Tweet
CCNA Security: Cryptographic Systems
Question 1
Please choose the correct matching relationships between the cryptography algorithms and the type of algorithm.
A. Symmetric – 1, 2 and 3
Asymmetric – 4, 5 and 6
B. Symmetric – 1, 4 and 5
Asymmetric – 2, 3 and 6
C. Symmetric – 2, 4 and 5
Asymmetric – 1, 3 and 6
D. Symmetric – 2, 5 and 6
Asymmetric – 1, 3 and 4
Answer: B
Question 2
What is the objective of Diffie-Hellman?
A. used for asymmetric public key encryption
B. used between the initiator and the responder to establish a basic security policy
C. used to verify the identity of the peer
D. used to establish a symmetric shared key via a public key exchange process
Answer: D
Question 3
Which description about asymmetric encryption algorithms is correct?
A. They use different keys for decryption but the same key for encryption of data
B. They use the same key for encryption and decryption of data
C. They use different keys for encryption and decryption of data
D. They use the same key for decryption but different keys for encryption of data
Answer: C
Question 4
Regarding constructing a good encryption algorithm, what does creating an avalanche effect indicate?
A. Changing only a few bits of a plain-text message causes the ciphertext to be completely different
B. Changing only a few bits of a ciphertext message causes the plain text to be completely different
C. Altering the key length causes the plain text to be completely different
D. Altering the key length causes the ciphertext to be completely different
Answer: A
Question 5
Stream ciphers run on which of the following?
A. Individual blocks, one at a time, with the transformations varying during the encryption
B. Individual digits, one at a time, with the transformations varying during the encryption
C. Fixed-length groups of digits called blocks
D. Fixed-length groups of bits called blocks
Answer: B
Question 6
Which description is true about ECB mode?
A. ECB mode uses the same 64-bit key to serially encrypt each 56-bit plain-text block.
B. In ECB mode, each 56-bit plain-text block is exclusive ORed (XORed) bitwise with the previous ciphertext block.
C. ECB mode uses the same 56-bit key to serially encrypt each 64-bit plain-text block.
D. In ECB mode, each 64-bit plain-text block is exclusive ORed (XORed) bitwise with the previous ciphertext block.
Answer: C
Explanation
ECB mode serially encrypts each 64-bit plaintext block using the same 56-bit key. If two identical plaintext blocks are encrypted using the same key, their ciphertext blocks are the same. Therefore, an attacker could identify similar or identical traffic flowing through a communications channel, and use this information. The attacker could then build a catalogue of messages, which have a certain meaning, and replay them later, without knowing their real meaning. For example, an attacker might capture a login sequence of someone with administrative privilege whose traffic is protected by DES-ECB and then replay it. That risk is undesirable so CBC mode was invented to mitigate this risk.
Question 7
Which example is of a function intended for cryptographic hashing?
A. SHA-135
B. MD65
C. XR12
D. MD5
Answer: D
Question 8
What is the MD5 algorithm used for?
A. takes a variable-length message and produces a 168-bit message digest
B. takes a fixed-length message and produces a 128-bit message digest
C. takes a variable-length message and produces a 128-bit message digest
D. takes a message less than 2A64 bits as input and produces a 160-bit message digest
Answer: C
Question 9
Which algorithm was the first to be found suitable for both digital signing and encryption?
A. SHA-1
B. MD5
C. HMAC
D. RSA
Answer: D
Question 10
Before a Diffie-Hellman exchange may begin, the two parties involved must agree on what?
A. Two nonsecret keys
B. Two secret numbers
C. Two secret keys
D. Two nonsecret numbers
Answer: D
Question 11
Which item is the correct matching relationships associated with IKE Phase?
A.IKE Phase 1 – 1 and 2
IKE Phase 2 – 3, 4 and 5
B. IKE Phase 1 – 1 and 4
IKE Phase 2 – 2, 3 and 5
C. IKE Phase 1 – 2 and 3
IKE Phase 2 – 1, 4 and 5
D. IKE Phase 1 – 2 and 4
IKE Phase 2 – 1, 3 and 5
Answer: B
Question 12
Which three are distinctions between asymmetric and symmetric algorithms? (Choose all that apply)
A. Asymmetric algorithms are based on more complex mathematical computations.
B. Only symmetric algorithms have a key exchange technology built in.
C. Only asymmetric algorithms have a key exchange technology built in.
D. Asymmetric algorithms are used quite often as key exchange protocols for symmetric algorithms.
Answer: A C D
Question 13
For the following statements, which one is the strongest symmetrical encryption algorithm?
A. 3DES
B. DES
C. AES
D. Diffie-Hellman
Answer: C
Question 14
Which Public Key Cryptographic Standards (PKCS) defines the syntax for encrypted messages and messages with digital signatures?
A. PKCS #12
B. PKCS #10
C. PKCS #8
D. PKCS #7
Answer: D
Please choose the correct matching relationships between the cryptography algorithms and the type of algorithm.
| 1 | 3DES |
| 2 | RSA |
| 3 | Diffie-Hellman |
| 4 | AES |
| 5 | IDEA |
| 6 | Elliptical Curve |
Asymmetric – 4, 5 and 6
B. Symmetric – 1, 4 and 5
Asymmetric – 2, 3 and 6
C. Symmetric – 2, 4 and 5
Asymmetric – 1, 3 and 6
D. Symmetric – 2, 5 and 6
Asymmetric – 1, 3 and 4
Answer: B
Question 2
What is the objective of Diffie-Hellman?
A. used for asymmetric public key encryption
B. used between the initiator and the responder to establish a basic security policy
C. used to verify the identity of the peer
D. used to establish a symmetric shared key via a public key exchange process
Answer: D
Question 3
Which description about asymmetric encryption algorithms is correct?
A. They use different keys for decryption but the same key for encryption of data
B. They use the same key for encryption and decryption of data
C. They use different keys for encryption and decryption of data
D. They use the same key for decryption but different keys for encryption of data
Answer: C
Question 4
Regarding constructing a good encryption algorithm, what does creating an avalanche effect indicate?
A. Changing only a few bits of a plain-text message causes the ciphertext to be completely different
B. Changing only a few bits of a ciphertext message causes the plain text to be completely different
C. Altering the key length causes the plain text to be completely different
D. Altering the key length causes the ciphertext to be completely different
Answer: A
Question 5
Stream ciphers run on which of the following?
A. Individual blocks, one at a time, with the transformations varying during the encryption
B. Individual digits, one at a time, with the transformations varying during the encryption
C. Fixed-length groups of digits called blocks
D. Fixed-length groups of bits called blocks
Answer: B
Question 6
Which description is true about ECB mode?
A. ECB mode uses the same 64-bit key to serially encrypt each 56-bit plain-text block.
B. In ECB mode, each 56-bit plain-text block is exclusive ORed (XORed) bitwise with the previous ciphertext block.
C. ECB mode uses the same 56-bit key to serially encrypt each 64-bit plain-text block.
D. In ECB mode, each 64-bit plain-text block is exclusive ORed (XORed) bitwise with the previous ciphertext block.
Answer: C
Explanation
ECB mode serially encrypts each 64-bit plaintext block using the same 56-bit key. If two identical plaintext blocks are encrypted using the same key, their ciphertext blocks are the same. Therefore, an attacker could identify similar or identical traffic flowing through a communications channel, and use this information. The attacker could then build a catalogue of messages, which have a certain meaning, and replay them later, without knowing their real meaning. For example, an attacker might capture a login sequence of someone with administrative privilege whose traffic is protected by DES-ECB and then replay it. That risk is undesirable so CBC mode was invented to mitigate this risk.
Question 7
Which example is of a function intended for cryptographic hashing?
A. SHA-135
B. MD65
C. XR12
D. MD5
Answer: D
Question 8
What is the MD5 algorithm used for?
A. takes a variable-length message and produces a 168-bit message digest
B. takes a fixed-length message and produces a 128-bit message digest
C. takes a variable-length message and produces a 128-bit message digest
D. takes a message less than 2A64 bits as input and produces a 160-bit message digest
Answer: C
Question 9
Which algorithm was the first to be found suitable for both digital signing and encryption?
A. SHA-1
B. MD5
C. HMAC
D. RSA
Answer: D
Question 10
Before a Diffie-Hellman exchange may begin, the two parties involved must agree on what?
A. Two nonsecret keys
B. Two secret numbers
C. Two secret keys
D. Two nonsecret numbers
Answer: D
Question 11
Which item is the correct matching relationships associated with IKE Phase?
| 1 | Perform a Diffie-Hellman exchange |
| 2 | Establish Ipsec SAs |
| 3 | Negotiate Ipsec security policies |
| 4 | Negotiate IKE policy sets and authenticate peers |
| 5 | Perform an optional Diffie-Hellman exchange |
IKE Phase 2 – 3, 4 and 5
B. IKE Phase 1 – 1 and 4
IKE Phase 2 – 2, 3 and 5
C. IKE Phase 1 – 2 and 3
IKE Phase 2 – 1, 4 and 5
D. IKE Phase 1 – 2 and 4
IKE Phase 2 – 1, 3 and 5
Answer: B
Question 12
Which three are distinctions between asymmetric and symmetric algorithms? (Choose all that apply)
A. Asymmetric algorithms are based on more complex mathematical computations.
B. Only symmetric algorithms have a key exchange technology built in.
C. Only asymmetric algorithms have a key exchange technology built in.
D. Asymmetric algorithms are used quite often as key exchange protocols for symmetric algorithms.
Answer: A C D
Question 13
For the following statements, which one is the strongest symmetrical encryption algorithm?
A. 3DES
B. DES
C. AES
D. Diffie-Hellman
Answer: C
Question 14
Which Public Key Cryptographic Standards (PKCS) defines the syntax for encrypted messages and messages with digital signatures?
A. PKCS #12
B. PKCS #10
C. PKCS #8
D. PKCS #7
Answer: D