1. Which cryptographic attack exploits weak hash functions by finding two different inputs that produce the same hash value?
A) Birthday Attack
B) Side-Channel Attack
C) Frequency Analysis
D) Chosen-Ciphertext Attack
β
Answer: A) Birthday Attack
π‘ Explanation: The Birthday Attack is based on the Birthday Paradox, which states that in a hash function with a limited output space, collisions (same hash for different inputs) can occur faster than expected. This attack is used against weak hashing algorithms like MD5 and SHA-1.
2. What attack recovers encrypted plaintext by analyzing patterns in the ciphertext?
A) Brute Force Attack
B) Chosen-Plaintext Attack
C) Frequency Analysis
D) Replay Attack
β
Answer: C) Frequency Analysis
π‘ Explanation: Frequency Analysis exploits the statistical properties of plaintext, such as common letter occurrences in languages (e.g., βEβ is the most frequent letter in English). It is effective against classical ciphers like Caesar and VigenΓ¨re ciphers.
3. Which of the following cryptographic attacks is primarily used to recover encryption keys by observing CPU power consumption, electromagnetic leaks, or timing data?
A) Side-Channel Attack
B) Known-Plaintext Attack
C) Replay Attack
D) Chosen-Ciphertext Attack
β
Answer: A) Side-Channel Attack
π‘ Explanation: Side-Channel Attacks exploit physical properties such as power consumption, processing time, or electromagnetic radiation to deduce cryptographic keys. It is effective against RSA, AES, and DES.
4. What is the main weakness of the DES encryption algorithm that makes it vulnerable to brute force attacks?
A) Use of ECB mode
B) Small key size (56-bit)
C) Susceptibility to chosen-plaintext attacks
D) Weak S-boxes
β
Answer: B) Small key size (56-bit)
π‘ Explanation: DES (Data Encryption Standard) has a 56-bit key size, which is vulnerable to brute-force attacks since modern computing power can try all possible keys in a reasonable amount of time.
5. Which attack involves an adversary altering encrypted messages to learn information about the plaintext?
A) Chosen-Ciphertext Attack
B) Man-in-the-Middle Attack
C) Brute Force Attack
D) Rainbow Table Attack
β
Answer: A) Chosen-Ciphertext Attack
π‘ Explanation: In a Chosen-Ciphertext Attack (CCA), an attacker modifies encrypted data and observes how the decryption system reacts. This is particularly dangerous against RSA (PKCS#1 v1.5) and has led to Padding Oracle attacks.
6. What attack exploits weak or predictable keys in hashing algorithms to crack passwords efficiently?
A) Rainbow Table Attack
B) Timing Attack
C) Differential Cryptanalysis
D) Meet-in-the-Middle Attack
β
Answer: A) Rainbow Table Attack
π‘ Explanation: Rainbow Tables store precomputed hash values for a large set of potential passwords, allowing attackers to quickly reverse a hashed password without brute-forcing every possible input.
7. Which cryptographic attack is effective against stream ciphers like RC4 due to key reuse?
A) Padding Oracle Attack
B) Frequency Analysis
C) Known-Plaintext Attack
D) XOR Key Stream Attack
β
Answer: D) XOR Key Stream Attack
π‘ Explanation: Stream ciphers like RC4 are vulnerable if the same key is reused across multiple encryptions because the XOR operation reveals patterns, allowing attackers to recover the plaintext.
8. What is the main reason why SHA-1 is considered insecure?
A) It uses symmetric encryption
B) It has known collision vulnerabilities
C) It uses a fixed-length output
D) It is too slow for modern applications
β
Answer: B) It has known collision vulnerabilities
π‘ Explanation: SHA-1 is vulnerable to collision attacks, meaning two different inputs can produce the same hash. Google and CWI Amsterdam demonstrated this in 2017 with the SHAttered attack.
9. What attack attempts to find two different messages with the same hash?
A) Preimage Attack
B) Birthday Attack
C) Meet-in-the-Middle Attack
D) Collision Attack
β
Answer: D) Collision Attack
π‘ Explanation: Collision Attacks occur when an attacker finds two different inputs that produce the same hash output, breaking the integrity guarantees of hash functions.
10. In a brute-force attack, what is the worst-case time complexity for breaking an encryption scheme with a key of length N bits?
A) O(N)
B) O(2^N)
C) O(N log N)
D) O(log N)
β
Answer: B) O(2^N)
π‘ Explanation: Brute-force attacks require trying all possible keys, which results in an exponential time complexity of O(2^N), making longer key lengths exponentially more secure.
11. Which attack exploits the fact that the same plaintext encrypts to the same ciphertext in ECB mode?
A) Brute Force Attack
B) Padding Oracle Attack
C) Block Rearrangement Attack
D) Key Recovery Attack
β
Answer: C) Block Rearrangement Attack
π‘ Explanation: ECB (Electronic Codebook) mode encrypts identical plaintext blocks into identical ciphertext blocks, making it vulnerable to pattern recognition and rearrangement attacks.
12. What attack allows an adversary to forge digital signatures by exploiting weak hashing algorithms?
A) Chosen-Plaintext Attack
B) Collision Attack
C) Known-Plaintext Attack
D) Dictionary Attack
β
Answer: B) Collision Attack
π‘ Explanation: Collision attacks occur when two different messages produce the same hash, which can be exploited to forge digital signatures in outdated hashing algorithms like MD5 and SHA-1.
13. Which attack exploits weak session key reuse in cryptographic protocols?
A) Replay Attack
B) Man-in-the-Middle Attack
C) Key Reuse Attack
D) Cryptanalysis
β
Answer: C) Key Reuse Attack
π‘ Explanation: Reusing cryptographic session keys (such as in RC4) makes systems vulnerable to attacks, as attackers can extract patterns in encrypted messages.
14. What attack relies on analyzing how long a cryptographic operation takes to perform?
A) Differential Cryptanalysis
B) Brute Force Attack
C) Timing Attack
D) Side-Channel Attack
β
Answer: C) Timing Attack
π‘ Explanation: Timing Attacks measure the time taken by cryptographic operations (such as RSA decryption) to infer secret keys.
15. Which cryptographic attack exploits flaws in the padding scheme of RSA encryption?
A) Padding Oracle Attack
B) Frequency Analysis
C) Dictionary Attack
D) Length Extension Attack
β
Answer: A) Padding Oracle Attack
π‘ Explanation: Padding Oracle Attacks exploit incorrect error messages in padding schemes (like PKCS#1 v1.5 in RSA) to recover plaintext.
16. Which attack exploits the fact that hash functions can be extended by appending data to an existing hash?
A) Birthday Attack
B) Length Extension Attack
C) Meet-in-the-Middle Attack
D) Chosen-Plaintext Attack
β
Answer: B) Length Extension Attack
π‘ Explanation: Length Extension Attacks exploit the structure of MD5, SHA-1, and SHA-256 by appending extra data to a hash without knowing the original input.
17. Which attack attempts to find a plaintext that matches a given hash value?
A) Preimage Attack
B) Chosen-Ciphertext Attack
C) Key Recovery Attack
D) Birthday Attack
β
Answer: A) Preimage Attack
π‘ Explanation: A preimage attack attempts to find a message that hashes to a specific value, breaking hash function resistance.
18. What attack involves capturing and resending encrypted messages to trick a system into accepting them as legitimate?
A) Chosen-Plaintext Attack
B) Replay Attack
C) Meet-in-the-Middle Attack
D) Differential Cryptanalysis
β
Answer: B) Replay Attack
π‘ Explanation: Replay Attacks involve capturing encrypted data packets and resending them to impersonate a user.
19. What type of attack exploits mathematical weaknesses in cryptographic algorithms?
A) Brute Force Attack
B) Cryptanalysis
C) Rainbow Table Attack
D) Chosen-Ciphertext Attack
β
Answer: B) Cryptanalysis
π‘ Explanation: Cryptanalysis involves analyzing mathematical properties of encryption algorithms to break them, such as differential cryptanalysis on DES.
20. Which attack exploits a vulnerability in the WEP encryption protocol by collecting initialization vectors (IVs)?
A) ARP Replay Attack
B) Chosen-Plaintext Attack
C) Hash Collision Attack
D) Known-Key Attack
β
Answer: A) ARP Replay Attack
π‘ Explanation: WEP encryption is vulnerable to IV-based key recovery through ARP replay, allowing attackers to recover Wi-Fi keys.
21. Which attack takes advantage of a weak or predictable nonce in encryption?
A) Bit-Flipping Attack
B) Nonce Reuse Attack
C) Differential Cryptanalysis
D) Known-Plaintext Attack
β
Answer: B) Nonce Reuse Attack
π‘ Explanation: A nonce (number used once) should be unique for each encryption. If it is reused, it can leak information about the plaintext, particularly in AES-GCM and CTR mode encryption.
22. What cryptographic attack exploits the predictability of PRNGs (Pseudo-Random Number Generators)?
A) Weak RNG Attack
B) Collision Attack
C) Ciphertext-Only Attack
D) Frequency Analysis
β
Answer: A) Weak RNG Attack
π‘ Explanation: Poorly designed PRNGs (such as in older SSL/TLS versions) allow attackers to predict encryption keys, leading to session hijacking and key recovery attacks.
23. What attack can break WPA2 encryption by intercepting and replaying handshake messages?
A) Chosen-Plaintext Attack
B) KRACK Attack
C) Hash Collision Attack
D) Brute Force Attack
β
Answer: B) KRACK Attack
π‘ Explanation: Key Reinstallation Attack (KRACK) forces the reinstallation of cryptographic keys in WPA2 handshake processes, allowing attackers to decrypt wireless traffic.
24. What attack involves gradually recovering a secret key by measuring how processing time varies with different inputs?
A) Side-Channel Attack
B) Timing Attack
C) Man-in-the-Middle Attack
D) Birthday Attack
β
Answer: B) Timing Attack
π‘ Explanation: Timing Attacks analyze execution time variations in cryptographic operations to infer secret keys, especially in RSA and AES.
25. Which attack manipulates an encrypted message to modify its decrypted plaintext in a predictable way?
A) Ciphertext-Only Attack
B) Meet-in-the-Middle Attack
C) Bit-Flipping Attack
D) Padding Oracle Attack
β
Answer: C) Bit-Flipping Attack
π‘ Explanation: In a Bit-Flipping Attack, an attacker modifies specific ciphertext bits, causing predictable plaintext changes after decryption. This can be exploited in CBC mode encryption.
26. What attack exploits vulnerabilities in TLS 1.0 and 1.1, allowing attackers to decrypt sensitive data like session cookies?
A) POODLE Attack
B) Heartbleed Attack
C) Logjam Attack
D) BEAST Attack
β
Answer: D) BEAST Attack
π‘ Explanation: The BEAST (Browser Exploit Against SSL/TLS) attack exploits weaknesses in TLS 1.0βs CBC mode, enabling session hijacking.
27. Which attack forces a victim to use a weaker cryptographic protocol by downgrading their connection?
A) Downgrade Attack
B) Chosen-Plaintext Attack
C) Known-Key Attack
D) Quantum Attack
β
Answer: A) Downgrade Attack
π‘ Explanation: Downgrade Attacks trick a server or client into using older, weaker encryption protocols (e.g., forcing TLS 1.0 instead of TLS 1.2).
28. What attack is used to break two-key triple DES (3DES) encryption by reducing its effective key strength?
A) Chosen-Plaintext Attack
B) Meet-in-the-Middle Attack
C) Frequency Analysis
D) Rainbow Table Attack
β
Answer: B) Meet-in-the-Middle Attack
π‘ Explanation: Meet-in-the-Middle reduces double encryption security by finding intermediate encryption values, making 2-key 3DES effectively as weak as a 56-bit DES key.
29. What attack uses computational optimizations to reverse cryptographic hash functions quickly?
A) Rainbow Table Attack
B) Side-Channel Attack
C) Known-Plaintext Attack
D) Differential Cryptanalysis
β
Answer: A) Rainbow Table Attack
π‘ Explanation: Rainbow Tables store precomputed hash values, enabling rapid password cracking by reversing common hashes.
30. What attack allows an adversary to trick a digital signature verification system into accepting a fraudulent signature?
A) Padding Oracle Attack
B) Collision Attack
C) Hash Length Extension Attack
D) Bleichenbacher Attack
β
Answer: B) Collision Attack
π‘ Explanation: Collision Attacks break cryptographic hash functions by finding two different inputs with the same hash output, allowing attackers to forge digital signatures.
31. Which attack exploits SSL/TLS implementations to retrieve server memory contents?
A) BEAST Attack
B) Heartbleed Attack
C) Chosen-Ciphertext Attack
D) Side-Channel Attack
β
Answer: B) Heartbleed Attack
π‘ Explanation: Heartbleed exploited OpenSSLβs Heartbeat feature, leaking sensitive server memory, including private keys.
32. What cryptographic attack is effective against elliptic curve cryptography (ECC) when weak curves are used?
A) ECC Curve Attack
B) Ciphertext-Only Attack
C) Differential Cryptanalysis
D) RSA Factoring Attack
β
Answer: A) ECC Curve Attack
π‘ Explanation: Poorly chosen elliptic curves in ECC can introduce vulnerabilities, making key recovery easier for attackers.
33. What attack allows an attacker to inject malicious ciphertext that decrypts into controlled plaintext?
A) Chosen-Ciphertext Attack
B) Preimage Attack
C) Rainbow Table Attack
D) Brute Force Attack
β
Answer: A) Chosen-Ciphertext Attack
π‘ Explanation: Chosen-Ciphertext Attacks (CCA) enable attackers to manipulate ciphertext before decryption, potentially revealing encryption keys.
34. What attack forces users to downgrade to a weak Diffie-Hellman key exchange?
A) Logjam Attack
B) POODLE Attack
C) Man-in-the-Middle Attack
D) Padding Oracle Attack
β
Answer: A) Logjam Attack
π‘ Explanation: Logjam Attack exploits weak 512-bit Diffie-Hellman groups, allowing attackers to decrypt secure communications.
35. What attack exploits misconfigured or vulnerable JSON Web Tokens (JWTs)?
A) Token Forgery Attack
B) Bit-Flipping Attack
C) Ciphertext-Only Attack
D) Length Extension Attack
β
Answer: A) Token Forgery Attack
π‘ Explanation: JWTs can be forged if the algorithm field is modified (e.g., from RS256 to none), allowing attackers to create valid tokens without a secret key.
36. What cryptographic attack allows attackers to recover encryption keys by analyzing electromagnetic radiation emitted by a device?
A) Key Recovery Attack
B) Electromagnetic Side-Channel Attack
C) Known-Plaintext Attack
D) Frequency Analysis
β
Answer: B) Electromagnetic Side-Channel Attack
π‘ Explanation: Electromagnetic Side-Channel Attacks exploit leaked electromagnetic radiation from cryptographic devices to recover secret keys.
37. What attack exploits improper validation of XML encryption, allowing decryption of sensitive data?
A) XML Encryption Attack
B) Hash Collision Attack
C) Man-in-the-Middle Attack
D) Padding Oracle Attack
β
Answer: A) XML Encryption Attack
π‘ Explanation: XML Encryption Attacks target systems that use XML-based encryption with weak validation, allowing attackers to decrypt sensitive XML data.
38. Which attack is designed to break RSA encryption by exploiting flaws in its padding implementation?
A) Bleichenbacher Attack
B) Brute Force Attack
C) Meet-in-the-Middle Attack
D) Length Extension Attack
β
Answer: A) Bleichenbacher Attack
π‘ Explanation: Bleichenbacherβs Attack (also called PKCS#1 Padding Oracle Attack) allows attackers to decrypt RSA ciphertexts without knowing the private key by analyzing server responses to improperly padded messages.
39. What cryptographic attack allows an attacker to extract cryptographic keys from RAM after a system shutdown?
A) Side-Channel Attack
B) Cold Boot Attack
C) Ciphertext-Only Attack
D) Known-Plaintext Attack
β
Answer: B) Cold Boot Attack
π‘ Explanation: Cold Boot Attacks exploit the fact that RAM retains data for a short time after power is removed, allowing attackers to extract encryption keys from memory.
40. What cryptographic attack uses quantum computing to efficiently factor large numbers, breaking RSA encryption?
A) Brute Force Attack
B) Shorβs Algorithm Attack
C) Differential Cryptanalysis
D) Meet-in-the-Middle Attack
β
Answer: B) Shorβs Algorithm Attack
π‘ Explanation: Shorβs Algorithm is a quantum computing algorithm that efficiently factors large numbers, making RSA encryption vulnerable to quantum computers.
41. Which attack is effective against hash functions that use Merkle-DamgΓ₯rd construction?
A) Length Extension Attack
B) Chosen-Ciphertext Attack
C) Frequency Analysis
D) Differential Cryptanalysis
β
Answer: A) Length Extension Attack
π‘ Explanation: Length Extension Attacks exploit Merkle-DamgΓ₯rd-based hash functions (e.g., MD5, SHA-1, SHA-256) by appending additional data without knowing the original input.
42. What attack exploits poor randomness in cryptographic key generation?
A) Predictable Key Attack
B) Known-Plaintext Attack
C) Chosen-Plaintext Attack
D) Preimage Attack
β
Answer: A) Predictable Key Attack
π‘ Explanation: If a random number generator (RNG) is weak, encryption keys can be predicted, allowing attackers to reconstruct private keys.
43. What attack allows an adversary to decrypt traffic by forcing the victim to use a weak or outdated cryptographic protocol?
A) Downgrade Attack
B) Rainbow Table Attack
C) Meet-in-the-Middle Attack
D) Side-Channel Attack
β
Answer: A) Downgrade Attack
π‘ Explanation: Downgrade Attacks trick a system into using an older, weaker encryption protocol, making it easier to break (e.g., forcing SSL 3.0 instead of TLS 1.2).
44. Which attack exploits an implementation flaw in RSA that allows an attacker to recover plaintext from encrypted messages?
A) Timing Attack
B) RSA Key Recovery Attack
C) Chosen-Ciphertext Attack
D) Differential Cryptanalysis
β
Answer: C) Chosen-Ciphertext Attack
π‘ Explanation: Chosen-Ciphertext Attacks (CCA) against RSA allow attackers to inject modified ciphertexts and use the systemβs response to deduce the plaintext.
45. What cryptographic attack involves injecting a fake digital signature into a signed message?
A) Signature Forgery Attack
B) Hash Collision Attack
C) Man-in-the-Middle Attack
D) Brute Force Attack
β
Answer: A) Signature Forgery Attack
π‘ Explanation: Signature Forgery Attacks target digital signature systems, where an attacker manipulates or replaces a cryptographic signature to falsify authenticity.
46. What attack can compromise TLS/SSL communications by taking advantage of weak ephemeral keys in Diffie-Hellman key exchange?
A) Logjam Attack
B) POODLE Attack
C) Heartbleed Attack
D) Padding Oracle Attack
β
Answer: A) Logjam Attack
π‘ Explanation: The Logjam Attack exploits weak 512-bit Diffie-Hellman groups, allowing attackers to break TLS encryption and intercept secure traffic.
47. Which attack is effective against block ciphers using weak key schedules?
A) Related-Key Attack
B) Timing Attack
C) Frequency Analysis
D) Ciphertext-Only Attack
β
Answer: A) Related-Key Attack
π‘ Explanation: Related-Key Attacks analyze how encryption changes under different but related keys, allowing attackers to recover secret keys in AES and DES.
48. What cryptographic attack exploits weaknesses in hardware implementations, such as using power consumption analysis?
A) Power Analysis Attack
B) Brute Force Attack
C) Differential Cryptanalysis
D) Ciphertext-Only Attack
β
Answer: A) Power Analysis Attack
π‘ Explanation: Power Analysis Attacks (a type of Side-Channel Attack) measure electrical power fluctuations in devices performing encryption to extract secret keys.
49. What attack exploits flaws in TLS 1.3 session resumption to steal cryptographic keys?
A) Session Resumption Attack
B) Man-in-the-Middle Attack
C) Brute Force Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Session Resumption Attack
π‘ Explanation: Session Resumption Attacks exploit improperly implemented TLS 1.3 session resumption, allowing attackers to recover cryptographic session keys.
50. What cryptographic attack can break improperly implemented RSA encryption by analyzing re-used prime numbers?
A) Factorization Attack
B) Known-Plaintext Attack
C) Differential Cryptanalysis
D) Rainbow Table Attack
β
Answer: A) Factorization Attack
π‘ Explanation: Factorization Attacks exploit RSA implementations that re-use prime numbers, making it possible to recover private keys using mathematical factorization techniques.
51. What cryptographic attack exploits the ability to modify encrypted data without knowing the encryption key, leading to predictable changes in plaintext?
A) Padding Oracle Attack
B) Bit-Flipping Attack
C) Chosen-Plaintext Attack
D) Known-Plaintext Attack
β
Answer: B) Bit-Flipping Attack
π‘ Explanation: Bit-Flipping Attacks modify specific bits in ciphertext, causing controlled changes in the decrypted plaintext. This is a common attack against CBC mode encryption.
52. Which cryptographic attack targets TLS 1.0 and forces the use of insecure cipher block chaining (CBC) mode?
A) BEAST Attack
B) POODLE Attack
C) Side-Channel Attack
D) Brute Force Attack
β
Answer: A) BEAST Attack
π‘ Explanation: BEAST (Browser Exploit Against SSL/TLS) exploits a weakness in TLS 1.0βs CBC mode, allowing attackers to decrypt secure traffic.
53. What attack exploits weak modular exponentiation in RSA encryption to determine private keys?
A) Lattice-Based Attack
B) Brute Force Attack
C) Key Recovery Attack
D) Preimage Attack
β
Answer: A) Lattice-Based Attack
π‘ Explanation: Lattice-Based Attacks exploit the mathematical weaknesses of RSA keys when small private exponents or weak primes are used.
54. What attack takes advantage of poor entropy (randomness) in cryptographic key generation?
A) Predictable Key Attack
B) Hash Collision Attack
C) Ciphertext-Only Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Predictable Key Attack
π‘ Explanation: If random number generators (RNGs) are weak, cryptographic keys become predictable, allowing attackers to crack encryption more easily.
55. What attack exploits a vulnerability in SSL 3.0, allowing the decryption of encrypted communications?
A) POODLE Attack
B) Man-in-the-Middle Attack
C) Collision Attack
D) Preimage Attack
β
Answer: A) POODLE Attack
π‘ Explanation: POODLE (Padding Oracle On Downgraded Legacy Encryption) forces connections to fall back to SSL 3.0, which is vulnerable to CBC padding attacks.
56. What cryptographic attack exploits the fact that some encryption algorithms are vulnerable to partial decryption?
A) Chosen-Ciphertext Attack
B) Replay Attack
C) Frequency Analysis
D) Ciphertext-Only Attack
β
Answer: A) Chosen-Ciphertext Attack
π‘ Explanation: In a Chosen-Ciphertext Attack (CCA), an attacker submits crafted ciphertexts to a decryption oracle to extract meaningful information.
57. Which attack forces the reuse of session keys in cryptographic protocols, leading to security breaches?
A) Replay Attack
B) Session Key Reuse Attack
C) Key Recovery Attack
D) Timing Attack
β
Answer: B) Session Key Reuse Attack
π‘ Explanation: If session keys are reused, an attacker can decrypt multiple sessions with the same key, compromising confidentiality.
58. What attack breaks cryptographic security by exploiting the vulnerability of using the same initialization vector (IV) multiple times?
A) Nonce Reuse Attack
B) Lattice-Based Attack
C) Ciphertext-Only Attack
D) Chosen-Plaintext Attack
β
Answer: A) Nonce Reuse Attack
π‘ Explanation: Nonce (number used once) reuse can lead to cryptographic leaks in AES-GCM, CTR mode, and stream ciphers like RC4.
59. Which attack enables attackers to break improperly implemented Diffie-Hellman key exchanges?
A) Logjam Attack
B) Key Recovery Attack
C) Meet-in-the-Middle Attack
D) Timing Attack
β
Answer: A) Logjam Attack
π‘ Explanation: Logjam forces servers to use weak 512-bit Diffie-Hellman groups, allowing attackers to decrypt secure communications.
60. What attack exploits weak implementations of elliptic curve cryptography (ECC)?
A) ECC Curve Attack
B) Ciphertext-Only Attack
C) Hash Collision Attack
D) Replay Attack
β
Answer: A) ECC Curve Attack
π‘ Explanation: If an elliptic curve does not have sufficient randomness, an attacker can derive private keys from public keys.
61. Which cryptographic attack involves tricking a system into using a weak elliptic curve to break encryption?
A) ECC Curve Selection Attack
B) Ciphertext-Only Attack
C) Meet-in-the-Middle Attack
D) Frequency Analysis
β
Answer: A) ECC Curve Selection Attack
π‘ Explanation: In an ECC Curve Selection Attack, an attacker forces a system to use a weak or compromised elliptic curve, making it easier to break ECC-based encryption.
62. What attack allows attackers to forge cryptographic signatures by exploiting weak implementations of RSA digital signatures?
A) RSA Signature Forgery Attack
B) Chosen-Plaintext Attack
C) Preimage Attack
D) Differential Cryptanalysis
β
Answer: A) RSA Signature Forgery Attack
π‘ Explanation: If RSA digital signatures are not properly implemented, an attacker can craft a fraudulent signature that the system accepts as valid, bypassing authentication.
63. What attack uses advanced AI and deep learning models to analyze cryptographic key usage patterns?
A) AI-Powered Cryptanalysis
B) Padding Oracle Attack
C) Known-Plaintext Attack
D) Quantum Key Recovery Attack
β
Answer: A) AI-Powered Cryptanalysis
π‘ Explanation: AI-Powered Cryptanalysis leverages machine learning and AI models to identify patterns in encryption keys and break cryptographic security using sophisticated prediction techniques.
64. What attack exploits poor entropy in cryptographic key generation, allowing attackers to predict keys?
A) Weak Entropy Attack
B) Chosen-Ciphertext Attack
C) Frequency Analysis
D) Rainbow Table Attack
β
Answer: A) Weak Entropy Attack
π‘ Explanation: Weak entropy sources lead to predictable random number generation, allowing attackers to deduce cryptographic keys or session tokens.
65. What attack targets weak or reused session keys in SSL/TLS communications?
A) Session Key Reuse Attack
B) Brute Force Attack
C) Ciphertext-Only Attack
D) Lattice-Based Attack
β
Answer: A) Session Key Reuse Attack
π‘ Explanation: If session keys are reused across different SSL/TLS sessions, an attacker can decrypt multiple communications without needing to recover the master key.
66. Which attack targets the cryptographic random number generators (RNGs) used in blockchain systems?
A) Blockchain RNG Attack
B) Ciphertext-Only Attack
C) Preimage Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Blockchain RNG Attack
π‘ Explanation: If blockchain-based random number generators are weak or predictable, attackers can manipulate transactions, winning lotteries, gaming systems, or cryptographic challenges unfairly.
67. What cryptographic attack manipulates a processorβs speculative execution feature to extract cryptographic secrets?
A) Spectre Attack
B) Side-Channel Attack
C) Padding Oracle Attack
D) Lattice-Based Attack
β
Answer: A) Spectre Attack
π‘ Explanation: Spectre Attacks exploit speculative execution flaws in modern processors, allowing attackers to access protected cryptographic keys from memory.
68. What attack exploits improperly implemented cryptographic key management to extract encryption keys?
A) Key Extraction Attack
B) Known-Plaintext Attack
C) Ciphertext-Only Attack
D) Frequency Analysis
β
Answer: A) Key Extraction Attack
π‘ Explanation: Key Extraction Attacks target improperly stored or poorly protected cryptographic keys, making it possible for attackers to recover private keys and decrypt communications.
69. What cryptographic attack leverages flaws in hash function design to manipulate blockchain transactions?
A) Blockchain Hash Collision Attack
B) Chosen-Ciphertext Attack
C) Brute Force Attack
D) Preimage Attack
β
Answer: A) Blockchain Hash Collision Attack
π‘ Explanation: If a blockchain system uses weak or vulnerable hash functions, attackers can create colliding transactions, effectively forging records and breaking the integrity of the blockchain.
70. Which attack allows an attacker to inject modified ciphertext that decrypts into controlled plaintext, bypassing authentication?
A) Ciphertext Injection Attack
B) Side-Channel Attack
C) Known-Plaintext Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Ciphertext Injection Attack
π‘ Explanation: Ciphertext Injection Attacks enable attackers to modify encrypted messages, causing the system to accept fraudulent or altered data as legitimate after decryption.
71. Which attack exploits a vulnerability in RSA encryption where the attacker can retrieve plaintext messages that have been encrypted using small public exponents?
A) Low-Exponent Attack
B) Meet-in-the-Middle Attack
C) Ciphertext Injection Attack
D) Differential Cryptanalysis
β
Answer: A) Low-Exponent Attack
π‘ Explanation: RSA Low-Exponent Attacks (e.g., using e=3) allow attackers to recover plaintext if no proper padding scheme (like OAEP) is used, making RSA encryption ineffective.
72. What attack targets the implementation of cryptographic operations instead of the mathematical weaknesses of an algorithm?
A) Side-Channel Attack
B) Chosen-Plaintext Attack
C) Ciphertext-Only Attack
D) Hash Collision Attack
β
Answer: A) Side-Channel Attack
π‘ Explanation: Side-Channel Attacks analyze physical characteristics, such as timing, power consumption, or electromagnetic leaks, to recover encryption keys.
73. Which cryptographic attack forces a system to use weak or deprecated TLS cipher suites during communication?
A) Forced Cipher Downgrade Attack
B) Padding Oracle Attack
C) Hash Collision Attack
D) Known-Plaintext Attack
β
Answer: A) Forced Cipher Downgrade Attack
π‘ Explanation: Attackers can force the negotiation of weaker cipher suites (e.g., TLS 1.0 instead of TLS 1.2), making the system vulnerable to cryptographic attacks like POODLE or BEAST.
74. Which attack involves an adversary using high-speed computing resources to precompute and store vast numbers of password hashes?
A) Precomputed Hash Attack
B) Meet-in-the-Middle Attack
C) Chosen-Ciphertext Attack
D) Timing Attack
β
Answer: A) Precomputed Hash Attack
π‘ Explanation: Attackers use precomputed hashes (like in Rainbow Table Attacks) to crack passwords quickly, reducing the time needed for brute-force attempts.
75. What cryptographic attack exploits the ability to forge digital certificates by exploiting weaknesses in hash algorithms?
A) MD5 Collision Attack
B) Frequency Analysis
C) Ciphertext Injection Attack
D) Chosen-Plaintext Attack
β
Answer: A) MD5 Collision Attack
π‘ Explanation: MD5 has known collision vulnerabilities, allowing attackers to forge fake digital certificates that appear valid but are malicious.
76. What attack targets encryption systems where session keys are derived from weakly generated random numbers?
A) Predictable Session Key Attack
B) Brute Force Attack
C) Meet-in-the-Middle Attack
D) Quantum Cryptanalysis
β
Answer: A) Predictable Session Key Attack
π‘ Explanation: If session keys are generated using weak entropy sources, attackers can predict session keys and decrypt communications.
77. Which cryptographic attack attempts to break authentication tokens by manipulating or forging JWT (JSON Web Tokens)?
A) JWT Signature Forgery Attack
B) Chosen-Ciphertext Attack
C) Lattice-Based Attack
D) Preimage Attack
β
Answer: A) JWT Signature Forgery Attack
π‘ Explanation: If a JWT does not properly verify signatures, attackers can forge malicious tokens by changing the signature algorithm to βnoneβ or guessing weak signing keys.
78. Which attack can decrypt encrypted VoIP (Voice over IP) calls by analyzing RTP streams and weak encryption implementations?
A) VoIP Eavesdropping Attack
B) Ciphertext-Only Attack
C) Brute Force Attack
D) Known-Plaintext Attack
β
Answer: A) VoIP Eavesdropping Attack
π‘ Explanation: Attackers can capture RTP (Real-Time Transport Protocol) streams and analyze weak encryption (e.g., compromised SRTP keys) to decrypt VoIP calls.
79. What cryptographic attack forces an encryption scheme to operate in an insecure mode by bypassing cryptographic key exchange?
A) Cryptographic Key Bypass Attack
B) Padding Oracle Attack
C) Chosen-Plaintext Attack
D) Brute Force Attack
β
Answer: A) Cryptographic Key Bypass Attack
π‘ Explanation: In this attack, an adversary forces a system to skip or bypass key exchange, leading to the use of default or weak encryption keys.
80. Which attack exploits the use of improperly configured cryptographic libraries, leading to predictable key generation?
A) Insecure Cryptographic Implementation Attack
B) Chosen-Plaintext Attack
C) Brute Force Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Insecure Cryptographic Implementation Attack
π‘ Explanation: If a cryptographic library is misconfigured or lacks proper randomness, it can generate predictable keys, making encryption easier to break.
81. Which cryptographic attack targets weak implementations of key exchange protocols by forcing the use of a known or easily guessable secret?
A) Key Exchange Downgrade Attack
B) Man-in-the-Middle Attack
C) Side-Channel Attack
D) Preimage Attack
β
Answer: A) Key Exchange Downgrade Attack
π‘ Explanation: In this attack, adversaries force a system to use weak key exchange parameters, making it easier to compute shared secrets and decrypt communications.
82. What attack exploits a weakness in authentication mechanisms where an attacker can repeatedly attempt to guess a cryptographic key?
A) Rate-Limited Brute Force Attack
B) Offline Password Cracking Attack
C) Rainbow Table Attack
D) Chosen-Plaintext Attack
β
Answer: B) Offline Password Cracking Attack
π‘ Explanation: Offline attacks allow attackers to repeatedly guess encryption keys or passwords without triggering security mechanisms since they work on locally stored encrypted data.
83. What cryptographic attack enables an attacker to decrypt data by exploiting misconfigured or predictable Initialization Vectors (IVs)?
A) IV Reuse Attack
B) Ciphertext Injection Attack
C) Meet-in-the-Middle Attack
D) Chosen-Ciphertext Attack
β
Answer: A) IV Reuse Attack
π‘ Explanation: If a system reuses IVs in modes like AES-CBC or AES-GCM, attackers can infer plaintext differences or perform bit-flipping attacks to decrypt data.
84. What cryptographic attack exploits the ability to inject a crafted public key into a key exchange process, allowing decryption of messages?
A) Public Key Substitution Attack
B) Preimage Attack
C) Chosen-Plaintext Attack
D) Frequency Analysis
β
Answer: A) Public Key Substitution Attack
π‘ Explanation: In this attack, an adversary replaces a legitimate public key with their own during an exchange, enabling them to decrypt messages encrypted with the substituted key.
85. Which attack exploits predictable cryptographic nonce values in stream ciphers or block cipher modes?
A) Nonce Predictability Attack
B) Side-Channel Attack
C) Padding Oracle Attack
D) Lattice-Based Attack
β
Answer: A) Nonce Predictability Attack
π‘ Explanation: If nonce values are predictable or repeated, attackers can decrypt ciphertexts encrypted with the same key (especially in CTR and GCM modes).
86. What attack exploits an implementation flaw in the way digital certificates are parsed, allowing attackers to create fraudulent certificates?
A) Certificate Parsing Attack
B) Chosen-Plaintext Attack
C) Meet-in-the-Middle Attack
D) Cryptanalysis Attack
β
Answer: A) Certificate Parsing Attack
π‘ Explanation: If a system improperly parses X.509 certificates, an attacker can forge or modify certificates to impersonate legitimate entities.
87. Which attack exploits weak password hashing algorithms by converting plaintext passwords into precomputed hash values?
A) Dictionary Attack
B) Rainbow Table Attack
C) Padding Oracle Attack
D) Preimage Attack
β
Answer: B) Rainbow Table Attack
π‘ Explanation: Rainbow Tables store precomputed hashes for common passwords, allowing attackers to quickly find matches without brute-forcing each hash individually.
88. What cryptographic attack manipulates digital signatures by exploiting weak implementations of ECDSA?
A) ECDSA Signature Manipulation Attack
B) Chosen-Ciphertext Attack
C) Timing Attack
D) Hash Collision Attack
β
Answer: A) ECDSA Signature Manipulation Attack
π‘ Explanation: Poor implementations of ECDSA can allow attackers to recover private keys by analyzing repeated or predictable nonce values in digital signatures.
89. What attack exploits flaws in the way cryptographic software generates random numbers for key generation?
A) Predictable RNG Attack
B) Brute Force Attack
C) Ciphertext-Only Attack
D) Frequency Analysis
β
Answer: A) Predictable RNG Attack
π‘ Explanation: If a cryptographic system uses a weak or predictable random number generator (RNG), attackers can deduce private keys or session tokens, compromising security.
90. What attack forces an authentication system to accept a forged cryptographic challenge-response by replaying valid authentication data?
A) Replay Attack
B) Chosen-Plaintext Attack
C) Meet-in-the-Middle Attack
D) Side-Channel Attack
β
Answer: A) Replay Attack
π‘ Explanation: In a Replay Attack, attackers capture and resend previously valid authentication data, tricking the system into authenticating the attacker as a legitimate user.
91. Which attack exploits weak padding schemes in encryption algorithms, allowing attackers to decrypt data without knowing the key?
A) Padding Oracle Attack
B) Chosen-Plaintext Attack
C) Ciphertext-Only Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Padding Oracle Attack
π‘ Explanation: Padding Oracle Attacks exploit error messages from improperly implemented padding schemes in block ciphers like AES-CBC, allowing attackers to decrypt data without the encryption key.
92. What attack exploits the use of insecure cryptographic keys that have been publicly disclosed or reused?
A) Key Compromise Attack
B) Differential Cryptanalysis
C) Chosen-Ciphertext Attack
D) Hash Collision Attack
β
Answer: A) Key Compromise Attack
π‘ Explanation: If an encryption key is leaked, reused, or improperly stored, attackers can use it to decrypt encrypted data, forge signatures, or perform impersonation attacks.
93. Which attack exploits weak digital signatures by manipulating the cryptographic parameters used in their generation?
A) Signature Replay Attack
B) Signature Parameter Manipulation Attack
C) Frequency Analysis
D) Quantum Cryptanalysis
β
Answer: B) Signature Parameter Manipulation Attack
π‘ Explanation: In this attack, adversaries manipulate cryptographic parameters (e.g., nonce reuse in ECDSA) to forgery or extract private keys.
94. What attack exploits insecure implementations of message authentication codes (MACs), allowing an attacker to forge authentication tags?
A) MAC Forgery Attack
B) Meet-in-the-Middle Attack
C) Rainbow Table Attack
D) Preimage Attack
β
Answer: A) MAC Forgery Attack
π‘ Explanation: If a cryptographic system does not properly verify MACs, attackers can craft valid authentication tokens without knowing the shared secret key.
95. Which cryptographic attack attempts to exploit statistical weaknesses in encryption by analyzing ciphertext patterns?
A) Statistical Cryptanalysis
B) Chosen-Plaintext Attack
C) Man-in-the-Middle Attack
D) Lattice-Based Attack
β
Answer: A) Statistical Cryptanalysis
π‘ Explanation: Statistical Cryptanalysis examines ciphertext patterns and frequency distributions to infer plaintext, especially in weak ciphers like Caesar or XOR-based encryption.
96. What attack allows an adversary to force a cryptographic algorithm into a weaker mode by manipulating input parameters?
A) Algorithm Downgrade Attack
B) Padding Oracle Attack
C) Preimage Attack
D) Known-Plaintext Attack
β
Answer: A) Algorithm Downgrade Attack
π‘ Explanation: Algorithm Downgrade Attacks force a cryptographic system to use weaker encryption algorithms, making it easier to break the encryption.
97. Which cryptographic attack exploits improper key derivation functions (KDFs) that allow brute-force recovery of keys?
A) Weak KDF Attack
B) Chosen-Ciphertext Attack
C) Frequency Analysis
D) Meet-in-the-Middle Attack
β
Answer: A) Weak KDF Attack
π‘ Explanation: Key Derivation Functions (KDFs) should be resistant to brute-force attacks. Weak implementations (e.g., using PBKDF2 with low iteration counts) allow attackers to recover keys faster.
98. What attack involves an adversary injecting a forged certificate into a TLS handshake to intercept secure communications?
A) TLS Certificate Injection Attack
B) Side-Channel Attack
C) Hash Collision Attack
D) Chosen-Plaintext Attack
β
Answer: A) TLS Certificate Injection Attack
π‘ Explanation: If a system fails to properly validate certificates, attackers can inject fake TLS certificates to decrypt HTTPS traffic (Man-in-the-Middle attack).
99. Which attack attempts to determine the secret key by analyzing multiple encryptions of known plaintexts?
A) Related-Key Attack
B) Preimage Attack
C) Chosen-Ciphertext Attack
D) Rainbow Table Attack
β
Answer: A) Related-Key Attack
π‘ Explanation: Related-Key Attacks analyze how an encryption system processes similar or related keys to uncover patterns that reveal the secret key.
100. What cryptographic attack allows an attacker to manipulate cryptographic signatures by exploiting weak hash function chaining?
A) Hash Length Extension Attack
B) Lattice-Based Attack
C) Meet-in-the-Middle Attack
D) Known-Plaintext Attack
β
Answer: A) Hash Length Extension Attack
π‘ Explanation: Hash Length Extension Attacks target Merkle-DamgΓ₯rd-based hash functions (e.g., MD5, SHA-1, SHA-256) by extending hash values without knowing the original message.
101. Which attack exploits the reuse of ephemeral keys in Elliptic Curve Cryptography (ECC), allowing an attacker to recover the private key?
A) Reused Nonce Attack
B) Meet-in-the-Middle Attack
C) Ciphertext-Only Attack
D) Chosen-Plaintext Attack
β
Answer: A) Reused Nonce Attack
π‘ Explanation: If ephemeral keys (nonces) are reused in ECC algorithms like ECDSA, attackers can extract the private key by solving simple equations.
102. What attack targets cryptographic keys stored in volatile memory by extracting them before they are erased?
A) Cold Boot Attack
B) Side-Channel Attack
C) Rainbow Table Attack
D) Preimage Attack
β
Answer: A) Cold Boot Attack
π‘ Explanation: Cold Boot Attacks involve restarting a computer and quickly extracting encryption keys from RAM, which retains data for a short period after power is lost.
103. What cryptographic attack allows an attacker to recover plaintext from ciphertext using only statistical analysis?
A) Ciphertext-Only Attack
B) Padding Oracle Attack
C) Meet-in-the-Middle Attack
D) Related-Key Attack
β
Answer: A) Ciphertext-Only Attack
π‘ Explanation: In a Ciphertext-Only Attack, an attacker analyzes patterns and frequency distributions in ciphertext to infer plaintext, often used against simple ciphers like Caesar or VigenΓ¨re.
104. What attack enables an attacker to forge a valid cryptographic token by manipulating the signature algorithm field in a JWT token?
A) JWT Signature Bypass Attack
B) Chosen-Plaintext Attack
C) Cryptanalysis Attack
D) Meet-in-the-Middle Attack
β
Answer: A) JWT Signature Bypass Attack
π‘ Explanation: If a JWT (JSON Web Token) system allows switching the signature algorithm to βnoneβ, attackers can forge valid authentication tokens without a secret key.
105. Which cryptographic attack exploits vulnerabilities in Diffie-Hellman key exchange by forcing a weak prime number?
A) Small Subgroup Attack
B) Brute Force Attack
C) Rainbow Table Attack
D) Preimage Attack
β
Answer: A) Small Subgroup Attack
π‘ Explanation: In a Small Subgroup Attack, attackers force Diffie-Hellman key exchanges to use weak prime numbers, making the shared secret predictable and easier to crack.
106. What attack exploits improper entropy generation in cryptographic key derivation, allowing predictable key creation?
A) Weak Entropy Attack
B) Chosen-Ciphertext Attack
C) Hash Collision Attack
D) Side-Channel Attack
β
Answer: A) Weak Entropy Attack
π‘ Explanation: If a system uses low-quality random number generators (RNGs) for key derivation, attackers can predict cryptographic keys or session tokens.
107. What attack allows an adversary to modify an encrypted message and change its meaning after decryption?
A) Malicious Ciphertext Injection Attack
B) Known-Plaintext Attack
C) Brute Force Attack
D) Frequency Analysis
β
Answer: A) Malicious Ciphertext Injection Attack
π‘ Explanation: If encryption algorithms do not ensure integrity protection, attackers can modify ciphertexts and change decrypted plaintext meaning, leading to security bypasses.
108. What attack exploits a weakness in block ciphers where encryption of the same plaintext produces the same ciphertext?
A) ECB Mode Attack
B) Preimage Attack
C) Related-Key Attack
D) Lattice-Based Attack
β
Answer: A) ECB Mode Attack
π‘ Explanation: Electronic Codebook (ECB) mode is insecure because identical plaintext blocks result in identical ciphertext blocks, making it vulnerable to pattern recognition.
109. What cryptographic attack exploits a flaw in the way certain hash functions process length extensions?
A) Hash Length Extension Attack
B) Preimage Attack
C) Chosen-Ciphertext Attack
D) Quantum Cryptanalysis
β
Answer: A) Hash Length Extension Attack
π‘ Explanation: If a Merkle-DamgΓ₯rd-based hash function (like SHA-1, SHA-256) is used, an attacker can append data to a hash without knowing the original input.
110. What cryptographic attack exploits predictable prime numbers in RSA key generation?
A) Predictable Prime Factorization Attack
B) Brute Force Attack
C) Padding Oracle Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Predictable Prime Factorization Attack
π‘ Explanation: If RSA key pairs are generated with weak or predictable prime numbers, attackers can factorize the modulus (N = p Γ q) and recover private keys.
111. Which attack targets weak or improperly implemented cryptographic key exchange protocols, allowing an attacker to derive session keys?
A) Key Exchange Hijacking Attack
B) Chosen-Plaintext Attack
C) Meet-in-the-Middle Attack
D) Ciphertext Injection Attack
β
Answer: A) Key Exchange Hijacking Attack
π‘ Explanation: If a cryptographic key exchange protocol (such as Diffie-Hellman or TLS Handshake) is not properly implemented, attackers can intercept the process and derive or manipulate session keys.
112. What cryptographic attack exploits improperly configured HMAC (Hash-based Message Authentication Code) implementations to forge authentication tokens?
A) HMAC Length Extension Attack
B) Padding Oracle Attack
C) Brute Force Attack
D) Ciphertext-Only Attack
β
Answer: A) HMAC Length Extension Attack
π‘ Explanation: If a cryptographic system allows arbitrary message extensions due to the way HMACs are constructed, attackers can forge valid authentication tokens without knowing the secret key.
113. What attack exploits outdated hash functions by finding two different inputs that produce the same digital signature?
A) Hash Collision Exploitation Attack
B) Chosen-Ciphertext Attack
C) Side-Channel Attack
D) Preimage Attack
β
Answer: A) Hash Collision Exploitation Attack
π‘ Explanation: When hash functions like MD5 or SHA-1 are used in digital signatures, an attacker can generate two different messages that produce the same hash, allowing fraudulent document signing.
114. Which attack targets the way cryptographic protocols store session identifiers in insecure locations, leading to impersonation?
A) Session Token Storage Attack
B) Chosen-Plaintext Attack
C) Known-Plaintext Attack
D) Rainbow Table Attack
β
Answer: A) Session Token Storage Attack
π‘ Explanation: If session tokens are stored in insecure locations (e.g., URLs, local storage, cookies without proper protection), attackers can steal them and impersonate users.
115. What cryptographic attack exploits flaws in symmetric encryption key management, allowing key recovery?
A) Key Leakage Exploitation Attack
B) Differential Cryptanalysis
C) Meet-in-the-Middle Attack
D) Ciphertext-Only Attack
β
Answer: A) Key Leakage Exploitation Attack
π‘ Explanation: If encryption keys are not securely managed (e.g., stored in plaintext, hardcoded in code, or improperly protected), attackers can recover them and decrypt secure communications.
116. Which attack forces a cryptographic algorithm to operate in a mode where it is weaker than its intended strength, making it easier to break?
A) Forced Weak Cipher Attack
B) Quantum Cryptanalysis Attack
C) Predictable RNG Attack
D) Lattice-Based Attack
β
Answer: A) Forced Weak Cipher Attack
π‘ Explanation: Attackers can force the negotiation of weaker encryption algorithms (such as export-grade ciphers in SSL/TLS) or force low-bit keys, making brute-force attacks easier.
117. What attack allows an adversary to recover cryptographic keys by analyzing power consumption during encryption operations?
A) Power Analysis Side-Channel Attack
B) Chosen-Ciphertext Attack
C) Preimage Attack
D) Hash Collision Attack
β
Answer: A) Power Analysis Side-Channel Attack
π‘ Explanation: This side-channel attack measures variations in power consumption during cryptographic operations to infer secret keys, especially in smartcards and embedded systems.
118. What attack allows an attacker to determine a cryptographic key by analyzing how memory access times vary depending on the key bits?
A) Cache Timing Attack
B) Chosen-Plaintext Attack
C) Differential Cryptanalysis
D) Ciphertext-Only Attack
β
Answer: A) Cache Timing Attack
π‘ Explanation: Cache timing attacks exploit CPU cache access variations when handling encryption operations, allowing attackers to recover private keys.
119. Which cryptographic attack takes advantage of outdated TLS session resumption mechanisms to steal encrypted session data?
A) TLS Session Resumption Exploit
B) Known-Plaintext Attack
C) Man-in-the-Middle Attack
D) Meet-in-the-Middle Attack
β
Answer: A) TLS Session Resumption Exploit
π‘ Explanation: Some TLS session resumption mechanisms (such as TLS 1.2 session IDs) can be exploited by attackers to resume past sessions and decrypt data.
120. What cryptographic attack involves forcing a system to use outdated cryptographic libraries, exposing vulnerabilities?
A) Legacy Cryptographic Library Attack
B) Hash Length Extension Attack
C) Ciphertext Injection Attack
D) Quantum Cryptanalysis Attack
β
Answer: A) Legacy Cryptographic Library Attack
π‘ Explanation: Attackers exploit systems that use outdated cryptographic libraries (such as OpenSSL versions vulnerable to Heartbleed) to break encryption and access sensitive data.
121. What attack allows an adversary to infer sensitive information by analyzing patterns in encrypted web traffic without decrypting it?
A) Traffic Analysis Attack
B) Ciphertext Injection Attack
C) Meet-in-the-Middle Attack
D) Known-Plaintext Attack
β
Answer: A) Traffic Analysis Attack
π‘ Explanation: Even if data is encrypted, attackers can analyze traffic volume, timing, and patterns to infer sensitive information such as visited websites or communication frequency.
122. What cryptographic attack involves an adversary injecting a manipulated signature into a system to bypass authentication?
A) Digital Signature Forgery Attack
B) Preimage Attack
C) Man-in-the-Middle Attack
D) Ciphertext-Only Attack
β
Answer: A) Digital Signature Forgery Attack
π‘ Explanation: If a system does not properly verify digital signatures, attackers can forge signatures to impersonate legitimate users or alter signed messages.
123. Which attack targets weaknesses in post-quantum cryptographic algorithms to recover encrypted data?
A) Quantum Cryptanalysis Attack
B) Chosen-Ciphertext Attack
C) Differential Cryptanalysis
D) Brute Force Attack
β
Answer: A) Quantum Cryptanalysis Attack
π‘ Explanation: Quantum computers use Shorβs Algorithm to break RSA and ECC, making traditional public-key cryptography vulnerable. Post-quantum cryptanalysis examines the resilience of new cryptographic schemes.
124. What cryptographic attack exploits side-channel information such as CPU temperature changes during cryptographic operations?
A) Thermal Side-Channel Attack
B) Chosen-Plaintext Attack
C) Ciphertext Injection Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Thermal Side-Channel Attack
π‘ Explanation: Cryptographic operations generate heat patterns that can be measured to infer secret keys, making devices vulnerable to thermal analysis attacks.
125. Which attack exploits predictable behavior in block cipher padding to manipulate encrypted data?
A) Padding Exploitation Attack
B) Key Recovery Attack
C) Ciphertext-Only Attack
D) Lattice-Based Attack
β
Answer: A) Padding Exploitation Attack
π‘ Explanation: If a system does not properly validate padding (e.g., in AES-CBC), attackers can modify encrypted messages and extract plaintext through error messages.
126. What cryptographic attack exploits improper handling of expired or revoked cryptographic keys?
A) Stale Key Attack
B) Known-Plaintext Attack
C) Differential Cryptanalysis
D) Brute Force Attack
β
Answer: A) Stale Key Attack
π‘ Explanation: If expired cryptographic keys are not properly revoked, attackers can use them to decrypt past communications or forge digital signatures.
127. What attack takes advantage of weak cryptographic salts used in password hashing?
A) Weak Salt Attack
B) Rainbow Table Attack
C) Meet-in-the-Middle Attack
D) Chosen-Ciphertext Attack
β
Answer: A) Weak Salt Attack
π‘ Explanation: If salts are too short, predictable, or reused, attackers can leverage precomputed hashes to speed up password cracking attacks.
128. What attack allows an adversary to manipulate the length of an encrypted message, leading to controlled changes in the decrypted plaintext?
A) Length Manipulation Attack
B) Preimage Attack
C) Key Recovery Attack
D) Ciphertext-Only Attack
β
Answer: A) Length Manipulation Attack
π‘ Explanation: In some cryptographic schemes, modifying ciphertext length can result in predictable plaintext changes, leading to security vulnerabilities.
129. Which cryptographic attack targets key agreement protocols that fail to prevent key reuse across multiple sessions?
A) Reused Session Key Attack
B) Chosen-Plaintext Attack
C) Ciphertext Injection Attack
D) Rainbow Table Attack
β
Answer: A) Reused Session Key Attack
π‘ Explanation: If session keys are reused across multiple encrypted sessions, attackers can decrypt past messages by recovering just one session key.
130. What cryptographic attack exploits misconfigured or improperly implemented TLS Perfect Forward Secrecy (PFS) to decrypt past communications?
A) TLS Forward Secrecy Bypass Attack
B) Lattice-Based Attack
C) Meet-in-the-Middle Attack
D) Hash Collision Attack
β
Answer: A) TLS Forward Secrecy Bypass Attack
π‘ Explanation: If TLS Perfect Forward Secrecy (PFS) is improperly implemented or disabled, attackers who gain access to a long-term private key can decrypt past encrypted sessions.
131. Which cryptographic attack targets systems where cryptographic keys are stored in the cloud and accessed remotely?
A) Cloud Key Extraction Attack
B) Ciphertext-Only Attack
C) Meet-in-the-Middle Attack
D) Brute Force Attack
β
Answer: A) Cloud Key Extraction Attack
π‘ Explanation: If encryption keys are stored or transmitted insecurely in cloud environments, attackers can extract or intercept them remotely, leading to data decryption and breaches.
132. What cryptographic attack exploits weaknesses in hardware-based key storage, such as TPM (Trusted Platform Module) vulnerabilities?
A) Hardware Key Extraction Attack
B) Preimage Attack
C) Side-Channel Attack
D) Lattice-Based Attack
β
Answer: A) Hardware Key Extraction Attack
π‘ Explanation: If hardware-based key storage mechanisms (like TPMs or HSMs) have vulnerabilities, attackers can extract cryptographic keys from the hardware itself.
133. What cryptographic attack forces a system to use a weak or compromised random number generator (RNG) for key generation?
A) Forced Weak RNG Attack
B) Chosen-Plaintext Attack
C) Rainbow Table Attack
D) Hash Collision Attack
β
Answer: A) Forced Weak RNG Attack
π‘ Explanation: Some systems allow the seeding of weak random number generators, leading to predictable cryptographic keys, which attackers can brute force or precompute.
134. Which cryptographic attack exploits flaws in outdated or insecure VPN encryption protocols?
A) VPN Encryption Downgrade Attack
B) Meet-in-the-Middle Attack
C) Ciphertext-Only Attack
D) Chosen-Ciphertext Attack
β
Answer: A) VPN Encryption Downgrade Attack
π‘ Explanation: Attackers can force VPN systems to negotiate weaker encryption protocols (such as PPTP or weak IKE configurations), making them vulnerable to decryption.
135. What attack manipulates encrypted biometric authentication data to gain unauthorized access?
A) Biometric Data Injection Attack
B) Known-Plaintext Attack
C) Side-Channel Attack
D) Brute Force Attack
β
Answer: A) Biometric Data Injection Attack
π‘ Explanation: If biometric data is encrypted improperly, attackers can inject fake biometric templates (such as fingerprint or iris scans) to bypass authentication.
136. Which cryptographic attack exploits weaknesses in certificate authorities (CAs) to issue fraudulent SSL/TLS certificates?
A) Rogue Certificate Authority Attack
B) Chosen-Plaintext Attack
C) Ciphertext Injection Attack
D) Rainbow Table Attack
β
Answer: A) Rogue Certificate Authority Attack
π‘ Explanation: If a certificate authority (CA) is compromised, attackers can generate fraudulent certificates to impersonate trusted websites and conduct man-in-the-middle attacks.
137. What cryptographic attack allows an adversary to modify encrypted email messages while preserving their valid signature?
A) EFAIL Attack
B) Meet-in-the-Middle Attack
C) Known-Plaintext Attack
D) Preimage Attack
β
Answer: A) EFAIL Attack
π‘ Explanation: EFAIL exploits vulnerabilities in email encryption protocols like PGP and S/MIME, allowing attackers to inject malicious ciphertext into encrypted emails and reveal plaintext when decrypted.
138. What attack allows an attacker to downgrade a browserβs HTTPS connection to an insecure HTTP session?
A) SSL Stripping Attack
B) Differential Cryptanalysis
C) Lattice-Based Attack
D) Hash Collision Attack
β
Answer: A) SSL Stripping Attack
π‘ Explanation: SSL Stripping downgrades a secure HTTPS connection to HTTP, allowing attackers to intercept login credentials and sensitive data in plaintext.
139. What cryptographic attack takes advantage of improperly implemented cryptographic key storage in mobile applications?
A) Mobile Key Storage Exploit
B) Chosen-Ciphertext Attack
C) Ciphertext-Only Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Mobile Key Storage Exploit
π‘ Explanation: If cryptographic keys are hardcoded, stored in plaintext, or improperly secured in mobile apps, attackers can extract and use them to decrypt stored or transmitted data.
140. Which cryptographic attack exploits a system that relies on compromised or outdated digital timestamping mechanisms?
A) Timestamp Replay Attack
B) Preimage Attack
C) Quantum Cryptanalysis
D) Brute Force Attack
β
Answer: A) Timestamp Replay Attack
π‘ Explanation: Timestamp-based cryptographic mechanisms (e.g., digital signatures, blockchain, or SSL certificates) can be exploited if timestamps are reused or not properly validated, leading to security bypasses.
141. Which cryptographic attack targets blockchain transactions by manipulating transaction signatures before they are confirmed?
A) Transaction Malleability Attack
B) Ciphertext-Only Attack
C) Meet-in-the-Middle Attack
D) Brute Force Attack
β
Answer: A) Transaction Malleability Attack
π‘ Explanation: In a Transaction Malleability Attack, an attacker alters a blockchain transactionβs digital signature before it is confirmed, potentially causing duplicate transactions or fraud.
142. What attack exploits weak Bluetooth encryption to allow unauthorized interception of encrypted communication?
A) Bluetooth Key Negotiation Attack (KNOB Attack)
B) Chosen-Plaintext Attack
C) Padding Oracle Attack
D) Lattice-Based Attack
β
Answer: A) Bluetooth Key Negotiation Attack (KNOB Attack)
π‘ Explanation: The KNOB Attack forces Bluetooth devices to negotiate weak encryption keys, making it easier for attackers to decrypt Bluetooth communications.
143. What cryptographic attack forces a system to reuse weak ephemeral keys in Transport Layer Security (TLS) sessions?
A) TLS Key Reuse Attack
B) Known-Plaintext Attack
C) Ciphertext-Only Attack
D) Preimage Attack
β
Answer: A) TLS Key Reuse Attack
π‘ Explanation: If ephemeral keys are reused in TLS sessions, attackers can derive the encryption key and decrypt past or future encrypted communications.
144. Which attack allows an adversary to manipulate encrypted audio or video streams without full decryption?
A) Encrypted Media Stream Manipulation Attack
B) Meet-in-the-Middle Attack
C) Preimage Attack
D) Ciphertext Injection Attack
β
Answer: A) Encrypted Media Stream Manipulation Attack
π‘ Explanation: If a media encryption scheme does not provide integrity protection, attackers can inject or modify parts of encrypted audio/video streams, leading to manipulation.
145. What attack exploits weaknesses in hardware implementations of cryptographic algorithms to extract secret keys?
A) Fault Injection Attack
B) Hash Collision Attack
C) Differential Cryptanalysis
D) Chosen-Ciphertext Attack
β
Answer: A) Fault Injection Attack
π‘ Explanation: In a Fault Injection Attack, attackers induce power fluctuations, electromagnetic interference, or voltage spikes to force a device into revealing cryptographic secrets.
146. What cryptographic attack forces an encrypted connection to use a compromised or weak key exchange method?
A) Key Exchange Downgrade Attack
B) Quantum Cryptanalysis
C) Ciphertext Injection Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Key Exchange Downgrade Attack
π‘ Explanation: Attackers can force the negotiation of weaker key exchange algorithms (e.g., using Diffie-Hellman with small primes) to make breaking the encryption easier.
147. Which cryptographic attack allows an adversary to modify cryptographic logs to manipulate audit trails?
A) Log Tampering Attack
B) Preimage Attack
C) Known-Plaintext Attack
D) Lattice-Based Attack
β
Answer: A) Log Tampering Attack
π‘ Explanation: If cryptographic logs are not properly signed or protected, attackers can modify or delete logs, making forensic analysis and security audits unreliable.
148. What attack targets hardware encryption by extracting cryptographic keys from firmware running on embedded systems?
A) Firmware Extraction Attack
B) Hash Collision Attack
C) Differential Cryptanalysis
D) Meet-in-the-Middle Attack
β
Answer: A) Firmware Extraction Attack
π‘ Explanation: Attackers extract firmware from embedded devices to analyze hardcoded cryptographic keys, enabling device cloning or unauthorized decryption.
149. Which cryptographic attack manipulates a certificate revocation mechanism to keep a revoked certificate valid?
A) Certificate Revocation Bypass Attack
B) Chosen-Ciphertext Attack
C) Ciphertext-Only Attack
D) Preimage Attack
β
Answer: A) Certificate Revocation Bypass Attack
π‘ Explanation: If certificate revocation checks are not properly enforced, attackers can use expired or revoked certificates to impersonate secure websites or services.
150. What cryptographic attack exploits weak encryption key lifecycle management to decrypt archived encrypted files?
A) Weak Key Lifecycle Exploitation Attack
B) Meet-in-the-Middle Attack
C) Known-Plaintext Attack
D) Ciphertext Injection Attack
β
Answer: A) Weak Key Lifecycle Exploitation Attack
π‘ Explanation: If encryption keys are not properly rotated, revoked, or securely stored, attackers can use old or compromised keys to decrypt archived data.
151. What cryptographic attack allows an attacker to extract cryptographic keys by measuring the acoustic noise emitted by a computer during encryption operations?
A) Acoustic Cryptanalysis Attack
B) Preimage Attack
C) Ciphertext Injection Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Acoustic Cryptanalysis Attack
π‘ Explanation: Acoustic Cryptanalysis exploits high-frequency sounds produced by hardware components during encryption processes to extract encryption keys.
152. What cryptographic attack exploits vulnerabilities in hardware-based cryptographic accelerators to retrieve private keys?
A) Hardware Side-Channel Attack
B) Chosen-Ciphertext Attack
C) Preimage Attack
D) Key Recovery Attack
β
Answer: A) Hardware Side-Channel Attack
π‘ Explanation: If a cryptographic accelerator (e.g., AES-NI, TPM, HSM) leaks side-channel information, attackers can analyze timing, power consumption, or electromagnetic emissions to extract private keys.
153. Which attack manipulates an improperly implemented digital timestamp to forge cryptographic signatures or certificates?
A) Timestamp Manipulation Attack
B) Known-Plaintext Attack
C) Rainbow Table Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Timestamp Manipulation Attack
π‘ Explanation: If digital timestamps (used in certificates, blockchain, or authentication tokens) are not properly validated, attackers can manipulate them to bypass security restrictions.
154. What cryptographic attack exploits an adversaryβs ability to inject crafted ciphertext that, when decrypted, causes a predictable system behavior?
A) Malicious Ciphertext Injection Attack
B) Chosen-Plaintext Attack
C) Lattice-Based Attack
D) Preimage Attack
β
Answer: A) Malicious Ciphertext Injection Attack
π‘ Explanation: In this attack, an adversary injects crafted ciphertext into a system, observing how it reacts to infer encryption keys or manipulate plaintext output.
155. What cryptographic attack exploits incorrect handling of multi-factor authentication (MFA) tokens to gain unauthorized access?
A) MFA Token Bypass Attack
B) Brute Force Attack
C) Chosen-Ciphertext Attack
D) Ciphertext-Only Attack
β
Answer: A) MFA Token Bypass Attack
π‘ Explanation: If an MFA system is misconfigured or improperly verifies authentication tokens, attackers can reuse old tokens, forge new ones, or intercept valid ones to gain access.
156. Which cryptographic attack forces a system to use an outdated or weak hashing algorithm, making password cracking easier?
A) Forced Weak Hashing Attack
B) Meet-in-the-Middle Attack
C) Preimage Attack
D) Differential Cryptanalysis
β
Answer: A) Forced Weak Hashing Attack
π‘ Explanation: If attackers force an application to use weak hashing algorithms (e.g., MD5 instead of SHA-256), they can exploit collisions, precomputed attacks, or rainbow tables to recover passwords.
157. What attack enables an attacker to exploit flaws in password managers by extracting stored encryption keys?
A) Password Manager Exploit Attack
B) Known-Plaintext Attack
C) Ciphertext-Only Attack
D) Lattice-Based Attack
β
Answer: A) Password Manager Exploit Attack
π‘ Explanation: If a password manager improperly stores encryption keys or passwords, attackers can extract them through memory dumping, malware, or side-channel attacks.
158. Which cryptographic attack manipulates OAuth or SAML authentication protocols to forge or modify access tokens?
A) Token Forgery Attack
B) Preimage Attack
C) Differential Cryptanalysis
D) Brute Force Attack
β
Answer: A) Token Forgery Attack
π‘ Explanation: If OAuth or SAML tokens are not properly signed, stored, or validated, attackers can forge authentication tokens, gaining unauthorized access to applications.
159. What attack exploits outdated or insecure cryptographic APIs that allow weak key generation or encryption settings?
A) Insecure Cryptographic API Attack
B) Meet-in-the-Middle Attack
C) Chosen-Ciphertext Attack
D) Key Recovery Attack
β
Answer: A) Insecure Cryptographic API Attack
π‘ Explanation: If an application uses outdated cryptographic APIs, attackers can force it to generate weak keys, use insecure encryption modes, or disable security protections.
160. What cryptographic attack forces a blockchain network to accept fraudulent transactions by exploiting weak consensus mechanisms?
A) Blockchain Consensus Exploit Attack
B) Preimage Attack
C) Ciphertext-Only Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Blockchain Consensus Exploit Attack
π‘ Explanation: If a blockchainβs consensus mechanism (e.g., PoW, PoS) is weak, attackers can manipulate transaction validations, double-spend, or execute Sybil attacks.
161. Which cryptographic attack targets mobile payment systems by exploiting weak encryption in NFC communication?
A) NFC Relay Attack
B) Known-Plaintext Attack
C) Lattice-Based Attack
D) Ciphertext-Only Attack
β
Answer: A) NFC Relay Attack
π‘ Explanation: In an NFC Relay Attack, attackers use a device to relay NFC signals between a payment terminal and a victimβs mobile device, allowing unauthorized transactions.
162. What attack exploits weak elliptic curve cryptography (ECC) implementations to recover private keys?
A) Invalid Curve Attack
B) Chosen-Plaintext Attack
C) Ciphertext-Only Attack
D) Brute Force Attack
β
Answer: A) Invalid Curve Attack
π‘ Explanation: Invalid Curve Attacks target ECC key exchange by forcing a system to use an incorrect elliptic curve, exposing private keys.
163. What cryptographic attack exploits vulnerabilities in blockchain smart contracts, allowing unauthorized fund withdrawals?
A) Reentrancy Attack
B) Known-Plaintext Attack
C) Meet-in-the-Middle Attack
D) Ciphertext Injection Attack
β
Answer: A) Reentrancy Attack
π‘ Explanation: Reentrancy Attacks occur when a smart contract repeatedly calls itself before the initial execution is completed, allowing attackers to drain funds from the contract.
164. Which attack exploits misconfigured or weak hardware security modules (HSMs) to retrieve cryptographic keys?
A) HSM Key Extraction Attack
B) Rainbow Table Attack
C) Preimage Attack
D) Lattice-Based Attack
β
Answer: A) HSM Key Extraction Attack
π‘ Explanation: If a Hardware Security Module (HSM) is misconfigured or uses weak entropy, attackers can extract cryptographic keys, compromising encryption security.
165. What cryptographic attack allows an adversary to manipulate JWT (JSON Web Token) expiration times to bypass authentication?
A) JWT Expiry Manipulation Attack
B) Known-Plaintext Attack
C) Chosen-Ciphertext Attack
D) Meet-in-the-Middle Attack
β
Answer: A) JWT Expiry Manipulation Attack
π‘ Explanation: If JWT expiration timestamps are not properly validated or signed, attackers can modify them to extend their session indefinitely, bypassing authentication.
166. Which attack exploits weak encryption in email clients to intercept and modify encrypted emails?
A) EFAIL Attack
B) Chosen-Plaintext Attack
C) Preimage Attack
D) Ciphertext-Only Attack
β
Answer: A) EFAIL Attack
π‘ Explanation: EFAIL Attacks exploit vulnerabilities in PGP and S/MIME email encryption, allowing attackers to inject malicious ciphertext and reveal decrypted content.
167. What attack targets cryptographic signing algorithms by manipulating key exchange messages to recover private keys?
A) Key Exchange Collision Attack
B) Brute Force Attack
C) Ciphertext Injection Attack
D) Rainbow Table Attack
β
Answer: A) Key Exchange Collision Attack
π‘ Explanation: If a cryptographic signing algorithm uses non-random key exchange values, attackers can cause collisions that reveal private keys.
168. Which cryptographic attack forces an encrypted session to downgrade from a secure cipher mode to an insecure one?
A) Forced Cipher Downgrade Attack
B) Meet-in-the-Middle Attack
C) Chosen-Ciphertext Attack
D) Key Recovery Attack
β
Answer: A) Forced Cipher Downgrade Attack
π‘ Explanation: Attackers can manipulate TLS handshakes to force systems to use weak encryption algorithms, making sessions susceptible to decryption.
169. What attack targets digital forensics tools by manipulating cryptographic hashes to evade detection?
A) Hash Evasion Attack
B) Preimage Attack
C) Brute Force Attack
D) Known-Plaintext Attack
β
Answer: A) Hash Evasion Attack
π‘ Explanation: Attackers modify file contents while keeping the same hash value, bypassing forensic analysis and security monitoring tools.
170. What cryptographic attack allows an adversary to extract cryptographic keys by analyzing CPU voltage fluctuations?
A) Voltage Fault Injection Attack
B) Chosen-Plaintext Attack
C) Preimage Attack
D) Differential Cryptanalysis
β
Answer: A) Voltage Fault Injection Attack
π‘ Explanation: In Voltage Fault Injection Attacks, attackers manipulate CPU voltage levels to cause errors in cryptographic computations, leaking encryption keys.
171. Which cryptographic attack allows an adversary to intercept and manipulate cryptographic keys during their transmission over a public network?
A) Key Interception Attack
B) Ciphertext Injection Attack
C) Meet-in-the-Middle Attack
D) Known-Plaintext Attack
β
Answer: A) Key Interception Attack
π‘ Explanation: If cryptographic keys are transmitted without proper encryption or key exchange protection, attackers can intercept and modify them to decrypt sensitive communications.
172. What attack allows an adversary to forge or alter cryptographic digital certificates issued by a compromised certificate authority (CA)?
A) Rogue Certificate Authority Attack
B) Chosen-Ciphertext Attack
C) Brute Force Attack
D) Preimage Attack
β
Answer: A) Rogue Certificate Authority Attack
π‘ Explanation: If an attacker gains control over a compromised CA, they can issue fraudulent digital certificates, allowing them to impersonate legitimate websites and applications.
173. Which cryptographic attack exploits vulnerabilities in hardware-based cryptographic operations by physically tampering with a device?
A) Physical Tampering Attack
B) Ciphertext-Only Attack
C) Known-Plaintext Attack
D) Lattice-Based Attack
β
Answer: A) Physical Tampering Attack
π‘ Explanation: Attackers can manipulate hardware security modules (HSMs), smart cards, or TPMs by tampering with circuit boards, applying voltage attacks, or modifying firmware to extract cryptographic keys.
174. What attack enables an adversary to exploit a weakness in DNS over HTTPS (DoH) to bypass encrypted communication security?
A) DoH Traffic Analysis Attack
B) Meet-in-the-Middle Attack
C) Chosen-Plaintext Attack
D) Ciphertext Injection Attack
β
Answer: A) DoH Traffic Analysis Attack
π‘ Explanation: Even though DNS over HTTPS (DoH) encrypts DNS queries, attackers can analyze traffic patterns and infer user activity, bypassing privacy protections.
175. Which cryptographic attack involves an adversary modifying encrypted data at rest without needing decryption?
A) Encrypted Data Manipulation Attack
B) Preimage Attack
C) Rainbow Table Attack
D) Differential Cryptanalysis
β
Answer: A) Encrypted Data Manipulation Attack
π‘ Explanation: If data encryption does not include integrity protection, attackers can modify encrypted files or databases, leading to altered decrypted data.
176. What attack targets quantum-resistant cryptographic algorithms by exploiting side-channel vulnerabilities in their implementation?
A) Quantum Side-Channel Attack
B) Meet-in-the-Middle Attack
C) Chosen-Ciphertext Attack
D) Hash Collision Attack
β
Answer: A) Quantum Side-Channel Attack
π‘ Explanation: While quantum-resistant cryptographic algorithms are designed to withstand Shorβs Algorithm and Groverβs Algorithm, side-channel attacks (e.g., timing or power analysis) can still compromise them.
177. Which cryptographic attack allows an adversary to generate a valid cryptographic nonce without knowing the secret key?
A) Predictable Nonce Attack
B) Brute Force Attack
C) Ciphertext-Only Attack
D) Lattice-Based Attack
β
Answer: A) Predictable Nonce Attack
π‘ Explanation: If an encryption system generates nonces (number used once) in a predictable manner, attackers can exploit it to decrypt or forge encrypted messages.
178. What cryptographic attack allows an adversary to extract cryptographic keys from FPGA-based security devices?
A) FPGA Side-Channel Attack
B) Preimage Attack
C) Known-Plaintext Attack
D) Chosen-Ciphertext Attack
β
Answer: A) FPGA Side-Channel Attack
π‘ Explanation: FPGA-based cryptographic devices can leak information via power consumption, electromagnetic signals, or memory access timing, allowing attackers to extract cryptographic keys.
179. What attack allows an adversary to manipulate a public key infrastructure (PKI) system to issue unauthorized digital certificates?
A) PKI Misconfiguration Exploit
B) Ciphertext Injection Attack
C) Meet-in-the-Middle Attack
D) Preimage Attack
β
Answer: A) PKI Misconfiguration Exploit
π‘ Explanation: If a PKI system is misconfigured, attackers can request unauthorized digital certificates, allowing them to forge identities and intercept encrypted traffic.
180. What cryptographic attack forces a secure messaging application to fall back to a weaker encryption mode for backward compatibility?
A) Secure Messaging Downgrade Attack
B) Lattice-Based Attack
C) Hash Collision Attack
D) Chosen-Plaintext Attack
β
Answer: A) Secure Messaging Downgrade Attack
π‘ Explanation: Attackers can force secure messaging applications (e.g., Signal, WhatsApp, or PGP-based systems) to use weaker encryption algorithms, making messages vulnerable to decryption.
181. Which cryptographic attack exploits misconfigured access control policies to retrieve encryption keys stored in cloud environments?
A) Cloud Key Leakage Attack
B) Ciphertext-Only Attack
C) Meet-in-the-Middle Attack
D) Lattice-Based Attack
β
Answer: A) Cloud Key Leakage Attack
π‘ Explanation: If encryption keys are stored in misconfigured cloud storage (e.g., AWS S3, Azure Blob) without proper access restrictions, attackers can retrieve them and decrypt sensitive data.
182. What cryptographic attack manipulates cryptographic salts to weaken password hashing mechanisms?
A) Salt Collision Attack
B) Known-Plaintext Attack
C) Chosen-Ciphertext Attack
D) Preimage Attack
β
Answer: A) Salt Collision Attack
π‘ Explanation: If salts are too short, predictable, or reused, attackers can use precomputed hash values (like rainbow tables) to quickly crack hashed passwords.
183. Which cryptographic attack forces an application to encrypt predictable plaintext values, allowing decryption through known patterns?
A) Predictable Encryption Attack
B) Brute Force Attack
C) Ciphertext Injection Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Predictable Encryption Attack
π‘ Explanation: If an application encrypts repetitive or predictable values, attackers can analyze patterns in the ciphertext to infer plaintext values or encryption keys.
184. What cryptographic attack targets secure boot mechanisms by injecting malicious firmware before the operating system loads?
A) Secure Boot Bypass Attack
B) Preimage Attack
C) Chosen-Plaintext Attack
D) Ciphertext-Only Attack
β
Answer: A) Secure Boot Bypass Attack
π‘ Explanation: If secure boot mechanisms are misconfigured or exploited, attackers can inject unauthorized firmware, allowing malware to load before the OS security protections initialize.
185. Which attack exploits weak or compromised RSA public keys to factorize the modulus and extract private keys?
A) RSA Key Factorization Attack
B) Meet-in-the-Middle Attack
C) Brute Force Attack
D) Preimage Attack
β
Answer: A) RSA Key Factorization Attack
π‘ Explanation: If RSA public keys use weak or predictable prime factors, attackers can apply mathematical factorization techniques to recover the private key.
186. What cryptographic attack exploits poorly implemented elliptic curve cryptography (ECC) by manipulating point addition operations?
A) ECC Point Manipulation Attack
B) Ciphertext-Only Attack
C) Lattice-Based Attack
D) Brute Force Attack
β
Answer: A) ECC Point Manipulation Attack
π‘ Explanation: Insecure implementations of ECC key exchange can allow attackers to manipulate elliptic curve point addition, leading to private key recovery.
187. What attack exploits side-channel vulnerabilities in quantum cryptographic key exchange mechanisms?
A) Quantum Key Exchange Side-Channel Attack
B) Meet-in-the-Middle Attack
C) Chosen-Ciphertext Attack
D) Hash Collision Attack
β
Answer: A) Quantum Key Exchange Side-Channel Attack
π‘ Explanation: Even quantum-secured cryptographic protocols (e.g., BB84 quantum key distribution) can be attacked using timing analysis, power fluctuations, or photon eavesdropping to infer cryptographic keys.
188. Which cryptographic attack exploits key agreement protocols by introducing an unauthorized intermediary to modify key exchanges?
A) Key Agreement Manipulation Attack
B) Ciphertext Injection Attack
C) Lattice-Based Attack
D) Preimage Attack
β
Answer: A) Key Agreement Manipulation Attack
π‘ Explanation: If a key agreement protocol (e.g., Diffie-Hellman, ECDH) is not properly secured, an attacker can intercept and modify the key exchange to establish a fraudulent session.
189. What cryptographic attack allows attackers to decrypt protected PDF documents by exploiting weaknesses in PDF encryption algorithms?
A) PDF Encryption Bypass Attack
B) Known-Plaintext Attack
C) Chosen-Ciphertext Attack
D) Rainbow Table Attack
β
Answer: A) PDF Encryption Bypass Attack
π‘ Explanation: Weak or outdated PDF encryption algorithms (e.g., RC4 encryption in older PDFs) can be bypassed using brute force attacks or flaws in key derivation mechanisms.
190. Which cryptographic attack allows an adversary to manipulate digitally signed blockchain transactions without invalidating their signatures?
A) Blockchain Signature Replay Attack
B) Preimage Attack
C) Meet-in-the-Middle Attack
D) Brute Force Attack
β
Answer: A) Blockchain Signature Replay Attack
π‘ Explanation: If a blockchain transaction is signed without unique session identifiers, an attacker can replay a valid transaction multiple times, leading to double-spending or unintended transfers.
191. Which cryptographic attack involves modifying signed firmware updates to inject malicious code while maintaining a valid signature?
A) Firmware Signature Spoofing Attack
B) Known-Plaintext Attack
C) Chosen-Ciphertext Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Firmware Signature Spoofing Attack
π‘ Explanation: If firmware signature verification is weak or improperly implemented, attackers can modify updates while keeping the signature intact, allowing malicious firmware execution.
192. What cryptographic attack exploits insecure session key generation in TLS to decrypt HTTPS traffic?
A) TLS Session Key Extraction Attack
B) Ciphertext-Only Attack
C) Brute Force Attack
D) Lattice-Based Attack
β
Answer: A) TLS Session Key Extraction Attack
π‘ Explanation: If TLS session keys are generated using predictable entropy, attackers can recover session keys and decrypt HTTPS traffic using offline attacks.
193. Which attack exploits a vulnerability in token-based authentication systems by stealing and reusing expired access tokens?
A) Token Replay Attack
B) Meet-in-the-Middle Attack
C) Preimage Attack
D) Ciphertext Injection Attack
β
Answer: A) Token Replay Attack
π‘ Explanation: If authentication tokens are not properly invalidated after use, attackers can steal and reuse them to access systems without re-authentication.
194. What attack exploits weaknesses in password hashing schemes that use reversible encryption instead of one-way hashing?
A) Reversible Hash Exploitation Attack
B) Chosen-Plaintext Attack
C) Known-Plaintext Attack
D) Rainbow Table Attack
β
Answer: A) Reversible Hash Exploitation Attack
π‘ Explanation: If passwords are stored using reversible encryption instead of secure hashing (e.g., bcrypt, PBKDF2, Argon2), attackers can decrypt and recover plaintext passwords.
195. What cryptographic attack allows attackers to gain access to SSH private keys stored in improperly secured cloud instances?
A) SSH Key Leakage Attack
B) Chosen-Ciphertext Attack
C) Meet-in-the-Middle Attack
D) Preimage Attack
β
Answer: A) SSH Key Leakage Attack
π‘ Explanation: If SSH private keys are hardcoded in cloud instances, stored in public repositories, or left unprotected in logs, attackers can retrieve them to gain unauthorized access to servers.
196. Which cryptographic attack allows an adversary to manipulate encrypted logs by exploiting weak hashing or encryption mechanisms?
A) Log File Tampering Attack
B) Ciphertext-Only Attack
C) Differential Cryptanalysis
D) Chosen-Plaintext Attack
β
Answer: A) Log File Tampering Attack
π‘ Explanation: If log files use weak encryption or unsigned hashing, attackers can modify records to erase evidence, mislead forensic investigations, or insert false logs.
197. What attack targets homomorphic encryption by analyzing computation patterns to extract sensitive data?
A) Homomorphic Side-Channel Attack
B) Meet-in-the-Middle Attack
C) Lattice-Based Attack
D) Ciphertext Injection Attack
β
Answer: A) Homomorphic Side-Channel Attack
π‘ Explanation: Homomorphic encryption allows computations on encrypted data, but side-channel attacks can reveal input patterns or infer secret values through power and timing analysis.
198. Which cryptographic attack forces a cryptographic library to operate in an insecure mode by exploiting misconfigurations or weak parameters?
A) Weak Library Configuration Attack
B) Preimage Attack
C) Chosen-Ciphertext Attack
D) Brute Force Attack
β
Answer: A) Weak Library Configuration Attack
π‘ Explanation: If cryptographic libraries default to weak settings (e.g., low-bit RSA keys, weak random number generators, or outdated cipher suites), attackers can force insecure encryption.
199. What cryptographic attack allows an adversary to exploit smart card vulnerabilities to extract encryption keys?
A) Smart Card Key Extraction Attack
B) Known-Plaintext Attack
C) Ciphertext-Only Attack
D) Meet-in-the-Middle Attack
β
Answer: A) Smart Card Key Extraction Attack
π‘ Explanation: Smart cards store encryption keys securely, but side-channel attacks, fault injection, and reverse engineering can reveal private keys used in encryption.
200. What attack allows an adversary to inject malicious cryptographic certificates into a browserβs trusted root store?
A) Root Certificate Injection Attack
B) Chosen-Plaintext Attack
C) Lattice-Based Attack
D) Ciphertext Injection Attack
β
Answer: A) Root Certificate Injection Attack
π‘ Explanation: If a system trusts an unauthorized root certificate, attackers can conduct man-in-the-middle attacks by issuing fraudulent TLS/SSL certificates, intercepting and decrypting traffic.