A symmetric key that is used to encrypt messages between 2 users is also known as a....
Can perform 2 or more tasks or subtasks at the same time
What is Diffie-Hellman?
A way to exchange secret keys over a public connection
How do you make sure that the person you send an email to is the only person that can open it?
Encrypt the message with the user's public key.
DES,3DES,Blowfish,IDEA,RC(4/5/6), AES are examples of ...
Symmetric keys provide:
4. all of the above
Asymmetric keys are composed of what?
Public and private keys
What does RSA provide?
Easy direction: Encryption and digital signature verification
Hard direction: Decryption and digital signature generation
What 3 things does a fire need?
Heat, Fuel, and oxygen
What is MTTR?
Mean time to repair is the amount of time a vendor states a device could be repaired or replaced.
Noise disturbances for a short duration
Interference on the line
RSA One way function:
Easy Direction =
Hard Direction =
Easy: Encryption & signature verification
Hard: Decryption & signature generation
What keeps cryptographic session and secret keys in Kerberos?
CAST Block Size
128 or 256-Bit
SAFER block and key size
64-bit block and 128-bit key
RC5 block and key size
Block: 32, 64, and 128-bit
Key: up to 2040 Bits
Rounds: up to 255
RC4: Stream or Block
Rijndael Block and Key size
Block: Multiple but fixed at 128 for AES
Key: 128, 192, or 256 bit
IDEA Block and key size
Key: 128 bit
Twofish block and key size
Block: 128 bit
Key: up to 256
Blowfish block and key size
Key: Up to 448
Momentary loss of power
How many rounds does AES or Rijndael use?
10 rounds for 128 bit
12 rounds for 192 bit
14 rounds for 256 bit
This can use Tokens, capability list, security labels
Cannot be bypassed and controls all access
Cannot be altered and is protected from change
Can be verified and tested
Prolonged High Voltage
What is passive infrared IDS sensitive to?
What is the WAIT state for a CPU?
It's waiting for a task to finish executing
In common criteria, what document is used as the basis for testing?
Security target and it's provided by the developer of the product
What is EAL 0?
What is a system known as that's being evaluated for an EAL certification?
Target of Evaluation (TOE)
What utility does the FBI have that is allowed to pass through an antivirus and act as a keylogger to get passwords and such to allow the FBI to decrypt any encryption that may be on the computer?
What encrypts all data from a specific communication device to another communications device?
Where is a Key backup and recovery used?
In a PKI environment
Where is a CRL used?
In a PKI environment
What is Diffie Hellman algorithm vulnerable to?
Man in the middle attack because the initial key exchange has no authentication
Name the 4 types of MACs
Hash function based
What is Haval-3-128 and Haval-4-256?
Haval-3 makes 3 passes and produces 128-bit hash
Haval-4 makes 4 passes and produces 256-bit hash
What does SHA2 include?
SHA-224, 256, 386, 512
What is the effective bits in SHA-1
111 bits are effective with a 160-bit hash
Algorithms that function in a discrete logarithm in a finite field
What is an extension of Diffie Hellman?
What is CFB?
Counter Feedback Mode - a block cipher that emulates a stream cipher
Define "one way function"
A mathematical calculation that easy done in one direction but hard in the opposite direction
Power degradation that is low and less than normal
Prolonged loss of power
Types of fire detectors
Heat - works by rate of rise temps
Smoke - works by photoelectronics
Flame - most expensive. works from infrared
Class A fire
Paper/wood products : use soda acid or water to put out
What is the key size for RSA
Up to 2048 bits
What other name is TCSEC known by?
The orange book
What are the two security requirements for the common criteria?
Functionality and assurance
What is a protection profile?
Protection profiles describe the functionality and assurance that a system provides
What is EAL?
Evaluation Assurance Level
What is EAL1?
What is EAL2?
What is EAL3?
Methodically tested and checked
What is EAL4?
Methodically designed, tested, and reviewed
What is EAL5?
Semiformally designed and tested
What is EAL6?
Semiformally verified design and tested
What is EAL7?
Formally verified design and tested
What's used in the trap door's inverse/reverse direction?
Someone using the private key function decryption, generation of signatures and transmission of symmetric keys
What is used in the trap doors forward direction?
Someone using the public key function verification of signatures and receipt of symmetric keys
Another name for a one way function?
What is one of the largest barriers in symmetric encryption?
How large is the IV in:
24 bits in 40-bit wep giving 64-Bit WEP
24 bits in 104 bit giving 128-Bit WEP
What are the 3 layers of transformation that Rijndael performs?
Key addition transform
What is the standard that a CA uses when creating a certificate?
What is RSA?
Rivest-Shamir-Aldir - used for digital signatures, key exchange, and encryption
Momentary High Voltage
What is a birthday attack?
A statistical attack used to create a collision between hashes
What is Tiger?
Hasing algorithm for use on 64-Bit systems; 192-bit
What is PKI
Public Key Infrastructure
What is HAVAL?
Variable bit length hashing algorithm
How many blocks of data does HAVAL process at a time?
What is 3-DES effective key length?
112 or 168 (64 * 3 = 192 - 24 = 168 )(8 bits of parity per key)
What 2 modes in DES emulate a stream cipher
CFB and OFB
How is CBC accomplished?
By XOR'ing the previous ciphertext with the next block
How many blocks of data does MD4 and MD5 process at a time?
What is the weakest form of DES encryption
ECB - Will always generate the same ciphertext for a given plaintext.
What is the effective key length of DES
56-bit (8 bits are used for parity)
How many modes can DES operate in?
4: ECB, OFB, CBC, CFB
Formula for calculating the amount of keys needed in a symmetric encryption scenario
Encryption that only provides confidentiality
Class C Fire
Electronics - CO2 or Halon
What are pressure sensitive IDSs sensitive to?
What replaced Halon?
What is MTBF?
Mean time between failure - vendor's estimated time before a device needs to be replaced
Kind of fuel standby generators can use?
What are 2 categories of UPSs and define them:
Online - Batteries charge while connected to power; switches to battery power when needed; good for short outages
Standby - Require backup power such as generators; good for longer outages
How many rounds of transposition and substitution for DES?
Difference between Halon 1211 and 1301? Where are they found?
1211 can be found in portable fire extinguishers; stored as a liquid
1301 can be found in fire systems; stored as a gas
Water sprinkler system types
Wet pipe : always water; can freeze during winter
Dry pipe: water is not in pipe until needed
Preaction: combination of wet and dry pipe. Water is not in pipe until needed, but then another action, like temperature melting fuse, needs to be done before the water is released
Deluge: Dry pipe, but when activated, a large volume of water is released
Class K fire
Kitchen fires - needs saponification agents (saponification are agents that turn into soap)
Algorithm that functions by fixed weights
Algorithm that functions by using large prime numbers
What does a certificate include?
serial number, username, validation from/to dates, issued date, organization, signature of issuing authority
How many bits is DES?
64-bit (56-bit for key, 8-bit for parity)
Class B fire
Gas/Oil - CO2, soda acid, Halon or alternative
How does CBC work with XOR functions?
Previous ciphertext is XOR'd with next block
Number generated as randomly as possible
Why use CTR mode?
Speed; other end can use immediately because there's no chaining involved and they don't have to wait for the whole message.
What is MAC?
Hashing algorithm; Message Authentication Code
What does HMAC require the sender and receiver to have?
The same symmetric key
What is work factor?
The time it takes for an attacker to break encryption
When is an IV used in CBC?
The first block of the message uses a 64-bit IV
A set of rules to encrypt and decrypt data
This encompasses a combination of threats, security objectives, assurances, functional requirements, development assurance requirements, and rationales that describes the real-world problem to be solved.
Difference between MD2, 4, or 5, and SHA
MDx is 128-bit, and SHA is 160-bit
How many rounds does 3DES use?
What is a collision in cryptography?
Two different plaintext create the same hash
Initial surge of power at startup
What causes electronics to corrode?
What causes electronics to create static electricity?
What is El Gamal?
A public key algorithm. Can be used for signatures, encryption, and key exchange
What is positive pressurization and where is it used?
It's used in HVAC units and prevents airflow from coming back into the building
What is the ideal temp and humidity for a data center?
Temp: around 70%
Humidity: around 35% - 45%
How often should fire drills be practiced?
Periodically and random
Where is ECC used?
Wireless and handheld devices
How many bits does the first part of CFB use for its first IV?