Upgrade to remove ads
Only $35.99/year

SSCP Domain 5 - Cryptography

Terms in this set (19)

Self-Signed Certificates
Self-signed certificates are functionally equivalent to those purchased from a trusted certificate authority. The fundamental difference is that they don't carry the trusted signature of a CA and, therefore, won't be trusted by web browsers by default. They are generally only appropriate for internal use.
Which one of the following cryptographic systems is most closely associated with the Web of Trust?
Phil Zimmerman's Pretty Good Privacy (PGP) software is an encryption technology based upon the Web of Trust (WoT). This approach extends the social trust relationship to encryption keys.
What is the best way to secure files that are sent from workstation A via the Internet service (C) to remote server E?
Sending a file that is encrypted before it leaves means that exposure of the file in transit will not result in a confidentiality breach, and the file will remain secure until decrypted at location E. Since answers A, C, and D do not provide any information about what happens at point C, they should be considered insecure, as the file may be at rest at point C in an unencrypted form.
Linux systems that use bcrypt are using a tool based on what DES alternative encryption scheme?
Bcrypt is based on Blowfish (the b is a key hint here). AES and 3DES are both replacements for DES, while Diffie-Hellman is a protocol for key exchange.
Fred is preparing to send backup tapes off-site to a secure third-party storage facility. What steps should Fred take before sending the tapes to that facility?
Tapes are frequently exposed because of theft or loss in transit. That means that tapes that are leaving their normal storage facility should be handled according to the organization's classification schemes and handling requirements. Purging the tapes would cause the loss of data, while increasing the classification level of the tapes. The tapes should be encrypted rather than decrypted.
Ed has been asked to send data that his organization classifies as confidential and proprietary via email. What encryption technology would be appropriate to ensure that the contents of the files attached to the email remain confidential as they traverse the Internet?
PGP, or Pretty Good Privacy (or its open source alternative, GPG), provides strong encryption of files, which can then be sent via email. Email traverses multiple servers and will be unencrypted at rest at multiple points along its path as it is stored and forwarded to its destination.
Chris wants to verify that a software package that he downloaded matches the original version. What hashing tool should he use if he believes that technically sophisticated attackers may have replaced the software package with a version containing a backdoor?
Intentional collisions have been created with MD5, and a real-world collision attack against SHA 1 was announced in early 2017. 3DES is not a hashing tool, leaving SHA 256 (sometimes called SHA 2) as the only real choice that Chris has in this list.
Which one of the following is not an attribute of a hashing algorithm?
Hash functions do not include any element of secrecy and, therefore, do not require a cryptographic key.
Susan would like to configure IPsec in a manner that provides confidentiality for the content of packets. What component of IPsec provides this capability?
The Encapsulating Security Payload (ESP) protocol provides confidentiality and integrity for packet contents. It encrypts packet payloads and provides limited authentication and
How many bits of keying material does the Data Encryption Standard use for encrypting information?
DES uses a 64-bit encryption key, but only 56 of those bits are actually used as keying material in the encryption operation. The remaining 8 bits are used to detect tampering or corruption of the key.
Which one of the following is not one of the basic requirements for a cryptographic hash function?
Hash functions must be able to work on any variable-length input and produce a fixed-length output from that input, regardless of the length of the input.
What standard governs the creation and validation of digital certificates for use in a public key infrastructure?
The X.509 standard, developed by the International Telecommunications Union, contains the specification for digital certificates.
Alan intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message?
This message was most likely encrypted with a transposition cipher. The use of a substitution cipher, a category that includes AES and 3DES, would change the frequency distribution so that it did not mirror that of the English language.
Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement?
Digital signatures are possible only when using an asymmetric encryption algorithm. Of the algorithms listed, only RSA is asymmetric and supports digital signature capabilities.
In Transport Layer Security, what type of key is used to encrypt the actual content of communications between a web server and a client?
In TLS, both the server and the client first communicate using an ephemeral symmetric session key. They exchange this key using asymmetric cryptography, but all encrypted content is protected using symmetric cryptography.
Chris is designing a cryptographic system for use within his company. The company has 1,000 employees, and they plan to use an asymmetric encryption system. How many total keys will they need?
Asymmetric cryptosystems use a pair of keys for each user. In this case, with 1,000 users, the system will require 2,000 keys.
Todd wants to add a certificate to a certificate revocation list. What element of the certificate goes on the list?
The certificate revocation list contains the serial numbers of digital certificates issued by a certificate authority that have later been revoked.
Which one of the following would be a reasonable application for the use of self-signed digital certificates?
Self-signed digital certificates should be used only for internal-facing applications, where the user base trusts the internally generated digital certificate.
Alice is designing a cryptosystem for use by six users and would like to use a symmetric encryption algorithm. She wants any two users to be able to communicate with each other without worrying about eavesdropping by a third user. How many symmetric encryption keys will she need to generate?
The formula for determining the number of encryption keys required by a symmetric algorithm is ((n(n − 1))/2). With six users, you will need ((66*5)/2), or 15 keys.
Students also viewed