214. Common encryption algorithms that implement symmetric cryptography do not include which of the following?
a. Elliptic curve DSA (ECDSA)
b. Hash message authentication code (HMAC)
c. Message digest 5 (MD5)
d. Secure hash algorithm (SHA-1)
214. a. Symmetric cryptography uses the same key for both encryption and decryption, whereas asymmetric cryptography uses separate keys for encryption and decryption, or to digitally sign and verify a signature. ECDSA is an example of asymmetric cryptography. HMAC, MD5, and SHA-1 are examples of symmetric cryptography.
215. During the operational phase of cryptography, a new key is needed to replace the old key. Which of the following is not a method to accomplish this goal?
a. Rekeying
b. Key update
c. Entity deregistration
d. Key derivation
215. c. The entity deregistration function removes the authorization of an entity to participate in a security domain. Deregistration is intended to prevent other entities from relying on or using the deregistered entity’s keying material. At the end of a key’s crypto-period, a new key needs to be available to replace the old key if operations are to be continued. This can be accomplished by rekeying, key update, or key derivation.
216. Asymmetric authentication is susceptible to known attacks due to which of the following?
a. Client authenticates the gateway and then uses that channel to authenticate the client.
b. Authenticating the server to the client.
c. Authenticating the client to the server.
d. Authenticating each endpoint to other.
216. a. Asymmetric authentication is susceptible to attacks because of the way the authentication is performed. The client authenticates the gateway and then uses that channel to authenticate the client. It is a weak form of authentication. The other three choices provide strong forms of authentication because they are a function of either transport layer security (TLS) or Internet Protocol security (IPsec).
217. Zero-knowledge proof is used in which of the following applications?
a. Public-key encryption process
b. Zeriozation process
c. Degaussing operation
d. Data remanence operation
217. a. Zero-knowledge proof requires that one party proves something to another without revealing any additional information. This proof has applications in public-key encryption process.
Zeroization process is a method of erasing electronically stored data by altering the contents of the data storage so as to prevent the recovery of data. Degaussing operation is a process whereby the magnetic media is erased, that is, returned to its original state. Data remanence operation is the residual physical representation of data that has been in some way erased.
218. Which of the following is not part of cryptographic key management process?
a. Key layering
b. Key distribution
c. Key storage
d. Key generation
218. a. Key management provides the foundation for the secure generation, storage, distribution, and translation of cryptographic keys. Key layering is a meaningless term here.
219. An original cryptographic key is split into “n” multiple key components using split knowledge procedure. If knowledge of “k” components is required to construct the original key, knowledge of which of the following provides no information about the original key?
a. n – 1 key components
b. k – 1 key components
c. k – n key components
d. n – k key components
219. b. This is an application of split knowledge procedure. An original cryptographic key is split into “n” multiple key components, individually providing no knowledge of the original key, which can be subsequently combined to recreate the original cryptographic key. If knowledge of “k” components is required to construct the original key, then knowledge of any k–1 key components provides no information about the original key. However, it may provide information about the length of the original key. Here, “k” is less than or equal to “n.”
220. Which of the following can mitigate threats to integrity when private key cryptography is used?
a. Message authentication code
b. Message identifier
c. Message header
d. Message trailer
220. a. When private (secret) key cryptography is used, a data (message) authentication code is generated. Typically, a code is stored or transmitted with data. When data integrity is to be verified, the code is generated on the current data and compared with the previously generated code. If the two values are equal, the integrity (i.e., authenticity) of the data is verified. Message identifier is a field that may be used to identify a message, usually a sequence number. Message header and trailer contain information about the message. The other three choices do not have the code generation and verification capabilities.
221. In a public key infrastructure (PKI) environment, finding which of the following is a major challenge in the public-key certificate’s path discovery?
a. Root certificate
b. Trust anchor
c. Cross certificate
d. Intermediate certificate
221. d. All certification paths begin with a trust anchor, include zero or more intermediate certificates, and end with the certificate that contains the user’s public key. This can be an iterative process, and finding the appropriate intermediate certificates is one of PKI’s challenges in path discovery, especially when there is more than one intermediary involved. A certificate authority (CA) generally issues a self-signed certificate called a root certificate or trust anchor; this is used by applications and protocols to validate the certificates issued by a CA. Note that CAs issue cross certificates that bind another issuer’s name to that issuer’s public key.
222. Public-key cryptographic systems are not suitable for which of the following?
a. Link encryption
b. End-to-end encryption
c. Bulk encryption
d. Session encryption
222. c. Public-key cryptographic systems have low bandwidth and hence are not suitable for bulk encryption, where the latter requires a lot of bandwidth. The other three choices are applicable for specific needs.
223. Which of the following is an example of public-key cryptographic systems?
a. MAC and DAC
b. DES and 3DES