CCNA Security Chapter 7 Exam
CCNA Security Chapter 7 Exam
1. The network administrator for an e-commerce website requires a service that prevents customers from claiming that legitimate orders are fake. What service provides this type of guarantee? | ||
authentication | ||
confidentiality | ||
integrity | ||
nonrepudiation | ||
2. How do modern cryptographers defend against brute-force attacks? | ||
Use statistical analysis to eliminate the most common encryption keys. | ||
Use an algorithm that requires the attacker to have both ciphertext and plaintext to conduct a successful attack. | ||
Use a keyspace large enough that it takes too much money and too much time to conduct a successful attack. | ||
Use frequency analysis to ensure that the most popular letters used in the language are not used in the cipher message. | ||
3. What is the basic method used by 3DES to encrypt plaintext? | ||
The data is encrypted three times with three different keys. | ||
The data is encrypted, decrypted, and encrypted using three different keys. | ||
The data is divided into three blocks of equal length for encryption. | ||
The data is encrypted using a key length that is three times longer than the key used for DES. | ||
4. A customer purchases an item from an e-commerce site. The e-commerce site must maintain proof that the data exchange took place between the site and the customer. Which feature of digital signatures is required? | ||
authenticity of digitally signed data | ||
integrity of digitally signed data | ||
nonrepudiation of the transaction | ||
confidentiality of the public key | ||
5. Why is RSA typically used to protect only small amounts of data? | ||
The keys must be a fixed length. | ||
The public keys must be kept secret. | ||
The algorithms used to encrypt data are slow. | ||
The signature keys must be changed frequently. | ||
6. An administrator requires a PKI that supports a longer lifetime for keys used for digital signing operations than for keys used for encrypting data. Which feature should the PKI support? | ||
certificate keys | ||
nonrepudiation keys | ||
usage keys | ||
variable keys | ||
7. Which three primary functions are required to secure communication across network links? (Choose three.) | ||
accounting | ||
anti-replay protection | ||
authentication | ||
authorization | ||
confidentiality | ||
integrity | ||
8. Refer to the exhibit. Which type of cipher method is depicted? | ||
Caesar cipher | ||
stream cipher | ||
substitution cipher | ||
transposition cipher | ||
9. Which statement describes a cryptographic hash function? | ||
A one-way cryptographic hash function is hard to invert. | ||
The output of a cryptographic hash function can be any length. | ||
The input of a cryptographic hash function has a fixed length. | ||
A cryptographic hash function is used to provide confidentiality. | ||
10. Which statement is a feature of HMAC? | ||
HMAC is based on the RSA hash function. | ||
HMAC uses a secret key that is only known to the sender and defeats man-in-the-middle attacks. | ||
HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance. | ||
HMAC uses protocols such as SSL or TLS to provide session layer confidentiality. | ||
11. Which encryption protocol provides network layer confidentiality? | ||
IPsec protocol suite | ||
Keyed MD5 | ||
Message Digest 5 | ||
Secure Sockets Layer | ||
Secure Hash Algorithm 1 | ||
Transport Layer Security | ||
12. Refer to the exhibit. Which encryption algorithm is described in the exhibit? | ||
3DES | ||
AES | ||
DES | ||
RC4 | ||
SEAL | ||
13. Which statement describes asymmetric encryption algorithms? | ||
They include DES, 3DES, and AES. | ||
They have key lengths ranging from 80 to 256 bits. | ||
They are also called shared-secret key algorithms. | ||
They are relatively slow because they are based on difficult computational algorithms. | ||
14. Which two statements correctly describe certificate classes used in the PKI? (Choose two.) | ||
A class 0 certificate is for testing purposes. | ||
A class 0 certificate is more trusted than a class 1 certificate. | ||
The lower the class number, the more trusted the certificate. | ||
A class 5 certificate is for users with a focus on verification of email. | ||
A class 4 certificate is for online business transactions between companies. | ||
15. Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure? | ||
The CA is always required, even after user verification is complete. | ||
The users must obtain the certificate of the CA and then their own certificate. | ||
After user verification is complete, the CA is no longer required, even if one of the involved certificates expires. | ||
CA certificates are retrieved out-of-band using the PSTN, and the authentication is done in-band over a network. | ||
16. Which characteristic of security key management is responsible for making certain that weak cryptographic keys are not used? | ||
verification | ||
exchange | ||
generation | ||
revocation and destruction | ||
17. Which type of cryptographic key would be used when connecting to a secure website? | ||
DES key | ||
symmetric keys | ||
hash keys | ||
digital signatures | ||
18. Which algorithm is used to automatically generate a shared secret for two systems to use in establishing an IPsec VPN? | ||
ESP | ||
DES | ||
3DES | ||
AH | ||
DH | ||
SSL | ||
19. Which two non-secret numbers are initially agreed upon when the Diffie-Hellman algorithm is used? (Choose two.) | ||
elliptic curve invariant | ||
generator | ||
pseudorandom nome | ||
binomial coefficient | ||
prime modulus | ||
topological index | ||
20. What does it mean when a hashing algorithm is collision resistant? | ||
Exclusive ORs are performed on input data and produce a digest. | ||
It is not feasible to compute the hash given the input data. | ||
It uses a two-way function that computes a hash from the input and output data. | ||
Two messages with the same hash are unlikely to occur. | ||
