Question 1

Steganography is the science of writing hidden messages; it is a form of security through

obscurity and does not deal with keys or certificate authorities.

True
False

Question 2
Most certificates are based on the X.509 standard.

True
False

Question 3
Certificates are digitally signed electronic documents that bind a private key with a user
identity.

True
False

Question 4
Which of the following scenarios would not use a PKI?

E-commerce and web logins

E-mail and other communications
Symmetric key algorithms
Virtual private networks

Question 5
Symmetric key algorithms require a secure initial exchange of one or more secret keys.

True
False

Question 6
Public key cryptography uses asymmetric keys alone or in addition to symmetric keys.

True
False
Question 7
To gain access to your network, users must provide a thumbprint and a username and
password. What type of authentication model is this?

Biometrics
Domain logon
Multifactor
Single sign-on

Question 9
Of the following, which statement correctly describes the difference between a secure cipher
and a secure hash?

A hash produces a variable output for any input size; a cipher does not.
A cipher produces the same size output for any input size; a hash does not.
A hash can be reversed; a cipher cannot.
A cipher can be reversed; a hash cannot.

Question 10
Encryption is the process of summarizing a file for integrity purposes.

True
False

Question 11
Your boss wants you to use a cryptographic algorithm that cannot be decoded by being
reversed. Which of the following would be the best option?

Private key
Public key
Kerberos
Shared key

Question 12
Which of the following are commonly used in VPN tunneling protocols?

PPP
RADIUS
TACACS+
L2TP
Question 13
Rachel is investigating an information security incident that took place at the high school where
she works. She suspects that students may have broken into the student records system and
altered their grades. Which one of the tenets of information security did this attack violate the
most?

Confidentiality
Integrity
Availability
Non-repudiation

Question 14
Which of the following network protocols sends data between two computers while using a
secure channel?

SMTP
SNMP
FTP
SSH

Question 15
Which of the following is a stream cipher?

DES
RC4
AES
RSA

Question 1
Which of the following are asymmetric encryption algorithms?

DES
RC6
Diffie-Hellman
AES
Question 2
Which type of hacker has no affiliation with an organization, yet will hack systems without
malicious intent?

Gray hat
Blue hat
White hat
Black hat

Question 4
Social engineering involves viruses, worms, and Trojan horses.

True
False

Question 5
Your boss wants you to set up an authentication scheme in which employees will use smart
cards to go in to the company network. What kind of key should be used to accomplish this?

Asymmetric
Symmetric
PKI
One-way function

Question 6
TACACS+ encrypts client-server negotiation dialogues.

True
False

Question 7
Most PKIs use a web of trust model.

True
False

Question 8
The authentication header in IPsec can be used in combination with the Encapsulating Security
Payload (ESP).

True
False
Question 9
Authorization is when a person is in a state of being identified.

True
False

Question 10
802.1X is an authentication method used by network adapters on the transport layer.

True
False

Question 11
Encryption, authentication, and anti-malware are all ways to protect against malicious threats.

True
False

Question 13
Which of the following is a false statement about encryption algorithms?

One advantage of DES is its efficiency.

The two most commonly used protocols for creating VPN connections are PPTP and L2TP.
AES is not a symmetric encryption algorithm.
MD5 is the weakest hashing algorithm which produces a message digest of 128 bits.

Question 15
Which is the most secure method of authentication and authorization in its default form?

TACACS
Kerberos
RADIUS
LDAP

Question 1
Which of the following does not apply to an X.509 certificate?

Certificate version
The issuer of the certificate
Public key information
Owner’s symmetric key
Question 2
You are in charge of PKI certificates. What should you implement so
that stolen certificates cannot be used?

CAD
CRL
CA
RA

Question 3
DES is a commonly-used block cipher today.

True
False
Question 5
Which type of certificate is most commonly used by communications
sessions?

Single-sided certificate
Dual-sided certificate
Web of trust
Certificate authority

Question 8
A smart card is an example of something a user knows.

True
False

Question 9
What is another term for secret key encryption?

PKI
Asymmetrical
Symmetrical
Public key

Question 10
What ensures that a CRL is authentic and has not been modified?

The CRL can be accessed by anyone.

The CRL is digitally signed by the CA.
The CRL is always authentic.
The CRL is encrypted by the CA.
Question 11
What is a certificate added to when it is considered to be no longer
valid?

Key escrow
CRL
CA
RA

Question 12
Which of the following is a false statement about authentication?

RADIUS is a client-server system that provides authentication,

authorization, and accounting services.
PAP is insecure because usernames and passwords are sent as clear
text.
MS-CHAPv1 is capable of mutual authentication of the client and
server.
CHAP is more secure than PAP because it encrypts usernames and
passwords.

Question 13
In an 802.1X connection, the authenticator is software running on a
workstation.

True
False

Question 14
HTTPS will govern the entire session when a person attempts to
connect to a website securely.

True
False
 
Question 2
You need to encrypt and send a large amount of data. Which of the following
would be the best option?

Symmetric encryption
Asymmetric encryption
Hashing algorithm
PKI 

Question 3
Which of the following is the newest and strongest Windows hash?

LANMAN
NTLM
NTLM v2
NTLMv5

Question 4
Which of the following is not a logical method of access control?

Username/password
Access control lists
Biometrics
Software-based policy

Question 5
In cryptography, it is the key that is essential to determine the output of a
cipher.  

True
False

Question 6
Administrative security control deals with various policies and procedures,
security awareness training, and disaster recovery plans.

True
False
 
Question 7
802.11x permits or denies access to resources through the use of ports.
Answered
True
False 

Question 8
You are tasked with ensuring that messages being sent and received
between two systems are both encrypted and authenticated. Which of the
following protocols accomplishes this?
Diffie-Hellman
VPN
RSA
SHA-1 
Question 9
Which of the following is the greatest risk for removable storage?

1. Integrity of data
2. Availability of data
3. Confidentiality of data
4. Accountability of data

Integrity of data
Availability of data
Confidentiality of data 
Accountability of data

Question 10
When attempting to grant access to remote users, which protocol uses
separate, multiple-challenge responses for each of the authentication,
authorization, and audit processes?

TACACS
TACACS+ 
Kerberos 
RADIUS
 
Question 12
Public-key infrastructures are an entire system of hardware and software
used to create, distribute, manage, store, and revoke digital certificates.

True
False

Question 13
A key is an essential piece of information that determines the output of a
cipher.

True 
False

Question 14
Which of the following is Anthony’s public key pair in the scenario described
below?
Anthony wants to generate a public/private key pair for Sam to use SSL. He
chooses the following two prime numbers: p=5 and q=11.

(2, 55)!
(3, 55) 
(5, 40)  
(7, 40) 

Question 15
Alice and Bob, using insecure communication, want to agree on a secret
"shared key" that they can use to do further encryption for a long message.
They decide to use the Diffie-Hellman key agreement method and agree on a
prime p and a generator g as shown below, along with their random secret
numbers chosen. What is the value of the shared secret key? You must show
the process.
          p (prime) = 11 and g (generator) = 5
          Alice’s random secret number is 3      
          Bob’s random secret number is 5
  
4
5
6u Answered  
7

Question 1
Public keys are known only to specific users who keep the key secret.
False

Question 2
A stream cipher is a type of algorithm that encrypts a group of bits collectively as individual
units known as blocks.

False

0 / 1 pts Question 3
Which of the following results occurs when a biometric system identifies a legitimate user as
unauthorized?

False rejection

0 / 1 pts Question 8
Which of the following authentication systems makes use of a Key Distribution Center?

Kerberos

0 / 1 pts Question 14
Which of the following is a common encryption standard used today and can work with a 256-bit
block size?

AES
 
Question 5
A summary of a file or message best describes which of the following?

Hash function
MD5
Hash
LANMAN
  
Question 8
Which of the following combines the keystream with the plaintext message
using the bitwise XOR operator to produce the ciphertext?
Correct!
One-time pad
Obfuscation
MD5
SHA
  
Question 9
RADIUS utilizes tickets for authentication and authorization that allows for
single sign-on.
You Answered
True
False
 

Question 10
Dan and Daniel wish to communicate with each other using a secret key.
Which algorithm can they use to have a shared secret key in a secure
manner?

RSA
MD5
Blowfish  
Diffie-Hellman
     
Question 15
If a biometric system identifies a legitimate user as unauthorized, and denies
that user access, it is known as a false rejection.
Correct!
True
False
  
Question 2
Which of the following will provide an integrity check?
  
Public key  
Private key  
802.3 protocol
Hash
  
Question 3
Which of the following is used by PGP to encrypt the session key before it is
sent?
  
Asymmetric key distribution system  
Asymmetric scheme  
Symmetric key distribution system
Symmetric scheme 
 
Question 4
Which of the following is an example of two-factor authentication?  
L2TP and IPsec  
User name and password  
Thumbprint and key card
Client and server
 

Question 5
Which of the following remote authentication methods was developed by
Cisco?
  
802.1X
TACACS+  
RADIUS
Kerberos
  
Question 7
Individuals who hack into systems at an organization’s request, but are not
employed by the organization are known as blue hats.
Correct!
True
False
 
Question 8
Which of the following is a false statement about protocols?
  
SFTP is used to securely transfer files from host to host.
Telnet should be removed, or at least stopped and disabled.
SCP is used to remotely administer Unix/Linux systems and network devices.
HTTPS is used to securely transmit web page data.

Question 10
Which of the following is based off of the MD5 hash?
  
LANMAN  
NTLM
NTLMv2
SHA-1
  
Question 14
RADIUS is a remote access authentication service.
  
True  
False
 
Question 15
Which layer of the OSI model does IPsec operate at?
Data link
Network
Transport
Session

Which of the following methods will best verify that a download from the Internet has not
been modified since the manufacturer released it?

Compare the final LANMAN has with the original

Download the patch file over an AES encrypted VPN connection
Download the patch file through an SSL connection
Compare the final MD5 hash with the original

Which of the following is used to secure L2TP sessions?

S/MIME
PPTP
SSH
IPsec

Which of the following details one of the primary benefits of using S/MIME?

S/MIME expedites the delivery of email messages.

S/MIME enables users to send email messages with a return receipt.
S/MIME enables users to send both encrypted and digitally signed email
messages.
S/MIME enables users to send anonymous email messages.

In information security, the three core principles are known as confidentiality, integrity,
and availability.

True
False
 
A key is an essential piece of information that determines the output of a ciper.

True
False
Which of the following is not a common criterion when authenticating users?

Something you do
Something you are
Something you know
Something you like

When encrypting credit card data, which would be the most secure algorithm with the lease CRU
utilization?

AES
3DES
SHA-512
MDS

A network stream of data needs to be encrypted. Brian, a security administrator, selects a cipher
that will encrypt 128 bits at a time before sending the data across the network. Which of the
Which of the following has Brian chosen?

Stream cipher

Block cipher

Hashing algorithm

RC4

If a key pair is generated at a local computer, it is considered to be decentralized.

True
False

Symmetric key algorithms are a type of cipher that uses a single key, identical keys, or
closely related keys.
True

Organizations going to the cloud will not only lose administrative power, but also might
encounter data integrity issues, availability issues, and loss of data confidentiality.
True

Which of the following encryption methods deals with two distinct, large prime numbers
and the inability to factor those prime numbers?
RSA

Which of the following is the final step a user needs to take before that user can access
domain resources?
Verification

Validation

Authorization

Authentication

When encrypting credit card data, which would be the most secure algorithm with the least CPU
utilization?

AES
3DES
SHA-512
MD5

Which of the following is the weakest encryption type?

DES
AES
RSA
SHA

When a user’s web browser communicates with a CA, what PKI element does the CA require
from the browser?
Public key

Authentication is when a person’s identity is confirmed through the use of a specific system.
True
False

Which of the following might a public key be used to accomplish?

To decrypt the hash of a digital signature
To encrypt web browser traffic
To digitally sign a message
To decrypt wireless message
 
In a PKI setup, which of the following should be used to encrypt the signature of
an e-mail?
Private key
Public key
Shared key
Hash
  
Which of the following is when two or more types of authentication are used
when dealing with access control?
Single sign-on
False positive
Multifactor authentication
Username and password
  
For removable storage, the confidentiality of data is the greatest risk.
True
False
 
Cryptography is the practice and study of hiding the meaning of a message.
True
False 

Biometrics is an example of a logical authentication system.

True
False
    
During what phase of a remote access connection does the end user prove his or her
claim of identity?
Identification
Authentication
Authorization
Availability
     
Imagine that you are an attacker. Which would be most desirable when attempting to
compromise encrypted data?
The algorithm used by the encryption protocol
A weak keyc
Captured traffic
A block cipher
   
Which of the following is best described as when certificate keys are held in
the case that third parties such as government or other organizations need
access to encrypted communications?
Key escrow

Which of the following is the most secure form of authentication?

MS-CHAP-V2

Public key cryptography uses asymmetric keys alone or in addition to symmetric keys. True
RADIUS is a remote access authentication service. True

HTTPS will govern the entire session when a person attempts to connect to a website securely.
True

Social engineering involves viruses, worms, and Trojan horses. False

Which of the following is when two or more types of authentication are used when dealing with
access control? Multifactor authentication

Public-key infrastructures are an entire system of hardware and software used to create,
distribute, manage, store, and revoke digital certificates. True

What ensures that a CRL is authentic and has not been modified? The CRL is digitally signed
by the CA.

A smart card is an example of something a user knows. False

A key is an essential piece of information that determines the output of a cipher. True

Alice and Bob, using insecure communication, want to agree on a secret "shared key" that they
can use to do further encryption for a long message. They decide to use the Diffie-Hellman key
agreement method and agree on a prime p and a generator g as shown below, along with their
random secret numbers chosen. What is the value of the shared secret key? You must show the
process. 10
 a. p (prime) = 11 and g (generator) = 7
b. Alice’s random secret number is 5
c. Bob’s random secret number is 7

Which of the following network protocols sends data between two computers while using a
secure channel? SSH

Imagine that you are an attacker. Which would be most desirable when attempting to
compromise encrypted data? A weak key

When encrypting credit card data, which would be the most secure algorithm with the least CPU
utilization? AES

Symmetric key algorithms require a secure initial exchange of one or more secret keys. True

Your boss wants you to set up an authentication scheme in which employees will use smart cards
to go in to the company network. What kind of key should be used to accomplish this? Private
key

In information security, the three core principles are known as

confidentiality, integrity, and availability. True

Which of the following might a public key be used to accomplish? To

decrypt the hash of a digital signature

Which of the following is used by PGP to encrypt the session key

before it is sent? Symmetric scheme

During what phase of a remote access connection does the end user
prove his or her claim of identity? Authentication
802.11x permits or denies access to resources through the use of
ports. False

In cryptography, it is the key that is essential to determine the output

of a cipher. True

Of the following, which statement correctly describes the difference

between a secure cipher and a secure hash? A cipher can be reversed;
a hash cannot.

Which type of hacker has no affiliation with an organization, yet will

hack systems without malicious intent? Gray hat

Which of the following is an authentication and accounting service

that uses TCP as its transport mechanism when connecting to routers
and switches? TACACS+

Encryption, authentication, and anti-malware are all ways to protect

against malicious threats. True

When attempting to grant access to remote users, which protocol uses

separate, multiple-challenge responses for each of the authentication,
authorization, and audit processes? TACACS+
Which of the following is not a common criterion when authenticating
users? Something you like

Which of the following uses a two-way authentication system known

as mutual authentication? Kerberos

RADIUS is a remote access authentication service. True

Which of the following methods will best verify that a download from
the Internet has not been modified since the manufacturer released it?
Compare the final MD5 hash with the original

Of the following, which statement correctly describes the difference between

a secure cipher and a secure hash?
 A cipher can be reversed; a hash cannot.
Which of the following results occurs when a biometric system identifies a legitimate user as
unauthorized?
· False rejection
A network stream of data needs to be encrypted. Brian, a security administrator, selects a cipher that
will encrypt 128 bits at a time before sending the data across the network. Which of the Which of
the following has Brian chosen?
· Block cipher
Which of the following protocols creates an unencrypted tunnel?
· L2TP
Cryptography is the practice and study of hiding the meaning of a message.
· True
Social engineering involves viruses, worms, and Trojan horses.
· False
In cryptography, it is the key that is essential to determine the output of a cipher.
· True
Which is the most secure method of authentication and authorization in its default form?
· Kerberos
9. What ensures that a CRL is authentic and has not been modified?
· The CRL is digitally signed by the CA
10. When attempting to grant access to remote users, which protocol uses separate, multiple-challenge
responses for each of the authentication, authorization, and audit processes?
· TACACS+
11. Which of the following is a common encryption standard used today and can work with a 256-bit
block size?
· AES
12. Which of the following is based off of the MD5 hash?
· NTLMv2
13. Which of the following encryption methods deals with two distinct, large prime numbers and the
inability to factor those prime numbers?
· RSA
14. Your boss wants you to use a cryptographic algorithm that cannot be decoded by being reversed.
Which of the following would be the best option?
· Private Key
15. Certificates are digitally signed electronic documents that bind a private key with a user identity.
· False
16. Which of the following uses a two-way authentication system known as mutual authentication?
· Kerberos
17. Rachel is investigating an information security incident that took place at the high school where she
works. She suspects that students may have broken into the student records system and altered
their grades. Which one of the tenets of information security did this attack violate the most?
· Integrity
18. A key is an essential piece of information that determines the output of a cipher.
· True
19. Which of the following is the greatest risk for removable storage?
· Confidentiality of data
20. Which of the following is not a logical method of access control?
· Biometrics
21. Which of the following is the final step a user needs to take before that user can access domain
resources?
· Authorization
22. Authentication is when a person's identity is confirmed through the use of a specific system.
· True
23. Social engineering involves viruses, worms, and Trojan horses.
· False
24. What is a certificate added to when it is considered to be no longer valid?
· CRL
25. Which of the following is an example of two-factor authentication?
· Thumbprint and key card
26. DES is a commonly-used block cipher today.
· False
27. The IT director has asked you to set up an authentication model in which users can enter their
credentials one time, yet still access multiple server resources. What type of authentication model
should you implement?
· Single Sign-on
28. Which of the following is when two or more types of authentication are used when dealing with
access control?
· Multifactor authentication
29. In information security, the three core principles are known as confidentiality, integrity, and
availability.
· True
30. Public keys are known only to specific users who keep the key secret.
· False
31. A stream cipher is a type of algorithm that encrypts a group of bits collectively as individual units
known as blocks.
· False
32. Which of the following results occurs when a biometric system identifies a legitimate user as
unauthorized?
· False Rejection