Академический Документы
Профессиональный Документы
Культура Документы
Question 1
Which of the following two options are impacts of cryptography on security investigations?
(Choose two.)
All the employee's SSL/TLS outbound traffic should be decrypted and inspected since it requires
minimal resources on the security appliance.
With the increased legitimate usage of HTTPS traffic, attackers have taken advantage of this
blind spot to launch attacks over HTTPS more than ever before.
Encryption does not pose a threat to the ability of law enforcement authorities to gain access to
information for investigating and prosecuting cybercriminal activities.
Question 2
Which one of the following methods allows you to verify entity authentication, data integrity,
and authenticity of communications, without encrypting the actual data?
Both parties calculate an authenticated MD5 hash value of the data accompanying the message
—one party uses the private key, while the other party uses the public key.
Both parties to the communication use the same private key to produce a message
authentication code to accompany the message.
Both parties calculate a CRC32 of the data before and after transmission of the message.
Both parties obfuscate the data with XOR and a known key before and after transmission of the
message.
Question 3
Which one of the following options describes the concept of small changes in data causing a
large change in the hash algorithm output?
Question 4
Which one of the following options describes the concept of using a different key for encrypting
and decrypting data?
Question 5
Which one of the following methods of cryptoanalysis should you use if you only have access to
the cipher text messages (all of which have been encrypted using the same encryption
algorithm), and want to perform statistical analysis to attempt to determine the potentially weak
keys?
Question 6
Which one of the following options is the attack that can be used to find collisions in a
cryptographic hash function?
Question 7
How many encryption key bits are needed to double the number of possible key values that are
available with a 40-bit encryption key?
Question 8
Which one of the following is the reason that asymmetric encryption is not used to perform bulk
encryption?
Question 9
Which one of the following options was used by Diffie-Hellman to determine the strength of the
key that is used in the key agreement process?
Question 10
If a client connects to a server before using SSHv1, how should the client be able to authenticate
the server?
The same encryption algorithm will be used each time and will be in the client cache.
The server will autofill the stored password for the client upon connection.
The client will receive the same public key that it had stored for the server.
The server will not use any asymmetric encryption, and jump right to symmetric encryption.
Question 11
Which one of the following is the reason that digital signature can be used to provide the
authenticity of digitally signed data?
Both the signer and the recipient must first agree on a shared secret key that is only known to
both parties.
Both the signer and the recipient must first agree on the public/private key pair that is only
known to both parties.
Only the recipient has a copy of the private key to decrypt the signature
Question 12
A digital certificate certifies the ownership of the public key of the named subject of the
certificate.
A digital certificate certifies the ownership of the private key of the named subject of the
certificate.
A digital certificate certifies the ownership of the symmetric key of the named subject of the
certificate.
A digital certificate certifies the ownership of the bulk encryption key of the named subject of
the certificate.
Question 13
Which one of the following is the PKI operation that would likely cause out-of-band
communication over the phone?
The client checks with the CA to determine whether a certificate has been revoked.
The client validates with the CA to determine if the peer that they are communicating with is the
entity that is identified in a certificate,
A new signed certificate is received by the certificate applicant from the CA.
The CA administrator contacts the certificate applicant to verify that their enrollment data
before the request can be approved.
Question 14
Which three of the following options does the client validate on inspection of a server
certificate? (Choose three.)
The subject matches the URL that is being visited. The website was already in the
browser’s cache.
A root DNS server provided the IP address for the URL. The current time is within the
certificate’s validity date.
The signature of the CA that is in the certificate is valid. The client already has a session
key for the URL.
Question 15
If the server's private key is later compromised, all the prior TLS handshakes that are done
using the cipher suite cannot be compromised.
Question 16
Question 17
Which one of the following statements describes the risk of not destroying a session key that is
no longer used for completed communication of encrypted data?
The attacker could have captured the encrypted communication and stored it while waiting for
an opportunity to acquire the key.
Systems can only store a certain number of keys and could be unable to generate new keys for
communication.
It increases the risk of duplicate keys existing for the key space of the algorithm.
The risk of weaker keys being generated increases as the number of keys stored increases.
Question 18
an attacker's attempt to decode a cipher by attempting each possible key combination to find
the correct one
a rogue DHCP server that is posing as a legitimate DHCP server on a network segment
an attacker inserting itself between two devices in a communication session and then taking
over the session.
old question # 4
Question 4
Which type of encryption would you implement so that the least amount of original data or
headers would be visible to any one intercepting your traffic?