Notesale: Turn your study into money

Document Preview

Extracts from the notes are below, to see the PDF you'll receive please use the links above

---

WGU C839 INTRO TO CRYPTOGRAPHY 2025 OA
PREPARATION TEST BANK WITH 690 REAL EXAM
QUESTIONS AND CORRECT VERIFIED ANSWERS
GRADED A+/ C839 PREP FOR OA AND PREASSESSMENT
What type of encryption uses different keys to encrypt and decrypt the message?
A Symmetric
B Private key
C Secure
D Asymmetric
D

The most widely used asymmetric encryption algorithm is what?
A RSA
B Vigenere
C DES
D Caesar Cipher
A

Original, unencrypted information is referred to as ____
...

A They are less secure than asymmetric
B The problem of key exchange
C They are slower than asymmetric
D The problem of generating keys
B

Which of the following is generally true about block sizes?
A Smaller block sizes increase security
B Block sizes must be more than 256 bits to be secure
C Block size is irrelevant to security
D Larger block sizes increase security

D

A _____ is a function that takes a variable-size input m and returns a fixed-size string
...
509
B CRL

C RFC 2298
D OCSP
A

DES uses keys of what size?
A 56 bits
B 192 bits
C 128 bits
D 64 bits
A

Which of the following is NOT a key size used by AES?
A 512 bits
B 128 bits
C 192 bits
D 256 bits
A

Which of the following was a multi alphabet cipher widely used from the 16th century (1553) to the
early 20th century (1900s)?
A Vigenere
B Caesar
C Atbash
D Scytale
A

Which of the following is a substitution cipher used by ancient Hebrew scholars?

A Caesar
B Vigenere
C Scytale
D Atbash
D

Shifting each letter in the alphabet a fixed number of spaces to the right or left is an example of
what?
A Bit shifting
B Confusion
C Multi substitution
D Single substitution
D

Which of the following most accurately defines encryption?
A changing a message so it can only be easily read by the intended recipient
B Making binary changes to a message to conceal it
C changing a message using complex mathematics
D Applying keys to plain text
A

If you use substitution alone, what weakness is present in the resulting cipher text?
A It is the same length as the original text
B It is easily broken with modern computers
...

D Because it maintains letter and word frequency
...

A Atbash
B multi-alphabet encryption
C Scytale
D Caesar cipher
B

____ was designed to provide built in cryptography for the clipper chip
...
This is the
most basic mode for symmetric encryption
...

A Output feedback (OFB)
B Cipher-block chaining (CBC)
C Electronic codebook (ECB)
D Cipher feedback (CFB)
B

The process wherein the ciphertext block is encrypted then the ciphertext produced is XOR'd back
with the plaintext to produce the current ciphertext block is called what?
A Output feedback (OFB)
B Cipher-block chaining (CBC)
C Cipher feedback (CFB)
D Electronic codebook (ECB)
C

This is a method for turning a block cipher into a stream cipher by generating a keystream block,
which are then XORed with the plaintext blocks to get the ciphertext
...
It is a software based
stream cipher using Lagged Fibonacci generator along with a concept borrowed from the shrinking
generator ciphers
...

A Substitution
B Convergence
C Collision
D Transposition

C

What is a salt?
A Key rotation
B Random bits intermixed with a hash to increase randomness and reduce collisions
...

D Key whitening
B

RFC 1321 describes what hash?
A RIPEMD
B SHA1
C GOST
D MD5
D

What size block does FORK256 use?
A 256
B 128
C 512
D 64
C

In 1977 researchers at MIT described what asymmetric algorithm?
A RSA

B AES
C DH
D EC
A

What is the formula (M^e)(%n) related to?
A Encrypting with EC
B Generating Mersenne primes
C Decrypting with RSA
D Encrypting with RSA
C

Which of the following equations is related to EC?
A P = Cd%n
B Me%n
C y2 = x3 + Ax + B
D Let m = (p-1)(q-1)
C

U
...
Patent 5,231,668 and FIPS 186 define what algorithm?
A AES
B RSA
C Elliptic Curve (EC)
D Digital Signature Algorithm (DSA)
D

What is X
...


A PAP
B CHAP
C SPAP
D EAP
B

What is a TGS?

A The server that grants Kerberos tickets
B protocol for encryption
C protocol for key exchange
D The server that escrows keys
A

What is Kerchoff's principle?

A A minimum key size of 256 bits is necessary for security
...


C A minimum of 15 rounds is needed for a Feistel cipher to be secure
...

D

Which of the following is a fundamental principle of cryptography that holds that the algorithm can
be publically disclosed without damaging security?

A Babbage's principle
B Kerkchoff's principle
C Vigenere's principle
D Shamir's principle
B

A process that puts a message into the least significant bits of a binary file is called what?

A Symmetric cryptography
B Masking
C Steganography
D Asymmetric cryptography
C

If you wished to see a list of revoked certificates from a CA, where would you look?

A CRL
B CA
C RFC
D RA
A

Which of the following is generally true about block ciphers?

A Secret block ciphers should be trusted
...

C The plaintext and ciphertext are always the same size
...

C

What does the OCSP protocol provide?

A encryption
B VPN connectivity
C hashing
D a real time protocol for verifying certificates
D

U
...
encryption standard that replaced DES
...

AES

DES, 3DES, SHA, AES (some AES implementations are Type I)
Class 3 Algorithms

Encryption method where the sender and receiver use an instance of the same key for encryption
and decryption purposes
...
It uses a 56-bit true
key bit size, 64-bit block size, and 16 rounds of computation
...

Multipurpose Internet Mail Extensions (MIME)

Valid data transmission is maliciously or fraudulently repeated to allow an entity gain unauthorized
access
...

Internet Protocol Security (IPSec)

Juniper (block cipher)
MAYFLY (asymmetric)
FASTHASH (hashing)
WALBURN (high bandwith link encryption)
PEGASUS (satellite telemetry)
Class 1 Algorithms

Component of a PKI that creates and maintains digital certificates throughout their life cycles
...

It is currently at version 3
...

Secure Sockets Layer (SSL)

Manipulating individuals so that they will divulge confidential information, rather than by breaking in
or using technical cracking techniques
...

Ciphertext-only attack

servers and software signing, for which independent verification and checking of identity and
authority is done by issuing CA
Class 3 Certificates

it should be impossible for any attacker to calculate, or otherwise guess, from any given
subsequence, any previous or future values in the sequence
BSI Criteria K3 states

Cryptanalysis attack that uses identified statistical patterns
...

International Data Encryption Algorithm (IDEA)

individuals, and intended for email
Class 1 Certificates

A form of cryptanalysis applicable to symmetric key algorithms that was invented by Eli Biham and
Adi Shamir
...

Differential cryptanalysis

Cryptanalysis attack where the attacker is assumed to have access to sets of corresponding plaintext
and ciphertext
...

______________ checks the CRL that is maintained by the CA
...

Authentication Header (AH) and Encapsulating Security Payload (ESP)
...
The
algorithm is also a substitution-permutation network like AES
...
Each round applies one of eight 4-bit to 4-bit S-boxes 32 times in parallel
...

Serpent

What is the difference between Secure HTTP (SHTTP) and HTTP Secure (HTTPS)?
S-HTTP is a technology that protects each message sent between two computers, while HTTPS
protects the communication channel between two computers, messages and all
...

Hash

A small change that yields large effects in the output
...

Co-prime numbers

Cryptanalysis attack that exploits vulnerabilities within the intrinsic algebraic structure of
mathematical functions
...
The size of a ________ hash value is 192 bits
...

an extension of the Diffie-Hellman algorithm
...
It uses a 128-bit
block size and various key lengths (128, 192, 256)
...
A software-based stream cipher using a Lagged Fibonacci generator
(pseudorandom number generator)
...
RFC 1321
MD5

Cipher text (C) is equal to the encryption function (E) with the key (k) and plain-text (p) being passed
as parameters to that function
C = E(k,p) Symmetric encryption

It is impossible to compress the data such that the code is less than the Shannon entropy of the
source, without it being virtually certain that information will be lost
Shannon's source coding theorem

A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext
block sequence to increase security by introducing additional cryptographic variance
...
Skipjack uses an 80-bit key to encrypt or decrypt
64-bit data blocks
...

Skipjack

Algorithm that was chosen for the Data Encryption Standard, which was altered and renamed Data
Encryption Algorithm
...
Has 3 key sizes: 128, 192, 256 and all operate on 128 bit block
AES

Symmetric cipher that applies DES three times to each block of data during the encryption process
...

Side-channel attack

A 160 bit hash with 3 other versions: RIPEMD-128 (128 bit), RIPEMD-256 (256 bit), RIPEMD-320 (320
bit)
RIPEMD-160

Transposition processes used in encryption functions to increase randomness
...

Key Distribution Center (KDC)

Designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991
...

Pretty Good Privacy (PGP)

A number that is used only one time then discarded is called what?
Nonce

Improvement on FISH due to vulnerability to known-plaintext attacks
...

PIKE

Stands for Menezes-Qu-Vanstone and is a protocol used for key agreement that is based on DH
...

Secure Electronic Transaction (SET)

The algorithm is used identically for encryption and decryption as the data stream is simply XORed
with the key
...


That key constitutes a state table that is used for
the subsequent generation of pseudo-random bytes and then to generate
RC4

The payload and the routing and header information are protected in this mode
...

Initialization vectors (IVs)

Ticket granting service
TGS

This is a variation of DES that XORs another 64-bit key to the plaintext before applying the DES
algorithm
...
This adds to the confusion of
the resultant text
...
The _______________ is a proxy for the CA and also expected to perform user
validation before issuing a certificate request
...

HTTP Secure (HTTPS)

Component that keeps track of the different SAs and tells the device which one is appropriate to
invoke for the different packets it receives
...
Used in SSL and WEP
...

Trusted Platform Module (TPM)

Cryptographic hash function that uses a symmetric key value and is used for data integrity and data
origin authentication
...
Provides
authentication and secure transmission over vulnerable channels like the Internet
...

MQV (Menezes-Qu-Vanstone)

Provide authentication of a sender and integrity of a sender's message
...
Then the hash value is encrypted using the private key of
the sender
...

Digital Signature

A 16-round Feistel cipher working on 64-bit blocks
...
Designed by Bruce Schneier
...
Bitlocker

Cryptanalysis attack that exploits vulnerabilities within the algorithm structure
...

Transport-Layer Security (TLS)

Uses a block size of 128 bits and key sizes up to 256 bits
...
Designed by Bruce
Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson
...

Birthday attack

A process that puts a message into the least significant bits of a binary file is called what?
Steganography

Cryptanalysis attack that tries to uncover a mathematical problem from two different ends
...
It is used in PGP implementations and GNU
Privacy Guard Software
...

El Gamal

A combination of the ISAKMP and OAKLEY protocols
...
These are also sometimes called the counting numbers
...


Z denotes the integers
...
Basically, this set is the
natural numbers combined with zero and the negative numbers
...
They are any number that can be expressed
as a ratio of two integers
...


R denotes real numbers
...


i denotes imaginary numbers
...
For example, √-1 = 1i
...
The current generation has a block size of 128
bits (16 bytes)
...

secret key

Don't ever trust a ____________ or ________________
...
One of its features is that it encrypts the credit
card number so that an eavesdropper cannot copy it
...

Complexity

______________ is a measure of how many things interact at any one point
...

Complexity

The original message, m is called the ______________
...
This combines the flexibility of public-key cryptography with the efficiency of symmetrickey cryptography
...

message authentication codes

For practical reasons, a PKI is often set up with multiple levels of CAs
...

root

A ____________________ is what most people mean when talking about breaking an encryption
system
...
Trying to decrypt a message if you only know the ciphertext is
called a _________________
...

ciphertext-only attack

A ________________ is one in which you know both the plaintext and the ciphertext
...

known-plaintext attack

A known-plaintext attack is more powerful than a ciphertext-only attack
...
This covers all the attacks we have discussed so far, as well as
any yet-to-be-discovered attacks
...


Birthday attack

An __________________ attack is one that tries all possible values for some target object, like the
key
...

exhaustive search

First introduced by Eli Biham in 1993, a ___________ attack assumes that the attacker has access to
several encryption functions
...

related-key

A _____________ cipher is one for which no attack exists
...

ideal block

Most modern block ciphers have a ________ block size, but they operate on 32-bit words
...

ideal block

The simplest method to encrypt a longer plaintext is known as the _______________________
...

electronic codebook mode (ECB)

_____________________ was a cylinder tool used by the Greeks, and is often specifically attributed
to the Spartans
...
Turning the cylinder
produced different ciphertexts
...
The recipient uses a rod of the same
diameter as the one used to create the message
...

To encrypt, one simply writes across the leather
...
The reason it is easy to crack is the issue of letter and word frequency
...
It simply reverses the
alphabet Used by Hebrew scribes copying the book of Jeremiah
...


Affine Cipher - is any single-substitution alphabet cipher (also called mono-alphabet substitution) in
which each letter in the alphabet is mapped to some numeric value, permuted with some relatively
simple mathematical function, and then converted back to a letter
...
M=26, x=Plaintext numerical equivalent, b=the shift, a=some multiple
...


Rot13 Cipher - is another sing
Examples of Mono-Alphabet Substitution

Homophonic substitution was one of the earlier attempts to make substitution ciphers more robust
by_________ the letter frequencies
...
The
machine was designed so that when the operator pressed a key, the encrypted ciphertext for that
plaintext was altered each time
...
Essentially, this was a multi-alphabet cipher
consisting of 26 possible alphabets
...
The cipher disk was
invented by Leon Alberti in 1466
...
It was literally a disk you turned to encrypt plaintext
...
At one time,
multi-alphabet substitution was considered quite secure
...
The Vigenère cipher was invented in 1553 by Giovan Battista Bellaso
...
This is a very effective multi-alphabet cipher and prior to the advent of
computers was considered quite strong
...

CrypTool

Many experts believe that modern cryptography begins with _____________________ In 1949 he
published a paper in the in the Bell System Technical Journal entitled Communication Theory of
Secrecy Systems Shortly thereafter he and Warren Weaver published a book entitled Mathematical
Theory of Communication
Claude Shannon

Changes to one character in the plain text affect multiple characters in the ciphertext, unlike in
historical algorithms (Caesar cipher, ATBASH, Vigenère) where each plain text character only affects
one ciphertext character
...

Confusion

This term means that a small change yields large effects in the output, like an avalanche
...
We will see Fiestel's ideas used in many
of the block ciphers we explore in this module
...
If both numbers have a one in both places, then the resultant number is a one
...

AND

The binary ______ operation checks to see whether there is a one in either or both numbers in a
given place
...
If not, the resultant number is zero
...
It checks to see whether
there is a one in a number in a given place, but not in both numbers at that place
...
If not, the resultant number is zero
...

XOR

Most symmetric ciphers use_________ as part of their process
XORing

There are two types of symmetric algorithms
...
A
________________ literally encrypts the data in blocks
...
For example, AES uses a 128-bit block
...

block ciphers; stream ciphers

The algorithm(s) needed to encrypt and decrypt a message
...

Key

The mathematical process used to alter a message and read it unintelligible by any but the intended
party
...

Key schedule

Larger block sizes increase security
...

If the round function is secure, then more rounds increase security
...

At the heart of many block ciphers is a _____________
...
This function forms the basis for many, if not most, block ciphers
...
Usually, the split is equal, and both sides are the same size
...
They use a modified structure
where L0 and R0 are not of equal lengths
...
This variation is actually used in the Skipjack algorithm
...
It was a block cipher developed by
IBM in the early 1970s and used as a U
...
government standard until the 1990s
...
When the U
...
government
began seeking a standardized encryption algorithm, IBM worked with the National Security Agency
(NSA) to alter Lucifer to fit the government's needs, thus it was created
...

DES

This is a variation of DES that simply XORs another 64-bit key to the plaintext before applying the
DES algorithm
...
They are: 128, 192, or
256 bits
...
Unlike both DES and 3DES, it is not based on a Feistel network
...
It also operates on a four-by-four
column-major order matrix of bytes, called the state
...

Rijndael S-box

__________ is a symmetric block cipher that was designed in 1993 by Bruce Schneier
...
Like DES, it is a 16-round Feistel cipher
working on 64-bit blocks
...
There are really two parts to this algorithm
...

The second part actually encrypts the data
...
The first
step is to break the original key into a set of subkeys
...
There is a P-array and four 32-bit S-boxes
...

Blowfish

Like Blowfish, _________ is a symmetric key block cipher which was a finalist in the AES contest
...
It has a block size of 128 bits
and can have a key size of 128, 192, or 256 bits, much like AES
...
It uses 32 rounds working with a block of four 32-bit words
...
It was designed so that all
operations can be executed in parallel
...
It is a Feistel cipher
...

Twofish

Designed by NSA for the clipper chip, ___________ uses an 80-bit key to encrypt or decrypt 64-bit
data blocks
...

Skipjack

The_________________ is a block cipher
...
It operates on 64-bit blocks and has a 128-bit key
...
It
was designed as a replacement for DES
...
It is a simple algorithm, easy to implement in code
...
The rounds should be
even since they are implemented in pairs called, cycles
...
It also uses a constant that is defined as 232/the golden ratio
...
It uses a 64-bit block with a 128-bit key and
operates in six rounds
...
The message is divided into blocks and
each block is encrypted separately
...
This means there is significantly more randomness in the final
ciphertext
...

cipher-block chaining (CBC)

In _____________, the previous ciphertext block is encrypted then the ciphertext produced is XORed
back with the plaintext to produce the current ciphertext block
...


Allows encryption of partial blocks rather than requiring full blocks for encryption
...

cipher feedback mode (CFB)

The _____________ mode turns a block cipher into a synchronous stream cipher
...

output feedback (OFB)

__________________ is also used to turn a block cipher into a stream cipher
...
_______ generates the next keystream block by encrypting successive values of a "counter
...

Counter mode (CTR)

An ______________ is a fixed-size input to a cryptographic primitive that is random or pseudorandom
...

initialization vector (IV)

Stream ciphers are also sometimes called ________ ciphers
...
It is the most widely used
software stream cipher
...
It uses a variable length key from 1 to 256 bytes
...
It
generates a pseudo-random stream of bits
...
Anderson
showed that Fish was vulnerable to known plaintext attacks
...

PIKE

A _______ function H is a function that takes a variable-size input m and returns a fixed-size string
...
This can be expressed
mathematically as h = H(m)
...
When you log on, Windows cannot "un-hash:
your password (remember it is one way)
...
If they match (exactly), then
you can log in
...
Furthermore, it complicates dictionary attacks that use pre-encryption of
dictionary entries
...

salt

This is a 160-bit hash function which resembles the earlier MD5 algorithm
...

SHA-1

This is actually two similar hash functions, with different block sizes, known as SHA-256 and SHA512
...
There are also truncated versions of each standardized, known as SHA-224 and SHA384
...

SHA-2

This is a proposed hash function standard still in development
...
An ongoing NIST hash function competition is scheduled to
end with the selection of a winning function, which will be given the name ___________ in 2012
...
Each block is hashed into a 256-bit block through four branches that divides each 512
block into sixteen 32-bit words that are further encrypted and rearranged
...

FORK-256

____________________________ is a 160-bit hash algorithm developed by Hans Dobbertin, Antoon
Bosselaers, and Bart Preneel
...
These all replace the original RIPEMD
which was found to have collision issues
...

RACE Integrity Primitives Evaluation Message Digest (RIPEMD-160)

The input message is broken into 512-byte chunks (16-32 bit integers)
...

The length of the message (before padding) is then appended as the last 64 bits of the message
...

They are initialized to an initial variable
...

Those operations are a non-linear function F, a modular operation, and a shift
...
The input message is broken up into chunks of 256-bit blocks
...
The remaining bits are filled up with a 256-bit integer

arithmetic sum of all previously hashed blocks and then a 256-bit integer representing the length of
the original message, in bits, is produced
...
It is
designed using the Merkle-Damgård construction (sometimes call the Merkle-Damgård paradigm)
...
The Merkle-Damgård construction was described in Ralph Merkle's
Ph
...
dissertation in 1979
...

HMAC or Hash Message Authentication Code

A __________________, uses a block cipher in CBC mode to improve integrity
...
When Alice receives
the message, they can decrypt it with her ________________
...

entropy

Related to entropy, ________________ states: it is impossible to compress the data such that the
code rate is less than the Shannon entropy of the source, without it being virtually certain that
information will be lost
...

Works for n 2, 3, 5, 7 but fails on n = 11 and on many other n value
Mersenne Primes

Fn = 2^(2n) + 1

So, F1 = 221 + 1 or 5
However, F5 is not prime
Fermat Numbers

A _____________ is a number that has no factors in common with another number
...


So for the number 6, 4 and 5 are co-prime with 6
...

Euler's totient

With just 23 people in the room, you have a 50 percent chance that 2 will have the same birthday
...
Now assume
the hash is MD5, with a 128-bit output
...
That is a very large number
...
4028236692093846346337460743177e+38

Now from the birthday paradox we know that we actually need about 1
...
184
...
It
was the first publically described asymmetric algorithm and is often used for the key exchange of
symmetric keys
...


It is based on equations of the form: y2 = x3 + Ax + B
Elliptic Curve Cryptography

This algorithm is based on Diffie-Hellman and was invented in 1984 by Taher Elgamal
...


The algorithm consists of three parts:
the key generator, the encryption algorithm, and the decryption algorithm
...
It acts as a proxy between a user and CA and it receives a request,
authenticates it and forwards it to the CA
...

CP (Certificate Policy)

__________ is an international standard for the format and information contained in a digital
certificate and is the most common type of digital certificate in the world
...
It is a digital document that contains a public key signed by the trusted third party, which is
known as a Certificate Authority, or CA
...

X
...
The certificate must be
installed on the web server for the website to use it
...
Typically, the
passwords stored in the table are encrypted; however, the transmissions of the passwords are in
cleartext, unencrypted
...
The Basic Authentication feature built into HTTP
uses this form of authentication
...
Periodically, the server will ask the client to provide that hash (this is the

challenge part)
...

Challenge HandShake Authentication Protocol (CHAP)

____________is used widely, particularly with Microsoft operating systems
...
The client authenticates to the authentication server once using a long-term shared secret
(e
...
a password) and receives a ticket-granting server from the authentication server
...
This allows you to make additional requests using the same ticket
within a certain time period (typically, eight hours)
...
Basically, any machine that can be assigned
tickets is known as a _____________________
...

Authentication Server (AS)

Provides tickets
Ticket Granting Server (TGS)

The ticket that is granted during the authentication process
...
Contains the identity of the client, the session key, the
timestamp, and the checksum
...

Ticket

____________ uses the stream cipher RC4 (128 bit or 256 bit)
...
It was the preferred
method used with secure websites (i
...
https)
...
A client and server negotiate a
connection by using a handshaking procedure, in which the client and server agree on various
parameters used to establish the connection's security
...
By default, it uses the AES encryption algorithm with a 128-bit key
...
It is a form of
security through obscurity
...

Steganography

Payload - The data to be covertly communicated, the message you wish to hide

Carrier - The signal, stream, or data file into which the payload is hidden

Channel - The type of medium used
...

Least Significant Bits (LSB)

This method of Audio Steganography (Steganophony) adds an extra sound to an echo inside an
audio file, that extra sound conceals information
...
NSA Suite A
cryptography contains classified algorithms that will not be released
...
Suite B are publically described algorithms
...
In natural languages, certain letters of
the alphabet appear more frequently than others
...
This method is very effective against classic ciphers
like Caesar, Vigenère, etc
...


Frequency Analysis

In a ____________________, the attacker obtains the ciphertexts corresponding to a set of
plaintexts
...

Chosen plaintext attack

A ____________________ is less effective, but much more likely for the attacker since the attacker
only has access to a collection of ciphertexts
...

Ciphertext-only attack

The __________________ is similar to the chosen-plaintext attack, except the attacker can obtain
ciphertexts encrypted under two different keys
...


Given sufficient pairs of plaintext and corresponding ciphertext, bits of information about the key
can be obtained and increased amounts of data will usually give a higher probability of success
...

Linear Cryptanalysis

__________________ is a form of cryptanalysis applicable to symmetric key algorithms and was
invented by Eli Biham and Adi Shamir
...
It originally worked only with chosen plaintext
...

Differential cryptanalysis

Similar to Differential Cryptanalysis, but uses a different technique
...

Integral cryptanalysis

The attacker deduces the secret key
...

Global deduction

The attacker discovers additional plaintexts (or ciphertexts) not previously known
...

Information deduction

The attacker can distinguish the cipher from a random permutation
...


Essentially, these types of password crackers are working with pre-calculated hashes of all
passwords available within a certain character space, be that a-z, or a-zA-z, or a-zA-Z0-9, etc
...
They are particularly useful when trying to crack
hashes
...


The attacker takes the hashed value and searches the rainbow tables seeking a match to the hash
...


A popular hacking tool is Ophcrack
...
As you should know by now, a hash
cannot be un-hashed
...

SAM

Time - The number of "primitive operations" which must be performed
...


Memory - The amount of storage required to perform the attack
...


The 3 resources for cryptanalysis

A one-way mathematical operation that reduces a message or data file into a smaller fixed length
output, or hash value
...

Key clustering

The time and effort required to break a protective measure
...
As with CBC mode, an initialization vector is used in the
first block
...


Based on the practical difficulty of factoring the product of two large prime numbers
...

RSA

Works at Layer 2 of the OSI model
...
Uses EAP and/or CHAP to authenticate
...
(MPPE is a derived version of DES)
...

Point to Point Tunneling Protocol (PPTP)

Works at Layer 2 of the OSI model
...
Offers additional methods for authentication;

PPTP offers two, whereas L2TP offers five
...


L2TP works over standard IP networks, but also X
...

Layer 2 Tunneling Protocol (L2TP)

A variation on frequency analysis that is used to attack polyaplhabetic substitution ciphers
...
) and dashes ( - ) to
communicate with each other
...
What cipher method are the
developer and system administrator using to communicate?

A BIFID cipher
B Caesar cipher
C Pigpen cipher
D Morse code
D

Involves using two keys, one key (public key) to encrypt data and the other key (private key) to
decrypt the encrypted data; also called public-key encryption
asymmetric encryption

involves using one shared key to encrypt and decrypt data; also called secret-key encryption
symmetric encryption

involves breaking down plaintext messages into fixed-size blocks before converting them into
ciphertext using a key
block encryption

an encryption algorithm that breaks a plaintext message down into single bits and encrypts 1 bit of
plaintext at a time
stream encryption

involves mapping the hashed values back to the original message from a precomputed lookup
"rainbow" table

rainbow attack

the process of systematically entering every word in a dictionary as a password to see if the hashed
code matches the one in the password file
dictionary attack

involves adding an initialization vector to the first block of the plaintext and combining the output
with the next plaintext block until the process is repeated through the full "chain" of blocks
cipher block chaining

A developer wants to send an encrypted message to a system administrator by generating a hash
value for the message
...
Which attack method is commonly used to map the
hashed values back to the original message?

A Man-in-the-middle attack
B Dictionary attack
C Brute-force attack
D Rainbow table attack
D

involves mapping the hashed values back to the original message from a precomputed lookup
"rainbow" table
...
The developer wants to use a cipher method that can operate on the data stream to
encrypt the individual bit of the message one by one
...
The encryption method must be
efficient, scalable, and secure
...
Which
command should the developer run in the terminal to encrypt the HTML file?

A aesencrypt -d filename
...
html
C aesencrypt -e filename
...
html
...
S
...
Which method is used in Microsoft Windows to store users' hashed
passwords for computers that connect to an Active Directory domain?

A Bcrypt
B SYSKEY
C NTLMv2
D LM
C

a random match in hash values that occurs when a hashing algorithm produces the same hash value
for two distinct messages
collision

provides a fingerprint for data and is used to prove identity and integrity of messages and entities;
most common ones are MD5, SHA-1, and SHA-256
message digest

What are the two main applications of public-key encryption?

A Secret-key protection and identity checking
B Secret and public-key protection
C Data encryption and identity checking
D Data encryption and public-key protection
A

A developer wants to send a system administrator an encrypted email message and uses a system
administrator's email address to generate the public key
...
What is the first step in the process of sending the session key to a
system administrator?

A The system administrator encrypts the session key with the developer's public key
...

C The developer encrypts the session key with the system administrator's public key
...

D

a key exchange method where a different key is used for each connection
Ephemeral Diffie-Hellman (DHE)

a key exchange method that uses a key exchange method based on an elliptic-curve Diffie-Hellman
(ECDH) key exchange
elliptic-curve Diffie-Hellman Ephemeral (ECDHE)

Which method of authentication involves authenticating only part of the conversation between the
sender and the receiver?

A Two-way authentication
B One-way server authentication
C One-way client authentication
D Intermediate authentication
D

Which system is used to generate digital certificates that could be trusted by both parties?

A Digital certificate reader
B PKI
C Certificate authority
D Digital certificate

B

is used to distribute and verify the public key of the owner
digital certificate

is a trusted source for generating digital certificates
certificate authority (CA)

used to generate digital certificates that both entities in a communication could trust
public-key infrastructure (PKI)

a list of digital certificates that have been revoked by the issuing certificate authority
certificate revocation list (CRL)

a block of encoded data given to a certificate authority when applying for an SSL certificate; it is
usually generated on the server where the certificate will be installed and contains information that
will be included in the certificate and the public key that will be included in the certificate
certificate signing request (CSR)

Which security components are provided by digital signature?

A Integrity, non-repudiation, and proof of origin
B Non-repudiation, integrity, and confidentiality
C Proof of origin, confidentiality, and non-repudiation
D Confidentiality, integrity, and proof of origin
A

Which combination of cryptographic algorithms is used to create digital signatures based on the U
...

Digital Signature Standards?

A SHA-2 and AES
B SHA-1 and AES
C AES and RSA
D SHA-2 and RSA
D

proving where a message came from
proof of origin

the concept of removing the ability of a person to deny sending a message
non-repudiation

the infrastructure that enables the usage of certificates to identify entities
public-key infrastructure (PKI)

Cryptography provides various security benefits
...
The system administrator
is able to decrypt the message using a unique private key
...
How can the developer make sure that the ciphertext does not give the original plaintext if
played back?

A Use shift row transformation
B Use electronic code book
C Use RC5 cipher
D Add salt with an initialization vector
D

Which method of encryption uses a polyalphabetic substitution cipher to encrypt a plaintext
message?

A Vigenère cipher
B BIFID cipher
C Pigpen cipher
D Caesar cipher

A

Which two pioneers are called the fathers of asymmetric cryptography used in PKI?

A Sir Francis Bacon and Alan Turin
B Will Friedman and Ron Rivest
C Whitfield Diffie and Martin Hellman
D Thomas Jefferson and Blaise de Vigenère
C

Which cryptographic cipher is stream-based?

A RC2
B RC5
C RC6
D RC4
D

An attacker is trying to break an encrypted message
...
What
method is the attacker using to break the message?

A Known plaintext attack
B Man-in-the-middle attack
C Ciphertext-only attack
D Chosen attack
D

Which encryption algorithm operates on 64-bit blocks of plaintext using a 128-bit key and has over
17 rounds with a complicated mangler function?

A Blowfish
B RC5
C Skipjack
D International Data Encryption Algorithm (IDEA)
D

Which method of brute-force attack uses a list of common words and phrases in an attempt to break
passwords?

A Known plaintext attack
B Rainbow table attack
C NT password hashing
D Dictionary attack
D

Which cryptographic concept is used to validate where a message came from?

A Non-repudiation
B Integrity
C Confidentiality
D Proof of origin
D

Which initiative allows publicly-available cryptographic algorithms to be exported and imported
freely among member countries without any types of restrictions to prevent destabilizing
accumulations of arms and dual-use goods and technologies?

A Missile Technology Control Regime (MTCR)
B Arms Export Control Act (AECA)
C International Traffic in Arms Regulations (ITAR)
D Wassenaar Arrangement
D

A system administrator received an encrypted message from one of the company's software
vendors
...
Which
cryptographic algorithm can the developer use to trust that the software truly came from the vendor
and that the patch has not been altered or manipulated?

A Public-key algorithm
B Secret-key algorithm
C Hashing function
D Digital signature algorithms
D

Which internationally recognized standard is used in public-key infrastructure (PKI) to define the
format of public-key certificates?

A FIPS 199
B Digital Signature Standard (DSS)
C FIPS 140-2
D X
...

onion routing

Which backdoor cryptography method involves having a copy of the encryption key that law
enforcement agents could use if they require access to the data?

A Key escrow
B Encryption by default
C RSA cracking
D NOBUS backdoor
A

Which encryption cracking method involves an intruder sending a legitimate message into the
network at some future time?

A Time attack
B Cut-and-paste
C Chosen-ciphertext
D Replay system
D

when a copy of the encryption key is kept in escrow so that it can be used by a government agent
key escrow

where it is mathematically possible for government agents to crack the encryption, but no one else
can
NOBUS ("nobody but us") backdoor

An intruder wants to break an encrypted message
...
Then the
intruder alters the plaintext to see how the alteration affects the ciphertext that is being generated
...

While the security engineer was gone, an unsuspecting intruder sat down at the engineer's desk and
ran ciphertext through the crypto device to see the result
...

dictionary attack

Which combination of applications mostly uses lightweight cryptography?

A Tablets and RFID
B Servers and RFID
C Desktops and smartphones
D RFID and sensor networks
D

Which lightweight symmetric encryption method operates on a 64-bit block using rounds of
substitution boxes (S-boxes) and permutation boxes (P-boxes)?

A PRESENT
B SIMON
C SPECK
D SPONGENT
A

a cryptographic algorithm or protocol tailored for implementation in constrained environments,
including RFID tags, sensors, contactless smart cards, and healthcare devices
lightweight cryptography

a basic component of symmetric key algorithms which performs substitution; in block ciphers, they
are used to obscure the relationship between the key and the ciphertext, thus ensuring confusion
S-box

______________ prevents the output from being easily converted back into the input
confusion

shuffles the input bits around to provide diffusion
P-box

ensures that any patterns in the plaintext, such as redundant bits, are not apparent in the ciphertext
diffusion

Which aspect of blockchain involves solving a complex mathematical puzzle with proof of work when
calculating the block address needed to add a block to a blockchain?

A Hyperledger
B Smart contracts
C Block address
D Block mining
D

What are the two common options for implementing a blockchain?

A Bitcoin and Ethereum
B Hyperledger and smart contracts
C Hyperledger and Ethereum
D Ethereum and cryptocurrency
E Block address

C

a form of digital currency that is created and held entirely electronically instead of being printed
bitcoin

a distributed database that is shared among the nodes of a computer network
blockchain

programs stored on a blockchain that run when predetermined conditions are met; they typically are
used to automate the execution of an agreement so that all participants can be immediately certain
of the outcome, without an intermediary's involvement or time loss
smart contracts

Which combination of ciphers and keys is used in bitcoin mining?

A Chain Block Ciphers (CBC), 512-bit private key, 256-bit public key
B Elliptic curve ciphers (ECC), 512-bit private key, 256-bit public key
C Chain Block Ciphers (CBC), 256-bit private key, 512-bit public key
D Elliptic curve ciphers (ECC), 256-bit private key, 512-bit public key
D

There are different parts involved in Bitcoin transactions
...
Which type of attack is the intruder using?

A Frequency analysis
B Linear cryptanalysis
C Differential cryptanalysis
D Double DES attack
D

Which IT security standard provides internationally-recognized criteria for validating and approving
encryption devices for deployment?

A FIPS 199
B SP 800-53
C FISMA
D FIPS 140-2
D

A company wants to protect the content of employees' laptops to make sure that, in case of a loss,
someone who finds the laptop cannot easily bypass the operating system access controls by placing
the hard drive in another computer system
...
bankname
...
How can this customer make sure the bank is authentic and someone
else is not pretending to be the bank?

A Choosing a symmetric session key
B Sending a Client Hello
C Receiving a Server Hello
D Verifying that the public key belongs to the bank through the bank's digital certificate
D

Online banking transactions are almost identical every time and the data being transported back and
forth is almost always the same
...
How can a
bank customer make sure that each banking session is different to mitigate an attack on the
communication with the bank?

A By using an initialization vector (IV)
B By using a symmetric session key
C By receiving a Server Hello
D By using the bank's digital certificate
E By sending a Client Hello
A

How can the bank prove the integrity of the message that a bank's customer is sending to its
servers?

A By using the HMAC value from the client's encrypted message
B By using the bank's digital certificate
C By using an initialization vector (IV)
...
Which part of the transaction defines the
number of bitcoins to be transferred to the receiver with the receiver's public key ID?

A The IN part of the transaction
B The LOG part of the transaction
C The PROOF OF WORK part of the transaction
D The OUT part of the transaction
D

A crypto miner is competing with other miners to mine a new token that will be added to the
cryptocurrency blockchain
...
Which wireless security standards can the
network device use to authenticate the client?

A WPA-2
B WEP
C WPA
D LEAP
D

A social media company refuses to hand over the encryption keys involved in secure
communications to the government for an ongoing investigation
...
How can
the customer verify that the bank's digital certificate is trustworthy and has not been canceled by
the issuing certificate authority (CA)?

A Submit a request to the certification authority
B Check the CRL distribution point (CDP)
C Check the PKI
D Check the certificate revocation list (CRL)
unanswered
D



---