Cryptography, Cloud computing

Q1:
Which service in a PKI will vouch for the identity of an individual or company?

• A. KDC
• B. CR
• C. CBC
• D. CA Most Voted

Q2:
Which of the following is the structure designed to verify and authenticate the identity of
individuals within the enterprise taking part in a data exchange?

• A. SOA
• B. biometrics
• C. single sign on
• D. PKI Most Voted

Q3:
By using a smart card and pin, you are using a two-factor authentication that satisfies

• A. Something you are and something you remember

• B. Something you have and something you know
• C. Something you know and something you are
• D. Something you have and something you are

Q4:
Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-
end encryption of the connection?

• A. SFTP
• B. Ipsec Most Voted
• C. SSL
• D. FTPS
Q5:
Jim's company regularly performs backups of their critical servers. But the company cannot
afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead,
Jim's company keeps the backup tapes in a safe in the office. Jim's company is audited each
year, and the results from this year's audit show a risk because backup tapes are not stored off-
site. The Manager of Information Technology has a plan to take the backup tapes home with
him and wants to know what two things he can do to secure the backup tapes while in transit?

• A. Encrypt the backup tapes and transport them in a lock box.

• B. Degauss the backup tapes and transport them in a lock box.
• C. Hash the backup tapes and transport them in a lock box.
• D. Encrypt the backup tapes and use a courier to transport them. Most Voted

Q6:
Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite
provides different functionality. Collective IPsec does everything except.

• A. Protect the payload and the headers

• B. Encrypt
• C. Work at the Data Link Layer Most Voted
• D. Authenticate
Q7:
A bank stores and processes sensitive privacy information related to home loans. However,
auditing has never been enabled on the system. What is the first step that the bank should take
before enabling the audit feature?

• A. Perform a vulnerability scan of the system.

• B. Determine the impact of enabling the audit feature. Most Voted
• C. Perform a cost/benefit analysis of the audit feature.
• D. Allocate funds for staffing of audit log review.

Q8:
What is one of the advantages of using both symmetric and asymmetric cryptography in
SSL/TLS?

• A. Supporting both types of algorithms allows less-powerful devices such as mobile

phones to use symmetric encryption instead.
• B. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
• C. Symmetric encryption allows the server to security transmit the session keys out-of-
band.
• D. Asymmetric cryptography is computationally expensive in comparison. However, it is
well-suited to securely negotiate keys for use with symmetric cryptography. Most Voted

Q9:
The change of a hard drive failure is once every three years. The cost to buy a new hard drive is
$300. It will require 10 hours to restore the OS and software to the new hard disk. It will require
a further 4 hours to restore the database from the last backup to the new hard disk. The
recovery person earns $10/hour.
Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate
cost of this replacement and recovery operation per year?

• A. $1320
• B. $440
• C. $100
• D. $146

Q10:
What is the known plaintext attack used against DES which gives the result that encrypting
plaintext with one DES key followed by encrypting it with a second
DES key is no more secure than using a single key?

• A. Man-in-the-middle attack
• B. Meet-in-the-middle attack Most Voted
• C. Replay attack
• D. Traffic analysis attack

Q11:
Which mode of IPSec should you use to assure security and confidentiality of data within the
same LAN?

• A. ESP transport mode

• B. ESP confidential
• C. AH permiscuous
• D. AH Tunnel mode

Q12:
Todd has been asked by the security officer to purchase a counter-based authentication
system. Which of the following best describes this type of system?

• A. A biometric system that bases authentication decisions on behavioral attributes.

• B. A biometric system that bases authentication decisions on physical attributes.
• C. An authentication system that creates one-time passwords that are encrypted with
secret keys.
• D. An authentication system that uses passphrases that are converted into virtual
passwords.

Q13:
Which of the following is assured by the use of a hash?
 • A. Authentication
• B. Confidentiality
• C. Availability
• D. Integrity

Q14:
In the field of cryptanalysis, what is meant by a `rubber-hose` attack?

• A. Forcing the targeted keystream through a hardware-accelerated device such as an

ASIC.
• B. A backdoor placed into a cryptographic algorithm by its creator.
• C. Extraction of cryptographic secrets through coercion or torture.
• D. Attempting to decrypt ciphertext by making logical assumptions about the contents
of the original plaintext.

Q15:
What two conditions must a digital signature meet?

• A. Has to be the same number of characters as a physical signature and must be

unique.
• B. Has to be unforgeable, and has to be authentic.
• C. Must be unique and have special characters.
• D. Has to be legible and neat.

Q16:
What is correct about digital signatures?

• A. A digital signature cannot be moved from one signed document to another because it
is the hash of the original document encrypted with the private key of the signing party.
• B. Digital signatures may be used in different documents of the same type.
• C. A digital signature cannot be moved from one signed document to another because it
is a plain hash of the document content.
• D. Digital signatures are issued once for each user and can be used everywhere until
they expire.

Q17:
A large mobile telephony and data network operator has a data center that houses network
elements. These are essentially large computers running on Linux.
The perimeter of the data center is secured with firewalls and IPS systems.
What is the best security policy concerning this setup?
 • A. Network elements must be hardened with user ids and strong passwords. Regular
security tests and audits should be performed.
• B. As long as the physical access to the network elements is restricted, there is no need
for additional measures.
• C. There is no need for specific security measures on the network elements as long as
firewalls and IPS systems exist.
• D. The operator knows that attacks and down time are inevitable and should have a
backup site.

Q18:
PGP, SSL, and IKE are all examples of which type of cryptography?

• A. Digest
• B. Secret Key
• C. Public Key Most Voted
• D. Hash Algorithm

Q19:
What kind of detection techniques is being used in antivirus software that identifies malware by
collecting data from multiple protected systems and instead of analyzing files locally it's made
on the provider's environment?

• A. Behavioral based
• B. Heuristics based
• C. Honeypot based
• D. Cloud based Most Voted

Q20:
The company ABC recently contracts a new accountant. The accountant will be working with
the financial statements. Those financial statements need to be approved by the CFO and then
they will be sent to the accountant but the CFO is worried because he wants to be sure that the
information sent to the accountant was not modified once he approved it. Which of the
following options can be useful to ensure the integrity of the data?

• A. The CFO can use a hash algorithm in the document once he approved the financial
statements
• B. The CFO can use an excel file with a password
• C. The financial statements can be sent twice, one by email and the other delivered in
USB and the accountant can compare both to be sure is the same document
• D. The document can be sent to the accountant using an exclusive USB for that
document

Q21:
What is a `Collision attack` in cryptography?
 • A. Collision attacks try to get the public key
• B. Collision attacks try to break the hash into three parts to get the plaintext value
• C. Collision attacks try to break the hash into two parts, with the same bytes in each part
to get the private key
• D. Collision attacks try to find two inputs producing the same hash

Q22:
Bob, a network administrator at BigUniversity, realized that some students are connecting their
notebooks in the wired network to have Internet access. In the university campus, there are
many Ethernet ports available for professors and authorized visitors but not for students.
He identified this when the IDS alerted for malware activities in the network.
What should Bob do to avoid this problem?

• A. Disable unused ports in the switches

• B. Separate students in a different VLAN
• C. Use the 802.1x protocol
• D. Ask students to use the wireless network

Q23:
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common
Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL
implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any
compromised system very easy?

• A. Public
• B. Private Most Voted
• C. Shared
• D. Root

Q24:
Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model
in the application she is working on. She utilizes a component that can process API requests
and handle various Docker objects, such as containers, volumes, images, and networks.
What is the component of the Docker architecture used by Annie in the above scenario?

• A. Docker objects
• B. Docker daemon Most Voted
• C. Docker client
 • D. Docker registries

Q25:
John wants to send Marie an email that includes sensitive information, and he does not trust
the network that he is connected to. Marie gives him the idea of using
PGP. What should John do to communicate correctly using this type of encryption?

• A. Use his own private key to encrypt the message.

• B. Use his own public key to encrypt the message.
• C. Use Marie's private key to encrypt the message.
• D. Use Marie's public key to encrypt the message. Most Voted

Q26:
Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the
target's MSP provider by sending spear-phishing emails and distributed custom-made malware
to compromise user accounts and gain remote access to the cloud service. Further, she
accessed the target customer profiles with her
MSP account, compressed the customer data, and stored them in the MSP. Then, she used this
information to launch further attacks on the target organization.
Which of the following cloud attacks did Alice perform in the above scenario?

• A. Cloud cryptojacking
• B. Man-in-the-cloud (MITC) attack
• C. Cloud hopper attack Most Voted
• D. Cloudborne attack

Q27:
Dorian is sending a digitally signed email to Poly. With which key is Dorian signing this message
and how is Poly validating it?

• A. Dorian is signing the message with his public key, and Poly will verify that the
message came from Dorian by using Dorian's private key.
• B. Dorian is signing the message with Poly's private key, and Poly will verify that the
message came from Dorian by using Dorian's public key.
• C. Dorian is signing the message with his private key, and Poly will verify that the
message came from Dorian by using Dorian's public key.
• D. Dorian is signing the message with Poly's public key, and Poly will verify that the
message came from Dorian by using Dorian's public key.

Q28:
Heather's company has decided to use a new customer relationship management tool. After
performing the appropriate research, they decided to purchase a subscription to a cloud-hosted
solution. The only administrative task that Heather will need to perform is the management of
user accounts. The provider will take care of the hardware, operating system, and software
administration including patching and monitoring.
Which of the following is this type of solution?

• A. Iaas
• B. Saas Most Voted
• C. PaaS
• D. Caas

Q29:
There are multiple cloud deployment options depending on how isolated a customer's
resources are from those of other customers. Shared environments share the costs and allow
each customer to enjoy lower operations expenses. One solution is for a customer to join with a
group of users or organizations to share a cloud environment.
What is this cloud deployment option called?

• A. Private
• B. Community
• C. Public
• D. Hybrid

Q30:
In this form of encryption algorithm, every individual block contains 64-bit data, and three keys
are used, where each key consists of 56 bits. Which is this encryption algorithm?

• A. IDEA
• B. Triple Data Encryption Standard
• C. AES
• D. MD5 encryption algorithm

Q31:
Abel, a cloud architect, uses container technology to deploy applications/software including all
its dependencies, such as libraries and configuration files, binaries, and other resources that
run independently from other processes in the cloud environment. For the containerization of
applications, he follows the five-tier container technology architecture. Currently, Abel is
verifying and validating image contents, signing images, and sending them to the registries.
Which of the following tiers of the container technology architecture is Abel currently working
in?

• A. Tier-1: Developer machines

 • B. Tier-2: Testing and accreditation systems
• C. Tier-3: Registries
• D. Tier-4: Orchestrators

Q32:
Joe works as an IT administrator in an organization and has recently set up a cloud computing
service for the organization. To implement this service, he reached out to a telecom company
for providing Internet connectivity and transport services between the organization and the
cloud service provider.
In the NIST cloud deployment reference architecture, under which category does the telecom
company fall in the above scenario?

• A. Cloud consumer
• B. Cloud broker
• C. Cloud auditor
• D. Cloud carrier Most Voted

Q33:
This form of encryption algorithm is a symmetric key block cipher that is characterized by a
128-bit block size, and its key size can be up to 256 bits. Which among the following is this
encryption algorithm?

• A. HMAC encryption algorithm

• B. Twofish encryption algorithm
• C. IDEA
• D. Blowfish encryption algorithm

Q34:
Alice needs to send a confidential document to her coworker, Bryan. Their company has public
key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs it. Alice
uses _______________ to encrypt the message, and Bryan uses _______________ to confirm the
digital signature.

• A. Bryan's public key; Bryan's public key

• B. Alice's public key; Alice's public key
• C. Bryan's private key; Alice's public key
• D. Bryan's public key; Alice's public key Most Voted
Q35:
A computer science student needs to fill some information into a secured Adobe PDF job
application that was received from a prospective employer. Instead of requesting a new
document that allowed the forms to be completed, the student decides to write a script that
pulls passwords from a list of commonly used passwords to try against the secured PDF until
the correct password is found or the list is exhausted. Which cryptography attack is the student
attempting?

• A. Man-in-the-middle attack
• B. Brute-force attack
• C. Dictionary attack
• D. Session hijacking

Q36:
During the process of encryption and decryption, what keys are shared?

• A. Public keys Most Voted

• B. Private keys
• C. Public and private keys
• D. User passwords

Q37:
Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are
requested to accept the offer and you oblige. After 2 days, Bab denies that he had ever sent a
mail. What do you want to ``know`` to prove yourself that it was Bob who had send a mail?

• A. Non-Repudiation
• B. Integrity
• C. Authentication
• D. Confidentiality

Q38:
Which access control mechanism allows for multiple systems to use a central authentication
server (CAS) that permits users to authenticate once and gain access to multiple systems?

• A. Role Based Access Control (RBAC)

• B. Discretionary Access Control (DAC)
• C. Single sign-on
• D. Windows authentication

Q39:
Which protocol is used for setting up secure channels between two devices, typically in VPNs?
 • A. PEM
• B. ppp
• C. IPSEC
• D. SET

Q40:
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was
dissatisfied with their service and wanted to move to another CSP.
What part of the contract might prevent him from doing so?

• A. Lock-down
• B. Virtualization
• C. Lock-in Most Voted
• D. Lock-up

Q41:
Sam, a web developer, was instructed to incorporate a hybrid encryption software program into
a web application to secure email messages. Sam used an encryption software, which is a free
implementation of the OpenPGP standard that uses both symmetric-key cryptography and
asymmetric-key cryptography for improved speed and secure key exchange.
What is the encryption software employed by Sam for securing the email messages?

• A. PGP
• B. SMTP
• C. GPG Most Voted
• D. S/MIME

Q42:
Harper, a software engineer, is developing an email application. To ensure the confidentiality of
email messages, Harper uses a symmetric-key block cipher having a classical 12- or 16-round
Feistel network with a block size of 64 bits for encryption, which includes large 8 ֳ— 32-bit S-
boxes (S1, S2, S3, S4) based on bent functions, modular addition and subtraction, key-
dependent rotation, and XOR operations. This cipher also uses a masking key (Km1) and a
rotation key
(Kr1) for performing its functions.
What is the algorithm employed by Harper to secure the email messages?

• A. CAST-128
• B. AES
• C. GOST block cipher
• D. DES
Q43:
Bob wants to ensure that Alice can check whether his message has been tampered with. He
creates a checksum of the message and encrypts it using asymmetric cryptography.
What key does Bob use to encrypt the checksum for accomplishing this goal?

• A. Alice's public key

• B. His own public key
• C. His own private key Most Voted
• D. Alice's private key

Q44:
Kevin, an encryption specialist, implemented a technique that enhances the security of keys
used for encryption and authentication. Using this technique, Kevin input an initial key to an
algorithm that generated an enhanced key that is resistant to brute-force attacks.
What is the technique employed by Kevin to improve the security of encryption keys?

• A. Key stretching Most Voted

• B. Public key infrastructure
• C. Key derivation function
• D. Key reinstallation

Q45:
Geena, a cloud architect, uses a master component in the Kubernetes cluster architecture that
scans newly generated pods and allocates a node to them. This component can also assign
nodes based on factors such as the overall resource requirement, data locality,
software/hardware/policy restrictions, and internal workload interventions.
Which of the following master components is explained in the above scenario?

• A. Kube-apiserver
• B. Etcd cluster
• C. Kube-controller-manager
• D. Kube-scheduler

Q46:
Eric, a cloud security engineer, implements a technique for securing the cloud resources used
by his organization. This technique assumes by default that a user attempting to access the
network is not an authentic entity and verifies every incoming connection before allowing
access to the network. Using this technique, he also imposed conditions such that employees
can access only the resources required for their role.
What is the technique employed by Eric to secure cloud resources?

• A. Demilitarized zone
• B. Zero trust network
• C. Serverless computing
• D. Container technology

Q47:
Thomas, a cloud security professional, is performing security assessment on cloud services to
identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable
hackers to implant malicious backdoors in its firmware. He also identified that an installed
backdoor can persist even if the server is reallocated to new clients or businesses that use it as
an IaaS.
What is the type of cloud attack that can be performed by exploiting the vulnerability discussed
in the above scenario?

• A. Cloudborne attack
• B. Man-in-the-cloud (MITC) attack
• C. Metadata spoofing attack
• D. Cloud cryptojacking

Q48:
Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating applications
from the underlying infrastructure and stimulating communication via well-defined channels.
For this purpose, he used an open-source technology that helped him in developing, packaging,
and running applications; further, the technology provides PaaS through OS-level virtualization,
delivers containerized software packages, and promotes fast software delivery.
What is the cloud technology employed by Alex in the above scenario?

• A. Virtual machine
• B. Docker
• C. Zero trust network
• D. Serverless computing

Q49:
Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the
authentication and integrity of messages being transmitted in the corporate network. To
encrypt the messages, she implemented a security model in which every user in the network
maintains a ring of public keys. In this model, a user needs to encrypt a message using the
receiver's public key, and only the receiver can decrypt the message using their private key.
What is the security model implemented by Jane to secure corporate messages?

• A. Zero trust network

• B. Secure Socket Layer (SSL)
• C. Transport Layer Security (TLS)
• D. Web of trust (WOT)

Q50:
Your organization has signed an agreement with a web hosting provider that requires you to
take full responsibility of the maintenance of the cloud-based resources.
Which of the following models covers this?

• A. Platform as a service
• B. Software as a service
• C. Functions as a service
• D. Infrastructure as a service Most Voted

Q51:
Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128, 192, or 256 bits
into a software program, which involves 32 rounds of computational operations that include
substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes
with 4-bit entry and 4-bit exit.
Which of the following algorithms includes all the above features and can be integrated by Tony
into the software program?

• A. CAST-128
• B. RC5
• C. TEA
• D. Serpent

Q52:
BitLocker encryption has been implemented for all the Windows-based computers in an
organization. You are concerned that someone might lose their cryptographic key. Therefore, a
mechanism was implemented to recover the keys from Active Directory.
What is this mechanism called in cryptography?

• A. Key archival Most Voted

• B. Certificate rollover
• C. Key escrow
• D. Key renewal
Q53:
According to the NIST cloud deployment reference architecture, which of the following provides
connectivity and transport services to consumers?

• A. Cloud connector
• B. Cloud broker
• C. Cloud carrier
• D. Cloud provider

Q54:
In this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by
manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key,
associated parameters such as the incremental transmit packet number and receive packet number are
reset to their initial values.
What is this attack called?

• A. Evil twin
• B. Chop chop attack
• C. Wardriving
• D. KRACK