Lesson 5: Summarizing Basic
Cryptographic Concepts Test Questions
All Solved.
An employee works on a small team that shares critical information about the company's network.
When sending emails that have this information, what would be used to provide the identity of the
sender and prove that the information has not been tampered with?
A. Private key
B. Digital signature
C. Public key
D. RSA algorithm - Answer B. Digital signature
A digital signature proves the identity of the sender of a message and to show that a message has not
been tampered with since the sender posted it. This provides authentication, integrity, and non-
repudiation.
A private key will encrypt the message. Encrypting the message will scramble the data to protect it
during transmission.
The public key is what the recipient will use to decrypt the message. The decryption will allow the
recipient to read the data upon receipt.
An RSA Algorithm is what many of the public key cryptography products are based on.
A systems administrator downloads and installs open source software from the software developer's
website. However, the website was hacked and the software was modified to include a backdoor. As a
result, the hackers now have access to the administrator's network. Assess the behavior of the
administrator and select which of the following measures would prevent a possible hack attempt.
A. Validate the software using a checksum
B. Validate the software using a private certificate
C. Validate the software using a key signing key
D. Validate the software using Kerberos - Answer A. Validate the software using a checksum
, The administrator should have validated the software with a checksum, which uses a cryptographic
algorithm to generate a unique hash value based on the file contents. If the file is changed, the
checksum of the modified file will not match the original.
A private certificate does not validate software.
A key signing key is associated with Domain Name System Security Extensions (DNSSEC), which validates
DNS responses to help mitigate spoofing and poisoning attacks. It does not apply to software.
Kerberos is an authentication service based on a time-sensitive ticket-granting system. It is used to
validate users, not software.
When using a digital envelope to exchange key information, the use of what key agreement mitigates the
risk inherent in the Rivest-Shamir-Adleman (RSA) algorithm, and by what means?
A. Perfect forward secrecy (PFS) uses Diffie-Hellman (DH) key agreement to create ephemeral session
keys without using the server's private key.
B. The Cipher Block Chaining (CBC) key agreement mode uses an initialization vector (IV) to create
ephemeral session keys without using the server's private key.
C. Counter mode in key agreement makes the advanced encryption standard (AES) algorithm work as a
stream cipher, by applying an initialization vector to issue a security certificate.
D. A certificate authority (CA) validates the public key's owner and creates an initialization vector to
protect the exchange from snooping. - Answer A.
Perfect forward secrecy (PFS) mitigates the risk from RSA key exchange, using Diffie-Hellman (D-H) key
agreement to create ephemeral session keys without using the server's private key.
Modes of operation refer to AES use in a cipher suite. Cipher Block Chaining (CBC) mode applies an
initialization vector (IV) to a chain of plaintext data and uses padding to fill out blocks of data.
Counter mode makes the AES algorithm work as a stream cipher. Each block of data can be processed
individually and in parallel, improving performance.
A certificate authority (CA), validates the owner of a public key, issuing a signed certificate. The process
of issuing and verifying certificates is called public key infrastructure (PKI).
Which two cryptographic functions can be combined to authenticate a sender and prove the integrity of
a message?
A. Hashing and symmetric encryption
B. Public key cryptography and digital enveloping
C. Hashing and digital enveloping
Cryptographic Concepts Test Questions
All Solved.
An employee works on a small team that shares critical information about the company's network.
When sending emails that have this information, what would be used to provide the identity of the
sender and prove that the information has not been tampered with?
A. Private key
B. Digital signature
C. Public key
D. RSA algorithm - Answer B. Digital signature
A digital signature proves the identity of the sender of a message and to show that a message has not
been tampered with since the sender posted it. This provides authentication, integrity, and non-
repudiation.
A private key will encrypt the message. Encrypting the message will scramble the data to protect it
during transmission.
The public key is what the recipient will use to decrypt the message. The decryption will allow the
recipient to read the data upon receipt.
An RSA Algorithm is what many of the public key cryptography products are based on.
A systems administrator downloads and installs open source software from the software developer's
website. However, the website was hacked and the software was modified to include a backdoor. As a
result, the hackers now have access to the administrator's network. Assess the behavior of the
administrator and select which of the following measures would prevent a possible hack attempt.
A. Validate the software using a checksum
B. Validate the software using a private certificate
C. Validate the software using a key signing key
D. Validate the software using Kerberos - Answer A. Validate the software using a checksum
, The administrator should have validated the software with a checksum, which uses a cryptographic
algorithm to generate a unique hash value based on the file contents. If the file is changed, the
checksum of the modified file will not match the original.
A private certificate does not validate software.
A key signing key is associated with Domain Name System Security Extensions (DNSSEC), which validates
DNS responses to help mitigate spoofing and poisoning attacks. It does not apply to software.
Kerberos is an authentication service based on a time-sensitive ticket-granting system. It is used to
validate users, not software.
When using a digital envelope to exchange key information, the use of what key agreement mitigates the
risk inherent in the Rivest-Shamir-Adleman (RSA) algorithm, and by what means?
A. Perfect forward secrecy (PFS) uses Diffie-Hellman (DH) key agreement to create ephemeral session
keys without using the server's private key.
B. The Cipher Block Chaining (CBC) key agreement mode uses an initialization vector (IV) to create
ephemeral session keys without using the server's private key.
C. Counter mode in key agreement makes the advanced encryption standard (AES) algorithm work as a
stream cipher, by applying an initialization vector to issue a security certificate.
D. A certificate authority (CA) validates the public key's owner and creates an initialization vector to
protect the exchange from snooping. - Answer A.
Perfect forward secrecy (PFS) mitigates the risk from RSA key exchange, using Diffie-Hellman (D-H) key
agreement to create ephemeral session keys without using the server's private key.
Modes of operation refer to AES use in a cipher suite. Cipher Block Chaining (CBC) mode applies an
initialization vector (IV) to a chain of plaintext data and uses padding to fill out blocks of data.
Counter mode makes the AES algorithm work as a stream cipher. Each block of data can be processed
individually and in parallel, improving performance.
A certificate authority (CA), validates the owner of a public key, issuing a signed certificate. The process
of issuing and verifying certificates is called public key infrastructure (PKI).
Which two cryptographic functions can be combined to authenticate a sender and prove the integrity of
a message?
A. Hashing and symmetric encryption
B. Public key cryptography and digital enveloping
C. Hashing and digital enveloping
