CCNAS Module 7
CCNAS Module 7
1
1 Which three primary functions are required to secure coWhich three primary functions are required to secure co mmunication across network links?mmunication across network links?
(Choose three.) (Choose three.) accounting accounting anti-replay protection anti-replay protection authentication authentication authorization authorization confidentiality confidentiality integrity integrity 2
2 Which two encryption algorithms are commonly used to enWhich two encryption algorithms are commonly used to en crypt the contents of a message?(Choose two.)(Choose two.) crypt the contents of a message?
3DES 3DES AES AES IPsec IPsec PKI PKI SHA1 SHA1 3
3 An administrator requires a PKI that supports a longer lifetime for keys used for digital signingAn administrator requires a PKI that supports a longer lifetime for keys used for digital signing
operations than for keys used for encrypting data. Which
operations than for keys used for encrypting data. Which feature should the PKI support?feature should the PKI support? certificate keys certificate keys nonrepudiation keys nonrepudiation keys usage keys usage keys variable keys variable keys 4 4
Two users must authenticate each other
Two users must authenticate each other using digital certificates and a CA. Which option describes theusing digital certificates and a CA. Which option describes the CA authentication procedure?
CA authentication procedure?
The CA is always required, even after user verification is complete. The CA is always required, even after user verification is complete. The users must obtain the certificate of the CA
The users must obtain the certificate of the CA and then their own and then their own certificate.certificate. After user verification is complete, the CA is no
After user verification is complete, the CA is no longer required, even if one of longer required, even if one of the involved certificathe involved certifica expires.
expires.
CA certificates are retrieved out-of-band using the PSTN, and the
CA certificates are retrieved out-of-band using the PSTN, and the authentication is done in-band oveauthentication is done in-band ove network.
network.
5
5 A customer purchases an item from an e-commerce site. The e-commerce site must maintain proof thatA customer purchases an item from an e-commerce site. The e-commerce site must maintain proof that
the data exchange took
the data exchange took place between the site and place between the site and the customer. Which feature of digital signatures isthe customer. Which feature of digital signatures is required?
authenticity of digitally signed data authenticity of digitally signed data integrity of digitally signed data integrity of digitally signed data nonrepudiation of the transaction nonrepudiation of the transaction confidentiality of the public key confidentiality of the public key
6
6 What is the basic method used What is the basic method used by 3DES to encrypt plaintext?by 3DES to encrypt plaintext?
The data is encrypted three times with three different keys. The data is encrypted three times with three different keys. The data is encrypted, decrypted, and
The data is encrypted, decrypted, and encrypted using three different keys.encrypted using three different keys. The data is divided into three
The data is divided into three blocks of equal length for encryption.blocks of equal length for encryption.
The data is encrypted using a key length that is three times longer than the key used for DES. The data is encrypted using a key length that is three times longer than the key used for DES.
7
7 Which statement describes a cryptographic hash function?Which statement describes a cryptographic hash function?
A one-way cryptographic hash function is hard
A one-way cryptographic hash function is hard to invert.to invert.
The output of a cryptographic hash function can be any length. The output of a cryptographic hash function can be any length. The input of a cryptographic hash function has a fixed length. The input of a cryptographic hash function has a fixed length. A cryptographic hash function is used to provide confidentiality. A cryptographic hash function is used to provide confidentiality.
8
8 Which statement is a feature of HMAC?Which statement is a feature of HMAC?
HMAC is based on the RSA hash function. HMAC is based on the RSA hash function. HMAC uses a secret key that is only known
HMAC uses a secret key that is only known to the sender and defeats to the sender and defeats man-in-the-middle attacks.man-in-the-middle attacks. HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance. HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance. HMAC uses protocols such as SSL or TLS to provide
HMAC uses protocols such as SSL or TLS to provide session layer confidentiality.session layer confidentiality.
9
9 Why is RSA typically used to protect only small amounts of data?Why is RSA typically used to protect only small amounts of data?
The keys must be a fixed length. The keys must be a fixed length. The public keys must be kept secret. The public keys must be kept secret.
The algorithms used to encrypt data are slow. The algorithms used to encrypt data are slow. The signature keys must be changed
The signature keys must be changed frequently.frequently.
10
10 The network administrator for an e-commerce website requires a The network administrator for an e-commerce website requires a service that prevents customers fromclaiming that legitimate orders are fake. What service provides claiming that legitimate orders are fake. What service provides this type of guarantee?this type of guarantee?service that prevents customers from
authentication authentication confidentiality confidentiality integrity integrity nonrepudiation nonrepudiation 11 11
Refer to the exhibit. Which encryption algorithm is described in the exhibit? Refer to the exhibit. Which encryption algorithm is described in the exhibit?
3DES 3DES AES AES DES DES RC4 RC4 SEAL SEAL 12
12 Which statement describes asymmetric encryption algorithms?Which statement describes asymmetric encryption algorithms?
They include DES, 3DES, and AES. They include DES, 3DES, and AES. They have key lengths ranging from 8
They have key lengths ranging from 80 to 256 bits.0 to 256 bits. They are also called shared-secret key algorithms. They are also called shared-secret key algorithms. They are relatively slow because they are based
They are relatively slow because they are based on difficult computational algorithms.on difficult computational algorithms.
13
13 Which symmetrical encryption algorithm is the most difficult to crack?Which symmetrical encryption algorithm is the most difficult to crack?
3DES 3DES AES AES DES DES RSA RSA SHA SHA 14
14 What is a characteristic of the RSA algorithm?What is a characteristic of the RSA algorithm?
RSA is much faster than DES. RSA is much faster than DES. RSA is a common
RSA is a common symmetric algorithm.symmetric algorithm. RSA is used to protect corporate data in
RSA is used to protect corporate data in high-throughput, low-latency environments.high-throughput, low-latency environments. RSA keys of 512 bits can be
RSA keys of 512 bits can be used for faster processing, while keys of 2048 bits can used for faster processing, while keys of 2048 bits can be used for be used for increased security.
15 15
Refer to the exhibit. Which type of cipher method is depicted? Refer to the exhibit. Which type of cipher method is depicted?
Caesar cipher Caesar cipher stream cipher stream cipher substitution cipher substitution cipher transposition cipher transposition cipher 16
16 What does it mean when a hashing algorithm is collision resistant?What does it mean when a hashing algorithm is collision resistant?
Exclusive ORs are performed on input data and produce a digest. Exclusive ORs are performed on input data and produce a digest. It is not feasible to compute the hash
It is not feasible to compute the hash given the input data.given the input data. It uses a two-way function that computes a hash
It uses a two-way function that computes a hash from the input and output data.from the input and output data. Two messages with the same hash are
Two messages with the same hash are unlikely to occur.unlikely to occur.
17
17 How do modern cryptographers defend against brute-force attacks?How do modern cryptographers defend against brute-force attacks?
Use statistical analysis to eliminate the most common encryption keys. Use statistical analysis to eliminate the most common encryption keys.
Use an algorithm that requires the attacker to have both ciphertext and plaintext to conduct a Use an algorithm that requires the attacker to have both ciphertext and plaintext to conduct a successful attack.
successful attack.
Use a keyspace large enough that it takes too much money and too much time to conduct a Use a keyspace large enough that it takes too much money and too much time to conduct a successful attack.
successful attack.
Use frequency analysis to ensure that the most popular letters used in the language are not used Use frequency analysis to ensure that the most popular letters used in the language are not used in the cipher message.
18
18 Which two statements correctly describe certificate classes used in the PKI? (Choose two.)Which two statements correctly describe certificate classes used in the PKI? (Choose two.)
A class 0 certificate is for testing purposes. A class 0 certificate is for testing purposes.
A class 0 certificate is more trusted than a class 1
A class 0 certificate is more trusted than a class 1 certificate.certificate. The lower the class number, the more trusted the certificate. The lower the class number, the more trusted the certificate.
A class 5 certificate is for users with a focus on verification of email. A class 5 certificate is for users with a focus on verification of email.
A class 4 certificate is for online business transactions between companies. A class 4 certificate is for online business transactions between companies.
19 19
Which statement describes the use of keys for encryption? Which statement describes the use of keys for encryption?
The sender and receiver must use
The sender and receiver must use the same key when using the same key when using symmetric encryption.symmetric encryption. The sender and receiver must use
The sender and receiver must use the same key when using the same key when using asymmetric encryption.asymmetric encryption. The sender and receiver must use
The sender and receiver must use the same keys for both symmetric and asymmetric encryption.the same keys for both symmetric and asymmetric encryption. The sender and receiver must use
The sender and receiver must use two keys: one for symmetric encryption and another for two keys: one for symmetric encryption and another for asymmetric encryption.
asymmetric encryption.
20
20 Which encryption protocol provides network layer confidentiality?Which encryption protocol provides network layer confidentiality?
IPsec protocol suite IPsec protocol suite Keyed MD5
Keyed MD5 Message Digest 5 Message Digest 5 Secure Sockets Layer Secure Sockets Layer Secure Hash Algorithm 1 Secure Hash Algorithm 1 Transport Layer Security Transport Layer Security
