Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)

Previous Topic/Section
4.3.3  Trust Models
Previous Page
Pages in Current Topic/Section
Next Page
4.4  Standards and Protocols
Next Topic/Section

Pop Quiz 4.1
(Page 2 of 2)


1. Hashes are slower than digital signature algorithms. False

Explanation: Since hash functions are generally faster than encryption or digital signature algorithms, it is typical to compute the digital signature or integrity check to some document by applying cryptographic processing to the document's hash value, which is small compared to the document itself.

Hash functions do not require 128bit computing. Also, they are not typically more secure than the public key encryption used for digital signatures, although digital signatures may use an encrypted hash value. Hash functions are standardized, rather than proprietary. Common hash functions include MD-5 and SHA-1.


2. DES is considered to be insufficient .

Explanation: While the 56-bit key encryption in DES now only offers a few hours of protection against exhaustive search by a modern dedicated machine [Wie94], the current rate of increase in computing power is such that an 80-bit key as used by Skipjack can be expected to offer the same level of protection against exhaustive key search in 18 years time as DES does today [BDK93].

Typically, as computer power increases, encryption algorithms once considered secure become insecure due to the reduced amount of time and resources necessary to break them.


3. A certificate is used to allow verification of the claim that a specific public key does in fact belong to a specific individual.

Explanation: Certificates are issued by the certificate authority. Certificates are digital documents attesting to the binding of a public key to an individual or other entity. They allow verification of the claim that a specific public key does in fact belong to a specific individual. Certificates help prevent someone from using a phony key to impersonate someone else. In some cases it may be necessary to create a chain of certificates, each one certifying the previous one until the parties involved are confident in the identity in question.


4. A typical certificate contains a number of data entries. One entry NOT included in a typical certificate is the type of server .

Explanation: In their simplest form, certificates contain a public key and a name. As commonly used, a certificate also contains an expiration date, the name of the certifying authority that issued the certificate, a serial number, and perhaps other information. Most importantly, it contains the digital signature of the certificate issuer. The most widely accepted format for certificates is defined by the ITU-T X.509 international standard.


5. Digital Certificates can provide:

A. Authentication

B. Integrity

C. Encryption

D. Token verification

E. No choice is correct

Explanation: (from

Authentication: This is digital verification of who you are, much in the same way your driver's license proves your identity. It is very easy to send spoofed email. I can email anyone in the world pretending I am the President of the United States. Using standard email, there is no way to verify who the sender is, i.e. if it is actually the President. With digital signatures and certificates, you digitally encode verifiable proof of your identity into the email.

  • Integrity: This is the verification that the data you sent has not been altered. When email or other data travels across the Internet, it routes through various gateways (way stations). It is possible for people to capture, alter, and then resend the message. Example, your boss emails the company president stating that you should be fired. It is possible for you to intercept that email and change it saying you deserve a $10,000 raise. With digital certificates, your email cannot be altered without the recipient knowing.

  • Encryption: This ensures that your data was unable to be read or utilized by any party while in transit. Your message is encrypted into incomprehensible gibberish before it leaves your computer. It maintains it encrypted (gibberish) state during its travel through the Internet. It is not de-crypt until the recipient receives it. Because of the public-key cryptography used (discussed later) only the recipient can decipher the received message, no one else can.

Token Verification: Digital tokens replace your password that can be easily guessed. Tokens offer a more secure way of access to sensitive data. The most common way to secure data or a web site is with passwords. Before anyone accesses the data, they are prompted with their user login id and password. However, this is easily cracked using various types of security software (such as Crack 5.0, etc.). Also, passwords can be found with other means, such as social engineering. Passwords are not secure. Token verification is more secure. Your digital certificate is an encrypted file that sits on your hard drive. When you need access to a system, that system asks you for your digital certificate instead of a password. Your computer would then send the certificate, in encrypted format, through the Internet, authorizing you for access. For this to be compromised, someone would have to copy this file from your computer, AND know your password to de-crypt the file."

Previous Topic/Section
4.3.3  Trust Models
Previous Page
Pages in Current Topic/Section
Next Page
4.4  Standards and Protocols
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.