Encryption and Authentication Quiz

Questions and Answers

What is authentication?

• The process of encrypting data with a randomly generated passcode
• The process of using two keys to encrypt and decrypt data
• The process of granting access to a user
• The process of determining if a claim is true using a secret or piece of evidence (correct)

What is public-key encryption?

• Encryption that is only used for cloud applications
• Encryption that is not recommended for securing data transmissions
• Encryption that uses a single key to encrypt and decrypt data
• Encryption that uses two keys to encrypt and decrypt data (correct)

What is SSL/TLS?

• A type of encryption that uses a single key to encrypt and decrypt data
• A type of encryption that uses two keys to encrypt and decrypt data
• A type of encryption that is not recommended for securing data transmissions
• A trustworthy certificate authority that verifies each party and manages encryption key (correct)

Flashcards are hidden until you start studying

Study Notes

Understanding Encryption and Authentication for Securing Data Transmissions

• Encryption protects data by scrambling it with a randomly generated passcode, called an encryption key.
• Authentication is the process of determining if a claim is true using a secret or piece of evidence called a “factor”.
• Authentication is followed by authorization, which grants access to the user.
• Multiple factors can be used to make it harder for a bad actor to gain access, such as two-factor authentication.
• In cloud applications, public-key encryption is used, which uses two keys: one to encrypt the data and one to decrypt it.
• Public keys are often publicly available, but private keys must be kept secret.
• Attackers can steal private keys or trick the sender into using the wrong public key with a Man-in-the-Middle attack.
• Encryption authentication prevents attacks with digital signatures unique to each party.
• SSL/TLS uses a trustworthy Certificate Authority (CA) to verify each party and handle encryption key management automatically.
• Anyone moving data through a network should use secure, authenticated, and industry-accepted encryption mechanisms.
• Sensitive data should be encrypted when transmitted across networks to protect against eavesdropping by unauthorized users.
• Recommendations for strategies to encrypt and authenticate users include web traffic over SSL, email encryption with PGP or S/MIME, and application or network level encryption for non-web traffic.