Employment of Cryptography

An organisation has introduced a system requiring the use of one-time passwords. Which of the following
principles is being applied?
1. Confidentiality
2. Availability
3. Integrity
4. Validation
An organisation is undertaking data validation prior to the information being used in a financial package.
Which of the following principles is being applied?
1. Obfuscation
2. Integrity
3. Confidentiality
4. Hashing
An organisation is using a RAID 10 hot swappable array on a file server. Which of the following principles is
being applied?
1. Confidentiality
2. Substitution
3. Integrity
4. Availability
Hashing uses a one-way mathematical function to create a sum of the inputted plaintext. Which of the
following is a benefit of this process?
1. It proves ownership of a public key
2. It verifies the authenticity of the message
3. It is used to identify if changes have been made to data
4. It is used to identify if changes have been made to data
An organisation is using Encrypted File System (EFS). Which of the following is a risk associated with using
EFS?
1. The public key is shared with all end users to allow decryption of the information
2. Digital certificates are used to distribute data requiring the allocation of additional resources
3. Digital certificates are used to distribute data requiring the allocation of additional resources
4. Digital signatures are used to verify the authenticity of the message placing additional strain on
  systems
Which of the following pieces of legislation defines how HMRC handles a disclosure request?
1. Data Protection Act
2. Electronic Communications Act
3. Investigatory Powers Act
4. Freedom of Information Act
Which of the following legislation is designed to regulate the powers of public bodies to carry out
surveillance of individuals suspected of undertaking fraudulent transactions?
1. DPA
2. Regulation of Investigatory Powers Act
3. Wassenaar Arrangement
4. ITAR
Which of the following Acts lists the functions, duties and powers of the Information Commissioners Office?
1. Digital Economy
2. National Disclosure Improvement
3. Electronic Communications
4. Data Protection
Which of the following terms defines a person who is responsible for entering data into a database?
1. Data Controller
2. Data Processor
3. Data Protection Officer
4. Information Commissioner
Which of the following ciphers uses a simple substitution code?
1. Hagelin
2. Scytale
3. Enigma
4. Caesar
Which of the following is used when hashing plaintext?
1. MD5
2. Lorenz
3. RC4
4. Rijndeal
Which of the following protocols is a symmetrical block cipher that addresses the issues with DES?
1. WPA
2. AES
3. RSA
4. TSL
Which of the following principles states that a cryptographic system should be designed to be secure, even
if all its details, except for the key, are publicly known?
1. Hashing
2. Kerckhoff’s
3. Substitution
4. Dijkstra’s
Which of the following technologies involves the recipient sending a query over the network to the
originator, who will then send the key?
1. Digital Certificates
2. Cryptoanalysis
3. Escrow
4. Digital Signature
Which of the following actions would the Certificate Authorities carry out if a PKI private key is
compromised?
1. Revoke the certificate placing it on a black lis
2. Issue a domain validated certificate
3. Issue a root certificate revoking the previous one
4. Issue a new client certificate
Which of the following functions generates a key by using an algorithm combined with a master key?
1. Block
2. Substitution
3. Derivation
4. Hashing
Which type of attack involves targeting high profile employees in order to gain access to sensitive
information regarding a company?
1. Man in the middle
2. Whaling
3. Rainbow table
4. Vishing
Which type of attack involves submitting many passwords or passphrases until the correct one is found?
1. Brute force
2. Keylogger
3. Frequency analysis
4. Man in the middle
An organisation has failed to communicate that they are changing the key storage policies to ensure all
master keys are stored in a central location. Which of the following is a risk associated with this?
1. Auditing the use of stored keys is more difficult which may lead to the risk of the overuse of a
  particular key
2. Keys are stored then destroyed once they have been used which may result in the inability to decrypt
  older files
3. Keys are split into multiple components when storing them which may result in keys being corrupted
4. Keys are stored on an inappropriate device which may lead to them being compromised
An employee has allowed a visitor to use his device to send an email, while the employee was away from
their desk the visitor has copied their encryption keys. Which of the following could a hacker undertake
using the keys that have been stolen?
1. An employee has allowed a visitor to use his device to send an email, while the employee was away from
  their desk the visitor has copied their encryption keys. Which of the following could a hacker undertake
  using the keys that have been stolen?
2. A brute force attack that compromises security
3. A rainbow table attack that cracks the hashing value
4. A vishing attack that gains access to sensitive data

Employment of Cryptography

Quiz