5.6.1: Quiz Encryption (Doshi) Flashcards Preview

CISA 3.0 - ISACA > 5.6.1: Quiz Encryption (Doshi) > Flashcards

Flashcards in 5.6.1: Quiz Encryption (Doshi) Deck (12)
Loading flashcards...
1
Q

In public key encryption (asymmetric encryption) to secure message confidentiality:

A. encryption is done by private key and decryption is done by public key.
B. encryption is done by public key and decryption is done by private key.
C. both the key used to encrypt and decrypt the data are public.
D. both the key used to encrypt and decrypt the data are private.

A

B. encryption is done by public key and decryption is done by private key.

In any given scenario, when objective is to ensure ‘confidentiality’, message has to be encrypted using receiver’s public key and decrypted using receiver’s private key.

Option-wise explanation is given as below:
A. encryption is done by private key and decryption is done by public key (public is easily accessible by everyone and hence confidentiality cannot be ensured).
B. encryption is done by public key and decryption is done by private key (private key is accessible only with owner and this ensures confidentiality).
C. both the key used to encrypt and decrypt the data are public. (anything encrypted by public key can be decrypted only by corresponding private key).
D. both the key used to encrypt and decrypt the data are private. (anything encrypted by private key can be decrypted only by corresponding public key).

2
Q

In public key encryption (asymmetric encryption) to authenticate the sender of the message:

A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s
public key.
B. hash of the message to be encrypted by sender’s public key and decryption is done by sender’s
private key.
C. hash of the message to be encrypted by receiver’s private key and decryption is done by
receiver’s public key.
D. hash of the message to be encrypted by receiver’s public key and decryption is done by receiver’s
private key.

A

A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.

In any given scenario, when objective is to ensure ‘authentication’, hash (message digest) of the message has to be created and hash to be encrypted using sender’s private key and decrypted using sender’s public key.

Option-wise explanation is given as below:
A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key (to ensure authentication, sender should have something unique which is not accessible
by anyone else. Sender’s private key is available only with sender and this ensures authentication).
B. hash of the message to be encrypted by sender’s public key and decryption is done by sender’s
private key. (to ensure authentication, sender should have something unique which is not accessible by anyone else. Sender’s public key is available publicly and hence cannot ensure authentication).
C. hash of the message to be encrypted by receiver’s private key and decryption is done by receiver’s public key.(sender will not have access to receiver’s private key).
D. hash of the message to be encrypted by receiver’s public key and decryption is done by receiver’s private key. (to ensure authentication, sender should have something unique which is not accessible by anyone else. Receiver’s public key is available publicly and hence cannot ensure authentication).

3
Q

In public key encryption (asymmetric encryption) to ensure integrity of the message:

A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s
public key.
B. hash of the message to be encrypted by sender’s public key and decryption is done by sender’s
private key.
C. hash of the message to be encrypted by receiver’s private key and decryption is done by
receiver’s public key.
D. hash of the message to be encrypted by receiver’s public key and decryption is done by receiver’s
private key.

A

A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.

In any given scenario, when objective is to ensure ‘integrity of the message’, hash (message digest)
of the message has to be created and hash to be encrypted using sender’s private key. Sender will
send (i) message and (ii) encrypted hash to receiver.

Receiver will (i) decrypt the received hash by using public key of sender and (ii) re-compute the hash of the message and if the two hashes are equal, then it proves that message integrity is not tampered with.

4
Q

Which of the following ensures confidentiality of the message and also authenticity of the sender of the message?

A. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the
message with the receiver’s public key.
B. Encrypting the hash of message with the sender’s private key and thereafter encrypting the
message with the receiver’s private key.
C. Encrypting the hash of the message with the receiver’s public key and thereafter encrypting the
message with the sender’s private key.
D. Encrypting the hash of the message with the receiver’s public key and thereafter encrypting the
message with the sender’s public key.

A

A. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key.

In the above question, objective is to ensure confidentiality and authenticity. In any given scenario,
when objective is to ensure ‘confidentiality and authentication’, following treatment is required:
-Hash of the message to be encrypted using sender’s private key (to ensure authentication/nonrepudiation).
-Message to be encrypted using receiver’s public key (to ensure confidentiality).
Encryption of hash of the message by sender’s private key proves that sender himself is the sender of the message as his private key can be accessed by him only.
Encryption of the message using receiver’s public key ensures confidentiality as only receiver can decrypt the message using his private key.

5
Q

Message authenticity and confidentiality is BEST achieved by encrypting hash of the message
using the:

A. sender’s private key and encrypting the message using the receiver’s public key.
B. sender’s public key and encrypting the message using the receiver’s private key.
C. receiver’s private key and encrypting the message using the sender’s public key.
D. receiver’s public key and encrypting the message using the sender’s private key.

A

A. sender’s private key and encrypting the message using the receiver’s public key.

In the above question, objective is to ensure confidentiality and authenticity. In any given scenario,
when objective is to ensure ‘confidentiality and authentication’, following treatment is required:
-Hash of the message to be encrypted using sender’s private key (to ensure authentication/nonrepudiation)
-Message to be encrypted using receiver’s public key (to ensure confidentiality)
Encryption of hash of the message by sender’s private key proves that sender himself is the sender of the message as his private key can be accessed by him only
Encryption of the message using receiver’s public key ensures confidentiality as only receiver can decrypt the message using his private key.

6
Q

Greatest assurance about E-mail authenticity can be ensured by which of the following?

A. The prehash code is encrypted using sender’s public key.
B. The prehash code is encrypted using the sender’s private key.
C. The prehash code is encrypted using the receiver’s public key.
D. The prehash code is encrypted using the receiver’s private key.

A

B. The prehash code is encrypted using the sender’s private key.

In the above question, objective is to ensure authenticity. In any given scenario, when objective is to ensure ‘authentication’, HASH of the message has to be created and HASH to be encrypted using sender’s private key.
Encryption of hash of the message by sender’s private key proves that sender himself is the sender of the message as his private key can be accessed by him only

7
Q

A message and message hash is encrypted by the sender’s private key. This will ensure:

A. authenticity and integrity.
B. authenticity and confidential.
C. integrity and privacy.
D. confidential and non-repudiation

A

A. authenticity and integrity.

In any given scenario, when objective is to ensure ‘authentication & integrity’, hash (message
digest) of the message has to be created and hash to be encrypted using sender’s private key. Sender will send (i) message and (ii) encrypted hash to receiver.
Receiver will (i) decrypt the received hash by using public key of sender and (ii) re-compute the hash of the message and if the two hashes are equal, then it proves that message integrity is not tampered with
8
Q

A stock broking firm sends invoices to clients through email and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by:

A. encrypting the hash of the invoice using the firm’s private key.
B. encrypting the hash of the invoice using the firm’s public key.
C. encrypting invoice using firm’s private key.
D. encrypting invoice using firm’s public key.

A

A. encrypting the hash of the invoice using the firm’s private key.

In the above question, objective is to ensure integrity of invoices. In any given scenario, when objective is to ensure ‘integrity’, HASH (message digest) of the message has to be created and HASH to be encrypted using sender’s private key.
Clients can open the invoice, re-compute the hash, decrypt the received hash using the firm’s public key and, if the two hashes are equal, the invoice was not modified in transit.

9
Q

A commercial website uses asymmetric encryption where there is one private key for the server and corresponding public key is made available to the customers. This ensures:

A. authenticity of the customer.
B. authenticity of the website.
C. confidentiality of messages from the website hosting organization to customer.
D. Non-repudiation from customer.

A

B. authenticity of the website

If customer can able to decrypt the message using public key of the website, then it ensures that message has been sent from authentic website. Any false site will not be able to encrypt using the private key of the real site, so the customer would not be able to decrypt the message using the public key. Public key is widely distributed and hence authenticity of customer cannot be ensured. Also confidentiality of messages cannot be ensured many people have access to the public key and can decrypt the messages from the hosting website.

10
Q

Which of the following options increases the cost of cryptography?

A. Use of symmetric technique rather than asymmetric.
B. Use of long asymmetric key rather than short.
C. Only hash is encrypted rather than full message.
D. Use of short asymmetric key rather than long.

A

B. Use of long asymmetric key rather than short.

A. Use of symmetric technique rather than asymmetric-This will actually decrease the cost. Symmetric technique is faster and inexpensive as compared to asymmetric technique.
B. Use of long asymmetric key rather than short-Computer processing time is increased for longer asymmetric encryption keys and also cost associated with the same will increase.
C. Only hash is encrypted rather than full message- A hash is shorter than the original message; hence, a smaller overhead is required if the hash is encrypted rather than the message.
D. Use of short asymmetric key rather than long-This will decrease the cost.

11
Q

Encryption of which of the following can be considered as an efficient use of PKI:

A. sender’s private key
B. sender’s public key
C. entire message
D. symmetric session key

A

D. symmetric session key

Best use of PKI is to combine the best feature of symmetric as well as asymmetric encryption technique. Asymmetric encryption involves intensive and time-consuming computations. In comparison, symmetric encryption is considerably faster, yet faces the challenge of sharing the symmetric key to other party. To enjoy the benefits of both systems, following process is

12
Q

When objective is to ensure message integrity, confidentiality and non-repudiation, the MOST effective method would be to create a message digest and encrypt the message digest:

A. using the sender’s private key, encrypting the message with a symmetric key and encrypting the
symmetric key by using the receiver’s public key.
B. using the sender’s private key, encrypting the message with a symmetric key and encrypting the
symmetric key by using the receiver’s private key.
C. using the sender’s private key, encrypting the message with a symmetric key and encrypting the
symmetric key by using the sender’s private key.
D. using the sender’s private key, encrypting the message with a symmetric key and encrypting the
symmetric key by using the sender’s public key.

A

A. using the sender’s private key, encrypting the message with a symmetric key and encrypting the symmetric key by using the receiver’s public key.

Above question in based on the concept of combining best features of symmetric as well asymmetric encryption technique. Following are the steps: