uses 3DES and MD5 hash functions, and can be used to provide security communications for Telnet, FTP, HTTP, and email. 54. Which of the following is not true in regards to hash functions? C: The original plaintext cannot be reconstructed from the hash value or message digest. 55. Which of the following is not true? D: A message can be hashed for integrity, not confidentiality. 56. Which of the following hash functions results in a 160-bit hash value? A: SHA-1 produces a 160-bit hash value. 57. Which of the following are the two protocols that comprise IPSec? D: AH (Authentication Header) and ESP (Encapsulated Security Payload) are the two components of IPSec. 58. IPSec is able to provide all but which of the following? A: IPSec does not provide for availability. 59. In which IPSec mode is the data of the IP packet encrypted but the original header is not? B: In IPSec transport mode, the data of the IP packet is encrypted, but the original header is not. 60. Which of the following is not a protocol used by IPSec for key management? C: Merkle-Hellman Knapsack is not a public key algorithm found in the Internet Key Exchange (IKE) of IPSec. 61. Which of the following is an alterative to SSL to provide secure Web transactions? D: S-HTTP is an alterative to SSL to provide secure Web transactions. 62. All but which of the following statements are true? B: Keys need to be stored and transmitted securely, otherwise the system offers no assurance of security. 63. Which of the following is not a primary goal of e-mail security based on encryption? C: Encryption in any form, including that developed for e-mail systems, is not capable of providing availability. 64. Which form of authentication supported by the 802.11 specification that is also known as null authentication? B: Open system authentication is also known as null authentication in the 802.11 specification. 65. The birthday attack is primarily focused on what types of cryptography? C: The birthday attack is primarily used against hash values, message digests, and hash functions. 66. Which of the following is considered a secure replacement for telnet? A: SSH-2 is a secure replacement for telnet. 67. Which of the following is not true? C: The Wireless Application Protocol (WAP) protocol stack does not include IPSec. 68. Within a public key cryptosystem, which of the following is true? B: This is a true statement. 69. Public key cryptosystems are possible because they incorporate _________ that allows for a reversal of a one-way function in order to decrypt messages. D: Public key cryptosystems are possible because they incorporate trapdoors that allows for a reversal of a one-way function in order to decrypt messages. 70. What public key algorithm is based on the difficulty of factoring a number which is the product of two very large prime numbers? A: RSA is the public key algorithm that is based on the difficulty of factoring a number which is the product of two very large prime numbers. 71. What form of encryption is best suited for hardware applications because it requires less computational power, has lower memory requirements, and offers a more security with a smaller key size? B: Elliptic curve algorithms are best suited for hardware applications because it requires less computational power, has lower memory requirements, and offers a more security with a smaller key size. 72. Which of the following hash algorithms supports a variable hash value length output? C: HMAC supports a variable hash value length output. 73. What single sign-on mechanisms uses DES as its encryption scheme? D: Kerberos uses DES. 74. What form of cryptographic attack attempts to break a cryptosystem by trying every possible key pattern? D: A brute force attack attempts to break a cryptosystem by trying every possible key pattern. 75. What attack attempts to break double encryption schemes by comparing the results of a single encrypting a known plaintext with a single decryption of a ciphertext? A: A meet-in-the-middle attack attempts to break double encryption schemes by comparing the results of a single encrypting a known plaintext with a single decryption of a ciphertext. 76. The primary goal of cryptographic attacks is to? B: The primary goals of cryptographic attacks are to discover the key used or to extract the original plaintext. 77. The Pretty Good Privacy e-mail encryption tool relies upon what encryption mechanism? C: PGP relies upon the IDEA cipher. 78. PKI or Public Key Infrastructure is defined as? D: PKI is a framework to establish secure communications. 79. What is the primary purpose of a CA or Certificate Authority? A: This is the primary purpose of a CA. 80. X.509 is most closely associated with which of the following? A: X.509 is the standard for certificates. 81. AES is based on what standard symmetric encryption block cipher? A: Rijendael was the chosen symmetric encryption block cipher which AES is based. 82. What block size is not used by RC5? C: RC5 does not use a96 bit block size. 83. What encryption scheme was developed by Netscape to provide a means to secure Web communications? D: SSL was developed by Netscape to provide a means to secure Web communications. 84. What is it called when two different messages generate the same hash value? B: A collision is when two different messages generate the same hash value. 85. The bit size of the algorithm used by RSA is what? A: The bit size of the algorithm used by RSA is variable. It can range from 512 bits to 2,048 bits as needed. 86. Elliptic curve cryptosystems can be employed as all but which of the following? D: ECC cannot be used as a hash function. 87. A certificate typically includes all but which of the following? C: The physical location of the subject is not typically an element of a certificate. However, a verifiable address is often a component of identity verification for some high-security certificates. 88. A one-way hash function when used against a message delivered via PKI provides proof of what? D: One-way hash functions when used on a message prove integrity. 89. What tool or mechanism is used to detect unauthorized changes to a delivered message? A: A digital signature is used to verify the integrity of a message. 90. What message protection methods must be employed to provide confidentiality, integrity, and authentication while requiring the least amount of work? D: Encrypting and digitally signing the message is minimally required to provide confidentiality, integrity, and authentication. 91. When an attacker is able to successfully position themselves within the communications stream between a sender and a receiver so that the attacker exchanges secured communications with each without either party being aware of the attacker's present is known as? D: When an attacker is able to successfully position themselves within the communications stream between a sender and a receiver so that the attacker exchanges secured communications with each without either party being aware of the attacker's present is known as a man-in-the-middle attack. 92. Which of the following is a symmetric algorithm? C: DES is a symmetric algorithm. 93. The Clipper Chip is designed for use where? C: The clipper chip was designed as an eavesdropping device in low-speed communication systems, such as the telephone system. 94. Which of the following is an initiative to define a standard IPSec implementation for VPNs and to promote the use of VPNs on the Internet? B: S/WAN is an initiative to define a standard IPSec implementation for VPNs and to promote the use of VPNs on the Internet. 95. What is the most common form of attack against encrypted communications? C: The most common form of attack against encrypted communications is a cyphertext-only attack. 96. Replay attacks against encrypted communications can be actively prevented using all but which of the following countermeasures? A: Auditing may determine that a replay attack has occurred, but it does not actively prevent replay attacks. 97. What type of encryption is most effective at blocking eavesdropping attacks? B: Session encryption is the only effective protection against eavesdropping. 98.What Web communication technology is used to provide protection for individual documents rather than an entire session? B: S-HTTP is an alternative for SSL which protects individual documents rather than an entire session. 99.Which of the following is not an e-mail security mechanism? C: SET is an e-commerce security mechanism. 100.Which of the following is the best rule of thumb to follow when designing or implementing a key management system? B: Use the key length that will provide just enough security for the environment is the best rule of thumb to follow when implementing key management. 101.Which of the following is not an element of 802.11 in the physical layer? A: ESP is one of the two protocols of IPSec. 102.The authentication header (AH) of IPSec provides for all but which of the following? A: The Encapsulating Security Payload (ESP) not AH, provides for encryption within IPSec. 103.Which of the following is a secured alternative to Telnet? C: SSH or Secure Shell is a secure replacement for Telnet. 104.What is the key length of 3DES? D: The key length of 3DES is 168 bits (three times 56 bits for DES) 105.A hash function is what type of function? B: A hash function is a many to one function. It can take any message of any length and create a fixed length output digest. 106.IKE, the key management process of IPSec, is comprised of all but which of the following? A: KDC is not part of IKE, it is a component of Kerberos. 107.Which of the following is true of AES? B: This is a true statement. 108.Which of the following uses a 160 bit hash value? D: SHA-1 uses a 160 bit hash value.
