This post is regarding Answer for CCNA Security Chapter 7 Test. All the questions published here is based on CCNAS v1.1. All the answers provided here has been proven to be 100% correct. Hopefully, it will be a good material for our reference in Network Security.
The network administrator for an e-commerce website requires a service that prevents customers from claiming that legitimate orders are fake. What service provides this type of guarantee?
authentication
confidentiality
integrity
nonrepudiation
How do modern cryptographers defend against brute-force attacks?
Use statistical analysis to eliminate the most common encryption keys.
Use an algorithm that requires the attacker to have both ciphertext and plaintext to conduct a successful attack.
Use a keyspace large enough that it takes too much money and too much time to conduct a successful attack.
Use frequency analysis to ensure that the most popular letters used in the language are not used in the cipher message.
What is the basic method used by 3DES to encrypt plaintext?
The data is encrypted three times with three different keys.
The data is encrypted, decrypted, and encrypted using three different keys.
The data is divided into three blocks of equal length for encryption.
The data is encrypted using a key length that is three times longer than the key used for DES.
A customer purchases an item from an e-commerce site. The e-commerce site must maintain proof that the data exchange took place between the site and the customer. Which feature of digital signatures is required?
authenticity of digitally signed data
integrity of digitally signed data
nonrepudiation of the transaction
confidentiality of the public key
Why is RSA typically used to protect only small amounts of data?
The keys must be a fixed length.
The public keys must be kept secret.
The algorithms used to encrypt data are slow.
The signature keys must be changed frequently.
An administrator requires a PKI that supports a longer lifetime for keys used for digital signing operations than for keys used for encrypting data. Which feature should the PKI support?
certificate keys
nonrepudiation keys
usage keys
variable keys
Which three primary functions are required to secure communication across network links? (Choose three.)
accounting
anti-replay protection
authentication
authorization
confidentiality
integrity
Refer to the exhibit. Which type of cipher method is depicted?
Caesar cipher
stream cipher
substitution cipher
transposition cipher
Which statement describes a cryptographic hash function?
A one-way cryptographic hash function is hard to invert.
The output of a cryptographic hash function can be any length.
The input of a cryptographic hash function has a fixed length.
A cryptographic hash function is used to provide confidentiality.
Which statement is a feature of HMAC?
HMAC is based on the RSA hash function.
HMAC uses a secret key that is only known to the sender and defeats man-in-the-middle attacks.
HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.
HMAC uses protocols such as SSL or TLS to provide session layer confidentiality.
Which encryption protocol provides network layer confidentiality?
IPsec protocol suite
Keyed MD5
Message Digest 5
Secure Sockets Layer
Secure Hash Algorithm 1
Transport Layer Security
Refer to the exhibit. Which encryption algorithm is described in the exhibit?
3DES
AES
DES
RC4
SEAL
Which statement describes asymmetric encryption algorithms?
They include DES, 3DES, and AES.
They have key lengths ranging from 80 to 256 bits.
They are also called shared-secret key algorithms.
They are relatively slow because they are based on difficult computational algorithms.
Which two statements correctly describe certificate classes used in the PKI? (Choose two.)
A class 0 certificate is for testing purposes.
A class 0 certificate is more trusted than a class 1 certificate.
The lower the class number, the more trusted the certificate.
A class 5 certificate is for users with a focus on verification of email.
A class 4 certificate is for online business transactions between companies.
Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure?
The CA is always required, even after user verification is complete.
The users must obtain the certificate of the CA and then their own certificate.
After user verification is complete, the CA is no longer required, even if one of the involved certificates expires.
CA certificates are retrieved out-of-band using the PSTN, and the authentication is done in-band over a network.
Which characteristic of security key management is responsible for making certain that weak cryptographic keys are not used?
verification
exchange
generation
revocation and destruction
Which type of cryptographic key would be used when connecting to a secure website?
DES key
symmetric keys
hash keys
digital signatures
Which algorithm is used to automatically generate a shared secret for two systems to use in establishing an IPsec VPN?
ESP
DES
3DES
AH
DH
SSL
Which two non-secret numbers are initially agreed upon when the Diffie-Hellman algorithm is used? (Choose two.)
elliptic curve invariant
generator
pseudorandom nome
binomial coefficient
prime modulus
topological index
What does it mean when a hashing algorithm is collision resistant?
Exclusive ORs are performed on input data and produce a digest.
It is not feasible to compute the hash given the input data.
It uses a two-way function that computes a hash from the input and output data.
Two messages with the same hash are unlikely to occur.
I did mentioned above that all the answers for CCNA Security Chapter 7 are 100% correct. However, if you find any mistake or error, please do comment below to share with us the correct answer. We also do appreciate any latest version or new questions that you would like to share with us.
Credit: The answers for this CCNA Security Chapter 7 Test provided by Xase. All credit goes to him.
CCNA Security Chapter 7 v1.2
[by Jaime]
What are two properties of a cryptographic hash function? (Choose two.)
The input for a particular hash algorithm has to have a fixed size.
Complex inputs will produce complex hashes.
The hash function is one way and irreversible.
The output is a fixed length
Hash functions can be duplicated for authentication purposes.
Which cryptographic technique provides both data integrity and nonrepudiation?
MD5
HMAC
3DES
SHA-1
Why is the 3DES algorithm often preferred over the AES algorithm?
AES is more expensive to implement than 3DES.
3DES performs better in high-throughput, low-latency environments than AES.
3DES is more trusted because it has been proven secure for a longer period than AES.
Major networking equipment vendors such as Cisco have not yet adopted AES.
In which situation is an asymmetric key algorithm used?
An office manager encrypts confidential files before saving them to a removable device.
User data is transmitted across the network after a VPN is established.
A network administrator connects to a Cisco router with SSH.
Two Cisco routers authenticate each other with CHAP.
What is the purpose of a nonrepudiation service in secure communications?
to confirm the identity of the recipient of the communications
to ensure that the source of the communications is confirmed
to provide the highest encryption level possible
to ensure that encrypted secure communications cannot be decoded
In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself?
from the root CA or another subordinate CA at a higher level
from the root CA or another subordinate CA anywhere in the tree
from the root CA only
from the root CA or another subordinate CA at the same level
from the root CA or from self-generation
Which encryption algorithm is an asymmetric algorithm?
AES
DH
SEAL
3DES
How many bits does the Data Encryption Standard (DES) use for data encryption?
40 bits
56 bits
64 bits
72 bits
What feature of the AES encryption algorithm makes it more desirable to use than 3DES?
It runs faster and more efficiently.
AES uses the block cipher.
It is a symmetric algorithm.
It uses a longer key.
Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?
It requires more CPU resources than software-based AES does.
It is an example of an asymmetric algorithm.
It uses a 112-bit encryption key.
SEAL is a stream cipher.
What is the most common use of the Diffie-Helman algorithm in communications security?
to create password hashes for secure authentication
to encrypt data for secure e-commerce communications
to secure the exchange of keys used to encrypt data
to provide routing protocol authentication between routers
Which type of encryption algorithm uses public and private keys to provide authentication, integrity, and confidentiality?
symmetric
IPsec
asymmetric
shared secret
An online retailer needs a service to support the nonrepudiation of the transaction. Which component is used for this service?
the unique shared secret known only by the retailer and the customer
the public key of the retailer
the private key of the retailer
the digital signatures
[by abu7ala1]
Fill in the blank.
A shared secret is a key used in a symmetric encryption algorithm.
GRACIAS! .
perfect…
good ….
can someone help with Version 1.2 pliz
From v1.2
What are two properties of a cryptographic hash function? (Choose two.)
– The input for a particular hash algorithm has to have a fixed size.
– Complex inputs will produce complex hashes.
– *The hash function is one way and irreversible.*
– *The output is a fixed length*
– Hash functions can be duplicated for authentication purposes.
Which cryptographic technique provides both data integrity and nonrepudiation?
– MD5
– *HMAC*
– 3DES
– SHA-1
Why is the 3DES algorithm often preferred over the AES algorithm?
– AES is more expensive to implement than 3DES.
– 3DES performs better in high-throughput, low-latency environments than AES.
– *3DES is more trusted because it has been proven secure for a longer period than AES.*
– Major networking equipment vendors such as Cisco have not yet adopted AES.
In which situation is an asymmetric key algorithm used?
– An office manager encrypts confidential files before saving them to a removable device.
– User data is transmitted across the network after a VPN is established.
– *A network administrator connects to a Cisco router with SSH.*
– Two Cisco routers authenticate each other with CHAP.
What is the purpose of a nonrepudiation service in secure communications?
– to confirm the identity of the recipient of the communications
– *to ensure that the source of the communications is confirmed*
– to provide the highest encryption level possible
– to ensure that encrypted secure communications cannot be decoded
In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself?
– *from the root CA or another subordinate CA at a higher level*
– from the root CA or another subordinate CA anywhere in the tree
– from the root CA only
– from the root CA or another subordinate CA at the same level
– from the root CA or from self-generation
Which encryption algorithm is an asymmetric algorithm?
– AES
– *DH*
– SEAL
– 3DES
How many bits does the Data Encryption Standard (DES) use for data encryption?
– 40 bits
– *56 bits*
– 64 bits
– 72 bits
What feature of the AES encryption algorithm makes it more desirable to use than 3DES?
– *It runs faster and more efficiently.*
– AES uses the block cipher.
– It is a symmetric algorithm.
– It uses a longer key.
Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?
– It requires more CPU resources than software-based AES does.
– It is an example of an asymmetric algorithm.
– It uses a 112-bit encryption key.
– *SEAL is a stream cipher.*
What is the most common use of the Diffie-Helman algorithm in communications security?
– to create password hashes for secure authentication
– to encrypt data for secure e-commerce communications
– *to secure the exchange of keys used to encrypt data*
– to provide routing protocol authentication between routers
Which type of encryption algorithm uses public and private keys to provide authentication, integrity, and confidentiality?
– symmetric
– IPsec
– *asymmetric*
– shared secret
An online retailer needs a service to support the nonrepudiation of the transaction. Which component is used for this service?
– the unique shared secret known only by the retailer and the customer
– the public key of the retailer
– the private key of the retailer
– *the digital signatures*
Thanks Jaime. Question updated
v 1.2
Fill in the blank.
A shared secret is a key used in a **symmetric** encryption algorithm.
Thanks abu7ala1. Question and answers v1.2 updated