S Level 4 ertificate in Employment of ryptography QN 603/0892/8 Specimen Paper Record your surname/ last/ family name and initials on the nswer Sheet. Specimen paper only. 20 multiple-choice questions 1 mark awarded to each question. Mark only one answer for each question. There are no trick questions. number of possible answers are given for each question, indicated by either... or. Your answers should be clearly indicated on the nswer Sheet. The pass mark is 13/20. This is a specimen examination paper only. The full paper will contain 40 questions with a pass mark for the full paper of 26/40. opying of this paper is expressly forbidden without the direct approval of S, The hartered Institute for IT. opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 1 of 6
1 Select the protocol suite that employs the following three protocols: 1) uthentication Headers (H) 2) Encapsulating Security Payload (ESP) 3) Security ssociations (Ss). HTTPS. TLS/SSL. SSH. IPsec. 2 Which two of the following are certificates used for? a) lient authentication. b) WEP encryption. c) ccess control lists. d) ode signing. e) Password hashing. b and c only. c and e only. d and e only. a and d only. 3 Which of the following is a symmetric encryption algorithm? RS. 3ES. iffie-hellman. S. 4 Non-repudiation is a feature of cryptography that can be implemented using which one of the following? VPN. n IPSE Tunnel. igital ertificate. Password Verification. opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 2 of 6
5 collision attack on M5 attempts to find which of the following? Two messages that will produce two different hashes. One message that will produce two identical hashes. One message that will produce two different hashes. Two messages that will produce identical hashes. 6 Entropy in a computer system may be used for which one of the following purposes? To detect intrusion attempts by their signature. To verify passwords at login. To create session keys. To scan attachments for threats. 7 International ata Encryption lgorithm (IE) was developed by Xuejia Lai and whom? James Massey. ruce Schneier. arlisle dams. Stafford Tavares. 8 simple substitution cipher changes each plaintext symbol in what manner? It uses a different substitution alphabet for each symbol. It employs a 1 to 1 correspondence table. Plaintext is transformed into a group of random symbols. The cipher is changed into a single random symbol. 9 Which of the following is NOT a secure VPN protocol? Internet Protocol Security (IPsec). Microsoft Windows Network asic Input/Output System. (NetIOS). Transport Layer Security (SSL/TLS). Microsoft Secure Socket Tunnelling Protocol (SSTP). opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 3 of 6
10 Which two of the following can be used on a smartphone to EST protect against sensitive data loss if the device is stolen? a) Tethering. b) Remote wipe. c) Email password. d) GPS tracking. e) evice encryption. a and b only. c and d only. b and e only. d and e only. 11 security administrator has been tasked with explaining authentication services to the company s management team. The company runs an active directory infrastructure. Which of the following solutions EST relates to the host authentication protocol within the company s environment? Kerberos. Least Privilege. TS+. LP. 12 Which of the following describes a situation when a cryptographic key component is held by a third party? Key list. Key escrow. Key loader. Key exchange. 13 way of verifying both the sender of information and the integrity of a message is through the use of which of the following? igital signatures. igital certificates. Public key encryption. Private key encryption. opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 4 of 6
14 Which of these tools are MOST LIKELY to be used during the discovery phase of a penetration test? Nessus. Wireshark. Network Mapper. urp. 15 Which of the following is the EST description of ciphers? Stream ciphers encrypt continuous streams of data. lock ciphers encrypt blocks of data of variable size. Polyalphabetic substitution ciphers keep the substitution alphabet constant for every symbol. Transposition ciphers take groups of characters and shift them according to a random system. 16 Which of the following cts were signed into law in 2000? yber Security Enhancement ct. Online Privacy Protection ct. No-Electron Theft ct. Electronic Signatures in Global and National ommerce ct. 17 Voice privacy in GSM cellular telephone protocol is provided by which cipher? 5/2. 5/4. 6/2. 5/8. 18 What UK evaluation scheme helps private sector companies develop cryptographic products? Federal Information Processing Standards Publication (FIPS). ommercial Product ssurance (P). ESG ssisted Products Service (PS). Information Technology Security Evaluation and ertification Scheme (ITSE). opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 5 of 6
19 Which of the following is an organisation that sends out information about known security vulnerabilities in software? PGP. PKI. ERT. RS. 20 When a connection is made to a secure HTTPS web page, which of the following actions is performed first? The username and password are sent for authentication. The client establishes its identity to the web server. The web page is displayed and then authentication is performed. digital certificate establishes the web site identity to the browser. -End of Paper- opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 6 of 6