SSCP Cryptography Fundamentals Questions and Answers

Question 1

A security practitioner needs to ensure the integrity of a software patch before it is distributed to users.
The goal is to provide a way for users to verify that the patch has not been altered in transit.
Which cryptographic process is MOST suitable for this purpose?

Accepted Answer

Hashing

Answer

Symmetric encryption

Answer

Steganography

Answer

Asymmetric encryption

Question 2

An organization wants to implement a secure email system. The requirements state that only the intended recipient should be able to read the message content (confidentiality) and that the recipient must be able to verify the sender's identity (authenticity). Which combination of cryptographic technologies would BEST meet these requirements?

Accepted Answer

The sender hashes the message and encrypts the hash with their private key, then encrypts the message with the recipient's public key.

Answer

The sender encrypts the message with their own private key, and the recipient decrypts with the sender's public key.

Answer

The sender encrypts the message with a symmetric key and sends the key to the recipient in a separate email.

Answer

The sender encrypts the message with the recipient's public key and signs the message with the recipient's public key.

Question 3

A security analyst is reviewing a legacy system that stores user passwords in a database. The analyst discovers the passwords are obfuscated using a method that is easily reversible. Which of the following was MOST likely used, representing the weakest form of password protection?

Accepted Answer

Base64 encoding

Answer

AES-256 encryption

Answer

Salting and hashing with SHA-256

Answer

Asymmetric encryption with RSA

Question 4

In a Public Key Infrastructure (PKI), what is the primary function of a Certificate Authority (CA)?

Accepted Answer

To vouch for the identity of an entity and bind it to a public key through a digital certificate. [7]

Answer

To generate and securely store the private keys for all users in the infrastructure.

Answer

To encrypt and decrypt messages exchanged between two parties.

Answer

To maintain a list of all encrypted communications for auditing purposes.

Question 5

An attacker intercepts several encrypted messages sent with the same key. The attacker also has access to the plaintext for a few of those messages. Using this information, the attacker attempts to determine the key to decrypt other messages. What type of cryptographic attack is this?

Accepted Answer

Known-plaintext attack

Answer

Ciphertext-only attack

Answer

Brute-force attack

Answer

Chosen-plaintext attack

Question 6

Which of the following statements correctly describes a key difference between symmetric and asymmetric encryption?

Accepted Answer

Asymmetric encryption resolves the problem of secure key distribution that exists with symmetric encryption.

Answer

Asymmetric encryption is generally faster and more efficient for encrypting large amounts of data.

Answer

Symmetric encryption uses two different keys for encryption and decryption, while asymmetric uses one.

Answer

Symmetric encryption is primarily used for digital signatures, while asymmetric encryption is used for bulk data confidentiality.