1. What is the primary goal of cryptography?
A) Speeding up communication
B) Ensuring data integrity, confidentiality, and authenticity
C) Improving network bandwidth
D) Reducing file size
โ
Answer: B) Ensuring data integrity, confidentiality, and authenticity
๐น Explanation: Cryptography is used to protect information by ensuring confidentiality (secrecy), integrity (unchanged data), and authenticity (verifying the sender and receiver).
2. Which of the following is a symmetric encryption algorithm?
A) RSA
B) AES
C) ECC
D) Diffie-Hellman
โ
Answer: B) AES
๐น Explanation: AES (Advanced Encryption Standard) is a symmetric encryption algorithm, meaning it uses the same key for encryption and decryption.
3. What is the key difference between symmetric and asymmetric encryption?
A) Symmetric encryption uses one key, asymmetric uses two keys
B) Asymmetric encryption is faster than symmetric encryption
C) Symmetric encryption is more secure than asymmetric encryption
D) Both use the same encryption key
โ
Answer: A) Symmetric encryption uses one key, asymmetric uses two keys
๐น Explanation: Symmetric encryption uses a single key for both encryption and decryption, whereas asymmetric encryption (e.g., RSA) uses a public key for encryption and a private key for decryption.
4. Which of the following is an example of asymmetric encryption?
A) AES
B) DES
C) RSA
D) Blowfish
โ
Answer: C) RSA
๐น Explanation: RSA (Rivest-Shamir-Adleman) is a widely used asymmetric encryption algorithm that uses a public and private key pair.
5. What is a hash function used for in cryptography?
A) Encrypting data
B) Generating a unique fixed-size output from input data
C) Exchanging secret keys
D) Creating public and private keys
โ
Answer: B) Generating a unique fixed-size output from input data
๐น Explanation: A hash function (e.g., SHA-256) maps input data to a fixed-length string. It is irreversible and is commonly used for data integrity verification.
6. Which of the following hash functions is considered secure for cryptographic use?
A) MD5
B) SHA-1
C) SHA-256
D) CRC32
โ
Answer: C) SHA-256
๐น Explanation: MD5 and SHA-1 are vulnerable to collisions, while SHA-256 (part of SHA-2) is still considered secure for cryptographic applications.
7. What is the purpose of the Diffie-Hellman algorithm?
A) Encrypting messages
B) Generating a digital signature
C) Secure key exchange over an insecure channel
D) Hashing passwords
โ
Answer: C) Secure key exchange over an insecure channel
๐น Explanation: The Diffie-Hellman algorithm allows two parties to securely exchange cryptographic keys over a public, insecure network.
8. Which of the following statements about digital signatures is true?
A) Digital signatures are used for encryption
B) Digital signatures ensure message authenticity and integrity
C) Digital signatures are only used in emails
D) Digital signatures require symmetric encryption
โ
Answer: B) Digital signatures ensure message authenticity and integrity
๐น Explanation: Digital signatures use asymmetric encryption to verify authenticity, integrity, and non-repudiation of a message or document.
9. What is Public Key Infrastructure (PKI)?
A) A system that manages cryptographic keys and digital certificates
B) A type of symmetric encryption
C) A software program for encrypting files
D) A protocol for securing email
โ
Answer: A) A system that manages cryptographic keys and digital certificates
๐น Explanation: PKI (Public Key Infrastructure) is a framework that manages public-private key pairs and digital certificates to establish secure communications.
10. Which encryption algorithm is commonly used in HTTPS communication?
A) DES
B) Blowfish
C) RSA
D) ROT13
โ
Answer: C) RSA
๐น Explanation: HTTPS uses RSA for key exchange and AES for encrypting communication to ensure secure web browsing.
11. What does the term โsaltโ refer to in password hashing?
A) A key used for symmetric encryption
B) Random data added to a password before hashing
C) The output of a hash function
D) A method of encoding data
โ
Answer: B) Random data added to a password before hashing
๐น Explanation: A salt is a random value added to passwords before hashing to prevent attackers from using precomputed hash tables (rainbow tables).
12. Which of the following is a characteristic of a strong cryptographic algorithm?
A) Fixed-length encryption keys
B) Open-source, peer-reviewed algorithms
C) Proprietary encryption standards
D) Easily reversible computations
โ
Answer: B) Open-source, peer-reviewed algorithms
๐น Explanation: Strong cryptographic algorithms should be open and tested by experts to ensure security rather than relying on secrecy.
13. What is the main weakness of DES (Data Encryption Standard)?
A) Uses asymmetric encryption
B) Too slow for modern applications
C) Short key length makes it vulnerable to brute-force attacks
D) Lacks integrity verification
โ
Answer: C) Short key length makes it vulnerable to brute-force attacks
๐น Explanation: DES uses a 56-bit key, which is too short, making it vulnerable to brute-force attacks.
14. What does SSL/TLS use to secure communication?
A) Only symmetric encryption
B) Only asymmetric encryption
C) A combination of symmetric and asymmetric encryption
D) Hashing only
โ
Answer: C) A combination of symmetric and asymmetric encryption
๐น Explanation: SSL/TLS uses asymmetric encryption (RSA) for key exchange and symmetric encryption (AES) for secure communication.
15. What is a cipher?
A) A key exchange algorithm
B) A method for decrypting messages
C) An algorithm used for encrypting and decrypting data
D) A type of cryptographic hash function
โ
Answer: C) An algorithm used for encrypting and decrypting data
๐น Explanation: A cipher is an algorithm that encrypts plaintext into ciphertext and decrypts ciphertext into plaintext.
16. What is the main advantage of elliptic curve cryptography (ECC)?
A) Uses shorter keys for the same security level
B) More complex than RSA
C) Requires more computing power
D) Cannot be used for encryption
โ
Answer: A) Uses shorter keys for the same security level
๐น Explanation: ECC provides the same security as RSA but with much smaller key sizes, making it efficient for resource-limited devices.
17. What is steganography?
A) A form of cryptographic hashing
B) A method of hiding data within other files
C) A public key exchange algorithm
D) A type of digital certificate
โ
Answer: B) A method of hiding data within other files
๐น Explanation: Steganography is the technique of concealing data inside images, audio, or other media.
18. Which attack attempts to find two different inputs producing the same hash value?
A) Brute-force attack
B) Collision attack
C) Key stretching attack
D) Side-channel attack
โ
Answer: B) Collision attack
๐น Explanation: A collision attack exploits the possibility that two different inputs can produce the same hash value, making hashing functions like MD5 and SHA-1 vulnerable.
19. Which type of encryption is commonly used to protect data at rest?
A) Asymmetric encryption
B) Symmetric encryption
C) Hashing
D) Stream cipher
โ
Answer: B) Symmetric encryption
๐น Explanation: Symmetric encryption (e.g., AES) is commonly used for data at rest because it is faster and more efficient than asymmetric encryption.
20. What is key stretching in cryptography?
A) Extending key length using hash functions to make brute-force attacks harder
B) A method of exchanging cryptographic keys securely
C) Generating a public-private key pair
D) Increasing encryption speed by reducing key size
โ
Answer: A) Extending key length using hash functions to make brute-force attacks harder
๐น Explanation: Key stretching (e.g., PBKDF2, bcrypt, and scrypt) strengthens weak passwords by adding computational work to slow down brute-force attacks.
21. What is the purpose of a nonce in encryption?
A) To serve as a private key
B) To introduce randomness and prevent replay attacks
C) To compress encrypted data
D) To replace the encryption key
โ
Answer: B) To introduce randomness and prevent replay attacks
๐น Explanation: A nonce (Number used once) is a random value added to encryption to ensure each operation produces a unique output.
22. Which of the following is NOT a property of a secure hash function?
A) Preimage resistance
B) Collision resistance
C) Key exchange capability
D) Avalanche effect
โ
Answer: C) Key exchange capability
๐น Explanation: Hash functions (e.g., SHA-256) are used for data integrity, not key exchange. Key exchange is typically handled by asymmetric encryption.
23. What does a digital certificate contain?
A) The private key of the user
B) A cryptographic hash of the userโs password
C) A public key and information about the certificate owner
D) A list of encryption algorithms
โ
Answer: C) A public key and information about the certificate owner
๐น Explanation: A digital certificate (used in PKI) contains a public key, certificate authority (CA) information, expiration date, and identity details.
24. What is the purpose of the CA (Certificate Authority) in Public Key Infrastructure (PKI)?
A) To generate private keys
B) To store encryption keys
C) To verify and issue digital certificates
D) To encrypt email messages
โ
Answer: C) To verify and issue digital certificates
๐น Explanation: A CA (Certificate Authority) is a trusted entity that issues and verifies digital certificates, ensuring the authenticity of public keys.
25. What does a block cipher do?
A) Encrypts one bit at a time
B) Encrypts a fixed-size block of data at a time
C) Generates cryptographic hashes
D) Exchanges cryptographic keys
โ
Answer: B) Encrypts a fixed-size block of data at a time
๐น Explanation: Block ciphers (e.g., AES, DES) encrypt data in fixed-size chunks, whereas stream ciphers encrypt data continuously.
26. Which key exchange algorithm is most commonly used in TLS?
A) AES
B) Diffie-Hellman
C) MD5
D) SHA-256
โ
Answer: B) Diffie-Hellman
๐น Explanation: Diffie-Hellman and Elliptic Curve Diffie-Hellman (ECDH) are commonly used for secure key exchange in TLS protocols.
27. What is forward secrecy in cryptographic communications?
A) Protecting past communications even if future keys are compromised
B) Encrypting only part of a message
C) Using the same key for all sessions
D) A method for faster encryption
โ
Answer: A) Protecting past communications even if future keys are compromised
๐น Explanation: Forward secrecy ensures that even if a long-term private key is leaked, previous session keys cannot be decrypted.
28. What is a cryptographic key escrow?
A) A secure way to generate keys
B) A method of recovering lost encryption keys
C) A process of storing encryption keys with a trusted third party
D) A key stretching technique
โ
Answer: C) A process of storing encryption keys with a trusted third party
๐น Explanation: Key escrow involves storing a copy of encryption keys with a trusted entity, often for legal or regulatory reasons.
29. What does an HMAC (Hash-based Message Authentication Code) provide?
A) Encryption of data
B) Authentication and integrity verification
C) Public key distribution
D) Data compression
โ
Answer: B) Authentication and integrity verification
๐น Explanation: HMAC combines a hash function (e.g., SHA-256) with a secret key to ensure data authenticity and integrity.
30. Which cryptographic principle ensures that even a small change in input produces a drastically different output?
A) Preimage resistance
B) Diffusion
C) Avalanche effect
D) Key derivation
โ
Answer: C) Avalanche effect
๐น Explanation: The avalanche effect means that a small change in input results in a completely different hash output, increasing security.
31. What is a one-time pad cipher?
A) A symmetric encryption method using a random key as long as the message
B) A modern stream cipher
C) A hashing technique
D) A key exchange protocol
โ
Answer: A) A symmetric encryption method using a random key as long as the message
๐น Explanation: The one-time pad is perfectly secure if the key is truly random, used only once, and kept secret.
32. What is the main disadvantage of asymmetric encryption?
A) It cannot be used for authentication
B) It requires a separate key exchange mechanism
C) It is slower than symmetric encryption
D) It does not support digital signatures
โ
Answer: C) It is slower than symmetric encryption
๐น Explanation: Asymmetric encryption (e.g., RSA) is computationally slower than symmetric encryption (e.g., AES) due to complex key operations.
33. What is the purpose of key wrapping?
A) Hiding a key inside another key
B) Encrypting one cryptographic key using another
C) Generating a private-public key pair
D) Hashing passwords
โ
Answer: B) Encrypting one cryptographic key using another
๐น Explanation: Key wrapping encrypts a sensitive key using a master key, ensuring secure key management.
34. What type of attack tries all possible encryption keys to decrypt data?
A) Side-channel attack
B) Brute-force attack
C) Birthday attack
D) Chosen-plaintext attack
โ
Answer: B) Brute-force attack
๐น Explanation: A brute-force attack systematically tries every possible key until the correct one is found.
35. What is homomorphic encryption?
A) Encryption that allows computations on encrypted data without decryption
B) A symmetric encryption technique
C) A type of hashing
D) An alternative to AES
โ
Answer: A) Encryption that allows computations on encrypted data without decryption
๐น Explanation: Homomorphic encryption enables mathematical operations on encrypted data without decrypting it.
36. What is a cryptographic “keyspace”?
A) The amount of storage required for encryption keys
B) The range of all possible keys in an encryption algorithm
C) A physical location where cryptographic keys are stored
D) A special type of hash function
โ
Answer: B) The range of all possible keys in an encryption algorithm
๐น Explanation: The keyspace refers to all possible key values that an encryption algorithm can generate. A larger keyspace increases security against brute-force attacks.
37. What is the primary advantage of using Elliptic Curve Cryptography (ECC) over RSA?
A) It is easier to implement
B) It is faster but requires longer key lengths
C) It provides the same security with much shorter key lengths
D) It only supports symmetric encryption
โ
Answer: C) It provides the same security with much shorter key lengths
๐น Explanation: ECC provides strong security with smaller key sizes, making it more efficient than RSA, especially for mobile and IoT devices.
38. In cryptography, what is an Initialization Vector (IV)?
A) A random or pseudo-random value used to ensure unique encryption results
B) A private key in an asymmetric encryption system
C) A digital certificate used for authentication
D) A symmetric encryption algorithm
โ
Answer: A) A random or pseudo-random value used to ensure unique encryption results
๐น Explanation: An Initialization Vector (IV) ensures that the same plaintext encrypted multiple times will produce different ciphertexts, preventing patterns.
39. What is the primary weakness of a substitution cipher?
A) It is not reversible
B) It cannot be brute-forced
C) It does not hide letter frequency distributions
D) It requires a one-time pad
โ
Answer: C) It does not hide letter frequency distributions
๐น Explanation: Substitution ciphers, like the Caesar cipher, are vulnerable to frequency analysis because they do not alter the frequency of letters in plaintext.
40. What is a side-channel attack in cryptography?
A) A method that attacks encryption algorithms mathematically
B) A method that exploits information from physical implementations of cryptographic systems
C) A brute-force attack
D) A type of symmetric encryption
โ
Answer: B) A method that exploits information from physical implementations of cryptographic systems
๐น Explanation: Side-channel attacks exploit physical properties like power consumption, electromagnetic emissions, or execution time to break cryptographic security.
41. What is the primary function of Transport Layer Security (TLS)?
A) Encrypting stored data
B) Ensuring secure communication over a network
C) Encrypting entire operating systems
D) Replacing symmetric encryption algorithms
โ
Answer: B) Ensuring secure communication over a network
๐น Explanation: TLS encrypts data to provide secure communication over the internet, particularly in HTTPS.
42. What is a cryptographic “nonce” typically used for?
A) Hashing passwords
B) Key exchange in public-key cryptography
C) Ensuring that the same message is not encrypted identically twice
D) Encrypting entire hard drives
โ
Answer: C) Ensuring that the same message is not encrypted identically twice
๐น Explanation: A nonce is a unique, one-time value used in encryption to ensure no two messages are encrypted identically, preventing replay attacks.
43. What is a stream cipher?
A) A cipher that encrypts data in fixed-size blocks
B) A method of exchanging encryption keys
C) A cipher that encrypts data one bit or byte at a time
D) A hashing algorithm
โ
Answer: C) A cipher that encrypts data one bit or byte at a time
๐น Explanation: Stream ciphers, like RC4, encrypt data one bit or byte at a time, making them efficient for real-time encryption.
44. Which of the following cryptographic algorithms is NOT considered secure for modern use?
A) RSA
B) SHA-256
C) DES
D) AES-256
โ
Answer: C) DES
๐น Explanation: DES (Data Encryption Standard) has a 56-bit key length, which is too short for modern security, making it vulnerable to brute-force attacks.
45. Which type of cryptographic attack involves an attacker obtaining plaintext and its corresponding ciphertext?
A) Brute-force attack
B) Known-plaintext attack
C) Chosen-ciphertext attack
D) Side-channel attack
โ
Answer: B) Known-plaintext attack
๐น Explanation: In a known-plaintext attack, the attacker has access to both plaintext and ciphertext pairs, helping them analyze the encryption method.
46. Which key management technique is used to automatically generate new keys at regular intervals?
A) Key stretching
B) Key rotation
C) Key escrow
D) Key wrapping
โ
Answer: B) Key rotation
๐น Explanation: Key rotation involves generating new encryption keys periodically to enhance security and limit the impact of compromised keys.
**47. Which of the following is an example of an authenticated encryption algorithm?
A) DES
B) RSA
C) AES-GCM
D) SHA-512
โ
Answer: C) AES-GCM
๐น Explanation: AES-GCM (Galois/Counter Mode) provides both encryption and authentication, making it widely used in TLS and secure communications.
48. What is “perfect forward secrecy” (PFS) designed to protect against?
A) Attacks on hashing algorithms
B) Future decryption of recorded past communications
C) Side-channel attacks
D) Digital certificate expiration
โ
Answer: B) Future decryption of recorded past communications
๐น Explanation: Perfect Forward Secrecy (PFS) ensures that even if an encryption key is compromised in the future, previously recorded communications cannot be decrypted.
49. In digital signatures, what ensures that a signed message has not been altered?
A) A nonce
B) A hash of the message
C) A symmetric key
D) A substitution cipher
โ
Answer: B) A hash of the message
๐น Explanation: Digital signatures use hash functions to verify message integrity. If the hash changes, the message has been tampered with.
50. Which of the following is an example of quantum-resistant cryptography?
A) RSA-2048
B) AES-256
C) SHA-1
D) Lattice-based cryptography
โ
Answer: D) Lattice-based cryptography
๐น Explanation: Lattice-based cryptography is one of the leading approaches to quantum-resistant encryption, designed to withstand attacks from quantum computers.
51. What is the purpose of key derivation functions (KDFs) in cryptography?
A) To generate encryption keys from passwords securely
B) To create a digital signature
C) To exchange cryptographic keys over a network
D) To replace symmetric encryption algorithms
โ
Answer: A) To generate encryption keys from passwords securely
๐น Explanation: KDFs (Key Derivation Functions), such as PBKDF2, bcrypt, and scrypt, transform passwords into cryptographic keys, adding computational cost to resist brute-force attacks.
52. What cryptographic concept ensures that a message came from a specific sender?
A) Confidentiality
B) Integrity
C) Authenticity
D) Anonymity
โ
Answer: C) Authenticity
๐น Explanation: Authenticity ensures that a message was sent by a verified source, commonly enforced using digital signatures and certificates.
53. Which algorithm is commonly used in blockchain for digital signatures?
A) RSA
B) AES
C) ECDSA
D) DES
โ
Answer: C) ECDSA
๐น Explanation: ECDSA (Elliptic Curve Digital Signature Algorithm) is widely used in blockchain technology for signing transactions securely.
54. Which cryptographic attack involves modifying a message during transmission without the sender or receiver noticing?
A) Man-in-the-Middle (MitM) Attack
B) Dictionary Attack
C) Brute-Force Attack
D) Known-Plaintext Attack
โ
Answer: A) Man-in-the-Middle (MitM) Attack
๐น Explanation: A MitM attack occurs when an attacker intercepts and alters communications between two parties without detection.
55. What is the role of a session key in encryption?
A) It replaces the need for public keys
B) It is used only in hashing algorithms
C) It is a temporary key used for encrypting a session
D) It is the same as a private key
โ
Answer: C) It is a temporary key used for encrypting a session
๐น Explanation: A session key is a temporary, randomly generated key used for encrypting communications within a session.
56. Which type of cryptographic attack attempts to recover encryption keys by analyzing the physical behavior of a system?
A) Chosen-Plaintext Attack
B) Timing Attack
C) Differential Cryptanalysis
D) Birthday Attack
โ
Answer: B) Timing Attack
๐น Explanation: Timing attacks analyze time variations in cryptographic operations to extract secret keys.
57. Which property ensures that an encryption algorithm will produce different ciphertexts for the same plaintext when encrypted multiple times?
A) Integrity
B) Non-repudiation
C) Indistinguishability under chosen-plaintext attack (IND-CPA)
D) Hashing
โ
Answer: C) Indistinguishability under chosen-plaintext attack (IND-CPA)
๐น Explanation: IND-CPA security ensures that an attacker cannot distinguish between encrypted versions of the same plaintext.
58. Which type of cipher mode ensures each block of plaintext influences future blocks in encryption?
A) ECB (Electronic Codebook)
B) CBC (Cipher Block Chaining)
C) RSA
D) ROT13
โ
Answer: B) CBC (Cipher Block Chaining)
๐น Explanation: CBC mode XORs each plaintext block with the previous ciphertext block, preventing identical plaintexts from producing identical ciphertexts.
59. Why is Electronic Codebook (ECB) mode considered insecure?
A) It is too slow for modern applications
B) It uses asymmetric encryption
C) It encrypts identical plaintext blocks to identical ciphertext blocks
D) It requires multiple keys for encryption
โ
Answer: C) It encrypts identical plaintext blocks to identical ciphertext blocks
๐น Explanation: ECB mode lacks diffusion, meaning patterns remain visible in encrypted data, making it vulnerable.
60. What is the main purpose of a message authentication code (MAC)?
A) To encrypt a message
B) To verify data integrity and authenticity
C) To generate a public-private key pair
D) To hash passwords
โ
Answer: B) To verify data integrity and authenticity
๐น Explanation: MACs, such as HMAC (Hash-based Message Authentication Code), confirm message authenticity and integrity using a secret key.
61. Which encryption algorithm is designed specifically for lightweight devices like IoT devices?
A) AES
B) DES
C) RSA
D) PRESENT
โ
Answer: D) PRESENT
๐น Explanation: PRESENT is an ultra-lightweight block cipher designed for IoT and embedded systems, where computational power is limited.
62. What cryptographic principle states that the security of an encryption algorithm should not depend on its secrecy?
A) Kerckhoffsโs Principle
B) Shannonโs Law
C) Diffie-Hellman Theorem
D) RSA Postulate
โ
Answer: A) Kerckhoffsโs Principle
๐น Explanation: Kerckhoffsโs Principle states that an encryption system should remain secure even if everything except the secret key is known.
63. What is “quantum cryptography” primarily used for?
A) Encrypting blockchain transactions
B) Performing high-speed hashing
C) Securely transmitting encryption keys using quantum mechanics
D) Replacing classical encryption algorithms
โ
Answer: C) Securely transmitting encryption keys using quantum mechanics
๐น Explanation: Quantum cryptography uses quantum key distribution (QKD) to securely exchange encryption keys.
64. What is an example of an irreversible cryptographic function?
A) Symmetric encryption
B) Hashing
C) Key exchange
D) Digital signatures
โ
Answer: B) Hashing
๐น Explanation: Hash functions are one-way functions, meaning their output cannot be reversed to obtain the original input.
65. What is a cryptographic salt typically used for?
A) Key exchange
B) Strengthening password security by adding randomness
C) Encrypting secret messages
D) Speeding up brute-force attacks
โ
Answer: B) Strengthening password security by adding randomness
๐น Explanation: A salt prevents attackers from using precomputed hash tables (rainbow tables) for cracking passwords.
66. What is the primary purpose of Zero-Knowledge Proofs (ZKPs)?
A) To encrypt data
B) To prove knowledge of a secret without revealing it
C) To generate encryption keys
D) To replace public key cryptography
โ
Answer: B) To prove knowledge of a secret without revealing it
๐น Explanation: ZKPs allow one party to prove they know a value without revealing the value itself, used in blockchains and authentication.
67. What type of cryptographic attack exploits weaknesses in an algorithmโs mathematical structure?
A) Dictionary attack
B) Cryptanalysis attack
C) Man-in-the-middle attack
D) Phishing attack
โ
Answer: B) Cryptanalysis attack
๐น Explanation: Cryptanalysis involves analyzing patterns and weaknesses in cryptographic algorithms to break encryption.
68. What is an example of a symmetric stream cipher?
A) RSA
B) AES
C) RC4
D) SHA-256
โ
Answer: C) RC4
๐น Explanation: RC4 is a stream cipher that encrypts data one byte at a time, often used in wireless security protocols like WEP (now insecure).
69. Which cryptographic technique allows two parties to compute a shared secret over an insecure channel?
A) RSA
B) AES
C) Diffie-Hellman Key Exchange
D) SHA-3
โ
Answer: C) Diffie-Hellman Key Exchange
๐น Explanation: Diffie-Hellman enables secure key exchange without sharing the secret key directly.
70. What is a rainbow table attack?
A) A brute-force attack on RSA
B) A method of precomputed hash cracking
C) A new encryption algorithm
D) A type of block cipher
โ
Answer: B) A method of precomputed hash cracking
๐น Explanation: Rainbow tables contain precomputed hash values, allowing attackers to crack hashed passwords efficiently.
71. What is the purpose of a cryptographic checksum?
A) To encrypt a message
B) To verify the integrity of data
C) To generate encryption keys
D) To compress data
โ
Answer: B) To verify the integrity of data
๐น Explanation: Cryptographic checksums (e.g., SHA-256) generate a fixed-length output from data to ensure data integrity and detect tampering.
72. What does a digital envelope contain?
A) A private key and encrypted data
B) An encrypted message and an encrypted symmetric key
C) A certificate authorityโs public key
D) A hash function
โ
Answer: B) An encrypted message and an encrypted symmetric key
๐น Explanation: A digital envelope uses asymmetric encryption to encrypt a symmetric key, which is then used to encrypt the message.
73. What is the main advantage of hybrid cryptosystems?
A) They eliminate the need for symmetric encryption
B) They improve security by combining symmetric and asymmetric encryption
C) They are faster than symmetric encryption
D) They do not require key exchange
โ
Answer: B) They improve security by combining symmetric and asymmetric encryption
๐น Explanation: Hybrid cryptosystems (e.g., TLS) use asymmetric encryption for key exchange and symmetric encryption for data transfer, combining security and efficiency.
74. What is a birthday attack?
A) An attack exploiting hash function collisions
B) A brute-force attack on encryption keys
C) A side-channel attack
D) A cryptographic key-exchange method
โ
Answer: A) An attack exploiting hash function collisions
๐น Explanation: A birthday attack leverages the birthday paradox to find collisions in hash functions faster than brute force.
75. What is “salting” used for in password security?
A) Encrypting passwords
B) Adding randomness to prevent precomputed attacks
C) Speeding up brute-force attacks
D) Replacing public-key encryption
โ
Answer: B) Adding randomness to prevent precomputed attacks
๐น Explanation: Salting adds a unique, random value to passwords before hashing to prevent attacks like rainbow tables.
76. What is the primary purpose of an SSL/TLS certificate?
A) To encrypt emails
B) To verify website authenticity and enable secure communication
C) To generate symmetric keys
D) To replace hashing
โ
Answer: B) To verify website authenticity and enable secure communication
๐น Explanation: SSL/TLS certificates authenticate websites and establish secure connections using HTTPS.
77. Which of the following is an example of a post-quantum cryptographic algorithm?
A) RSA
B) AES-256
C) NTRU
D) SHA-1
โ
Answer: C) NTRU
๐น Explanation: NTRU (N-th degree truncated polynomial ring encryption) is a quantum-resistant encryption algorithm.
78. What is the primary risk of using a weak pseudorandom number generator (PRNG) in cryptography?
A) It slows down encryption
B) It makes encryption unpredictable
C) It can produce predictable outputs, weakening security
D) It cannot be used for symmetric encryption
โ
Answer: C) It can produce predictable outputs, weakening security
๐น Explanation: Weak PRNGs can produce predictable sequences, making cryptographic operations vulnerable.
79. Which of the following encryption algorithms is most resistant to brute-force attacks?
A) DES
B) AES-256
C) MD5
D) SHA-1
โ
Answer: B) AES-256
๐น Explanation: AES-256 uses a 256-bit key, making it highly resistant to brute-force attacks.
80. What is forward secrecy (FS) in cryptographic protocols?
A) The ability to encrypt messages quickly
B) The ability to protect past communications even if future keys are compromised
C) The use of asymmetric encryption for all data transfer
D) A method for increasing hashing speed
โ
Answer: B) The ability to protect past communications even if future keys are compromised
๐น Explanation: Forward secrecy ensures that compromising long-term keys does not reveal past communications.
81. What is the main function of a cryptographic key agreement protocol?
A) To encrypt messages
B) To authenticate a user
C) To securely exchange encryption keys
D) To hash passwords
โ
Answer: C) To securely exchange encryption keys
๐น Explanation: Key agreement protocols, such as Diffie-Hellman, allow two parties to securely establish a shared secret key.
82. What is an example of a hash function that belongs to the SHA-2 family?
A) MD5
B) SHA-1
C) SHA-256
D) RC4
โ
Answer: C) SHA-256
๐น Explanation: SHA-256 is part of the SHA-2 family, which is considered secure for cryptographic use.
83. Which key exchange algorithm is based on elliptic curve cryptography (ECC)?
A) Diffie-Hellman
B) ECDH
C) AES
D) MD5
โ
Answer: B) ECDH
๐น Explanation: Elliptic Curve Diffie-Hellman (ECDH) is a key exchange method based on elliptic curve cryptography.
84. What is a cryptographic trapdoor function?
A) A function that is easy to compute but hard to reverse without a secret key
B) A function used in symmetric encryption
C) A vulnerability in cryptographic algorithms
D) A function that speeds up decryption
โ
Answer: A) A function that is easy to compute but hard to reverse without a secret key
๐น Explanation: Trapdoor functions, used in asymmetric encryption, allow encryption to be easy but decryption difficult without a private key.
85. What is the purpose of a one-time password (OTP)?
A) To encrypt messages
B) To prevent brute-force attacks
C) To provide temporary authentication for a single session
D) To replace public keys
โ
Answer: C) To provide temporary authentication for a single session
๐น Explanation: OTPs are unique passwords used once per login session to enhance authentication security.
86. Why is the RSA algorithm considered computationally expensive?
A) It uses very large prime numbers for key generation
B) It requires multiple keys for encryption
C) It depends on hashing functions
D) It encrypts data in real-time
โ
Answer: A) It uses very large prime numbers for key generation
๐น Explanation: RSA encryption relies on the difficulty of factoring large prime numbers, making it computationally intensive.
87. What is a quantum attack on cryptography?
A) A cyberattack using AI
B) An attack that exploits vulnerabilities in symmetric encryption
C) A cryptographic attack that uses quantum computing to break encryption
D) A new hashing technique
โ
Answer: C) A cryptographic attack that uses quantum computing to break encryption
๐น Explanation: Quantum attacks can break traditional encryption algorithms (e.g., Shorโs algorithm can factor RSA keys efficiently).
88. What is an ephemeral key in cryptography?
A) A key that is used temporarily and discarded after use
B) A key used for hashing
C) A master key for symmetric encryption
D) A key used in brute-force attacks
โ
Answer: A) A key that is used temporarily and discarded after use
๐น Explanation: Ephemeral keys are temporary keys used in secure communications, providing forward secrecy.
89. What cryptographic attack exploits predictable session IDs?
A) Key stretching attack
B) Session hijacking attack
C) Cryptanalysis attack
D) Man-in-the-Middle attack
โ
Answer: B) Session hijacking attack
๐น Explanation: Session hijacking allows attackers to take control of an active session by stealing a predictable session ID.
90. What is the purpose of a root certificate authority (CA)?
A) To sign and issue digital certificates
B) To encrypt emails
C) To generate symmetric keys
D) To provide brute-force protection
โ
Answer: A) To sign and issue digital certificates
๐น Explanation: A Root CA is a trusted entity that signs and issues digital certificates in Public Key Infrastructure (PKI).
91. What does the term “zeroization” refer to in cryptography?
A) The process of securely erasing cryptographic keys from memory
B) The generation of encryption keys
C) A method for increasing encryption strength
D) A key exchange algorithm
โ
Answer: A) The process of securely erasing cryptographic keys from memory
๐น Explanation: Zeroization ensures that cryptographic keys are completely removed from memory to prevent unauthorized recovery.
92. What is the role of entropy in cryptographic systems?
A) It speeds up encryption
B) It improves key management efficiency
C) It provides randomness for secure key generation
D) It makes cryptographic algorithms deterministic
โ
Answer: C) It provides randomness for secure key generation
๐น Explanation: High entropy ensures unpredictability, making cryptographic keys and random number generation secure.
93. What is the primary security concern with using the same IV (Initialization Vector) multiple times?
A) It slows down encryption
B) It reduces computational efficiency
C) It weakens encryption by creating patterns in ciphertext
D) It increases key size
โ
Answer: C) It weakens encryption by creating patterns in ciphertext
๐น Explanation: Reusing IVs in certain encryption modes (e.g., CBC, GCM) can reveal information about plaintext.
94. What is a “padding oracle attack”?
A) An attack on hash functions
B) An attack that exploits cryptographic padding errors
C) A brute-force method for finding encryption keys
D) A key distribution method
โ
Answer: B) An attack that exploits cryptographic padding errors
๐น Explanation: Padding oracle attacks allow attackers to decrypt ciphertexts by exploiting how padding errors are handled.
95. What does the “work factor” in cryptography refer to?
A) The effort required to break an encryption algorithm
B) The size of the encryption key
C) The number of encryption rounds in an algorithm
D) The time taken for key exchange
โ
Answer: A) The effort required to break an encryption algorithm
๐น Explanation: Work factor measures how much computational effort an attacker needs to break an encryption system.
96. What is key escrow in cryptography?
A) A system where encryption keys are stored with a trusted third party
B) A method for encrypting large files
C) A key stretching technique
D) A type of symmetric encryption
โ
Answer: A) A system where encryption keys are stored with a trusted third party
๐น Explanation: Key escrow allows a trusted authority to store decryption keys, often for law enforcement or compliance reasons.
97. What is an example of a quantum-safe cryptographic algorithm?
A) RSA-2048
B) Lattice-based cryptography
C) MD5
D) SHA-1
โ
Answer: B) Lattice-based cryptography
๐น Explanation: Lattice-based cryptography is one of the leading approaches to post-quantum encryption, resistant to quantum computing attacks.
98. What type of cryptographic attack attempts to reverse-engineer the encryption process without knowing the key?
A) Key stretching attack
B) Cryptanalysis attack
C) Phishing attack
D) Brute-force attack
โ
Answer: B) Cryptanalysis attack
๐น Explanation: Cryptanalysis involves analyzing encryption algorithms and finding weaknesses to decrypt information without the key.
99. What is the primary purpose of a “pepper” in password security?
A) To make passwords more memorable
B) To prevent SQL injection attacks
C) To add an additional layer of randomness alongside salting
D) To replace encryption in password storage
โ
Answer: C) To add an additional layer of randomness alongside salting
๐น Explanation: A pepper is a secret value added to passwords before hashing, stored separately from the database.
100. What is the purpose of a key derivation function (KDF)?
A) To speed up encryption
B) To generate strong cryptographic keys from weak inputs
C) To store encryption keys
D) To encrypt messages
โ
Answer: B) To generate strong cryptographic keys from weak inputs
๐น Explanation: KDFs (e.g., PBKDF2, bcrypt, scrypt) transform passwords into stronger keys, increasing security.
101. Which of the following is an advantage of asymmetric encryption over symmetric encryption?
A) It is faster
B) It requires only one key
C) It eliminates the need for secure key exchange
D) It provides better scalability for secure communications
โ
Answer: D) It provides better scalability for secure communications
๐น Explanation: Asymmetric encryption allows secure communication without requiring prior key exchange, making it more scalable.
102. Which of the following hash functions is considered obsolete due to vulnerabilities?
A) SHA-256
B) SHA-3
C) SHA-1
D) Blake2
โ
Answer: C) SHA-1
๐น Explanation: SHA-1 is considered insecure due to collision vulnerabilities, and is being replaced by SHA-2 and SHA-3.
103. What is homomorphic encryption primarily used for?
A) Encrypting emails
B) Performing computations on encrypted data without decrypting it
C) Speeding up symmetric encryption
D) Protecting cryptographic keys
โ
Answer: B) Performing computations on encrypted data without decrypting it
๐น Explanation: Homomorphic encryption allows mathematical operations on encrypted data, useful for secure cloud computing.
104. What does the term “nonce” stand for in cryptographic applications?
A) Number Only Needed for Confidential Encryption
B) Number Once Used for Authentication
C) Number Used Once
D) Number of Cipher Executions
โ
Answer: C) Number Used Once
๐น Explanation: A nonce is a unique value used only once in cryptographic protocols to prevent replay attacks.
105. What is a common attack against RSA encryption?
A) Birthday attack
B) Factoring the modulus (N) into prime numbers
C) Padding oracle attack
D) Side-channel attack
โ
Answer: B) Factoring the modulus (N) into prime numbers
๐น Explanation: RSA security relies on the difficulty of factoring large prime numbers; breaking this would compromise RSA encryption.
106. What is an advantage of the SHA-3 family over SHA-2?
A) It is faster
B) It has a different internal structure that is more resistant to attacks
C) It uses smaller key sizes
D) It requires asymmetric encryption
โ
Answer: B) It has a different internal structure that is more resistant to attacks
๐น Explanation: SHA-3 uses the Keccak sponge construction, making it resistant to length-extension and collision attacks.
107. What is “certificate pinning” used for?
A) Preventing users from deleting certificates
B) Ensuring that only a specific SSL/TLS certificate is trusted for a domain
C) Speeding up certificate verification
D) Replacing CA-signed certificates
โ
Answer: B) Ensuring that only a specific SSL/TLS certificate is trusted for a domain
๐น Explanation: Certificate pinning mitigates MITM attacks by ensuring that only specific certificates are accepted for secure connections.
108. What is the main purpose of a cryptographic “salting” technique?
A) Encrypting passwords
B) Adding randomness to hashes to prevent precomputed attacks
C) Generating symmetric encryption keys
D) Securing network communication
โ
Answer: B) Adding randomness to hashes to prevent precomputed attacks
๐น Explanation: Salting prevents attacks like rainbow tables by adding unique random values to passwords before hashing.
109. What is the primary weakness of the RC4 cipher?
A) It is too slow
B) It produces non-random output in certain conditions
C) It requires long key sizes
D) It is only used for asymmetric encryption
โ
Answer: B) It produces non-random output in certain conditions
๐น Explanation: RC4 has biases in its keystream, making it vulnerable to statistical attacks.
110. What is the primary benefit of using ephemeral keys in TLS?
A) They prevent brute-force attacks
B) They enable forward secrecy
C) They replace digital certificates
D) They increase encryption speed
โ
Answer: B) They enable forward secrecy
๐น Explanation: Ephemeral keys (e.g., ECDHE) ensure that compromising a private key does not decrypt past communications.
111. What is a rainbow table primarily used for?
A) Encrypting data in transit
B) Precomputing hash values for faster password cracking
C) Strengthening cryptographic keys
D) Performing symmetric key exchange
โ
Answer: B) Precomputing hash values for faster password cracking
๐น Explanation: Rainbow tables store precomputed hashes for common passwords, making it faster to crack weakly hashed passwords.
112. Which encryption mode is most vulnerable to a replay attack if a nonce is reused?
A) Cipher Block Chaining (CBC)
B) Electronic Codebook (ECB)
C) Galois/Counter Mode (GCM)
D) Counter (CTR)
โ
Answer: D) Counter (CTR)
๐น Explanation: CTR mode turns a block cipher into a stream cipher, making it vulnerable if the same nonce is used multiple times.
113. Which cryptographic protocol provides end-to-end encryption for emails?
A) TLS
B) PGP
C) HTTPS
D) SSH
โ
Answer: B) PGP
๐น Explanation: Pretty Good Privacy (PGP) is a widely used encryption standard for email security and authentication.
114. What is a cryptographic “key wrapping” method used for?
A) Encrypting data at rest
B) Securely encrypting one encryption key using another key
C) Encrypting network traffic
D) Exchanging public keys
โ
Answer: B) Securely encrypting one encryption key using another key
๐น Explanation: Key wrapping ensures that an encryption key is securely encrypted, commonly used in key management.
115. What is the purpose of an HSM (Hardware Security Module)?
A) Encrypting user passwords
B) Securely storing and managing cryptographic keys
C) Accelerating cryptographic calculations
D) Running hash functions faster
โ
Answer: B) Securely storing and managing cryptographic keys
๐น Explanation: An HSM is a hardware-based security device used for securely generating, storing, and managing encryption keys.
116. Which attack exploits a weakness in the random number generator to predict cryptographic keys?
A) Chosen-ciphertext attack
B) Timing attack
C) Predictable entropy attack
D) Hash collision attack
โ
Answer: C) Predictable entropy attack
๐น Explanation: If a random number generator (RNG) has low entropy, attackers can predict the output and derive cryptographic keys.
117. What does the “P” stand for in PKI (Public Key Infrastructure)?
A) Private
B) Public
C) Password
D) Protected
โ
Answer: B) Public
๐น Explanation: Public Key Infrastructure (PKI) is a system that manages public and private keys to secure communications.
118. What is the main function of a digital signature?
A) Encrypting messages
B) Authenticating the sender and ensuring message integrity
C) Storing encryption keys
D) Generating random numbers
โ
Answer: B) Authenticating the sender and ensuring message integrity
๐น Explanation: Digital signatures verify a sender’s identity and confirm message integrity, preventing tampering.
119. What is the primary advantage of quantum key distribution (QKD)?
A) It uses shorter key sizes
B) It provides unconditional security based on quantum mechanics
C) It is faster than classical encryption
D) It replaces all existing cryptographic protocols
โ
Answer: B) It provides unconditional security based on quantum mechanics
๐น Explanation: Quantum Key Distribution (QKD) ensures secure key exchange by relying on quantum physics principles, making eavesdropping detectable.
120. What is the primary weakness of the Diffie-Hellman key exchange?
A) It requires an authenticated third party
B) It is vulnerable to man-in-the-middle (MitM) attacks
C) It cannot generate secure encryption keys
D) It is slower than symmetric encryption
โ
Answer: B) It is vulnerable to man-in-the-middle (MitM) attacks
๐น Explanation: Diffie-Hellman key exchange lacks authentication, making it susceptible to MitM attacks unless combined with authentication mechanisms.
121. Which cryptographic primitive is used in blockchains for transaction verification?
A) Symmetric encryption
B) Hash functions
C) Stream ciphers
D) Steganography
โ
Answer: B) Hash functions
๐น Explanation: Blockchains use hash functions (e.g., SHA-256) to ensure transaction integrity and prevent tampering.
122. Which key length is considered minimum secure for RSA encryption today?
A) 512-bit
B) 1024-bit
C) 2048-bit
D) 3072-bit
โ
Answer: C) 2048-bit
๐น Explanation: RSA keys shorter than 2048-bit are considered insecure due to advances in computing power.
123. What is a sponge function in cryptography?
A) A function that absorbs input and squeezes out a hash value
B) A new type of symmetric encryption
C) A function that removes duplicate keys
D) A brute-force protection mechanism
โ
Answer: A) A function that absorbs input and squeezes out a hash value
๐น Explanation: Sponge functions, like those used in SHA-3, absorb an input stream and output a fixed-length digest.
124. What is the purpose of a root certificate authority (CA) in PKI?
A) To issue and sign digital certificates
B) To encrypt email messages
C) To generate cryptographic hashes
D) To act as a symmetric key exchange server
โ
Answer: A) To issue and sign digital certificates
๐น Explanation: Root CAs are the trust anchors of Public Key Infrastructure (PKI), signing other certificates.
125. Which cryptographic attack targets block ciphers by analyzing relationships between ciphertext blocks?
A) Frequency analysis
B) Differential cryptanalysis
C) Brute-force attack
D) Key stretching attack
โ
Answer: B) Differential cryptanalysis
๐น Explanation: Differential cryptanalysis exploits patterns in ciphertext blocks to reveal encryption keys.
126. What does “non-repudiation” mean in cryptography?
A) The ability to encrypt large files
B) The inability of a sender to deny sending a message
C) The ability to delete encryption keys securely
D) The use of symmetric encryption
โ
Answer: B) The inability of a sender to deny sending a message
๐น Explanation: Digital signatures provide non-repudiation, ensuring a sender cannot deny sending a message.
127. What is “key stretching” in cryptography?
A) A method to generate strong keys from weak passwords
B) A technique for encrypting large amounts of data
C) A way to speed up encryption algorithms
D) A type of brute-force attack
โ
Answer: A) A method to generate strong keys from weak passwords
๐น Explanation: Key stretching (e.g., bcrypt, scrypt) increases the effort required to crack weak passwords.
128. What is a self-signed certificate?
A) A certificate issued by a trusted CA
B) A certificate signed by the same entity that created it
C) A certificate that is used for email encryption
D) A certificate that automatically renews itself
โ
Answer: B) A certificate signed by the same entity that created it
๐น Explanation: Self-signed certificates are not trusted by browsers because they are not validated by a Certificate Authority.
129. Which attack exploits the time taken to perform cryptographic operations?
A) Brute-force attack
B) Timing attack
C) Differential cryptanalysis
D) Collision attack
โ
Answer: B) Timing attack
๐น Explanation: Timing attacks measure variations in execution time to infer secret information.
130. What is a cryptographic nonce?
A) A fixed encryption key
B) A one-time random value used in encryption
C) A hashing algorithm
D) A key stretching function
โ
Answer: B) A one-time random value used in encryption
๐น Explanation: A nonce ensures unique encryption results, preventing replay attacks.
131. What is the primary goal of cryptographic key management?
A) To ensure keys are only used once
B) To generate as many keys as possible
C) To securely generate, store, distribute, and destroy cryptographic keys
D) To speed up encryption processes
โ
Answer: C) To securely generate, store, distribute, and destroy cryptographic keys
๐น Explanation: Proper key management ensures that cryptographic keys remain secure throughout their lifecycle, preventing unauthorized access.
132. What type of cryptographic attack attempts to guess a key by systematically checking all possible combinations?
A) Known-plaintext attack
B) Brute-force attack
C) Side-channel attack
D) Differential cryptanalysis
โ
Answer: B) Brute-force attack
๐น Explanation: A brute-force attack involves trying every possible key until the correct one is found.
133. In asymmetric encryption, what is the purpose of the public key?
A) To decrypt messages
B) To encrypt messages that only the private key can decrypt
C) To generate random numbers
D) To hash passwords
โ
Answer: B) To encrypt messages that only the private key can decrypt
๐น Explanation: In asymmetric encryption (e.g., RSA), the public key encrypts data, while the private key decrypts it.
134. What is “certificate revocation”?
A) The process of issuing a new certificate
B) The act of invalidating a digital certificate before its expiration
C) The encryption of certificates
D) The process of changing encryption keys
โ
Answer: B) The act of invalidating a digital certificate before its expiration
๐น Explanation: Certificate revocation happens when a certificate is compromised, expired, or no longer trusted.
135. What is the main advantage of elliptic curve cryptography (ECC) over RSA?
A) It requires shorter key sizes for the same level of security
B) It is faster at encrypting data
C) It does not require public-private key pairs
D) It can be used with symmetric encryption
โ
Answer: A) It requires shorter key sizes for the same level of security
๐น Explanation: ECC provides strong security with smaller key sizes, making it more efficient than RSA.
136. Which of the following is NOT an example of a symmetric encryption algorithm?
A) AES
B) Blowfish
C) RSA
D) DES
โ
Answer: C) RSA
๐น Explanation: RSA is an asymmetric encryption algorithm, while AES, Blowfish, and DES are symmetric.
137. What is the primary weakness of using MD5 for hashing?
A) It is too slow for modern applications
B) It is vulnerable to collision attacks
C) It requires asymmetric encryption
D) It does not generate a fixed-length hash
โ
Answer: B) It is vulnerable to collision attacks
๐น Explanation: MD5 is considered insecure because attackers can generate different inputs with the same hash (collisions).
138. What is an advantage of using SHA-3 over SHA-2?
A) It is faster
B) It is more resistant to collision and length-extension attacks
C) It uses asymmetric encryption
D) It replaces RSA encryption
โ
Answer: B) It is more resistant to collision and length-extension attacks
๐น Explanation: SHA-3 uses the Keccak sponge function, making it more resistant to cryptographic attacks.
139. What does a trusted third party (TTP) do in cryptographic systems?
A) Generates encryption keys
B) Facilitates secure key exchange and digital certificate validation
C) Encrypts emails
D) Performs brute-force attacks
โ
Answer: B) Facilitates secure key exchange and digital certificate validation
๐น Explanation: TTPs are entities like Certificate Authorities (CAs) that help establish trust in secure communications.
140. What does the term “plaintext” mean in cryptography?
A) Data that has been encrypted
B) Data that has been hashed
C) Data that has not been encrypted
D) Data compressed before encryption
โ
Answer: C) Data that has not been encrypted
๐น Explanation: Plaintext is the original, readable data before encryption.
141. What is the primary function of the Advanced Encryption Standard (AES)?
A) Hashing passwords
B) Securely encrypting and decrypting data
C) Performing public key exchange
D) Storing digital signatures
โ
Answer: B) Securely encrypting and decrypting data
๐น Explanation: AES is a widely used symmetric encryption algorithm for securing sensitive data.
142. What type of cryptographic attack relies on analyzing the statistical properties of ciphertext?
A) Side-channel attack
B) Frequency analysis
C) Man-in-the-middle attack
D) Dictionary attack
โ
Answer: B) Frequency analysis
๐น Explanation: Frequency analysis is a technique used to break weak encryption (e.g., Caesar cipher) by analyzing character patterns.
143. What is an “ephemeral key”?
A) A key used for hashing only
B) A temporary key used for a single session
C) A key that never changes
D) A key stored in permanent memory
โ
Answer: B) A temporary key used for a single session
๐น Explanation: Ephemeral keys are used temporarily for secure sessions and enhance forward secrecy.
144. What is a cryptographic “trapdoor function”?
A) A function that is easy to compute but difficult to reverse without a secret key
B) A hashing algorithm
C) A function used in symmetric encryption
D) A function that speeds up encryption
โ
Answer: A) A function that is easy to compute but difficult to reverse without a secret key
๐น Explanation: Trapdoor functions are used in asymmetric encryption and depend on one-way operations, such as prime factorization (RSA).
145. Which of the following is an example of an authenticated encryption algorithm?
A) AES-GCM
B) RSA
C) SHA-256
D) MD5
โ
Answer: A) AES-GCM
๐น Explanation: AES-GCM (Galois/Counter Mode) provides encryption and authentication in one algorithm.
146. What is a “preimage attack” in cryptography?
A) An attack that attempts to find a message given its hash
B) An attack that replaces encryption keys
C) An attack that modifies digital signatures
D) An attack that breaks symmetric encryption
โ
Answer: A) An attack that attempts to find a message given its hash
๐น Explanation: Preimage attacks aim to reverse a hash function to retrieve the original input.
147. What is a “man-in-the-middle” attack in cryptography?
A) A brute-force attack on encryption keys
B) A phishing attack targeting user credentials
C) An attacker intercepting and modifying communication between two parties
D) A denial-of-service attack
โ
Answer: C) An attacker intercepting and modifying communication between two parties
๐น Explanation: Man-in-the-middle (MitM) attacks involve intercepting communication to alter messages or steal data.
148. What is “steganography” in cryptography?
A) Encrypting data with a public key
B) Hiding information within another file or image
C) Hashing passwords
D) Exchanging cryptographic keys
โ
Answer: B) Hiding information within another file or image
๐น Explanation: Steganography is a technique for hiding messages inside images, audio, or text to avoid detection.
149. Which cryptographic principle states that security should depend only on the secrecy of the key, not the algorithm?
A) Shannonโs Law
B) Kerckhoffsโs Principle
C) RSA Postulate
D) Diffie-Hellman Theorem
โ
Answer: B) Kerckhoffsโs Principle
๐น Explanation: Kerckhoffsโs Principle states that a cryptographic system should remain secure even if everything except the key is known.
150. What is the purpose of “pepper” in password hashing?
A) Encrypting user passwords
B) Adding a secret value to password hashes
C) Strengthening symmetric encryption
D) Reducing brute-force attempts
โ
Answer: B) Adding a secret value to password hashes
๐น Explanation: Pepper is a secret value added to passwords before hashing, stored separately from the database.
151. Which of the following is a common use case for asymmetric encryption?
A) Encrypting entire hard drives
B) Encrypting emails and digital signatures
C) Encrypting large volumes of data efficiently
D) Performing fast hashing operations
โ
Answer: B) Encrypting emails and digital signatures
๐น Explanation: Asymmetric encryption (e.g., RSA) is commonly used for email encryption, digital signatures, and key exchange.
152. What is the primary purpose of the “salt” in password hashing?
A) To add entropy to the encryption key
B) To make brute-force attacks slower
C) To provide encryption for passwords
D) To generate asymmetric keys
โ
Answer: B) To make brute-force attacks slower
๐น Explanation: A salt is a random value added to passwords before hashing, making rainbow table attacks ineffective.
153. What is an example of an encryption mode that provides both confidentiality and authentication?
A) CBC (Cipher Block Chaining)
B) ECB (Electronic Codebook)
C) GCM (Galois/Counter Mode)
D) OFB (Output Feedback)
โ
Answer: C) GCM (Galois/Counter Mode)
๐น Explanation: AES-GCM provides both encryption and authentication, making it highly secure.
154. What is the main purpose of a cryptographic “key derivation function” (KDF)?
A) To generate encryption keys from passwords
B) To store cryptographic keys securely
C) To encrypt large files efficiently
D) To generate digital signatures
โ
Answer: A) To generate encryption keys from passwords
๐น Explanation: KDFs like PBKDF2, bcrypt, and scrypt generate strong encryption keys from weak inputs.
155. What is the primary security risk of using weak cryptographic keys?
A) Slower encryption
B) Increased risk of brute-force attacks
C) Larger ciphertext output
D) Incompatibility with modern systems
โ
Answer: B) Increased risk of brute-force attacks
๐น Explanation: Weak keys make encryption vulnerable to brute-force attacks, reducing security.
156. What is the primary function of a cryptographic “nonce”?
A) To act as a symmetric encryption key
B) To prevent replay attacks by ensuring uniqueness
C) To encrypt passwords before hashing
D) To compress data before encryption
โ
Answer: B) To prevent replay attacks by ensuring uniqueness
๐น Explanation: A nonce (Number used once) is a random value used to ensure encryption uniqueness.
157. Which of the following is a property of an ideal cryptographic hash function?
A) It is reversible
B) It produces different outputs for the same input
C) It is deterministic (same input always produces the same output)
D) It always outputs a 512-bit hash
โ
Answer: C) It is deterministic (same input always produces the same output)
๐น Explanation: A good hash function should always generate the same hash for the same input.
158. What is a “birthday attack” in cryptography?
A) A brute-force attack against symmetric encryption
B) A method for cracking passwords
C) A technique to find hash collisions faster than brute force
D) A way to generate encryption keys
โ
Answer: C) A technique to find hash collisions faster than brute force
๐น Explanation: Birthday attacks exploit the birthday paradox to find collisions in hash functions more efficiently.
159. What makes AES more secure than DES?
A) AES uses asymmetric encryption
B) AES has a longer key length and stronger algorithm design
C) AES requires fewer encryption rounds
D) AES is a hashing algorithm
โ
Answer: B) AES has a longer key length and stronger algorithm design
๐น Explanation: AES supports 128-bit, 192-bit, and 256-bit keys, making it far more secure than DES.
160. What is the primary weakness of the ECB (Electronic Codebook) encryption mode?
A) It requires asymmetric encryption
B) It cannot encrypt large files
C) It encrypts identical plaintext blocks into identical ciphertext blocks
D) It increases key size
โ
Answer: C) It encrypts identical plaintext blocks into identical ciphertext blocks
๐น Explanation: ECB mode lacks diffusion, making it vulnerable to pattern analysis.
161. What is “key entropy” in cryptography?
A) The randomness in a keyโs generation
B) The length of the encryption key
C) The time required to encrypt data
D) The hashing function used
โ
Answer: A) The randomness in a keyโs generation
๐น Explanation: Higher entropy means greater randomness, making the key more resistant to attacks.
162. What is the primary function of a digital certificate in PKI?
A) Encrypting emails
B) Verifying the authenticity of public keys
C) Hashing passwords
D) Replacing encryption keys
โ
Answer: B) Verifying the authenticity of public keys
๐น Explanation: Digital certificates, issued by Certificate Authorities (CAs), verify that a public key belongs to a specific entity.
163. Which attack is possible when predictable session IDs are used in authentication systems?
A) Padding oracle attack
B) Session hijacking
C) Rainbow table attack
D) Preimage attack
โ
Answer: B) Session hijacking
๐น Explanation: Session hijacking occurs when an attacker steals a session ID to gain unauthorized access.
164. What is a “hybrid cryptosystem”?
A) A combination of symmetric and asymmetric encryption
B) A new type of quantum encryption
C) A brute-force resistant encryption algorithm
D) A method for hashing large files
โ
Answer: A) A combination of symmetric and asymmetric encryption
๐น Explanation: Hybrid cryptosystems use asymmetric encryption for key exchange and symmetric encryption for data transfer.
165. What is a primary advantage of using “forward secrecy” in encryption protocols?
A) It speeds up encryption
B) It ensures past communications remain secure even if keys are compromised
C) It eliminates the need for public-key cryptography
D) It allows unlimited key reuse
โ
Answer: B) It ensures past communications remain secure even if keys are compromised
๐น Explanation: Forward secrecy ensures that past session keys cannot be decrypted even if a long-term key is leaked.
166. What does “HMAC” stand for in cryptography?
A) Hash-based Message Authentication Code
B) Hybrid Mode Asymmetric Cipher
C) High-speed Message Authentication Code
D) Hash Management and Control
โ
Answer: A) Hash-based Message Authentication Code
๐น Explanation: HMAC combines hash functions with a secret key for message integrity and authentication.
167. What is the purpose of “Diffie-Hellman key exchange”?
A) Encrypting large amounts of data
B) Securely exchanging cryptographic keys over an insecure channel
C) Generating digital signatures
D) Creating random encryption keys
โ
Answer: B) Securely exchanging cryptographic keys over an insecure channel
๐น Explanation: Diffie-Hellman allows two parties to securely share a key without prior communication.
168. What is “cryptographic agility”?
A) The ability to switch between cryptographic algorithms easily
B) The speed at which encryption occurs
C) The efficiency of symmetric encryption
D) The process of brute-force key recovery
โ
Answer: A) The ability to switch between cryptographic algorithms easily
๐น Explanation: Cryptographic agility ensures that systems can adapt to new cryptographic algorithms as security standards evolve.
169. What is the main purpose of “perfect secrecy” in encryption?
A) To ensure ciphertext reveals no information about plaintext
B) To provide infinite key length
C) To replace public key cryptography
D) To perform real-time decryption
โ
Answer: A) To ensure ciphertext reveals no information about plaintext
๐น Explanation: Perfect secrecy, achieved by the one-time pad, ensures that ciphertext does not leak any plaintext information.
170. What is the primary purpose of cryptographic “nonce reuse resistance”?
A) To prevent replay attacks and encryption weaknesses
B) To speed up encryption
C) To reduce key size requirements
D) To allow key reuse
โ
Answer: A) To prevent replay attacks and encryption weaknesses
๐น Explanation: Reusing a nonce can weaken encryption, especially in CTR and GCM modes.
171. What is the primary difference between a stream cipher and a block cipher?
A) Stream ciphers encrypt data in fixed-size blocks, while block ciphers encrypt one bit at a time
B) Block ciphers encrypt data in fixed-size blocks, while stream ciphers encrypt one bit or byte at a time
C) Stream ciphers require asymmetric encryption, while block ciphers do not
D) Block ciphers are faster than stream ciphers in all cases
โ
Answer: B) Block ciphers encrypt data in fixed-size blocks, while stream ciphers encrypt one bit or byte at a time
๐น Explanation: Block ciphers (e.g., AES) encrypt data in fixed-size blocks, while stream ciphers (e.g., RC4) encrypt data bit-by-bit or byte-by-byte.
172. Which of the following is a primary weakness of the RC4 stream cipher?
A) It requires very large key sizes
B) It has known biases in its keystream
C) It is a slow encryption algorithm
D) It does not work with HTTPS
โ
Answer: B) It has known biases in its keystream
๐น Explanation: RC4 has known vulnerabilities due to biased output, making it insecure for modern cryptographic use.
173. What is the purpose of a cryptographic key schedule?
A) To generate new public-private key pairs periodically
B) To determine how encryption keys are expanded and used within an algorithm
C) To manage key escrow
D) To store keys securely
โ
Answer: B) To determine how encryption keys are expanded and used within an algorithm
๐น Explanation: A key schedule determines how a key is expanded and used during encryption rounds (e.g., in AES or DES).
174. What is an “oracle attack” in cryptography?
A) An attack where the attacker guesses encryption keys randomly
B) An attack where an adversary gains partial information by interacting with a system that provides feedback
C) A brute-force attack against password hashing
D) A method of securely exchanging encryption keys
โ
Answer: B) An attack where an adversary gains partial information by interacting with a system that provides feedback
๐น Explanation: Oracle attacks (e.g., padding oracle attacks) exploit leaked information from encryption systems.
175. What is a “cryptographic hash collision”?
A) When two different inputs produce the same hash output
B) When a hash function is used twice on the same data
C) When two identical inputs produce different hash outputs
D) When hash functions take longer than expected to compute
โ
Answer: A) When two different inputs produce the same hash output
๐น Explanation: A hash collision occurs when two different inputs produce the same hash value, making the hash function vulnerable.
176. What is the purpose of a Certificate Revocation List (CRL)?
A) To store expired certificates
B) To list certificates that are no longer trusted before expiration
C) To generate new encryption keys
D) To encrypt public certificates
โ
Answer: B) To list certificates that are no longer trusted before expiration
๐น Explanation: A CRL is used to revoke compromised or untrusted certificates before their expiration date.
177. What is “key stretching” primarily used for?
A) To strengthen weak cryptographic keys by increasing computation time
B) To reduce encryption key size
C) To speed up hashing functions
D) To replace asymmetric encryption
โ
Answer: A) To strengthen weak cryptographic keys by increasing computation time
๐น Explanation: Key stretching (e.g., PBKDF2, bcrypt) makes password-based key derivation more resistant to brute-force attacks.
178. Which of the following protocols is used for secure remote access and relies on cryptographic encryption?
A) HTTP
B) Telnet
C) SSH
D) FTP
โ
Answer: C) SSH
๐น Explanation: Secure Shell (SSH) uses asymmetric and symmetric encryption to establish a secure remote connection.
179. What is the purpose of the “MAC” (Message Authentication Code) in cryptography?
A) To encrypt a message
B) To verify message integrity and authenticity
C) To generate cryptographic keys
D) To replace digital signatures
โ
Answer: B) To verify message integrity and authenticity
๐น Explanation: MACs (e.g., HMAC) ensure that a message has not been tampered with and verifies authenticity.
180. Why is “nonce reuse” a major security risk in some encryption modes?
A) It allows brute-force attacks to be more effective
B) It makes encryption keys easier to guess
C) It can lead to identical ciphertexts for identical plaintexts, revealing patterns
D) It increases computational overhead
โ
Answer: C) It can lead to identical ciphertexts for identical plaintexts, revealing patterns
๐น Explanation: Nonce reuse in modes like CTR and GCM can allow attackers to infer plaintext information.
181. What is “Elliptic Curve Cryptography (ECC)” known for?
A) Being faster than symmetric encryption
B) Providing strong security with shorter key lengths
C) Replacing RSA for digital signatures
D) Using quantum-based key exchange
โ
Answer: B) Providing strong security with shorter key lengths
๐น Explanation: ECC provides the same level of security as RSA but with significantly shorter key lengths, making it efficient.
182. What is a “timing attack” in cryptography?
A) A brute-force attack that speeds up encryption
B) An attack that measures how long cryptographic operations take to infer secret information
C) An attack on encrypted timestamps
D) A method of securely exchanging keys
โ
Answer: B) An attack that measures how long cryptographic operations take to infer secret information
๐น Explanation: Timing attacks analyze time variations in cryptographic processing to extract keys.
183. What is “public key pinning” used for?
A) To increase encryption speed
B) To ensure only a specific public key is trusted for a given service
C) To generate new public keys dynamically
D) To hash symmetric encryption keys
โ
Answer: B) To ensure only a specific public key is trusted for a given service
๐น Explanation: Public key pinning prevents man-in-the-middle attacks by binding a service to a specific public key.
184. Which encryption method is commonly used in wireless networks to secure communications?
A) DES
B) WPA2
C) SHA-256
D) Telnet
โ
Answer: B) WPA2
๐น Explanation: Wi-Fi Protected Access 2 (WPA2) uses AES encryption to secure wireless networks.
185. What is a cryptographic “primitive”?
A) A simple mathematical operation used as a building block for cryptographic systems
B) A key exchange algorithm
C) A hashing function used in digital signatures
D) A new encryption mode
โ
Answer: A) A simple mathematical operation used as a building block for cryptographic systems
๐น Explanation: Cryptographic primitives (e.g., hash functions, block ciphers) are low-level components used in security protocols.
186. What is a primary goal of cryptographic authentication?
A) To generate random numbers
B) To verify the identity of a user or device
C) To encrypt network traffic
D) To replace hashing
โ
Answer: B) To verify the identity of a user or device
๐น Explanation: Authentication mechanisms use cryptographic techniques to verify user identities.
187. What does “digital envelope” refer to in cryptography?
A) A secure messaging service
B) A technique that combines symmetric and asymmetric encryption
C) A cryptographic hash function
D) A quantum encryption method
โ
Answer: B) A technique that combines symmetric and asymmetric encryption
๐น Explanation: Digital envelopes use asymmetric encryption to encrypt a symmetric key, which is then used for encrypting data.
188. What is the main weakness of password-based encryption?
A) It requires asymmetric keys
B) Passwords are often weak or reused
C) It uses hash functions instead of encryption
D) It cannot be used with digital certificates
โ
Answer: B) Passwords are often weak or reused
๐น Explanation: Weak or reused passwords make password-based encryption vulnerable to brute-force and dictionary attacks.
191. What is a cryptographic “keystore”?
A) A database for storing cryptographic keys securely
B) A hashing function used in authentication
C) A method of key exchange
D) A tool for brute-force attacks
โ
Answer: A) A database for storing cryptographic keys securely
๐น Explanation: A keystore is a secure storage mechanism for private keys, certificates, and secrets, protecting them from unauthorized access.
192. Which of the following is a key benefit of quantum key distribution (QKD)?
A) It encrypts data faster than AES
B) It provides unconditional security based on quantum mechanics
C) It allows reversible encryption
D) It replaces all public key cryptography
โ
Answer: B) It provides unconditional security based on quantum mechanics
๐น Explanation: QKD (Quantum Key Distribution) ensures secure key exchange by detecting eavesdroppers using quantum physics.
193. What is the main purpose of a “zero-knowledge proof” in cryptography?
A) To prove knowledge of a secret without revealing it
B) To replace digital signatures
C) To encrypt large amounts of data
D) To verify password strength
โ
Answer: A) To prove knowledge of a secret without revealing it
๐น Explanation: Zero-knowledge proofs allow one party to prove knowledge of a value without revealing the value itself, useful in authentication.
194. What is a side-channel attack primarily based on?
A) Exploiting weaknesses in cryptographic algorithms
B) Analyzing information leaked from physical implementation (e.g., power consumption, timing)
C) Brute-force attacks on encryption keys
D) Guessing passwords using a dictionary
โ
Answer: B) Analyzing information leaked from physical implementation (e.g., power consumption, timing)
๐น Explanation: Side-channel attacks exploit leaked information from cryptographic operations, such as timing differences or electromagnetic emissions.
195. Which cryptographic principle ensures that small changes in input cause drastic changes in the output?
A) Forward secrecy
B) Diffusion
C) Avalanche effect
D) Non-repudiation
โ
Answer: C) Avalanche effect
๐น Explanation: The avalanche effect ensures that even a small change in input drastically alters the output, increasing security.
196. What is the primary reason why SHA-1 is considered insecure?
A) It has a slow hashing speed
B) It is vulnerable to collision attacks
C) It cannot be used for encryption
D) It requires asymmetric encryption
โ
Answer: B) It is vulnerable to collision attacks
๐น Explanation: SHA-1 has been deprecated due to its susceptibility to collision attacks, meaning two different inputs can produce the same hash.
197. Which type of encryption is best suited for securing large amounts of data at rest?
A) Symmetric encryption
B) Asymmetric encryption
C) Hashing
D) Digital signatures
โ
Answer: A) Symmetric encryption
๐น Explanation: Symmetric encryption (e.g., AES) is efficient and fast, making it ideal for encrypting large datasets.
198. What is “message digest” in cryptography?
A) The original message before encryption
B) The fixed-length output of a hash function
C) A method of encoding large messages
D) A type of symmetric encryption
โ
Answer: B) The fixed-length output of a hash function
๐น Explanation: A message digest is the fixed-length, unique hash output generated from a hash function (e.g., SHA-256).
199. What is the purpose of a “nonce” in encryption algorithms?
A) To serve as a secondary encryption key
B) To introduce randomness and prevent replay attacks
C) To reduce key size requirements
D) To store cryptographic keys
โ
Answer: B) To introduce randomness and prevent replay attacks
๐น Explanation: A nonce (Number Used Once) ensures that each encryption operation produces a unique result, preventing replay attacks.
200. What is “homomorphic encryption” designed for?
A) Encrypting passwords for secure storage
B) Performing computations on encrypted data without decryption
C) Speeding up cryptographic operations
D) Securing symmetric key exchanges
โ
Answer: B) Performing computations on encrypted data without decryption
๐น Explanation: Homomorphic encryption enables operations to be performed on encrypted data, useful for secure cloud computing.
201. What is the primary purpose of cryptographic “salting” in password storage?
A) To make password hashing more efficient
B) To ensure two users with the same password have different hash outputs
C) To encrypt passwords using symmetric encryption
D) To reduce the size of hash values
โ
Answer: B) To ensure two users with the same password have different hash outputs
๐น Explanation: Salting adds a random unique value to each password before hashing, preventing rainbow table attacks.
202. Which of the following encryption modes is considered insecure due to lack of diffusion?
A) CBC (Cipher Block Chaining)
B) CTR (Counter Mode)
C) ECB (Electronic Codebook)
D) GCM (Galois/Counter Mode)
โ
Answer: C) ECB (Electronic Codebook)
๐น Explanation: ECB mode encrypts identical plaintext blocks into identical ciphertext blocks, making it susceptible to pattern analysis.
203. What is “cryptographic non-repudiation”?
A) Ensuring encrypted data cannot be decrypted
B) Guaranteeing that a sender cannot deny having sent a message
C) Preventing unauthorized access to encryption keys
D) Making encryption reversible
โ
Answer: B) Guaranteeing that a sender cannot deny having sent a message
๐น Explanation: Non-repudiation is achieved through digital signatures, ensuring proof of authorship and integrity.
204. What is the main security concern when using outdated cryptographic algorithms?
A) They generate longer ciphertexts
B) They require more computing power
C) They may have known vulnerabilities that attackers can exploit
D) They are difficult to implement in modern software
โ
Answer: C) They may have known vulnerabilities that attackers can exploit
๐น Explanation: Outdated algorithms (e.g., MD5, SHA-1, DES) have known weaknesses that allow brute-force, collision, and cryptanalysis attacks.
205. What does “perfect forward secrecy” (PFS) protect against?
A) The use of weak passwords
B) Future decryption of recorded communications if private keys are compromised
C) Phishing attacks
D) Malware infections
โ
Answer: B) Future decryption of recorded communications if private keys are compromised
๐น Explanation: PFS (Perfect Forward Secrecy) ensures that compromised private keys cannot be used to decrypt past communications, improving security.