a. Data at rest
b. Data in transit
c. Data in use
d. Data to recover
128. d. The data sanitization practices have serious implications for security and data recovery in the cloud computing environment and are most affected. Sanitization is the removal of sensitive data from a storage device such as (i) when a storage device is removed from service or moved elsewhere to be stored, (ii) when residual data remains upon termination of service, and (iii) when backup copies are made for recovery and restoration of service. Data sanitization matters can get complicated when data from one subscriber is physically commingled with the data of other subscribers. It is also possible to recover data from failed drives (for example, hard drives and flash drives) that are not disposed of properly by cloud providers.
Procedures for protecting data at rest are not as well standardized in a cloud computing environment. Cryptography can be used to protect data in transit. Trust mechanisms such as requiring service contracts and performing risk assessments can protect data in use because this is an emerging area of cryptography.
129. Which of the following provides a unique user ID for a digital certificate?
a. User name
b. User organization
c. User e-mail
d. User message digest
129. d. The digital certificate contains information about the user’s identity (for example, name, organization, and e-mail), but this information may not necessarily be unique. A one-way (hash) function can be used to construct a fingerprint (message digest) unique to a given certificate using the user’s public key.
130. Which of the following is not included in the digital signature standard (DSS)?
a. Digital signature algorithm (DSA)
b. Data encryption standard (DES)
c. Rivest, Shamir, and Adelman algorithm (RSA)
d. Elliptic curve digital signature algorithm (ECDSA)
130. b. DSA, RSA, and ECDSA are included in the DSS that specifies a digital signature used in computing and verifying digital signatures. DES is a symmetric algorithm and is not included in the DSS. DES is a block cipher and uses a 56-bit key.
DES has been replaced by advanced encryption standard (AES) where the latter is preferred as an encryption algorithm for new products. The AES is a symmetric key encryption algorithm to protect electronic data as it is fast and strong due to its Key-Block-Round combination. The strength of DES is no longer sufficient.
131. What keys are used to create digital signatures?
a. Public-key cryptography
b. Private-key cryptography
c. Hybrid-key cryptography
d. Primary-key cryptography
131. a. Public-key cryptography has been recommended for distribution of secret keys and in support of digital signatures. Private-key cryptography has been recommended for encryption of messages and can be used for message integrity check computations. Hybrid keys combine the best of both public and private keys. Primary keys are used in database design and are not relevant here.
132. Elliptic curve systems are which of the following?
1. Asymmetric algorithms
2. Symmetric algorithms
3. Public-key systems
4. Private-key systems
a. 2 and 3
b. 1 and 3
c. 2 and 4
d. 1 and 4
132. b. Elliptic curve systems are public-key (asymmetric) cryptographic algorithms. DES is private-key (symmetric) cryptographic algorithms.
133. Data encryption standard (DES) cannot provide which of the following security services?
a. Encryption
b. Access control
c. Integrity
d. Authentication
133. d. Data encryption standard (DES) provides encryption, access control, integrity, and key management standards. It cannot provide authentication services. The DES is a cryptographic algorithm designed for access to and protection of unclassified data. Because the original “single” DES is insecure, the Triple DES should be used instead.
134. The elliptic curve system uses which of the following to create digital signatures?
a. Hash algorithm
b. Prime algorithm
c. Inversion algorithm
d. Linear algorithm
134. a. The elliptic curve systems are used to create digital signatures with a hash algorithm such as SHA-1 (160-bit key). The SHA-1 is used to generate a condensed representation of a message called a message digest. SHA-1 is a technical revision of SHA. A secure hash algorithm (SHA) is used to generate a condensed message representation called a message digest. SHA is used by PGP or GNU PGP to generate digital signatures.
135. Which of the following clearly defines end-to-end encryption?
1. Encryption at origin
2. Decryption at destination
3. Visible routing information
4. No intermediate decryption
a. 1 and 2
b. 3 and 4
c. 1, 2, and 3
d. 1, 2, 3, and 4
135. d. End-to-end encryption refers to communications encryption in which data is encrypted when being passed through a network (i.e., encryption at origin and decryption at destination) but routing information remains visible without intermediate decryption. End-to-end encryption is safe as end-to-end security in that information is safeguarded from point of origin to point of destination.
136. Which one of the following provides data integrity?
a. Cyclic redundancy checks
b. Digitized signatures
c. Passwords and PINs
d. Biometrics
136. a. A cyclic redundancy check (CRC) can be used to verify the integrity of data transmitted over a communications line. Passwords, PINs, and biometrics can be used to authenticate user identity. Digitized signatures do not provide data integrity because they are simply created by scanning a handwritten signature.
137. Symmetric key algorithms are ideally suited for which of the following?
a. Authentication
b. Integrity
c. Confidentiality
d. Nonrepudiation
137. c. Symmetric key cryptography is a class of algorithms where parties share a secret key. These algorithms are primarily used to achieve confidentiality but may also be used for authentication, integrity, and limited nonrepudiation services.
138. Which of the following is the most efficient way of handling the redundancy built into the encrypted messages in detecting transmission errors?
a. Using cyclic redundancy check (CRC) polynomial code
b. Using CRC code
c. Using Hamming code