Cryptography

1. Your organization uses the Kerberos protocol to authenticate users on the network. Which statement is
true of the Key Distribution Center (KDC) when this protocol is used?
A.
B.
C.
D.

The KDC is only used to store secret keys.

The KDC is used to capture secret keys over the network.
The KDC is used to maintain and distribute public keys for each session.
The KDC is used to store, distribute, and maintain cryptographic session keys.

2. Which factor does NOT affect the relative strength of a cryptosystem?

A.
B.
C.
D.

the key exchange value

the encryption algorithm
the secret key length
the secret key secrecy

3. Management has asked you to research encryption and make a recommendation on which encryption
technique to use. During this research, you examine several different cryptosystems. Which parameter
determines their strength?
A.
B.
C.
D.

the length of the key

the security framework
the key management infrastructure
the message authentication code (MAC)

4. You work for a digital imaging company. As part of the copyright process, all images owner by your
company have a watermark. Which statement is true of this process?
A.
B.
C.
D.

A watermark cannot be removed.

A watermark cannot be embedded on an audio file.
A watermark is never visible to the naked human eye.
A watermark can enable you to detect copyright violations.

5. What is the primary problem of symmetric cryptography?

A.
B.
C.
D.

high processing
key management
hardware and software implementation
different keys for encryption and decryption

6. Which service is fulfilled by cryptography by ensuring that a sender cannot deny sending a message
once it is transmitted?
A. confidentiality
B. authenticity
C. integrity

Cryptography
D. non-repudiation

7. You need to determine whether the information in a file has changed. What should you use?
A.
B.
C.
D.

public key encryption

private key encryption
a digital certificate
a digital signature

8. Which statement is NOT true of the operation modes of the data encryption standard (DES) algorithm?
A.
B.
C.
D.

Electronic Code Book (ECB) mode operation is best suited for database encryption.
ECB is the easiest and fastest DES mode that can be used.
ECB repeatedly uses produced ciphertext to encipher a message consisting of blocks.
Cipher Block Chaining (CBC) and Cipher Feedback (CFB) mode are best used for
authentication.

9. You are the security administrator for an organization. Management decides that all communication on
the network should be encrypted using the data encryption standard (DES) algorithm. Which statement is
true of this algorithm?
A.
B.
C.
D.

The effective key size of DES is 64 bits.

A Triple DES (3DES) algorithm uses 48 rounds of computation.
A DES algorithm uses 32 rounds of computation.
A 56-bit DES encryption is 256 times more secure than a 40-bit DES encryption.

10. What is contained within an X.509 CRL?

A.
B.
C.
D.

digital certificates
private keys
public keys
serial numbers

11. The security policy of your organization states that all e-mail messages to entities not within the
organization must be digitally signed. Doing this provides all of the following, EXCEPT:
A.
B.
C.
D.

confidentiality
authentication
nonrepudiation
integrity

12. Your organization has decided to use one-time pads to ensure that certain confidential data is
protected. All of the following statements are true regarding this type of cryptosystem, EXCEPT:
A. Each one-time pad can be used only once.

Cryptography
B. The pad must be made up of sequential values.
C. The pad must be as long as the message.
D. The pad must be distributed and stored in a secure manner.

13. Which Web browser add-in uses Authenticode for security?

A.
B.
C.
D.

ActiveX
Cross-site scripting (XSS)
Java
Common Gateway Interface (CGI)

14. What is the purpose of authentication in a cryptosystem?

A.
B.
C.
D.

verifying the user's or system's identity

ensuring that data has not been changed by an unauthorized user
ensuring that the data's sender cannot deny having sent the data
turning information into unintelligible data

15. Which service provided by a cryptosystem turns information into unintelligible data?
A.
B.
C.
D.

nonrepudiation
authorization
integrity
confidentiality

16. What is a list of serial numbers of digital certificates that have not expired, but should be considered
invalid?
A.
B.
C.
D.

CA
CRL
KDC
UDP

17. Which statement is NOT true of an RSA algorithm?

A.
B.
C.
D.

RSA can prevent man-in-the-middle attacks.

An RSA algorithm is an example of symmetric cryptography.
RSA encryption algorithms do not deal with discrete logarithms.
RSA is a public key algorithm that performs both encryption and authentication.

18. Which statement is NOT true of cross certification?

A. Cross certification builds an overall PKI hierarchy.
B. Cross certification is primarily used to establish trust between different PKIs.
C. Cross certification checks the authenticity of the certificates in the certification path.

Cryptography
D. Cross certification allows users to validate each other's certificate when they are certified
under different certification hierarchies.
19. Recently your company upgraded all client computers to Windows Vista. During this upgrade, you
received several error messages regarding digitally signed drivers. What is the purpose of this type of
driver?
A.
B.
C.
D.

quality assurance
confidentiality
availability
authorization

20. All of the following affect the strength of encryption, EXCEPT:

A.
B.
C.
D.

the algorithm
the secrecy of the key
the length of the data being encrypted
the length of the key

21. Which statement is NOT true of cryptanalysis?

A.
B.
C.
D.

It is used to test the strength of an algorithm.

It is a tool used to develop a secure cryptosystem.
It is used to forge coded signals that will be accepted as authentic.
It is a process of attempting reverse engineering of a cryptosystem

22. You are preparing a proposal for management about the value of using cryptography to protect your
network. Which statement is true of cryptography?
A.
B.
C.
D.

The keys in cryptography can be made public.

Cryptography is used to detect fraudulent disclosures.
Availability is a primary concern of cryptography.
Key management is a primary concern of cryptography.

23. What does the message authentication code (MAC) ensure?

A.
B.
C.
D.

message integrity
message availability
message confidentiality
message replay

24. You have decided to attach a digital timestamp to a document that is shared on the network. Which
attack does this prevent?

Cryptography
A.
B.
C.
D.

a replay attack
a side channel attack
a ciphertext-only attack
a known-plaintext attack

25. What is an algorithm that is used to create a message digest for a file?
A.
B.
C.
D.

plaintext
hash
ciphertext
public key

26. Which statement is true of symmetric cryptography?

A.
B.
C.
D.

Symmetric cryptography is faster than asymmetric cryptography.

Symmetric cryptography uses different keys to encrypt and decrypt messages.
Symmetric cryptography does not require a secure mechanism to properly deliver keys.
Symmetric cryptography provides better security compared to asymmetric cryptography.

27. Which cipher type replaces the original text in a message with a different text?
A.
B.
C.
D.

block cipher
stream cipher
substitution cipher
transposition cipher

28. Which characteristic of PGP is different from the use of formal trust certificates?
A.
B.
C.
D.

the use of Certificate Authority servers

the establishment of a web of trust between the users
the use of trust domains by the servers and the clients
the deployment of private keys for authentication and encryption

29. Management decides to use message authentication code (MAC) to protect network messages.
Which type of attack does this prevent?
A.
B.
C.
D.

SYN flood attacks

logic bomb attacks
masquerading attacks
denial-of-service attacks

Cryptography
30. Of which type of encryption algorithm is Diffie-Hellman an example?
A.
B.
C.
D.

asymmetric with authorization

symmetric with authentication
asymmetric with authentication
symmetric with digital signature