Question 1
Which encryption algorithm is considered the most secure for symmetric encryption in modern cryptographic systems?
A) DES
B) 3DES
C) AES
D) RSA
Answer: C) AES
Explanation: AES (Advanced Encryption Standard) is widely used for symmetric encryption due to its strong security, efficiency, and resistance to cryptanalysis. It supports 128, 192, and 256-bit key lengths, making it superior to older algorithms like DES and 3DES.
Question 2
Which key size is most commonly recommended for AES encryption in high-security applications?
A) 64-bit
B) 128-bit
C) 192-bit
D) 256-bit
Answer: D) 256-bit
Explanation: AES-256 is preferred in high-security applications due to its longer key length, making brute-force attacks impractical with current computing power.
Question 3
Which encryption mode is generally NOT recommended due to predictable ciphertext patterns?
A) CBC
B) GCM
C) ECB
D) CTR
Answer: C) ECB
Explanation: ECB (Electronic Codebook) mode encrypts identical plaintext blocks into identical ciphertext blocks, making it vulnerable to pattern analysis attacks. Modes like CBC, GCM, and CTR add randomness (IV or nonce) to prevent this issue.
Question 4
Which type of cryptographic attack is mitigated by using an Initialization Vector (IV)?
A) Brute force attack
B) Padding oracle attack
C) Replay attack
D) Ciphertext pattern analysis
Answer: D) Ciphertext pattern analysis
Explanation: An IV ensures that identical plaintext blocks encrypt to different ciphertexts, preventing pattern recognition attacks like those affecting ECB mode.
Question 5
Which of the following is a public key encryption algorithm?
A) AES
B) DES
C) RSA
D) ChaCha20
Answer: C) RSA
Explanation: RSA is an asymmetric encryption algorithm that uses a public-private key pair, while AES, DES, and ChaCha20 are symmetric encryption methods.
Question 6
Why is RSA encryption not recommended for encrypting large amounts of data?
A) It is too weak
B) It is computationally expensive
C) It requires a shared secret
D) It does not support key exchange
Answer: B) It is computationally expensive
Explanation: RSA encryption is slow for large data, so it is often used to encrypt symmetric keys (e.g., AES keys) instead of entire messages.
Question 7
Which key exchange algorithm is commonly used alongside RSA for secure communication?
A) SHA-256
B) ECDSA
C) Diffie-Hellman
D) HMAC
Answer: C) Diffie-Hellman
Explanation: Diffie-Hellman allows two parties to securely exchange cryptographic keys over an insecure channel and is often used with RSA for secure key exchange.
Question 8
Which property ensures that encrypted data cannot be altered without detection?
A) Confidentiality
B) Integrity
C) Authentication
D) Anonymity
Answer: B) Integrity
Explanation: Integrity ensures that data remains unmodified. Cryptographic techniques like HMAC and digital signatures are used to detect alterations.
Question 9
Which of the following is a modern alternative to AES for high-performance symmetric encryption?
A) RC4
B) Blowfish
C) ChaCha20
D) DES
Answer: C) ChaCha20
Explanation: ChaCha20 is a stream cipher known for its speed and security, making it a good alternative to AES, especially in mobile and low-power environments.
Question 10
Which hashing algorithm is considered insecure due to collisions?
A) SHA-1
B) SHA-256
C) SHA-512
D) Argon2
Answer: A) SHA-1
Explanation: SHA-1 has known collision vulnerabilities, meaning two different inputs can produce the same hash. Modern systems use SHA-256, SHA-512, or Argon2.
Question 11
Which encryption method is typically used for securing passwords?
A) AES
B) RSA
C) PBKDF2
D) DES
Answer: C) PBKDF2
Explanation: PBKDF2 (Password-Based Key Derivation Function 2) is designed for securely storing passwords by making brute-force attacks computationally expensive.
Question 12
Which of the following is not a recommended practice for key management?
A) Using hardcoded keys in source code
B) Using a secure key vault
C) Using hardware security modules (HSMs)
D) Rotating keys periodically
Answer: A) Using hardcoded keys in source code
Explanation: Hardcoding keys exposes them to attackers. Secure key management solutions like key vaults and HSMs prevent unauthorized access.
Question 13
Which encryption mode provides both confidentiality and authentication?
A) CBC
B) ECB
C) GCM
D) OFB
Answer: C) GCM
Explanation: GCM (Galois/Counter Mode) provides authenticated encryption by incorporating an authentication tag, preventing tampering.
Question 14
Which algorithm is used for digital signatures?
A) AES
B) SHA-256
C) RSA
D) ChaCha20
Answer: C) RSA
Explanation: RSA can be used for digital signatures, ensuring message integrity and authenticity.
Question 15
Which protocol is used to secure web communications via encryption?
A) SSH
B) SSL/TLS
C) FTP
D) Telnet
Answer: B) SSL/TLS
Explanation: TLS (previously SSL) encrypts data in transit, securing web communications over HTTPS.
Question 16
What is the main advantage of Elliptic Curve Cryptography (ECC) over RSA?
A) Faster encryption speed
B) Requires shorter keys for the same security level
C) More resistant to side-channel attacks
D) Uses symmetric encryption
Answer: B) Requires shorter keys for the same security level
Explanation: ECC provides strong security with shorter key lengths compared to RSA, reducing computational overhead.
Question 17
Which cryptographic attack exploits weak randomness in key generation?
A) Side-channel attack
B) Birthday attack
C) Key recovery attack
D) Predictable key attack
Answer: D) Predictable key attack
Explanation: Weak randomness in key generation can make keys predictable, allowing attackers to guess or derive them.
Question 18
Which encryption technique is best suited for securing sensitive data stored on a database?
A) Hashing
B) Symmetric encryption (AES)
C) Asymmetric encryption (RSA)
D) Base64 encoding
Answer: B) Symmetric encryption (AES)
Explanation: AES is commonly used to encrypt stored data, ensuring confidentiality. Hashing is used for passwords, not for encrypting retrievable data.
Question 19
Which of the following is a common mistake in implementing encryption?
A) Using AES-256
B) Reusing IVs in CBC mode
C) Using key stretching
D) Using authenticated encryption
Answer: B) Reusing IVs in CBC mode
Explanation: Reusing IVs can lead to vulnerabilities in encryption schemes, as it may expose patterns in ciphertext.
Question 20
Which of the following is a widely recommended algorithm for encrypting API secrets?
A) AES-GCM
B) RC4
C) DES
D) MD5
Answer: A) AES-GCM
Explanation: AES-GCM provides strong encryption with authentication, making it ideal for securing API secrets.
Question 21
Which of the following is a best practice for securely storing encryption keys?
A) Storing them in the database alongside encrypted data
B) Using environment variables in plain text
C) Storing them in a secure key management system (KMS)
D) Hardcoding them in the application code
Answer: C) Storing them in a secure key management system (KMS)
Explanation: Secure key management systems (KMS) such as AWS KMS, HashiCorp Vault, or HSMs provide secure storage and access controls for encryption keys, preventing unauthorized access.
Question 22
Which of the following algorithms is specifically designed for password hashing and is recommended for secure password storage?
A) SHA-256
B) MD5
C) Argon2
D) AES-256
Answer: C) Argon2
Explanation: Argon2 is a modern password hashing algorithm designed to resist brute-force attacks by incorporating time and memory-hard functions, making it more secure than traditional hashing algorithms like SHA-256 and MD5.
Question 23
Which encryption technique is most suitable for securing data in transit over the internet?
A) AES-ECB
B) TLS (Transport Layer Security)
C) Base64 encoding
D) RSA-1024
Answer: B) TLS (Transport Layer Security)
Explanation: TLS is used to encrypt data in transit, securing communications over HTTPS and preventing interception by attackers.
Question 24
What is the primary weakness of the Diffie-Hellman key exchange algorithm?
A) It is vulnerable to brute-force attacks
B) It requires both parties to use the same private key
C) It is susceptible to man-in-the-middle (MITM) attacks if not authenticated
D) It does not support large key sizes
Answer: C) It is susceptible to man-in-the-middle (MITM) attacks if not authenticated
Explanation: Diffie-Hellman does not provide authentication, allowing an attacker to intercept and modify key exchanges unless used with an additional authentication mechanism (e.g., digital signatures).
Question 25
Which of the following is a lightweight, fast encryption algorithm suitable for mobile and IoT devices?
A) AES-GCM
B) RSA-2048
C) Blowfish
D) ChaCha20
Answer: D) ChaCha20
Explanation: ChaCha20 is a stream cipher optimized for speed and efficiency on resource-constrained devices, making it ideal for mobile and IoT security applications.
Question 26
What is the purpose of a salt in password hashing?
A) To make hashes faster to compute
B) To prevent hash collisions
C) To make brute-force and rainbow table attacks more difficult
D) To encrypt passwords before hashing
Answer: C) To make brute-force and rainbow table attacks more difficult
Explanation: A salt is a random value added to a password before hashing, ensuring that identical passwords generate unique hash values, preventing precomputed attack techniques like rainbow tables.
Question 27
Which cryptographic principle ensures that a sender cannot deny having sent a message?
A) Confidentiality
B) Integrity
C) Non-repudiation
D) Anonymity
Answer: C) Non-repudiation
Explanation: Non-repudiation ensures that the sender of a message cannot later deny sending it, typically achieved using digital signatures.
Question 28
Which cryptographic algorithm is best suited for securing email communications using digital signatures?
A) AES
B) RSA
C) SHA-1
D) MD5
Answer: B) RSA
Explanation: RSA is commonly used for digital signatures in email security protocols like PGP and S/MIME to verify sender authenticity and integrity.
Question 29
What is the purpose of Padding in encryption algorithms like AES?
A) To add extra security
B) To align the plaintext to the required block size
C) To slow down encryption operations
D) To compress data before encryption
Answer: B) To align the plaintext to the required block size
Explanation: Block ciphers like AES require plaintext to be of a fixed block size. Padding schemes like PKCS#7 ensure that data aligns properly.
Question 30
Which of the following is a quantum-resistant encryption algorithm?
A) RSA-4096
B) AES-256
C) ECC-384
D) Lattice-based cryptography
Answer: D) Lattice-based cryptography
Explanation: Lattice-based cryptography is being researched as a post-quantum encryption method that remains secure even against quantum computing threats.
Question 31
Which attack exploits improper padding validation in encryption schemes?
A) Brute force attack
B) Padding oracle attack
C) Timing attack
D) Meet-in-the-middle attack
Answer: B) Padding oracle attack
Explanation: Padding oracle attacks occur when an attacker can determine whether padding is valid or invalid, allowing them to decrypt messages without knowing the key.
Question 32
Which of the following should never be encrypted using asymmetric encryption like RSA?
A) SSL/TLS certificates
B) Passwords
C) Small messages
D) Session keys
Answer: B) Passwords
Explanation: Passwords should be hashed, not encrypted. Encryption can be reversed, whereas hashing is one-way.
Question 33
Which of the following best protects against brute-force attacks?
A) Increasing encryption key size
B) Using longer passwords
C) Rate-limiting and account lockouts
D) Using a weaker hash algorithm
Answer: C) Rate-limiting and account lockouts
Explanation: Implementing rate limits, account lockouts, and CAPTCHAs helps prevent attackers from continuously attempting password guesses.
Question 34
Which cryptographic attack is based on analyzing power consumption during encryption operations?
A) Side-channel attack
B) Chosen ciphertext attack
C) Dictionary attack
D) Timing attack
Answer: A) Side-channel attack
Explanation: Side-channel attacks exploit physical information leaks (such as power consumption, electromagnetic emissions, or execution time) to infer encryption keys.
Question 35
Which key size is the minimum recommended for RSA encryption today?
A) 512-bit
B) 1024-bit
C) 2048-bit
D) 8192-bit
Answer: C) 2048-bit
Explanation: RSA keys below 2048-bit are considered weak due to advancements in computational power. 2048-bit or higher is recommended.
Question 36
Which encryption algorithm is used in Bitcoin and blockchain technology?
A) AES
B) SHA-256
C) Blowfish
D) RSA
Answer: B) SHA-256
Explanation: SHA-256 is used in Bitcoin mining and blockchain hashing to secure transaction data.
Question 37
Which type of encryption is commonly used for encrypting file systems like BitLocker and VeraCrypt?
A) RSA
B) AES
C) DES
D) MD5
Answer: B) AES
Explanation: AES encryption is used in full-disk encryption solutions like BitLocker, FileVault, and VeraCrypt due to its strength and efficiency.
Question 38
Which of the following is a widely used hashing function for file integrity verification?
A) AES
B) SHA-256
C) RSA
D) ECC
Answer: B) SHA-256
Explanation: SHA-256 is used in checksum verification and digital signatures to ensure data integrity.
Question 39
Which protocol is used for end-to-end encryption in messaging apps like WhatsApp and Signal?
A) TLS
B) Signal Protocol
C) PGP
D) DES
Answer: B) Signal Protocol
Explanation: The Signal Protocol is used in WhatsApp, Signal, and other messaging apps to ensure end-to-end encryption of conversations.
Question 40
Which of the following is a major risk of improper key management?
A) Increased encryption speed
B) Key compromise and data breaches
C) Stronger encryption
D) Faster authentication
Answer: B) Key compromise and data breaches
Explanation: Poor key management can lead to exposed encryption keys, making encrypted data vulnerable to unauthorized decryption.
Question 41
What is the primary purpose of a cryptographic nonce?
A) To increase encryption speed
B) To prevent replay attacks
C) To compress encrypted data
D) To generate encryption keys
Answer: B) To prevent replay attacks
Explanation: A nonce (number used once) is a unique value used to ensure that an encrypted message is not reused or replayed, preventing replay attacks in cryptographic protocols.
Question 42
Which of the following statements about homomorphic encryption is true?
A) It allows computations to be performed on encrypted data without decryption
B) It is the fastest encryption algorithm available
C) It does not require a key to function
D) It is mainly used for hashing passwords
Answer: A) It allows computations to be performed on encrypted data without decryption
Explanation: Homomorphic encryption enables computations on encrypted data without decrypting it, making it useful for secure cloud computing and privacy-preserving applications.
Question 43
Which encryption method is most suitable for securing stored API keys?
A) AES-GCM
B) RSA-1024
C) MD5
D) SHA-1
Answer: A) AES-GCM
Explanation: AES-GCM provides both encryption and authentication, making it ideal for securely storing API keys and other sensitive data.
Question 44
Which of the following is a secure password storage method?
A) Hashing with SHA-256 without a salt
B) Encrypting passwords using AES
C) Using PBKDF2, bcrypt, or Argon2 with a salt
D) Storing plain-text passwords in a database
Answer: C) Using PBKDF2, bcrypt, or Argon2 with a salt
Explanation: PBKDF2, bcrypt, and Argon2 are designed for secure password hashing, using salting and key stretching to prevent brute-force attacks.
Question 45
Which of the following encryption algorithms is best suited for low-power IoT devices?
A) RSA-2048
B) AES-256
C) ChaCha20
D) SHA-512
Answer: C) ChaCha20
Explanation: ChaCha20 is a fast, secure, and lightweight encryption algorithm, making it suitable for IoT devices with low processing power.
Question 46
Which attack exploits timing variations in cryptographic operations to extract secret keys?
A) Rainbow table attack
B) Timing attack
C) Brute-force attack
D) Birthday attack
Answer: B) Timing attack
Explanation: A timing attack analyzes the time taken for cryptographic operations to infer private keys, often targeting RSA and ECC implementations.
Question 47
What is key stretching, and why is it used?
A) A method to extend the length of encryption keys
B) A technique to slow down brute-force attacks on passwords
C) A way to generate multiple keys from a single master key
D) A compression technique for cryptographic data
Answer: B) A technique to slow down brute-force attacks on passwords
Explanation: Key stretching is used in password hashing (e.g., PBKDF2, bcrypt, Argon2) to make brute-force attacks computationally expensive by increasing hashing iterations.
Question 48
Which cryptographic technique ensures that two parties can securely establish a shared secret over an insecure channel?
A) AES-GCM
B) Diffie-Hellman key exchange
C) SHA-256
D) RSA digital signatures
Answer: B) Diffie-Hellman key exchange
Explanation: Diffie-Hellman key exchange allows two parties to securely agree on a shared encryption key without directly transmitting it.
Question 49
What is a primary advantage of using elliptic curve cryptography (ECC) over RSA?
A) ECC keys are shorter for the same security level
B) ECC is faster for symmetric encryption
C) ECC is less secure than RSA
D) ECC does not require private keys
Answer: A) ECC keys are shorter for the same security level
Explanation: ECC provides the same security as RSA but with much shorter keys, reducing computational requirements while maintaining security.
Question 50
What is a Hybrid Cryptosystem?
A) A system that combines both symmetric and asymmetric encryption
B) A system that encrypts and hashes data simultaneously
C) A system that uses both digital signatures and hashing
D) A system that uses encryption without keys
Answer: A) A system that combines both symmetric and asymmetric encryption
Explanation: Hybrid cryptosystems use asymmetric encryption (RSA, ECC) for key exchange and symmetric encryption (AES, ChaCha20) for data encryption, combining security and efficiency.
Question 51
Which encryption method is best for encrypting data at rest in a database?
A) RSA
B) AES
C) SHA-256
D) Diffie-Hellman
Answer: B) AES
Explanation: AES is optimized for encrypting large data and is the preferred choice for encrypting data stored in databases and file systems.
Question 52
Which protocol is used for secure shell (SSH) connections?
A) RSA
B) AES-GCM
C) TLS
D) SSH-2
Answer: D) SSH-2
Explanation: SSH-2 is the most widely used secure shell protocol, encrypting data transfers and authentication for secure remote access.
Question 53
What is the role of a Certificate Authority (CA) in cryptography?
A) To generate symmetric encryption keys
B) To authenticate the identity of entities in public key infrastructure (PKI)
C) To encrypt SSL/TLS traffic
D) To replace digital signatures
Answer: B) To authenticate the identity of entities in public key infrastructure (PKI)
Explanation: A CA issues digital certificates that authenticate identities and enable secure TLS/SSL communications.
Question 54
What does Perfect Forward Secrecy (PFS) provide in encryption?
A) Ensures that past communications remain secure even if a private key is compromised
B) Encrypts data without requiring a key
C) Increases encryption speed
D) Prevents brute-force attacks
Answer: A) Ensures that past communications remain secure even if a private key is compromised
Explanation: PFS generates a unique session key for each session, preventing past encrypted messages from being decrypted even if long-term private keys are compromised.
Question 55
Which hashing algorithm is recommended for verifying file integrity?
A) RSA
B) SHA-3
C) AES
D) ECC
Answer: B) SHA-3
Explanation: SHA-3 is a secure cryptographic hash function used for ensuring file integrity and preventing data tampering.
Question 56
Which of the following is a common vulnerability in weak encryption implementations?
A) Using AES with 256-bit keys
B) Reusing the same encryption key for multiple purposes
C) Using authenticated encryption
D) Using long salt values in password hashing
Answer: B) Reusing the same encryption key for multiple purposes
Explanation: Key reuse weakens security because an attacker can analyze patterns over time, making decryption easier.
Question 57
Which attack attempts to recover cryptographic keys by analyzing electromagnetic emissions?
A) Dictionary attack
B) Timing attack
C) TEMPEST attack
D) Chosen ciphertext attack
Answer: C) TEMPEST attack
Explanation: A TEMPEST attack exploits electromagnetic emissions from electronic devices to extract cryptographic keys.
Question 58
What is a rainbow table attack?
A) An attack that exploits weak random number generators
B) An attack that uses precomputed hashes to crack passwords
C) An attack that targets asymmetric encryption
D) A brute-force attack on encryption keys
Answer: B) An attack that uses precomputed hashes to crack passwords
Explanation: Rainbow tables store precomputed hash values to quickly crack weak or unsalted password hashes.
Question 59
Which encryption standard is used by the U.S. government for classified information?
A) Blowfish
B) AES
C) RC4
D) DES
Answer: B) AES
Explanation: AES (Advanced Encryption Standard) is the official encryption standard used by the U.S. government for securing classified and sensitive information, replacing the older DES algorithm.
Question 60
Which cryptographic attack exploits weak random number generators used in key generation?
A) Meet-in-the-middle attack
B) Replay attack
C) Predictable key attack
D) Known plaintext attack
Answer: C) Predictable key attack
Explanation: Predictable key attacks occur when cryptographic key generation relies on weak or poorly seeded random number generators, making key values easier to guess.
Question 61
Which of the following cryptographic techniques provides data integrity but not confidentiality?
A) AES-256
B) RSA encryption
C) SHA-256 hashing
D) Elliptic Curve Cryptography (ECC)
Answer: C) SHA-256 hashing
Explanation: SHA-256 is a hashing algorithm that ensures data integrity by producing a fixed-length hash, but it does not provide confidentiality since it does not encrypt data.
Question 62
Which of the following encryption schemes is most vulnerable to a chosen ciphertext attack if implemented incorrectly?
A) AES-GCM
B) RSA with PKCS#1 v1.5 padding
C) ChaCha20-Poly1305
D) Diffie-Hellman key exchange
Answer: B) RSA with PKCS#1 v1.5 padding
Explanation: RSA with PKCS#1 v1.5 padding is vulnerable to Bleichenbacher’s chosen ciphertext attack, which allows attackers to decrypt messages without knowing the private key.
Question 63
What is the main risk of using ECB mode in AES encryption?
A) Slow encryption speed
B) High computational requirements
C) Identical plaintext blocks produce identical ciphertext blocks
D) Key exchange issues
Answer: C) Identical plaintext blocks produce identical ciphertext blocks
Explanation: ECB mode encrypts identical plaintext blocks into identical ciphertext blocks, making it vulnerable to pattern analysis attacks.
Question 64
Which cryptographic attack compares different encrypted versions of the same plaintext to find patterns?
A) Chosen ciphertext attack
B) Frequency analysis attack
C) Brute-force attack
D) Ciphertext-only attack
Answer: B) Frequency analysis attack
Explanation: Frequency analysis identifies patterns in ciphertext by comparing the frequency of characters or words, often used against classical ciphers.
Question 65
Which property of a cryptographic hash function ensures that even a small change in input results in a significantly different output?
A) Collision resistance
B) Avalanche effect
C) Key stretching
D) Asymmetry
Answer: B) Avalanche effect
Explanation: The avalanche effect ensures that small changes in input result in completely different hash outputs, increasing security.
Question 66
Which cryptographic technique is not commonly used for securing REST API communications?
A) HMAC authentication
B) AES encryption
C) JWT (JSON Web Tokens)
D) MD5 hashing
Answer: D) MD5 hashing
Explanation: MD5 is considered insecure due to collision vulnerabilities and should not be used for securing API communications.
Question 67
Which of the following is not a post-quantum cryptographic algorithm?
A) Lattice-based cryptography
B) RSA-4096
C) Hash-based cryptography
D) Multivariate polynomial cryptography
Answer: B) RSA-4096
Explanation: RSA-4096 is not quantum-safe, as quantum computers could break it using Shor’s algorithm, whereas lattice-based and hash-based cryptography offer quantum resistance.
Question 68
What is the primary purpose of salting in password hashing?
A) To speed up the hashing process
B) To generate stronger encryption keys
C) To ensure that identical passwords have unique hash outputs
D) To compress password hashes for storage efficiency
Answer: C) To ensure that identical passwords have unique hash outputs
Explanation: Salting adds randomness to passwords before hashing, preventing rainbow table and hash collision attacks.
Question 69
Which attack exploits the lack of authentication in Diffie-Hellman key exchange?
A) Man-in-the-middle (MITM) attack
B) Side-channel attack
C) Known plaintext attack
D) Padding oracle attack
Answer: A) Man-in-the-middle (MITM) attack
Explanation: Diffie-Hellman key exchange lacks built-in authentication, making it vulnerable to MITM attacks, where an attacker intercepts and alters key exchanges.
Question 70
Which of the following is not a valid reason for using asymmetric encryption?
A) Secure key exchange
B) Digital signatures
C) Encrypting large amounts of data efficiently
D) Ensuring non-repudiation
Answer: C) Encrypting large amounts of data efficiently
Explanation: Asymmetric encryption (e.g., RSA, ECC) is slow for encrypting large data, so it is mainly used for key exchange and digital signatures.
Question 71
Which protocol uses hybrid encryption to secure web traffic?
A) FTP
B) TLS
C) HTTP
D) SSH
Answer: B) TLS
Explanation: TLS (Transport Layer Security) uses hybrid encryption—asymmetric encryption for key exchange and symmetric encryption for data transfer.
Question 72
What is a zero-knowledge proof used for in cryptography?
A) Encrypting data without using keys
B) Proving knowledge of a secret without revealing it
C) Generating secure random numbers
D) Enhancing brute-force attacks
Answer: B) Proving knowledge of a secret without revealing it
Explanation: Zero-knowledge proofs (ZKPs) allow one party to prove that they know a secret without revealing the secret itself, commonly used in authentication and blockchain privacy protocols.
Question 73
Which encryption algorithm is commonly used for wireless network security?
A) RSA
B) AES-CCMP
C) RC4
D) DES
Answer: B) AES-CCMP
Explanation: AES-CCMP is used in WPA2/WPA3 wireless security protocols to encrypt Wi-Fi network traffic securely.
Question 74
Which of the following is a key exchange method used in TLS 1.3?
A) RSA key exchange
B) Static Diffie-Hellman
C) Ephemeral Elliptic Curve Diffie-Hellman (ECDHE)
D) MD5-based key derivation
Answer: C) Ephemeral Elliptic Curve Diffie-Hellman (ECDHE)
Explanation: TLS 1.3 uses ECDHE for secure key exchange, eliminating static RSA and static Diffie-Hellman to enhance forward secrecy.
Question 75
Which of the following techniques helps protect stored encryption keys from hardware-based attacks?
A) Hardcoding keys in source code
B) Using a Hardware Security Module (HSM)
C) Storing keys in plaintext
D) Using MD5 hashing
Answer: B) Using a Hardware Security Module (HSM)
Explanation: An HSM (Hardware Security Module) securely stores encryption keys, protecting them from hardware-based attacks and key extraction attempts.
Question 76
Which cryptographic algorithm is commonly used in blockchain technology to create digital signatures?
A) RSA
B) ECDSA
C) AES
D) RC4
Answer: B) ECDSA
Explanation: Elliptic Curve Digital Signature Algorithm (ECDSA) is widely used in blockchains (e.g., Bitcoin, Ethereum) to verify transactions securely.
Question 77
Which of the following is a common mistake in implementing cryptographic random number generators?
A) Using a hardware-based random number generator
B) Using a cryptographically secure pseudo-random number generator (CSPRNG)
C) Using rand() from the C standard library
D) Using /dev/urandom for key generation
Answer: C) Using rand() from the C standard library
Explanation: The rand() function is not cryptographically secure and should not be used for key generation or security-sensitive operations.
Question 78
Which attack targets incorrect padding implementations in cryptographic systems?
A) Birthday attack
B) Padding oracle attack
C) Known plaintext attack
D) Chosen ciphertext attack
Answer: B) Padding oracle attack
Explanation: Padding oracle attacks exploit improperly handled padding errors in encryption schemes like AES-CBC, allowing attackers to decrypt messages.
Question 79
Which key derivation function is recommended for deriving cryptographic keys from passwords?
A) PBKDF2
B) AES-ECB
C) SHA-1
D) DES
Answer: A) PBKDF2
Explanation: PBKDF2 (Password-Based Key Derivation Function 2) is used to derive encryption keys securely from user passwords, making brute-force attacks difficult.
Question 80
Which of the following is a post-quantum cryptography approach?
A) AES-256
B) Lattice-based cryptography
C) RSA-4096
D) SHA-256
Answer: B) Lattice-based cryptography
Explanation: Lattice-based cryptography is one of the leading quantum-resistant encryption methods, as it remains secure against attacks using quantum computers.
Question 81
Which encryption method is used in disk encryption solutions like BitLocker and VeraCrypt?
A) ECC
B) AES-XTS
C) RC4
D) RSA
Answer: B) AES-XTS
Explanation: AES-XTS (XEX-based Tweaked CodeBook Mode with Ciphertext Stealing) is optimized for full-disk encryption, ensuring secure storage.
Question 82
Which protocol is primarily used for email encryption?
A) SSH
B) PGP/GPG
C) TLS
D) SFTP
Answer: B) PGP/GPG
Explanation: Pretty Good Privacy (PGP) / GnuPG (GPG) is used to encrypt and digitally sign emails, providing confidentiality and authenticity.
Question 83
What is a side-channel attack in cryptography?
A) An attack that exploits vulnerabilities in key exchange algorithms
B) An attack that analyzes non-cryptographic data (e.g., power usage, timing, EM emissions)
C) A brute-force attack on encrypted data
D) An attack that targets weak passwords
Answer: B) An attack that analyzes non-cryptographic data (e.g., power usage, timing, EM emissions)
Explanation: Side-channel attacks extract cryptographic keys by analyzing physical characteristics like power consumption, timing, and electromagnetic radiation during encryption operations.
Question 84
Which technique is used to securely erase sensitive data from storage devices?
A) AES encryption
B) Secure wiping algorithms (e.g., DoD 5220.22-M, Gutmann method)
C) Hashing with SHA-256
D) Compressing the data
Answer: B) Secure wiping algorithms (e.g., DoD 5220.22-M, Gutmann method)
Explanation: Secure wiping algorithms overwrite stored data multiple times to ensure irrecoverability, preventing forensic recovery.
Question 85
Which encryption standard is used in TLS 1.3 for securing web traffic?
A) DES
B) AES-GCM
C) RC4
D) SHA-1
Answer: B) AES-GCM
Explanation: AES-GCM is the preferred encryption mode in TLS 1.3, providing both encryption and authentication for secure web communications.
Question 86
Which cryptographic concept ensures that different inputs will always produce different hash outputs?
A) Key exchange
B) Collision resistance
C) Symmetric encryption
D) Cipher block chaining
Answer: B) Collision resistance
Explanation: Collision resistance ensures that no two different inputs will generate the same cryptographic hash output, preventing hash collisions.
Question 87
Which encryption method is used to protect DNS queries from interception and manipulation?
A) SSL
B) DNSSEC
C) SHA-1
D) RSA-1024
Answer: B) DNSSEC
Explanation: DNS Security Extensions (DNSSEC) provide authentication and integrity protection for DNS responses, preventing attacks like DNS spoofing.
Question 88
Which cryptographic function is best suited for ensuring message authenticity?
A) Hashing with SHA-256
B) AES encryption
C) HMAC (Hashed Message Authentication Code)
D) Public key encryption
Answer: C) HMAC (Hashed Message Authentication Code)
Explanation: HMAC provides message integrity and authenticity, ensuring that messages are not tampered with during transmission.
Question 89
Which cryptographic vulnerability allows attackers to recover encryption keys by analyzing power consumption?
A) Chosen plaintext attack
B) Power analysis attack
C) Meet-in-the-middle attack
D) Rainbow table attack
Answer: B) Power analysis attack
Explanation: Power analysis attacks (a type of side-channel attack) analyze power fluctuations during encryption operations to infer encryption keys.
Question 90
Which cryptographic principle ensures that an attacker cannot reverse one-way hash functions?
A) Avalanche effect
B) Key stretching
C) Pre-image resistance
D) Asymmetric encryption
Answer: C) Pre-image resistance
Explanation: Pre-image resistance ensures that a hash function cannot be reversed to recover the original input, making it secure against brute-force attempts.
Question 91
Which cryptographic technique is used to verify a file’s authenticity and integrity?
A) Symmetric encryption
B) Digital signatures
C) Stream cipher encryption
D) Base64 encoding
Answer: B) Digital signatures
Explanation: Digital signatures use a cryptographic hash and public-key encryption to ensure file authenticity and integrity, preventing tampering.
Question 92
Which of the following is a widely used key-exchange protocol for encrypted communications?
A) RSA
B) AES
C) Diffie-Hellman
D) MD5
Answer: C) Diffie-Hellman
Explanation: Diffie-Hellman enables secure key exchange over an insecure network, allowing parties to establish shared encryption keys without direct transmission.
Question 93
Which encryption mode is recommended to prevent bit-flipping attacks?
A) AES-ECB
B) AES-CBC
C) AES-GCM
D) AES-OFB
Answer: C) AES-GCM
Explanation: AES-GCM (Galois/Counter Mode) provides both encryption and authentication, preventing tampering and bit-flipping attacks.
Question 94
Which attack method involves attempting all possible encryption keys until the correct one is found?
A) Chosen ciphertext attack
B) Brute-force attack
C) Side-channel attack
D) Man-in-the-middle attack
Answer: B) Brute-force attack
Explanation: Brute-force attacks try all possible encryption keys to decrypt ciphertext, making longer key lengths more secure against such attacks.
Question 95
Which hashing algorithm is considered quantum-resistant?
A) SHA-1
B) MD5
C) SHA-3
D) RSA
Answer: C) SHA-3
Explanation: SHA-3 is a secure hashing function resistant to quantum computing attacks, unlike SHA-1 and MD5, which are vulnerable to collisions.
Question 96
Which of the following is a common weakness of improper JWT (JSON Web Token) implementation?
A) Using AES instead of RSA
B) Using weak JWT secret keys
C) Storing tokens in HTTP headers
D) Signing tokens with SHA-256
Answer: B) Using weak JWT secret keys
Explanation: Weak JWT secret keys allow attackers to forge tokens, bypassing authentication. Strong, unpredictable keys should always be used.
Question 97
Which cryptographic function is used in Bitcoin mining?
A) RSA-2048
B) SHA-256
C) AES-GCM
D) Diffie-Hellman
Answer: B) SHA-256
Explanation: SHA-256 is used in Bitcoin mining to hash transactions securely and create proof-of-work puzzles.
Question 98
Which of the following encryption algorithms is most efficient for encrypting small amounts of data?
A) RSA
B) AES-GCM
C) ECC
D) Blowfish
Answer: C) ECC
Explanation: Elliptic Curve Cryptography (ECC) provides strong encryption with shorter key sizes, making it efficient for small data encryption and key exchange.
Question 99
What is the biggest security risk of using self-signed SSL certificates?
A) They provide stronger encryption than CA-signed certificates
B) They do not support forward secrecy
C) They are not trusted by browsers, making MITM attacks easier
D) They use weaker encryption algorithms
Answer: C) They are not trusted by browsers, making MITM attacks easier
Explanation: Self-signed SSL certificates are not trusted by browsers, allowing attackers to impersonate servers and intercept communications (MITM attack).
Question 100
Which cryptographic function is best suited for generating unique session tokens?
A) SHA-1
B) MD5
C) HMAC with a secure random seed
D) Base64 encoding
Answer: C) HMAC with a secure random seed
Explanation: HMAC with a secure random seed generates unique, tamper-resistant session tokens, ensuring authentication security.
Question 101
Which of the following encryption algorithms is considered deprecated and insecure?
A) AES-256
B) RC4
C) RSA-4096
D) ChaCha20
Answer: B) RC4
Explanation: RC4 has known vulnerabilities such as biases in keystream output, making it insecure for modern cryptographic applications.
Question 102
Which property of hashing algorithms ensures that two different inputs do not produce the same hash?
A) Avalanche effect
B) Key stretching
C) Collision resistance
D) Block chaining
Answer: C) Collision resistance
Explanation: Collision resistance ensures that no two different inputs produce the same hash output, preventing hash collisions.
Question 103
Which encryption method is used in WPA3 for securing Wi-Fi networks?
A) AES-GCM
B) RSA
C) Blowfish
D) MD5
Answer: A) AES-GCM
Explanation: AES-GCM is used in WPA3, providing secure Wi-Fi encryption with authentication to prevent eavesdropping and brute-force attacks.
Question 104
Which of the following techniques prevents replay attacks in cryptographic communications?
A) Using Base64 encoding
B) Using a nonce or timestamp
C) Encrypting data with AES
D) Using weak passwords
Answer: B) Using a nonce or timestamp
Explanation: Nonces and timestamps prevent replay attacks by ensuring that messages are used only once and have a limited validity period.
Question 105
Which property of cryptographic functions ensures data integrity?
A) Confidentiality
B) Symmetric encryption
C) Non-repudiation
D) Hashing
Answer: D) Hashing
Explanation: Hashing provides data integrity by producing a fixed-length output that uniquely represents input data, preventing unauthorized modifications.
Question 106
Which encryption scheme is used in secure hardware modules like TPM (Trusted Platform Module)?
A) AES-ECB
B) RSA and ECC
C) Blowfish
D) SHA-1
Answer: B) RSA and ECC
Explanation: TPMs use RSA and ECC for secure key storage and cryptographic operations, ensuring hardware-level security.
Question 107
Which security measure should be avoided when generating cryptographic keys?
A) Using a hardware-based random number generator
B) Using rand() from standard libraries
C) Using a cryptographically secure pseudo-random number generator (CSPRNG)
D) Using entropy sources from the operating system
Answer: B) Using rand() from standard libraries
Explanation: Standard rand() functions are not cryptographically secure, making them unsuitable for key generation.
Question 108
Which of the following is not an encryption algorithm?
A) SHA-256
B) AES
C) RSA
D) Blowfish
Answer: A) SHA-256
Explanation: SHA-256 is a hashing algorithm, not an encryption algorithm. Hashing is one-way and cannot be decrypted.
Question 109
Which encryption mode is best suited for database field encryption?
A) AES-ECB
B) AES-GCM
C) RC4
D) MD5
Answer: B) AES-GCM
Explanation: AES-GCM provides authenticated encryption, making it ideal for securing database fields and preventing unauthorized modifications.
Question 110
Which attack technique exploits improperly implemented public key infrastructure (PKI)?
A) Padding oracle attack
B) Certificate spoofing attack
C) Man-in-the-middle attack
D) Timing attack
Answer: B) Certificate spoofing attack
Explanation: Certificate spoofing attacks exploit weaknesses in PKI and allow attackers to forge SSL/TLS certificates, leading to impersonation and MITM attacks.
Question 111
Which of the following is a lightweight cryptographic algorithm designed specifically for IoT devices?
A) RSA
B) AES-GCM
C) Speck
D) SHA-256
Answer: C) Speck
Explanation: Speck is a lightweight block cipher designed for low-power devices, such as IoT, providing efficient encryption with minimal computational overhead.
Question 112
Which attack method is used to recover an RSA private key by analyzing the decryption process?
A) Side-channel attack
B) Frequency analysis attack
C) Rainbow table attack
D) Known plaintext attack
Answer: A) Side-channel attack
Explanation: Side-channel attacks exploit physical characteristics (power usage, timing, or EM emissions) during RSA decryption to extract private keys.
Question 113
Which of the following cryptographic attacks is specific to Elliptic Curve Cryptography (ECC)?
A) Pollard’s rho method
B) Man-in-the-middle attack
C) Padding oracle attack
D) Meet-in-the-middle attack
Answer: A) Pollard’s rho method
Explanation: Pollard’s rho method is an attack used to solve the discrete logarithm problem in Elliptic Curve Cryptography (ECC), attempting to break its security.
Question 114
Which encryption algorithm is commonly used for securing VoIP communications?
A) AES-GCM
B) RC4
C) SRTP (Secure Real-time Transport Protocol)
D) Blowfish
Answer: C) SRTP (Secure Real-time Transport Protocol)
Explanation: SRTP encrypts VoIP and real-time audio/video communications, ensuring low latency and secure data transmission.
Question 115
Which of the following describes hash length extension attacks?
A) Attacks where an attacker extends the length of a key
B) Attacks where an attacker appends data to a hashed message and forges a valid hash
C) Attacks where a hash function produces too short an output
D) Attacks where a hash function is used without a salt
Answer: B) Attacks where an attacker appends data to a hashed message and forges a valid hash
Explanation: Hash length extension attacks allow attackers to add data to a hash without knowing the original message, particularly affecting Merkle-Damgård hash functions (e.g., MD5, SHA-1).
Question 116
Which cryptographic function is used in secure boot processes to verify firmware integrity?
A) RSA encryption
B) Digital signatures
C) AES-GCM encryption
D) MD5 hashing
Answer: B) Digital signatures
Explanation: Digital signatures ensure that firmware in secure boot processes has not been modified or tampered with, preventing unauthorized code execution.
Question 117
Which of the following is a primary security concern when implementing hardware-based encryption?
A) Key management
B) Encryption algorithm efficiency
C) Latency issues
D) Network bandwidth
Answer: A) Key management
Explanation: Key management is a major concern in hardware-based encryption because losing or exposing encryption keys can lead to irreversible data loss.
Question 118
Which of the following is not a recommended practice for cryptographic key storage?
A) Using a dedicated Hardware Security Module (HSM)
B) Storing keys in environment variables
C) Hardcoding keys in the source code
D) Using a cloud-based key management service (KMS)
Answer: C) Hardcoding keys in the source code
Explanation: Hardcoding encryption keys in the source code is a critical security risk, as attackers can extract and misuse them.
Question 119
Which of the following is an advantage of using Authenticated Encryption with Associated Data (AEAD)?
A) It prevents brute-force attacks
B) It allows encryption without a key
C) It provides both encryption and integrity verification
D) It increases key entropy
Answer: C) It provides both encryption and integrity verification
Explanation: AEAD (Authenticated Encryption with Associated Data) ensures both confidentiality (encryption) and integrity (authentication), preventing ciphertext tampering.
Question 120
Which attack exploits timing variations in cryptographic operations to extract encryption keys?
A) Rainbow table attack
B) Power analysis attack
C) Timing attack
D) Differential cryptanalysis
Answer: C) Timing attack
Explanation: Timing attacks analyze how long cryptographic operations take, allowing attackers to infer private keys in RSA, ECC, and AES implementations.
Question 121
Which cryptographic function is best suited for protecting API secrets?
A) MD5 hashing
B) AES-GCM encryption
C) Base64 encoding
D) XOR encryption
Answer: B) AES-GCM encryption
Explanation: AES-GCM provides strong encryption and integrity verification, making it ideal for securing API keys and secrets.
Question 122
Which of the following cryptographic attacks exploits weak implementations of RSA padding?
A) Brute-force attack
B) Chosen ciphertext attack
C) Side-channel attack
D) Meet-in-the-middle attack
Answer: B) Chosen ciphertext attack
Explanation: Chosen ciphertext attacks (CCA), such as Bleichenbacher’s attack, exploit weak RSA padding schemes, leading to decryption without knowing the private key.
Question 123
What is the primary purpose of elliptic curve cryptography (ECC)?
A) Encrypting data efficiently
B) Generating hash values
C) Providing strong encryption with shorter key sizes
D) Protecting against brute-force attacks
Answer: C) Providing strong encryption with shorter key sizes
Explanation: ECC provides the same level of security as RSA but with smaller keys, making it ideal for resource-constrained environments.
Question 124
Which key exchange protocol is used in TLS 1.3 to improve security and efficiency?
A) Static RSA key exchange
B) Static Diffie-Hellman
C) Ephemeral Elliptic Curve Diffie-Hellman (ECDHE)
D) MD5-based key derivation
Answer: C) Ephemeral Elliptic Curve Diffie-Hellman (ECDHE)
Explanation: ECDHE provides perfect forward secrecy (PFS) in TLS 1.3, making encrypted sessions secure even if long-term keys are compromised.
Question 125
Which hashing algorithm is best suited for verifying file integrity?
A) MD5
B) SHA-256
C) AES-256
D) RSA
Answer: B) SHA-256
Explanation: SHA-256 is a cryptographic hashing algorithm designed to ensure file integrity by detecting any modifications to the original data.
Question 126
Which cryptographic vulnerability exploits predictable IVs in block cipher encryption?
A) Chosen plaintext attack
B) Ciphertext pattern analysis
C) Padding oracle attack
D) Replay attack
Answer: B) Ciphertext pattern analysis
Explanation: Predictable IVs allow attackers to detect patterns in block ciphers, leading to potential decryption attacks.
Question 127
Which cryptographic function is best for securing biometric data?
A) Plaintext storage
B) Symmetric encryption with AES
C) Secure hashing with salting (SHA-3 + salt)
D) Base64 encoding
Answer: C) Secure hashing with salting (SHA-3 + salt)
Explanation: Hashing with a salt prevents biometric data from being reversed or exposed, ensuring secure storage.
Question 128
Which cryptographic algorithm is commonly used for password-based encryption (PBE)?
A) RSA
B) PBKDF2
C) SHA-256
D) Diffie-Hellman
Answer: B) PBKDF2
Explanation: PBKDF2 applies multiple hashing iterations to derive strong encryption keys from passwords, improving security.
Question 129
Which of the following is a zero-trust security principle in cryptographic systems?
A) Encrypting only sensitive data
B) Assuming all networks and devices are untrusted
C) Using only symmetric encryption
D) Allowing unrestricted access to encrypted files
Answer: B) Assuming all networks and devices are untrusted
Explanation: Zero-trust security assumes that no user, network, or device should be automatically trusted, requiring continuous authentication and encryption.
Question 130
What is the primary advantage of using Ephemeral Diffie-Hellman (DHE) over Static Diffie-Hellman?
A) It speeds up encryption processes
B) It provides Perfect Forward Secrecy (PFS)
C) It allows for asymmetric encryption
D) It reduces computational complexity
Answer: B) It provides Perfect Forward Secrecy (PFS)
Explanation: Ephemeral Diffie-Hellman (DHE or ECDHE) generates a new session key for each communication session, ensuring that past encrypted sessions remain secure even if private keys are compromised.
Question 131
Which cryptographic attack relies on analyzing multiple ciphertexts that use the same encryption key?
A) Frequency analysis attack
B) Chosen plaintext attack
C) Known-key attack
D) Ciphertext-only attack
Answer: D) Ciphertext-only attack
Explanation: Ciphertext-only attacks analyze patterns in multiple ciphertexts encrypted with the same key to infer information about the plaintext.
Question 132
Which encryption algorithm is optimized for lightweight applications in mobile and embedded systems?
A) AES
B) RSA
C) ChaCha20
D) SHA-512
Answer: C) ChaCha20
Explanation: ChaCha20 is a stream cipher designed for high performance and security, making it suitable for mobile and embedded systems with low processing power.
Question 133
Which cryptographic technique helps verify software integrity before execution?
A) Encrypting the software
B) Digital signatures
C) Base64 encoding
D) Asymmetric key exchange
Answer: B) Digital signatures
Explanation: Digital signatures ensure that software has not been tampered with, verifying its authenticity before execution.
Question 134
Which of the following is a best practice for key rotation?
A) Changing keys only if compromised
B) Changing encryption keys at regular intervals
C) Hardcoding keys in the source code
D) Using the same key for multiple encryption purposes
Answer: B) Changing encryption keys at regular intervals
Explanation: Regular key rotation minimizes security risks by limiting the exposure window of encryption keys in case of compromise.
Question 135
Which cryptographic algorithm is most commonly used in electronic passports (ePassports)?
A) RSA
B) AES-GCM
C) ECDSA
D) SHA-1
Answer: C) ECDSA
Explanation: Elliptic Curve Digital Signature Algorithm (ECDSA) is widely used in ePassports to provide strong authentication while maintaining efficiency.
Question 136
Which type of cryptographic attack specifically targets incorrect implementations of padding schemes?
A) Brute-force attack
B) Padding oracle attack
C) Side-channel attack
D) Replay attack
Answer: B) Padding oracle attack
Explanation: Padding oracle attacks exploit vulnerabilities in padding schemes (e.g., PKCS#7 padding) by analyzing error messages from decryption failures.
Question 137
Which of the following is an important consideration when implementing Transport Layer Security (TLS)?
A) Using self-signed certificates for production systems
B) Disabling support for outdated protocols like TLS 1.0 and 1.1
C) Using MD5 for digital signatures
D) Allowing weak ciphers for backward compatibility
Answer: B) Disabling support for outdated protocols like TLS 1.0 and 1.1
Explanation: TLS 1.0 and 1.1 are considered insecure due to vulnerabilities like BEAST and POODLE attacks, so they should be disabled in favor of TLS 1.2 or TLS 1.3.
Question 138
Which cryptographic concept ensures that a given plaintext will produce different ciphertexts each time it is encrypted?
A) Key stretching
B) Nonce or Initialization Vector (IV)
C) Asymmetric encryption
D) Hashing
Answer: B) Nonce or Initialization Vector (IV)
Explanation: Nonces and IVs introduce randomness in encryption, ensuring that the same plaintext produces different ciphertexts each time it is encrypted.
Question 139
Which of the following is a quantum-safe cryptographic technique?
A) ECC (Elliptic Curve Cryptography)
B) RSA-4096
C) Lattice-based cryptography
D) SHA-256
Answer: C) Lattice-based cryptography
Explanation: Lattice-based cryptography is considered resistant to quantum attacks, whereas RSA and ECC can be broken using quantum computing techniques like Shor’s algorithm.
Question 140
Which attack exploits the ability to modify intercepted encrypted messages without decryption?
A) Chosen ciphertext attack
B) Man-in-the-middle attack
C) Bit-flipping attack
D) Hash collision attack
Answer: C) Bit-flipping attack
Explanation: Bit-flipping attacks modify ciphertext directly without decryption, often exploiting weaknesses in unauthenticated encryption modes like AES-CBC.
Question 141
Which encryption algorithm is most commonly used for end-to-end encrypted messaging applications like Signal?
A) RSA
B) AES-CBC
C) Double Ratchet Algorithm (X3DH + AES-GCM)
D) DES
Answer: C) Double Ratchet Algorithm (X3DH + AES-GCM)
Explanation: The Double Ratchet Algorithm (used in Signal Protocol) combines X3DH key exchange and AES-GCM encryption for end-to-end secure messaging.
Question 142
Which of the following helps prevent side-channel attacks in cryptographic implementations?
A) Using weak keys
B) Introducing timing variations in encryption operations
C) Implementing constant-time cryptographic operations
D) Using long key sizes
Answer: C) Implementing constant-time cryptographic operations
Explanation: Constant-time cryptographic operations prevent timing-based attacks, making it harder for attackers to analyze execution patterns.
Question 143
Which cryptographic attack exploits weaknesses in PRNG (Pseudo-Random Number Generators)?
A) Replay attack
B) Predictable key attack
C) Birthday attack
D) Side-channel attack
Answer: B) Predictable key attack
Explanation: Weak or predictable PRNGs can lead to cryptographic key compromises, allowing attackers to reconstruct encryption keys.
Question 144
Which of the following cryptographic protocols is designed for anonymous and private web browsing?
A) TLS
B) PGP
C) Tor (The Onion Routing)
D) Diffie-Hellman
Answer: C) Tor (The Onion Routing)
Explanation: Tor encrypts internet traffic and routes it through multiple nodes, providing anonymity and privacy for web browsing.
Question 145
Which cryptographic function is best suited for securing stored credit card numbers?
A) SHA-256 hashing
B) AES encryption
C) Base64 encoding
D) MD5 hashing
Answer: B) AES encryption
Explanation: AES encryption ensures that stored credit card numbers remain secure, whereas hashing is not suitable since encrypted data needs to be retrievable.
Question 146
Which cryptographic algorithm is commonly used for securing mobile payment transactions (e.g., Apple Pay, Google Pay)?
A) RSA
B) AES-GCM
C) ECC (Elliptic Curve Cryptography)
D) DES
Answer: C) ECC (Elliptic Curve Cryptography)
Explanation: ECC is widely used in mobile payment systems due to its ability to provide strong encryption with shorter key sizes, making it ideal for fast and secure transactions.
Question 147
Which of the following is not a suitable method for securely storing user passwords?
A) Using PBKDF2 with a salt
B) Hashing with bcrypt
C) Storing passwords in plaintext
D) Using Argon2
Answer: C) Storing passwords in plaintext
Explanation: Passwords should never be stored in plaintext. Instead, secure password hashing algorithms like PBKDF2, bcrypt, or Argon2 should be used.
Question 148
What is the biggest weakness of using MD5 for cryptographic hashing?
A) It is too fast
B) It produces too large a hash output
C) It is vulnerable to collision attacks
D) It requires too much processing power
Answer: C) It is vulnerable to collision attacks
Explanation: MD5 is insecure because attackers can generate two different inputs that produce the same hash value (collision), making it unsuitable for cryptographic security.
Question 149
Which attack attempts to recover an encryption key by analyzing small statistical variations in cryptographic operations?
A) Brute-force attack
B) Power analysis attack
C) Frequency analysis attack
D) Meet-in-the-middle attack
Answer: B) Power analysis attack
Explanation: Power analysis attacks (a type of side-channel attack) analyze power consumption patterns during encryption operations to extract cryptographic keys.
Question 150
Which of the following is an important security consideration when implementing JWT (JSON Web Tokens)?
A) Using HS256 instead of RS256
B) Allowing JWTs to be used indefinitely
C) Verifying the JWT signature before trusting the data
D) Using a static secret key for all JWTs
Answer: C) Verifying the JWT signature before trusting the data
Explanation: JWTs must always be verified using their signature to prevent attacks like forged tokens or tampering.
Question 151
Which protocol is used for securing domain name system (DNS) queries to prevent eavesdropping?
A) DNS over HTTPS (DoH)
B) RC4
C) Diffie-Hellman
D) SSL
Answer: A) DNS over HTTPS (DoH)
Explanation: DNS over HTTPS (DoH) encrypts DNS queries, preventing attackers from intercepting and manipulating domain name lookups.
Question 152
Which of the following is a known weakness of symmetric encryption?
A) Key exchange difficulty
B) It is slower than asymmetric encryption
C) It cannot encrypt large amounts of data
D) It is vulnerable to chosen ciphertext attacks
Answer: A) Key exchange difficulty
Explanation: Symmetric encryption requires both parties to securely share a secret key, which is a major challenge compared to asymmetric encryption.
Question 153
Which cryptographic principle ensures that previously encrypted messages remain secure even if a private key is later compromised?
A) Non-repudiation
B) Perfect Forward Secrecy (PFS)
C) Hashing
D) AES encryption
Answer: B) Perfect Forward Secrecy (PFS)
Explanation: PFS ensures that session keys are unique for each session, preventing past communications from being decrypted if a long-term key is compromised.
Question 154
Which cryptographic algorithm is primarily used for hardware-based security modules like TPM (Trusted Platform Module)?
A) RSA and AES
B) MD5
C) SHA-1
D) Base64
Answer: A) RSA and AES
Explanation: TPMs use RSA and AES for secure cryptographic key storage and encryption in hardware-based security modules.
Question 155
What is the primary benefit of using an HMAC (Hashed Message Authentication Code)?
A) It provides non-repudiation
B) It encrypts data at rest
C) It ensures message integrity and authentication
D) It generates encryption keys
Answer: C) It ensures message integrity and authentication
Explanation: HMAC combines hashing with a secret key to provide message integrity and authenticity, preventing tampering during transmission.
Question 156
Which of the following should not be used as a cryptographic random number generator?
A) /dev/random (Linux)
B) /dev/urandom (Linux)
C) Cryptographically secure PRNG (CSPRNG)
D) rand() from standard libraries
Answer: D) rand() from standard libraries
Explanation: Standard rand() functions are not cryptographically secure and should never be used for generating encryption keys or sensitive data.
Question 157
Which cryptographic technique ensures a message cannot be modified without detection?
A) Base64 encoding
B) HMAC (Hashed Message Authentication Code)
C) Symmetric encryption
D) RSA encryption
Answer: B) HMAC (Hashed Message Authentication Code)
Explanation: HMAC ensures message integrity by detecting unauthorized modifications using a combination of hashing and a secret key.
Question 158
Which encryption scheme is used in secure password storage to make brute-force attacks computationally expensive?
A) SHA-256
B) PBKDF2
C) Base64 encoding
D) AES-128
Answer: B) PBKDF2
Explanation: PBKDF2 (Password-Based Key Derivation Function 2) is used to slow down brute-force attacks by adding computational complexity to password hashing.
Question 159
Which of the following is a major disadvantage of asymmetric encryption compared to symmetric encryption?
A) It requires a shared secret key
B) It is significantly slower than symmetric encryption
C) It cannot be used for key exchange
D) It is vulnerable to brute-force attacks
Answer: B) It is significantly slower than symmetric encryption
Explanation: Asymmetric encryption (e.g., RSA, ECC) is computationally expensive compared to symmetric encryption (e.g., AES), making it slower for encrypting large amounts of data.
Question 160
Which of the following cryptographic techniques protects data from being modified in transit?
A) AES-CBC encryption
B) Digital signatures
C) Base64 encoding
D) DES encryption
Answer: B) Digital signatures
Explanation: Digital signatures ensure data integrity and authenticity, protecting messages from being altered in transit.
Question 161
Which of the following is an advantage of using Elliptic Curve Cryptography (ECC) over RSA?
A) ECC keys require longer key lengths than RSA
B) ECC provides the same level of security with smaller key sizes
C) ECC is only used for hashing
D) ECC does not require public-private key pairs
Answer: B) ECC provides the same level of security with smaller key sizes
Explanation: ECC is more efficient than RSA because it provides the same level of security with much shorter keys, making it ideal for mobile and embedded systems.
Question 162
Which cryptographic attack targets a vulnerability in key generation when using weak random number generators?
A) Brute-force attack
B) Predictable key attack
C) Ciphertext-only attack
D) Padding oracle attack
Answer: B) Predictable key attack
Explanation: Weak or predictable random number generators (PRNGs) can lead to guessable cryptographic keys, allowing attackers to break encryption schemes.
Question 163
Which encryption technique is most suitable for protecting large volumes of data at rest?
A) RSA
B) AES-XTS
C) SHA-256
D) ECC
Answer: B) AES-XTS
Explanation: AES-XTS (XEX-based Tweaked CodeBook Mode with Ciphertext Stealing) is optimized for encrypting large amounts of data at rest, such as full-disk encryption.
Question 164
Which of the following encryption modes provides built-in authentication?
A) ECB
B) CBC
C) GCM
D) OFB
Answer: C) GCM
Explanation: AES-GCM (Galois/Counter Mode) provides both encryption and authentication, preventing tampering and ensuring data integrity.
Question 165
Which of the following is a recommended practice when implementing cryptographic key management?
A) Hardcoding encryption keys in the source code
B) Using a dedicated key management system (KMS)
C) Using the same key for multiple encryption purposes
D) Storing encryption keys alongside encrypted data
Answer: B) Using a dedicated key management system (KMS)
Explanation: Key management systems (KMS) help securely store, manage, and rotate encryption keys, preventing unauthorized access.
Question 166
What is the primary reason RSA key lengths must be significantly longer than AES key lengths for equivalent security?
A) RSA is symmetric, requiring longer keys
B) RSA keys are more efficient than AES keys
C) RSA security relies on prime factorization, which requires longer keys
D) RSA keys are weaker due to poor random number generation
Answer: C) RSA security relies on prime factorization, which requires longer keys
Explanation: RSA’s security depends on the difficulty of factoring large prime numbers, requiring longer key lengths (e.g., RSA-2048) to achieve the same security as a shorter AES key (e.g., AES-128).
Question 167
Which of the following cryptographic vulnerabilities allows an attacker to forge a digital signature without knowing the private key?
A) Padding oracle attack
B) Weak hash collision attack
C) Key stretching attack
D) Timing attack
Answer: B) Weak hash collision attack
Explanation: Weak hash functions (e.g., MD5, SHA-1) are vulnerable to collision attacks, allowing attackers to generate different inputs with the same hash value and forge digital signatures.
Question 168
Which cryptographic principle ensures a system remains secure even if attackers gain access to partial data?
A) Non-repudiation
B) Defense-in-depth
C) Information-theoretic security
D) Perfect secrecy
Answer: D) Perfect secrecy
Explanation: Perfect secrecy, as defined in Shannon’s theorem, ensures that encrypted data provides no information about the original plaintext, even if some ciphertext is exposed.
Question 169
Which type of attack exploits reused IVs (Initialization Vectors) in encryption schemes?
A) Brute-force attack
B) Chosen plaintext attack
C) Replay attack
D) Ciphertext pattern analysis attack
Answer: D) Ciphertext pattern analysis attack
Explanation: Reusing IVs in encryption modes like AES-CBC can expose patterns in ciphertext, leading to ciphertext pattern analysis attacks.
Question 170
Which of the following cryptographic protocols is commonly used to protect email communications?
A) SSH
B) PGP/GPG
C) AES-CBC
D) Blowfish
Answer: B) PGP/GPG
Explanation: Pretty Good Privacy (PGP) and its open-source alternative GPG are used to encrypt and sign emails, ensuring confidentiality and authenticity.
Question 171
Which encryption algorithm is commonly used in end-to-end encrypted cloud storage services?
A) RSA-1024
B) AES-GCM
C) MD5
D) DES
Answer: B) AES-GCM
Explanation: AES-GCM is widely used in cloud storage encryption due to its efficiency and built-in authentication, ensuring both data confidentiality and integrity.
Question 172
Which attack method involves using precomputed hash values to crack password hashes?
A) Dictionary attack
B) Rainbow table attack
C) Meet-in-the-middle attack
D) Replay attack
Answer: B) Rainbow table attack
Explanation: Rainbow tables store precomputed hash values to efficiently crack password hashes, making them a major threat to weakly hashed passwords.
Question 173
Which cryptographic attack exploits timing variations in operations to infer encryption keys?
A) Man-in-the-middle attack
B) Side-channel attack
C) Chosen ciphertext attack
D) Bit-flipping attack
Answer: B) Side-channel attack
Explanation: Side-channel attacks analyze external information, such as execution time, power consumption, or electromagnetic radiation, to extract cryptographic keys.
Question 174
Which type of cryptographic function is most resistant to quantum computing attacks?
A) RSA
B) AES
C) Lattice-based cryptography
D) SHA-1
Answer: C) Lattice-based cryptography
Explanation: Lattice-based cryptography is considered resistant to quantum computing attacks, unlike RSA and ECC, which can be broken using Shor’s algorithm.
Question 175
Which security feature of TLS 1.3 enhances privacy and forward secrecy?
A) Use of static RSA keys
B) Removal of weaker encryption ciphers
C) Inclusion of SSLv3 fallback
D) Using MD5 for message authentication
Answer: B) Removal of weaker encryption ciphers
Explanation: TLS 1.3 removed weak cipher suites, relying only on strong encryption protocols (e.g., AES-GCM, ChaCha20) and ensuring perfect forward secrecy.
Question 176
Which of the following is a secure method for generating encryption keys?
A) Using the output of rand() in C
B) Using a cryptographically secure pseudo-random number generator (CSPRNG)
C) Using a hardcoded passphrase
D) Generating a key from a user’s birthdate
Answer: B) Using a cryptographically secure pseudo-random number generator (CSPRNG)
Explanation: CSPRNGs generate strong, unpredictable keys suitable for cryptographic applications, preventing key compromise.
Question 177
Which cryptographic algorithm is commonly used in blockchain mining?
A) AES-GCM
B) SHA-256
C) Blowfish
D) Diffie-Hellman
Answer: B) SHA-256
Explanation: SHA-256 is used in Bitcoin mining to hash transaction blocks securely and generate proof-of-work puzzles.
Question 178
Which cryptographic attack targets a weakness in RSA’s padding scheme and can lead to key recovery?
A) Chosen ciphertext attack
B) Brute-force attack
C) Padding oracle attack
D) Birthday attack
Answer: A) Chosen ciphertext attack
Explanation: Bleichenbacher’s attack, a form of chosen ciphertext attack, exploits weak RSA padding (PKCS#1 v1.5), allowing an attacker to decrypt messages without knowing the private key.
Question 179
Which property of hash functions ensures that a small change in input results in a drastically different output?
A) Non-repudiation
B) Collision resistance
C) Avalanche effect
D) Key stretching
Answer: C) Avalanche effect
Explanation: The avalanche effect ensures that even a slight change in the input completely changes the hash output, making hash functions resistant to minor alterations.
Question 180
Which cryptographic technique allows one party to prove knowledge of a secret without revealing the secret itself?
A) Public-key encryption
B) Zero-Knowledge Proof (ZKP)
C) Digital signatures
D) Symmetric encryption
Answer: B) Zero-Knowledge Proof (ZKP)
Explanation: Zero-Knowledge Proof (ZKP) enables a party to prove knowledge of a secret without revealing it, commonly used in blockchain privacy solutions.
Question 181
Which key derivation function is most resistant to GPU-based password cracking?
A) SHA-256
B) MD5
C) Argon2
D) PBKDF2
Answer: C) Argon2
Explanation: Argon2 is designed to be memory-hard, making it highly resistant to GPU-based and parallel password cracking attacks.
Question 182
Which of the following hashing algorithms is not recommended for password hashing due to its speed?
A) Argon2
B) SHA-1
C) bcrypt
D) PBKDF2
Answer: B) SHA-1
Explanation: SHA-1 is too fast for password hashing, making it vulnerable to brute-force attacks. bcrypt, Argon2, and PBKDF2 are better choices.
Question 183
Which attack is used to break weak cryptographic hash functions by finding two inputs that produce the same hash?
A) Brute-force attack
B) Collision attack
C) Key recovery attack
D) Side-channel attack
Answer: B) Collision attack
Explanation: Collision attacks occur when two different inputs produce the same hash output, compromising hash integrity (e.g., MD5 and SHA-1 vulnerabilities).
Question 184
Which cryptographic algorithm is considered quantum-resistant and is being researched for future encryption standards?
A) RSA
B) ECC
C) Lattice-based cryptography
D) SHA-256
Answer: C) Lattice-based cryptography
Explanation: Lattice-based cryptography is one of the leading quantum-resistant cryptographic techniques, unlike RSA and ECC, which are vulnerable to quantum attacks.
Question 185
Which cryptographic attack can be prevented by implementing constant-time cryptographic operations?
A) Brute-force attack
B) Timing attack
C) Replay attack
D) Hash collision attack
Answer: B) Timing attack
Explanation: Timing attacks analyze execution time variations in cryptographic operations to extract sensitive data. Using constant-time execution mitigates this risk.
Question 186
Which encryption mode should never be used due to its vulnerability to ciphertext pattern analysis?
A) ECB (Electronic Codebook)
B) CBC (Cipher Block Chaining)
C) GCM (Galois Counter Mode)
D) CTR (Counter Mode)
Answer: A) ECB (Electronic Codebook)
Explanation: ECB mode encrypts identical plaintext blocks into identical ciphertext blocks, making it vulnerable to pattern analysis attacks.
Question 187
Which cryptographic technique is used in blockchain technology to create a verifiable proof of transaction authenticity?
A) AES
B) Digital signatures
C) Symmetric encryption
D) MD5
Answer: B) Digital signatures
Explanation: Blockchain transactions use digital signatures (e.g., ECDSA) to ensure that only authorized users can approve transactions.
Question 188
Which encryption algorithm is commonly used in mobile payment and contactless transactions?
A) RSA-1024
B) ECC (Elliptic Curve Cryptography)
C) SHA-1
D) DES
Answer: B) ECC (Elliptic Curve Cryptography)
Explanation: ECC provides strong encryption with shorter key lengths, making it ideal for secure mobile and NFC (Near Field Communication) payments.
Question 189
Which cryptographic attack involves modifying encrypted data without decrypting it, exploiting weak encryption schemes?
A) Bit-flipping attack
B) Brute-force attack
C) Dictionary attack
D) Key recovery attack
Answer: A) Bit-flipping attack
Explanation: Bit-flipping attacks allow an attacker to modify encrypted ciphertext in a way that results in controlled changes to the decrypted plaintext.
Question 190
Which cryptographic principle states that an attacker should gain no useful information from intercepted ciphertext, even with unlimited computational power?
A) Forward secrecy
B) Kerckhoffs’s principle
C) Perfect secrecy
D) Non-repudiation
Answer: C) Perfect secrecy
Explanation: Perfect secrecy, as defined by Shannon’s theorem, ensures that ciphertext reveals no information about the original plaintext, even if an attacker has infinite computational resources.
Question 191
Which of the following cryptographic algorithms is used for fast symmetric encryption in secure network protocols like WireGuard?
A) AES-CBC
B) ChaCha20
C) RSA-4096
D) SHA-512
Answer: B) ChaCha20
Explanation: ChaCha20 is a stream cipher optimized for high-speed encryption and security, often used in VPNs and secure network protocols like WireGuard.
Question 192
Which property of digital signatures ensures that a sender cannot deny sending a message?
A) Confidentiality
B) Non-repudiation
C) Integrity
D) Key exchange
Answer: B) Non-repudiation
Explanation: Non-repudiation ensures that a sender cannot falsely deny having sent a digitally signed message, as the signature uniquely identifies them.
Question 193
Which of the following is an advantage of using AES-GCM over AES-CBC?
A) AES-GCM requires a shorter key length
B) AES-GCM provides built-in authentication
C) AES-CBC is faster for encrypting large data
D) AES-GCM is only used for password hashing
Answer: B) AES-GCM provides built-in authentication
Explanation: AES-GCM includes integrity and authentication features, making it more secure than AES-CBC, which requires separate authentication mechanisms.
Question 194
Which cryptographic algorithm is used in Secure Shell (SSH) for secure remote access?
A) RSA
B) DES
C) MD5
D) Blowfish
Answer: A) RSA
Explanation: SSH (Secure Shell) uses RSA, ECDSA, or Ed25519 for authentication and key exchange, securing remote access sessions.
Question 195
Which of the following best describes key stretching in cryptography?
A) Extending the length of a public key for additional security
B) Strengthening weak passwords by increasing computational cost
C) Using longer encryption keys in symmetric encryption
D) Combining two encryption keys into a single key
Answer: B) Strengthening weak passwords by increasing computational cost
Explanation: Key stretching techniques (e.g., PBKDF2, bcrypt, Argon2) increase computational effort, making brute-force attacks on passwords more difficult.
Question 196
Which hashing algorithm is considered secure and recommended for digital signatures and integrity verification?
A) SHA-1
B) SHA-256
C) MD5
D) DES
Answer: B) SHA-256
Explanation: SHA-256 is widely used for secure hashing and digital signatures, while SHA-1 and MD5 are considered insecure due to collision vulnerabilities.
Question 197
Which encryption algorithm is used in TLS 1.3 for secure web communications?
A) AES-GCM
B) DES
C) RSA-1024
D) MD5
Answer: A) AES-GCM
Explanation: TLS 1.3 exclusively supports AES-GCM and ChaCha20-Poly1305, removing older, weaker ciphers for stronger encryption security.
Question 198
Which attack exploits the reuse of encryption keys across different sessions?
A) Key recovery attack
B) Brute-force attack
C) Man-in-the-middle attack
D) Replay attack
Answer: A) Key recovery attack
Explanation: Key recovery attacks exploit scenarios where the same encryption key is reused, allowing attackers to analyze ciphertext and infer the key.
Question 199
What is the primary security risk of using static RSA keys for TLS key exchange?
A) Increased encryption speed
B) Vulnerability to quantum computing attacks
C) Lack of perfect forward secrecy (PFS)
D) Incompatibility with AES
Answer: C) Lack of perfect forward secrecy (PFS)
Explanation: Static RSA key exchange does not provide Perfect Forward Secrecy (PFS), meaning past sessions can be decrypted if the private key is compromised.
Question 200
Which of the following is a best practice for securing JWT (JSON Web Tokens)?
A) Using long expiration times for JWTs
B) Storing JWTs in local storage
C) Signing JWTs with asymmetric encryption (RS256 or ES256)
D) Allowing JWTs to be used without signature verification
Answer: C) Signing JWTs with asymmetric encryption (RS256 or ES256)
Explanation: Using asymmetric encryption (e.g., RS256, ES256) for JWTs ensures stronger security and allows signature verification without sharing a private key.
Question 201
Which of the following encryption algorithms is used in WPA3 for securing Wi-Fi networks?
A) AES-GCM
B) RSA
C) MD5
D) DES
Answer: A) AES-GCM
Explanation: WPA3 uses AES-GCM for secure Wi-Fi encryption, replacing WPA2’s AES-CCMP with an improved security model.
Question 202
Which of the following cryptographic attacks exploits poor entropy sources used in key generation?
A) Dictionary attack
B) Predictable key attack
C) Meet-in-the-middle attack
D) Chosen plaintext attack
Answer: B) Predictable key attack
Explanation: Poor entropy in key generation makes encryption keys predictable, allowing attackers to reconstruct encryption keys and break security mechanisms.
Question 203
Which cryptographic standard is used for digital certificates and PKI (Public Key Infrastructure)?
A) SHA-256
B) X.509
C) AES-256
D) RSA-1024
Answer: B) X.509
Explanation: X.509 certificates are used in PKI for authentication, digital signatures, and secure SSL/TLS certificate management.
Question 204
Which cryptographic algorithm is used in Ethereum and other blockchain networks for signing transactions?
A) RSA
B) ECDSA (Elliptic Curve Digital Signature Algorithm)
C) AES-GCM
D) MD5
Answer: B) ECDSA (Elliptic Curve Digital Signature Algorithm)
Explanation: Ethereum and other blockchain networks use ECDSA for digital signatures, ensuring transaction authenticity and preventing unauthorized modifications.
Question 205
Which type of encryption attack attempts to recover the original plaintext by observing multiple encryptions of the same message?
A) Chosen plaintext attack
B) Frequency analysis attack
C) Ciphertext-only attack
D) Replay attack
Answer: C) Ciphertext-only attack
Explanation: Ciphertext-only attacks analyze multiple encrypted messages to detect patterns and infer the original plaintext without access to the key.