click below
click below
Normal Size Small Size show me how
Security+ Chapter 7
Security+ Chapter 7 Review Questions
Question | Answer |
---|---|
What is a cipher? | A cipher is a method used to scramble or obfuscate characters to hide their value. Ciphering is the process of using a cipher to do that type of scrambling to a message. |
What is the substitution cipher? | A substitution cipher is a type of coding or ciphering system that changes one character or symbol into another. |
What term is used to describe using cryptographic techniques to embed secret messages within another file, such as hiding a message within an image file? | Steganography is the art of using cryptographic techniques to embed secret messages within another file. |
What are four fundamental goals of cryptography? | Confidentiality, integrity, authentication, and nonrepudiation |
What is the difference between symmetric and asymmetric cryptography? | - Symmetric cryptosystems use a shared secret key available to all users of the cryptosystem. - Asymmetric cryptosystems use individual combinations of public and private keys for each user of the system. |
What are three types of data we must think about when developing a cryptographic system for the purpose of providing confidentiality? | Data at rest, data in motion, data in use |
What are two major categories of modern ciphers and what are their methods of operation? | - Block ciphers operate on “chunks,” or blocks, of a message and apply the encryption algorithm to an entire message block at the same time. - Stream ciphers operate on one character or bit of a message (or data stream) at a time. |
List some weaknesses of symmetric key cryptography | - Key distribution is a major problem. - Symmetric key cryptography does not implement nonrepudiation. - The algorithm is not scalable. - Keys must be regenerated often. |
List some major strengths of asymmetric key cryptography | - The addition of new users requires the generation of only one public-private key pair. - Users can be removed far more easily from asymmetric systems. - Key regeneration is required only when a user’s private key is compromised. - KD is simple |
Name five modes of operation of DES. | Electronic Codebook (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback (CFB) mode, Output Feedback (OFB) mode, and Counter (CTR) mode |
What are three key lengths allowed by the AES cipher and what are their corresponding number of encryption rounds? | - 128-bit keys require 10 rounds of encryption. - 192-bit keys require 12 rounds of encryption. - 256-bit keys require 14 rounds of encryption. |
What are three main methods used to exchange secret keys securely? | Offline distribution, public key encryption, and the Diffie-Hellman key exchange algorithm |
What are five basic requirements for a cryptographic hash function? | 1. They accept an input of any length. 2. They produce an output of a fixed length. 3. The hash value is relatively easy to compute. 4. The hash function is one-way 5. The hash function is collision free |
What are two distinct goals of digital signature infrastructures? | - Digitally signed messages assure the recipient that the message truly came from the claimed sender. - Digitally signed messages assure the recipient that the message was not altered while in transit between the sender and recipient |
What are some of the attributes used in an X.509 certificate? | - Version of X.509 to which the certificate conforms - Serial number (from the certificate creator) - Signature algorithm identifier - Issuer name - Validity period - Subject’s Common Name (CN) - Subject’s public key |
Why might a certificate authority need to revoke a digital certificate? | - The certificate was compromised - The certificate was erroneously issued (for example, the CA mistakenly issued a certificate without proper verification). - The details of the certificate changed (for example, the subject’s name changed). |
What are three techniques to verify the authenticity of certificates and identify revoked certificates? | Certificate Revocation Lists, Online Certificate Status Protocol (OCSP), and Certificate Stapling |