CCNA Cyber Ops FAQ: Fundamentals of Cryptography and Public Key Infrastructure (PKI)

CCNA Cyber Ops FAQ: Fundamentals of Cryptography and Public Key Infrastructure (PKI)

Q1. Which of the following are examples of common methods used by ciphers?
A. Transposition
B. Substitution
C. Polyalphabetic
D. Polynomial

Answer: A, B, C. Common methods that ciphers use include substitution, polyalphabetic, and transposition.

Q2. Which of the following are examples of symmetric block cipher algorithms?
A. Advanced Encryption Standard (AES)
B. Triple Digital Encryption Standard (3DES)
C. DSA
D. Blowfish
E. ElGamal

Answer: A, B, D. AES, 3DES, and Blowfish are examples of symmetric block cipher algorithms. DSA and ElGamal are examples of asymmetric algorithms.

Q3. Which of the following are examples of hashes?
A. ASH-160
B. SHA-1
C. SHA-2
D. MD5

Answer: B, C, D. The three most popular types of hashes are Message Digest 5 (MD5), Secure Hash Algorithm 1 (SHA-1), and Secure Hash Algorithm 2 (SHA-2).

Q4. Which of the following are benefits of digital signatures?
A. Authentication
B. Nonrepudiation
C. Encryption
D. Hashing

Answer: A and B. A digital signature provides three core benefits: authentication, data integrity, and nonrepudiation.

Q5. Which of the following statements are true about public and private key pairs?
A. A key pair is a set of two keys that work in combination with each other as a team.

B. A key pair is a set of two keys that work in isolation.

C. If you use the public key to encrypt data using an asymmetric encryption algorithm, the corresponding private key is used to decrypt the data.

D. If you use the public key to encrypt data using an asymmetric encryption algorithm, the peer decrypts the data with that public key.

Answer: A and C. A key pair is a set of two keys that work in combination with each other as a team, and if you use the public key to encrypt data using an asymmetric encryption algorithm, the corresponding private key is used to decrypt the data.

Q6. Which of the following entities can be found inside of a digital certificate?
A. FQDN
B. DNS server IP address
C. Default gateway
D. Public key

Answer: A and D. Inside of a digital certificate is information about the identity of a device, such as its IP address, fully qualified domain name (FQDN), and the public key of that device or person.

Q7. Which of the following is true about root certificates?
A. A root certificate contains information about the user.
B. A root certificate contains information about the network security device.
C. A root certificate contains the public key of the CA.
D. Root certificates never expire.

Answer: C. A root certificate contains the public key of the CA server and the other details about the CA server.

Q8. Which of the following are public key standards?
A. IPsec
B. PKCS #10
C. PKCS #12
D. ISO33012
E. AES

Answer: B and C. PKCS #10 and PKCS #12 are public key standards you should become familiar with. They include protocols by themselves and protocols used for working with digital certificates. PKCS #10 defines the format of a certificate request sent to a CA that wants to receive its identity certificate. This type of request would include the public key for the entity desiring a certificate. PKCS #12 is a standard that defines the format for storing both public and private keys using a symmetric password-based key to “unlock” the data whenever the key needs to be used or accessed.

Q9. Which of the following files have the same contents based on their SHA checksum?
bash-3.2$ shasum *
b0f8ff8d3c376f802dd615e8a583d4df7306d02b cat.txt
88e513e9186d5f71453115ce8ae3c16057c827d8 chair.txt
b0f8ff8d3c376f802dd615e8a583d4df7306d02b chicken.txt
1f95e28fc1aaef50f1987237a73c8b5f1429d375 dog.txt
09bf76d43e9e04ab55884bf01740ea88fa15f4da table.txt
A. cat.txt, dog.txt, and table.txt
B. table.txt and chair.txt
C. chicken.txt and cat.txt
D. chicken.txt and dog.txt

Answer: A. Answer A is the best definition of a Windows process. Answer B describes a thread, Answer C describes a thread pool, and Answer D describes a fiber.

Q10. Which of the following statements is true about collision attacks?
A. A collision attack is an attack against databases that causes a collision of data and results in data corruption.

B. A collision attack is a type of denial-of-service (DoS) attack.

C. Collision attacks are a form of web application attack that leverage the collision of data types and data models.

D. A collision attack is an attempt to find two input strings of a hash function that produce the same hash result

Answer: B. Answer B is the only correct statement. Virtual address space is not shared unless it is specified. It is a reference to the physical location and not the actual physical location of an object in memory.

Q11. Among MD5, SHA-1, and SHA-2, which is the most secure?
A. SHA-1.
B. SHA-2.
C. MD5.
D. They are all equally secure.

Answer: C. RAM is an example of volatile memory.

Q12. Certificate authorities can be deployed in a hierarchical way. Root CAs can delegate their authority to what type of CAs to create and assign identity certificates to clients?
A. Sub-root CAs
B. Subordinate CAs
C. Client CAs
D. Enrollment CAs

Answer: C. The command regedit is used to view the Windows Registry.

Q13. What is a certificate revocation list (CRL)?
A. A list of root certificates of CA servers that can revoke certificates.

B. A list of certificates, based on their serial numbers, that had initially been issued by a CA but have not been revoked and are trusted.

C. A list of certificates, based on their serial numbers, that had initially been issued by a CA but have since been revoked and as a result should not be trusted.

D. A list of serial numbers of CA servers that can participate in a certificate revocation process.

Answer: A. HKEY_LOCAL (HKLM) is not a Windows Registry hive.

Q14. Which of the following is a format for storing both public and private keys using a symmetric password-based key to “unlock” the data whenever the key needs to be used or accessed?
A. PKCS #12
B. PKCS #10
C. PKCS #7
D. PKCS #2

Answer: B. Windows Management Instrumentation is the correct name.

Q15. Which of the following is a format of a certificate request sent to a CA that wants to receive its identity certificate? This type of request would include the public key for the entity desiring a certificate.
A. PKCS #1
B. PKCS #7
C. PKCS #10
D. PKCS #12

Answer: C. WMI can’t be used to uninstall an application.

Q16. Which of the following are examples of symmetric encryption algorithms?
A. AES
B. IDEA
C. Diffie-Hellman
D. MD5

Answer: C. A handle that’s not released after being used is an example of how a handle leak could occur.

Q17. Which of the following are examples of asymmetric encryption algorithms?
A. AES
B. SHA
C. Diffie-Hellman
D. RSA

Answer: B. The correct command is services.msc.

Q18. Which of the following are examples of hashing algorithms?
A. SHA
B. AES
C. MD5
D. RC4

Answer: D. The Log Parser is a common Windows tool that can be used to adjust logs for this purpose.

More Resources

About the author

Scott

Leave a Comment