Security+ Cryptography

Home
Need Assignment Help?

Which of the following concepts is used by digital signatures to ensure integrity of the data?
A Non-repudiation
B Hashing
C Transport encryption
D Key escrow

B Hashing

The public key is used to perform which of the following? (Select THREE).
A Validate the CRL
B Validate the identity of an email sender
C Encrypt messages
D Perform key recovery
E Decrypt messages
F Perform key escrow

B Validate the identity of an email sender
C Encrypt messages
E Decrypt messages

A network administrator is looking for a way to automatically update company browsers so they import a list of root certificates from an online source. This online source will then be responsible for tracking which certificates are to be trusted or not tr

A Trust model

In PKI, a key pair consists of: (Select TWO).
A A king ring
B A public key
C A private key
D Key escrow
E A passphrase

B A public key
C A private key

Public key certificates and keys that are compromised or were issued fraudulently are listed on which of the following?
A PKI
B ACL
C CA
D CRL

D CRL

Which of the following is true about the recovery agent?
A It can decrypt messages of users who lost their private key
B It can recover both the private and public key of federated users
C It can recover and provide users with their lost or private key
D

A It can decrypt messages of users who lost their private key

Encryption used by RADIUS is BEST described as:
A Quantum
B Elliptical curve
C Asymmetric
D Symmetric

D Symmetric

A new MPLS network link has been established between a company and its business partner.
The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidential

C IPSEC VPN tunnels on top of the MPLS link

When employees that use certificates leave the company they should be added to which of the following?
A PKI
B CA
C CRL
D TKIP

C CRL

Which of the following is a concern when encrypting wireless data with WEP?
A WEP displays the plain text entire key when wireless packet captures are reassembled
B WEP implements weak initialization vectors for key transmission
C WEP uses a very weak enc

B WEP implements weak initialization vectors for key transmission

Which of the following should a security technician implement to identify untrusted certificates?
A CA
B PKI
C CRL
D Recovery agent

C CRL

Due to hardware limitation, a technician must implement a wireless encryption algorithm that uses the RC4 protocol. Which of the following is a wireless encryption solution that the technician should implement while ensuring the STRONGEST level of securit

C WPA-TKIP

Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?
A Recovery agent
B Certificate authority
C Trust model
D Key escrow

A Recover agent

The recovery agent is used to recover the:
A Root certificate
B Key in escrow
C Public key
D Private key

D Private key

To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third party software and hardware vendors. Which of the following should be recommended?
A

D AES

Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by?
A Key escrow
B Non-repudiation
C Multifactor authentication
D Hashing

B Non-repudiation

Which of the following allows lover level domains to access resources in a separate Public Key Infrastructure?
A Trust model
B Recovery Agent
C Public Key
D Private Key

A Trust model

Which of the following is a requirement when implementing PKI if data loss is unacceptable?
A Web of trust
B Non-repudiation
C Key escrow
D Certificate revocation list

C Key escrow

The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if a

A Bank's CRL

When using PGP, which of the following should the end user protect from compromise? (Select TWO).
A Private key
B CRL details
C Public key
D Key password
E Key escrow
F Recovery agent

A Private key
D Key password

Ann wants to send a file to Joe using PKI. Which of the following should Ann use in order to sign the file?
A Joe's public key
B Joe's private key
C Ann's public key
D Ann's private key

D Ann's private key

A certificate authority takes which of the following actions in PKI?
A Signs and verifies all infrastructure messages
B Issues and signs all private keys
C Publishes key escrow lists to CRLs
D Issues and signs all root certificates

D Issues and signs all root certificates

A security engineer is asked by the company's development team to recommend the most secure method for password storage. Which of the following provide the BEST protection against brute forcing stored passwords? (Select TWO).
A PBKDF2
B MD5
C SHA2
D Bcryp

A PBKDF2
D Bcrypt

Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length that is typically necessary. Which of the following encryption methods offers this capability?
A Twofis

C ECC

A bank has a fleet of aging payment terminals used by merchants for the transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be th

B 3DES

Which of the following provides the HIGHEST level of confidentiality on a wireless network?
A Disabling SSID broadcast
B MAC filtering
C WPA2
D Packet switching

C WPA2

Which of the following can be implemented with multiple bit strength?
A AES
B DES
C SHA-1
D MD5
E MD4

A AES

Which of the following the difference between a public key and a private key?
A The public key is only used by the client while the private key is available to all. Both keys are mathematically related
B The private key only decrypts the data while the pu

D The private key is only used by the client and kept secret while the public key is available to all

Which of the following ciphers would be BEST used to encrypt streaming video?
A RSA
B RC4
C SHA1
D 3DES

B RC4

A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wirel

A Spoof the MAC address of an observed wireless network client

Which of the following is true about the CRL?
A It should be kept public
B It signs other keys
C It must be kept secret
D It must be encrypted

A It should be kept public

Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the

C The certificates have not been installed on the workstations

Which of the following is synonymous with a server's certificate?
A Public key
B CRL
C Private key
D Recovery agent

A Public key

Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?
A Certification authority
B Key escrow
C Certificate revocation list
D Registration authority

A Certification authority

A systems administrator has implemented PKI on a classified government network. In the even that a disconnect occurs from the primary CA, which of the following should be accessible locally from every site to ensure users with bad certificates cannot gain

A A CRL

Company A sends a PGP encrypted file to company B. If company A used company B's public key to encrypt the file, which of the following should be used to decrypt data at company B?
A Registration
B Public key
C CRLs
D Private key

D Private key

Which of the following would provide the STRONGEST encryption?
A Random one-time pad
B DES with a 56-bit key
C AES with a 256-bit key
D RSA with a 1024-bit key

A Random one-time pad

Which of the following must a user implement if they want to send a secret message to a coworker by embedding it within an image?
A transport encryption
B Steganography
C Hashing
D Digital signature

B Steganography

The security admin installed a newly generated SSL certificate onto the company web server. Due to a misconfigruation of the website, a downloadable file containing one of the pieces of the key was available to the public. It was verified that the disclos

B The file containing the public key

Users report that after downloading several application, their systems' performance has noticeably decreased. Which of the following would be used to validate programs prior to installing them?
A Whole disk encryption
B SSH
C Telnet
D MD5

D MD5

A company uses PGP to ensure that sensitive email is protected. Which of the following types of cryptography is being used here for the key exchange?
A Symmetric
B Session-based
C Hashing
D Asymmetric

A Symmetric

Which of the following provides the strongest authentication security on a wireless network?
A MAC filter
B WPA2
C WEP
D Disable SSID broadcast

B WPA2

Sara, a security engineer, is testing encryption ciphers for performance. Which of the following ciphers offers strong encryption with the FASTEST speed?
A 3DES
B Blowfish
C Serpent
D AES256

B Blowfish

Users need to exchange a shared secret to begin communicating securely. Which of the following is another name for this symmetric key?
A Session Key
B Public Key
C Private Key
D Digital Signature

C Private Key

Public keys are used for which of the following?
A Decrypting wireless messages
B Decrypting the hash of an electronic signature
C Bulk encryption of IP based email traffic
D Encrypting web browser traffic

B Decrypting the has of an electronic signature

Joe, the systems administrator, is setting up a wireless network for his team's laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?
A Disable default SSID broadcasting
B Use WPA instead of W

D Implement MAC filtering on the access point

Which of the following cryptographic related browser settings allows an organization to communicate securely?
A SSL 3.0/TLS 1.0
B 3DES
C Trusted Sites
D HMAC

A SSL 3.0/TLS 1.0

In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time?
A Import the recipient's public key
B Import the recipient's private key
C Export the sender's priva

A Import the recipient's public key

Which of the following would be used as a secure substitute for Telnet?
A SSH
B SFTP
C SSL
D HTTPS

A SSH

Which of the following are restricted to 64-bit block sizes? (Select TWO).
A PGP
B DES
C AES256
D RSA
E 3DES
F AES

B DES
E 3DES

Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption?
A Blowfish
B DES
C SHA256
D HMAC

A Blowfish

A software development company wants to implement a digital rights management solution to protect its intellectual property. Which of the following should the company implement to enforce software digital rights?
A Transport encryption
B IPsec
C Non-repud

D Public key infrastructure

Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server?
A SSLv2
B SSHv1
C RSA
D TLS

D TLS

Which of the following allows an organization to store a sensitive PKI component with a trusted third party?
A Trust model
B Public Key Infrastructure
C Private key
D Key escrow

D Key escrow

In which of the following scenarios is PKI LEAST hardened?
A The CRL is posted to a publicly accessible location
B The recorded time offsets are developed with symmetric keys
C A malicious CA certificate is loaded on all the clients
D All public keys are

C A malicious CA certificate is loaded on all the clients

Which of the following provides additional encryption strength by repeating the encryption process with additional keys?
A AES
B 3DES
C TwoFish
D Blowfish

B 3DES

Which of the following is the MOST likely cause of users being unable to verify a single user's email signature and that user being unable to decrypt sent messages?
A Unmatched key pairs
B Corrupt key escrow
C Weak public key
D Weak private key

A Unmatched key pairs

Which of the following key algorithms are examples of block ciphers? (Select THREE).
A RC4
B 3DES
C AES
D MD5
E PGP
F Blowfish

B 3DES
C AES
F Blowfish

Which of the following uses both a public and private key?
A RSA
B AES
C MD5
D SHA

A RSA

Digital Signatures provide which of the following?
A Confidentiality
B Authorization
C Integrity
D Authentication
E Availability

C Integrity

All of the following are valid cryptographic hash functions EXCEPT:
A RIPEMD
B RC4
C SHA-512
D MD4

B RC4

A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered?
A Symmetric encryption
B Non-repudiation
C Steganography
D Hashing

C Stenography

Which of the following provides a static record of all certificates that are no longer valid?
A Private key
B Recovery agent
C CRLs
D CA

C CRLS

Which of the following components MUST be trusted by all parties in PKI?
A Key escrow
B CA
C Private key
D Recovery key

B CA

Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).
A Private hash
B Recovery agent
C Public key
D Key escro

B Recovery agent
D Key escrow

Which of the following identifies certificates that have been compromised or suspected of being compromised?
A Certificate revocation list
B Access control list
C Key escrow registry
D Certificate authority

A Certificate revocation list

Which of the following protocols uses an asymmetric key to open a session and then established a symmetric key for the remainder of the session?
A SFTP
B HTTPS
C TFTP
D TLS

D TLS

Which of the following protocols encapsulates an IP packet with an additional IP header?
A SFTP
B IPSec
C HTTPS
D SSL

B IPSec

Which of the following offers the LEAST secure encryption capabilities?
A TwoFish
B PAP
C NTLM
D CHAP

B PAP

Symmetric encryption utilizes __________, while asymmetric encryption utilizes __________.
A Public keys, one time
B Shared keys, private keys
C Private keys, session keys
D Private keys, public keys

D Private keys, public keys

Which of the following protocols transport security for virtual terminal emulation?
A TLS
B SSH
C SCP
D S/MIME

B SSH

A security administrator must implement a wireless encryption system to secure mobile devices' communication. Some users have mobile device which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented?
A R

A RC4

Which of the following types of cryptography should be used when minimal overhead is necessary for a mobile device?
A Block cipher
B Elliptical curve cryptography
C Diffie-Hellman algorithm
D Stream cipher

B Elliptical curve cryptography

Which of the following is true about PKI? (Select TWO).
A When encrypting a message with the public key, only the public key can decrypt it.
B When encrypting a message with the private key, only the private key can decrypt it.
C When encrypting a message

D When encrypting a message with the public key, only the private key can decrypt it
E When encrypting a message with the private key, only the public key can decrypt it

Which of the following BEST describes part of the PKI process?
A User1 decrypts data with User2's private key
B User1 hashes data with User2's public key
C User1 hashes data with User2's private key
D User encrypts data with User2's public key

D User encrypts data with User2's public key

Which of the following MUST Matt, a security administrator, implement to verify both the integrity and authenticity of a message while requiring a shared secret?
A RIPEMD
B MD5
C SHA
D HMAC

D HMAC

After encrypting all laptop hard drives, an executive officer's laptop has trouble booting to the operating system. Now that it is successfully encrypted the helpdesk cannot retrieve the data. Which of the following can be used to decrypt the information

A Recovery agent

A security administrator has been tasked with setting up a new internal wireless network that must used end to end TLS. Which of the following may be used to meet this objective?
A WPA
B HTTPS
C WEP
D WPA 2

D WPA 2

Recent data loss on financial servers due to security breaches forced the system administrator to harden their systems. Which of the following algorithms with transport encryption would be implemented to provide the MOST secure web connections to manage a

B TLS

Which of the following should be used when a business needs a block cipher with minimal key size for internal encryption?
A AES
B Blowfish
C RC5
D 3DES

B Blowfish

Which of the following is true about an email that was signed by User A and sent to User B?
A User A signed with User B's private key and User B verified with their own public key
B User A signed with their own private key and User B verified with User A'

B User A signed with their own private key and User B verified with User A's public key

Joe, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Joe had already been working for two hours before leaving the premises. A security technician was asked to prepare a report of files that

B MD5
F HMAC

A CA is compromised and attacks start distributing maliciously signed software updates. Which of the following can be used to warn users about the malicious activity?
A Key escrow
B Private key verification
C Public key verification
D Certificate revocati

D Certificate revocation list

Which of the following can use RC4 for encryption? (Select TWO).
A CHAP
B SSL
C WEP
D AES
E 3DES

B SSL
C WEP

A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company's server over a public unencrypted communication channel. Which of the following implements the required secure key negotiation? (Sele

D ECDHE
D Diffie-Hellman

Which of the following is used to certify intermediate authorities in a large PKI deployment?
A Root CA
B Recovery agent
C Root user
D Key escrow

A Root CA

A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?
A OCSP
B PKI
C CA
D CRL

D CRL

An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?
A Generate a new private key based on AES
B Generate a new public key based on RSA
C Generate a new public key based on AES
D Generate a new private key base

D Generate a new private key based on RSA

Which of the following must be kept secret for a public key infrastructure to remain secure?
A Certificate Authority
B Certificate revocation list
C Public key ring
D Private key

D Private key

An administrator needs to renew a certificate for a web server. Which of the following should be submitted to a CA?
A CSR
B Recovery agent
C Private key
D CRL

A CSR

Which of the following algorithms has well documented collisions? (Select TWO).
A AES
B MD5
C SHA
D SHE-256
E RSA

B MD5
C SHA

The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?
A Disable the SSID broadcasting
B Configure the access points so tha

D Lower the power for office coverage only

A security administrator discovers an image file that has several plain text documents hidden in the file. Which of the following security goals is met by camouflaging data inside of other files?
A Integrity
B Confidentiality
C Steganography
D Availabilit

C Steganography

Which of the following is used to verify data integrity?
A SHA
B 3DES
C AES
D RSA

A SHA

A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected?
A Block cipher
B Steam cipher
C CRC
D

A Block cipher

Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either "good", "unknown", or "revoked"?
A CRL
B PKI
C OCSP
D RA

C OCSP

A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the user's digital certificate. Which of the following will help resolve the issue? (Select TWO).
A Revoke the digital certificate
B Mark the key as

A Revoke the digital certificate
D Issue a new digital certificate

While setting up a secure wireless corporate network, which of the following should Pete, an administrator, avoid implementing?
A EAP-TLS
B PEAP
C WEP
D WPA

C WEP

Connections using point-to-point protocol authenticate using which of the following? (Select TWO).
A RIPEMD
B PAP
C CHAP
D RC4
E Kerberos

B PAP
C CHAP

Which of the following protocols is the security administrator observing in this packet capture?
12:33:43, SRC 192.168.4.3:3389, DST 10.67.33.20:8080, SYN/ACK
A HTTPS
B RDP
C HTTP
D SFTP

B RDP

Which of the following cryptographic algorithms is MOST often used with IPSec?
A Blowfish
B Twofish
C RC4
D HMAC

D HMAC

Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access?
A Registration
B CA
C CRL
D Recovery agent

C CRL

Joe, a user, reports to the system administrator that he is receiving an error stating her certificate has been revoked. Which of the following is the name of the database repository for these certificates?
A CSR
B OCSP
C CA
D CRL

D CRL

Which of the following is true about asymmetric encryption?
A A message encrypted with the private key can be decrypted by the same key
B A message encrypted with the public key can be decrypted with a shared key
C A message encrypted with a shared key, c

D A message encrypted with the public key can be decrypted with the private key

The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following?
A Stream ciphers
B Transport encryption
C Key escrow

B Transport encryption

A CRL is comprised of.
A Malicious IP addresses
B Trusted CA's
C Untrusted private keys
D Public keys

D Public keys

When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner?
A Trust models
B CRL
C CA
D Recovery agent

C CA

Which of the following devices is BEST suited for servers that need to store private keys?
A Hardware security module
B Hardened network firewall
C Solid state disk drive
D Hardened host firewall

A Hardware security module

A company's security administrator wants to manage PKI for internal systems to help reduce costs. Which of the following is the FIRST step the security administrator should take?
A Install a registration server
B Generate shared public and private keys
C

C Install a CA

Which of the following types of trust models is used by a PKI?
A Transitive
B Open source
C Decentralized
D Centralized

D Centralized

Deploying a wildcard certificate is one strategy to:
A Secure the certificate's private key
B Increase the certificate's encryption key length
C Extend the renewal date of the certificate
D Reduce the certificate management burden

D Reduce the certificate management burden

When creating a public/private key pair, for which of the following ciphers would a user need to specify the key strength?
A SHA
B AES
C DES
D RSA

D RSA

Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?
A Hashing
B Transport encryption
C Digital signatures
D Steganography

D Steganography

Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO).
A 110
B 137
C 139
D 143
E 161
F 443

B 137
C 139

In order to use a two-way trust model the security administrator MUST implement which of the following?
A DAC
B PKI
C HTTPS
D TPM

B PKI

Which of the following would Matt, a security administrator , use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must ass as little latency to the process as possible?
A ECC
B RSA
C SH

D 3DES