What is the process of deriving an encrypted value from a mathematical process called?
Hashing
Asymmetric
Symmetric
Social engineering
During a training session, you want to impress upon users how serious security and, in particular, cryptography is. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency should you mention is primarily responsible for establishing government standards involving cryptography for general-purpose government use?
NSA
NIST
IEEE
ITU
Assuming asymmetric encryption, if data is encoded with a value of 5, what would be used to decode it?
5
1
1/5
0
You're a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come across a solution and now wants to propose it. The process of proposing a new standard or method on the Internet is referred to by which acronym?
WBS
X.509
RFC
IEEE
Mary claims that she didn't make a phone call from her office to a competitor and tell them about developments her company is working on. Telephone logs, however, show that such a call was placed from her phone, and time clock records show she was the only person working at the time. What do these records provide?
Integrity
Confidentiality
Authentication
Nonrepudiation
Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL can offer. Which of the following protocols is similar to SSL but offers the ability to use additional security protocols?
TLS
SSH
RSH
X.509
MAC is an acronym for what as it relates to cryptography?
Media access control
Mandatory access control
Message authentication code
Multiple advisory committees
You've been brought in as a security consultant for a small bicycle manufacturing firm. Immediately you notice that it's using a centralized key-generating process, and you make a note to dissuade them from that without delay. What problem is created by using a centralized key-generating process?
Network security
Key transmission
Certificate revocation
Private key security
Which of the following terms refers to the prevention of unauthorized disclosure of keys?
Authentication
Integrity
Access control
Nonrepudiation
As the head of IT for MTS, you're explaining some security concerns to a junior administrator who has just been hired. You're trying to emphasize the need to know what is important and what isn't. Which of the following is not a consideration in key storage?
Environmental controls
Physical security
Hardened servers
Administrative controls
What is the primary organization for maintaining certificates called?
CA
RA
LRA
CRL
Due to a breach, a certificate must be permanently revoked, and you don't want it to ever be used again. What is often used to revoke a certificate?
CRA
CYA
CRL
PKI
Which organization can be used to identify an individual for certificate issue in a PKI environment?
RA
LRA
PKE
SHA
Kristin, from Payroll, has left the office on maternity leave and won't return for at least six weeks. You've been instructed to suspend her key. Which of the following statements is true?
In order to be used, suspended keys must be revoked.
Suspended keys don't expire.
Suspended keys can be reactivated.
Suspending keys is a bad practice.
What document describes how a CA issues certificates and what they are used for?
Certificate policies
Certificate practices
Revocation authority
CRL
After returning from a conference in Jamaica, your manager informs you that he has learned that law enforcement has the right, under subpoena, to conduct investigations using keys. He wants you to implement measures to make such an event run smoothly should it ever happen. What is the process of storing keys for use by law enforcement called?
Key escrow
Key archival
Key renewal
Certificate rollover
The CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified?
CA
CP
CRC
OCSP
Which set of specifications is designed to allow XML-based programs access to PKI services?
XKMS
XMLS
PKXMS
PKIXMLS
An attack that is based on the statistical probability of a match in a key base is referred to as what?
Birthday attack
DoS attack
Weak key attack
Smurf attack
A brainstorming session has been called. The moderator tells you to pull out a sheet of paper and write down your security concerns based on the technologies that your company uses. If your company uses public keys, what should you write as the primary security concern?
Privacy
Authenticity
Access control
Integrity
3.144.113.30