INTRODUCTION TO CRYPTOGRAPHY Exam Questions and Answers

INTRODUCTION TO CRYPTOGRAPHY Exam Questions with Answers attack tree - Correct Answers: _.To improve the security of a system, we must improve the weakest link. But to do that, we need to know what the links are and which ones are weak. This is best done using a hierarchical tree structure. Each part of a system has multiple links, and each link in turn has sublinks. We can organize the links into what we call an __. adversarial setting - Correct Answers: One of the biggest differences between security systems and almost any other type of engineering is the __. Most engineers have to contend with problems like storms, heat, and wear and tear. All of these factors affect designs, but their effect is fairly predictable to an experienced engineer. Not so in security systems. Our opponents are intelligent, clever, malicious, and devious; they'll do things nobody had ever thought of before. Caesar Cipher - Correct Answers: One of the oldest encryption methods. Also known as a shift cipher, is one of the simplest forms of encryption. It is a substitution cipher where each letter in the original message (called the plaintext) is replaced with a letter corresponding to a certain number of letters up or down in the alphabet. Atbash Cipher - Correct Answers: Hebrew cipher which substitutes the first letter of the alphabet for the last, and the second letter for the second-to-last, in other words, it simply reverses the alphabet. Affine Cipher - Correct Answers: An __ is any single-substitution alphabet cipher (also called mono-alphabet substitution) in which each letter in the alphabet is mapped to some numeric value, permuted with some relatively simple mathematical function, and then converted back to a letter ROT13 cipher - Correct Answers: This more recent cipher uses the same mechanism as the Caesar cipher but moves each letter 13 places forward Scytale - Correct Answers: A tool used to perform a transposition cipher, consisting of a cylinder with a strip of parchment wound around it on which is written a message. The ancient Greeks, and the Spartans in particular, are said to have used this cipher to communicate during military campaigns. The recipient uses a rod of the same diameter on which the parchment is wrapped to read the message. Cipher Disk - Correct Answers: Cryptographic device that uses two concentric disks, each with an alphabet around the periphery Vigenère cipher (Vee-zha-nair) - Correct Answers: a method of encrypting text by applying a series of Caesar ciphers based on the letters of a keyword. Playfair Cipher - Correct Answers: Invented by Charles Wheatstone in 1854. Encrypts two letters instead of one, this makes it more complex. Uses a 5x5 table containing a keyword. No more secure than any other older ciphers. ADFGVX Cipher - Correct Answers: Invented by Colonel Fritz Nebel in 1918. It is a 6x6 grid with ADFGVX at the top of each column and beginning of each row. The 26 letters and numbers 0-10 are placed randomly on the table. You then replace each character of your message with two characters which are represented by the column followed by the row each character is present in. Homophonic Substitution - Correct Answers: Early attempt to make substitution ciphers more robust, masks letter frequencies, plain text letters map to multiple cipher text symbols Null cipher - Correct Answers: Hiding plaintext within other plaintext. A form of steganography. Book cipher - Correct Answers: Cryptographic method that uses whole words from a well-known text such as a dictionary as a one-to-one replacement for plaintext Rail Fence Cipher - Correct Answers: Most widely known transposition cipher, encrypts the message by altering each letter on a different row, message must then be written down left to right and put into rows CrypTool - Correct Answers: Free tool that allows you to enter text and then choose a historical algorithm to encrypt the text Kasiski examination - Correct Answers: A method of attacking polyalphabetic substitution ciphers, this method can be used to deduce the length of the keyword used in a polyalphabetic substitution cipher. This is sometimes also called Kasiski's test or Kasiski's method. Kerckhoffs's Principle - Correct Answers: A cryptography principle that states that the algorithm should not be the secret part of the cryptographic process or method used; the principle states that the key should be the secret part of the cryptosystem. Symmetric Algorithms - Correct Answers: Operate with a single cryptographic key that is used for both encryption and decryption of the message. Examples are DES, 3DES, DESX, AES, Blowfish, Serpent, Twofish, Skipjack, IDEA Asymmetric Algorithms - Correct Answers: uses two keys. One key is used to encrypt and the other to decrypt. The sender and receiver have two different keys. Examples are RSA, ECC, Diffie-Hellman, El Gamal, Knapsack, and DSA. TPM (Trusted Platform Module) - Correct Answers: A chip on the motherboard used with software applications for security. It can be used with Windows BitLocker Drive Encryption to provide full-disk encryption and to monitor for system tampering. HSM (Hardware Security Module) - Correct Answers: A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. C = E(k,p) Cipher text (C) is equal to the encryption function (E) with the key (k) and plaintext (p) being passed as parameters to that function. - Correct Answers: Symmetric encryption is expressed mathematically as: P = E(k,c) Plaintext (P) is equal to the encryption function (E) with the key (k) and Cipher text (c) being passed as parameters to that function. - Correct Answers: Symmetric decryption is expressed mathematically as: Key Clustering - Correct Answers: When different encryption keys generate the same ciphertext from the same plaintext message. synchronous - Correct Answers: Encryption or decryption is performed immediately - typically used with stream ciphers. Asynchronous - Correct Answers: Encrypt/Decrypt are processes in queues, key benefit utilization of hardware devices and multiprocessor systems hash function - Correct Answers: A one-way mathematical operation that reduces a message or data file into a smaller fixed length output, or hash value. digital certificate - Correct Answers: a data file that identifies individuals or organizations online and is comparable to a digital signature. Current type currently in use X.509 v3 Certificate Authority (CA) - Correct Answers: An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates. Root CA - Correct Answers: Typically only issues certificates to subordinate CA's - typically kept offline so they do not get compromised. Subordinate CA - Correct Answers: Issues certificates to users & computers on behalf of the root CA. Registration Authority (RA) - Correct Answers: A subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users. Enterprise CA - Correct Answers: Tied to an LDAP provider. It is a CA that has a domain controller. Standalone CA - Correct Answers: A CA that works without Active Directory and does not need Active Directory, however, the server can be a member of a domain. Users can request certificates using a manual procedure or web enrollment, where they have to identify information and specify the certificate they need. Digital Signatures - Correct Answers: public-key equivalent of message authentication codes. electronic certificates that are used to authenticate the validity of individuals and companies conducting business electronically Cryptosystem - Correct Answers: Consists of the algorithm (cipher) and cryptovariable (key), as well as all the possible plaintexts and ciphertexts produced by the cipher and key. Cryptovariable - Correct Answers: Another name for the key used to perform encryption and decryption activities. Non-repudiation - Correct Answers: The security principle of providing proof that a transaction occurred between identified parties. Repudiation occurs when one party in a transaction denies that the transaction took place. Cryptoanalysis - Correct Answers: study of principles/methods of deciphering ciphertext without knowing key Cryptology - Correct Answers: the science of interpreting secret writings, codes, ciphers, and the like collision - Correct Answers: Occurs when a hash function generates the same output for different inputs. Key Space - Correct Answers: Represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password. Work Factor - Correct Answers: This represents the time and effort required to break a protective measure. Initialization Vector (IV) - Correct Answers: A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment. Encoding - Correct Answers: The action of changing a message into another format through the use of a code. Transposition or permutation - Correct Answers: Swapping/shifting of blocks of text. Substitution - Correct Answers: Changing some part of the plaintext for a different value. SP-network - Correct Answers: substitution and permutation (transposition), most block ciphers do a series of repeated substitutions and permutations to add confusion and diffusion to the encryption process Confusion - Correct Answers: Provided by mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter. Diffusion - Correct Answers: Literally means having changes to one character in the plaintext affect multiple characters in the ciphertext, unlike historical algorithms where each plaintext character only affected one ciphertext character. This concept of _ makes modern symmetric algorithms far more secure than the classic algorithms. It also means the algorithms are more complicated. Avalanche effect - Correct Answers: Where a minor change in either the key or the plaintext will have a significant change in the resulting ciphertext. Stream Cipher - Correct Answers: An encryption method that encrypts a single bit at a time. Popular when data comes in long streams (such as with older wireless networks or cell phones). Block Cipher - Correct Answers: An encryption algorithm in which data is encrypted in "chunks" of a certain length at a time. Popular in wired networks. The current generation of block ciphers has a block size of 128 bits (16 bytes). Ciphertext-only attack - Correct Answers: Cryptanalysis attack where the attacker is assumed to have access only to a set of ciphertexts. This is the most difficult type of attack, because you have the least amount of information. known plaintext attack - Correct Answers: When an attacker has both a known plaintext and the ciphertext, they can sometimes derive the key itself. Chosen-plaintext attacks - Correct Answers: - attacker has the plaintext and ciphertext - chooses plaintext that gets encrypted - Attacker sends a message they think the victim will encrypt and send out to others Counter Mode - Correct Answers: A DES mode similar to OFB mode that uses an incrementing IV counter to ensure that each block is encrypted with a unique keystream. Also, the ciphertext is not chaining into the encryption process. Because this chaining does not occur, performance is much better than the other modes. output feedback (OFB) mode - Correct Answers: makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location. This property allows many error-correcting codes to function normally even when applied before encryption. cipher block chaining (CBC) mode - Correct Answers: Ehrsam, Meyer, Smith and Tuchman invented the _ of operation in 1976.[23] In _ mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block. AES (Advanced Encryption Standard) - Correct Answers: A strong symmetric block cipher that encrypts data in 128-bit blocks. can use key sizes of 128 bits, 192 bits, or 256 bits. K4 - Correct Answers: Generator 4 cylinder engine. Diffie-Hellman - Correct Answers: A cryptographic algorithm that allows two users to share a secret key securely over a public network. XOR - Correct Answers: A logical operation used in some encryption schemes._ operations compare two inputs. If the two inputs are the same, it outputs True. If the two inputs are different, it outputs False. chosen-ciphertext attack - Correct Answers: In a __, you get to choose both plaintext values and ciphertext values. For every plaintext that you choose, you get the corresponding ciphertext, and for any ciphertext you choose, you get the corresponding plaintext. Birthday Attack - Correct Answers: a probability method of finding a collision in a hash function Meet-in-the-middle attack - Correct Answers: One cryptanalysis method that is used to defeat a multi-step encryption process uses both the original clear text to work forward toward an intermediate value, and the ending cipher text to work backward toward an intermediate value so that the key space that is to be defeated is smaller and more computationally manageable. permute - Correct Answers: submit to a process of alteration, rearrangement, or permutation Related Key Attack - Correct Answers: similar to a chosen-plaintext attack, except the attacker obtains ciphertexts encrypted under several different secret keys related in some way Davies-Meyer Construction - Correct Answers: One standard technique of constructing a hash function from a block cipher is the __. In a __ hash function, the attacker suddenly gets to choose the key of the block cipher, which allows related-key and chosen-key attacks. non-generic - Correct Answers: An attack on a block cipher is a __ method of distinguishing the block cipher from an ideal block cipher. distinguisher - Correct Answers: is an algorithm that is given a black-box function that computes either the block cipher X or an ideal block cipher. black-box function - Correct Answers: A __ is a function that can be evaluated, but the distinguisher algorithm does not know the internal workings of the function in the black box. Parity attack - Correct Answers: For a given key, extract the permutation by encrypting all possible plaintexts. If the permutation is odd, we know that we have an ideal block cipher, because the real block cipher never generates an odd permutation. If the permutation is even, we claim to have a real block cipher. Binary AND - Correct Answers: If both numbers have a one in the same place, then the resultant number is a one. If not then it is a zero 1st number - 1100 2nd number - 0100 -------------------------- Result - 0100 Binary OR - Correct Answers: Checks to see if there is a one in either or both numbers in the same place. If so, the resultant number is one, if not, it is zero. 1st number - 1100 2nd number - 0100 -------------------------- Result - 1100 Binary XOR (exclusive OR) - Correct Answers: will always produce a 1 output if either of its inputs is 1 and will produce a 0 output if both of its inputs are 0 or 1. 1st - 1110 2nd - 0101 ============== Result - 1011 is reversible. If you _ the resultant number with the second number, you get back the first number. Conversely, If you _ the resultant number with the first number, you get the second number. round - Correct Answers: Virtually all block ciphers consist of several repetitions of a weak block cipher, known as a _. Several of these weak _ in sequence make a strong block cipher. This structure is easy to design and implement, and is also a great help in the analysis. Data Encryption Standard (DES) - Correct Answers: One of the first widely popular symmetric cryptography algorithms. No longer considered secure. Its restricted key size of 56 bits and small block size of 64 bits make it unsuitable for today's fast computers and large amounts of data. Key Schedule - Correct Answers: a simple algorithm that will take the initial key the two parties derived and generate from that a slightly different key each round Feistel Cipher - Correct Answers: Proposed the use of a cipher that alternates substitutions and permutations Substitutions Each plaintext element or group of elements is uniquely replaced by a corresponding ciphertext element or group of elements Permutation No elements are added or deleted or replaced in the sequence, rather the order in which the elements appear in the sequence is changed Is a practical application of a proposal by Claude Shannon to develop a product cipher that alternates confusion and diffusion functions Is the structure used by many significant symmetric block ciphers currently in use Advanced Encryption Standard (AES) - Correct Answers: It is not a Feistel cipher. The subsequent rounds are similar. The plaintext comes in as 16 bytes (128 bits) at the very top. The first operation is to XOR the plaintext with 16 bytes of round key. This is shown by the ⊕ operators; the key bytes come into the side of the XORs. Each of the 16 bytes is then used as an index into an S-box table that maps 8-bit inputs to 8-bit outputs. The S-boxes are all identical. The bytes are then rearranged in a specific order that looks a bit messy but has a simple structure. Finally, the bytes are mixed in groups of four using a linear mixing function. The term linear just means that each output bit of the mixing function is the XOR of several of the input bits. A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES. 3DES (Triple DES) - Correct Answers: Symmetric Key Algorithm, Applies DES three times, 168-bit key (+24 for parity) Serpent - Correct Answers: _ was another AES finalist. It is built like a tank. Easily the most conservative of all the AES submissions, is in many ways the opposite of AES. Whereas AES puts emphasis on elegance and efficiency, _ is designed for security all the way. The best attack we know of covers only 12 of the 32 rounds. The disadvantage of __ is that it is about one-third the speed of AES. Twofish - Correct Answers: _ was an AES finalist as well. It can be seen as a compromise between AES and Serpent. It is nearly as fast as AES, but it has a larger security margin. The best attack we know of is on 8 of the 16 rounds. The biggest disadvantage of _ is that it can be rather expensive to change the encryption key, as _ is best implemented with a lot of precomputation on the key. Blowfish - Correct Answers: 16 round Feistel cipher working on 64 bit blocks, and has a varying key size of 32 to 448 bits Skipjack - Correct Answers: Promoted by the NSA. uses an 80-bit key, supports the same four modes of operation as DES, and operates on 64-bit blocks of text. provides cryptographic routines in support of Clipper and Capstone. faced public opposition because it was developed so that the government could maintain information enabling legal authorities (with a search warrant or approval of the court) to reconstruct a Skipjack access key and decrypt private communications between affected parties. RC4 - Correct Answers: The algorithm is used identically for encryption and decryption as the data stream is simply XORed with the key. _ uses a variable length key from 1 to 2048 bits, (minimum of 40 busts or higher to be considered secure. ) FISH (Fibonacci Shrinking) - Correct Answers: Published by Siemens in 1993. A software based stream cipher using a lagged Fibonacci generator (pseudorandom number generator) PIKE - Correct Answers: Improvement on fish due to vulnerability to known plaintext attacks. Published by Ross Anderson MD5 - Message Digest 5 - Correct Answers: 128-bit hash based on variable-length plaintext SHA1 - Correct Answers: 160 bits Salting the Hash - Correct Answers: adding random values to the original hash to make it harder to crack. prevents the use of rainbow tables. (lookups) Confusion - Correct Answers: Attempts to make the relationship between the statistical frequencies of the ciphertext and the actual key as complex as possible. This occurs by using a complex substitution algorithm. Avalanche - Correct Answers: This term means that a small change yields large effects in the output. this is feistel variation on the claude shannon's concept of diffusion. Cipher - Correct Answers: the algorithms needed to encrypt and decrypt a message key - Correct Answers: The random bits used in encrypting a message Algorithm - Correct Answers: The mathematical process used to alter a message and read it unintelligible by any but the intended party. DESx - Correct Answers: Variation of DES that uses a technique called Key Whitening. XORs a key with text before or after the round function or both. Electronic Codebook (ECB) mode - Correct Answers: a mode of operation that divides plaintext into blocks and then encrypt each block using the same key. If two plaintext blocks are the same, then the corresponding ciphertext blocks will be identical, and that is visible to the attacker. Depending on the structure of the message, this can leak quite a lot of information to the attacker. Cipher Block Chaining (CBC) - Correct Answers: a mode of operation that each block of plaintext is XORed with the previous ciphertext block before being encrypted. The initial plaintext block has an IV added prior to encryption to produce a unique ciphertext value. Propagating Cipher Block Chaining (PCBC) - Correct Answers: Each block of plaintext is XORed with the XOR of the previous plaintext block and the previous ciphertext block before being encrypted. As with CBC mode, an initialization vector is used in the first block. Cipher Feedback (CFB) - Correct Answers: Allows encryption of partial blocks rather than requiring full blocks for encryption. This eliminates the need to pad a block like in CBC. Output Feedback (OFB) - Correct Answers: Makes a block cipher into a synchronous stream cipher, generates keystream blocks, which are then XORed with the plain text blocks to get the cipher text. Counter Mode (CTR) - Correct Answers: Similar to OFB mode, but instead of using a random IV value CTR mode increments an IV counter for each plaintext block. Fixed IV - Correct Answers: You should not use a _ IV, as that introduces the ECB problem for the first block of each message. If two different messages start with the same plaintext block, their encryptions will start with the same ciphertext blocks. In real life, messages often start with similar or identical blocks, and we do not want the attacker to be able to detect this. Counter IV - Correct Answers: Use IV=0 for the first message, IV=1 for the second message, etc. Again, this is not a very good idea. Random IV - Correct Answers: The principal disadvantage of a _ IV is that the ciphertext is one block longer than the plaintext. Nonce-Generated IV - Correct Answers: is a value that is used only once one-time pad (OTP) - Correct Answers: Combining plaintext with a random key to create ciphertext that cannot be broken mathematically. SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. There are other published proposals, including submissions for the new SHA-3 - Correct Answers: List the SHA family Not collision resistant - Correct Answers: What is the biggest problem with MD5? MD6 - Correct Answers: uses a Merkle tree-like structure to allow for immense parallel computation of hashes for very long inputs. This algorithm was submitted to the NIST SHA-3 competition. However, on July 1, 2009, Rivest posted a comment at NIST that _ is not yet ready to be a candidate for SHA-3 because of speed issues and other concerns. FORK-256 - Correct Answers: This hash is in analysis phase and not in widespread use. Uses 512bit blocks and implements preset constants that change after each repetition. Each block is hashed into a 256bit block through four branches that divides each 512 block into sixteen 32bit words that are further encrypted and rearranged. Branches are used in parallel making it hard to analyze. RIPEMD-160 - Correct Answers: A message digest algorithm that produces a 160-bit hash value after performing 160 rounds of computations on 512-bit blocks. GOST - Correct Answers: Hash algortihm created by the Russians. Produces a fixed length output of 256bits. Input message is broken up into 256 bit blocks. If block is less than 256 bits then it is padded with 0s. TIGER - Correct Answers: 192bit hash function created by Ross Anderson and Eli Biham in 1995. Designed using the Merkle-Damgard construction (collision resistant hash functions). One way compression function operates on 64bit words, maintaining 3 words of state and processing 8 words of data. 24 rounds and 8 input words. HMAC (Hash-Based Message Authentication Code) - Correct Answers: is a fixed length string of bits similar to other hashing algorithms such as MD5 and SHA-1, but it also uses a secret key to add some randomness to the result. MAC or Message Authentication Code - Correct Answers: A _ uses a block cipher in CBC mode to improve integrity Public - Correct Answers: Which type of certificate must be certified by an authority to verify it with other participants? Public Root Private Domain Skipjack - Correct Answers: Which algorithm is designated as a Type 2 product by the National Security Agency (NSA)? Data Encryption Standard (DES) Secure hash algorithm (SHA) Skipjack PEGASUS It requires a unique nonce. - Correct Answers: What is an attribute of the Rivest Cipher 4 (RC4) algorithm? It encrypts whole blocks of data at a time. It is an asymmetric cipher. Its keys are longer than the encrypted message. It requires a unique nonce. Counter (CTR) - Correct Answers: Which mode generates the key stream with a nonce and incrementing value? Electronic codebook (ECB) Cipher block chaining (CBC) Output feedback (OFB) Counter (CTR) Digest - Correct Answers: What is the result of a hash function? Digest Signature Ciphertext Plaintext Message Digest Algorithm 5 (MD5) - Correct Answers: Which cryptographic algorithm has a 128-bit hash size? Secure Hash Algorithm 1 (SHA-1) Message Digest Algorithm 5 (MD5) Triple Data Encryption Standard (3DES) Advanced Encryption Standard (AES) Collision resistance - Correct Answers: Which characteristic makes a hashing function suitable for use in signature schemes? Varying operational modes Use of bit-by-bit encryption Use of unique key values Collision resistance Partial-message collision - Correct Answers: Which attribute of a hashing function makes a birthday attack possible? Man-in-the-middle detection Partial-message collision Brute-force protection Plaintext SHA-1 - Correct Answers: Which hash algorithm produces a 160-bit output value? SHA-1 MD5 SHA-2 Diffie-Hellman Previous generated ciphertext - Correct Answers: What does cipher block chaining (CBC) use with the key to encrypt subsequent blocks of plaintext? Counter Nonce Previous generated ciphertext Previous plaintext RSA (Rivest-Shamir-Adleman) - Correct Answers: Which algorithm relies on factoring the product of large prime numbers? Elliptical curve ElGamal Rivest-Shamir-Adleman Diffie-Hellman Pretty Good Privacy (PGP) - Correct Answers: Which encryption technology is a serial combination of hashing, data compression, symmetric-key cryptography, and public key infrastructure (PKI) and can be used for encrypting texts, emails, files, and directories or for full disk encryption? Pretty Good Privacy (PGP) Wired Equivalent Privacy (WEP) Diffie-Hellman (DH) Rivest-Shamir-Adleman (RSA) Randomizing the initialization vector - Correct Answers: Which encryption process minimizes known plaintext attacks against Advanced Encryption Standard (AES)? Randomizing the initialization vector Using a hashing algorithm Increasing the block size Decreasing the block size Key length is too short. - Correct Answers: What is a vulnerability of the Data Encryption Standard (DES)? Key length is too long. Key length is too short. Bits are rearranged in a semi-ordered fashion during the encryption process. The plaintext is split into two equal halves that are labeled L and R. 128 - Correct Answers: Which block size does the Advanced Encryption Standard (AES) use? 64 128 192 256 Skipjack - Correct Answers: Which block algorithm includes a provision for the decryption key kept in a key escrow? Blowfish Serpent Skipjack Twofish ( X mod P, X mod Q) - Correct Answers: How is X mod N if N = PQ represented in number theory? (((( A- B)( Q − 1 mod Q))mod Q) Q+ B )mod P ( P mod X, Q mod X) (((( A+ B)( Q − 1 mod P))mod P) Q+ B )mod P ( X mod P, X mod Q) Counter (CTR) - Correct Answers: Which mode does the Fortuna algorithm use to generate random numbers? Electronic codebook (ECB) Cipher block chaining (CBC) Output feedback (OFB) Counter (CTR) Cyclic redundancy check - Correct Answers: Which feature in Wired Equivalent Privacy (WEP) provides integrity control when sending packets over a wireless network? Nonce Network password Cyclic redundancy check Secret key Integrity Confidentiality - Correct Answers: Which two concerns does the use of Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) address? Choose 2 answers. Confidentiality Nonrepudiation Availability Accountability Integrity .p12 - Correct Answers: Which extension designates a file containing a password-protected private key? .cer .pem .p7b .p12 Certificate policy (CP) - Correct Answers: Which part of the public key infrastructure (PKI) defines how a credential is used? Certificate authority (CA) Certificate policy (CP) Public Key Cryptography Standards (PKCS) Registration authority (RA) Internet Protocol Security (IPsec) - Correct Answers: Which solution is used in a Layer 2 Tunneling Protocol (L2TP) virtual private network (VPN) to secure data in transmission? Cipher block chaining (CBC) Hypertext Transfer Protocol Secure (HTTPS) Microsoft Point-to-Point Encryption (MPPE) Internet Protocol Security (IPsec) IPSec (Internet Protocol Security) - Correct Answers: A Layer 3 protocol that defines encryption, authentication, and key management for TCP/IP transmissions. is an enhancement to IPv4 and is native to IPv6. is unique among authentication methods in that it adds security information to the header of all IP packets. prevents unauthorized logins by preventing packet retransmission. Microsoft Point-to-Point Encryption (MPPE) - Correct Answers: This protocol encrypts PPP frames with this encryption by using encryption keys generated from the MS-CHAP v2 or EAP-TLS authentication process. 443 - Correct Answers: Which port does Secure Socket Tunneling Protocol (SSTP) use? Vigenère - Correct Answers: Which cipher uses a series of ciphers based on a keyword? Affine Atbash Caesar Vigenère Kasiski's method - Correct Answers: Which technique solves polyalphabetic substitution ciphers by deducing the key length? Kasiski's method Frequency analysis Exhaustive search Rainbow tables Messages are encrypted using different secrets, and the analyst compares the messages to figure out how the algorithm works. - Correct Answers: Which technique does related-key cryptanalysis use to decipher a message? -Ciphertext messages are created from plaintext that is chosen by the analyst to determine how the algorithm works. -Encrypted messages are gathered, and the analyst looks for patterns to figure out which algorithm is being used. -Messages are encrypted using different secrets, and the analyst compares the messages to figure out how the algorithm works. -Plaintext messages and corresponding ciphertext are gathered to help the analyst learn about the algorithm. Exhaustive Search - Correct Answers: searching for a goal state by generating the entire problem space Elliptical Curve Cryptography (ECC) - Correct Answers: An algorithm that combines plane geometry with algebra to achieve stronger authentication with smaller keys compared to traditional methods, such as RSA, which primarily use algebraic factoring. Smaller keys are more suitable to mobile devices.