Security Architecture and Engineering Exam Questions and Answers Already Passed (Rated 100%)

Security Architecture and Engineering Exam Questions and Answers Already Passed (Rated 100%) Algorithm - Answers A mathematical function that is used in the encryption and decryption processes. It may be quite simple or extremely complex. Also defined as the set of instructions by which encryption and decryption is done. Asymmetric Encryption - Answers Process that uses different keys for encryption than it does for decryption, and in which the decryption key is computationally infeasible to determine given the encryption key itself, from plaintext and corresponding ciphertext, or from knowledge of the key generation or encryption algorithm. Block Mode Encryption - Answers Using fixed-length sequences of input plaintext symbols as the unit of encryption. Ciphertext - Answers The altered form of a plaintext message so as to be unreadable for anyone except the intended recipients. In other words, it has been turned into a secret. Collision - Answers This occurs when a hash function generates the same output for different inputs. In other words, two different messages produce the same message digest. Crime Prevention Through Environmental Design (CPTED) - Answers An architectural approach to the design of buildings and spaces, which emphasizes passive features to reduce the likelihood of criminal activity. Cryptanalysis - Answers The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services. Cryptographic Hash, Cryptographic Hash Function - Answers A process or function that transforms an input plaintext into a unique value called a hash (or hash value). These do not use cryptographic algorithms; the term "cryptographic" refers to the assertion that strong hash algorithms are one-way functions, that is, it is computationally infeasible to example of the use of a cryptographic hash. determine the input plaintext from the hash value and knowledge of the algorithm alone. Message digests are an example of the use of a cryptographic hash. Cryptography - Answers The study or applications of methods to secure or protect the meaning and content of messages, files or other information, usually by disguise, obscuration or other transformations of that content and meaning . Cryptosystem - Answers The complete set of hardware, software, communications elements and procedures that allows parties to communicate, store information or use information that is protected by cryptographic means. The system includes the algorithm, key and key management functions, together with other services that can be provided through cryptography. Cryptovariable(s) - Answers One or more parameters that are inherent to a particular cryptographic algorithm and its implementation in a cryptosystem. Block size, key length and number of iterations (or rounds) are examples of cryptovariables. Decoding - Answers The reverse process from encoding, converting the encoded message back into its plaintext format. Decryption - Answers The reverse process from encryption. It is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key for decryption (which is the same for symmetric encryption, but different for asymmetric encryption). This term is also used interchangeably with "deciphering." Encoding - Answers The action of changing a message or other set of information into another format through the use of a code. Unlike encryption, which obscures or hides the meaning, encoded information can still be read by anyone with knowledge of the encoding process. Encryption - Answers The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings. Encryption System - Answers The total set of algorithms, processes, hardware, software and procedures that taken together provide an encryption and decryption capability. Frequency Analysis - Answers A form of cryptanalysis that uses the frequency of occurrence of letters, words or symbols in the plaintext alphabet as a way of reducing the search space. Hybrid Encryption System - Answers A system that uses both symmetric and asymmetric encryption processes. In Band - Answers Refers to transmitting or sharing control information, such as encryption keys and cryptovariables, over the same communications path, channel or system controlled or protected by that information. Key - Answers The input that controls the operation of the cryptographic algorithm. It determines the behavior of the algorithm and permits the reliable encryption and decryption of the message. Key Escrow - Answers A process by which keys (asymmetric or symmetric) are placed in a trusted storage agent's custody, for later retrieval. The trustworthiness of the encryption system(s) being used is thus completely placed in the escrow agent's control. Key Generation - Answers The process of creating a new encryption (or decryption) key. Key Management - Answers All processes used to create, store, distribute and provide expiration and revocation of encryption and decryption keys, for all users of a particular encryption system. Key Pair (Asymmetric Encryption) - Answers A matching set of one public and one private key, generally associated with only one person, organization or identity. Key Recovery - Answers A process of reconstructing an encryption key from the ciphertext alone, such as when the original key has been corrupted, lost or forgotten. Requires a known way of reverse-engineering the algorithm (i.e., a successful means of conducting a ciphertext-based attack). By definition, a workable key recovery process for an algorithm means that the algorithm is not secure. Key Space - Answers Represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password. Message Digest - Answers A small representation of a message, file or other data, usually generated by a cryptographic hash. Message digests are used to ensure the authentication and integrity of information, not the confidentiality. Modulo, Modular Arithmetic, Modulus - Answers A system of arithmetic in which a number can range from 0 up to a certain value called the modulus; this is done by integer division of the number by the modulus, with the remainder being the result used in subsequent operations. For example, 15 modulo 4 is 3. Programming and logic languages will represent this as an operator (15 modulo 4, for example) or as a function: f(x) = mod(15,4). Non-repudiation - Answers The inability to deny. In cryptography, it is a security service by which evidence is maintained so that the sender and the recipient of data cannot deny having participated in the communication. There are two kinds of non-repudiation: "non- repudiation of origin" means the sender cannot deny having sent a particular message, and "non-repudiation of delivery" is when the receiver cannot say that they have received a different message than the one that they actually did receive. One-time Pad - Answers A series of randomly generated symmetric encryption keys, each one to be used only once by sender and recipient. Out-of-Band - Answers Refers to transmitting or sharing control information, such as encryption keys and crypto variables, by means of a separate and distinct communications path, channel or system from which the control information is used to operate and keep secure. Plaintext - Answers The message or data in its natural format and in readable form. Plaintext is human readable and is extremely vulnerable from a confidentiality perspective. Plaintext is the message or data that has not been turned into a secret. Plaintext should not be confused with cleartext, which is data or to send the packets to or what to do with them upon receipt. a message in its natural format, but which its originator has no intention or need to protect via encryption. For example, SSH and TLS protect the contents of a packet by replacing their plaintext forms with ciphertext while leaving the packet headers, preambles and postambles in their unencrypted cleartext forms; if these fields were encrypted, the transport and network