The other two items cannot control traffic analysis attacks. Traffic flow signal control is used to conduct traffic flow analysis. Traffic encryption key is used to encrypt plaintext or to super-encrypt previously encrypted text and/or to decrypt ciphertext.

98. Which of the following refers to a communications network architecture in which user data traversing a global Internet Protocol (IP) network is end-to-end encrypted at the IP layer?

a. RED

b. BLACK

c. Black core

d. Striped core

98. c. Black core refers to a communications network architecture in which user data traversing a core (global) Internet Protocol (IP) network is end-to-end encrypted at the IP layer.

RED refers to data/information or messages that contain sensitive or classified information that is not encrypted whereas BLACK refers to information that is encrypted. Striped core is a communications network architecture in which user data traversing a core (global) IP network is decrypted, filtered, and re-encrypted one or more times. The process of decryption filtering, and re-encryption is performed within a “red gateway”; consequently, the core is “striped” because the data path is alternatively black, red, and black.

99. Digital signature generation should provide security strength of which of the following?

a. Less than 80 bits

b. Equal to or greater than 80 bits

c. Equal to or greater than 112 bits

d. Between 80 and 112 bits

99. c. Digital signature generation should provide security strength of 112 bits or more. Digital signature verification should provide security strength of 80 bits or more. Less than 80 bits or a range between 80 and 112 bits are not acceptable for the digital signature generation.

100. Which of the following is not true about a digital signature?

a. It is an encrypted digest of the text that is sent along with a message.

b. It authenticates the identity of the sender of a message.

c. It guarantees that no one has altered the sent document.

d. Electronic signatures and digital signatures are the same.

100. d. A digital signature is an electronic analogue of a handwritten signature in that it can be used to prove to the recipient, or a third party, that the originator in fact signed the message. It is an encrypted digest of the text that is sent along with a message, usually a text message, but possibly one that contains other types of information, such as pictures. A digital signature authenticates the identity of the sender of the message and also guarantees that no one has altered the document.

On the other hand, an electronic signature is a cryptographic mechanism that performs a similar function to a handwritten signature. It is used to verify the origin and contents of a message (for example, an e-mail message). It is a method of signing an electronic message that (i) identifies and authenticates a particular person as the source of the electronic message and (ii) indicates such person’s approval of the information contained in the electronic message. Electronic signatures can use either secret key or public key cryptography. Hence, electronic signatures and digital signatures are not the same.

101. Traffic flow confidentiality uses which of the following security controls?

a. Traffic padding and address hiding

b. Testwords and traffic padding

c. Traffic padding and seals/signatures

d. Address hiding and seals/signatures

101. a. Traffic flow confidentiality protects against sensitive information being disclosed by observing network traffic flows. It uses traffic (message) padding and address hiding controls. In traffic padding, “dummy” traffic is generated to confuse the intruder. Address hiding requires that protocol header information be protected from unauthorized attack via cryptographic means.

Testword is incorrect because a string of characters is appended to a transaction by the sending party and verified by the receiving party. A testword is an early technology realization of a seal or signature used in financial transactions. A seal or signature involves cryptographically generating a value that is appended to a plain text data item. Both testwords and seals are used to increase the data integrity of financial transactions.

102. Cryptographic methods work effectively as a security measure for information and communication systems. To achieve that goal, cryptographic methods must meet all the following except:

a. Interoperable

b. Scalable

c. Mobile

d. Portable

102. b. Scalability means the system can be made to have more or less computational power by configuring it with a larger or smaller number of processors, amount of memory, interconnection bandwidth, number of total connections, input/output bandwidth, and amount of mass storage. Scalability is a technology or organizational issue, not a cryptography issue.

Interoperability is incorrect because it is needed in cryptography where two or more systems can interact with one another and exchange data according to a prescribed method to achieve predictable results. Mobility is incorrect because it is needed in cryptography to authenticate between local and remote systems. Portability is incorrect because it is needed in cryptography between operating systems and application systems. The other three choices are cryptography issues to deal with.

103. Which of the following provides less security?

a. SHA-1

b. SHA-224

c. SHA-256

d. SHA-384

103. a. Secure hash algorithm -1 (SHA-1), which is 160 bits, provides less security than SHA-224, SHA-256, and SHA-384. Cryptographic hash functions that compute a fixed size message digest (MD) from arbitrary size messages are widely used for many purposes in cryptography, including digital signatures. A hash function produces a short representation of a longer message. A good hash function is a one-way function: It is easy to compute the hash value from a particular input; however, backing up the process from the hash value back to the input is extremely difficult. With a good hash function, it is also extremely difficult to find two specific inputs that produce the same hash value. Because of these characteristics, hash functions are often used to determine whether data has changed.

Researchers discovered a way to “break” a number of hash algorithms, including MD4, MD5, HAVAL-128, RIPEMD, and SHA-0. New attacks on SHA-1 have indicated that SHA-1 provides less security than originally thought. Therefore, the use of SHA-1 is not recommended for generating digital signatures in new systems. New systems should use one of the larger and better hash functions, such as SHA-224, SHA-256, SHA-384, and SHA-512.

104. In symmetric cryptography, if there are four entities using encryption, how many keys are required for each relationship?

a. 4

b. 6

c. 8

d. 12

104. b. In symmetric cryptography, the same key is used for both encryption and decryption. If there are four entities such as A, B, C, and D, there are six possible relationships such as A-B, A-C, A-D, B-C, B-D, and C-D. Therefore, six keys are required. It uses the formula (n)(n–1)/2 where “n” equals the number of entities.