8-Cryptography

Multiple ChoiceIdentify the choice that best completes the statement or answers the question.

 1.What is called a mathematical encryption operations that cannot be reversed?a. One-way hash c. Transpositionb. DES d. Substitution

ANSWER:A

POINTS: 0 / 1

 2.FIPS-140 is a standard for the security of which of the following?a. Cryptographic service providersb. Smartcardsc. Hardware and software cryptographic modulesd. Hardware security modules

ANSWER:C

POINTS: 0 / 1

 3.Which of the following threats is not addressed by digital signature and token technologies?a. spoofing c. password compromiseb. replay attacks d. denial-of-service

ANSWER:D

POINTS: 0 / 1

 4.Which of the following is NOT a property of a one-way hash function?a. It converts a message of a fixed length into a message digest of arbitrary

length.b. It is computationally infeasible to construct two different messages with

the same digest.c. It converts a message of arbitrary length into a message digest of a fixed

length.d. Given a digest value, it is computationally infeasible to find the

corresponding message.

ANSWER:A

POINTS: 0 / 1

 5.Microsoft and Netscape offer two version of Web browser, export and domestic. Which of the following differentiates the versions?a. The browser for domestic market uses 40-bit encryption and the browser

for international market uses 128-bit encryption.b. The browser for domestic market uses 128-bit encryption and the browser

for international market uses 64-bit encryption.c. The browser for domestic market uses 128-bit encryption and the browser

for international market uses 40-bit encryption.d. The browser for domestic market uses 64-bit encryption and the browser

for international market uses 96-bit encryption.

ANSWER:C

POINTS: 0 / 1

 6.Which of the following was developed in 1997 as a means of preventing fraud from occurring during electronic payments?a. Secure Electronic Transaction (SET)b. MONDEXc. Secure Shell (SSH-2)d. Secure Hypertext Transfer Protocol (S-HTTP)

ANSWER:A

POINTS: 0 / 1

 7.What level of assurance for a digital certificate only requires an e-mail address?a. Level 0 c. Level 2b. Level 1 d. Level 3

ANSWER:B

POINTS: 0 / 1

 8.A code, as is pertains to cryptography:a. Is a generic term for encryption. c. Deals with linguistic units.b. Is specific to substitution ciphers. d. Is specific to transposition ciphers.

ANSWER:C

POINTS: 0 / 1

 9."Strong" encryption means which of the following?a. using 16 or more rounds. c. a 64-bit or longer key.b. using 64 or more rounds. d. a 128-bit or longer key.

ANSWER:D

POINTS: 0 / 1

 10.Which of the following is not an example of a block cipher?a. Skipjack c. Blowfishb. IDEA d. RC4

ANSWER:D

POINTS: 0 / 1

 11.Which of the following statements is true about data encryption as a method of protecting data?a. It should sometimes be used for password files.b. It is usually easily administered.c. It makes few demands on system resources.d. It requires careful key management.

ANSWER:D

POINTS: 0 / 1

 12.Cryptography does not concern itself with:a. Availability c. Confidentialityb. Integrity d. Authenticity

ANSWER:A

POINTS: 0 / 1

 13.Which of the following can best be defined as a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that that only certain third parties can perform the decryption operation to retrieve the stored key?a. Key escrow c. Key encapsulationb. Fair cryptography d. Zero-knowledge recovery

ANSWER:C

POINTS: 0 / 1

 14.What is the maximum number of different keys that can be used when encrypting with Triple DES?a. 1 c. 3b. 2 d. 4

ANSWER:C

POINTS: 0 / 1

 15.What is NOT true about a one-way hashing function?a. It provides authentication of the messageb. It is never performed in reversec. The results of a one-way hash is a message digestd. It provides integrity of the message

ANSWER:A

POINTS: 0 / 1

 16.Which of the following services is not provided by the digital signature standard (DSS)?a. Encryption c. Digital signatureb. Integrity d. Authentication

ANSWER:A

POINTS: 0 / 1

 17.Which of the following is the most secure form of triple-DES encryption?a. DES-EDE3 c. DES-EEE4b. DES-EDE1 d. DES-EDE2

ANSWER:A

POINTS: 0 / 1

 18.What algorithm was DES derived from?a. Twofish c. Brooks-Aldemanb. Skipjack d. Lucifer

ANSWER:D

POINTS: 0 / 1

 19.In what way does the Rivest-Shamir-Adleman algorithm differ from the Data Encryption Standard?a. It is based on a symmetric algorithm.b. It uses a public key for encryption.c. It eliminates the need for a key-distribution center.d. It cannot produce a digital signature.

ANSWER:B

POINTS: 0 / 1

 20.What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database?a. Level 1 c. Level 3b. Level 2 d. Level 4

ANSWER:B

POINTS: 0 / 1

 21.Which of the following algorithms is a stream cipher?a. RC2 c. RC5b. RC4 d. RC6

ANSWER:B

POINTS: 0 / 1

 22.A one-way hash provides which of the following?a. Confidentiality c. Integrityb. Availability d. Authentication

ANSWER:C

POINTS: 0 / 1

 23.Which of the following is NOT a mode of the Data Encryption Standard (DES)?a. Electronic Code Book (ECB) c. Substitutionb. Cipher Block Chaining (CBC) d. Output Feedback (OFB)

ANSWER:C

POINTS: 0 / 1

 24.Which protocol makes use of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?a. SSH c. SETb. S/MIME d. SSL

ANSWER:C

POINTS: 0 / 1

 25.Kerberos depends upon what encryption method?a. Public Key cryptography c. El Gamal cryptographyb. Secret Key cryptography d. Blowfish cryptography

ANSWER:B

POINTS: 0 / 1

 26.The RSA Algorithm uses which mathematical concept as the basis of its encryption?a. Geometry c. PI (3.14159...)b. Irrational numbers d. Large prime numbers

ANSWER:D

POINTS: 0 / 1

 27.What is the result of a hash algorithm being applied to a message ?a. A digital signature c. A message digestb. A ciphertext d. A plaintext

ANSWER:C

POINTS: 0 / 1

 28.PGP uses which of the following to encrypt data?a. An asymmetric scheme c. A symmetric key distribution

systemb. A symmetric scheme d. An asymmetric key distribution

ANSWER:B

POINTS: 0 / 1

 29.PKI is:a. An infrastructure for handling escrowed keys.b. More cheap to be built in-house that use 3rd-party certificates.c. responsible for: issuing, locating, trusting, renewing, revocating

certificates.d. Private Key Infrastructure.

ANSWER:C

POINTS: 0 / 1

 30.Which of the following is not related to a Public key infrastructure (PKI)?a. A Certificate authority c. A Registration authority

b. A Ticket Granting Service d. A X.509 certificate

ANSWER:B

POINTS: 0 / 1

 31.Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs?a. A known-plaintext attack c. A chosen-ciphertext attackb. A known-algorithm attack d. A chosen-plaintext attack

ANSWER:A

POINTS: 0 / 1

 32.Which of the following statements pertaining to link encryption is false?a. It encrypts all the data along a specific communication path.b. It provides protection against packet sniffers and eavesdroppers.c. Information stays encrypted from one end of its journey to the other.d. User information, header, trailers, addresses and routing data that are part

of the packets are encrypted.

ANSWER:C

POINTS: 0 / 1

 33.Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?a. Diffie-Hellman Key Exchange Protocolb. Internet Security Association and Key Management Protocol (ISAKMP)c. Simple Key-management for Internet Protocols (SKIP)d. OAKLEY

ANSWER:D

POINTS: 0 / 1

 34.What does the directive of the European Union on Electronic Signatures deal with?a. Encryption of classified data c. Non repudiationb. Encryption of secret data d. Authentication of web servers

ANSWER:C

POINTS: 0 / 1

 35.What algorithm has been selected as the AES algorithm, replacing the DES algorithm?a. RC6 c. Rijndaelb. Twofish d. Blowfish

ANSWER:C

POINTS: 0 / 1

 36.In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?a. Both client and server c. The web serverb. The client's browser d. The merchant's Certificate Server

ANSWER:B

POINTS: 0 / 1

 37.Which of the following ciphers is a subset of the Vignere polyalphabetic cipher?a. Caesar c. Albertib. Jefferson d. SIGABA

ANSWER:A

POINTS: 0 / 1

 38.What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire?a. Certificate revocation list c. Authority revocation listb. Certificate revocation tree d. Untrusted certificate list

ANSWER:C

POINTS: 0 / 1

 39.Cryptography does not help in:a. Detecting fraudulent insertion. c. Detecting fraudulent modification.b. Detecting fraudulent deletion. d. Detecting fraudulent disclosure.

ANSWER:D

POINTS: 0 / 1

 40.What are the three most important functions that Digital Signatures perform?a. Integrity, Confidentiality and Authorization

b. Integrity, Authentication and Nonrepudiationc. Authorization, Authentication and Nonrepudiationd. Authorization, Detection and Accountability

ANSWER:B

POINTS: 0 / 1

 41.Secure Sockets Layer (SSL) provides security services at which layer of the OSI model?a. Network Layer c. Session Layerb. Transport Layer d. Application Layer

ANSWER:B

POINTS: 0 / 1

 42.Which of the following encryption methods is unbreakable?a. Symmetric ciphers c. One-time padsb. DES codebooks d. Elliptic-curve cryptography

ANSWER:C

POINTS: 0 / 1

 43.Which type of attack is most commonly associated with public key cryptosystems?a. Chosen-Ciphertext c. Chosen-Plaintextb. Ciphertext-only d. Adaptive-Chosen-Chipertext

ANSWER:A

POINTS: 0 / 1

 44.Which of the following statements related to a private key cryptosystem is FALSE?a. The encryption key should be secure.b. Data Encryption Standard (DES) is a typical private key cryptosystem.c. The key used for decryption is known to the senderd. Two different keys are used for the encryption and decryption.

ANSWER:D

POINTS: 0 / 1

 45.To comply with the Internet Engineering Task Force (IETF) standard for the IP Security (IPSEC) Protocol, which key-exchange method must be used?a. Internet Key Exchange (IKE)

b. Internet Security Association and Key Management Protocol (ISAKMP)c. Diffie-Hellmand. none of the above

ANSWER:D

POINTS: 0 / 1

 46.Which of the following are suitable protocols for securing VPN connections?a. S/MIME and SSH c. IPsec and L2TPb. TLS and SSL d. PKCS#10 and X.509

ANSWER:C

POINTS: 0 / 1

 47.Why is public key cryptography recommended for use in the process of securing facsimiles during transmission?a. Keys are never transmitted over the network.b. Data compression decreases key change frequency.c. Key data is not recognizable from facsimile data.d. The key is securely passed to the receiving machine.

ANSWER:D

POINTS: 0 / 1

 48.Which of the following would best define a digital envelope?a. A message that is encrypted and signed with a digital certificate.b. A message that is signed with a secret key and encrypted with the sender's

private key.c. A message that is encrypted with a secret key and accompanied with that

key, encrypted with a public key.d. A message that is encrypted with the recipient's public key and signed with

the sender's private key.

ANSWER:C

POINTS: 0 / 1

 49.Secure Sockets Layer (SSL) also uses a Message Authentication Code for:a. message non-repudiation. c. message interleave checking.b. message confidentiality. d. message integrity.

ANSWER:D

POINTS: 0 / 1

 50.Which of the following is more suitable for a hardware implementation?a. Stream ciphers c. Cipher block chainingb. Block ciphers d. Electronic code book

ANSWER:A

POINTS: 0 / 1

 51.Electronic signatures can prevent messages from being:a. Erased c. Repudiatedb. Disclosed d. Forwarded

ANSWER:C

POINTS: 0 / 1

 52.The Diffie-Hellman algorithm is primarily used to provide which of the following?a. Confidentiality c. Integrityb. Key exchange d. Non-repudiation

ANSWER:B

POINTS: 0 / 1

 53.Which of the following encryption algorithms does not deal with discrete logarithms?a. El Gamal c. RSAb. Diffie-Hellman d. Elliptic Curve

ANSWER:C

POINTS: 0 / 1

 54.Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?a. Differential cryptanalysis c. Birthday attackb. Differential linear cryptanalysis d. Statistical attack

ANSWER:C

POINTS: 0 / 1

 55.Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use a hybrid encryption technique. What does this mean?

a. Use of public key encryption to secure a secret key, and message encryption using the secret key.

b. Use of the recipient's public key for encryption and decryption based on the recipient's private key.

c. Use of software encryption assisted by a hardware encryption accelerator.d. Use of elliptic curve encryption.

ANSWER:A

POINTS: 0 / 1

 56.The Secure Hash Algorithm (SHA-1) creates:a. a fixed length message digest from a fixed length input messageb. a variable length message digest from a variable length input messagec. a fixed length message digest from a variable length input messaged. a variable length message digest from a fixed length input message

ANSWER:C

POINTS: 0 / 1

 57.Which of the following is not a DES mode of operation?a. Cipher block chaining c. Input feedbackb. Electronic code book d. Cipher feedback

ANSWER:C

POINTS: 0 / 1

 58.Which DES mode of operation is best suited for database encryption?a. Cipher Block Chaining (CBC) modeb. Cycling Redundancy Checking (CRC) modec. Electronic Code Book (ECB) moded. Cipher Feedback (CFB) mode

ANSWER:C

POINTS: 0 / 1

 59.Which of the following keys has the shortest lifespan?a. Secret key c. Session keyb. Public key d. Private key

ANSWER:C

POINTS: 0 / 1

 60.Which of the following statements pertaining to message digests is incorrect?a. The original file cannot be created from the message digest.b. Two files should not have the same message digest.c. The message digest should be calculated using at least 128 bytes of the file.d. Messages digests are usually of fixed size.

ANSWER:C

POINTS: 0 / 1

 61.Which of the following is not an encryption algorithm?a. Skipjack c. Twofishb. SHA-1 d. DEA

ANSWER:B

POINTS: 0 / 1

 62.Which of the following standards concerns digital certificates?a. X.400 c. X.509b. X.25 d. X.75

ANSWER:C

POINTS: 0 / 1

 63.What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?a. Key collision c. Hashingb. Key clustering d. Ciphertext collision

ANSWER:B

POINTS: 0 / 1

 64.What can be defined as secret communications where the very existence of the message is hidden?a. Clustering c. Cryptologyb. Steganography d. Vernam cipher

ANSWER:B

POINTS: 0 / 1

 65.What type of attack against confidentiality uses algorithm and algebraic manipulation weaknesses to reduce complexity?a. Brute force c. Analytic

b. Statistical d. Codebook

ANSWER:C

POINTS: 0 / 1

 66.What is the maximum key size for the RC5 algorithm?a. 128 bits c. 1024 bitsb. 256 bits d. 2040 bits

ANSWER:D

POINTS: 0 / 1

 67.Which of the following is not defined within the Wireless Application Protocol (WAP) protocol stack?a. Wireless Data Link Protocol

(WDLP)c. Wireless Session Protocol (WSP)

b. Wireless Transaction Protocol (WTP)

d. Wireless Datagram Protocol (WDP)

ANSWER:A

POINTS: 0 / 1

 68.What encryption algorithm is best suited for communication with handheld wireless devices?a. ECC c. SHAb. RSA d. RC4

ANSWER:A

POINTS: 0 / 1

 69.Which of the following elements is not included in a Public Key Infrastructure (PKI)?a. Timestampingb. Lightweight Directory Access Protocol (LDAP)c. Certificate revocationd. Interne      t Key Exchange (IKE)

ANSWER:D

POINTS: 0 / 1

 70.What kind of certificate is used for user authentication?a. Public key certificate c. Root certificate

b. Attribute certificate d. Codesigning certificate

ANSWER:A

POINTS: 0 / 1

 71.Which DES modes can best be used for authentication?a. Cipher Block Chaining and Electronic Code Bookb. Cipher Block Chaining and Output Feedbackc. Cipher Block Chaining and Cipher Feedbackd. Output Feedback and Electronic Code Book

ANSWER:C

POINTS: 0 / 1

 72.SSL (Secure Sockets Layer) has two possible 'session key' lengths, what are they?a. 40 bit & 64 bit c. 64 bit & 128 bitb. 40 bit & 128 bit d. 128 bit & 256 bit

ANSWER:B

POINTS: 0 / 1

 73.Simple Key Management for Internet Protocols (SKIP) is similar to Secure Sockets Layer (SSL), except that it requires no prior communication in order to establish or exchange keys on a session-by-session basis. Therefore, no connection setup overhead exists and new keys values:a. are continually generated. c. are not continually granted.b. are not continually generated. d. are continually granted.

ANSWER:B

POINTS: 0 / 1

 74.Which of the following statements is true about data encryption as a method of protecting data?a. It verifies the accuracy of the data.b. It is usually easily administered.c. It requires careful key management.d. It makes few demands on system resources.

ANSWER:C

POINTS: 0 / 1

 75.Which of the following is best defined as a cryptographic key that is used to encipher application data?a. Key-encrypting key c. Cryptographic tokenb. Secret key d. Data encryption key

ANSWER:D

POINTS: 0 / 1

 76.What principle involves encryption keys being separated into two components, each of which does not reveal the other?a. Dual control c. Split knowledgeb. Separation of duties d. Need to know

ANSWER:C

POINTS: 0 / 1

 77.Which of the following concerning the Rijndael block cipher algorithm is false?a. The design of Rijndael was strongly influenced by the design of the block

cipher Square.b. A total of nine combinations of key length and block length are possiblec. Both block and key length can be extended to multiples of 64 bits.d. The cipher has a variable block length and key length.

ANSWER:C

POINTS: 0 / 1

 78.What is the role of IKE within the IPsec protocol?a. peer authentication and key

exchangec. data signature

b. data encryption d. enforcing quality of service

ANSWER:A

POINTS: 0 / 1

 79.Which of the following statements pertaining to PPTP (Point-to-Point Tunnelling Protocol) is incorrect?a. PPTP is able to handle protocols other than IP.b. PPTP does not provide strong encryption.c. PPTP does not support any token-based authentication method for users.d. PPTP is derived from L2TP.

ANSWER:D

POINTS: 0 / 1

 80.Public Key Infrastructure (PKI) is the use of asymmetric key encryption between parties in which the originator encrypts information using the intended recipient's "public" key. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology assumes that:a. The sender and recipient have reached a mutual agreement on the

encryption key exchange that they will use.b. The channels through which the information flows are secure.c. The recipient's identity can be positively assured to the sender.d. The sender of the message is the only other person with access to the

recipient's private key.

ANSWER:C

POINTS: 0 / 1

 81.What are two types of ciphers?a. Transposition and Permutation c. Transposition and Substitutionb. Transposition and Shift d. Substitution and Replacement

ANSWER:C

POINTS: 0 / 1

 82.Which of the following does not concern itself with key management?a. ISAKMP c. Cryptologyb. Diffie-Hellman d. KEA

ANSWER:C

POINTS: 0 / 1

 83.Which of the following is best provided by symmetric cryptography?a. Confidentiality c. Availabilityb. Integrity d. Non-repudiation

ANSWER:A

POINTS: 0 / 1

 84.How long is a DES key sequence?a. 6 bytes c. 56-bitsb. 8 bytes d. 128-bits

ANSWER:B

POINTS: 0 / 1

 85.Which of the following is true about digital certificate?a. same as digital signatureb. electrical credential proving that the certificate holder is who they said they

arec. You can only get digital certificate from Verisign, RSA.d. Can't contain geography data.

ANSWER:B

POINTS: 0 / 1

 86.Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext corresponding to the ciphertext?a. known plaintext c. ciphertext onlyb. brute force d. chosen plaintext

ANSWER:A

POINTS: 0 / 1

 87.How many rounds are used by DES?a. 16 c. 64b. 32 d. 48

ANSWER:A

POINTS: 0 / 1

 88.Virus scanning and content filtering of encrypted e-mail is:a. not possibleb. is only possible with key recovery scheme of all user keysc. is possible with several key management methodsd. is possible only by "brute force"-decryption

ANSWER:C

POINTS: 0 / 1

 89.What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity?a. A digital envelope c. A Message Authentication Codeb. A cryptographic hash d. A digital signature

ANSWER:D

POINTS: 0 / 1

 90.Which of the following offers security to wireless communications?a. S-WAP c. WSPb. WTLS d. WDP

ANSWER:B

POINTS: 0 / 1

 91.Which of the following algorithms is used today for encryption in PGP?a. RSA c. Blowfishb. IDEA d. RC5

ANSWER:B

POINTS: 0 / 1

 92.Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT)?a. Secure Electronic Transaction

(SET)c. Cyclic Redundancy Check (CRC)

b. Message Authentication Code (MAC)

d. Secure Hash Standard (SHS)

ANSWER:B

POINTS: 0 / 1

 93.Which of the following techniques is used in the encryption of data between a web browser and server?a. SSL c. IPSecb. PGP d. Kerberos

ANSWER:A

POINTS: 0 / 1

 94.Compared to RSA, which of the following is true of elliptic curve cryptography?a. It has been mathematically proved to be more secure.b. It has been mathematically proved to be less secure.c. It is believed to require longer key for equivalent security.d. It is believed to require shorter keys for equivalent security.

ANSWER:D

POINTS: 0 / 1

 95.Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations?a. IPsec Key exchangeb. Security Association Authentication Protocolc. Simple Key-management for Internet Protocolsd. Key Exchange Algorithm

ANSWER:A

POINTS: 0 / 1

 96.There are parallels between the trust models in Kerberos and in PKI. When we compare them side by side, Kerberos tickets correspond most closely to which of the following?a. public keys c. public-key certificatesb. private keys d. private-key certificates

ANSWER:C

POINTS: 0 / 1

 97.Which of the following statements pertaining to block ciphers is incorrect?a. It operates on fixed-size blocks of plaintext.b. It is more suitable for software than hardware implementations.c. Plain text is encrypted with a public key and decrypted with a private key.d. Block ciphers can be operated as a stream.

ANSWER:C

POINTS: 0 / 1

 98.What enables users to validate each other's certificate when they are certified under different certification hierarchies?a. Cross-certification c. Redundant certification authoritiesb. Multiple certificates d. Root certification authorities

ANSWER:A

POINTS: 0 / 1

 99.What kind of encryption is realized in the S/MIME-standard?a. Asymmetric encryption schemeb. Password based encryption schemec. Public key based, hybrid encryption schemed. Elliptic curve based encryption

ANSWER:C

POINTS: 0 / 1

 100.Which of the following statements pertaining to Secure Sockets Layer (SSL) is false?a. The SSL protocol was developed by Netscape to secure Internet client-

server transactions.b. The SSL protocol's primary use is to authenticate the client to the server

using public key cryptography and digital certificates.c. Web pages using the SSL protocol start with HTTPS.d. SSL can be used with applications such as Telnet, FTP and email

protocols.

ANSWER:D

POINTS: 0 / 1

 101.Which of the following would best describe a Concealment cipher?a. Permutation is used, meaning that letters are scrambled.b. Every X number of words within a text, is a part of the real message.c. Replaces bits, characters, or blocks of characters with different bits,

characters or blocks.d. Hiding data in another message so that the very existence of the data is

concealed.

ANSWER:B

POINTS: 0 / 1

 102.Which of the following is *NOT* an asymmetric key algorithm?a. RSA c. El Gamalb. Elliptic Curve Cryptosystem (ECC) d. Data Encryption System (DES)

ANSWER:D

POINTS: 0 / 1

 103.Which of the following would best describe certificate path validation?a. verification of the validity of all certificates of the certificate chain till the

root certificate

b. verification of the integrity of the associated root certificatec. verification of the integrity of the concerned private keyd. verification of the revocation status of the concerned certificate

ANSWER:A

POINTS: 0 / 1

 104.A public key algorithm that does both encryption and digital signature is which of the following?a. RSA c. IDEAb. DES d. DSS

ANSWER:A

POINTS: 0 / 1

 105.Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard?a. Twofish c. RC6b. Serpent d. Rijndael

ANSWER:D

POINTS: 0 / 1

 106.How many bits is the effective length of the key of the Data Encryption Standard algorithm?a. 16 c. 56b. 32 d. 64

ANSWER:C

POINTS: 0 / 1

 107.What is the primary role of smartcards in a PKI?a. Transparent renewal of user keysb. Easy distribution of the certificates between the usersc. Fast hardware encryption of the raw datad. Tamperproof, mobile storage and application of private keys of the users

ANSWER:D

POINTS: 0 / 1

 108.What is the main problem of the renewal of a root CA certificate?a. The required key recovery of all end user keys

b. The authentic distribution of the new root CA certificate to all PKI participants

c. The collection of the old root CA certificates from the usersd. The issuance of the new root CA certificate

ANSWER:B

POINTS: 0 / 1

 109.Which of the following protects Kerberos against replay attacks?a. Tokens c. Cryptographyb. Passwords d. Time stamps

ANSWER:D

POINTS: 0 / 1

 110.What is a characteristic of using the Electronic Code Book mode of DES encryption?a. A given block of plaintext and a given key will always produce the same

ciphertext.b. Repetitive encryption obscures any repeated patterns that may have been

present in the plaintext.c. Individual characters are encoded by combining output from earlier

encryption routines with plaintext.d. The previous DES output is used as input.

ANSWER:A

POINTS: 0 / 1

 111.Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism?a. OAKLEYb. Internet Security Association and Key Management Protocol (ISAKMP)c. Simple Key-management for Internet Protocols (SKIP)d. IPsec Key exchange (IKE)

ANSWER:B

POINTS: 0 / 1

 112.What is called the substitution cipher that shifts the alphabet by 13 places?a. Cesar cipher c. ROT13 cipher

b. Polyalphabetic cipher d. Transposition cipher

ANSWER:C

POINTS: 0 / 1

 113.Simple Key Management for Internet Protocols (SKIP) is similar to Secure Sockets Layer (SSL), except that it requires no prior communication in order to establish or exchange keys on a:a. Secure Private keyring basis. c. Remote Server basis.b. Response-by-session basis. d. Session-by-session basis.

ANSWER:D

POINTS: 0 / 1

 114.Which of the following binds a subject name to a public key value?a. A public-key certificate c. A Certificate Authorityb. A public key infrastructure d. A private key

ANSWER:A

POINTS: 0 / 1

 115.Which of the following best provides e-mail message authenticity and confidentiality?a. Signing the message using the sender's public key and encrypting the

message using the receiver's private keyb. Signing the message using the sender's private key and encrypting the

message using the receiver's public keyc. Signing the message using the receiver's private key and encrypting the

message using the sender's public keyd. Signing the message using the receiver's public key and encrypting the

message using the sender's private key

ANSWER:B

POINTS: 0 / 1

 116.Which of the following features of stream ciphers is incorrect?a. Offers long periods with no

repeating.c. Statistically unpredictable.

b. Functionally simple. d. Statistically unbiased keystream.

ANSWER:B

POINTS: 0 / 1

 117.In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process?a. Known-plaintext attack c. Chosen-Ciphertext attackb. Ciphertext-only attack d. Known-Ciphertext attack

ANSWER:B

POINTS: 0 / 1

 118.Which of the following asymmetric encryption algorithms is based on the difficulty of factoring large numbers?a. El Gamalb. Elliptic Curve Cryptosystems (ECCs)c. RSAd. International Data Encryption Algorithm (IDEA)

ANSWER:C

POINTS: 0 / 1

 119.The primary purpose for using one-way encryption of user passwords within a system is which of the following?a. It prevents an unauthorized person from trying multiple passwords in one

logon attempt.b. It prevents an unauthorized person from reading or modifying the password

list.c. It minimizes the amount of storage required for user passwords.d. It minimizes the amount of processing time used for encrypting passwords.

ANSWER:B

POINTS: 0 / 1

 120.Which of the following mail standards relies on a "Web of Trust"?a. Secure Multipurpose Internet Mail Extensions (S/MIME)b. Pretty Good Privacy (PGP)c. MIME Object Security Services (MOSS)d. Privacy Enhanced Mail (PEM)

ANSWER:B

POINTS: 0 / 1

 121.Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP

packets?a. Internet Security Association and Key Management Protocol (ISAKMP)b. Simple Key-management for Internet Protocols (SKIP)c. Diffie-Hellman Key Distribution Protocold. IPsec Key exchange (IKE)

ANSWER:B

POINTS: 0 / 1

 122.What is NOT true with pre shared key authentication within IKE / IPsec protocol?a. pre shared key authentication is normally based on simple passwordsb. needs a PKI to workc. Only one preshared key for all VPN connections is neededd. Costly key management on large user groups

ANSWER:B

POINTS: 0 / 1

 123.Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?a. Steganography c. Digital envelopingb. Digital watermarking d. Digital signature

ANSWER:B

POINTS: 0 / 1

 124.Which of the following statements pertaining to stream ciphers is correct?a. A stream cipher is a type of asymmetric encryption algorithm.b. A stream cipher generates what is called a keystream.c. A stream cipher is slower than a block cipher.d. A stream cipher is not appropriate for hardware-based encryption.

ANSWER:B

POINTS: 0 / 1

 125.The Diffie-Hellman algorithm is used for:a. Encryption c. Key exchangeb. Digital signature d. Non-repudiation

ANSWER:C

POINTS: 0 / 1

 126.Which of the following is not a known type of Message Authentication Code (MAC)?a. Hash function-based MAC c. Signature-based MACb. Block cipher-based MAC d. Stream cipher-based MAC

ANSWER:C

POINTS: 0 / 1

 127.Which of the following is not a weakness of symmetric cryptography?a. Limited security c. Speedb. Key distribution d. Scalability

ANSWER:C

POINTS: 0 / 1

 128.What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?a. A public-key certificate c. A digital certificateb. An attribute certificate d. A descriptive certificate

ANSWER:B

POINTS: 0 / 1

 129.What is the primary role of a PKI within the application domain?a. Key management of private and public keysb. Distribution of public keys to the usersc. Issuance of attribute certificatesd. Key exchange between peers

ANSWER:A

POINTS: 0 / 1

 130.What is the length of an MD5 message digest?a. 128 bits c. 256 bitsb. 160 bits d. varies depending upon the input

ANSWER:A

POINTS: 0 / 1

 131.A message is said to be digitally signed if sent with which of following?a. Message Digestb. Message Digest Encrypted with Sender's Public Keyc. Message Digest Encrypted with Sender's Private Keyd. Message and Sender's Digital Certificate

ANSWER:C

POINTS: 0 / 1

 132.What is the key size of the International Data Encryption Algorithm (IDEA)?a. 64 bits c. 160 bitsb. 128 bits d. 192 bits

ANSWER:B

POINTS: 0 / 1

 133.What is a valid PKCS-standard?a. PKCS 17799 for security managementb. PKCS for root CA certificate rollover schemec. PKCS#1 for RSA encryptiond. PKCS#11 for cryptographic certificate exchange

ANSWER:C

POINTS: 0 / 1

 134.Which of the following is true about Kerberos?a. It utilizes public key cryptography.b. It encrypts data after a ticket is granted, but passwords are exchanged in

plain text.c. It depends upon symmetric ciphers.d. It is a second party authentication system.

ANSWER:C

POINTS: 0 / 1

 135.In a known plaintext attack, the cryptanalyst has knowledge of which of the following?a. the ciphertext and the keyb. the plaintext and the secret keyc. both the plaintext and the associated ciphertext of several messagesd. the plaintext and the algorithm

ANSWER:C

POINTS: 0 / 1

 136.What is called the standard format that was established to set up and manage Security Associations (SA) on the Internet in IPSec?a. Internet Key Exchangeb. Secure Key Exchange Mechanismc. Oakleyd. Internet Security Association and Key Management Protocol

ANSWER:D

POINTS: 0 / 1

 137.What is NOT an authentication method within IKE and IPsec?a. CHAP c. Certificate based authenticationb. Pre shared key d. Public key authentication

ANSWER:A

POINTS: 0 / 1

 138.Why does a digital signature contain a message digest?a. To detect any alteration of the

messagec. To confirm the identity of the

senderb. To indicate the encryption

algorithmd. To enable transmission in a digital

format

ANSWER:A

POINTS: 0 / 1

 139.What is used to bind a document to its creation at a particular time?a. Network Time Protocol (NTP) c. Digital Timestampb. Digital Signature d. Certification Authority (CA)

ANSWER:C

POINTS: 0 / 1

 140.Which of the following is not a property of the Rijndael block cipher algorithm?a. Resistance against all known attacksb. Design simplicityc. 512 bits maximum key sized. Code compactness on a wide variety of platforms

ANSWER:C

POINTS: 0 / 1

 141.Which of the following is less likely to be used in creating a Virtual Private Network?a. L2TP c. IPSecb. PPTP d. L2F

ANSWER:D

POINTS: 0 / 1

 142.In a Public Key Infrastructure, how are public keys published?a. They are sent via e-mail. c. They are sent by owners.b. Through digital certificates. d. They are not published.

ANSWER:B

POINTS: 0 / 1

 143.In which phase of IKE protocol (IPsec) is peer authentication performed?a. Pre Initialization Phase c. Phase 2b. Phase 1 d. No peer authentication performed

ANSWER:B

POINTS: 0 / 1

 144.What uses a key of the same length as the message?a. Running key cipher c. Steganographyb. One-time pad d. Cipher block chaining

ANSWER:B

POINTS: 0 / 1

 145.What is the primary role of cross certification?a. Creating trust between different PKIsb. Build an overall PKI hierarchyc. set up direct trust to a second root CAd. Prevent the nullification of user certificates by CA certificate revocation

ANSWER:A

POINTS: 0 / 1

 146.Which of the following is NOT true of SSL?a. By convention it uses 's-http://' instead of 'http://'.b. It stands for Secure Sockets Layer.c. It was developed by Netscape.d. It is used for transmitting private documents over the Internet.

ANSWER:A

POINTS: 0 / 1

 147.Who vouches for the binding between the data items in a digital certificate?a. Registration authority c. Issuing authorityb. Certification authority d. Vouching authority

ANSWER:B

POINTS: 0 / 1

 148.Which of the following protocols provides non-repudiation in IPSec?a. Authentication Header (AH) c. Secure       Sockets Layer (SSL)b. Encapsulating Security Payload

(ESP)d. Secure Shell (SSH-2)

ANSWER:A

POINTS: 0 / 1

 149.Which of the following is *NOT* a symmetric key algorithm?a. Blowfish c. Triple DES (3DES)b. Digital Signature Standard (DSS) d. RC5

ANSWER:B

POINTS: 0 / 1

 150.The Data Encryption Algorithm performs how many rounds of substitution and permutation?a. 4 c. 54b. 16 d. 64

ANSWER:B

POINTS: 0 / 1

 151.Which is NOT a suitable method for distributing certificate revocation information?a. CA revocation mailing list c. OCSP (online certificate status

protocol)b. Delta CRL d. Distribution point CRL

ANSWER:A

POINTS: 0 / 1

 152.Which of the following is best at defeating frequency analysis?a. Substitution cipher c. Transposition cipherb. Polyalphabetic cipher d. Steganography

ANSWER:B

POINTS: 0 / 1

 153.In a Public Key Infrastructure (PKI) context, which of the following is a primary concern with LDAP servers?a. Availability c. Confidentialityb. Accountability d. Flexibility

ANSWER:A

POINTS: 0 / 1

 154.Which of the following offers confidentiality to an e-mail message?a. The sender encrypting it with its private key.b. The sender encrypting it with its public key.c. The sender encrypting it with the receiver's public key.d. The sender encrypting it with the receiver's private key.

ANSWER:C

POINTS: 0 / 1

 155.Which of the following statements is most accurate of digital signature?a. It is a method used to encrypt confidential data.b. It is the art of transferring handwritten signature to electronic media.c. It allows the recipient of data to prove the source and integrity of data.d. It can be used as a signature system and a cryptosystem.

ANSWER:C

POINTS: 0 / 1

 156.Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network?a. S-Telnet c. Rlogin

b. SSL d. SSH

ANSWER:D

POINTS: 0 / 1