Review Questions - SYS701 - 7 - Cryptography and the PKI

Questions and Answers

Mike is sending David an encrypted message using a symmetric encryption algorithm. What key should he use to encrypt the message?

• Mike's private key
• David's public key
• Shared secret key (correct)
• Mike's public key

Shahla recently discovered an attack where the attacker managed to force a network user to use weak encryption and was then able to decrypt that content. What term best describes this attack?

• Downgrade (correct)
• Collision
• Homomorphic encryption
• Birthday attack

Norm is using full-disk encryption technology to protect the contents of laptops against theft. What goal of cryptography is he attempting to achieve?

• Non-repudiation
• Authentication
• Confidentiality (correct)
• Integrity

Brian discovers that a user suspected of stealing sensitive information is posting many image files to a message board. What technique might the individual be using to hide sensitive information in those images?

Steganography (A)

Which one of the following statements about cryptographic keys is incorrect?

All cryptographic keys should be kept secret. (A)

What type of cipher operates on one character of text at a time?

Stream cipher (C)

Vince is choosing a symmetric encryption algorithm for use in his organization. He would like to choose the strongest algorithm from these choices. What algorithm should he choose?

AES (D)

Kevin is configuring a web server to use digital certificates. What technology can he use to allow clients to quickly verify the status of those certificates without contacting a remote server?

Certificate stapling (C)

Acme Widgets has 10 employees and they all need the ability to communicate with one another using a symmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?

10 (C)

Referring to the scenario in question 9, if Acme Widgets switched to an asymmetric encryption algorithm, how many keys would be required to add the 11th employee?

2 (B)

What type of digital certificate provides the greatest level of assurance that the certificate owner is who they claim to be?

EV (D)

Glenn recently obtained a wildcard certificate for *.mydomain.com. Which one of the following domains would not be covered by this certificate?

dev. www.mydomain.com (C)

Which one of the following servers is almost always an offline CA in a large PKI deployment?

Root CA (A)

Which one of the following certificate formats is closely associated with Windows binary certificate files?

PFX (C)

What type of security solution provides a hardware platform for the storage and management of encryption keys?

HSM (A)

What type of cryptographic attack attempts to force a user to reduce the level of encryption that they use to communicate with a remote server?

Downgrade (C)

David would like to send Mike a message using an asymmetric encryption algorithm. What key should he use to encrypt the message?

Mike's public key (C)

When Mike receives the message that David encrypted for him, what key should he use to decrypt the message?

Mike's private key (D)

If David wishes to digitally sign the message that he is sending Mike, what key would he use to create the digital signature?

David's private key (B)

When Mike receives the digitally signed message from David, what key should he use to verify the digital signature?

David's public key (A)

Flashcards

Shared Secret Key

A secret key used by both the sender and receiver to encrypt and decrypt messages.

Downgrade Attack

An attack forcing a user to use weak encryption to decrypt content.

Confidentiality

Protecting data from unauthorized disclosure.

Steganography

Hiding sensitive information inside other, non-suspicious files.

Stream Cipher

An encryption method that operates on one character at a time.

AES Encryption

Advanced Encryption Standard, a strong symmetric encryption algorithm.

Certificate Stapling

A technology allowing clients to quickly verify certificate status without contacting a remote server.

Symmetric Key Addition

Each additional employee requires keys to communicate with every other employee.

Asymmetric Key Addition

Adding an employee to an asymmetric system requires 2 keys: one public, one private.

EV Certificate

Provides the highest level of assurance about the certificate owner's identity.

Wildcard Certificate Limitations

A wildcard certificate does not cover sub-subdomains (e.g., dev.www.mydomain.com).

Root CA

Typically kept offline for security reasons, it's the top of the PKI hierarchy.

PFX Certificate

A certificate format often employed by Windows systems.

HSM

A hardware platform for storing and managing cryptographic keys.

Downgrade Attack

An attack that compels a user to use a lower encryption level.

Encrypt with Public Key

The sender encrypts a message with the recipient's public key.

Decrypt with Private Key

The recipient decrypts the message using their private key.

Sign with Private Key

The sender uses their private key to create a digital signature.

Verify with Public Key

The recipient employs the sender's public key to verify the digital signature.

Full-Disk Encryption

Protect sensitive information against theft.