EC-COUNCIL EC-COUNCIL Certifications 212-81 Questions & Answers

• Question 121:

  Which of the following is an asymmetric algorithm related to the equation y^2 = x^3 + Ax + B?

  A. Blowfish

  B. Elliptic Curve

  C. AES

  D. RSA

  Correct Answer: B

  Elliptic Curve

  https://en.wikipedia.org/wiki/Elliptic-curve_cryptography For current cryptographic purposes, an elliptic curve is a plane curve over a finite field (rather than the real numbers) which consists of the points satisfying the equation:

• Question 122:

  In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

  A. Keyed Hashing

  B. Double Hashing

  C. Salting

  D. Key Stretching

  Correct Answer: C

  Salting https://en.wikipedia.org/wiki/Salt_(cryptography) A salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase. Salts are used to safeguard passwords in storage. Historically a password was stored in plaintext on a system, but over time additional safeguards were developed to protect a user's password against being read from the system. A new salt is randomly generated for each password. In a typical setting, the salt and the password (or its version after key stretching) are concatenated and processed with a cryptographic hash function, and the output hash value (but not the original password) is stored with the salt in a database. Hashing allows for later authentication without keeping and therefore risking exposure of the plaintext password in the event that the authentication data store is compromised. Salts defend against a pre-computed hash attack, e.g. rainbow tables.Since salts do not have to be memorized by humans they can make the size of the hash table required for a successful attack prohibitively large without placing a burden on the users. Since salts are different in each case, they also protect commonly used passwords, or those users who use the same password on several sites, by making all salted hash instances for the same password different from each other.

• Question 123:

  John is going to use RSA to encrypt a message to Joan. What key should he use?

  A. A random key

  B. Joan's public key

  C. A shared key

  D. Joan's private key

  Correct Answer: B

  Joan's public key https://en.wikipedia.org/wiki/RSA_(cryptosystem) Suppose Joahn uses Bob's public key to send him an encrypted message. In the message, she can claim to be Alice but Bob has no way of verifying that the message was actually from Alice since anyone can use Bob's public key to send him encrypted messages. In order to verify the origin of a message, RSA can also be used to sign a message. Suppose Alice wishes to send a signed message to Bob. She can use her own private key to do so. She produces a hash value of the message, raises it to the power of d (modulo n) (as she does when decrypting a message), and attaches it as a "signature" to the message. When Bob receives the signed message, he uses the same hash algorithm in conjunction with Alice's public key. He raises the signature to the power of e (modulo n) (as he does when encrypting a message), and compares the resulting hash value with the message's actual hash value. If the two agree, he knows that the author of the message was in possession of Alice's private key, and that the message has not been tampered with since.

• Question 124:

  Which algorithm was U. S. Patent 5,231,668, filed on july 26, 1991, attributed to David W. Kravitz, and adopted by the U. S. government in 1993 with FIPS 186?

  A. DSA

  B. AES

  C. RC4

  D. RSA

  Correct Answer: A

  DSA https://en.wikipedia.org/wiki/Digital_Signature_Algorithm DSA is covered by U.S. Patent 5,231,668 , filed July 26, 1991 and now expired, and attributed to David W. Kravitz, a former NSA employee. This patent was given to "The United States of America as represented by the Secretary of Commerce, Washington, D.C.", and NIST has made this patent available worldwide royalty-free. Claus P. Schnorr claims that his U.S. Patent 4,995,082 (also now expired) covered DSA; this claim is disputed.

• Question 125:

  A cipher is defined as what

  A. The algorithm(s) needed to encrypt and decrypt a message

  B. Encrypted text

  C. The key used to encrypt a message

  D. Any algorithm used in cryptography

  Correct Answer: A

  The algorithm(s) needed to encrypt and decrypt a message https://en.wikipedia.org/wiki/Cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption--a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. To encipher or encode is to convert information into cipher or code. In common parlance, "cipher" is synonymous with "code", as they are both a set of steps that encrypt a message; however, the concepts are distinct in cryptography, especially classical cryptography.

• Question 126:

  In IPSec, if the VPN is a gateway-gateway or a host-gateway, then which one of the following is true?

  A. IPSec does not involve gateways

  B. Only transport mode can be used

  C. Encapsulating Security Payload (ESP) authentication must be used

  D. Only the tunnel mode can be used

  Correct Answer: D

  IPSec has two different modes: transport mode and tunnel mode.

  Only the tunnel mode can be used

  https://en.wikipedia.org/wiki/IPsec

  In tunnel mode, the entire IP packet is encrypted and authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for network-to-network communications (e.g.

  between routers to link sites), host- to-network communications (e.g. remote user access) and host-to-host communications (e.g. private chat).

• Question 127:

  You are trying to find a modern method for security web traffic for use in your company's ecommerce web site. Which one of the following is used to encrypt web pages and uses bilateral authentication?

  A. AES

  B. SSL

  C. TLS

  D. 3DES

  Correct Answer: C

  TLS https://en.wikipedia.org/wiki/Mutual_authentication Mutual authentication or two-way authentication refers to two parties authenticating each other at the same time, being a default mode of authentication in some protocols (IKE, SSH) and optional in others (TLS). By default the TLS protocol only proves the identity of the server to the client using X.509 certificate and the authentication of the client to the server is left to the application layer. TLS also offers client-to-server authentication using client-side

  X.509 authentication. As it requires provisioning of the certificates to the clients and involves less user-friendly experience, it's rarely used in end-user applications.

• Question 128:

  Ahlen is using a set of pre-calculated hashes to attempt to derive the passwords from a Windows SAM file. What is a set of pre-calculated hashes used to derive a hashed password called?

  A. Hash matrix

  B. Rainbow table

  C. Password table

  D. Hash table

  Correct Answer: B

  Rainbow table https://en.wikipedia.org/wiki/Rainbow_table A rainbow table is a precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a key derivation function (or credit card numbers, etc.) up to a certain length consisting of a limited set of characters. It is a practical example of a space-time tradeoff, using less computer processing time and more storage than a brute-force attack which calculates a hash on every attempt, but more processing time and less storage than a simple key derivation function with one entry per hash. Use of a key derivation that employs a salt makes this attack infeasible.

• Question 129:

  Which one of the following terms describes two numbers that have no common factors?

  A. Coprime

  B. Fermat's number

  C. Euler's totient

  D. Convergent

  Correct Answer: A

  Coprime https://en.wikipedia.org/wiki/Coprime_integers In number theory, two integers a and b are said to be relatively prime, mutually prime, or coprime if the only positive integer (factor) that divides both of them is 1. Consequently, any prime number that divides one of a or b does not divide the other. This is equivalent to their greatest common divisor (gcd) being 1.

• Question 130:

  Widely used, particularly with Microsoft operating systems. Created by MIT and derives its name from the mythical three headed dog. The is a great deal of verification for the tickets and the tickets expire quickly. Client authenticates to the Authentication Server once using a long term shared secret and receives back a Ticket-Granting Server. Client can reuse this ticket to get additional tickets without reusing the shared secret. These tickets are used to prove authentication to the Service Server.

  A. Diffie-Hellman

  B. Yarrow

  C. Kerberos

  D. ElGamal

  Correct Answer: C

  Kerberos https://en.wikipedia.org/wiki/Kerberos_(protocol) Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. The protocol was named after the character Kerberos (or Cerberus) from Greek mythology, the ferocious three-headed guard dog of Hades. Its designers aimed it primarily at a client-server model and it provides mutual authentication--both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography during certain phases of authentication. Kerberos uses UDP port 88 by default.