SSCP Cryptography Fundamentals Questions and Answers

Question 1

A security practitioner needs to ensure the integrity of a software patch before it is distributed to users. The goal is to provide a way for users to verify that the patch has not been altered in transit. Which cryptographic process is MOST suitable for this purpose?

Accepted Answer

Hashing

Answer

Hashing produces a unique, fixed-length string (a hash value or message digest) from a piece of data. If the software patch is altered in any way, the hash value will change. Users can calculate the hash of the downloaded file and compare it to the original hash provided by the vendor to ensure the file's integrity. Encryption is for confidentiality, and steganography is for hiding data, not for verifying integrity.

Question 2

An organization wants to implement a secure email system. The requirements state that only the intended recipient should be able to read the message content (confidentiality) and that the recipient must be able to verify the sender's identity (authenticity). Which combination of cryptographic technologies would BEST meet these requirements?

Accepted Answer

The sender hashes the message and encrypts the hash with their private key, then encrypts the message with the recipient's public key.

Answer

To ensure confidentiality, the message is encrypted with the recipient's public key, so only the recipient's private key can decrypt it. [18] To provide authenticity and non-repudiation, the sender creates a hash of the message and encrypts that hash with their own private key, creating a digital signature. [22, 26] The recipient can then use the sender's public key to decrypt the hash and verify the signature. [24]

Question 3

A security analyst is reviewing a legacy system that stores user passwords in a database. The analyst discovers the passwords are obfuscated using a method that is easily reversible. Which of the following was MOST likely used, representing the weakest form of password protection?

Accepted Answer

Base64 encoding

Answer

Base64 is an encoding scheme, not an encryption or hashing algorithm. It is designed to represent binary data in an ASCII string format and is easily reversible. Hashing (especially with a salt) and strong encryption algorithms like AES or RSA are secure methods for protecting passwords, whereas encoding provides no confidentiality.

Question 4

In a Public Key Infrastructure (PKI), what is the primary function of a Certificate Authority (CA)?

Accepted Answer

To vouch for the identity of an entity and bind it to a public key through a digital certificate. [7]

Answer

A Certificate Authority (CA) is a trusted third party that issues digital certificates. [7] The CA's main role is to verify the identity of an individual or organization (the subject) and then issue a digital certificate that binds that identity to their public key. [26] This creates a chain of trust. CAs do not store users' private keys.

Question 5

An attacker intercepts several encrypted messages sent with the same key. The attacker also has access to the plaintext for a few of those messages. Using this information, the attacker attempts to determine the key to decrypt other messages. What type of cryptographic attack is this?

Accepted Answer

Known-plaintext attack

Answer

In a known-plaintext attack, the attacker has access to both the plaintext and its corresponding encrypted version (ciphertext). [10] This allows the attacker to analyze the relationship between them to try and deduce the key or find weaknesses in the encryption algorithm. A ciphertext-only attack means the attacker only has the encrypted text. A chosen-plaintext attack is where the attacker can choose the plaintext to be encrypted.

SSCP Certification Practice Test

SSCP Certification Practice Test

SSCP Cryptography Fundamentals Questions and Answers