question

Which of the following are true of Triple DES (3DES)? (Select two.)
Is used in IPsec
Uses the Rijndael block cipher
Can easily be broken
Uses a 168-bit key
Uses 64-bit blocks with 128-bit keys

answer

Is used in IPSec
Uses a 168bit key
EXPLANATION
Triple DES:
- Applies DES three times
- Uses a 168-bit key
- Used in IPsec as its strongest and slowest encipherment
Advanced Encryption Standard (AES) uses the Rijndael block cipher. DES can easily be broken. International Data Encryption Algorithm (IDEA) uses 64-bit blocks with 128-bit keys.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

Which of the following is the most frequently used symmetric key stream cipher?
Advanced Encryption Standard (AES)
Ron's Cipher v4 (RC4)
Ron's Cipher v2 (RC2)
Blowfish

answer

Ron's Cipher v4 (RC4)
EXPLANATION
RC4 is the most frequently used symmetric key stream cipher. RC4 is commonly used with WEP and SSL.
AES, RC2, and Blowfish are all symmetric block ciphers.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

Which of the following forms of cryptography is best implemented in hardware?
Asymmetric
Symmetric stream
Symmetric block
Public key

answer

Symmetric stream
EXPLANATION
Symmetric stream cryptography is best implemented in hardware because the data size makes it infeasible to have enough RAM or CPU cycles to process the data.
Symmetric block cryptography is primarily implemented in software. Asymmetric cryptography, also known as public key cryptography, is mainly used for key distribution, digital signatures, and data encryption for small amounts of data.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

Which of the following symmetric block ciphers does not use a variable block length?
Advanced Encryption Standard (AES)
International Data Encryption Algorithm (IDEA)
Elliptic Curve (EC)
Ron's Cipher v5 (RC5)

answer

International Data Encryption Algorithm (IDEA)
EXPLANATION
International Data Encryption Algorithm (IDEA) does not use variable block lengths. In addition to IDEA, the following symmetric block ciphers also do not use variable block lengths:
- Data Encryption Standard (DES)
- Ron's Cipher v2 or Ron's Code v2 (RC2)
- Blowfish
- Twofish
- SkipJack
AES uses variable block lengths. RC5 uses 32-, 64- or 128-bit block lengths. Elliptic Curve (EC) is an asymmetric cipher.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

Which of the following encryption mechanisms offers the least security because of weak keys?
AES
TwoFish
IDEA

answer

DES
EXPLANATION
DES offers the least encryption security from the cryptography systems in this list. DES has a limitation of 56-bit keys, the weakest of those listed here. The strength of a cryptosystem lies not only in long keys but in the algorithm, initialization vector or method, the proper use of the keyspace, and the protection and management of keys.
AES (128, 192, 256 bit keys), TwoFish (up to 256 bit keys), and IDEA (128 bit keys) all support stronger keys than DES.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

Which version of the Rivest cipher is a block cipher that supports variable bit length keys and variable bit block sizes?
RC4
RC5
RC2
RSA

answer

RC5
EXPLANATION
RC5 is a block cipher that supports variable bit length keys and variable bit block sizes.
RC4 is a stream cipher. RC2 is limited to 64 bit blocks. RSA is not a Rivest cipher; rather, it is an asymmetric cryptography system developed by the same organization.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

Which of the following symmetric cryptography systems does not support a variable block size?
RC5
IDEA
AES
Rijndael

answer

IDEA
EXPLANATION
IDEA is a symmetric cryptography system that does not support a variable block size. IDEA only supports a 64-bit block size.
RC5, AES, and AES's algorithm Rijndael all support variable block sizes. RC5's supported block sizes are 32, 64, and 128. AES (Rijndael) supports any block size.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible?
AES
RSA
SHA-1
3DES

answer

AES
EXPLANATION
AES is stronger and faster than 3DES when implemented with a large key size (256-bits). DES was one of the first symmetric encryption methods and is now obsolete (known weaknesses can be used to break the encryption). 3DES improves upon DES by applying the encryption three times. It is an acceptable alternative to DES.
RSA is an asymmetric encryption algorithm. Asymmetric encryption is not typically used for bulk encryption of data. SHA-1 is a hashing algorithm, not an encryption algorithm.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

Which of the following is the weakest symmetric encryption method?
Twofish
Blowfish
3DES
AES
DES

answer

DES
EXPLANATION
DES was one of the first symmetric encryption methods and is now obsolete (known weaknesses can be used to break the encryption).
3DES improves upon DES by applying the encryption three times. It is an acceptable alternative to DES. AES is stronger and faster than 3DES when implemented with a large key size (256-bits). Blowfish and Twofish were alternatives to DES, but AES was chosen to replace DES.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

What type of key or keys are used in symmetric cryptography?
Two unique sets of key pairs
A unique key for each participant
A single key pair
A shared private key

answer

A shared private key
EXPLANATION
Symmetric cryptography uses a shared private key. Both communication partners must be in possession of the same key in order to exchanged encrypted data.
Asymmetric cryptography uses a unique key pair for each participant. This key pair consists of a public key and a private key.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

What form of cryptography is best suited for bulk encryption because it is so fast?
Public key cryptography
Hashing cryptography
Symmetric key cryptography
Asymmetric cryptography

answer

Symmetric key cryptography
EXPLANATION
Symmetric cryptography is best suited for bulk encryption because it is much faster than asymmetric cryptography.
Hashing is not used for encryption; it is only used to verify the integrity of data. Public key cryptography, also known as asymmetric cryptography, is best suited for small amounts of data. Often, asymmetric cryptography is used to exchange symmetric cryptography keys, and then the symmetric cryptography keys are used to encrypt communication traffic.
REFERENCES
LabSim for Security Pro, Section 9.5

question

How many keys are used with symmetric key cryptography?
One
Two
Four
Five

answer

One
EXPLANATION
Private key, or symmetric, cryptography uses a single shared key. Both communicating parties must possess the shared key to encrypt and decrypt messages. The biggest challenge to symmetric cryptography is the constant need to protect the shared private key. This protection must be applied at all times, including during the initial transmission of the shared key between the parties.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

Which of the following can be classified as a stream cipher?
RC4
AES
Blowfish
Twofish

answer

RC4
EXPLANATION
The most frequently used implementation of symmetric key stream ciphers is Ron's code (or Ron's cipher) v4, known as RC4. RC4 uses a variable key up to 256 bits and is commonly used with WEP and SSL. It uses the Key Scheduling Algorithm (KSA) and the Pseudo-Random Generation Algorithm (PRGA).
Blowfish, Twofish, and AES are all block ciphers.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

Which of the following is considered an out-of-band distribution method for private key encryption?
Using a key distribution algorithm
Using a private fiber network
Copying the key to a USB drive
Sending a secured email

answer

Copying the key to a USB drive
EXPLANATION
Out-of-band distribution involves manually distributing the key (for example, as copying the key to a USB drive and sending it to the other party).
Sending an email, using a key distribution algorithm, or using a private fiber network are all considered in-band distribution methods.
REFERENCES
LabSim for Security Pro, Section 9.5.

question

Match the symmetric key distribution mechanism on the left with the appropriate description on the right. Each distribution mechanism may be used once, more than once, or not at all.
Drag
Out-of-band distribution
In-band distribution
Drop
The sender's key is sent to a recipient using a Diffie-Hellman key exchange.
The sender's key is copied to a USB drive and handed to the recipient.
The sender's key is sent to the recipient using public key cryptography.
The sender's key is burned to a CD and handed to the recipient.

answer

The sender's key is sent to a recipient using a Diffie-Hellman key exchange.
In-band distribution
The sender's key is copied to a USB drive and handed to the recipient
Out-of-band distribution
The sender's key is sent to the recipient using public key cryptography.
In-band distribution
The sender's key is burned to a CD and handed to the recipient.
Out-of-band distribution
EXPLANATION
Before communications can begin using symmetric encryption, both parties must exchange the shared secret key using a secure channel. Symmetric key encryption can use the following key distribution methods:
- Out-of-band distribution involves manually distributing the key, such as copying the key to a USB drive and sending it to the other party.
- In-band distribution can use a key distribution algorithm, such as Diffie-Hellman, to send the key to the recipient. It can also use asymmetric encryption technology to encrypt the key for distribution.
REFERENCES
LabSim for Security Pro, Section 9.5.