CCNA Cyber Ops (210-250 Secfnd)

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Bill Johnson

Bill Johnson

Community Contributor

Quizzes Created: 1 | Total Attempts: 537

Questions: 114 | Attempts: 538 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Questions and Answers

1.

What are two examples of the impacts of cryptography on security investigations that an analyst must know? (Choose two)
- A.
  
  Attackers can attack the cryptographic algorithms.
- B.
  
  Cryptographic algorithms make it impossible for an attacker to carry out an attack.
- C.
  
  Attackers can use cryptography to hide their attacks.
- D.
  
  Cryptography does not offer any security against attacks.
Correct Answer(s)
A. Attackers can attack the cryptographic algorithms.
C. Attackers can use cryptography to hide their attacks.

Explanation
Cryptography plays a crucial role in security investigations. Attackers can target the cryptographic algorithms themselves, attempting to exploit vulnerabilities or weaknesses in the algorithms to gain unauthorized access. Additionally, attackers can utilize cryptography to conceal their malicious activities, making it challenging for analysts to detect and investigate their attacks. Understanding these impacts is vital for analysts to effectively assess and mitigate security threats.

Rate this question:
2.

Which two methods might be used by an analyst to detect SSL/TLS encrypted command-and-control communication? (Choose two.)
- A.
  
  Perform analysis of the NetFlow data to detect anomalous TLS/SSL flows
- B.
  
  Perform firewall HTTP application inspection to detect for the command and control traffic
- C.
  
  Perform decryption and inspection of SSL/TLS traffic
- D.
  
  Perform IPS HTTP deep packets inspection to detect for the command and control traffic
Correct Answer(s)
A. Perform analysis of the NetFlow data to detect anomalous TLS/SSL flows
C. Perform decryption and inspection of SSL/TLS traffic

Explanation
Performing analysis of the NetFlow data can help detect anomalous TLS/SSL flows, which can indicate potential command-and-control communication. NetFlow data provides information about network traffic, such as source and destination IP addresses, ports, and protocols, allowing analysts to identify patterns and anomalies. Similarly, performing decryption and inspection of SSL/TLS traffic can reveal any suspicious or malicious activity within the encrypted communication, including command-and-control traffic. By decrypting and inspecting the traffic, analysts can gain visibility into the content and behavior of the communication, enabling them to detect any malicious intent.

Rate this question:

0
1
3.

Which type of ciphers rearrange or permutate letters?
- A.
  
  Substitution
- B.
  
  Polyalphabetic
- C.
  
  Transposition
- D.
  
  One-time pad
Correct Answer
C. Transposition

Explanation
Transposition ciphers rearrange or permutate letters, instead of replacing them. Transposition is also known as permutation. An example of this type of cipher takes the message “THE PACKAGE IS DELIVERED” and transposes it to read “DEREVILEDSIEGAKCAPEHT.” In this example, the key is to reverse the letters.

Rate this question:

1
0
4.

Which one of the following algorithms is most susceptible to collision when hashing different data sets?
- A.
  
  SHA-512
- B.
  
  SHA-256
- C.
  
  SHA-1
- D.
  
  MD5
Correct Answer
D. MD5

Explanation
MD5 was originally thought to be collision-resistant, but has been shown to have collision vulnerabilities.

Rate this question:
5.

What is the primary purpose for using a hash algorithm for a message?
- A.
  
  Integrity
- B.
  
  Availability
- C.
  
  Authentication
- D.
  
  Confidentiality
Correct Answer
A. Integrity

Explanation
Hashing is a mechanism that is used for data integrity assurance.

Rate this question:
6.

Which one of the following options is used to determine the strength of a modern encryption algorithm?
- A.
  
  Message digest (fingerprint) size
- B.
  
  Cipher block size
- C.
  
  Key size
- D.
  
  Encryption operations OSI layer
Correct Answer
C. Key size

Explanation
The longer the encryption key is, the longer it takes an attacker to break it.

Rate this question:
7.

What is the primary purpose for using an encryption algorithm on a message?
- A.
  
  Availability
- B.
  
  Integrity
- C.
  
  Confidentiality
- D.
  
  Authentication
Correct Answer
C. Confidentiality

Explanation
Encryption is the process of disguising a message in such a way as to hide its original contents. With encryption, the plaintext readable message is converted to ciphertext, which is the unreadable, “disguised” message. Decryption reverses this process. Encryption is used to guarantee confidentiality so that only authorized entities can read the original message.

Rate this question:
8.

After encryption has been applied to a message, what is the message identified as?
- A.
  
  Hash result
- B.
  
  Ciphertext
- C.
  
  Fingerprint
- D.
  
  Message digest
Correct Answer
B. Ciphertext

Explanation
With encryption, the plaintext readable message is converted to ciphertext, which is the unreadable, “disguised” message.

Rate this question:
9.

Which type of encryption algorithm uses the same key to encrypt and decrypt data?
- A.
  
  Asymmetric encryption algorithm
- B.
  
  Dodecaphonic algorithm
- C.
  
  Diffie-Hellman algorithm
- D.
  
  Symmetric encryption algorithm
Correct Answer
D. Symmetric encryption algorithm

Explanation
A symmetric encryption algorithm uses the same key to both encrypt and decrypt data. This means that the sender and receiver must have the same key to communicate securely. This type of encryption is commonly used for secure communication and data storage, as it is fast and efficient. Unlike asymmetric encryption, which uses different keys for encryption and decryption, symmetric encryption is simpler and more straightforward.

Rate this question:
10.

Which type of encryption algorithm uses the different but related keys to encrypt and decrypt data?
- A.
  
  Asymmetric encryption algorithm
- B.
  
  Symmetric encryption algorithm
- C.
  
  Dodecaphonic algorithm
- D.
  
  Diffie-Hellman algorithm
Correct Answer
A. Asymmetric encryption algorithm

Explanation
Asymmetric encryption algorithm uses different but related keys to encrypt and decrypt data. Unlike symmetric encryption algorithm, where the same key is used for both encryption and decryption, asymmetric encryption algorithm uses a pair of keys - a public key for encryption and a private key for decryption. This allows for secure communication between two parties without the need to share a common key. The most commonly used asymmetric encryption algorithm is RSA (Rivest-Shamir-Adleman).

Rate this question:

1
0
11.

One cryptanalysis method that is used to defeat a multi-step encryption process uses both the original clear text to work forward toward an intermediate value, and the ending cipher text to work backward toward an intermediate value so that the key space that is to be defeated is smaller and more computationally manageable. Which one of the following terms describes this method?
- A.
  
  Brute-force attack
- B.
  
  Birthday attack
- C.
  
  Meet-in-the-middle attack
- D.
  
  Ciphertext-only attack
Correct Answer
C. Meet-in-the-middle attack

Explanation
A meet-in-the-middle attack is a cryptanalysis method that utilizes both the original clear text and the ending cipher text to narrow down the key space. By working forward from the clear text and backward from the cipher text, this method aims to find an intermediate value that reduces the computational complexity of breaking the encryption. This technique is effective in defeating multi-step encryption processes by making the key space smaller and more manageable for computation.

Rate this question:

0
2
12.

Which one of the following statements best describes crypto analysis?
- A.
  
  The practice of breaking codes to obtain the meaning of encrypted data.
- B.
  
  The practice of creating one-way encryption cryptographic algorithms.
- C.
  
  The practice of breaking codes to obtain the fingerprint of encrypted data.
- D.
  
  The practice of creating codes to obscure the meaning of plaintext data.
Correct Answer
A. The practice of breaking codes to obtain the meaning of encrypted data.

Explanation
Crypto analysis refers to the practice of breaking codes in order to decipher or understand the meaning of encrypted data. This involves analyzing and deciphering cryptographic algorithms, keys, or codes used to encrypt the data. The purpose of crypto analysis is to reveal the original message or information that has been concealed through encryption.

Rate this question:
13.

Of the following, in which type of an attack does the attacker try every possible key with the decryption algorithm, knowing that eventually one of the keys will work?
- A.
  
  Chosen-ciphertext attack
- B.
  
  Birthday attack
- C.
  
  Brute-force attack
- D.
  
  Ciphertext-only attack
Correct Answer
C. Brute-force attack

Explanation
In a brute-force attack, an attacker tries every possible key with the decryption algorithm, knowing that eventually one of the keys will work. All encryption algorithms are vulnerable to this attack.

Rate this question:
14.

Which one of the following options is the block cipher mode that uses an encryption method which has a feedback mechanism where each plaintext block is XORed with the previously encrypted block, and then is encrypted with the DES key?
- A.
  
  ECB
- B.
  
  CBC
- C.
  
  DES
- D.
  
  3DES
Correct Answer
B. CBC

Explanation
CBC: In CBC mode, each 64-bit plaintext block is XORed bitwise with the previous ciphertext block and then is encrypted with the DES key. Because of this process, the encryption of each block depends on previous blocks. Encryption of the same 64-bit plaintext block can result in different ciphertext blocks.

Rate this question:
15.

Which one of the following encryption algorithms is the preferred symmetrical algorithm that is intended to replace 3DES?
- A.
  
  DES
- B.
  
  SHA256
- C.
  
  MD5
- D.
  
  AES
- E.
  
  DSA
- F.
  
  RSA
Correct Answer
D. AES

Explanation
For several years, it was recognized that DES would eventually reach the end of its usefulness. In 1997, the AES initiative was announced, and the public was invited to propose candidate encryption schemes, one of which could be chosen as the encryption standard to replace DES. The U.S. Secretary of Commerce approved the adoption of AES as an official U.S. government standard, effective May 26, 200

Rate this question:
16.

Which one of the following encryption methodologies allows you to maintain the privacy of an email communication, and ensure the origin of the message using PGP?
- A.
  
  Which one of the following encryption methodologies allows you to maintain the privacy of an email communication, and ensure the origin of the message using PGP?
- B.
  
  Encrypt the message with your private key, and again with the destination’s public key, so that the recipients can decrypt the message with their private key and your public key.
- C.
  
  Encrypt the message with your public key, and again with the destination’s private key, so that the recipients can decrypt the message with your private key and their public key.
- D.
  
  Encrypt the message with the destination’s private key so that the recipients can decrypt it with their private key and know they are the only party who generated the private key.
Correct Answer
B. Encrypt the message with your private key, and again with the destination’s public key, so that the recipients can decrypt the message with their private key and your public key.

Explanation
The content of emails is encrypted twice, once with the sender’s private key, and again with the receiver’s public key.

Rate this question:

1
0
17.

Which one do you like?
- A.
  
  Sender’s private key
- B.
  
  Sender’s shared key
- C.
  
  Sender’s public key
- D.
  
  Sender’s digital signature
Correct Answer
C. Sender’s public key

Explanation
The sender's public key is the correct answer because it is used in asymmetric encryption systems to encrypt data that can only be decrypted by the corresponding private key held by the receiver. This ensures secure communication as only the intended recipient can decrypt and access the message. The public key is freely shared and does not need to be kept secret, making it suitable for encryption purposes.

Rate this question:

0
6
18.

Which one of the following parts of the Diffie-Hellman calculation is an arbitrary item that is agreed upon by both parties before any mathematical calculations?
- A.
  
  Secret key (a)
- B.
  
  Prime number (p)
- C.
  
  Public key (g)
- D.
  
  Public key (g)
Correct Answer
B. Prime number (p)

Explanation
In the Diffie-Hellman calculation, the prime number (p) is an arbitrary item that is agreed upon by both parties before any mathematical calculations. This prime number serves as the modulus in the calculation and ensures that the computation is performed within a finite field. By agreeing on a specific prime number, both parties can generate their own secret keys and public keys, which are then used to establish a shared secret key for secure communication.

Rate this question:
19.

Which statement about the Diffie-Hellman Key Agreement is true?
- A.
  
  The higher the Diffie-Hellman group number indicates a larger key size.
- B.
  
  The higher the Diffie-Hellman group number indicates a smaller prime number (p).
- C.
  
  The higher the Diffie-Hellman group number indicates a smaller key size.
- D.
  
  The higher the Diffie-Hellman group number indicates no difference in processing requirements.
Correct Answer
A. The higher the Diffie-Hellman group number indicates a larger key size.

Explanation
The Diffie-Hellman Key Agreement is a method used to securely exchange cryptographic keys over an insecure channel. In this method, a large prime number (p) and a generator (g) are chosen. The group number refers to the size of the prime number (p). The larger the group number, the larger the prime number, and consequently, the larger the key size. A larger key size provides stronger security and makes it more difficult for an attacker to break the encryption. Therefore, the statement that the higher the Diffie-Hellman group number indicates a larger key size is true.

Rate this question:
20.

Which one of the following is the first exchange during SSHv1 authentication negotiation?
- A.
  
  The server requests a username and password from the user.
- B.
  
  The server sends a public key to the client.
- C.
  
  The client generates a session key.
- D.
  
  The client and server agree upon the encryption algorithm.
Correct Answer
B. The server sends a public key to the client.

Explanation
In SSHv1 authentication negotiation, the first exchange involves the server sending a public key to the client. This exchange is part of the initial authentication process where the server provides its public key to the client. The client can then use this public key to verify the authenticity of the server and establish a secure connection. This exchange is crucial for ensuring secure communication between the client and server in SSHv1.

Rate this question:
21.

To communicate that a document is using a digital signature, which one of the following is the next step in the process after a hash of the document is calculated by the sender?
- A.
  
  The hash is signed using the public key of the receiver.
- B.
  
  The hash is stored by the sender.
- C.
  
  The hash is encrypted using the private key of the sender.
- D.
  
  The hash is appended to the end of the document.
Correct Answer
C. The hash is encrypted using the private key of the sender.

Explanation
After calculating the hash of the document, the next step in the process is to encrypt the hash using the private key of the sender. This is done to create a digital signature for the document. By encrypting the hash with the sender's private key, it ensures that only the sender, who possesses the corresponding public key, can decrypt and verify the signature. This provides authentication and integrity to the document, as any modifications to the document would result in a different hash value and the signature would no longer be valid.

Rate this question:
22.

Which three security services do digital signatures provide? (Choose three.)
- A.
  
  Integrity
- B.
  
  Confidentiality
- C.
  
  Non-repudiation
- D.
  
  Authenticity
- E.
  
  Availability
Correct Answer(s)
A. Integrity
C. Non-repudiation
D. Authenticity

Explanation
Digital signatures provide three security services: integrity, non-repudiation, and authenticity.

Integrity ensures that the data has not been tampered with during transmission or storage. Non-repudiation ensures that the sender cannot deny sending the message, providing evidence of the origin of the message. Authenticity verifies the identity of the sender, ensuring that the message comes from the claimed source. Confidentiality and availability are not provided by digital signatures.

Rate this question:
23.

Which five of the following options are components of the X.509 v3 certificate standard? (Choose five.)
- A.
  
  Serial number
- B.
  
  User name
- C.
  
  Issuer
- D.
  
  Validity date range
- E.
  
  Subject
- F.
  
  Subject public key info
- G.
  
  Department name
Correct Answer(s)
A. Serial number
C. Issuer
D. Validity date range
E. Subject
F. Subject public key info

Explanation
Currently, digital identity certificates use the X.509 version 3 structure:

Version

Serial number

Algorithm ID

Issuer

Validity

Not before

Not after

Subject

Subject public key info

Public key algorithm

Subject public key

Issuer unique identifier (optional)

Subject unique identifier (optional)

Extensions (optional)

...

Certificate signature algorithm

Certificate signature

Rate this question:
24.

When using PKI which two of the following are true? (Choose two.)
- A.
  
  The client devices must trust the issuing CA root certificate to validate and trust another device certificate that is issued by the same CA.
- B.
  
  Currently, the PKI architecture requires that the client devices stay in constant contact with the CA in order to trust a certificate that is issued by the CA.
- C.
  
  The CA does not sign the user or device certificate; it only signs its own root certificate.
- D.
  
  Currently, PKI digital identity certificates use the X.509 version 3 structure.
Correct Answer(s)
A. The client devices must trust the issuing CA root certificate to validate and trust another device certificate that is issued by the same CA.
D. Currently, PKI digital identity certificates use the X.509 version 3 structure.

Explanation
When using PKI, it is true that client devices must trust the issuing CA root certificate to validate and trust another device certificate issued by the same CA. This is because the root certificate is used to establish trust in the CA's identity. Additionally, PKI digital identity certificates currently use the X.509 version 3 structure, which is a widely accepted standard for defining the format and content of digital certificates.

Rate this question:
25.

Which one of the following actions should be taken by a client to verify the entity that they received a certificate from is the entity that should be using the certificate?
- A.
  
  Decrypt the certificate signature using the CA private key and check to make sure that the certificate hash matches what they received from the peer.
- B.
  
  Send a message encrypted with the system’s peer’s public key to verify that the peer can decrypt the message with the private key of the entity that is identified in the certificate.
- C.
  
  Ensure that the issuer and the subject match on the certificate of the peer.
- D.
  
  Contact the CA by phone to determine how they validated the identity of the system during certificate enrollment of the peer that they are communicating with.
Correct Answer
B. Send a message encrypted with the system’s peer’s public key to verify that the peer can decrypt the message with the private key of the entity that is identified in the certificate.

Explanation
To be sure that the peer is actually the entity that is identified in the certificate, a system must challenge the peer to prove that it has the private key that is associated with the validated public key. For example, a message can be encrypted with the validated public key and sent to the peer. If the peer can successfully decrypt the message, then the peer must have the associated private key and is therefore the system that is identified by the digital certificate.

Rate this question:
26.

Which two of the following statements are true regarding the CA in a PKI deployment? (Choose two.)
- A.
  
  The CA is the trusted third party that signs the public keys of entities in a PKI-based system.
- B.
  
  The CA becomes the center point of communications between two hosts using certificates that are issued by the CA.
- C.
  
  The CA issues either a certificate revocation list (CRL) or uses an OCSP process to determine certificate validity.
- D.
  
  A root CA is not necessary in a PKI.
Correct Answer(s)
A. The CA is the trusted third party that signs the public keys of entities in a PKI-based system.
C. The CA issues either a certificate revocation list (CRL) or uses an OCSP process to determine certificate validity.

Explanation
In a PKI deployment, the CA plays a crucial role as the trusted third party that signs the public keys of entities. This ensures the authenticity and integrity of the certificates issued in the system. Additionally, the CA is responsible for determining the validity of certificates. This can be done through either issuing a certificate revocation list (CRL) or utilizing an Online Certificate Status Protocol (OCSP) process. These mechanisms allow for the identification of compromised or revoked certificates, ensuring the security of the PKI infrastructure.

Rate this question:
27.

Which two of the following options must be included in the CSR that is to be signed by a CA? (Choose two.)
- A.
  
  Subject’s public key information
- B.
  
  Written invitation code to join the CA
- C.
  
  Subject identity information
- D.
  
  Certificate intended usage
Correct Answer(s)
A. Subject’s public key information
C. Subject identity information

Explanation
To obtain an identity certificate, a system administrator will enroll with the PKI. The first step is to obtain the CA’s identity certificate. The next step is to create a CSR (PKCS #10). The CSR contains the identity information that is associated with the enrolling system, which can include data such as the system name, the organization to which the system belongs, and location information. Most importantly, the enrolling system’s public key is included with the CSR.

Rate this question:
28.

Many legacy cipher suites available in TLS are deemed insecure. Which three of the following traits make them insecure? (Choose three.)
- A.
  
  Cipher suites using RC4
- B.
  
  Cipher suites using MD5
- C.
  
  Cipher suites using AES
- D.
  
  Cipher suites using SHA-256
- E.
  
  Cipher suites using DES
Correct Answer(s)
A. Cipher suites using RC4
B. Cipher suites using MD5
E. Cipher suites using DES

Explanation
The cipher suites using RC4, MD5, and DES are deemed insecure for several reasons.

Firstly, RC4 is vulnerable to multiple attacks, such as the RC4 bias and the RC4 NOMORE attack, which can lead to the recovery of plaintext from encrypted data.

Secondly, MD5 is a hash function that has been found to have significant vulnerabilities, including collision attacks. This means that it is possible to generate different inputs that produce the same hash value, compromising the integrity of the data.

Lastly, DES is an outdated symmetric encryption algorithm that has a small key size of 56 bits, which makes it susceptible to brute-force attacks. With modern computing power, it is relatively easy to crack DES encryption.

Rate this question:
29.

Which four of the following information is included in sets of cryptographic algorithms that are defined by an SSL/TLS cipher suite? (Choose four.)
- A.
  
  Authentication and key exchange algorithms
- B.
  
  Public key version and type
- C.
  
  Encryption algorithm
- D.
  
  Peer IP address information
- E.
  
  Message authentication code algorithm
- F.
  
  The PRF
Correct Answer(s)
A. Authentication and key exchange algorithms
C. Encryption algorithm
E. Message authentication code algorithm
F. The PRF

Explanation
The information included in sets of cryptographic algorithms defined by an SSL/TLS cipher suite includes authentication and key exchange algorithms, encryption algorithm, message authentication code algorithm, and the PRF. These algorithms are essential for establishing secure communication and ensuring the confidentiality, integrity, and authenticity of the data transmitted over the network. Peer IP address information and public key version and type are not typically included in the cryptographic algorithms defined by an SSL/TLS cipher suite.

Rate this question:
30.

The ECDHE_ECDSA part of the cipher list identifies which one of the following algorithms?
- A.
  
  Authentication and key exchange
- B.
  
  Encryption
- C.
  
  Message authentication code
- D.
  
  Pseudorandom function
Correct Answer
A. Authentication and key exchange

Explanation
The ECDHE_ECDSA part of the cipher list identifies the authentication and key exchange algorithm. This algorithm is used to authenticate the identities of the communicating parties and establish a secure session key for encryption. ECDHE_ECDSA stands for Elliptic Curve Diffie-Hellman Ephemeral with Elliptic Curve Digital Signature Algorithm, which is a secure key exchange protocol using elliptic curve cryptography and digital signatures.

Rate this question:

1
0
31.

Which one of the following options explains key space as it relates to cryptography?
- A.
  
  Amount of time that a brute force attempt would take to discover the key
- B.
  
  Randomness of a generated key
- C.
  
  Number of possible keys that could be generated by an algorithm
- D.
  
  Number of bits that are contained in a key
Correct Answer
C. Number of possible keys that could be generated by an algorithm

Explanation
The key space in cryptography refers to the number of possible keys that could be generated by an algorithm. It represents the total number of unique keys that can be used for encryption and decryption. A larger key space indicates a higher level of security because it makes it more difficult for an attacker to guess or brute force the correct key. The key space is determined by the length and complexity of the key, and it is an important factor in ensuring the strength of a cryptographic system.

Rate this question:
32.

Content Review Question Which two of the following options are two key factors in determining the key length requirement? (Choose two.)
- A.
  
  Data that is more sensitive and needs to be kept secret longer must use longer keys.
- B.
  
  Choose the key length according to the type of encryption algorithm that is to be used.
- C.
  
  Key length depends on the support of the device that will be using the key.
- D.
  
  You should choose the key length so that it protects data confidentiality or integrity for an adequate time.
Correct Answer(s)
A. Data that is more sensitive and needs to be kept secret longer must use longer keys.
D. You should choose the key length so that it protects data confidentiality or integrity for an adequate time.

Explanation
You should choose the key length so that it protects data confidentiality or integrity for an adequate time. Data that is more sensitive and needs to be kept secret longer must use longer keys.

Rate this question:
33.

Which five of the following options does the process of key management deal with? (Choose five.)
- A.
  
  Destruction of keys
- B.
  
  Identification
- C.
  
  Storage
- D.
  
  Subject identity
- E.
  
  Secure generation
- F.
  
  Verification
- G.
  
  Exchange
- H.
  
  Matching
Correct Answer(s)
A. Destruction of keys
C. Storage
E. Secure generation
F. Verification
G. Exchange

Explanation
The process of key management deals with various aspects of handling cryptographic keys. It involves the destruction of keys to ensure they cannot be used again, the secure generation of new keys, the storage of keys in a secure manner, the verification of keys to ensure their authenticity, and the exchange of keys between parties involved in the communication. These activities are crucial for maintaining the security and integrity of cryptographic systems.

Rate this question:
34.

Which two statements are correct regarding NSA Suite B? (Choose two.)
- A.
  
  Use AES with 128- or 256-bit keys in the GCM mode.
- B.
  
  NSA Suite B calls for AES CBC mode because it can provide authenticated encryption.
- C.
  
  NSA Suite B calls for ECDH, which is a more advanced variant of the Diffie-Hellman algorithm using the elliptic curve mathematics model.
- D.
  
  The SHA-1 message digest has stronger security than SHA-2.
Correct Answer(s)
A. Use AES with 128- or 256-bit keys in the GCM mode.
C. NSA Suite B calls for ECDH, which is a more advanced variant of the Diffie-Hellman algorithm using the elliptic curve mathematics model.

Explanation
Encryption using the AES with128- or 256-bit keys in the GCM mode. The block cipher modes of operation include CTR mode and GCM mode, in which case, GCM is the most common. GCM is an authenticated encryption algorithm that is designed to provide both data authenticity and confidentiality.

Rate this question:
35.

Which four encryption protocols and protective algorithms are identified in the NSA Suite B specification? (Choose four.)
- A.
  
  AES
- B.
  
  MD5
- C.
  
  ECDSA
- D.
  
  ECDH
- E.
  
  3DES
- F.
  
  SHA-2 (SHA-256 and SHA-384)
- G.
  
  Diffie-Hellman Group5
Correct Answer(s)
A. AES
C. ECDSA
D. ECDH
F. SHA-2 (SHA-256 and SHA-384)

Explanation
The NSA Suite B specification identifies four encryption protocols and protective algorithms, which are AES, ECDSA, ECDH, and SHA-2 (SHA-256 and SHA-384). These protocols and algorithms are considered secure and recommended by the NSA for use in cryptographic applications. AES (Advanced Encryption Standard) is a symmetric encryption algorithm widely used for data encryption. ECDSA (Elliptic Curve Digital Signature Algorithm) is a digital signature algorithm based on elliptic curve cryptography. ECDH (Elliptic Curve Diffie-Hellman) is a key exchange algorithm based on elliptic curve cryptography. SHA-2 (SHA-256 and SHA-384) are secure hash algorithms used for data integrity and authentication.

Rate this question:
36.

Which of the following two options are impacts of cryptography on security investigations? (Choose two.)
- A.
  
  Cryptographic attacks can be used to find a weakness in the cryptographic algorithms.
- B.
  
  All the employee's SSL/TLS outbound traffic should be decrypted and inspected since it requires minimal resources on the security appliance.
- C.
  
  With the increased legitimate usage of HTTPS traffic, attackers have taken advantage of this blind spot to launch attacks over HTTPS more than ever before.
- D.
  
  Encryption does not pose a threat to the ability of law enforcement authorities to gain access to information for investigating and prosecuting cybercriminal activities.
Correct Answer(s)
A. Cryptographic attacks can be used to find a weakness in the cryptographic algorithms.
C. With the increased legitimate usage of HTTPS traffic, attackers have taken advantage of this blind spot to launch attacks over HTTPS more than ever before.

Explanation
The first option states that cryptographic attacks can be used to find weaknesses in cryptographic algorithms. This means that attackers can exploit vulnerabilities in encryption methods to gain unauthorized access to encrypted data. The second option explains that with the rise in legitimate usage of HTTPS traffic, attackers have found an opportunity to launch attacks over HTTPS, which was previously considered a secure protocol. Both of these options highlight the negative impacts of cryptography on security investigations, as they demonstrate how encryption can be exploited by attackers to compromise security measures.

Rate this question:
37.

Which one of the following methods allows you to verify entity authentication, data integrity, and authenticity of communications, without encrypting the actual data?
- A.
  
  Both parties calculate an authenticated MD5 hash value of the data accompanying the message—one party uses the private key, while the other party uses the public key.
- B.
  
  Both parties calculate a CRC32 of the data before and after transmission of the message.
- C.
  
  Both parties obfuscate the data with XOR and a known key before and after transmission of the message.
- D.
  
  Both parties to the communication use the same secret key to produce a message authentication code to accompany the message.
Correct Answer
D. Both parties to the communication use the same secret key to produce a message authentication code to accompany the message.

Explanation
The correct answer is that both parties to the communication use the same secret key to produce a message authentication code to accompany the message. This method allows for the verification of entity authentication, data integrity, and authenticity of communications without encrypting the actual data. By using a secret key, both parties can generate a message authentication code that can be used to verify the integrity and authenticity of the message. This method does not encrypt the data itself, but rather provides a way to ensure that the data has not been tampered with during transmission.

Rate this question:
38.

Which one of the following options describes the concept of small changes in data causing a large change in the hash algorithm output?
- A.
  
  Butterfly effect
- B.
  
  Keyed effect
- C.
  
  Avalanche effect
- D.
  
  Fibonacci effect
Correct Answer
C. Avalanche effect

Explanation
The concept of the avalanche effect refers to the phenomenon where even a small change in input data to a hash algorithm results in a significantly different output. This means that a slight modification in the original data will cause the hash algorithm to produce a completely different hash value. The avalanche effect is a desirable property in hash algorithms as it ensures that even a tiny alteration in the input will lead to a drastic change in the output, thereby enhancing security and preventing predictability.

Rate this question:
39.

Which one of the following options describes the concept of using a different key for encrypting and decrypting data?
- A.
  
  Cipher text
- B.
  
  Asymmetric encryption
- C.
  
  Symmetric encryption
- D.
  
  Avalanche effect
Correct Answer
B. Asymmetric encryption

Explanation
Asymmetric encryption refers to the concept of using different keys for encrypting and decrypting data. This technique involves a public key for encryption and a private key for decryption. The public key is freely available to anyone, while the private key is kept secret. This approach provides a higher level of security as it eliminates the need to share a single key between parties. It is widely used in secure communication protocols, such as HTTPS, to protect sensitive information during transmission.

Rate this question:
40.

Which one of the following methods of cryptanalysis should you use if you only have access to the cipher text messages (all of which have been encrypted using the same encryption algorithm), and want to perform statistical analysis to attempt to determine the potentially weak keys?
- A.
  
  Chosen-plaintext attack
- B.
  
  Ciphertext-only attack
- C.
  
  Birthday attack
- D.
  
  Chosen-ciphertext attack
Correct Answer
B. Ciphertext-only attack

Explanation
A ciphertext-only attack is the correct method of cryptanalysis to use in this scenario. This attack involves analyzing the cipher text messages without any knowledge of the corresponding plaintext or the encryption algorithm. By performing statistical analysis on the cipher text, patterns and frequencies can be identified, which may help in determining potential weak keys used for encryption. This method is particularly useful when only the cipher text is available and no other information about the encryption process is known.

Rate this question:

1
0
41.

Which one of the following options is the attack that can be used to find collisions in a cryptographic hash function?
- A.
  
  Birthday attack
- B.
  
  Chosen-plaintext attack
- C.
  
  Ciphertext-only attack
- D.
  
  Chosen-ciphertext attack
Correct Answer
A. Birthday attack

Explanation
A birthday attack is a type of attack that can be used to find collisions in a cryptographic hash function. In this attack, the attacker aims to find two different inputs that produce the same hash value. The attacker generates a large number of random inputs and computes their hash values. By comparing the hash values, the attacker can identify any collisions that occur. This attack takes advantage of the birthday paradox, which states that in a group of just 23 people, there is a 50% chance that two people share the same birthday. Similarly, in a hash function with a large number of possible inputs, the probability of finding a collision becomes surprisingly high.

Rate this question:
42.

How many encryption key bits are needed to double the number of possible key values that are available with a 40-bit encryption key?
- A.
  
  80 bits
- B.
  
  41 bits
- C.
  
  120 bits
- D.
  
  160 bits
Correct Answer
B. 41 bits

Explanation
Modern symmetric algorithms use key lengths that range from 40 to 256 bits. This range gives symmetric algorithms key spaces that range from 240 (1,099,511,627,776 possible keys) to 2256 (1.5 x 1077) possible keys.

Every additional bit in the key length doubles the number of possible key values.

Rate this question:
43.

Which one of the following is the reason that asymmetric encryption is not used to perform bulk encryption?
- A.
  
  Asymmetric algorithms are substantially slower than symmetric algorithms.
- B.
  
  Asymmetric algorithms are easier to break than symmetric algorithms.
- C.
  
  Symmetric algorithms can provide authentication and confidentiality.
- D.
  
  Symmetric algorithms use a much larger key size.
Correct Answer
A. Asymmetric algorithms are substantially slower than symmetric algorithms.

Explanation
Asymmetric encryption is not used for bulk encryption because it is substantially slower than symmetric encryption. Asymmetric encryption involves the use of a pair of keys, a public key for encryption and a private key for decryption. This process requires more computational power and time compared to symmetric encryption, where the same key is used for both encryption and decryption. Therefore, symmetric encryption is more efficient for bulk encryption where large amounts of data need to be encrypted or decrypted quickly.

Rate this question:
44.

Which one of the following options was used by Diffie-Hellman to determine the strength of the key that is used in the key agreement process?
- A.
  
  DH group
- B.
  
  DH prime number (p)
- C.
  
  DH modulus
- D.
  
  DH base generator (g)
Correct Answer
A. DH group

Explanation
Diffie-Hellman used different DH groups to determine the strength of the key that is used in the key agreement process. The higher group numbers are more secure, but require additional time to compute the key. Each DH group specifies the values of p and g. DH groups are supported by Cisco IOS Software and the associated size of the value of the prime p:

DH Group 1: 768 bits

DH Group 2: 1024 bits

DH Group 5: 1536 bits

DH Group 14: 2048 bits

DH Group 15: 3072 bits

DH Group 16: 4096 bits

A DH key agreement can also be based on elliptic curve cryptography. Its use is included in the Suite B cryptographic suites. DH groups 19, 20, and 24, based on elliptic curve cryptography, are also supported by Cisco IOS Software.

Rate this question:
45.

If a client connected to a server using SSHv1 previously, how should the client be able to authenticate the server?
- A.
  
  The same encryption algorithm will be used each time and will be in the client cache.
- B.
  
  The server will autofill the stored password for the client upon connection.
- C.
  
  The client will receive the same public key that it had stored for the server.
- D.
  
  The server will not use any asymmetric encryption, and jump right to symmetric encryption.
Correct Answer
C. The client will receive the same public key that it had stored for the server.

Explanation
SSHv1 uses a connection process as follows:

The client connects to the server and the server presents the client with its public key.

The client and server negotiate the security transforms. The two sides agree to a mutually supported symmetric encryption algorithm. This negotiation occurs in the clear. A party that intercepts the communication will be aware of the encryption algorithm that is agreed upon.

The client constructs a session key of the appropriate length to support the agreed-upon encryption algorithm. The client encrypts the session key with the server’s public key. Only the server has the appropriate private key that can decrypt the session key.

The client sends the encrypted session key to the server. The server decrypts the session key using its private key. At this point, both the client and the server have the shared session key. That key is not available to any other systems. From this point on, the session between the client and server is encrypted using a symmetric encryption algorithm.

With privacy in place, user authentication ensues. The user’s credentials and all other data are protected.

Not only does the use of asymmetric encryption facilitate symmetric key exchange, it also facilitates peer authentication. If the client is aware of the server’s public key, it would recognize if it connected to a nonauthentic system when the nonauthentic system provided a different public key.

Rate this question:
46.

What is the reason that a digital signature can be used to provide the authenticity of digitally signed data?
- A.
  
  Only the recipient has a copy of the private key to decrypt the signature
- B.
  
  Both the signer and the recipient must first agree on the public/private key pair that is only known to both parties.
- C.
  
  Only the signer has sole possession of the private key.
- D.
  
  Both the signer and the recipient must first agree on a shared secret key that is only known to both parties.
Correct Answer
C. Only the signer has sole possession of the private key.

Explanation
A digital signature is used to provide the authenticity of digitally signed data because only the signer has sole possession of the private key. This means that only the signer is able to create the digital signature using their private key, and it cannot be replicated or forged by anyone else. The recipient can then verify the authenticity of the data by decrypting the signature using the corresponding public key, which is widely available. This ensures that the data has not been tampered with and can be trusted.

Rate this question:
47.

What does a digital certificate certify about an entity?
- A.
  
  A digital certificate certifies the ownership of the public key of the named subject of the certificate.
- B.
  
  A digital certificate certifies the ownership of the public key of the named subject of the certificate.
- C.
  
  A digital certificate certifies the ownership of the public key of the named subject of the certificate. A digital certificate certifies the ownership of the public key of the named subject of the certificate.
- D.
  
  A digital certificate certifies the ownership of the public key of the named subject of the certificate.
Correct Answer
A. A digital certificate certifies the ownership of the public key of the named subject of the certificate.

Explanation
A digital certificate certifies the ownership of the public key of the named subject of the certificate. This means that the certificate confirms that the entity named in the certificate is the legitimate owner of the public key associated with it. The digital certificate provides a way to verify the identity and authenticity of the entity, ensuring secure communication and transactions.

Rate this question:

0
5
48.

Which one of the following is the PKI operation that would likely cause out-of-band communication over the phone?
- A.
  
  The client checks with the CA to determine whether a certificate has been revoked.
- B.
  
  The client validates with the CA to determine if the peer that they are communicating with is the entity that is identified in a certificate.
- C.
  
  A new signed certificate is received by the certificate applicant from the CA.
- D.
  
  The CA administrator contacts the certificate applicant to verify enrollment data before the request can be approved.
Correct Answer
D. The CA administrator contacts the certificate applicant to verify enrollment data before the request can be approved.

Explanation
But in some instances, particularly when a system needs to enroll with a PKI to obtain an identity certificate for itself, the CA certificate must be requested and installed manually. Then, it is advisable to use an out-of-band method to validate the certificate. For example, the CA administrator can be contacted via the phone to obtain the fingerprint of the valid CA identity certificate. The goal is to verify that the CA certificate that was received was the authentic CA certificate containing the authentic CA public key and not a certificate that is provided by an attacker containing the attacker’s public key.

Rate this question:
49.

Which three of the following options does the client validate on inspection of a server certificate? (Choose three.)
- A.
  
  The current time is within the certificate’s validity date.
- B.
  
  The subject matches the URL that is being visited.
- C.
  
  The signature of the CA that is in the certificate is valid.
- D.
  
  A root DNS server provided the IP address for the URL.
- E.
  
  The website was already in the browser’s cache.
- F.
  
  The client already has a session key for the URL.
Correct Answer(s)
A. The current time is within the certificate’s validity date.
B. The subject matches the URL that is being visited.
C. The signature of the CA that is in the certificate is valid.

Explanation
The client validates three options on inspection of a server certificate:
1) The current time is within the certificate's validity date to ensure that the certificate has not expired.
2) The subject matches the URL that is being visited to verify that the certificate is issued for the correct website.
3) The signature of the CA that is in the certificate is valid to confirm that the certificate is issued by a trusted certificate authority.

Rate this question:
50.

Why is using ECDHE_ECDSA stronger than using RSA?
- A.
  
  ECDHE_ECDSA uses a pseudorandom function to generate the keying materials.
- B.
  
  ECDHE_ECDSA provides both data authenticity and confidentiality.
- C.
  
  ECDHE_ECDSA uses a much larger key size.
- D.
  
  If the server's private key is later compromised, all the prior TLS handshakes that are done using the cipher suite cannot be compromised.
Correct Answer
D. If the server's private key is later compromised, all the prior TLS handshakes that are done using the cipher suite cannot be compromised.

Explanation
Using ECDHE_ECDSA is stronger than using RSA because if the server's private key is compromised, all previous TLS handshakes using the cipher suite cannot be compromised. This means that even if the private key is exposed, the confidentiality and authenticity of the data exchanged in previous communications remain intact. In contrast, if RSA is used and the private key is compromised, all previous communications can be decrypted, potentially compromising the security of the system.

Rate this question:

1
0

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 21, 2023

Quiz Edited by
ProProfs Editorial Team
Jan 05, 2018

Quiz Created by
Bill Johnson

CCNA Cyber Ops (210-250 Secfnd)

What are two examples of the impacts of cryptography on security investigations that an analyst must know? (Choose two)

Which two methods might be used by an analyst to detect SSL/TLS encrypted command-and-control communication? (Choose two.)

Which type of ciphers rearrange or permutate letters?

Which one of the following algorithms is most susceptible to collision when hashing different data sets?

What is the primary purpose for using a hash algorithm for a message?

Which one of the following options is used to determine the strength of a modern encryption algorithm?

What is the primary purpose for using an encryption algorithm on a message?

After encryption has been applied to a message, what is the message identified as?

Which type of encryption algorithm uses the same key to encrypt and decrypt data?

Which type of encryption algorithm uses the different but related keys to encrypt and decrypt data?

Which one of the following statements best describes crypto analysis?

Of the following, in which type of an attack does the attacker try every possible key with the decryption algorithm, knowing that eventually one of the keys will work?

Which one of the following options is the block cipher mode that uses an encryption method which has a feedback mechanism where each plaintext block is XORed with the previously encrypted block, and then is encrypted with the DES key?

Which one of the following encryption algorithms is the preferred symmetrical algorithm that is intended to replace 3DES?

Which one of the following encryption methodologies allows you to maintain the privacy of an email communication, and ensure the origin of the message using PGP?

Which one do you like?

Which one of the following parts of the Diffie-Hellman calculation is an arbitrary item that is agreed upon by both parties before any mathematical calculations?

Which statement about the Diffie-Hellman Key Agreement is true?

Which one of the following is the first exchange during SSHv1 authentication negotiation?

To communicate that a document is using a digital signature, which one of the following is the next step in the process after a hash of the document is calculated by the sender?

Which three security services do digital signatures provide? (Choose three.)

Which five of the following options are components of the X.509 v3 certificate standard? (Choose five.)

When using PKI which two of the following are true? (Choose two.)

Which one of the following actions should be taken by a client to verify the entity that they received a certificate from is the entity that should be using the certificate?

Which two of the following statements are true regarding the CA in a PKI deployment? (Choose two.)

Which two of the following options must be included in the CSR that is to be signed by a CA? (Choose two.)

Many legacy cipher suites available in TLS are deemed insecure. Which three of the following traits make them insecure? (Choose three.)

Which four of the following information is included in sets of cryptographic algorithms that are defined by an SSL/TLS cipher suite? (Choose four.)

The ECDHE_ECDSA part of the cipher list identifies which one of the following algorithms?

Which one of the following options explains key space as it relates to cryptography?

Content Review Question Which two of the following options are two key factors in determining the key length requirement? (Choose two.)

Which five of the following options does the process of key management deal with? (Choose five.)

Which two statements are correct regarding NSA Suite B? (Choose two.)

Which four encryption protocols and protective algorithms are identified in the NSA Suite B specification? (Choose four.)

Which of the following two options are impacts of cryptography on security investigations? (Choose two.)

Which one of the following methods allows you to verify entity authentication, data integrity, and authenticity of communications, without encrypting the actual data?

Which one of the following options describes the concept of small changes in data causing a large change in the hash algorithm output?

Which one of the following options describes the concept of using a different key for encrypting and decrypting data?

Which one of the following methods of cryptanalysis should you use if you only have access to the cipher text messages (all of which have been encrypted using the same encryption algorithm), and want to perform statistical analysis to attempt to determine the potentially weak keys?

Which one of the following options is the attack that can be used to find collisions in a cryptographic hash function?

How many encryption key bits are needed to double the number of possible key values that are available with a 40-bit encryption key?

Which one of the following is the reason that asymmetric encryption is not used to perform bulk encryption?

Which one of the following options was used by Diffie-Hellman to determine the strength of the key that is used in the key agreement process?

If a client connected to a server using SSHv1 previously, how should the client be able to authenticate the server?

What is the reason that a digital signature can be used to provide the authenticity of digitally signed data?

What does a digital certificate certify about an entity?

Which one of the following is the PKI operation that would likely cause out-of-band communication over the phone?

Which three of the following options does the client validate on inspection of a server certificate? (Choose three.)

Why is using ECDHE_ECDSA stronger than using RSA?