CPSA UPDATED EXAM SCRIPT QUESTIONS AND ANSWERS
GUARANTEE A+
✔✔How many secret bits in a 128-bit WEP key? - ✔✔128 64 104 40 96 104
✔✔In an IPSEC VPN there are four main attribute classes. Which of the following is
NOT one of those classes? - ✔✔Encryption Algorithm Hash Algorithm Authentication
Method Aggressive Mode Diffie-Hellman group Aggressive Mode
✔✔Of the following choices, what can you use to encrypt e-mail? - ✔✔HMAC RIPEMD
PII S/ MIME None of these S/ MIME
✔✔Of the following choices, what is a benefit of IPsec? - ✔✔MAC filtering Flood guard
Load balancing Payload encryption Secures your IP Payload encryption
✔✔Sally encrypted a project file with her public key. Later, an administrator accidentally
deleted her account that had exclusive access to her private key. Can this project file be
retrieved? - ✔✔No. If the private key is lost, the data cannot be retrieved Yes. The
public key can decrypt the file Yes, if a copy of her public key is stored in escrow Yes, if
the organization uses a recovery agent Yes, if she uses her password Yes, if the
organization uses a recovery agent
✔✔What are the four mandatory transform attributes for an IKE Phase-1 SA? -
✔✔Encryption Algorithm, Hash Algorithm, Authentication Method, Diffie Hellman Group
Encryption Algorithm, Key Length, Authentication Method, SA Lifetime SA Lifetime, Key
length, PRF, Field Size SA Lifetime, Hash Algorithm, Authentication Method, PRF
Protocol ID, Transform ID, IPsec Mode, Authentication Algorithm Encryption Algorithm,
Hash Algorithm, Authentication Method, Diffie Hellman Group
✔✔What do programs, such as Tripwire, MD5sum, and Windows System File
Protection, all rely on? - ✔✔Digital certificates Hashing Digital signatures
Steganography Encryption Hashing
✔✔What does "export" signify for an SSL cipher - ✔✔It is a weak cipher that was
acceptable for export under the old US cryptography export regulations It is the
strongest cipher that is currently permitted to be exported from the US It is a cipher with
integrated key escrow, which allows the NSA to recover the key It is a cipher that is
suitable for encrypting information to be sent across national borders It is a stronger
version of a cipher, similar to export versions of European lagers It is a weak cipher that
was acceptable for export under the old US cryptography export regulations
✔✔What is IKE? - ✔✔Internet Key Exchange Initial Key Exchange IBM Key Exchange
Internal Key Exchange Integrated Key Exchange Internet Key Exchange
,✔✔What is SSL used for? - ✔✔Encrypt data as it travels over a network Encrypt files
located on a Web server Encrypt passwords for storage in a database Encrypt specific
elements of data for application-specific purposes Encrypt digital certificates used to
authenticate a Web site Encrypt data as it travels over a network
✔✔What is the length of the IV for a WEP key? - ✔✔128 bits 64 bits 40 bits 24 bits 56
bits 24 bits
✔✔Which of the following algorithms could be used to negotiate a shared encryption
key? - ✔✔Triple-DES SHA1 DES AES Diffie-Hellman Diffie-Hellman
✔✔Which of the following is the correct definition of WEP? - ✔✔Wireless Encrypted
Password Wired Equivalent Privacy Wireless Enabled Password Wireless Extended
Privacy Wired Equivalent Password Wired Equivalent Privacy
✔✔Which of the following key sizes is considered the minimum recommended for a new
SSL certificate? - ✔✔768 bits 1024 bits 2048 bits 3072 bits 256 bits 2048 bits
✔✔Which of the following protocols was developed to be used for key exchange? -
✔✔Diffie-Hellman MD5 Rijndael Base64 None of these Diffie-Hellman
✔✔Which of the following services does not encrypt its traffic? - ✔✔DNS All of these
SSH FTPS TLS DNS
✔✔Which of the following statements accurately describes the relationship between
keys in a PKI? - ✔✔Data encrypted with a public key can only be decrypted with the
matching private key Data encrypted with a public key can only be decrypted with the
matching public key Data encrypted with a private key can only be decrypted with the
matching private key The public key always encrypts and the private key always
decrypts None of these Data encrypted with a public key can only be decrypted with the
matching private key
✔✔Which of the following uses the same key to encode and decode data? - ✔✔RSA El
Gamel ECC RC5 None of these RC5
✔✔Which ports do you have to open on a firewall to allow IKE VPN to function
correctly? - ✔✔All VPN associated Ports All ports UDP 500, Protocol 50 & 51 135 and
445 TCP ICMP UDP 500, Protocol 50 & 51
✔✔Which protocols are associated with IPsec? - ✔✔IP protocol 89 UDP port 500, IP
protocol 50 and IP protocol 51. TCP port 1723 and IP protocol 47 IP protocol 94 TCP
port 443 UDP port 500, IP protocol 50 and IP protocol 51.
, ✔✔Why can remote access VPNs not use Main Mode for IKE Phase-1 if the
authentication method is pre-shared key? - ✔✔Because remote access servers always
use aggressive mode for IKE Phase-1 Because XAUTH is not compatible with IKE Main
Mode Because IKE Main Mode does not support the pre-shared key authentication
method Because pre-shared key authentication with Main Mode requires that the peer's
IP is known before the connection is established Because remote access clients always
use aggressive mode for IKE Phase-1 Because pre-shared key authentication with Main
Mode requires that the peer's IP is known before the connection is established
✔✔Which of the following is an example of multifactor authentication? - ✔✔Smart card
and PIN Thumbprint and voice recognition Thumbprint and voice recognition Password
and PIN Password and Breathalyser Smart card and PIN
✔✔Which of the following is the best example of a strong two factor authentication? -
✔✔A passcard and a token A token and a pin number A username and a password A
hand scan and fingerprint scan None of these A token and a pin number
✔✔Which of the following vulnerabilities can be associated with Password
Autocomplete being enabled on a web page visible from the Internet? - ✔✔Anyone on
the Internet can login without authentication credentials Anyone on the Internet that
knows a valid username for the web page would not need to know the password A SQL
injection vulnerability would allow passwords to be extracted from the back-end
database A file disclosure vulnerability would allow an attacker to read the list of
Autocompleted passwords on the website A vulnerability on a client workstation could
be leveraged to discover and take advantage of cached passwords A vulnerability on a
client workstation could be leveraged to discover and take advantage of cached
passwords
✔✔Question - ✔✔Option 1 Option 2 Option 3 Option 4 Option 5 Correct Answer 1
✔✔What does NAC refer to in respect to Cisco? - ✔✔Network Access Control Network
Authentication Command Network Administration Control Network Adapter Card
Network Admission Control Network Admission Control
✔✔What is the significance of the string "SEP" in the configuration filename of a Cisco
IP phone? - ✔✔It stands for Skinny Enchanced Phone It stands for Cisco Ethernet
Phone, but someone misspelled it and the name stuck It stands for SIP Enhanced
Phone No one knows It stands for Selsius Ethernet Phone, which was the original name
of the Cisco IP phone It stands for Selsius Ethernet Phone, which was the original name
of the Cisco IP phone
✔✔"What would be the effect of writing the string x to the following OID on a Cisco
router running IOS 11? - ✔✔
GUARANTEE A+
✔✔How many secret bits in a 128-bit WEP key? - ✔✔128 64 104 40 96 104
✔✔In an IPSEC VPN there are four main attribute classes. Which of the following is
NOT one of those classes? - ✔✔Encryption Algorithm Hash Algorithm Authentication
Method Aggressive Mode Diffie-Hellman group Aggressive Mode
✔✔Of the following choices, what can you use to encrypt e-mail? - ✔✔HMAC RIPEMD
PII S/ MIME None of these S/ MIME
✔✔Of the following choices, what is a benefit of IPsec? - ✔✔MAC filtering Flood guard
Load balancing Payload encryption Secures your IP Payload encryption
✔✔Sally encrypted a project file with her public key. Later, an administrator accidentally
deleted her account that had exclusive access to her private key. Can this project file be
retrieved? - ✔✔No. If the private key is lost, the data cannot be retrieved Yes. The
public key can decrypt the file Yes, if a copy of her public key is stored in escrow Yes, if
the organization uses a recovery agent Yes, if she uses her password Yes, if the
organization uses a recovery agent
✔✔What are the four mandatory transform attributes for an IKE Phase-1 SA? -
✔✔Encryption Algorithm, Hash Algorithm, Authentication Method, Diffie Hellman Group
Encryption Algorithm, Key Length, Authentication Method, SA Lifetime SA Lifetime, Key
length, PRF, Field Size SA Lifetime, Hash Algorithm, Authentication Method, PRF
Protocol ID, Transform ID, IPsec Mode, Authentication Algorithm Encryption Algorithm,
Hash Algorithm, Authentication Method, Diffie Hellman Group
✔✔What do programs, such as Tripwire, MD5sum, and Windows System File
Protection, all rely on? - ✔✔Digital certificates Hashing Digital signatures
Steganography Encryption Hashing
✔✔What does "export" signify for an SSL cipher - ✔✔It is a weak cipher that was
acceptable for export under the old US cryptography export regulations It is the
strongest cipher that is currently permitted to be exported from the US It is a cipher with
integrated key escrow, which allows the NSA to recover the key It is a cipher that is
suitable for encrypting information to be sent across national borders It is a stronger
version of a cipher, similar to export versions of European lagers It is a weak cipher that
was acceptable for export under the old US cryptography export regulations
✔✔What is IKE? - ✔✔Internet Key Exchange Initial Key Exchange IBM Key Exchange
Internal Key Exchange Integrated Key Exchange Internet Key Exchange
,✔✔What is SSL used for? - ✔✔Encrypt data as it travels over a network Encrypt files
located on a Web server Encrypt passwords for storage in a database Encrypt specific
elements of data for application-specific purposes Encrypt digital certificates used to
authenticate a Web site Encrypt data as it travels over a network
✔✔What is the length of the IV for a WEP key? - ✔✔128 bits 64 bits 40 bits 24 bits 56
bits 24 bits
✔✔Which of the following algorithms could be used to negotiate a shared encryption
key? - ✔✔Triple-DES SHA1 DES AES Diffie-Hellman Diffie-Hellman
✔✔Which of the following is the correct definition of WEP? - ✔✔Wireless Encrypted
Password Wired Equivalent Privacy Wireless Enabled Password Wireless Extended
Privacy Wired Equivalent Password Wired Equivalent Privacy
✔✔Which of the following key sizes is considered the minimum recommended for a new
SSL certificate? - ✔✔768 bits 1024 bits 2048 bits 3072 bits 256 bits 2048 bits
✔✔Which of the following protocols was developed to be used for key exchange? -
✔✔Diffie-Hellman MD5 Rijndael Base64 None of these Diffie-Hellman
✔✔Which of the following services does not encrypt its traffic? - ✔✔DNS All of these
SSH FTPS TLS DNS
✔✔Which of the following statements accurately describes the relationship between
keys in a PKI? - ✔✔Data encrypted with a public key can only be decrypted with the
matching private key Data encrypted with a public key can only be decrypted with the
matching public key Data encrypted with a private key can only be decrypted with the
matching private key The public key always encrypts and the private key always
decrypts None of these Data encrypted with a public key can only be decrypted with the
matching private key
✔✔Which of the following uses the same key to encode and decode data? - ✔✔RSA El
Gamel ECC RC5 None of these RC5
✔✔Which ports do you have to open on a firewall to allow IKE VPN to function
correctly? - ✔✔All VPN associated Ports All ports UDP 500, Protocol 50 & 51 135 and
445 TCP ICMP UDP 500, Protocol 50 & 51
✔✔Which protocols are associated with IPsec? - ✔✔IP protocol 89 UDP port 500, IP
protocol 50 and IP protocol 51. TCP port 1723 and IP protocol 47 IP protocol 94 TCP
port 443 UDP port 500, IP protocol 50 and IP protocol 51.
, ✔✔Why can remote access VPNs not use Main Mode for IKE Phase-1 if the
authentication method is pre-shared key? - ✔✔Because remote access servers always
use aggressive mode for IKE Phase-1 Because XAUTH is not compatible with IKE Main
Mode Because IKE Main Mode does not support the pre-shared key authentication
method Because pre-shared key authentication with Main Mode requires that the peer's
IP is known before the connection is established Because remote access clients always
use aggressive mode for IKE Phase-1 Because pre-shared key authentication with Main
Mode requires that the peer's IP is known before the connection is established
✔✔Which of the following is an example of multifactor authentication? - ✔✔Smart card
and PIN Thumbprint and voice recognition Thumbprint and voice recognition Password
and PIN Password and Breathalyser Smart card and PIN
✔✔Which of the following is the best example of a strong two factor authentication? -
✔✔A passcard and a token A token and a pin number A username and a password A
hand scan and fingerprint scan None of these A token and a pin number
✔✔Which of the following vulnerabilities can be associated with Password
Autocomplete being enabled on a web page visible from the Internet? - ✔✔Anyone on
the Internet can login without authentication credentials Anyone on the Internet that
knows a valid username for the web page would not need to know the password A SQL
injection vulnerability would allow passwords to be extracted from the back-end
database A file disclosure vulnerability would allow an attacker to read the list of
Autocompleted passwords on the website A vulnerability on a client workstation could
be leveraged to discover and take advantage of cached passwords A vulnerability on a
client workstation could be leveraged to discover and take advantage of cached
passwords
✔✔Question - ✔✔Option 1 Option 2 Option 3 Option 4 Option 5 Correct Answer 1
✔✔What does NAC refer to in respect to Cisco? - ✔✔Network Access Control Network
Authentication Command Network Administration Control Network Adapter Card
Network Admission Control Network Admission Control
✔✔What is the significance of the string "SEP" in the configuration filename of a Cisco
IP phone? - ✔✔It stands for Skinny Enchanced Phone It stands for Cisco Ethernet
Phone, but someone misspelled it and the name stuck It stands for SIP Enhanced
Phone No one knows It stands for Selsius Ethernet Phone, which was the original name
of the Cisco IP phone It stands for Selsius Ethernet Phone, which was the original name
of the Cisco IP phone
✔✔"What would be the effect of writing the string x to the following OID on a Cisco
router running IOS 11? - ✔✔
