D430 Fundamentals of Information Security

Correct Answer

C. Confidentiality

Explanation

Symmetric encryption uses a single key for both encryption and decryption, and its primary goal is to ensure confidentiality. This means that only authorized users with the correct key can decrypt and access the data, keeping it protected from unauthorized parties. While symmetric encryption can contribute to other aspects of security, such as integrity when combined with hash functions, its primary purpose is maintaining confidentiality.

Why other options are wrong

A. Integrity

Integrity is related to ensuring that data has not been altered in an unauthorized manner. Symmetric encryption alone does not guarantee data integrity; this is typically achieved through hashing or digital signatures.

B. Availability

Availability ensures that data is accessible when needed. Symmetric encryption does not directly address availability; it focuses on protecting data confidentiality.

D. Authentication

Authentication verifies the identity of users or systems, which is not the main function of symmetric encryption. While encryption can be part of an authentication process, symmetric encryption itself primarily protects data confidentiality.

Correct Answer

C. identity, Asymmetric Cryptography

Explanation

Asymmetric cryptography involves a pair of keys – public and private – uniquely linked to a user's identity. This system ensures secure communication, where one key encrypts and the other decrypts the data. The concept relies on the mathematical link between the two keys, without one being derivable from the other, making it highly secure and ideal for tasks like digital signatures and secure messaging.

Why other options are wrong

A. Access Card, Asymmetric Cryptography

An access card is not the defining element tied to the public-private key pair. The keys are generated and associated with a user's identity for security purposes, not with physical items like access cards. This mischaracterizes the relationship between the user and the cryptographic keys.

B. Common Access Card, Symmetric Cryptography

Symmetric cryptography uses the same key for both encryption and decryption, which is not the concept being described. Also, Common Access Cards are specific hardware used in certain authentication systems, not a defining element of key generation or pairing.

D. identity, Symmetric Cryptography

Although the association with a user's identity is correct, symmetric cryptography does not use two keys. It relies on a single key for both encryption and decryption, which directly contradicts the description given in the question.

Correct Answer

D. Diffie-Hellman key exchange (DHE)

Explanation

The Diffie-Hellman key exchange (DHE) protocol generates temporary session keys for each communication, providing forward secrecy. This ensures that even if a long-term key is compromised, past communications remain secure because session keys cannot be derived from previous keys. This protects both past and future communications.

Why other options are wrong

A. Perfect Forward Secrecy (PFS)

While Perfect Forward Secrecy (PFS) is related to the concept of securing session keys and preventing the compromise of past communications, it refers to a broader security property rather than a specific protocol. DHE is one implementation of PFS.

B. Secure Hashing Algorithm (SHA)

SHA is a cryptographic hash function used for data integrity verification and generating secure hash values, not for generating temporary session keys for communication. It does not provide forward secrecy.

C. Pretty Good Privacy (PGP)

PGP is a protocol for encrypting emails and files, but it is not focused on session-based key exchanges that provide forward secrecy. It uses different mechanisms for public-key encryption and authentication.

Correct Answer

C. Accountability

Explanation

Accountability refers to the ability to trace actions taken by users back to their identities. This ensures that users can be held responsible for their actions, which is vital for maintaining security and preventing unauthorized activities.

Why other options are wrong

A. Authorization

Authorization is the process of determining what actions a user is allowed to perform. While it defines permissions, it does not ensure traceability of actions.

B. Authentication

Authentication verifies the identity of a user, but it does not track their actions once they are authenticated. Accountability is the process that ensures actions can be traced to the authenticated user.

D. Auditing

Auditing involves the collection and analysis of logs and activities. While it helps in tracking actions, it is not the component responsible for directly ensuring that actions are traceable to users; accountability covers this responsibility.

Correct Answer

B. Social engineering

Explanation

Social engineering is the use of manipulative tactics to trick individuals into revealing confidential information, often by exploiting human psychology. In this case, the caller is attempting to manipulate the user into providing sensitive login credentials by pretending to be from the IT department. Social engineering can occur over various communication channels and typically involves creating a sense of urgency or authority to convince the target to take action.

Why other options are wrong

A. Phishing

Phishing generally involves deceptive emails or websites aimed at tricking users into revealing sensitive information. While similar to social engineering, phishing is usually done electronically and involves impersonating a trusted entity via email or fake websites, not a direct phone call as described in this scenario.

C. Vishing

Vishing (voice phishing) is a type of phishing that specifically occurs over the phone. While the tactic described is indeed a phone call, it fits more broadly under social engineering, as it involves manipulation of the person’s trust rather than the primary method of deception being the phone itself.

D. Spear phishing

Spear phishing is a targeted form of phishing aimed at specific individuals or organizations, often with customized information. While similar to phishing, it involves more tailored attempts to deceive the victim. In this case, the attacker does not seem to be targeting a specific individual with personalized information, so it falls under the broader social engineering tactic.

Correct Answer

C. Subject Alternative Name (SAN)

Explanation

The Subject Alternative Name (SAN) extension in an SSL/TLS certificate allows for the inclusion of multiple domain names, including subdomains, within a single certificate. This is particularly useful for organizations that need to secure several domain names or subdomains but do not want to manage separate certificates for each one. SAN certificates can cover multiple domains, which reduces complexity and cost.

Why other options are wrong

A. Key Usage

Key Usage is a field in an SSL/TLS certificate that defines the purpose of the key contained in the certificate, such as encryption, digital signatures, or key agreement. It does not relate to the specification of multiple domains or subdomains for the certificate.

B. Extended Key Usage

Extended Key Usage is another extension in an SSL/TLS certificate that specifies additional purposes for which the certificate can be used, such as server authentication or code signing. It does not allow for the inclusion of multiple domain names or subdomains.

D. Basic Constraints

The Basic Constraints extension is used to specify whether the certificate is for a certificate authority (CA) or an end-entity. It helps define the hierarchical structure of certificates but does not specify the domains or subdomains associated with a certificate.

Correct Answer

B. A suspended key can be re-enabled, a revoked key cannot.

Explanation

A suspended key is temporarily disabled but can be re-enabled if the issue is resolved, such as when a user returns after a temporary absence or a potential compromise is investigated. In contrast, a revoked key is permanently invalidated and cannot be re-enabled, often due to security concerns like key compromise or user departure.

Why other options are wrong

A. A suspended key results from a key being compromised, a revoked key results from a key expiring.

This is incorrect because the distinction is not about expiration but about the state of the key. A suspended key is typically disabled temporarily for investigation, while a revoked key is permanently invalidated, regardless of whether it expired or was compromised.

C. A revoked key results from a key being compromised, a suspended key results from a key expiring.

While a revoked key can indeed result from a key being compromised, it is not correct to associate the suspension of a key with expiration. A suspended key can be temporarily disabled for a variety of reasons, including investigation of potential compromise or user action.

D. A revoked key can be re-enabled, a suspended key cannot.

This is incorrect because the opposite is true: a suspended key can be re-enabled if the reason for suspension is resolved, whereas a revoked key is permanently invalid and cannot be re-enabled.

Correct Answer

A. Asking for a username and password over the phone

Explanation

Social engineering involves manipulating people into divulging confidential information. Asking for a username and password over the phone is a classic example of social engineering, where the attacker uses deception or impersonation to gain access to sensitive data.

Why other options are wrong

B. Using someone else's unsecured wireless network

This is not social engineering. It is a technical approach where the attacker exploits an unsecured network rather than manipulating someone into giving away access credentials.

C. Hacking into a router

Hacking into a router is a technical attack, not a social engineering one. It involves exploiting vulnerabilities in a device to gain unauthorized access.

D. Virus

A virus is a type of malicious software, not a social engineering tactic. It spreads through systems to cause harm or steal data, but it does not rely on deceiving people to obtain access.

Correct Answer

D. So a user can't deny sending or receiving a communication

Explanation

Non-repudiation ensures that once a communication or transaction has occurred, the involved parties cannot deny their participation. This is particularly important in legal and business contexts where it is crucial to have evidence of who sent or received a message or completed an action.

Why other options are wrong

A. To prevent a user from capturing packets and viewing sensitive information

This is related to confidentiality and encryption, not non-repudiation. Non-repudiation deals with preventing denial of actions, not protecting data from being captured.

B. To prevent an unauthorized user from logging into the system

This option refers to authentication and access control, not non-repudiation. Non-repudiation addresses the issue of ensuring that a user cannot deny actions they've taken after they occur.

C. To trace the origin of a worm spread through email

This option is more related to traceability or incident response, not directly linked to non-repudiation. Non-repudiation ensures that actions or communications cannot be denied, whereas this option focuses on identifying malicious behavior.