Archive for June 2018

Your organization has implemented a virtual private network (VPN) that allows branch offices to connect to the main office. Recently, you have discovered that the key used on the VPN has been compromised. You need to ensure that the key is not compromised in the future. What should you do?

Your organization has implemented a virtual private network (VPN) that allows branch offices to connect to the main office. Recently, you have discovered that the key used on the VPN has been compromised. You need to ensure that the key is not compromised in the future. What should you do?




a. Enable PFS on the main office end of the VPN.

b. Implement IPsec on the main office end of the VPN.

c. Enable PFS on the main office and branch offices' ends of the VPN.

d. Implement IPsec on the main office and branch offices' ends of the VPN.


Answer: C. Explanation: You should enable perfect forward secrecy (PFS) on the main office and branch offices' ends of the VPN. PFS increases the security for a VPN because it ensures that the same key will not be generated by forcing a new key exchange. PFS ensures that a session key created from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future. PFS depends on asymmetric or public key encryption. If you implement PFS, disclosure of the long-term secret keying information that is used to derive a single key does not compromise the previously generated keys. You should not implement IPsec because it does not protect against key compromise. While it does provide confidentiality for the VPN connection, the scenario specifically states that you needed to ensure that the key is not compromised.

Your organization has recently become the victim of an attack against a cryptographic algorithm. The particular attack used all possible keys until a key is discovered that successfully decrypts the ciphertext. Which type of attack occurred?

Your organization has recently become the victim of an attack against a cryptographic algorithm. The particular attack used all possible keys until a key is discovered that successfully decrypts the ciphertext. Which type of attack occurred?




a. frequency analysis

b. reverse engineering attack

c. ciphertext-only attack

d. brute-force attack


Answer: D. Explanation: A brute-force attack executed against a cryptographic algorithm uses all possible keys until a key is discovered that successfully decrypts the ciphertext. A frequency analysis attack relies on the fact that substitution and transposition ciphers will result in repeated patterns in ciphertext. A reverse engineering attack occurs when an attacker purchases a particular cryptographic product to attempt to reverse engineer the product to discover confidential information about the cryptographic algorithm used. A ciphertext-only attack uses several encrypted messages (ciphertext) to figure out the key used in the encryption process.

Your organization implements a public key infrastructure (PKI) to issue digital certificates to users. Management has requested that you ensure that all the digital certificates that were issued to contractors have been revoked. Which PKI component should you consult?

Your organization implements a public key infrastructure (PKI) to issue digital certificates to users. Management has requested that you ensure that all the digital certificates that were issued to contractors have been revoked. Which PKI component should you consult?




a. CA

b. RA

c. CRL

d. OCSP


Answer: C. Explanation: A CRL contains a list of all the certificates that have been revoked. A CA is the entity that creates and signs digital certificates, maintains the certificates, and revokes them when necessary. An RA verifies the requestor's identity, registers the requestor, and passes the request to the CA. The OCSP is an Internet protocol that obtains the revocation status of an X.509 digital certificate.

Users on your organization's network need to be able to access several confidential files located on a file server. Currently, the files are encrypted. Recently, it was discovered that attackers were able to change the contents of the file. You need to use a hash function to calculate the hash values of the correct files. Which of the following should you not use?

Users on your organization's network need to be able to access several confidential files located on a file server. Currently, the files are encrypted. Recently, it was discovered that attackers were able to change the contents of the file. You need to use a hash function to calculate the hash values of the correct files. Which of the following should you not use?




a. ECC

b. MD6

c. SHA-2

d. RIPEMD-160


Answer: A. Explanation: ECC is not a hash function. It is an asymmetric algorithm. All the other options are hash functions.

Management at your organization has decided that it no longer wants to implement asymmetric algorithms because they are much more expensive to implement. You have determined that several algorithms are being used across the enterprise. Which of the following should you discontinue using, based on management's request?

Management at your organization has decided that it no longer wants to implement asymmetric algorithms because they are much more expensive to implement. You have determined that several algorithms are being used across the enterprise. Which of the following should you discontinue using, based on management's request?




a. IDEA

b. Twofish

c. RC6

d. RSA


Answer: D. Explanation: RSA is an asymmetric algorithm and should be discontinued because of management's request to no longer implement asymmetric algorithms. All the other algorithms listed here are symmetric algorithms.

You have recently been hired by a company to analyze its security mechanisms to determine any weaknesses in their current security mechanisms. During this analysis, you detect that an application is using a 3DES implementation that encrypts each block of data three times, each time with a different key. Which 3DES implementation does the application use?

You have recently been hired by a company to analyze its security mechanisms to determine any weaknesses in their current security mechanisms. During this analysis, you detect that an application is using a 3DES implementation that encrypts each block of data three times, each time with a different key. Which 3DES implementation does the application use?




a. 3DES-EDE3

b. 3DES-EEE3

c. 3DES-EDE2

d. 3DES-EEE2


Answer: B. Explanation: The 3DES-EEE3 implementation encrypts each block of data three times, each time with a different key. The 3DES-EDE3 implementation encrypts each block of data with the first key, decrypts each block with the second key, and encrypts each block with the third key. The 3DES-EEE2 implementation encrypts each block of data with the first key, encrypts each block with the second key, and then encrypts each block again with the first key. The 3DES-EDE2 implementation encrypts each block of data with the first key, decrypts each block with the second key, and then encrypts each block with the first key.

Your organization recently obtained a contract with the U.S. Department of Defense (DoD). As part of this contract, your organization will be exchanging confidential data with the DoD. Management has requested that you implement the most secure encryption scheme available for these data exchanges. Which scheme should you implement?

Your organization recently obtained a contract with the U.S. Department of Defense (DoD). As part of this contract, your organization will be exchanging confidential data with the DoD. Management has requested that you implement the most secure encryption scheme available for these data exchanges. Which scheme should you implement?




a. concealment cipher

b. symmetric algorithm

c. one-time pad

d. asymmetric algorithm


Answer: C. Explanation: A one-time pad is the most secure encryption scheme because it is used only once.

Your organization has recently decided to implement encryption on the network. Management requests that you implement a system that uses a private or secret key that must remain secret between the two parties. Which system should you implement?

Your organization has recently decided to implement encryption on the network. Management requests that you implement a system that uses a private or secret key that must remain secret between the two parties. Which system should you implement?




a. running key cipher

b. concealment cipher

c. asymmetric algorithm

d. symmetric algorithm


Answer: D. Explanation: A symmetric algorithm uses a private or secret key that must remain secret between the two parties. A running key cipher uses a physical component, usually a book, to provide the polyalphabetic characters. A concealment cipher occurs when plaintext is interspersed somewhere within other written material. An asymmetric algorithm uses both a public key and a private or secret key.

Your organization's enterprise implements several different encryption algorithms, based on the organizational needs and the data being protected. Recently, several different encryption keys have generated the same ciphertext from the same plaintext message. This has resulted in your organization's enterprise being susceptible to attackers. Which condition has occurred?

Your organization's enterprise implements several different encryption algorithms, based on the organizational needs and the data being protected. Recently, several different encryption keys have generated the same ciphertext from the same plaintext message. This has resulted in your organization's enterprise being susceptible to attackers. Which condition has occurred?




a. key clustering

b. cryptanalysis

c. keyspace

d. confusion


Answer: A. Explanation: Key clustering occurs when different encryption keys generate the same ciphertext from the same plaintext message. Cryptanalysis is the science of decrypting ciphertext without prior knowledge of the key or cryptosystem used. A keyspace is all the possible key values when using a particular algorithm or other security measure. Confusion is the process of changing a key value during each round of encryption.

Your organization has decided that it needs to protect all confidential data that is residing on a file server. All confidential data is located within a folder named Confidential. You need to ensure that this data is protected. What should you do?

Your organization has decided that it needs to protect all confidential data that is residing on a file server. All confidential data is located within a folder named Confidential. You need to ensure that this data is protected. What should you do?




a. Implement hashing for all files within the Confidential folder.

b. Decrypt the Confidential folder and all its contents.

c. Encrypt the Confidential folder and all its contents.

d. Implement a digital signature for all the users that should have access to the Confidential folder.




Answer: C. Explanation: You should encrypt the folder and all its contents. Hashing reduces a message to a hash value. Hashing is a method for determining whether the contents of a file have been changed. But hashing does not provide a means of protecting data from editing. Decryption converts ciphertext into plaintext. A digital signature is an object that provides sender authentication and message integrity by including a digital signature with the original message.

Encryption at different layers of OSI model.

•layer 7- encrypt email with PGP
•layer 5- encrypt session data with SSL or TLS
•layer 3- encrypt network layer data with IPSec
•layer 2- encrypt data link layer data with MACsec

DES uses two standardized block cipher modes.

ECB: [electronic codebook] mode- serially encrypts each 64-bit plaintext block using same 56-bit key. If two identical plaintext blocks are encrypted using the same key, their ciphertext blocks are the same.

CBC: [Cipher Block Chaining] mode- each 64-bit plaintext block is XORed bitwise with the previous ciphertext block and then is encrypted with the DES key. Because of this process, the encryption of each block depends on previous blocks. Encryption of the same 64-bit plaintext block can result in different ciphertext blocks. It daisy chains the blocks together. Cisco routers use this.

PGP process

The content of emails is encrypted twice, once with the sender's private key, and again with the receiver's public key. The receiver must reverse the process, decrypting the message with their private key and then decrypting again with the sender's public key.

Diffie-Hellman [DH] Key Agreement

Lets 2 parties share information over an untrusted network and mutually compute an identical shared secret that cannot be computed by eavesdroppers who intercept the shared information.

Mathematical model in the DH key exchange process.

Mathematical model in the DH key exchange process.



•p = large prime number, can be known to all
•g = based or generator, can be known to all
•a = Alice's chosen private key, which is known only to Alice.
•b = Bob's chosen private key, which is known only to Bob.
•A = Alice's calculated public key using g, p, and a, can be known to Alice, Bob, and Eve. A = g^a mod p.
•B = Bob's calculated public key using g, p, and b, can be known to Alice, Bob, and Eve. B = g^b mod p.
•s = The calculated shared secret key using the other party's public key, each party's own chosen secret key, and the prime number p, known to both Alice and Bob, but not to Eve.
•s = B^a mod p (calculated by Alice).
•s = A^b mod p (calculated by Bob).
•s can also be calculated using the formula s = g^ab mod p which requires knowledge of both parties chosen private key.

SSHv1 connection process.

SSHv1 connection process



Answer:

• Client connects to server and server presents client with its public key.
• Client and server agree to a mutually supported symmetric encryption algorithm. This negotiation occurs in the clear. A party that intercepts the communication will be aware of the encryption algorithm that is agreed upon.
• Client constructs session key and encrypts it with the server's public key. Only the server has the appropriate private key that can decrypt the session key.
• Client sends encrypted session key to server. Server decrypt session key using its private key. Now both client and server have the shared session key. That key is not available to any other systems. From this point on, the session between the client and server is encrypted using a symmetric encryption algorithm.
• With privacy in place, user authentication ensues. The user's credentials and all other data are protected.

Distinction between digital signatures and asymmetric encryption.

Distinction between digital signatures and asymmetric encryption.



Answer: Anyone who decrypts the file with your public key knows that you were the one who encrypted it. Since asymmetric encryption is computationally expensive, it is not optimal. Digital signatures leave the original data unencrypted.

Why is using ECDHE_ECDSA stronger than using RSA?

Why is using ECDHE_ECDSA stronger than using RSA?




Answer: If the server's private key is later compromised, all the prior TLS handshakes that are done using the cipher suite cannot be compromised.

Suite B cryptography secures information traveling over networks using four well established, public-domain cryptographic algorithms:

Suite B cryptography secures information traveling over networks using four well established, public-domain cryptographic algorithms:




Answer:

•Encryption using the AES with128- or 256-bit keys in the GCM mode. The block cipher modes of operation include CTR mode and GCM mode, in which case, GCM is the most common. GCM is an authenticated encryption algorithm that is designed to provide both data authenticity and confidentiality.
•Digital signatures using the ECDSA with 256 and 384-bit prime moduli.
•Key agreement using the ECDH method.
•Message digest using the SHA-2 method (SHA-256 and SHA-384).

How to ensure the identity of the entity?

How to ensure the identity of the entity?



Answer: A system must challenge the peer to prove that it has the private key that is associated with the validated public key and that it can decrypt the message it sends using that private key.

A user's laptop developed a problem and can no longer boot. Help desk personnel tried to recover the data on the disk, but the disk is encrypted. Which of the following can be used to retrieve data from the hard drive?

A user's laptop developed a problem and can no longer boot. Help desk personnel tried to recover the data on the disk, but the disk is encrypted. Which of the following can be used to retrieve data from the hard drive?



A. A trust relationship
B. Public key
C. Recovery agent
D. CRL


Answer: C. Recovery agent

Your organization requires the use of a PKI and it wants to implement a protocol to validate trust with minimal traffic. Which of the following protocols validates trust by returning short responses, such as "good" or "revoked"?

Your organization requires the use of a PKI and it wants to implement a protocol to validate trust with minimal traffic. Which of the following protocols validates trust by returning short responses, such as "good" or "revoked"?




A. OCSP
B. CRL
C. CA
D. CSR


Answer: A. OCSP

An application requires users to log on with passwords. The application developers want to store the passwords in such a way that it will thwart rainbow table attacks. Which of the following is the BEST solution?

An application requires users to log on with passwords. The application developers want to store the passwords in such a way that it will thwart rainbow table attacks. Which of the following is the BEST solution?




A. SHA
B. Blowfish
C. ECC
D. Bcrypt


Answer: D. Bcrypt

Bart wants to send a secure email to Lisa so he decides to encrypt it. Bart wants to ensure that Lisa can verify that he sent it. Which of the following does Lisa need to meet this requirement?

Bart wants to send a secure email to Lisa so he decides to encrypt it. Bart wants to ensure that Lisa can verify that he sent it. Which of the following does Lisa need to meet this requirement?




A. Bart's public key
B. Bart's private key
C. Lisa's public key
D. Lisa's private key


Answer: A. Bart's public key

Homer wants to send a secure email to Marge so he decides to encrypt it. Homer wants to ensure that Marge can verify that he sent it. Which of the following does Marge need to verify the certificate that Homer used in this process is valid?

Homer wants to send a secure email to Marge so he decides to encrypt it. Homer wants to ensure that Marge can verify that he sent it. Which of the following does Marge need to verify the certificate that Homer used in this process is valid?




A. The CA's private key
B. The CA's public key
C. Marge's public key
D. Marge's private key


Answer: B. The CA's public key

A heavily used application accesses a financial database on a server within your network. Due to recent data breaches, management wants to ensure transport encryption protects this data. Which of the following algorithms is the BEST choice to meet this goal?

A heavily used application accesses a financial database on a server within your network. Due to recent data breaches, management wants to ensure transport encryption protects this data. Which of the following algorithms is the BEST choice to meet this goal?




A. SSL(Secure Socket Layer)
B. SHA(Secure hash algorithm)
C. TLS (Transpost layered Security)
D. CRL(certificate revocation list)


Answer: C. TLS

A manager is suspected of leaking trade secrets to a competitor. A security investigator is examining his laptop and notices a large volume of vacation pictures on the hard drive. Data on this laptop automatically uploads to a private cloud owned by the company once a week. The investigator noticed that the hashes of most of the pictures on the hard drive are different from the hashes of the pictures in the cloud location. Which of the following is the MOST likely explanation for this scenario?

A manager is suspected of leaking trade secrets to a competitor. A security investigator is examining his laptop and notices a large volume of vacation pictures on the hard drive. Data on this laptop automatically uploads to a private cloud owned by the company once a week. The investigator noticed that the hashes of most of the pictures on the hard drive are different from the hashes of the pictures in the cloud location. Which of the following is the MOST likely explanation for this scenario?



A. The manager is leaking data using hashing methods.
B. The manager is leaking data using digital signatures.
C. The manager is leaking data using steganography methods.
D. The manager is not leaking data.


Answer: C. The manager is leaking data using steganography methods.

Your organization plans to issue some employees mobile devices such as smartphones and tablets. These devices don't have a lot of processing power. Which of the following cryptographic methods has the LEAST overhead and will work with these mobile devices?

Your organization plans to issue some employees mobile devices such as smartphones and tablets. These devices don't have a lot of processing power. Which of the following cryptographic methods has the LEAST overhead and will work with these mobile devices?




A. ECC
B. 3DES
C. Bcrypt
D. PBKDF2


Answer: A. ECC

An application developer needs to use an encryption protocol to encrypt credit card data within a database used by the application. Which of the following would be the FASTEST, while also providing strong confidentiality?

An application developer needs to use an encryption protocol to encrypt credit card data within a database used by the application. Which of the following would be the FASTEST, while also providing strong confidentiality?




A. AES-256
B. DES
C. Blowfish
D. SHA-2


Answer: C. Blowfish
Subscribe to: Posts (Atom)