問題一覧
1
What was a major flaw of SSL v2 that made connections insecure?
Use of export-grade cipher suites
2
How does the Tor network improve anonymity online?
It uses global volunteer nodes with multiple hopsIt
3
How is a CRL validated?
By verifying its signature using the CA’s public key
4
Which of the following is NOT part of the initialization stage in key/certificate management?
Certificate retrieval
5
What defines the timeframe during which a certificate is valid and trusted?
Start and end date
6
What does the term NOBUS backdoor stand for?
Nobody But Us
7
Which of the following is a reason a certificate may be revoked before its expiration?
Issuing CA was compromised
8
What is the main difference with IPsec tunnel mode?
Tunnel traffic is visible at both ends
9
What best describes IPsec transport mode?
End-to-end encryption across the network
10
Which attack involves trying every possible key to decrypt a message?
Exhaustive search
11
What does NOBUS stand for in the context of backdoors?
Nobody But Us
12
Which of the following is NOT a common tunneling protocol?
FTP
13
What is required for a known plaintext attack to work?
Both ciphertext and part of the corresponding plaintext
14
What IP protocol numbers correspond to ESP and AH respectively?
50 and 51
15
What is the primary purpose of a VPN tunnel?
Connect a host to a trusted network over a public network
16
In SSL/TLS, which methods are used to create a secure tunnel and signature?
Symmetric encryption and hashing
17
What is the goal of a cut-and-paste attack?
Combining parts of messages to create a new malicious message
18
What is a major known weakness of RSA?
Susceptible to numerous known attacks
19
What does the 'Hold' state indicate in certificate revocation?
The certificate may be revalidated after investigation
20
Which encryption method is known to be susceptible to several known attacks and weaknesses?
RSA
21
In a chosen-ciphertext attack, what does the attacker do?
Send a message to be encrypted, then analyze the ciphertext
22
Which of the following is NOT a known SSL/TLS vulnerability?
TUNNEL
23
What are the two main phases in setting up an IPSec connection?
Key exchange and tunnel policy definition
24
What is a chosen-ciphertext attack?
Sending data to be encrypted and then analyzing it
25
Which attack involves impersonating two parties by placing the attacker in between them?
Man-in-the-middle
26
According to RFC 5280, what are the two main revocation states for a certificate?
Revoked and hold
27
How does a time attack work?
By measuring how long it takes to decrypt a message
28
Which two mechanisms are used in IPSec?
ESP and AH
29
Which is NOT a weakness of AES itself, but rather due to poor implementation?
Vulnerability to FREAKBrute force attacks
30
Which of the following is NOT a weakness of AES itself, but rather due to poor implementation?
Lack of key rotation
31
What port does the IPSec handshake use for key exchange?
UDP 500
32
What is a time attack in cryptography?
Calculating time taken to decrypt a message
33
What is a key escrow system used for in cryptography?
Storing a copy of encryption keys for government use
34
Which of the following is an online alternative to using a CRL for certificate status validation?
OCSP
35
What does a time resetting attack exploit?
Time used in key generation
36
What is the purpose of a key escrow in cryptography?
To keep a copy of the encryption key for government access
37
Which attack involves modifying or inserting messages into a communication stream?
Active attack
38
What does onion routing use to route internet traffic?
Volunteer computers
39
What is a key escrow system used for in cryptography?
Storing a copy of encryption keys for government use
40
What is the typical maximum validity period for a Certificate Revocation List (CRL)?
24 hours
41
What size key was typically used in export-grade cipher suites under SSL v2?
40-bit
42
What action occurs during the 'Issued' stage of certificate management?
Certificate validation