QUESTION DRILL CRYPTOGRAPHY 020504 - Questions
1.The strength of a crypto system is based on all but which of the following?
a. Algorithm
b. Size of keyspace
c. Intialization vector
d. Length of key
2.Which of the following is not a goal of cryptography?
a. Confidentiality
b. Non-repudiation
c. Availability
d. Integrity
3.What type of cipher is subject to cracking by means of period analysis?
a. transposition cipher
b. Vernam cipher
c. Running key cipher
d. polyalphabetic cipher
4.The strength of a cryptosystem is based on all but which of the following?
a. algorithm
b. the length of the plaintext
c. secrecy of the keys
d. initialization vectors
5.Which of the following is not a goal of cryptosystems?
a. confidentiality
b. non-repudiation
c. availability
d. integrity
6.The action of dividing a plaintext message into fixed length segments and
applying the same algorithm to each segment to hide the message is known as?
a. clustering
b. end-to-end encryption
c. encryption streaming
d. block ciphering
7.An unintelligible message is also called what?
a. cryptogram
b. cipher
c. code
d. algorithm
8.Which of the following is different than the others?
a. Cryptology
b. Cryptography
c. Cryptanalysis
d. Cryptographic algorithm
Page 1
9.The process of hiding the meaning of a message by using a mechanism which
shifts each letter of the alphabet by three letters is known as?
a. polyalphabetic cipher
b. monoalphabetic substitution cipher
c. transposition cipher
d. running key cipher
10. A cryptosystem is comprised of all but which of the following?
a. plaintext
b. key
c. a one way mathematical function
d. algorithm
11. The cryptography mechanism which hides information within images is known
as?
a. steganography
b. coding
c. substitution
d. tuple
12. Which of the following was selected to replace Triple DES (3DES) in 2001?
a. Twofish Algorithm
b. Advanced Encryption Standard (AES)
c. IDEA cipher
d. RC5
13. The art and science of hiding the meaning of communications from unintended
recipients is known as?
a. Cryptanalysis
b. Stenanography
c. Cryptography
d. Ciphering
14. The art of obtaining the plaintext (i.e. the original message) or the key from
ciphertext is known as?
a. Stenanography
b. Cryptography
c. Ciphering
d. Cryptanalysis
15. The set of mathematical rules that dictate how enciphering and deciphering
take place is known as the?
a. key
b. ciphertext
c. code
d. algorithm
Page 2
16. What must be kept secret in order for a cryptosystem to provide any form of
protection for messages?
a. key
b. algorithm
c. keyspace
d. block size
17. When using end-to-end encryption, the actual process of encryption occurs at
what level of the OSI model?
a. Physical layer
b. Application layer
c. Nework layer
d. Session layer
18. When using link encryption, the actual process of encryption occurs at what
level of the OSI model?
a. Application layer
b. Session layer
c. Physical layer
d. Network layer
19. The most common mathematical Boolean operation performed by
cryptographic systems is?
a. Eliptical curve
b. Discrete algorithm
c. ANDing
d. Exlusive OR
20. Which of the following is not true in regards to a one-time pad?
a. Extremely practiced for modern applications
b. Often used as a stream cipher
c. True random codes makes one-time pads unbreakable
d. The key length is the same as the length of the original message
21. When the same ciphertext is produced when a single plaintext is encrypted
using two different keys is known as?
a. collusion
b. clustering
c. polyinstantiation
d. scavenging
22. A cryptographic transformation that operates at the word or phrase level is
known as?
a. cipher
b. block cipher
c. code cipher
d. streaming cipher
Page 3
23. When data is encrypted for the entire trip across an untrusted network from
source to destination is known as?
a. work factor encryption
b. link encryption
c. streaming encryption
d. end-to-end encryption
24. Which of the following mechanisms always encrypts the entire message or
data packet including the header?
a. link encryption
b. end-to-end encryption
c. IPSec in transport mode
d. PPTP tunnels with CHAP
25. A vernam cipher is an example of what type of cryptographic system?
a. transposition cipher
b. running key cipher
c. polyalphabetic substitution cipher
d. one-time pad
26. The Escrowed Encryption Standard (EES) is embodied in which of the
following?
a. Clipper chip
b. Data Encryption Standard (DES)
c. A symmetric cryptographic system
d. Digital Signature Standard (DSS)
27. The skipjack algorithm used in the clipper chip used what length of key?
a. 56
b. 80
c. 128
d. 256
28. The goals or benefits of a cryptosystem include protection or support for all but
which of the following?
a. Availability
b. Confidentiality
c. Integrity
d. Non-repudiation
29. A polyalphabetic cipher is vulnerable to what form of attack?
a. birthday attack
b. frequency analysis
c. period analysis
d. collision
Page 4
30. In addition to polyalphabetic ciphers, what other crypotographic system is also
vulnerable to frequency analysis?
a. vernam cipher
b. running key cipher
c. transposition cipher
d. code ciphers
31. Which of the following terms is out of place when compared to the others?
a. symmetric key cryptography
b. secret key
c. public key
d. shared common key
32. Which of the following terms is out of place when compared to the others?
a. asymmetric cryptography
b. public key infrastructure
c. key pairs
d. bulk encryption
33. Triple Data Encryption Standard (3DES) uses what key bit length?
a. 168
b. 56
c. 112
d. 256
34. All but which of the following is an example of steganongraphy?
a. micro dots
b. hiding data in a bad sector on a hard drive
c. watermarks
d. hiding a text message in a visual image
35. The time, effort, and/or cost involved in breaking a cryptographic system is
known as?
a. algorithm
b. key length
c. work function
d. key space
36. The strength of a cryptosystem is dependant upon all but which of the
following?
a. Algorithm
b. Secrecy of the key
c. Initialization vector
d. Length of ciphertext
Page 5
37. What asymmetric cryptographic system is based upon the product of two very
large prime numbers?
a. RSA (Rivest, Shamir, and Addleman)
b. Diffie-Hellman
c. Merkle-Hellman Knapsack
d. El Gamal
38. What cryptographic system includes a method by which secret keys can be
exchanged securely over an insecure medium?
a. Haval
b. Diffie-Hellman
c. Rijndael
d. El Gamal
39. All but which of the following are true regarding elliptic curve cryptosystems
(ECC) except for?
a. can be used to implement Diffie-Hellman, El Gamal, or Schnorr public key
algorithms
b. smaller key sizes used in ECC can result in higher levels of security than
larger non-ECC algorithms
c. not suitable for hardware applications
d. can be used for digital signatures, encryption, and key management
40. What encryption system was selected to replace Triple Data Encryption
Standard (3DES)?
a. TwoFish
b. Advanced Encryption System (AES)
c. IDEA
d. RC5
41. Which of the following is a symmetric block cipher?
a. MD5
b. Haval
c. TwoFish
d. El Gamal
42. Which of the following is not a valid key length for Advanced Encryption
System (AES)?
a. 256
b. 192
c. 128
d. 64
Page 6
43. A certificate issued by a publicly trusted CA will usually contain all but which
of the following?
a. serial number
b. identity information
c. signature of issuing authority
d. IP address
44. Which of the following is not true in regards to a Registration Authority
system in a PKI solution?
a. it issues new certificates
b. it confirms the identity of a subject
c. it distributes the certificate revocation list (CRL)
d. it helps share the workload with the certificate authority (CA)
45. A message digest provides for which of the following?
a. Confidentiality
b. Integrity
c. Authentication
d. Non-repudiation
46. The IDEA cipher uses what key length?
a. 128
b. 112
c. 64
d. 56
47. The cryptographic system that uses key pairs, where one key is kept secret and
one is freely and publicly distributed is known as?
a. symmetric cryptosystem
b. asymmetric cryptosystem
c. digital signature cryptosystem
d. message digest cryptosystem
48. Which of the following is not a benefit of a public key cryptographic system?
a. no need to exchange secret keys
b. the private key cannot be derived from the public key
c. no need to perform key distribution
d. when one of the keys in a key pair is used to encrypt a message, only the
key's partner can be used to decrypt that message
49. What cryptographic system is dependant upon the use of a trapdoor one-way
function?
a. symmetric key cryptography
b. message digest algorithms
c. Cryptosystems relying upon key exchange
d. asymmetric key cryptography
Page 7
50. Which of the following is not an encryption system designed to provide
security for Internet based e-mail?
a. Privacy Enhanced Mail (PEM)
b. MIME Object Security Services (MOSS)
c. Pretty Good Privacy (PGP)
d. Secure Electronic Transaction (SET)
51. Which of the following used IDEA for encryption?
a. Pretty Good Privacy (PGP)
b. MIME Object Security Services (MOSS)
c. Privacy Enhanced Mail (PEM)
d. Secure Electronic Transaction (SET)
52. Which of the following is similar to a cyclic redundancy check (CRC) that is
appended to a message prior to transmission to ensure integrity?
a. Secure Electronic Transaction (SET)
b. Financial Institution Message Authentication Standard (FIMAS)
c. MIME Object Security Services (MOSS)
d. Transaction Layer Security (TLS)
53. ________ authenticates the server to the client using RSA public key
cryptography and digital certificates, uses 3DES and MD5 hash functions, and
can be used to provide security communications for Telnet, FTP, HTTP, and email.
a. MONDEX
b. Message Authentication Code (MAC)
c. Secure Sockets Layer (SSL)
d. Secure Multipurpose Internet Mail Extensions (S/MIME)
54. Which of the following is not true in regards to hash functions?
a. Its secrecy and security is in its one-way-ness
b. the hash function algorithm is publicly known
c. the original plaintext can be reconstructed from the hash value or message
digest
d. produces a fixed length hash value to matter what the length of the inputted
plaintext
55. Which of the following is not true?
a. A message can be encrypted for confidentiality.
b. A message can be digitally signed for authentication and integrity.
c. A message can be encrypted and digitally signed for confidentiality,
integrity, and authentication.
d. A message can be hashed for confidentiality.
Page 8
56. Which of the following hash functions results in a 160-bit hash value?
a. SHA-1
b. Haval
c. MD5
d. MD2
57. Which of the following are the two protocols that comprise IPSec?
a. RARP and ARP
b. IGMP and RIP
c. TCP and UDP
d. AH and ESP
58. IPSec is able to provide all but which of the following?
a. availability
b. encryption
c. non-repudiation
d. authentication
59. In which IPSec mode is the data of the IP packet encrypted but the original
header is not?
a. Tunnel mode
b. Transport mode
c. VPN mode
d. Link mode
60. Which of the following is not a protocol used by IPSec for key management?
a. ISAKMP (Internet Security Association and Key Management Protocol)
b. Oakley Key Determination Protocol
c. Merkle-Hellman Knapsack
d. SKEME (Secure Key Exchange Mechanism)
61. Which of the following is an alterative to SSL to provide secure Web
transactions?
a. Internet Key Exchange (IKE)
b. Internet Open Trading Protocol (IOTP)
c. Financial Institution Message Authentication Standard (FIMAS)
d. Secure Hypertext Transfer Protocol (S-HTTP)
62. All but which of the following statements are true?
a. Key length should be long enough to provide the necessary level of
protection for the encrypted data.
b. Keys need not be stored and transmitted securely, as long as they are long
enough.
c. Keys should be truly random and use the full spectrum of the key space.
d. The more often a key is used, the shorter its lifetime should be.
Page 9
63. Which of the following is not a primary goal of e-mail security based on
encryption?
a. non-repudiation
b. authentication of the message source
c. guarantee of availability
d. delivery verification
64. The Wired Equivalent Privacy (WEP) algorithm was selected to protect
wireless communications for all but which of the following reasons?
a. it is a mandatory element of 802.11b
b. it is reasonably strong
c. it is self-synchronizing
d. it is computationally efficient
65. Which form of authentication supported by the 802.11 specification that is also
known as null authentication?
a. anonymous authentication
b. open system authentication
c. shared key authentication
d. closed system authentication
66. The birthday attack is primarily focused on what types of cryptography?
a. asymmetric keys
b. symmetric keys
c. hash values
d. digital signatures
67. Which of the following is considered a secure replacement for telnet?
a. Secure Shell (SSH-2)
b. Secure Multipurpose Internet Mail Extensions (S/MIME)
c. Secure Electronic Transaction (SET)
d. Secure Wide Area Network(S/WAN)
68. Which of the following is not true?
a. Data moving across a Wireless Application Protocol (WAP) gateway will
be converted from WTLS to SSL
b. Data is temporarily in the clear on a Wireless Application Protocol (WAP)
gateway
c. The Wireless Application Protocol (WAP) protocol stack includes IPSec.
d. Authentication and authorization can be performed by wireless devices
through PKI enabled transactions
Page 10
69. Within a public key cryptosystem, which of the following is true?
a. Requires the exchange of secret keys
b. A public key cannot be used to decrypt a message that it was used to
encrypt.
c. The private key can be derived from the public key.
d. The private key can decrypt data encrypted by the public key, but the public
key cannot decrypt data encrypted by the private key.
70. Public key cryptosystems are possible because they incorporate _________
that allows for a reversal of a one-way function in order to decrypt messages.
a. Fixed length hashes
b. Known key solutions
c. Random initialization vectors
d. Trapdoors
71. What public key algorithm is based on the difficulty of factoring a number
which is the product of two very large prime numbers?
a. RSA
b. El Gamal
c. RC5
d. LEAF
72. What form of encryption is best suited for hardware applications because it
requires less computational power, has lower memory requirements, and offers
a more security with a smaller key size?
a. Merkle-Hellman Knapsack
b. Elliptic curve algorithms
c. trapdoor one-way function
d. IDEA cipher
73. Which of the following hash algorithms supports a variable hash value length
output?
a. HAVAL
b. SHA
c. HMAC (Hash Message Authenticating Code)
d. MD4
74. What single sign-on mechanisms uses DES as its encryption scheme?
a. SEASAME
b. KryptoKnight
c. NetSP
d. Kerberos
Page 11
75. What form of cryptographic attack attempts to break a cryptosystem by trying
every possible key pattern?
a. known key attack
b. key space attack
c. sequential referenced attack
d. brute force attack
76. What attack attempts to break double encryption schemes by comparing the
results of a single encrypting a known plaintext with a single decryption of a
ciphertext?
a. meet-in-the-middle
b. known plaintext
c. linear cryptanalysis
d. chosen ciphertext
77. The primary goal of cryptographic attacks is to?
a. explore the key space
b. discover the key
c. discover the algorithm
d. transmit faked encrypted messages
78. The Pretty Good Privacy e-mail encryption tool relies upon what encryption
mechanism?
a. AES
b. Triple DES
c. IDEA cipher
d. TwoFish
79. PKI or Public Key Infrastructure is defined as?
a. A set of encryption algorithms
b. A collection of public and private keys
c. A mechanism to encrypt and decrypt data
d. A framework to establish secure communications.
80. What is the primary purpose of a CA or Certificate Authority?
a. Issue and manage public key certificates
b. To control or standardize the size of encryption keys.
c. Validate a subject's identity
d. Control and support e-commerce
81. X.509 is most closely associated with which of the following?
a. Certificates
b. DNS
c. Encryption
d. Firewalls
Page 12
82. AES is based on what standard symmetric encryption block cipher?
a. Rijendael
b. RC5
c. Twofish
d. Diffe-Hellman
83. What block size is not used by RC5?
a. 32 bits
b. 64 bits
c. 96 bits
d. 128 bits
84. What encryption scheme was developed by Netscape to provide a means to
secure Web communications?
a. HTTPS
b. TLS
c. MOSS
d. SSL
85. What is it called when two different messages generate the same hash value?
a. Convergence
b. Collision
c. Collusion
d. Knapsack referral
86. The bit size of the algorithm used by RSA is what?
a. variable
b. Fixed
c. Time coded
d. Randomly generated
87. Elliptic curve cryptosystems can be employed as all but which of the
following?
a. Encryption
b. Digital signature
c. Key distribution
d. Hash functions
88. A certificate typically includes all but which of the following?
a. Serial number
b. Lifetime dates
c. Physical location of the subject
d. Signature of the issuing authority
Page 13
89. A one-way hash function when used against a message delivered via PKI
provides proof of what?
a. confidentiality
b. Non-repudiation
c. Availability
d. Integrity
90. What tool or mechanism is used to detect unauthorized changes to a delivered
message?
a. Digital signature
b. Digital certificate
c. Public key
d. Trap door function
91. What message protection methods must be employed to provide
confidentiality, integrity, and authentication while requiring the least amount
of work?
a. Hashing the message
b. Encrypting the message
c. Digitally signing the message
d. Encrypting and digitally signing the message
92. When an attacker is able to successfully position themselves within the
communications stream between a sender and a receiver so that the attacker
exchanges secured communications with each without either party being aware
of the attacker's present is known as?
a. Brute force
b. Spoofing
c. Spamming
d. Man-in-the-middle
93. Which of the following is a symmetric algorithm?
a. HAVAL
b. RSA
c. DES
d. SHA-1
94. The Clipper Chip is designed for use where?
a. Computers
b. Network switches
c. Telephones
d. Satellite links
Page 14
95. Which of the following is an initiative to define a standard IPSec
implementation for VPNs and to promote the use of VPNs on the Internet?
a. IKE
b. S/WAN
c. SONET
d. SMDS
96. What is the most common form of attack against encrypted communications?
a. Eavesdropping
b. Man-in-the-middle
c. Cyphertext-only attack
d. Replay attack
97. Replay attacks against encrypted communications can be actively prevented
using all but which of the following countermeasures?
a. Auditing
b. Validating session sequencing
c. Time stamps
d. Kerberos
98. What type of encryption is most effective at blocking eavesdropping attacks?
a. Link
b. Session
c. Authentication header
d. File
99. What Web communication technology is used to provide protection for
individual documents rather than an entire session?
a. SSL
b. S-HTTP
c. TLS
d. MOSS
100.Which of the following is not an e-mail security mechanism?
a. SMIME
b. MOSS
c. SET
d. PEM
101.Which of the following is the best rule of thumb to follow when designing or
implementing a key management system?
a. Use the longest key length possible
b. Use the key length that will provide just enough security for the
environment
c. Keys should be partly random and partly time code based
d. Key should be completely time code based.
Page 15
102.The authentication header (AH) of IPSec provides for all but which of the
following?
a. Encryption
b. Integrity
c. Authentication
d. Non-repudiation
103.Which of the following is a secured alternative to Telnet?
a. SMIME
b. SESAME
c. SSH
d. TFTP
104.What is the key length of 3DES?
a. 56 bits
b. 64 bits
c. 128 bits
d. 168 bits
105.A hash function is what type of function?
a. One to one
b. Many to one
c. One to many
d. Many to many
106.IKE, the key management process of IPSec, is comprised of all but which of
the following?
a. KDC (Key Distribution Center)
b. ISAKMP (Internet Security Association and Key Management Protocol)
c. SKEME (Secure Key Exchange Mechanism)
d. Oakley Key Determination Protocol
107.Which of the following is true of AES?
a. AES uses very large keys and needs significant computing power to
function efficiently.
b. AES is very fast and offers very secure encryption.
c. AES includes a LEAF backdoor.
d. AES is used as the primary encryption scheme of the Clipper Chip.
108.Which of the following uses a 160 bit hash value?
a. Haval
b. MD5
c. MD2
d. SHA-1
Page 16