CCNA Security FAQ: Introducing Cryptographic Services
Question. Fill in the blanks with the best choice from the list. Cryptography is the art of code __________ and cryptanalysis is the art of code __________.
A. Graphing, analyzing
B. Generation, cracking
C. Making, breaking
D. Breaking, making
E. None of the above
Question. Read the following sentence and choose the type of attack that is being described from the list of choices.
Several examples of ciphertext created by the same cryptosystem are statistically analyzed to deduce underlying plaintext by pattern analysis.
A. Known-Plaintext
B. Meet-in-the-Middle
C. Brute Force
D. Ciphertext-Only
E. Chosen-Ciphertext
A. Meet-in-the-middle
B. Spoofing
C. Stream cipher
D. Brute-force
A. Vigenère cipher
B. Stream cipher
C. Transposition cipher
D. Block cipher
A. Changing only a few bits of a plain-text message causes the ciphertext to be completely different.
B. Altering the key length causes the ciphertext to be completely different.
C. Changing only a few bits of a ciphertext message causes the plain text to be completely different.
D. Altering the key length causes the plain text to be completely different.
A. Block ciphers
B. Message Authentication Codes (MAC)
C. One-time pad
D. Stream ciphers
E. Vigenère ciphers
A. RC4
B. RSA
C. SEAL
D. DES
Question. Match the following crypto algorithms with the letter corresponding to its key length.
- AES: ___
- 3DES: ___
- DES: ___
- RC4: ___
- Blowfish: ___
Your choices are:
A. 1 to 256 bits
B. 112 and 168 bits
C. 56 bits
D. 128, 192, and 256 bits
E. 32 to 448 bits
Answers:
- AES: D
- 3DES: B
- DES: C
- RC4: A
- Blowfish: E
Question. True or false. AES is considered a trusted encryption algorithm by virtue of its strong 128-bit encryption keys and its 20+ years of use in crypto systems.
Question. What is the best choice of category of encryption algorithm for situations where large volumes of data are transmitted and speed is important? (Choose one from the list.)
A. Block cipher
B. Stream cipher
C. Symmetric key encryption
D. Asymmetric key encryption
E. DES
A. They are faster than asymmetric algorithms.
B. They have longer key lengths than asymmetric encryption algorithms.
C. They are stronger than asymmetric algorithms.
D. They are less complex mathematically than asymmetric algorithms.
E. They are slower than asymmetric algorithms.
F. They are weaker than asymmetric algorithms
A. 56-bit blocks
B. 40-bit blocks
C. 128-bit blocks
D. 64-bit blocks
A. Fixed-length groups of bits called blocks
B. Individual digits, one at a time, with the transformations varying during the encryption
C. Individual blocks, one at a time, with the transformations varying during the encryption
D. Fixed-length groups of digits called blocks
A. In ECB mode, each 64-bit plain-text block is exclusive ORed (XORed) bitwise with the previous ciphertext block.
D. In ECB mode, each 56-bit plain-text block is exclusive ORed (XORed) bitwise with the previous ciphertext block.
A. 3DES-EDE
B. EDE-3DES
C. 3DES-AES
D. AES-3DES
Question. Figure 6.14 illustrates what type of PKI topology? (Choose the one best answer.)
FIGURE 6.14 What PKI technology is this?
A. Subordinate-Tiered CA
B. Cross-Certified CA
C. Central CA
D. Hierarchical CA
E. Independent-Mesh CA
Question. Figure 6.15 illustrates the part of the enrollment process that occurs after a PKI participant has retrieved and validated the CA’s certificate. What is always contained in the PKCS #7 message that the PKI participant is retrieving from the CA? (Choose all the correct answers.)
FIGURE 6.15 What is contained in the PKCS #7 message?
A. X.509 certificate
B. CA’s private key
C. CA’s public key
D. PKI participant’s signed public key
E. CA’s encryption usage keys
F. None of the above.
Question. Which of the following list of protocols are part of NIST’s Digital Signature Standard (DSS)? (Choose all that apply.)
A. DSA
B. Digital Signatures using Reversible Public Key Cryptography
C. SEAL
D. Blowfish
E. ECDSA
A. 3DES
B. IDEA
C. EDE
D. AES
A. Roughly 10 percent
B. Roughly 75 percent
C. Roughly 66 percent
D. Roughly 50 percent
A. Five
B. One
C. Four
D. None
A. Key verification
B. Key transposition
C. Key generation
D. Key exchange
E. Key storage
A. Data consistency
B. Data binding
C. Data checksums
D. Data integrity
Question. Fill in the blanks in the following sentence with the letter corresponding to the best choice. (Choose three.)
Hashing functions are used to validate a message’s __________ but do not provide for __________ like HMACs. If __________ is required, the use of digital signatures is specified.
A. Confidentiality
B. Integrity
C. Authentication
D. Non-repudiation
E. Origin authentication
Question. Which one of the following statements best compares MD5 and SHA-1 as hashing algorithms?
A. MD5 theoretically has higher security than SHA-1; however, SHA-1 remains more commonly used.
B. MD5 is not recommended for new cryptosystems because SHA-1 is preferred for its theoretically higher security.
C. SHA-1 is less resistant to a brute force attack than MD5, and its 32-bit longer buffer makes it faster than MD5.
D. SHA-1 and MD5’s security is not based on encryption keys.
E. None of the above.