212. a. In symmetric key algorithms, parties share a single, secret key. Establishing that shared key is called key management, and it is a difficult problem. In asymmetric key algorithms, there are two keys (public and private) for each party. The public and private keys are generated at the same time, and data encrypted with one key can be decrypted with the other key. Hybrid key algorithms combine the best features of public and private key systems. Hash key algorithms is meaningless here.
213. Which of the following should be used to prevent an eavesdropping attack from remote access to firewalls?
a. File encryption
b. Bulk encryption
c. Session encryption
d. Stream encryption
213. c. Session encryption is used to encrypt data between application and end users. This provides strong authentication. File encryption protects data in storage. Bulk encryption is simultaneous encryption of all channels of a multichannel telecommunications trunk. Stream encryption encrypts and decrypts arbitrarily sized messages—not a strong authentication.
214. Common encryption algorithms that implement symmetric cryptography do not include which of the following?
a. Elliptic curve DSA (ECDSA)
b. Hash message authentication code (HMAC)
c. Message digest 5 (MD5)
d. Secure hash algorithm (SHA-1)
214. a. Symmetric cryptography uses the same key for both encryption and decryption, whereas asymmetric cryptography uses separate keys for encryption and decryption, or to digitally sign and verify a signature. ECDSA is an example of asymmetric cryptography. HMAC, MD5, and SHA-1 are examples of symmetric cryptography.
215. During the operational phase of cryptography, a new key is needed to replace the old key. Which of the following is not a method to accomplish this goal?
a. Rekeying
b. Key update
c. Entity deregistration
d. Key derivation
215. c. The entity deregistration function removes the authorization of an entity to participate in a security domain. Deregistration is intended to prevent other entities from relying on or using the deregistered entity’s keying material. At the end of a key’s crypto-period, a new key needs to be available to replace the old key if operations are to be continued. This can be accomplished by rekeying, key update, or key derivation.
216. Asymmetric authentication is susceptible to known attacks due to which of the following?
a. Client authenticates the gateway and then uses that channel to authenticate the client.
b. Authenticating the server to the client.
c. Authenticating the client to the server.
d. Authenticating each endpoint to other.
216. a. Asymmetric authentication is susceptible to attacks because of the way the authentication is performed. The client authenticates the gateway and then uses that channel to authenticate the client. It is a weak form of authentication. The other three choices provide strong forms of authentication because they are a function of either transport layer security (TLS) or Internet Protocol security (IPsec).
217. Zero-knowledge proof is used in which of the following applications?
a. Public-key encryption process
b. Zeriozation process
c. Degaussing operation
d. Data remanence operation
217. a. Zero-knowledge proof requires that one party proves something to another without revealing any additional information. This proof has applications in public-key encryption process.
Zeroization process is a method of erasing electronically stored data by altering the contents of the data storage so as to prevent the recovery of data. Degaussing operation is a process whereby the magnetic media is erased, that is, returned to its original state. Data remanence operation is the residual physical representation of data that has been in some way erased.
218. Which of the following is not part of cryptographic key management process?
a. Key layering
b. Key distribution
c. Key storage
d. Key generation
218. a. Key management provides the foundation for the secure generation, storage, distribution, and translation of cryptographic keys. Key layering is a meaningless term here.
