Self Test | SSCP Study Guide and DVD Training System

A Quick Answer Key follows the Self Test questions. For complete questions, answers, and epxlanations to the Self Test questions in this chapter as well as the other chapters in this book, see the Self Test Appendix.

1.	Encryption involves taking ordinary data and manipulating it so that it is not readable except by the desired party. The resulting secret message created in an encryption process is called? The one-time pad Ciphertext Message digest Digital signature
2.	Which of the following is not a symmetric algorithm? RSA IDEA DES AES
3.	You are designing a high-speed encryption system for data communications. You believe that the best performance will be achieved through the use of a stream cipher. Which of the following do you select for your application? MAC MD5 RC4 RSA
4.	Your boss would like to evaluate a VPN solution from a new vendor and asks for your opinion regarding the strength of the system. You reply that the strength of an encryption process should rely on: The strength of the encryption algorithm used The secrecy of the algorithm used The speed of the encryption process The use of ASICs for hardware encryption
5.	Digital signatures are created by? Block ciphers MACs Hashing functions Cryptanalysis
6.	In a PKI system certificates are issued by: The client The government The CA The ORA
7.	Your manager asks you how she knows if her digitally signed messages have been altered. You reply that if a single bit changes in a message with a digital signature then: The signature will match with the addition of a single bit The signature will not match and will not validate the message The message will be unreadable The sender will be unknown
8.	Key escrow involves which of the following options? Key storage on read-only media The placement of a private key with a trusted third party Destruction of keys after use Sharing of keys between trusted users
9.	Management has heard much regarding a vendor's use of Kerberos authentication in their product, and she wants to know what Kerberos is. You reply that it is: A public key authentication protocol An encryption algorithm for authentication protocols A vendor-specific authentication system A secret key authentication protocol
10.	Your database administrator would like his project's data encrypted and it includes an entire hard disk partition. What is the best choice for bulk data encryption? A one-time pad A private key system An asymmetric encryption system A hashing algorithm
11.	Security for public key exchanges can be provided by: Courier Known plaintext Known ciphertext Digital certificates
12.	What is the definition of steganography? The hiding of ciphertext within plaintext The conversion of plaintext to ciphertext Hiding text data within images or other data types A cryptanalysis procedure
13.	For a recipient to decrypt a message you sent to them via a PKI system, you must do which of the following? Nothing Share your secret key Manually send your public key Manually create a session key
14.	What is a cryptovariable? The time delay in sending encrypted data The variation in the stream of ciphertext The variation in the key size used The secret key

Answers

1.	þ Answer B is correct. The resulting encrypted data is called the ciphertext. ý Answer A is incorrect because a one-time pad is a type of secret key. Answers C and D are incorrect because message digests and digital signatures do not include the data that is encrypted, but are produced dependent on that data.
2.	þ Answer A is correct. RSA is a public key system, not a symmetric algorithm. ý Answers B, C, and D are incorrect because all are symmetric, or private key algorithms.
3.	þ Answer C is correct. RC4 is a stream cipher. ý Answer A is incorrect because a MAC is a message authentication code. Answer B is incorrect because MD5 stands for Message Digest 5; message digests are not stream ciphers. Answer D is incorrect because RSA stands for Rives, Shamir and Adleman, the names of the creators of the RSA key exchange algorithm as well as other encryption processes and algorithms.
4.	þ Answer A is correct. The use or choice of strong keys of sufficient length is also important, as are other issues such as the secrecy of those keys, passphrase(s), and other factors. ý Answer B is incorrect because a strong encryption process should not depend on the encryption algorithm remaining secret. Answer C is incorrect because the speed of an encryption implementation may be important, but is unrelated to the inherent strength. Answer D is incorrect because the choice or use of hardware solutions such as ASICs is independent of the strength of the encryption process. Encryption strength should be equal regardless of a hardware or software implementation.
5.	þ Answer C is correct. Digital signatures are created through the use of hashing functions. ý Answer A is incorrect because block ciphers are not involved with digital signatures. Answer B is incorrect because MAC stands for Message Authentication Code Answer D is incorrect because cryptanalysis is the attempt to resolve plaintext from ciphertext.
6.	þ Answer C is correct. Certificate Authorities issue and revoke certificates in PKI systems. ý Answer A is incorrect because clients may possess certificates, but do not issue them. Answer B is incorrect because the government is a non sequitur in this question. Answer D is incorrect because an ORA verifies certificate holders, their identities, and public keys in a PKI system.
7.	þ Answer B is correct. Even a single bit changed will result in the digital signature not matching. This will alert the recipient to the change. ý Answer A is incorrect because bits cannot be added to a signature - they are a fixed size. Answer C is incorrect because the message will still be readable. Answer D is incorrect because the signature will not affect knowledge of the sender.
8.	þ Answer B is correct. Key escrow involves creation of a back door for recovery of keys. ý Answers A, C, and D are incorrect.
9.	þ Answer D is correct. Kerberos is a secret key authentication protocol. ý Answers A, B, and C are incorrect because Kerberos is not vendor specific and is not an algorithm.
10.	þ Answer B is correct. A private key system will provide the performance needed to encrypt large amounts of data. ý Answer A is incorrect because a one-time pad would require a key the size of the data set, thereby doubling the entire storage requirement, and is impractical. Answer C is incorrect because asymmetric systems are considered too slow for large encryption tasks. Answer D is incorrect because hashing would be a non-productive method of encrypting data for storage.
11.	þ Answer D is correct. Digital certificates provide means to authenticate the sender of a public key. In a PKI system, a key distribution center can serve both functions. ý Answer A is incorrect because, while a courier might carry a key, this answer bears little relation to modern data cryptography. Also, couriers may not be trustworthy. Answer B and Answer C are incorrect because they are types of cryptographic attacks.
12.	þ Answer C is correct. Steganography involves hiding messages in images or other non-text data. ý Answer A is incorrect because hiding ciphertext within plaintext does not accurately describe the process. Answer B is incorrect because the conversion of plaintext to ciphertext is simply described as encryption. Answer D is incorrect because steganography is not a cryptanalysis procedure.
13.	þ Answer A is correct. The PKI system handles the work for the recipient and the sender. ý Answer B is incorrect because you never want to share your secret key. Answer C is incorrect because the CA will have your public key; you do not need to send it. Answer D is incorrect because if the communication requires a session key, the application will handle this function.
14.	þ Answer D is correct. A cryptovariable is the secret key used to encrypt data. ý Answers A and B are incorrect because cryptovariables are not related to time delays, or variations in the ciphertext. Answer C is incorrect because variations in the key size used changes the key space.