- Which of the following statements are true for application whitelisting and blacklisting? [Choose all that apply]
If an application or a specific path that contains the executables is blacklisted, then all executables within the defined path are blacklisted
An administrator can blacklist or whitelist applications that the users can run using Software Restriction Policies
2. Which mobile device management method allows the employee to purchase a mobile device, but the organization has complete control over the device?
Choose Your Own Device (CYOD)
3. To prevent the spread of an attack, which of the following methods of isolation can be used? [Choose all that apply]
Isolate the attacker
Isolate the affected systems
4. When implementing segmentation as a proactive measure, which of the following types of segments exist on a network? [Choose all that apply]
Datacenter
Guests
Users
5. If two segments need to talk to each other in a segmented network, which of the following is required?
Firewall
6. How many keys are required in asymmetric encryption?
2
7. What is the key length of the Data Encryption Standard (DES) algorithm?
56-bit
8. In asymmetric key encryption, what is the next step when a client initiates a session with a web server that is configured with a certificate?
The web server sends a certificate to the web browser
9. What is the minimum key size in Elliptical Curve Cryptography (ECC)?
160-bits
10. Which of the following algorithms are examples of lightweight cryptography? [Choose all that apply]
TWINE
OTR
11. Which of the following method of threat hunting includes disrupt, deny, destroy, and degrade actions?
Maneuvering
12. Which of the following is a condition that is shown as a result when it does not exist?
False Positive
13. Which of the following is used for continuous monitoring of logs?
Security information and event management (SIEM)
14. Which of the following is achieved by Security Orchestration, Automation, Response (SOAR)?
Automation
15. Which of the following type of vulnerability scan can also attempt to exploit the vulnerabilities?
Intrusive
16. Which of the following entity in the certificate authority (CA) hierarchy validates the certificate request from a client?
Registration Authority (RA)
17. Before a user requests a certificate from a CA, which of the following tasks must be completed?
Generate private and public keys
18. Which of the following certificates should you use with a Web server for testing purposes?
Self-Signed
19. Which type of certificate file format contains private and public keys and is protected by a password?
Personal information exchange (PFX)
20. A root CA should always be kept online. [TRUE/FALSE]
FALSE
21. Which of the following hides the existence of information?
| a. Encryption |
| b. Decryption |
| c. Ciphering |
| d. Steganography |
22. Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as?
| a. Obfuscation |
| b. Integrity |
| c. Nonrepudiation |
| d. Repudiation |
23. Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this?
| a. XOR |
| b. XAND13 |
| c. Alphabetic |
| d. ROT13 |
24. Which of the following is FALSE about “security through obscurity”?
| a. It attempts to hide the existence from outsiders. |
| b. Proprietary cryptographic algorithms are an example. |
| c. It is essentially impossible. |
| d. It can only provide limited security |
25. What is low latency?
| a. The time between when a byte is input into a cryptographic cipher and when the output is obtained. |
| b. The requirements for an IoT device that is using a specific network. |
| c. A low-power source requirement of a sensor. |
| d. The delay between when a substitution cipher decrypts the first block and when it finishes with the last block |
26. What are public key systems that generate different random public keys for each session?
| a. perfect forward secrecy |
| b. Elliptic Curve Diffie-Hellman (ECDH) |
| c. Public Key Exchange (PKE) |
| d. Diffie-Hellman (DH) |
27. What is data called that is to be encrypted by inputting it into a cryptographic algorithm?
| a. Plaintext |
| b. Ciphertext |
| c. Byte-text |
| d. Cleartext |
28. Which of these is NOT a basic security protection for information that cryptography can provide?
| a. Risk |
| b. Integrity |
| c. Confidentiality |
| d. Authenticity |
29. Cicero is researching hash algorithms. Which algorithm would produce the longest and most secure digest?
| a. MD5 |
| b. SHA6-6 |
| c. SHA3-512 |
| d. SHA-256 |
30. Which of the following is NOT a symmetric cryptographic algorithm?
| a. SHA |
| b. 3DES |
| c. DES |
| d. Blowfish |
31. Which of the following is not to be decrypted but is only used for comparison purposes?
| a. Key |
| b. Algorithm |
| c. Digest |
| d. Stream |
32. Which of these is NOT a characteristic of a secure hash algorithm?
| a. A message cannot be produced from a predefined hash. |
| b. Collisions should occur no more than 15 percent of the time. |
| c. The hash should always be the same fixed size. |
| d. The results of a hash function should not be reversed |
33. Deo has been asked to explain RSA to his colleague. After his explanation, Deo is asked what, if any, weaknesses RSA has. How would Deo respond?
| a. RSA has no known weaknesses. |
| b. The digest produced by the RSA algorithm is too short to be secure. |
| c. RSA weaknesses are based on ECC. |
| d. As computers become more powerful, the ability to compute factoring has increased. |
34. Which of these is the strongest symmetric cryptographic algorithm?
| a. Triple Data Encryption Standard |
| b. Data Encryption Standard |
| c. Advanced Encryption Standard |
| d. RC1 |
35. If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?
| a. Bob’s private key |
| b. Alice’s private key |
| c. Alice’s public key |
| d. Bob’s public key |
36. Egor wanted to use a digital signature. Which of the following benefits will the digital signature NOT provide?
| a. Verify the receiver |
| b. Verify the sender |
| c. Prove the integrity of the message |
| d. Enforce nonrepudiation |
37. Basil was reading about a new attack that forces the system to abandon a higher cryptographic security mode of operation and instead fall back to an older and less secure mode. What type of attack is this?
| a. Deprecation attack |
| b. Downgrade attack |
| c. Pullback attack |
| d. Obfuscation attack |
38. What is a collision?
| a. Two algorithms have the same key. |
| b. Two files produce the same digest. |
| c. Two ciphertexts have the same length. |
| d. Two keys are the same length. |
39. Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)?
| a. It includes a pseudorandom number generator (PRNG). |
| b. It can easily be transported to another computer. |
| c. It provides cryptographic services in hardware instead of software. |
| d. It can generate asymmetric cryptographic public and private keys. |
40. Which of these provides cryptographic services and is external to the device?
| a. Hardware Security Module (HSM) |
| b. encrypted hardware-based USB devices |
| c. self-encrypting hard disk drives (SED) |
| d. Trusted Platform Module (TPM) |
41. Which is an IPsec protocol that authenticates that packets received were sent from the source?
| a. DER |
| b. PXP |
| c. CER |
| d. AH |
42. What is the name of the fields in an X.509 digital certificate that are used when the parties negotiate a secure connection?
| a. CTR |
| b. Certificate attributes |
| c. PFX |
| d. Electronic Code Book (ECB) repositories |
43. What entity calls in crypto modules to perform cryptographic tasks?
| a. Intermediate CA |
| b. Certificate Authority (CA) |
| c. OCSP |
| d. Crypto service provider |
44. _____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.
| a. Digital certificates |
| b. Digital digests |
| c. Encrypted signatures |
| d. Session keys |
45. What is the name of the device protected by a digital certificate?
| a. TLXS |
| b. CN |
| c. V2X2 |
| d. RCR |
46. What is the strongest technology that would assure Alice that Bob is the sender of a message?
| a. Digest |
| b. Digital signature |
| c. Digital certificate |
| d. Encrypted signature |
47. Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say?
| a. A private key with a digital signature |
| b. The user’s symmetric key with the public key |
| c. The user’s identity with their public key |
| d. The user’s public key with their private key |
48. Which of the following can a digital certificate NOT be used for?
| a. To encrypt channels to provide secure communication between clients and servers |
| b. To verify the authenticity of the CA |
| c. To encrypt messages for secure email communications |
| d. To verify the identity of clients and servers on the Web |
49. Who verifies the authenticity of a CSR?
| a. Certificate authority |
| b. Certificate signatory |
| c. Signature authority |
| d. Registration authority |
50. A centralized directory of digital certificates is called a(n) _____.
| a. Authorized digital signature (ADS) |
| b. Digital signature approval List (DSAP) |
| c. Certificate repository (CR) |
| d. Digital signature permitted authorization (DSPA |
51. Elton needs his application to perform a real-time lookup of a digital certificate’s status. Which technology would he use?
| a. Real-Time CA Verification (RTCAV) |
| b. Certificate Revocation List (CRL) |
| c. Online Certificate Status Protocol (OCSP) |
| d. Staple |
52. What is the purpose of certificate chaining?
| a. To lookup the name of intermediate RA |
| b. To group and verify digital certificates |
| c. To hash the private key |
| d. To ensure that a web browser has the latest root certificate updates |
53. Which of the following is NOT a means by which a newly approved root digital certificate is distributed?
| a. Pinning |
| b. OS updates |
| c. Web browser updates |
| d. Application updates |
54. Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged?
| a. CD |
| b. CN |
| c. CTR |
| d. CXL |
55. Which is the first step in a key exchange?
| a. The web browser sends a message (“ClientHello”) to the server. |
| b. The web server sends a message (“ServerHello”) to the client. |
| c. The web browser verifies the server certificate. |
| d. The browser generates a random value (“pre-master secret”). |
What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption?
| a. .P7B |
| b. .cer |
| c. .P12 |
| d. .xdr |
Other Links:
See other websites for quiz:
Check on QUIZLET