1. Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?

  • A. It is an example of an asymmetric algorithm.
  • B. It requires more CPU resources than software-based AES does.
  • C. It uses a 112-bit encryption key.
  • D. SEAL is a stream cipher.

SEAL is a stream cipher that uses a 160-bit encryption key. It is a symmetric encryption algorithm that has a lower impact on the CPU resources compared to other software- based algorithms, such as software-based DES, 3DES, and AES.

2. Which statement is a feature of HMAC?

  • A. HMAC uses protocols such as SSL or TLS to provide session layer confidentiality.
  • B. HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.
  • C. HMAC is based on the RSA hash function.
  • D. HMAC uses a secret key that is only known to the sender and defeats man-in-the-middle attacks.

A keyed-hash message authentication code (HMAC or KHMAC) is a type of message authentication code (MAC). HMACs use an additional secret key as input to the hash function, adding authentication to data integrity assurance.

3. Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?​

  • A. Confidentiality
  • B. Integrity
  • C. Nonrepudiation
  • D. Authentication

Integrity is ensured by implementing either MD5 or SHA hash generating algorithms. Many modern networks ensure authentication with protocols, such as HMAC. Data confidentiality is ensured through symmetric encryption algorithms, including DES, 3DES, and AES. Data confidentiality can also be ensured using asymmetric algorithms, including RSA and PKI.​

4. Which algorithm can ensure data confidentiality?

  • A. PKI
  • B. AES
  • C. RSA
  • D. MD5

Data confidentiality is ensured through symmetric encryption algorithms, including DES, 3DES, and AES.

5. In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?4. Which algorithm can ensure data confidentiality?

  • A. HTTPS traffic is much faster than HTTP traffic.
  • B. HTTPS traffic can carry a much larger data payload than HTTP can carry.
  • C. HTTPS traffic enables end-to-end encryption.
  • D. HTTPS traffic does not require authentication.

HTTPS enables end-to-end encrypted network communication, which adds further challenges for network administrators to monitor the content of packets to catch malicious attacks.

6. Which protocol is an IETF standard that defines the PKI digital certificate format?

  • A. X.509
  • B. LDAP
  • C. SSL/TLS
  • D. X.500

To address the interoperability of different PKI vendors, IETF published the Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 2527). The standard defines the format of a digital certificate.

7. What are two symmetric encryption algorithms? (Choose two.)6. Which protocol is an IETF standard that defines the PKI digital certificate format?

  • A. HMAC
  • B. SHA
  • C. AES
  • D. MD5
  • E. 3DES

MD5, HMAC, and SHA are hashing algorithms.

8. What is the purpose of code signing?

  • A. Reliable transfer of data
  • B. Data encryption
  • C. Source identity secrecy
  • D. Integrity of source .EXE files

Code signing is used to verify the integrity of executable files downloaded from a vendor website. Code signing uses digital certificates to authenticate and verify the identity of a website.

9. Which statement describes the use of certificate classes in the PKI?

  • A. The lower the class number, the more trusted the certificate.
  • B. A vendor must issue only one class of certificates when acting as a CA.
  • C. A class 5 certificate is more trustworthy than a class 4 certificate.
  • D. Email security is provided by the vendor, not by a certificate.

The higher the certificate number, the more trustworthy the certificate. Class 1 certificates are for individuals, with a focus on email verification. An enterprise can act as its own CA and implement PKI for internal use. In that situation, the vendor can issue certificates as needed for various purposes.

10. What role does an RA play in PKI?

  • A. A root CA
  • B. A super CA
  • C. A subordinate CA
  • D. A backup root CA

A registration authority (RA) is a subordinate CA. It is certified by a root CA to issue certificates for specific uses.

11. What technology supports asymmetric key encryption used in IPsec VPNs?

  • A. SEAL
  • B. IKE
  • C. 3DES
  • D. AES

IKE, or Internet Key Exchange, is a protocol to support  asymmetric encryption algorithms. It is used to securely exchange encryption keys in the setup of IPsec VPNs.

12. What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?

  • A. Hash algorithm
  • B. Asymmetric key algorithm
  • C. Encryption
  • D. Digital signature

Digital signatures provide assurance of the authenticity and integrity of software codes. They provide the ability to trust code that is downloaded from the Internet.