a. Access-resistant
b. Authorization-resistant
c. Collision-resistant
d. Attack-resistant
148. c. Message digests are used in cryptography to verify digital signatures and to ensure data integrity. A unique user ID is determined by constructing the hash of the client’s certificate using a trusted algorithm. For the user ID to be unique, you must have reasonable certainty that another client’s certificate will not hash to the same value. This requirement is satisfied as long as the hash function is sufficiently collision-resistant.
149. A hash function is which of the following?
a. One-to-one function
b. One-to-many function
c. Many-to-one function
d. Many-to-many function
149. c. A hash function is a many-to-one function that takes an arbitrary-length-input message and constructs a fixed-length output digest.
150. Which of the following is implemented in the Version 3 of X.509 protocol?
a. SSL
b. Regular MIME
c. SHA
d. S/MIME
150. d. Secure Multipurpose Internet Mail Extensions (S/MIME) is an open standard where e-mail messages can be digitally signed. Validating the signature on the e-mail can help the recipient know with confidence who sent it and that it was not altered during transmission (i.e., nonrepudiation). Previous versions are implemented in the regular MIME. Both SSL and SHA are not relevant here.
151. Which of the following is used to encrypt the Internet Protocol (IP) packets?
a. PPTP
b. HTTP
c. IPsec
d. PPP
151. c. Internet Protocol security (IPsec) is a protocol that operates within the Internet protocol (IP). The IP transmits and routes messages, breaks large messages into smaller sizes on one end, and reassembles them into the original message on the other end. IP accomplishes these tasks using the IP header, which is inserted at the beginning of each packet. Point-to-point tunneling protocol (PPTP) hides information in IP packets. Hypertext transfer protocol (HTTP) is a connection-oriented protocol that uses transmission control protocol (TCP) to carry Web traffic between a computer’s Web browser and the Web server being accessed. Point-to-point protocol (PPP) is used in router-to-router traffic and home user-to-ISP traffic.
152. Which one of the following encryption keys is slow?
a. Symmetric
b. Asymmetric
c. Semi-symmetric
d. Semi-asymmetric
152. b. Asymmetric keys (public keys) by definition are slow and suitable for encrypting and distributing keys and for providing authentication. On the other hand, symmetric (private keys) are faster and suitable for encrypting files and communication channels.
153. Most cryptographic attacks focus on which of the following?
a. Cryptographic keys
b. Cryptographic passwords
c. Cryptographic parameters
d. Cryptographic PINs
153. c. A cryptographic module’s critical security parameters (CSPs) contain keys, passwords, personal identification numbers (PINs), and other information. CSPs are vulnerable to attacks.
154. Which of the following symmetric key block cipher algorithms provide authentication services?
a. ECB
b. CBC
c. CBC-MAC
d. CFB
154. c. In the Advanced Encryption Standard (AES), there are five modes that can provide data confidentiality and one mode that can provide data authentication. The confidentiality modes are the Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR) modes. The authentication mode is the Cipher Block Chaining-Message Authentication Code (CBC-MAC) mode.
155. Hash-based message authentication code (HMAC) is heavily used in which of the following?
a. PPP operations
b. SET operations
c. IPsec operations
d. PPTP operations
155. c. Hash-based message authentication code (HMAC) provides message integrity and is fast and therefore heavily used in IPsec operations because of little or no overhead. It requires limited system resources to operate. HMAC uses a key in combination with the hash function to produce a message digest. It can be used with a hash function in combination with a secret key. The other three choices are not relevant here.
156. Which of the following statements is true about truncation of a message digest in cryptographic applications?
a. Smaller message digest length is applied to the data to be hashed, and the resulting digest is truncated at the rightmost bits.
b. Larger message digest length is applied to the data to be hashed, and the resulting digest is truncated at the leftmost bits.
c. Smaller message digest length is applied to the data to be hashed, and the resulting digest is truncated at the leftmost bits.
d. Larger message digest length is applied to the data to be hashed, and the resulting digest is truncated at the rightmost bits.
156. b. Some cryptographic applications may require a hash function with a message digest length different than those allowed in standards. In such cases, a truncated message digest may be used, whereby a hash function with a larger message digest length is applied to the data to be hashed, and the resulting message digest is truncated by selecting an appropriate number of the leftmost bits. The least significant bit is the rightmost bit of a bit string. The leftmost bit is the most significant bit.
157. Secure hash algorithms enable the determination of which of the following?
a. Message confidentiality
b. Message integrity
c. Message availability
d. Message identity
157. b. Secure hash algorithms (for example, SHA-224, 256,384, and 512) are used to hash a message. These algorithms enable the determination of a message’s integrity; meaning any change to the message results in a different message digest. SHA and SHA-1 should not be used because they are not secure. Message identity is a field (for example a sequence number) that may be used to identify a message.
158. Which of the following is not usually seen on a digital certificate?
a. Owner name
b. Public key
c. Effective dates for keys
d. Insurance company name
158. d. The information on the digital certificate includes the owner name, public key, and start and end dates of its validity. The certificate should not contain any owner information that changes frequently (for example, the insurance company name).
159. What is the major requirement for a public key certification authority?
a. It must be independent.