CHAPTER 4

Question 1

Which of the following two options are impacts of cryptography on security investigations?
(Choose two.)

All the employee's SSL/TLS outbound traffic should be decrypted and inspected since it requires
minimal resources on the security appliance.

Cryptographic attacks can be used find weakness in the cryptographic algorithms.

With the increased legitimate usage of HTTPS traffic, attackers have taken advantage of this
blind spot to launch attacks over HTTPS more than ever before.

Encryption does not pose a threat to the ability of law enforcement authorities to gain access to
information for investigating and prosecuting cybercriminal activities.

Question 2

Which one of the following methods allows you to verify entity authentication, data integrity,
and authenticity of communications, without encrypting the actual data?

Both parties calculate an authenticated MD5 hash value of the data accompanying the message
—one party uses the private key, while the other party uses the public key.

Both parties to the communication use the same private key to produce a message
authentication code to accompany the message.

Both parties calculate a CRC32 of the data before and after transmission of the message.

Both parties obfuscate the data with XOR and a known key before and after transmission of the
message.

Question 3

Which one of the following options describes the concept of small changes in data causing a
large change in the hash algorithm output?

butterfly effect Fibonacci effect keyed effect avalanche effect

Question 4
Which one of the following options describes the concept of using a different key for encrypting
and decrypting data?

symmetric encryption avalanche effect asymmetric encryption cipher

text

Question 5

Which one of the following methods of cryptoanalysis should you use if you only have access to
the cipher text messages (all of which have been encrypted using the same encryption
algorithm), and want to perform statistical analysis to attempt to determine the potentially weak
keys?

birthday attack chosen-plaintext attack ciphertext-only attack chosen-

ciphertext attack

Question 6

Which one of the following options is the attack that can be used to find collisions in a
cryptographic hash function?

birthday attack chosen-plaintext attack ciphertext-only attack chosen-

ciphertext attack

Question 7

How many encryption key bits are needed to double the number of possible key values that are
available with a 40-bit encryption key?

41 bits 80 bits 120 bits 160 bits

Question 8

Which one of the following is the reason that asymmetric encryption is not used to perform bulk
encryption?

Asymmetric algorithms are substantially slower than symmetric algorithms.

Asymmetric algorithms are easier to break than symmetric algorithms.

Symmetric algorithms can provide authentication and confidentiality.

Symmetric algorithms use a much larger key size.

Question 9

Which one of the following options was used by Diffie-Hellman to determine the strength of the
key that is used in the key agreement process?

DH prime number (p) DH base generator (g) DH group DH

modulus

Question 10

If a client connects to a server before using SSHv1, how should the client be able to authenticate
the server?

The same encryption algorithm will be used each time and will be in the client cache.

The server will autofill the stored password for the client upon connection.

The client will receive the same public key that it had stored for the server.

The server will not use any asymmetric encryption, and jump right to symmetric encryption.

Question 11

Which one of the following is the reason that digital signature can be used to provide the
authenticity of digitally signed data?

Both the signer and the recipient must first agree on a shared secret key that is only known to
both parties.

Both the signer and the recipient must first agree on the public/private key pair that is only
known to both parties.

Only the signer has sole procession of the private key.

Only the recipient has a copy of the private key to decrypt the signature
Question 12

What is a digital certificate used to certify about an entity?

A digital certificate certifies the ownership of the public key of the named subject of the
certificate.

A digital certificate certifies the ownership of the private key of the named subject of the
certificate.

A digital certificate certifies the ownership of the symmetric key of the named subject of the
certificate.

A digital certificate certifies the ownership of the bulk encryption key of the named subject of
the certificate.

Question 13

Which one of the following is the PKI operation that would likely cause out-of-band
communication over the phone?

The client checks with the CA to determine whether a certificate has been revoked.

The client validates with the CA to determine if the peer that they are communicating with is the
entity that is identified in a certificate,

A new signed certificate is received by the certificate applicant from the CA.

The CA administrator contacts the certificate applicant to verify that their enrollment data
before the request can be approved.

Question 14

Which three of the following options does the client validate on inspection of a server
certificate? (Choose three.)

The subject matches the URL that is being visited. The website was already in the
browser’s cache.

A root DNS server provided the IP address for the URL. The current time is within the
certificate’s validity date.
The signature of the CA that is in the certificate is valid. The client already has a session
key for the URL.

Question 15

Why is using ECDHE_ECDSA stronger than using RSA?

ECDHE_ECDSA provides both data authenticity and confidentiality.

ECDHE_ECDSA uses a much larger key size.

ECDHE_ECDSA uses a pseudorandom function to generate the keying materials.

If the server's private key is later compromised, all the prior TLS handshakes that are done
using the cipher suite cannot be compromised.

Question 16

Which part of the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 cipher suite is used

to specify the bulk encryption algorithm?

ECDHE_ECDSA AES_128_CBC SHA256 P384

Question 17

Which one of the following statements describes the risk of not destroying a session key that is
no longer used for completed communication of encrypted data?

The attacker could have captured the encrypted communication and stored it while waiting for
an opportunity to acquire the key.

Systems can only store a certain number of keys and could be unable to generate new keys for
communication.

It increases the risk of duplicate keys existing for the key space of the algorithm.

The risk of weaker keys being generated increases as the number of keys stored increases.

Question 18

What best describes a brute-force attack?

breaking and entering into a physical building or network closet

an attacker's attempt to decode a cipher by attempting each possible key combination to find
the correct one

a rogue DHCP server that is posing as a legitimate DHCP server on a network segment

an attacker inserting itself between two devices in a communication session and then taking
over the session.

old question # 4

Question 4

Which type of encryption would you implement so that the least amount of original data or
headers would be visible to any one intercepting your traffic?

PGP SSL TLS IPsec MACsec