Question #1
What size block does AES work on?
- A . 64
- B . 128
- C . 192
- D . 256
Correct Answer: B
B
Explanation:
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
B
Explanation:
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
Question #2
Which of the following is a type of encryption that has two different keys. One key can encrypt the message and the other key can only decrypt it?
- A . Block cipher
- B . Asymmetric
- C . Symmetric
- D . Stream cipher
Correct Answer: B
B
Explanation:
Asymmetric
Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner. The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security.
B
Explanation:
Asymmetric
Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner. The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security.
Question #3
The reverse process from encoding – converting the encoded message back into its plaintext format.
- A . Substitution
- B . Whitening
- C . Encoding
- D . Decoding
Correct Answer: D
D
Explanation:
Decoding
Decoding – reverse process from encoding,converting the encoded message back into its plaintext format.
D
Explanation:
Decoding
Decoding – reverse process from encoding,converting the encoded message back into its plaintext format.
Question #4
Which of the following are valid key sizes for AES (choose three)?
- A . 192
- B . 56
- C . 256
- D . 128
- E . 512
- F . 64
Correct Answer: A,C,D
A,C,D
Explanation:
Correct answers: 128, 192, 256 https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 200 1.
AES is a subset of the Rijndael block cipher developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
A,C,D
Explanation:
Correct answers: 128, 192, 256 https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 200 1.
AES is a subset of the Rijndael block cipher developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
Question #5
A non-secret binary vector used as the initializing input algorithm for encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance.
- A . IV
- B . Salt
- C . L2TP
- D . Nonce
Correct Answer: A
A
Explanation:
IV
https://en.wikipedia.org/wiki/Initialization_vector
In cryptography, an initialization vector (IV) or starting variable (SV) is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Randomization is crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. For block ciphers, the use of an IV is described by the modes of operation. Randomization is also required for other primitives, such as universal hash functions and message authentication codes based thereon.
A
Explanation:
IV
https://en.wikipedia.org/wiki/Initialization_vector
In cryptography, an initialization vector (IV) or starting variable (SV) is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Randomization is crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. For block ciphers, the use of an IV is described by the modes of operation. Randomization is also required for other primitives, such as universal hash functions and message authentication codes based thereon.
Question #6
What is Kerchoff’s principle?
- A . A minimum of 15 rounds is needed for a Feistel cipher to be secure
- B . Only the key needs to be secret, not the actual algorithm
- C . Both algorithm and key should be kept secret
- D . A minimum key size of 256 bits is necessary for security
Correct Answer: B
B
Explanation:
Only the key needs to be secret, not the actual algorithm https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
Kerckhoffs’s principle of cryptography was stated by Netherlands born cryptographer Auguste Kerckhoffs in the 19th century: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
B
Explanation:
Only the key needs to be secret, not the actual algorithm https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
Kerckhoffs’s principle of cryptography was stated by Netherlands born cryptographer Auguste Kerckhoffs in the 19th century: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Question #7
Protocol suite provides a method of setting up a secure channel for protected data exchange between two devices.
- A . CLR
- B . OCSP
- C . TLS
- D . IPSec
Correct Answer: D
D
Explanation:
IPSec
https://en.wikipedia.org/wiki/IPsec
Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).
D
Explanation:
IPSec
https://en.wikipedia.org/wiki/IPsec
Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).
Question #8
Which of the following algorithms uses three different keys to encrypt the plain text?
- A . Skipjack
- B . AES
- C . Blowfish
- D . 3DES
Correct Answer: D
D
Explanation:
3DES
https://en.wikipedia.org/wiki/Triple_DES
Triple DES (3DES) has a three different keys with same size (56-bit).
D
Explanation:
3DES
https://en.wikipedia.org/wiki/Triple_DES
Triple DES (3DES) has a three different keys with same size (56-bit).
Question #9
Encryption of the same plain text with the same key results in the same cipher text. Use of an IV that is XORed with the first block of plain text solves this problem.
- A . CFB
- B . GOST
- C . ECB
- D . RC4
Correct Answer: C
C
Explanation:
ECB
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
The simplest of the encryption modes is the electronic codebook (ECB) mode (named after conventional physical codebooks). The message is divided into blocks, and each block is encrypted separately.
The disadvantage of this method is a lack of diffusion. Because ECB encrypts identical plaintext blocks into identical ciphertext blocks, it does not hide data patterns well. ECB is not recommended for use in cryptographic protocols.
ECB mode can also make protocols without integrity protection even more susceptible to replay attacks, since each block gets decrypted in exactly the same way.
C
Explanation:
ECB
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
The simplest of the encryption modes is the electronic codebook (ECB) mode (named after conventional physical codebooks). The message is divided into blocks, and each block is encrypted separately.
The disadvantage of this method is a lack of diffusion. Because ECB encrypts identical plaintext blocks into identical ciphertext blocks, it does not hide data patterns well. ECB is not recommended for use in cryptographic protocols.
ECB mode can also make protocols without integrity protection even more susceptible to replay attacks, since each block gets decrypted in exactly the same way.
Question #10
How did the ATBASH cipher work?
- A . By substituting each letter for the letter from the opposite end of the alphabet (i.e. A becomes Z, B becomes Y, etc.)
- B . By rotating text a given number of spaces
- C . By Multi alphabet substitution
- D . By shifting each letter a certain number of spaces
Correct Answer: A
A
Explanation:
By substituting each letter for the letter from the opposite end of the alphabet (i.e. A becomes Z, B becomes Y, etc.)
https://en.wikipedia.org/wiki/Atbash
The Atbash cipher is a particular type of monoalphabetic cipher formed by taking the alphabet (or abjad, syllabary, etc.) and mapping it to its reverse, so that the first letter becomes the last letter, the second letter becomes the second to last letter, and so on.
A
Explanation:
By substituting each letter for the letter from the opposite end of the alphabet (i.e. A becomes Z, B becomes Y, etc.)
https://en.wikipedia.org/wiki/Atbash
The Atbash cipher is a particular type of monoalphabetic cipher formed by taking the alphabet (or abjad, syllabary, etc.) and mapping it to its reverse, so that the first letter becomes the last letter, the second letter becomes the second to last letter, and so on.
1 1. This is a proprietary version of PAP. Encrypts username and password as it is sent across network.
Question #11
Jane is looking for an algorithm to ensure message integrity .
Which of following would be an acceptable choice?
- A . RSA
- B . AES
- C . RC4
- D . SHA-1
Correct Answer: D
D
Explanation:
Integrity. In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. This means that data cannot be modified in an unauthorized or undetected manner.
An important application of hashes is verification of message integrity. Comparing message digests (hash digests over the message) calculated before, and after, transmission can determine whether any changes have been made to the message or file. SHA-1
https://en.wikipedia.org/wiki/SHA-1
SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest C typically rendered as a hexadecimal number, 40 digits long. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard.
D
Explanation:
Integrity. In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. This means that data cannot be modified in an unauthorized or undetected manner.
An important application of hashes is verification of message integrity. Comparing message digests (hash digests over the message) calculated before, and after, transmission can determine whether any changes have been made to the message or file. SHA-1
https://en.wikipedia.org/wiki/SHA-1
SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest C typically rendered as a hexadecimal number, 40 digits long. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard.
Question #12
When learning algorithms, such as RSA, it is important to understand the mathematics being used. In RSA, the number of positive integers less than or equal to some number is critical in key generation. The number of positive integers less than or equal to n that are coprime to n is called ______.
- A . Mersenne’s number
- B . Fermat’s number
- C . Euler’s totient
- D . Fermat’s prime
Correct Answer: C
C
Explanation:
Euler’s totient
https://en.wikipedia.org/wiki/Euler%27s_totient_function
In number theory, Euler’s totient function counts the positive integers up to a given integer n that are relatively prime to n.
C
Explanation:
Euler’s totient
https://en.wikipedia.org/wiki/Euler%27s_totient_function
In number theory, Euler’s totient function counts the positive integers up to a given integer n that are relatively prime to n.
Question #13
What is a variation of DES that uses a technique called Key Whitening?
- A . Blowfish
- B . DESX
- C . 3DES
- D . AES
Correct Answer: B
B
Explanation:
DESX
https://en.wikipedia.org/wiki/DES-X
In cryptography, DES-X (or DESX) is a variant on the DES (Data Encryption Standard) symmetric-key block cipher intended to increase the complexity of a brute-force attack using a technique called key whitening.
B
Explanation:
DESX
https://en.wikipedia.org/wiki/DES-X
In cryptography, DES-X (or DESX) is a variant on the DES (Data Encryption Standard) symmetric-key block cipher intended to increase the complexity of a brute-force attack using a technique called key whitening.
Question #14
Which algorithm implements an unbalanced Feistel cipher?
- A . Skipjack
- B . RSA
- C . 3DES
- D . Blowfish
Correct Answer: A
A
Explanation:
Skipjack
https://en.wikipedia.org/wiki/Skipjack_(cipher)
Skipjack uses an 80-bit key to encrypt or decrypt 64-bit data blocks. It is an unbalanced Feistel network with 32 rounds.
A
Explanation:
Skipjack
https://en.wikipedia.org/wiki/Skipjack_(cipher)
Skipjack uses an 80-bit key to encrypt or decrypt 64-bit data blocks. It is an unbalanced Feistel network with 32 rounds.
Question #15
What does the OCSP protocol provide?
- A . Revoked certificates
- B . Hashing
- C . VPN connectivity
- D . Encryption
Correct Answer: A
A
Explanation:
Revoked certificates
https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature of these messages leads to OCSP servers being termed OCSP responders.
A
Explanation:
Revoked certificates
https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature of these messages leads to OCSP servers being termed OCSP responders.
Question #16
RFC 1321 describes what hash?
- A . RIPEMD
- B . GOST
- C . SHA1
- D . MD5
Correct Answer: D
D
Explanation:
MD5
https://en.wikipedia.org/wiki/MD5
MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 132 1.
D
Explanation:
MD5
https://en.wikipedia.org/wiki/MD5
MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 132 1.
Question #17
A simple algorithm that will take the initial key and from that generate a slightly different key each round.
- A . Key Schedule
- B . Feistel Network
- C . SHA-2
- D . Diffie-Helman
Correct Answer: A
A
Explanation:
Key Schedule
https://en.wikipedia.org/wiki/Key_schedule
In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of rounds. The setup for each round is generally the same, except for round-specific fixed values called a round constant, and round-specific data derived from the cipher key called a round key. A key schedule is an algorithm that calculates all the round keys from the key.
A
Explanation:
Key Schedule
https://en.wikipedia.org/wiki/Key_schedule
In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of rounds. The setup for each round is generally the same, except for round-specific fixed values called a round constant, and round-specific data derived from the cipher key called a round key. A key schedule is an algorithm that calculates all the round keys from the key.
Question #18
You have been tasked with selecting a digital certificate standard for your company to use .
Which one of the following was an international standard for the format and information contained in a digital certificate?
- A . CA
- B . X.509
- C . CRL
- D . RFC 2298
Correct Answer: B
B
Explanation:
X.509
https://en.wikipedia.org/wiki/X.509
X.509 is a standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures. An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.
B
Explanation:
X.509
https://en.wikipedia.org/wiki/X.509
X.509 is a standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures. An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.
Question #19
Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?
- A . IPsec Policy Agent
- B . Internet Key Exchange (IKE)
- C . Oakley
- D . IPsec driver
Correct Answer: B
B
Explanation:
Internet Key Exchange (IKE)
https://en.wikipedia.org/wiki/Internet_Key_Exchange
Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication either pre-shared or distributed using DNS (preferably with DNSSEC) and a DiffieCHellman key exchange to set up a shared session secret from which cryptographic keys are derived.
B
Explanation:
Internet Key Exchange (IKE)
https://en.wikipedia.org/wiki/Internet_Key_Exchange
Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication either pre-shared or distributed using DNS (preferably with DNSSEC) and a DiffieCHellman key exchange to set up a shared session secret from which cryptographic keys are derived.
2 1. Symmetric algorithm. Designed by James Massey and Xuejia Lai. Operates on 64 bit blocks and has a 128 bit key. Consists of 8 identical transformations each round and an output transformation.
Question #20
You are explaining the details of the AES algorithm to cryptography students. You are discussing the derivation of the round keys from the shared symmetric key.
The portion of AES where round keys are derived from the cipher key using Rijndael’s key schedule is called what?
- A . The key expansion phase
- B . The round key phase
- C . The bit shifting phase
- D . The initial round
Correct Answer: A
A
Explanation:
The key expansion phase
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
KeyExpansion C round keys are derived from the cipher key using the AES key schedule.
AES requires a separate 128-bit round key block for each round plus one more.
A
Explanation:
The key expansion phase
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
KeyExpansion C round keys are derived from the cipher key using the AES key schedule.
AES requires a separate 128-bit round key block for each round plus one more.
Question #21
Which one of the following are characteristics of a hash function? (Choose two)
- A . Requires a key
- B . One-way
- C . Fixed length output
- D . Symmetric
- E . Fast
Correct Answer: B,C
B,C
Explanation:
Correct answers: One-way, Fixed length output https://en.wikipedia.org/wiki/Cryptographic_hash_function
A cryptographic hash function is a mathematical algorithm that maps data of arbitrary size (often called the "message") to a bit array of a fixed size (the "hash value", "hash", or "message digest"). It is a one-way function, that is, a function which is practically infeasible to invert.
B,C
Explanation:
Correct answers: One-way, Fixed length output https://en.wikipedia.org/wiki/Cryptographic_hash_function
A cryptographic hash function is a mathematical algorithm that maps data of arbitrary size (often called the "message") to a bit array of a fixed size (the "hash value", "hash", or "message digest"). It is a one-way function, that is, a function which is practically infeasible to invert.
Question #22
Which analysis type is based on the statistics of the numbers of unique colors and close-color pairs in a 24-bit image, a method that analyzes the pairs of colors created by LSB embedding?
- A . Differential Analysis
- B . Discrete Cosine Transform
- C . Raw Quick Pair
- D . Chi squared analysis
Correct Answer: C
C
Explanation:
Raw Quick Pair
https://www.cs.auckland.ac.nz/courses/compsci725s2c/archive/termpapers/yy.pdf
Du and Long2 (2000) introduced Raw Quick Pairs detecting method of Stego-images (the images that contain the steganographic message). The underlying principle of the method is that the number of close color pairs of Stego-images will be larger compare with the number of close color pairs of normal images. In contrast, Fridrich and Goljan (2001) pointed out that RQP method only works if the number of unique colors is relatively low; and the method can not be applied to grayscale images. However, this paper will outline the core principle of RQP method; and evaluate such critical comments in details. In addition, this paper suggests potential improvement of RQP method and provides one possible alternative.
C
Explanation:
Raw Quick Pair
https://www.cs.auckland.ac.nz/courses/compsci725s2c/archive/termpapers/yy.pdf
Du and Long2 (2000) introduced Raw Quick Pairs detecting method of Stego-images (the images that contain the steganographic message). The underlying principle of the method is that the number of close color pairs of Stego-images will be larger compare with the number of close color pairs of normal images. In contrast, Fridrich and Goljan (2001) pointed out that RQP method only works if the number of unique colors is relatively low; and the method can not be applied to grayscale images. However, this paper will outline the core principle of RQP method; and evaluate such critical comments in details. In addition, this paper suggests potential improvement of RQP method and provides one possible alternative.
Question #23
Which service in a PKI will vouch for the identity of an individual or company?
- A . CA
- B . CR
- C . KDC
- D . CBC
Correct Answer: A
A
Explanation:
CA
https://en.wikipedia.org/wiki/Certificate_authority
A certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party―trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard.
A
Explanation:
CA
https://en.wikipedia.org/wiki/Certificate_authority
A certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party―trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard.
Question #24
Which of the following is required for a hash?
- A . Not vulnerable to a brute force attack
- B . Few collisions
- C . Must use SALT
- D . Not reversible
- E . Variable length input, fixed length output
- F . Minimum key length
Correct Answer: D,E
D,E
Explanation:
Correct answers: Variable length input, fixed length output and Not reversible https://en.wikipedia.org/wiki/Hash_function
A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called hash values, hash codes, digests, or simply hashes. The values are used to index a fixed-size table called a hash table. Use of a hash function to index a hash table is called hashing or scatter storage addressing.
D,E
Explanation:
Correct answers: Variable length input, fixed length output and Not reversible https://en.wikipedia.org/wiki/Hash_function
A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called hash values, hash codes, digests, or simply hashes. The values are used to index a fixed-size table called a hash table. Use of a hash function to index a hash table is called hashing or scatter storage addressing.
Question #25
Created by D. H. Lehmer. It is a classic example of a Linear congruential generator. A PRNG type of linear congruential generator (LCG) that operates in multiplicative group of integers modulo n. The basic algorithm is Xi+1=(aXi + c) mod m, with 0 Xi m.
- A . Lehmer Random Number Generator
- B . Lagged Fibonacci Generator
- C . Linear Congruential Generator
- D . Blum Blum Shub
Correct Answer: A
A
Explanation:
Lehmer Random Number Generator https://en.wikipedia.org/wiki/Lehmer_random_number_generator
The Lehmer random number generator (named after D. H. Lehmer), sometimes also
referred to as the ParkCMiller random number generator (after Stephen K. Park and Keith W. Miller), is a type of linear congruential generator (LCG) that operates in multiplicative group of integers modulo n. The general formula is:
where the modulus m is a prime number or a power of a prime number, the multiplier a is an element of high multiplicative order modulo m (e.g., a primitive root modulo n), and the seed X0 is coprime to m.
Other names are multiplicative linear congruential generator (MLCG) and multiplicative congruential generator (MCG).
A
Explanation:
Lehmer Random Number Generator https://en.wikipedia.org/wiki/Lehmer_random_number_generator
The Lehmer random number generator (named after D. H. Lehmer), sometimes also
referred to as the ParkCMiller random number generator (after Stephen K. Park and Keith W. Miller), is a type of linear congruential generator (LCG) that operates in multiplicative group of integers modulo n. The general formula is:
where the modulus m is a prime number or a power of a prime number, the multiplier a is an element of high multiplicative order modulo m (e.g., a primitive root modulo n), and the seed X0 is coprime to m.
Other names are multiplicative linear congruential generator (MLCG) and multiplicative congruential generator (MCG).
Question #26
Which one of the following is a component of the PKI?
- A . CA
- B . TGS
- C . OCSP
- D . TGT
Correct Answer: A
A
Explanation:
CA
https://en.wikipedia.org/wiki/Certificate_authority
Certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party―trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard.
A
Explanation:
CA
https://en.wikipedia.org/wiki/Certificate_authority
Certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party―trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard.
Question #27
Frank is trying to break into an encrypted file… He is attempting all the possible keys that could be used for this algorithm.
Attempting to crack encryption by simply trying as many randomly generated keys as possible is referred to as what?
- A . Rainbow table
- B . Frequency analysis
- C . Brute force
- D . Kasiski
Correct Answer: C
C
Explanation:
Brute force
https://en.wikipedia.org/wiki/Brute-force_attack Brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.
C
Explanation:
Brute force
https://en.wikipedia.org/wiki/Brute-force_attack Brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.
Question #28
Which one of the following best describes a process that splits the block of plaintext into two separate blocks, then applies the round function to one half, and finally swaps the two halves?
- A . Block ciphers
- B . Symmetric cryptography
- C . Feistel cipher
- D . Substitution cipher
Correct Answer: C
C
Explanation:
Correct answer:
https://en.wikipedia.org/wiki/Feistel_cipher
Feistel cipher (also known as LubyCRackoff block cipher) is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel who did pioneering research while working for IBM (USA); it is also commonly known as a Feistel network. A large proportion of block ciphers use the scheme, including the US Data Encryption Standard, the Soviet-developed GOST and the more recent Blowfish and Twofish ciphers. In a Feistel cipher, encryption and decryption
are very similar operations, and both consist of iteratively running a function called a "round function" a fixed number of times.
C
Explanation:
Correct answer:
https://en.wikipedia.org/wiki/Feistel_cipher
Feistel cipher (also known as LubyCRackoff block cipher) is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel who did pioneering research while working for IBM (USA); it is also commonly known as a Feistel network. A large proportion of block ciphers use the scheme, including the US Data Encryption Standard, the Soviet-developed GOST and the more recent Blowfish and Twofish ciphers. In a Feistel cipher, encryption and decryption
are very similar operations, and both consist of iteratively running a function called a "round function" a fixed number of times.
3 1. The art and science of writing hidden messages so that no one suspects the existence of the message, a type of security through obscurity. Message can be hidden in picture or audio file for example. Uses least significant bits in a file to store data.
Question #29
A _____ is a function that takes a variable-size input m and returns a fixed-size string.
- A . Feistel
- B . Asymmetric cipher
- C . Symmetric cipher
- D . Hash
Correct Answer: D
D
Explanation:
Hash
https://en.wikipedia.org/wiki/Hash_function
A hash function is any function that can be used to map data of arbitrary size to fixed-size values.
D
Explanation:
Hash
https://en.wikipedia.org/wiki/Hash_function
A hash function is any function that can be used to map data of arbitrary size to fixed-size values.
Question #30
Basic information theory is the basis for modern symmetric ciphers. Understanding the terminology of information theory is, therefore, important.
If a single change of a single bit in the plaintext causes changes in all the bits of the resulting ciphertext, what is this called?
- A . Complete diffusion
- B . Complete scrambling
- C . Complete confusion
- D . Complete avalanche
Correct Answer: D
Question #31
Which of the following would be the fastest.
- A . EC
- B . DH
- C . RSA
- D . AES
Correct Answer: D
D
Explanation:
AES
https://en.wikipedia.org/wiki/Symmetric-key_algorithm AES – symmetric cipher. Symmetric keys use the same key for both encryption and decryption. Both the sender and receiver of the data must know and share the secret key. For standard encrypt/decrypt functions, symmetric algorithms generally perform much faster than their asymmetrical counterparts. This is due to the fact that asymmetric cryptography is massively inefficient. Symmetric cryptography is designed precisely for the efficient processing of large volumes of data. In other words, symmetric encryption is generally used for speed and performance, e.g. when there’s a large amount of data that needs to be encrypted/protected.
D
Explanation:
AES
https://en.wikipedia.org/wiki/Symmetric-key_algorithm AES – symmetric cipher. Symmetric keys use the same key for both encryption and decryption. Both the sender and receiver of the data must know and share the secret key. For standard encrypt/decrypt functions, symmetric algorithms generally perform much faster than their asymmetrical counterparts. This is due to the fact that asymmetric cryptography is massively inefficient. Symmetric cryptography is designed precisely for the efficient processing of large volumes of data. In other words, symmetric encryption is generally used for speed and performance, e.g. when there’s a large amount of data that needs to be encrypted/protected.
Question #32
What best describes the shifting of each letter a fixed number of spaces to the left or right?
- A . Single substitution
- B . Multi substitution
- C . XOR
- D . Bit shifting
Correct Answer: A
A
Explanation:
Single substitution
https://en.wikipedia.org/wiki/Substitution_cipher#Simple_substitution
Substitution of single letters separately―simple substitution―can be demonstrated by writing out the alphabet in some order to represent the substitution. This is termed a substitution alphabet. The cipher alphabet may be shifted or reversed (creating the Caesar and Atbash ciphers, respectively) or scrambled in a more complex fashion, in which case it is called a mixed alphabet or deranged alphabet.
A
Explanation:
Single substitution
https://en.wikipedia.org/wiki/Substitution_cipher#Simple_substitution
Substitution of single letters separately―simple substitution―can be demonstrated by writing out the alphabet in some order to represent the substitution. This is termed a substitution alphabet. The cipher alphabet may be shifted or reversed (creating the Caesar and Atbash ciphers, respectively) or scrambled in a more complex fashion, in which case it is called a mixed alphabet or deranged alphabet.
Question #33
DES has a key space of what?
- A . 2^128
- B . 2^192
- C . 2^64
- D . 2^56
Correct Answer: D
D
Explanation:
2^56
https://en.wikipedia.org/wiki/Data_Encryption_Standard
The Data Encryption Standard (DES) is a symmetric-key algorithm for the encryption of
digital data. Although its short key length of 56 bits makes it too insecure for applications, it has been highly influential in the advancement of cryptography.
D
Explanation:
2^56
https://en.wikipedia.org/wiki/Data_Encryption_Standard
The Data Encryption Standard (DES) is a symmetric-key algorithm for the encryption of
digital data. Although its short key length of 56 bits makes it too insecure for applications, it has been highly influential in the advancement of cryptography.
Question #34
Which of the following is generally true about key sizes?
- A . Larger key sizes increase security
- B . Key size is irrelevant to security
- C . Key sizes must be more than 256 bits to be secure
- D . Smaller key sizes increase security
Correct Answer: A
A
Explanation:
Larger key sizes increase security
https://en.wikipedia.org/wiki/Key_size
Key length defines the upper-bound on an algorithm’s security (i.e. a logarithmic measure of the fastest known attack against an algorithm), since the security of all algorithms can be violated by brute-force attacks. Ideally, the lower-bound on an algorithm’s security is by design equal to the key length (that is, the security is determined entirely by the keylength, or in other words, the algorithm’s design doesn’t detract from the degree of security inherent in the key length). Indeed, most symmetric-key algorithms are designed to have security equal to their key length. However, after design, a new attack might be discovered. For instance, Triple DES was designed to have a 168 bit key, but an attack of complexity 2112 is now known (i.e. Triple DES now only has 112 bits of security, and of the 168 bits in the key the attack has rendered 56 ‘ineffective’ towards security). Nevertheless, as long as the security (understood as ‘the amount of effort it would take to gain access’) is sufficient for a particular application, then it doesn’t matter if key length and security coincide. This is important for asymmetric-key algorithms, because no such algorithm is known to satisfy this property; elliptic curve cryptography comes the closest with an effective security of roughly half its key length.
A
Explanation:
Larger key sizes increase security
https://en.wikipedia.org/wiki/Key_size
Key length defines the upper-bound on an algorithm’s security (i.e. a logarithmic measure of the fastest known attack against an algorithm), since the security of all algorithms can be violated by brute-force attacks. Ideally, the lower-bound on an algorithm’s security is by design equal to the key length (that is, the security is determined entirely by the keylength, or in other words, the algorithm’s design doesn’t detract from the degree of security inherent in the key length). Indeed, most symmetric-key algorithms are designed to have security equal to their key length. However, after design, a new attack might be discovered. For instance, Triple DES was designed to have a 168 bit key, but an attack of complexity 2112 is now known (i.e. Triple DES now only has 112 bits of security, and of the 168 bits in the key the attack has rendered 56 ‘ineffective’ towards security). Nevertheless, as long as the security (understood as ‘the amount of effort it would take to gain access’) is sufficient for a particular application, then it doesn’t matter if key length and security coincide. This is important for asymmetric-key algorithms, because no such algorithm is known to satisfy this property; elliptic curve cryptography comes the closest with an effective security of roughly half its key length.
Question #35
Which one of the following is an algorithm that uses variable length key from 1 to 256 bytes, which constitutes a state table that is used for subsequent generation of pseudorandom bytes and then a pseudorandom string of bits, which is XORed with the plaintext to produce the ciphertext?
- A . PIKE
- B . Twofish
- C . RC4
- D . Blowfish
Correct Answer: C
C
Explanation:
RC4
https://en.wikipedia.org/wiki/RC4
RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.
The key-scheduling algorithm is used to initialize the permutation in the array "S". "keylength" is defined as the number of bytes in the key and can be in the range 1 keylength 256, typically between 5 and 16, corresponding to a key length of 40 C 128 bits. First, the array "S" is initialized to the identity permutation. S is then processed for 256 iterations in a similar way to the main PRGA, but also mixes in bytes of the key at the same time.
C
Explanation:
RC4
https://en.wikipedia.org/wiki/RC4
RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.
The key-scheduling algorithm is used to initialize the permutation in the array "S". "keylength" is defined as the number of bytes in the key and can be in the range 1 keylength 256, typically between 5 and 16, corresponding to a key length of 40 C 128 bits. First, the array "S" is initialized to the identity permutation. S is then processed for 256 iterations in a similar way to the main PRGA, but also mixes in bytes of the key at the same time.
Question #36
Which of the following is the standard for digital certificates?
- A . RFC 2298
- B . X.509
- C . CRL
- D . CA
Correct Answer: B
B
Explanation:
X.509
https://en.wikipedia.org/wiki/X.509
X.509 is a standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures. An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.
B
Explanation:
X.509
https://en.wikipedia.org/wiki/X.509
X.509 is a standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures. An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.
Question #37
A type of frequency analysis used to attack polyalphabetic substitution ciphers. It’s used to try to discover patterns and use that information to decrypt the cipher.
- A . Kasiski Method
- B . Birthday Attack
- C . Information Deduction
- D . Integral Cryptanalysis
Correct Answer: A
A
Explanation:
Kasiski Method
https://en.wikipedia.org/wiki/Kasiski_examination
In cryptanalysis, Kasiski examination (also referred to as Kasiski’s test or Kasiski’s method) is a method of attacking polyalphabetic substitution ciphers, such as the Vigenère cipher. It was first published by Friedrich Kasiski in 1863, but seems to have been independently discovered by Charles Babbage as early as 1846.
A
Explanation:
Kasiski Method
https://en.wikipedia.org/wiki/Kasiski_examination
In cryptanalysis, Kasiski examination (also referred to as Kasiski’s test or Kasiski’s method) is a method of attacking polyalphabetic substitution ciphers, such as the Vigenère cipher. It was first published by Friedrich Kasiski in 1863, but seems to have been independently discovered by Charles Babbage as early as 1846.
4 1. A cryptographic hash function which uses a Merkle tree-like structure to allow for immense parallel computation of hashes for very long inputs. Authors claim a performance of 28 cycles per byte for MD6-256 on an Intel Core 2 Duo and provable resistance against differential cryptanalysis.
Question #38
WPA2 uses AES for wireless data encryption at which of the following encryption levels?
- A . 128 bit and CRC
- B . 128 bi and TKIP
- C . 128 bit and CCMP
- D . 64 bit and CCMP
Correct Answer: C
C
Explanation:
128 bit and CCMP
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol that forms part of the 802.11i standard for wireless local area networks (WLANs), particularly those using WiMax technology. CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks.
C
Explanation:
128 bit and CCMP
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol that forms part of the 802.11i standard for wireless local area networks (WLANs), particularly those using WiMax technology. CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks.
Question #39
Original, unencrypted information is referred to as ____.
- A . text
- B . plaintext
- C . ciphertext
- D . cleartext
Correct Answer: B
B
Explanation:
plaintext
https://en.wikipedia.org/wiki/Plaintext
In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. Cleartext usually refers to data that is transmitted or stored unencrypted ("in clear").
B
Explanation:
plaintext
https://en.wikipedia.org/wiki/Plaintext
In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. Cleartext usually refers to data that is transmitted or stored unencrypted ("in clear").
Question #40
What is the basis for the FISH algorithm?
- A . The Lagged Fibonacci generator
- B . Prime number theory
- C . Equations that describe an ellipse
- D . The difficulty in factoring numbers
Correct Answer: A
A
Explanation:
The Lagged Fibonacci generator
https://en.wikipedia.org/wiki/FISH_(cipher)
The FISH (FIbonacci SHrinking) stream cipher is a fast software based stream cipher using Lagged Fibonacci generators, plus a concept from the shrinking generator cipher. It was published by Siemens in 1993. FISH is quite fast in software and has a huge key length. However, in the same paper where he proposed Pike, Ross Anderson showed that FISH can be broken with just a few thousand bits of known plaintext.
A
Explanation:
The Lagged Fibonacci generator
https://en.wikipedia.org/wiki/FISH_(cipher)
The FISH (FIbonacci SHrinking) stream cipher is a fast software based stream cipher using Lagged Fibonacci generators, plus a concept from the shrinking generator cipher. It was published by Siemens in 1993. FISH is quite fast in software and has a huge key length. However, in the same paper where he proposed Pike, Ross Anderson showed that FISH can be broken with just a few thousand bits of known plaintext.
Question #41
Changing some part of the plain text for some matching part of cipher text. Historical algorithms typically use this.
- A . Decoding
- B . Substitution
- C . Transposition
- D . Collision
Correct Answer: B
B
Explanation:
Substitution
https://en.wikipedia.org/wiki/Substitution_cipher
In cryptography, a substitution cipher is a method of encrypting by which units of plaintext are replaced with ciphertext, according to a fixed system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing the inverse substitution.
B
Explanation:
Substitution
https://en.wikipedia.org/wiki/Substitution_cipher
In cryptography, a substitution cipher is a method of encrypting by which units of plaintext are replaced with ciphertext, according to a fixed system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing the inverse substitution.
Question #42
Which of the following acts as a verifier for the certificate authority?
- A . Certificate Management system
- B . Directory management system
- C . Registration authority
- D . Certificate authority
Correct Answer: C
C
Explanation:
Registration authority
https://en.wikipedia.org/wiki/Registration_authority
Registration authorities exist for many standards organizations, such as ANNA (Association of National Numbering Agencies for ISIN), the Object Management Group, W3C, IEEE and others. In general, registration authorities all perform a similar function, in promoting the use of a particular standard through facilitating its use. This may be by applying the standard, where appropriate, or by verifying that a particular application satisfies the standard’s tenants. Maintenance agencies, in contrast, may change an element in a standard based on set rules C such as the creation or change of a currency code when a currency is created or revalued (i.e. TRL to TRY for Turkish lira). The Object Management Group has an additional concept of certified provider, which is deemed an entity permitted to perform some functions on behalf of the registration authority, under specific processes and procedures documented within the standard for such a role.
C
Explanation:
Registration authority
https://en.wikipedia.org/wiki/Registration_authority
Registration authorities exist for many standards organizations, such as ANNA (Association of National Numbering Agencies for ISIN), the Object Management Group, W3C, IEEE and others. In general, registration authorities all perform a similar function, in promoting the use of a particular standard through facilitating its use. This may be by applying the standard, where appropriate, or by verifying that a particular application satisfies the standard’s tenants. Maintenance agencies, in contrast, may change an element in a standard based on set rules C such as the creation or change of a currency code when a currency is created or revalued (i.e. TRL to TRY for Turkish lira). The Object Management Group has an additional concept of certified provider, which is deemed an entity permitted to perform some functions on behalf of the registration authority, under specific processes and procedures documented within the standard for such a role.
Question #43
Cylinder tool. Wrap leather around to decode. The diameter is the key. Used in 7th century BC by greek poet Archilochus.
- A . Cipher disk
- B . Caesar cipher
- C . Scytale
- D . Enigma machine
Correct Answer: C
C
Explanation:
Scytale
https://en.wikipedia.org/wiki/Scytale
A scytale is a tool used to perform a transposition cipher, consisting of a cylinder with a strip of parchment wound around it on which is written a message. The ancient Greeks, and the Spartans in particular, are said to have used this cipher in 7th century BC to communicate during military campaigns.
The recipient uses a rod of the same diameter on which the parchment is wrapped to read the message. It has the advantage of being fast and not prone to mistakes―a necessary property when on the battlefield. It can, however, be easily broken. Since the strip of parchment hints strongly at the method, the ciphertext would have to be transferred to something less suggestive, somewhat reducing the advantage noted.
C
Explanation:
Scytale
https://en.wikipedia.org/wiki/Scytale
A scytale is a tool used to perform a transposition cipher, consisting of a cylinder with a strip of parchment wound around it on which is written a message. The ancient Greeks, and the Spartans in particular, are said to have used this cipher in 7th century BC to communicate during military campaigns.
The recipient uses a rod of the same diameter on which the parchment is wrapped to read the message. It has the advantage of being fast and not prone to mistakes―a necessary property when on the battlefield. It can, however, be easily broken. Since the strip of parchment hints strongly at the method, the ciphertext would have to be transferred to something less suggestive, somewhat reducing the advantage noted.
Question #44
Software for maintaining an on-the-fly-encrypted volume. Data is automatically encrypted right before it is saved, then decrypted right after it is loaded, all w/o user intervention.
- A . VPN
- B . PGP
- C . Cryptool
- D . VeraCrypt
Correct Answer: D
D
Explanation:
VeraCrypt
https://en.wikipedia.org/wiki/VeraCrypt
VeraCrypt is a source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file or encrypt a partition or (in Windows) the entire storage device with pre-boot authentication.
D
Explanation:
VeraCrypt
https://en.wikipedia.org/wiki/VeraCrypt
VeraCrypt is a source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file or encrypt a partition or (in Windows) the entire storage device with pre-boot authentication.
Question #45
Calculates the average LSB and builds a table of frequencies and Pair of Values. Performs a test on the two tables. It measures the theoretical vs. calculated population difference.
- A . Certificate Authority
- B . Raw Quick Pair
- C . Chi-Square Analysis
- D . SP network
Correct Answer: C
C
Explanation:
Chi-Square Analysis
https://en.wikipedia.org/wiki/Chi-squared_test
A chi-squared test, is a statistical hypothesis test that is valid to perform when the test statistic is chi-squared distributed under the null hypothesis, specifically Pearson’s chi-squared test and variants thereof. Pearson’s chi-squared test is used to determine whether there is a statistically significant difference between the expected frequencies and the observed frequencies in one or more categories of a contingency table.
In cryptanalysis, the chi-squared test is used to compare the distribution of plaintext and (possibly) decrypted ciphertext. The lowest value of the test means that the decryption was successful with high probability. This method can be generalized for solving modern cryptographic problems.
C
Explanation:
Chi-Square Analysis
https://en.wikipedia.org/wiki/Chi-squared_test
A chi-squared test, is a statistical hypothesis test that is valid to perform when the test statistic is chi-squared distributed under the null hypothesis, specifically Pearson’s chi-squared test and variants thereof. Pearson’s chi-squared test is used to determine whether there is a statistically significant difference between the expected frequencies and the observed frequencies in one or more categories of a contingency table.
In cryptanalysis, the chi-squared test is used to compare the distribution of plaintext and (possibly) decrypted ciphertext. The lowest value of the test means that the decryption was successful with high probability. This method can be generalized for solving modern cryptographic problems.
Question #46
If you wished to see a list of revoked certificates from a CA, where would you look?
- A . RA
- B . RFC
- C . CRL
- D . CA
Correct Answer: C
C
Explanation:
CRL
https://ru.wikipedia.org/wiki/Certificate_Revocation_List
Certificate Revocation List (or CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted".
C
Explanation:
CRL
https://ru.wikipedia.org/wiki/Certificate_Revocation_List
Certificate Revocation List (or CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted".
5 1. Nicholas is working at a bank in Germany. He is looking at German standards for pseudo random number generators. He wants a good PRNG for generating symmetric keys. The German Federal Office for Information Security (BSI) has established four criteria for quality of random number generators .
Which ones can be used for cryptography?
Question #47
Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?
- A . Key distribution
- B . Security
- C . Scalability
- D . Speed
Correct Answer: D
D
Explanation:
Speed
Symmetric key systems are considerably faster than asymmetric key systems but have issues with proper key distribution, controlling keys as more users need to communicate, and cannot provide non-repudiation or authenticity.
D
Explanation:
Speed
Symmetric key systems are considerably faster than asymmetric key systems but have issues with proper key distribution, controlling keys as more users need to communicate, and cannot provide non-repudiation or authenticity.
Question #48
During the process of encryption and decryption, what keys are shared?
- A . Public keys
- B . Public and private keys
- C . User passwords
- D . Private keys
Correct Answer: A
A
Explanation:
Public keys
https://en.wikipedia.org/wiki/Public-key_cryptography Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner. The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security.
In such a system, any person can encrypt a message using the receiver’s public key, but that encrypted message can only be decrypted with the receiver’s private key.
Alice and Bob have two keys of their own ― just to be clear, that’s four keys total. Each party has their own public key, which they share with the world, and their own private key which they well, which they keep private, of course but, more than that, which they keep as a closely guarded secret. The magic of public key cryptography is that a message encrypted with the public key can only be decrypted with the private key. Alice will encrypt her message with Bob’s public key, and even though Eve knows she used Bob’s public key, and even though Eve knows Bob’s public key herself, she is unable to decrypt the message. Only Bob, using his secret key, can decrypt the message assuming he’s kept it secret, of course.
Alice and Bob do not need to plan anything ahead of time to communicate securely: they generate their public-private key pairs independently, and happily broadcast their public keys to the world at large. Alice can rest assured that only Bob can decrypt the message she sends because she has encrypted it with his public key.
A
Explanation:
Public keys
https://en.wikipedia.org/wiki/Public-key_cryptography Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner. The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security.
In such a system, any person can encrypt a message using the receiver’s public key, but that encrypted message can only be decrypted with the receiver’s private key.
Alice and Bob have two keys of their own ― just to be clear, that’s four keys total. Each party has their own public key, which they share with the world, and their own private key which they well, which they keep private, of course but, more than that, which they keep as a closely guarded secret. The magic of public key cryptography is that a message encrypted with the public key can only be decrypted with the private key. Alice will encrypt her message with Bob’s public key, and even though Eve knows she used Bob’s public key, and even though Eve knows Bob’s public key herself, she is unable to decrypt the message. Only Bob, using his secret key, can decrypt the message assuming he’s kept it secret, of course.
Alice and Bob do not need to plan anything ahead of time to communicate securely: they generate their public-private key pairs independently, and happily broadcast their public keys to the world at large. Alice can rest assured that only Bob can decrypt the message she sends because she has encrypted it with his public key.
Question #49
Collision resistance is an important property for any hashing algorithm. Joan wants to find a cryptographic hash that has strong collision resistance .
Which one of the following is the most collisionresistant?
- A . SHA2
- B . MD5
- C . MD4
- D . PIKE
Correct Answer: A
A
Explanation:
SHA2
https://en.wikipedia.org/wiki/Collision_resistance
Collision resistance is a property of cryptographic hash functions: a hash function H is collision-resistant if it is hard to find two inputs that hash to the same output; that is, two inputs a and b where a b but H(a) = H(b). The pigeonhole principle means that any hash function with more inputs than outputs will necessarily have such collisions; the harder they are to find, the more cryptographically secure the hash function is.
Due to the Birthday Problem, for a hash function that produces an output of length n bits, the probability of getting a collision is 1/2^n/2. So, just looking for a hash function with larger "n".
The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
A
Explanation:
SHA2
https://en.wikipedia.org/wiki/Collision_resistance
Collision resistance is a property of cryptographic hash functions: a hash function H is collision-resistant if it is hard to find two inputs that hash to the same output; that is, two inputs a and b where a b but H(a) = H(b). The pigeonhole principle means that any hash function with more inputs than outputs will necessarily have such collisions; the harder they are to find, the more cryptographically secure the hash function is.
Due to the Birthday Problem, for a hash function that produces an output of length n bits, the probability of getting a collision is 1/2^n/2. So, just looking for a hash function with larger "n".
The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
Question #50
A cryptanalysis success where the attacker discovers additional plain texts (or cipher texts) not previously known.
- A . Total Break
- B . Distinguishing Algorithm
- C . Instance Deduction
- D . Information Deduction
Correct Answer: C
C
Explanation:
Instance Deduction
https://en.wikipedia.org/wiki/Cryptanalysis
The results of cryptanalysis can also vary in usefulness. For example, cryptographer Lars Knudsen (1998) classified various types of attack on block ciphers according to the amount and quality of secret information that was discovered:
Total break ― the attacker deduces the secret key.
Global deduction ― the attacker discovers a functionally equivalent algorithm for encryption and decryption, but without learning the key.
Instance (local) deduction ― the attacker discovers additional plaintexts (or ciphertexts) not previously known.
Information deduction ― the attacker gains some Shannon information about plaintexts (or ciphertexts) not previously known.
Distinguishing algorithm ― the attacker can distinguish the cipher from a random permutation.
C
Explanation:
Instance Deduction
https://en.wikipedia.org/wiki/Cryptanalysis
The results of cryptanalysis can also vary in usefulness. For example, cryptographer Lars Knudsen (1998) classified various types of attack on block ciphers according to the amount and quality of secret information that was discovered:
Total break ― the attacker deduces the secret key.
Global deduction ― the attacker discovers a functionally equivalent algorithm for encryption and decryption, but without learning the key.
Instance (local) deduction ― the attacker discovers additional plaintexts (or ciphertexts) not previously known.
Information deduction ― the attacker gains some Shannon information about plaintexts (or ciphertexts) not previously known.
Distinguishing algorithm ― the attacker can distinguish the cipher from a random permutation.
Question #51
Juanita is attempting to hide some text into a jpeg file. Hiding messages inside another medium is referred to as which one of the following?
- A . Cryptography
- B . Steganalysis
- C . Cryptology
- D . Steganography
Correct Answer: D
D
Explanation:
Steganography
https://en.wikipedia.org/wiki/Steganography
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography comes from Greek steganographia, which combines the words steganós, meaning "covered or concealed", and -graphia meaning "writing".
D
Explanation:
Steganography
https://en.wikipedia.org/wiki/Steganography
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography comes from Greek steganographia, which combines the words steganós, meaning "covered or concealed", and -graphia meaning "writing".
Question #52
The Clipper chip is notable in the history of cryptography for many reasons. First, it was designed for civilian used secure phones. Secondly, it was designed to use a very specific symmetric cipher .
Which one of the following was originally designed to provide built-in cryptography for the Clipper chip?
- A . Blowfish
- B . Twofish
- C . Skipjack
- D . Serpent
Correct Answer: C
C
Explanation:
Skipjack
https://en.wikipedia.org/wiki/Clipper_chip
The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured “voice and data messages" with a built-in backdoor that was intended to “allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions.". It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.
he Clipper chip used a data encryption algorithm called Skipjack to transmit information and the DiffieCHellman key exchange-algorithm to distribute the cryptokeys between the peers. Skipjack was invented by the National Security Agency of the U.S. Government; this algorithm was initially classified SECRET, which prevented it from being subjected to peer review from the encryption research community. The government did state that it used an 80-bit key, that the algorithm was symmetric, and that it was similar to the DES algorithm. The Skipjack algorithm was declassified and published by the NSA on June 24, 1998. The initial cost of the chips was said to be $16 (unprogrammed) or $26 (programmed), with its logic designed by Mykotronx, and fabricated by VLSI Technology, Inc (see the VLSI logo on the image on this page).
C
Explanation:
Skipjack
https://en.wikipedia.org/wiki/Clipper_chip
The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured “voice and data messages" with a built-in backdoor that was intended to “allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions.". It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.
he Clipper chip used a data encryption algorithm called Skipjack to transmit information and the DiffieCHellman key exchange-algorithm to distribute the cryptokeys between the peers. Skipjack was invented by the National Security Agency of the U.S. Government; this algorithm was initially classified SECRET, which prevented it from being subjected to peer review from the encryption research community. The government did state that it used an 80-bit key, that the algorithm was symmetric, and that it was similar to the DES algorithm. The Skipjack algorithm was declassified and published by the NSA on June 24, 1998. The initial cost of the chips was said to be $16 (unprogrammed) or $26 (programmed), with its logic designed by Mykotronx, and fabricated by VLSI Technology, Inc (see the VLSI logo on the image on this page).
Question #53
The most common way steganography is accomplished is via which one of the following?
- A . rsb
- B . Isb
- C . msb
- D . asb
Correct Answer: B
B
Explanation:
lbs
https://en.wikipedia.org/wiki/Bit_numbering#:~:text=In%20computing%2C%20the%20least%20significant,number%20is%20even%20or%20odd.
The least significant bit (LSB) is the bit position in a binary integer giving the units value, that is, determining whether the number is even or odd. The LSB is sometimes referred to as the low-order bit or right-most bit, due to the convention in positional notation of writing less significant digits further to the right. It is analogous to the least significant digit of a decimal integer, which is the digit in the ones (right-most) position.
B
Explanation:
lbs
https://en.wikipedia.org/wiki/Bit_numbering#:~:text=In%20computing%2C%20the%20least%20significant,number%20is%20even%20or%20odd.
The least significant bit (LSB) is the bit position in a binary integer giving the units value, that is, determining whether the number is even or odd. The LSB is sometimes referred to as the low-order bit or right-most bit, due to the convention in positional notation of writing less significant digits further to the right. It is analogous to the least significant digit of a decimal integer, which is the digit in the ones (right-most) position.
Question #54
In a Feistel cipher, the two halves of the block are swapped in each round .
What does this provide?
- A . Diffusion
- B . Confusion
- C . Avalanche
- D . Substitution
Correct Answer: B
B
Explanation:
Confusion
https://en.wikipedia.org/wiki/Confusion_and_diffusion#Definition
Confusion means that each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two.
The property of confusion hides the relationship between the ciphertext and the key.
This property makes it difficult to find the key from the ciphertext and if a single bit in a key is changed, the calculation of the values of most or all of the bits in the ciphertext will be affected.
Confusion increases the ambiguity of ciphertext and it is used by both block and stream ciphers.
Incorrect answer:
Avalanche – The avalanche effect is the desirable property of cryptographic algorithms, typically block ciphers and cryptographic hash functions, wherein if an input is changed slightly (for example, flipping a single bit), the output changes significantly (e.g., half the output bits flip). In the case of high-quality block ciphers, such a small change in either the key or the plaintext should cause a drastic change in the ciphertext. The actual term was first used by Horst Feistel, although the concept dates back to at least Shannon’s diffusion.
Diffusion – Diffusion means that if we change a single bit of the plaintext, then (statistically)
half of the bits in the ciphertext should change, and similarly, if we change one bit of the ciphertext, then approximately one half of the plaintext bits should change.[2] Since a bit can have only two states, when they are all re-evaluated and changed from one seemingly random position to another, half of the bits will have changed state.
Substitution – Substitution technique is a classical encryption technique where the characters present in the original message are replaced by the other characters or numbers or by symbols.
B
Explanation:
Confusion
https://en.wikipedia.org/wiki/Confusion_and_diffusion#Definition
Confusion means that each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two.
The property of confusion hides the relationship between the ciphertext and the key.
This property makes it difficult to find the key from the ciphertext and if a single bit in a key is changed, the calculation of the values of most or all of the bits in the ciphertext will be affected.
Confusion increases the ambiguity of ciphertext and it is used by both block and stream ciphers.
Incorrect answer:
Avalanche – The avalanche effect is the desirable property of cryptographic algorithms, typically block ciphers and cryptographic hash functions, wherein if an input is changed slightly (for example, flipping a single bit), the output changes significantly (e.g., half the output bits flip). In the case of high-quality block ciphers, such a small change in either the key or the plaintext should cause a drastic change in the ciphertext. The actual term was first used by Horst Feistel, although the concept dates back to at least Shannon’s diffusion.
Diffusion – Diffusion means that if we change a single bit of the plaintext, then (statistically)
half of the bits in the ciphertext should change, and similarly, if we change one bit of the ciphertext, then approximately one half of the plaintext bits should change.[2] Since a bit can have only two states, when they are all re-evaluated and changed from one seemingly random position to another, half of the bits will have changed state.
Substitution – Substitution technique is a classical encryption technique where the characters present in the original message are replaced by the other characters or numbers or by symbols.
Question #55
The most widely used asymmetric encryption algorithm is what?
- A . Vigenere
- B . Caesar Cipher
- C . RSA
- D . DES
Correct Answer: C
C
Explanation:
RSA
The RSA encryption algorithm is one of the most widely used public key encryption algorithms that have ever been invented. It was created by the three scientists Ronald Rivest, Adi Shamir, and Leonard Adleman in 1977, and today it is increasingly being used in the network area.
C
Explanation:
RSA
The RSA encryption algorithm is one of the most widely used public key encryption algorithms that have ever been invented. It was created by the three scientists Ronald Rivest, Adi Shamir, and Leonard Adleman in 1977, and today it is increasingly being used in the network area.
6 1. What must occur in order for a cipher to be considered ‘broken’?
Question #56
A _________ is a digital representation of information that identifies you as a relevant entity by a trusted third party.
- A . Digital Signature
- B . Hash
- C . Ownership stamp
- D . Digest
Correct Answer: A
A
Explanation:
Digital Signature
https://en.wikipedia.org/wiki/Digital_signature
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).
A
Explanation:
Digital Signature
https://en.wikipedia.org/wiki/Digital_signature
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).
Question #57
Hash. Created by Ronald Rivest. Replaced MD4. 128 bit output size, 512 bit block size, 32 bit word size, 64 rounds. Infamously compromised by Flame malware in 2012.
- A . Keccak
- B . MD5
- C . SHA-1
- D . TIGER
Correct Answer: B
B
Explanation:
MD5
https://en.wikipedia.org/wiki/MD5
The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database.
MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 1321
B
Explanation:
MD5
https://en.wikipedia.org/wiki/MD5
The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database.
MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 1321
Question #58
Which of the following is a protocol for exchanging keys?
- A . DH
- B . EC
- C . AES
- D . RSA
Correct Answer: A
A
Explanation:
DH
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
DiffieCHellman key exchange is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key.
A
Explanation:
DH
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
DiffieCHellman key exchange is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key.
Question #59
In 1977 researchers and MIT described what asymmetric algorithm?
- A . DH
- B . RSA
- C . AES
- D . EC
Correct Answer: B
B
Explanation:
RSA
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
RSA (RivestCShamirCAdleman) is a public-key cryptosystem that is widely used for secure data transmission. It is also one of the oldest. The acronym RSA comes from the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977.
B
Explanation:
RSA
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
RSA (RivestCShamirCAdleman) is a public-key cryptosystem that is widely used for secure data transmission. It is also one of the oldest. The acronym RSA comes from the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977.
Question #60
Which of the following is the successor of SSL?
- A . GRE
- B . RSA
- C . IPSec
- D . TLS
Correct Answer: D
D
Explanation:
TLS
https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development
TLS 1. 0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0, and written by Christopher Allen and Tim Dierks of Consensus Development. As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1. 0 and SSL 3.0". Tim Dierks later wrote that these changes, and the renaming from "SSL" to "TLS", were a face-saving gesture to Microsoft, "so it wouldn’t look [like] the IETF was just rubberstamping Netscape’s protocol".
D
Explanation:
TLS
https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development
TLS 1. 0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0, and written by Christopher Allen and Tim Dierks of Consensus Development. As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1. 0 and SSL 3.0". Tim Dierks later wrote that these changes, and the renaming from "SSL" to "TLS", were a face-saving gesture to Microsoft, "so it wouldn’t look [like] the IETF was just rubberstamping Netscape’s protocol".
Question #61
This is a 128 bit hash that is specified by RFC 132 1. It was designed by Ron Rivest in 1991 to replace an earlier hash function.
- A . SHA1
- B . SHA-256
- C . RSA
- D . MD5
Correct Answer: D
D
Explanation:
MD5
https://en.wikipedia.org/wiki/MD5
The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database.
MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 132 1.
D
Explanation:
MD5
https://en.wikipedia.org/wiki/MD5
The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database.
MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 132 1.
Question #62
The mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext.
- A . Cipher-block chaining (CBC)
- B . Electronic codebook (ECB)
- C . Output feedback (OFB)
- D . Cipher feedback (CFB)
Correct Answer: C
C
Explanation:
Output feedback (OFB)
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Output_feedback_(OFB) The output feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location. This property allows many error-correcting codes to function normally even when applied before encryption.
C
Explanation:
Output feedback (OFB)
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Output_feedback_(OFB) The output feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location. This property allows many error-correcting codes to function normally even when applied before encryption.
Question #63
John is responsible for VPNs at his company. He is using IPSec because it has two different modes. He can choose the mode appropriate for a given situation .
What are the two modes of IPSec? (Choose two)
- A . Encrypt mode
- B . Transport mode
- C . Tunnel mode
- D . Decrypt mode
Correct Answer: B,C
B,C
Explanation:
Correct answers: Transport mode and Tunnel mode https://en.wikipedia.org/wiki/IPsec#Modes_of_operation
The IPsec protocols AH and ESP can be implemented in a host-to-host transport mode, as well as in a network tunneling mode.
B,C
Explanation:
Correct answers: Transport mode and Tunnel mode https://en.wikipedia.org/wiki/IPsec#Modes_of_operation
The IPsec protocols AH and ESP can be implemented in a host-to-host transport mode, as well as in a network tunneling mode.
Question #64
A protocol for key aggreement based on Diffie-Hellman. Created in 1995. Incorporated into the public key standard IEEE P1363.
- A . Blum Blum Shub
- B . Elliptic Curve
- C . Menezes-Qu-Vanstone
- D . Euler’s totient
Correct Answer: C
C
Explanation:
Menezes-Qu-Vanstone
https://en.wikipedia.org/wiki/MQV
MQV (MenezesCQuCVanstone) is an authenticated protocol for key agreement based on the DiffieCHellman scheme. Like other authenticated DiffieCHellman schemes, MQV provides protection against an active attacker. The protocol can be modified to work in an arbitrary finite group, and, in particular, elliptic curve groups, where it is known as elliptic curve MQV (ECMQV).
MQV was initially proposed by Alfred Menezes, Minghua Qu and Scott Vanstone in 1995. It was modified with Law and Solinas in 1998.
C
Explanation:
Menezes-Qu-Vanstone
https://en.wikipedia.org/wiki/MQV
MQV (MenezesCQuCVanstone) is an authenticated protocol for key agreement based on the DiffieCHellman scheme. Like other authenticated DiffieCHellman schemes, MQV provides protection against an active attacker. The protocol can be modified to work in an arbitrary finite group, and, in particular, elliptic curve groups, where it is known as elliptic curve MQV (ECMQV).
MQV was initially proposed by Alfred Menezes, Minghua Qu and Scott Vanstone in 1995. It was modified with Law and Solinas in 1998.