1. Which protocol is primarily used for encrypting web traffic?
π A) SSH
π B) SSL/TLS
π C) PGP
π D) HTTP
β
Answer: B) SSL/TLS
π‘ Explanation: SSL/TLS (Secure Sockets Layer/Transport Layer Security) is used to secure web traffic by encrypting data between the client and server.
2. What port does SSH typically run on by default?
π A) 22
π B) 443
π C) 25
π D) 80
β
Answer: A) 22
π‘ Explanation: SSH (Secure Shell) operates on port 22 by default, providing secure remote login and command execution.
3. Which encryption technique is used in SSL/TLS for key exchange?
π A) AES
π B) RSA
π C) MD5
π D) SHA-256
β
Answer: B) RSA
π‘ Explanation: RSA (Rivest-Shamir-Adleman) is commonly used in SSL/TLS to securely exchange encryption keys between parties.
4. What does PGP stand for?
π A) Pretty Good Privacy
π B) Perfect Global Protection
π C) Private Gateway Protocol
π D) Public Group Policy
β
Answer: A) Pretty Good Privacy
π‘ Explanation: PGP (Pretty Good Privacy) is used for securing emails and files through encryption and digital signatures.
5. What is the primary use of PGP?
π A) Encrypting web traffic
π B) Securing remote logins
π C) Encrypting and signing emails
π D) Protecting Wi-Fi networks
β
Answer: C) Encrypting and signing emails
π‘ Explanation: PGP is widely used for encrypting emails and digitally signing messages to ensure confidentiality and authenticity.
6. Which cryptographic method does SSH use for authentication?
π A) Symmetric encryption
π B) Public-key cryptography
π C) Hashing
π D) Quantum cryptography
β
Answer: B) Public-key cryptography
π‘ Explanation: SSH uses public-key cryptography for authentication, allowing secure access using key pairs.
7. Which version of TLS is considered insecure and deprecated?
π A) TLS 1.2
π B) TLS 1.3
π C) TLS 1.0
π D) TLS 2.0
β
Answer: C) TLS 1.0
π‘ Explanation: TLS 1.0 has several known vulnerabilities and has been deprecated in favor of TLS 1.2 and TLS 1.3.
8. What command is used to initiate an SSH connection in Linux?
π A) connect-ssh
π B) ssh user@hostname
π C) start ssh
π D) ssh-keygen
β
Answer: B) ssh user@hostname
π‘ Explanation: The ssh command is used to connect to a remote server securely.
9. Which layer of the OSI model does SSL/TLS operate at?
π A) Network layer
π B) Transport layer
π C) Application layer
π D) Data link layer
β
Answer: B) Transport layer
π‘ Explanation: SSL/TLS operates at the transport layer to provide encryption for higher-layer protocols like HTTP.
10. What is the primary purpose of TLS Handshake?
π A) Encrypting all data during transmission
π B) Authenticating the server and client and negotiating encryption parameters
π C) Checking for network latency
π D) Detecting malware
β
Answer: B) Authenticating the server and client and negotiating encryption parameters
π‘ Explanation: The TLS handshake is a process where cryptographic keys and encryption methods are agreed upon before secure communication begins.
11. What does an SSH private key provide?
π A) Public authentication
π B) Secure decryption and authentication
π C) Hashing only
π D) Symmetric key exchange
β
Answer: B) Secure decryption and authentication
π‘ Explanation: The SSH private key is used to decrypt data and authenticate securely.
12. Which protocol replaced SSL due to its security flaws?
π A) SSH
π B) PGP
π C) TLS
π D) HTTPS
β
Answer: C) TLS
π‘ Explanation: TLS (Transport Layer Security) replaced SSL due to vulnerabilities like POODLE and BEAST attacks.
13. What is Forward Secrecy in TLS?
π A) A method for passwordless authentication
π B) A feature that ensures past communications remain secure even if keys are compromised
π C) A cryptographic hashing method
π D) A method for faster SSL handshakes
β
Answer: B) A feature that ensures past communications remain secure even if keys are compromised
π‘ Explanation: Forward Secrecy prevents previously captured encrypted data from being decrypted if private keys are later exposed.
14. What type of encryption does SSH use?
π A) Only symmetric encryption
π B) Only asymmetric encryption
π C) A combination of symmetric and asymmetric encryption
π D) No encryption
β
Answer: C) A combination of symmetric and asymmetric encryption
π‘ Explanation: SSH uses asymmetric encryption for authentication and symmetric encryption for session encryption.
15. What does a TLS certificate contain?
π A) A public key and a private key
π B) A public key, domain name, and certificate authority signature
π C) Only the private key
π D) A list of all visited websites
β
Answer: B) A public key, domain name, and certificate authority signature
π‘ Explanation: A TLS certificate contains a public key, the domain name, and a CA signature for authenticity.
16. What is the primary risk of using self-signed TLS certificates?
π A) They are expensive
π B) They may not be trusted by browsers
π C) They cannot be revoked
π D) They use weak encryption
β
Answer: B) They may not be trusted by browsers
π‘ Explanation: Self-signed certificates are not verified by trusted Certificate Authorities (CAs) and may trigger security warnings.
17. What is the primary function of the SSH agent?
π A) Generate SSH keys
π B) Store decrypted private keys securely in memory
π C) Encrypt SSH traffic
π D) Manage SSL certificates
β
Answer: B) Store decrypted private keys securely in memory
π‘ Explanation: The SSH agent stores decrypted private keys so users don’t have to re-enter passphrases frequently.
18. What is the default port for HTTPS (SSL/TLS-secured web traffic)?
π A) 80
π B) 22
π C) 443
π D) 53
β
Answer: C) 443
π‘ Explanation: HTTPS (secured via SSL/TLS) runs on port 443.
19. Which algorithm is commonly used in PGP for symmetric encryption?
π A) AES
π B) RSA
π C) SHA-256
π D) MD5
β
Answer: A) AES
π‘ Explanation: PGP uses AES (Advanced Encryption Standard) for symmetric encryption.
20. What does the “S” in HTTPS stand for?
π A) Secure
π B) Server
π C) SSH
π D) Session
β
Answer: A) Secure
π‘ Explanation: HTTPS stands for HyperText Transfer Protocol Secure, indicating that SSL/TLS secures the connection.
21. What is the primary purpose of SSH tunneling?
π A) Encrypting website traffic
π B) Securely forwarding network traffic through an encrypted channel
π C) Generating PGP keys
π D) Signing TLS certificates
β
Answer: B) Securely forwarding network traffic through an encrypted channel
π‘ Explanation: SSH tunneling (port forwarding) securely routes network traffic through an encrypted SSH connection.
22. Which hashing algorithm is commonly used for message integrity in TLS?
π A) SHA-256
π B) MD5
π C) Blowfish
π D) RC4
β
Answer: A) SHA-256
π‘ Explanation: SHA-256 is widely used for ensuring message integrity in TLS communication.
23. What does HSTS (HTTP Strict Transport Security) do?
π A) Enforces HTTPS connections
π B) Encrypts email messages
π C) Secures SSH logins
π D) Strengthens PGP encryption
β
Answer: A) Enforces HTTPS connections
π‘ Explanation: HSTS ensures that browsers always use HTTPS for a website, preventing downgrade attacks.
24. What does the openssl s_client command do?
π A) Establishes an encrypted SSH session
π B) Tests SSL/TLS connections to a server
π C) Generates SSH key pairs
π D) Encrypts files with PGP
β
Answer: B) Tests SSL/TLS connections to a server
π‘ Explanation: The openssl s_client command checks TLS/SSL certificates and configurations of remote servers.
25. What key size is considered secure for SSH key pairs?
π A) 512-bit
π B) 1024-bit
π C) 2048-bit or higher
π D) 128-bit
β
Answer: C) 2048-bit or higher
π‘ Explanation: 2048-bit or higher (e.g., 4096-bit) RSA keys are recommended for strong SSH security.
26. What is a wildcard SSL certificate?
π A) A certificate that can be used for multiple domains
π B) A certificate used for a single subdomain
π C) A self-signed certificate
π D) A certificate with unlimited validity
β
Answer: A) A certificate that can be used for multiple domains
π‘ Explanation: Wildcard SSL certificates secure a domain and all its subdomains (e.g., *.example.com).
27. Which attack exploits the SSL/TLS renegotiation process?
π A) POODLE
π B) Heartbleed
π C) BEAST
π D) Triple Handshake Attack
β
Answer: D) Triple Handshake Attack
π‘ Explanation: The Triple Handshake Attack exploits session renegotiation in TLS, allowing MITM attacks.
28. What is the primary goal of the SSH protocol?
π A) Secure email transmission
π B) Encrypt web traffic
π C) Secure remote administration and file transfers
π D) Secure database queries
β
Answer: C) Secure remote administration and file transfers
π‘ Explanation: SSH is used to remotely manage systems and transfer files securely.
29. What does OCSP (Online Certificate Status Protocol) check?
π A) If an SSL certificate is revoked
π B) If SSH keys are compromised
π C) If a website supports HTTPS
π D) If a TLS handshake is completed
β
Answer: A) If an SSL certificate is revoked
π‘ Explanation: OCSP checks whether an SSL/TLS certificate has been revoked by the issuing CA.
30. Which cryptographic method does SSH use for secure key exchange?
π A) Diffie-Hellman
π B) RSA
π C) MD5
π D) ECC
β
Answer: A) Diffie-Hellman
π‘ Explanation: SSH uses Diffie-Hellman key exchange to securely establish a session key.
31. What does a Certificate Authority (CA) do?
π A) Issues digital certificates
π B) Manages SSH logins
π C) Encrypts TLS traffic
π D) Stores SSL keys
β
Answer: A) Issues digital certificates
π‘ Explanation: CAs issue SSL/TLS certificates that verify a website’s authenticity.
32. Which protocol secures email communication using PGP?
π A) SMTP
π B) OpenPGP
π C) IMAP
π D) POP3
β
Answer: B) OpenPGP
π‘ Explanation: OpenPGP is an encryption standard used for securing emails.
33. What does the “Perfect” in Perfect Forward Secrecy (PFS) mean?
π A) Data is encrypted with a perfect algorithm
π B) No past session keys can be compromised
π C) It guarantees 100% security
π D) Only quantum-resistant encryption is used
β
Answer: B) No past session keys can be compromised
π‘ Explanation: PFS ensures that past encrypted data cannot be decrypted even if private keys are compromised.
34. Which attack exploits SSL/TLS padding vulnerabilities?
π A) POODLE
π B) CRIME
π C) BEAST
π D) FREAK
β
Answer: A) POODLE
π‘ Explanation: POODLE (Padding Oracle On Downgraded Legacy Encryption) exploits SSL 3.0 padding vulnerabilities.
35. What is the purpose of SSH-Agent?
π A) Store private keys securely in memory
π B) Generate SSH keys
π C) Manage SSL certificates
π D) Encrypt web traffic
β
Answer: A) Store private keys securely in memory
π‘ Explanation: SSH-Agent caches decrypted SSH private keys, so users donβt need to re-enter passphrases.
36. What is the primary function of TLS session resumption?
π A) Reduce handshake time
π B) Generate new certificates
π C) Encrypt email communication
π D) Detect revoked certificates
β
Answer: A) Reduce handshake time
π‘ Explanation: TLS session resumption allows a client to reconnect faster by skipping a full handshake.
37. What attack does HSTS help mitigate?
π A) SSL stripping
π B) Heartbleed
π C) Man-in-the-middle (MITM)
π D) BEAST
β
Answer: A) SSL stripping
π‘ Explanation: HSTS ensures browsers only use HTTPS, preventing SSL stripping attacks.
38. Which protocol ensures encrypted file transfer over SSH?
π A) FTP
π B) SCP
π C) HTTP
π D) Telnet
β
Answer: B) SCP
π‘ Explanation: SCP (Secure Copy Protocol) uses SSH for encrypted file transfers.
39. What is the purpose of the “TLS Record Protocol”?
π A) Encrypts data for secure transmission
π B) Manages SSL certificates
π C) Checks server uptime
π D) Generates encryption keys
β
Answer: A) Encrypts data for secure transmission
π‘ Explanation: The TLS Record Protocol ensures data confidentiality and integrity.
40. What is an SSH bastion host used for?
π A) Securely managing remote access
π B) Encrypting email communication
π C) Generating PGP keys
π D) Managing TLS handshakes
β
Answer: A) Securely managing remote access
π‘ Explanation: A bastion host is an exposed SSH server that acts as a secure gateway.
41. What is the primary function of an SSH fingerprint?
π A) To encrypt SSH traffic
π B) To verify the authenticity of an SSH server
π C) To generate new SSH keys
π D) To prevent brute-force attacks
β
Answer: B) To verify the authenticity of an SSH server
π‘ Explanation: An SSH fingerprint is a cryptographic hash of the server’s public key, used to verify its authenticity during connections.
42. What is a TLS Cipher Suite?
π A) A collection of encryption algorithms used in TLS communication
π B) A type of VPN protocol
π C) A physical hardware security device
π D) A hashing algorithm
β
Answer: A) A collection of encryption algorithms used in TLS communication
π‘ Explanation: A TLS Cipher Suite defines the encryption, hashing, and authentication algorithms used in a TLS session.
43. What type of attack does SSH key-based authentication help mitigate?
π A) Brute-force password attacks
π B) Cross-Site Scripting (XSS)
π C) SQL Injection
π D) Man-in-the-Middle (MITM)
β
Answer: A) Brute-force password attacks
π‘ Explanation: SSH key-based authentication replaces passwords with cryptographic keys, preventing brute-force attacks.
44. What does the term “TLS fallback attack” refer to?
π A) Forcing a connection to downgrade to a weaker TLS version
π B) Cracking the TLS encryption key
π C) Breaking a digital certificate
π D) Forcing a session timeout
β
Answer: A) Forcing a connection to downgrade to a weaker TLS version
π‘ Explanation: A TLS fallback attack exploits protocol downgrades (e.g., forcing TLS 1.2 to use TLS 1.0), making it easier to exploit known vulnerabilities.
45. What does PGP use for key management?
π A) Key pairs stored in a certificate authority
π B) A web of trust model
π C) A centralized key server
π D) A blockchain-based trust system
β
Answer: B) A web of trust model
π‘ Explanation: PGP uses a web of trust, where users sign each otherβs keys to establish credibility, unlike centralized CAs.
46. Which of the following is an open-source alternative to SSH?
π A) Telnet
π B) PuTTY
π C) OpenSSH
π D) SSL
β
Answer: C) OpenSSH
π‘ Explanation: OpenSSH is a free, open-source implementation of the SSH protocol used for secure remote administration.
47. What is the purpose of a self-signed TLS certificate?
π A) To provide free, unlimited encryption
π B) To secure internal applications without a Certificate Authority (CA)
π C) To ensure global trust in a website
π D) To enhance key rotation speed
β
Answer: B) To secure internal applications without a Certificate Authority (CA)
π‘ Explanation: Self-signed TLS certificates are typically used for internal servers and testing environments but are not trusted by default in browsers.
48. What is the default bit length for a modern SSH RSA key?
π A) 512-bit
π B) 1024-bit
π C) 2048-bit
π D) 4096-bit
β
Answer: C) 2048-bit
π‘ Explanation: The default RSA key length for SSH is 2048-bit, but 4096-bit is recommended for enhanced security.
49. What does Certificate Pinning help prevent?
π A) Phishing attacks
π B) Man-in-the-Middle (MITM) attacks with fraudulent certificates
π C) Cross-Site Request Forgery (CSRF)
π D) SQL Injection
β
Answer: B) Man-in-the-Middle (MITM) attacks with fraudulent certificates
π‘ Explanation: Certificate Pinning ensures only a specific certificate is trusted, preventing MITM attacks with rogue CAs.
50. What is the role of an SSH bastion host?
π A) To act as a secure gateway for remote access
π B) To generate TLS certificates
π C) To encrypt TLS handshakes
π D) To validate SSL certificates
β
Answer: A) To act as a secure gateway for remote access
π‘ Explanation: An SSH bastion host is a hardened server used as a jump host to access internal systems securely.
51. Which TLS version introduced 0-RTT (Zero Round-Trip Time) mode?
π A) TLS 1.0
π B) TLS 1.1
π C) TLS 1.2
π D) TLS 1.3
β
Answer: D) TLS 1.3
π‘ Explanation: TLS 1.3 introduced 0-RTT, allowing faster connections by reusing previously established sessions.
52. What is SSH X11 forwarding used for?
π A) To transfer files securely
π B) To run graphical applications over SSH
π C) To increase SSH encryption strength
π D) To verify SSH fingerprints
β
Answer: B) To run graphical applications over SSH
π‘ Explanation: SSH X11 forwarding allows users to run GUI applications remotely over SSH.
53. What does a wildcard TLS certificate secure?
π A) A single domain
π B) Multiple top-level domains
π C) A domain and all of its subdomains
π D) Only IP-based connections
β
Answer: C) A domain and all of its subdomains
π‘ Explanation: A wildcard certificate (e.g., *.example.com) secures all subdomains under a primary domain.
54. What command is used to generate a new SSH key pair?
π A) ssh-keygen
π B) ssh-add
π C) ssh-copy-id
π D) openssl keygen
β
Answer: A) ssh-keygen
π‘ Explanation: The ssh-keygen command generates a new SSH key pair for authentication.
55. What does TLS use to prevent replay attacks?
π A) Nonces and sequence numbers
π B) RSA encryption
π C) Certificate Pinning
π D) HSTS
β
Answer: A) Nonces and sequence numbers
π‘ Explanation: TLS uses nonces and sequence numbers to prevent replay attacks, ensuring messages arenβt duplicated.
56. What type of attack was exploited in the Heartbleed vulnerability?
π A) Buffer overflow in OpenSSLβs Heartbeat extension
π B) Man-in-the-Middle (MITM) attack
π C) TLS handshake manipulation
π D) SSH brute force
β
Answer: A) Buffer overflow in OpenSSLβs Heartbeat extension
π‘ Explanation: Heartbleed exploited a buffer overflow in OpenSSL, allowing attackers to read sensitive memory data.
57. What does SSH use for integrity checking?
π A) HMAC
π B) AES
π C) RSA
π D) Diffie-Hellman
β
Answer: A) HMAC
π‘ Explanation: SSH uses HMAC (Hash-based Message Authentication Code) to verify data integrity.
58. What does TLS use for message confidentiality?
π A) Symmetric encryption
π B) Hashing
π C) Public key encryption only
π D) Salting
β
Answer: A) Symmetric encryption
π‘ Explanation: TLS uses symmetric encryption (e.g., AES) for message confidentiality.
61. What is the primary purpose of TLS mutual authentication?
π A) To encrypt data using symmetric keys
π B) To authenticate both the server and client using certificates
π C) To enable certificate pinning
π D) To establish an anonymous connection
β
Answer: B) To authenticate both the server and client using certificates
π‘ Explanation: TLS mutual authentication requires both the client and server to present valid certificates for identity verification.
62. What command is used to check the fingerprint of an SSH key?
π A) ssh -V
π B) ssh-keygen -lf keyfile
π C) openssl check
π D) tls-fingerprint
β
Answer: B) ssh-keygen -lf keyfile
π‘ Explanation: The ssh-keygen -lf command displays the fingerprint of an SSH public key.
63. What is the maximum bit length for an RSA key in OpenSSH?
π A) 4096-bit
π B) 8192-bit
π C) 1024-bit
π D) 16384-bit
β
Answer: D) 16384-bit
π‘ Explanation: OpenSSH supports RSA key lengths up to 16,384 bits, though 4096-bit is commonly used for security and performance.
64. What does the “G” in GPG stand for?
π A) Government
π B) GNU
π C) General
π D) Global
β
Answer: B) GNU
π‘ Explanation: GPG (GNU Privacy Guard) is an open-source implementation of PGP, used for secure communication.
65. What is the primary function of a TLS session ticket?
π A) To encrypt email communications
π B) To speed up subsequent TLS connections
π C) To generate cryptographic keys
π D) To validate OCSP responses
β
Answer: B) To speed up subsequent TLS connections
π‘ Explanation: TLS session tickets allow clients to resume previous TLS sessions without repeating a full handshake.
66. What is a common vulnerability in improperly configured SSH servers?
π A) Key reuse
π B) Lack of two-factor authentication
π C) Weak ciphers and outdated algorithms
π D) All of the above
β
Answer: D) All of the above
π‘ Explanation: SSH servers with weak ciphers, key reuse, and lack of 2FA are prone to brute-force and MITM attacks.
67. What is a CRL (Certificate Revocation List) used for?
π A) Encrypting data
π B) Listing revoked certificates
π C) Signing SSH keys
π D) Creating TLS handshakes
β
Answer: B) Listing revoked certificates
π‘ Explanation: A CRL (Certificate Revocation List) is used by Certificate Authorities to list revoked certificates.
68. What is the primary function of an SSH jump host?
π A) Encrypt SSH connections
π B) Act as an intermediary to access internal systems securely
π C) Manage SSH keys
π D) Generate SSH fingerprints
β
Answer: B) Act as an intermediary to access internal systems securely
π‘ Explanation: An SSH jump host is a secure gateway that routes SSH traffic to internal systems.
69. Which cryptographic algorithm was deprecated in TLS 1.3?
π A) AES
π B) RSA key exchange
π C) ChaCha20
π D) SHA-256
β
Answer: B) RSA key exchange
π‘ Explanation: TLS 1.3 removed RSA key exchange due to its lack of Forward Secrecy.
70. What is the function of the ssh-copy-id command?
π A) Copy SSH keys to a remote server for passwordless login
π B) Generate a new SSH key pair
π C) Transfer encrypted files
π D) Delete SSH keys
β
Answer: A) Copy SSH keys to a remote server for passwordless login
π‘ Explanation: The ssh-copy-id command securely transfers public SSH keys to a remote system for key-based authentication.
71. What is the primary advantage of using Ed25519 keys for SSH authentication?
π A) Faster key generation and verification
π B) Stronger encryption than RSA
π C) Smaller key size with better security
π D) All of the above
β
Answer: D) All of the above
π‘ Explanation: Ed25519 keys provide strong security, faster performance, and smaller key sizes, making them an excellent choice for SSH authentication.
72. What does TLS use to ensure confidentiality of session data?
π A) Public-key cryptography
π B) Symmetric encryption
π C) Hashing algorithms
π D) Diffie-Hellman key exchange
β
Answer: B) Symmetric encryption
π‘ Explanation: TLS uses symmetric encryption (e.g., AES) for data confidentiality after the handshake is completed.
73. What is the role of gpg --verify in PGP?
π A) Encrypt a message
π B) Verify a signed message or file
π C) Generate a new key pair
π D) Export public keys
β
Answer: B) Verify a signed message or file
π‘ Explanation: The gpg --verify command checks whether a PGP-signed file is valid and was not tampered with.
74. What is the default port for an SSH SOCKS proxy?
π A) 22
π B) 443
π C) 1080
π D) 8080
β
Answer: C) 1080
π‘ Explanation: The default port for an SSH SOCKS proxy is 1080, allowing secure browsing via SSH tunnels.
75. What is the purpose of an Extended Validation (EV) certificate in TLS?
π A) To provide higher encryption strength
π B) To verify the organization’s identity more strictly
π C) To enable certificate pinning
π D) To prevent brute-force attacks
β
Answer: B) To verify the organization’s identity more strictly
π‘ Explanation: EV certificates require stronger identity verification for organizations and show a green bar in older browsers.
76. What is the primary difference between SSH and Telnet?
π A) SSH is encrypted, while Telnet is not
π B) Telnet is faster than SSH
π C) SSH is only used for Windows servers
π D) Telnet supports only IPv6
β
Answer: A) SSH is encrypted, while Telnet is not
π‘ Explanation: SSH encrypts all communication, whereas Telnet sends data in plaintext, making it insecure.
77. What happens if an SSH private key is leaked?
π A) The associated public key becomes invalid
π B) Attackers can gain unauthorized access to systems
π C) The SSH server shuts down automatically
π D) The SSH fingerprint changes
β
Answer: B) Attackers can gain unauthorized access to systems
π‘ Explanation: If an SSH private key is compromised, attackers can authenticate as the legitimate user.
78. What type of key does SSH use to authenticate a client?
π A) Public key
π B) Private key
π C) Symmetric key
π D) Session key
β
Answer: A) Public key
π‘ Explanation: SSH authenticates clients using their public key, while the private key remains confidential.
79. What command lists all installed SSH keys in an agent?
π A) ssh-keygen -l
π B) ssh-agent -k
π C) ssh-add -l
π D) ssh-config --list
β
Answer: C) ssh-add -l
π‘ Explanation: The ssh-add -l command lists all keys stored in the SSH agent.
80. What cryptographic protocol is recommended for replacing RSA in SSH?
π A) DSA
π B) ChaCha20
π C) Ed25519
π D) DES
β
Answer: C) Ed25519
π‘ Explanation: Ed25519 is a modern, secure, and fast alternative to RSA in SSH authentication.
81. Which command is used to remove all identities from the SSH authentication agent?
π A) ssh-agent -r
π B) ssh-add -D
π C) ssh-keygen -R
π D) ssh-remove-all
β
Answer: B) ssh-add -D
π‘ Explanation: The ssh-add -D command removes all stored identities (SSH keys) from the SSH agent.
82. What is the primary purpose of the OCSP stapling mechanism in TLS?
π A) To reduce OCSP response time and improve security
π B) To generate TLS session keys
π C) To enforce HTTPS in browsers
π D) To provide Forward Secrecy
β
Answer: A) To reduce OCSP response time and improve security
π‘ Explanation: OCSP stapling allows a web server to attach an OCSP response to a TLS handshake, improving performance and security.
83. Which encryption algorithm is commonly used in modern TLS implementations?
π A) RC4
π B) AES-GCM
π C) MD5
π D) DES
β
Answer: B) AES-GCM
π‘ Explanation: AES-GCM (Advanced Encryption Standard with Galois Counter Mode) is a secure and efficient encryption algorithm used in modern TLS.
84. What does the Strict-Transport-Security HTTP header enforce?
π A) Disabling non-secure HTTP connections
π B) Enabling OCSP stapling
π C) Enforcing HMAC authentication
π D) Preventing SQL injection attacks
β
Answer: A) Disabling non-secure HTTP connections
π‘ Explanation: The Strict-Transport-Security (HSTS) header forces browsers to only use HTTPS, preventing downgrade attacks.
85. What is the primary function of TLS session resumption?
π A) To speed up repeated TLS connections
π B) To generate new SSL certificates
π C) To encrypt SSH keys
π D) To perform key rotation
β
Answer: A) To speed up repeated TLS connections
π‘ Explanation: TLS session resumption allows clients to reconnect faster without a full handshake.
86. What does SSH use to encrypt interactive terminal sessions?
π A) Asymmetric encryption only
π B) Symmetric encryption after key exchange
π C) Hashing algorithms
π D) Plaintext communication
β
Answer: B) Symmetric encryption after key exchange
π‘ Explanation: SSH uses asymmetric encryption for key exchange and then switches to symmetric encryption for session data.
87. What attack does SSH guard against by using sequence numbers?
π A) Brute-force attacks
π B) Replay attacks
π C) SQL injection
π D) Cross-site scripting (XSS)
β
Answer: B) Replay attacks
π‘ Explanation: SSH assigns sequence numbers to packets to prevent replay attacks.
88. What is the purpose of an intermediate certificate in SSL/TLS?
π A) To sign root CA certificates
π B) To establish a chain of trust between the root CA and end-entity certificates
π C) To encrypt the TLS handshake
π D) To store private keys
β
Answer: B) To establish a chain of trust between the root CA and end-entity certificates
π‘ Explanation: Intermediate certificates act as a bridge between root Certificate Authorities (CAs) and end-user certificates.
89. Which SSH configuration file controls server settings?
π A) /etc/ssh/ssh_config
π B) /etc/ssh/sshd_config
π C) ~/.ssh/config
π D) /var/log/ssh.log
β
Answer: B) /etc/ssh/sshd_config
π‘ Explanation: The /etc/ssh/sshd_config file contains SSH server settings, including port, authentication methods, and key exchange protocols.
90. What is the purpose of the tls-prober tool?
π A) To check for TLS configuration issues and vulnerabilities
π B) To scan networks for open SSH ports
π C) To generate TLS keys
π D) To perform brute-force attacks
β
Answer: A) To check for TLS configuration issues and vulnerabilities
π‘ Explanation: tls-prober scans servers for TLS misconfigurations and security flaws.
91. What SSH option prevents password authentication and enforces key-based login?
π A) PermitRootLogin no
π B) PasswordAuthentication no
π C) AllowUsers root
π D) EnablePasswordSecurity on
β
Answer: B) PasswordAuthentication no
π‘ Explanation: Setting PasswordAuthentication no in sshd_config forces SSH key-based authentication.
92. What is a common attack against weak SSH passwords?
π A) SQL injection
π B) Brute-force attack
π C) Buffer overflow
π D) Clickjacking
β
Answer: B) Brute-force attack
π‘ Explanation: Attackers use brute-force attacks to guess weak SSH passwords and gain unauthorized access.
93. What is the default expiration time for a PGP key?
π A) 1 year
π B) 5 years
π C) No expiration by default
π D) 10 years
β
Answer: C) No expiration by default
π‘ Explanation: PGP keys do not expire by default, but users can set expiration dates when generating a key.
94. What attack does TLS use MAC (Message Authentication Code) to prevent?
π A) Man-in-the-Middle (MITM)
π B) SQL injection
π C) Timing attacks
π D) Buffer overflow
β
Answer: A) Man-in-the-Middle (MITM)
π‘ Explanation: TLS MAC ensures message integrity, preventing MITM attacks.
95. What type of encryption does SSH use for file transfers?
π A) RSA
π B) Symmetric encryption
π C) MD5
π D) No encryption
β
Answer: B) Symmetric encryption
π‘ Explanation: SSH encrypts file transfers using symmetric encryption algorithms like AES.
96. What does the gpg --export command do?
π A) Exports a PGP public key
π B) Encrypts a message
π C) Signs a file
π D) Generates a new key pair
β
Answer: A) Exports a PGP public key
π‘ Explanation: gpg --export exports a PGP public key for sharing.
97. What is the role of sshd in SSH?
π A) SSH client
π B) SSH daemon (server)
π C) Key generator
π D) File encryption tool
β
Answer: B) SSH daemon (server)
π‘ Explanation: sshd is the SSH server process that listens for incoming connections.
98. What is the purpose of mod_ssl in Apache?
π A) To enable TLS/SSL support in Apache web server
π B) To generate SSH keys
π C) To validate PGP signatures
π D) To prevent brute-force attacks
β
Answer: A) To enable TLS/SSL support in Apache web server
π‘ Explanation: mod_ssl is an Apache module that enables SSL/TLS support.
99. What is the main purpose of Diffie-Hellman key exchange in SSH?
π A) To securely establish a shared symmetric key
π B) To generate public keys
π C) To sign SSH certificates
π D) To store passwords
β
Answer: A) To securely establish a shared symmetric key
π‘ Explanation: Diffie-Hellman allows SSH clients and servers to negotiate a shared secret securely.
100. What is the standard port for OCSP responder services?
π A) 80
π B) 443
π C) 21
π D) 8080
β
Answer: A) 80
π‘ Explanation: OCSP responders typically operate on port 80 to provide certificate revocation status.
101. Which of the following protocols is often used for secure file transfer over SSH?
π A) SCP
π B) FTP
π C) Telnet
π D) HTTP
β
Answer: A) SCP
π‘ Explanation: SCP (Secure Copy Protocol) is used for securely transferring files over SSH.
102. What does the “S” in SSL/TLS stand for?
π A) Secure
π B) Session
π C) System
π D) Server
β
Answer: A) Secure
π‘ Explanation: SSL/TLS stands for Secure Sockets Layer/Transport Layer Security, which provides encryption and security for network communications.
103. Which TLS version introduced improved security features like 0-RTT?
π A) TLS 1.0
π B) TLS 1.1
π C) TLS 1.2
π D) TLS 1.3
β
Answer: D) TLS 1.3
π‘ Explanation: TLS 1.3 introduced 0-RTT, reducing connection times and improving security.
104. Which of the following ciphers is most commonly used in modern TLS encryption?
π A) RC4
π B) AES
π C) DES
π D) 3DES
β
Answer: B) AES
π‘ Explanation: AES (Advanced Encryption Standard) is widely used for secure encryption in modern TLS protocols.
105. What is the primary purpose of a public key in asymmetric encryption?
π A) To encrypt data
π B) To decrypt data
π C) To sign data
π D) To store session keys
β
Answer: A) To encrypt data
π‘ Explanation: The public key is used to encrypt data, while the private key is used to decrypt it.
106. What is the default port number used for HTTPS?
π A) 22
π B) 80
π C) 443
π D) 53
β
Answer: C) 443
π‘ Explanation: HTTPS typically runs on port 443, which is used for secure web communication.
107. Which of the following tools is commonly used to generate PGP keys?
π A) OpenSSL
π B) GPG
π C) SSL Labs
π D) Nmap
β
Answer: B) GPG
π‘ Explanation: GPG (GNU Privacy Guard) is commonly used to generate and manage PGP keys for encryption and signing.
108. What is the difference between SSH and SFTP?
π A) SSH is for secure login, and SFTP is for file transfers
π B) SFTP provides a faster transfer rate than SSH
π C) SSH uses TLS encryption, while SFTP uses AES
π D) SFTP is only for encrypted email communication
β
Answer: A) SSH is for secure login, and SFTP is for file transfers
π‘ Explanation: SSH is used for secure remote login and command execution, while SFTP (Secure File Transfer Protocol) is used for secure file transfers over SSH.
109. Which of the following is a commonly used method for SSH key management?
π A) SSH-agent
π B) FTP
π C) SSL/TLS
π D) RSA token
β
Answer: A) SSH-agent
π‘ Explanation: The SSH-agent stores private SSH keys securely in memory, allowing automatic authentication.
110. What is the purpose of a PGP key pair?
π A) To encrypt the contents of a file
π B) To provide authentication for SSH sessions
π C) To create digital signatures for emails and files
π D) To prevent SSL/TLS session hijacking
β
Answer: C) To create digital signatures for emails and files
π‘ Explanation: PGP key pairs are used to encrypt and sign emails and files, providing authentication and integrity.
111. Which type of attack can occur if SSL/TLS certificates are not properly verified?
π A) Man-in-the-Middle (MITM)
π B) Cross-Site Scripting (XSS)
π C) SQL Injection
π D) Denial of Service (DoS)
β
Answer: A) Man-in-the-Middle (MITM)
π‘ Explanation: MITM attacks can occur if the SSL/TLS certificate is not verified properly, allowing attackers to intercept and alter communications.
112. What is the role of a Certificate Authority (CA) in SSL/TLS communication?
π A) To encrypt SSL traffic
π B) To generate private keys
π C) To issue digital certificates for websites
π D) To monitor SSL traffic for vulnerabilities
β
Answer: C) To issue digital certificates for websites
π‘ Explanation: Certificate Authorities (CAs) issue digital certificates that verify the identity of websites and facilitate secure SSL/TLS connections.
113. What does SSL stripping do?
π A) Encrypts HTTP traffic to make it secure
π B) Downgrades an HTTPS connection to HTTP
π C) Secures FTP sessions
π D) Changes the encryption algorithm of SSL/TLS
β
Answer: B) Downgrades an HTTPS connection to HTTP
π‘ Explanation: SSL stripping is an attack that downgrades a secure HTTPS connection to HTTP, making data vulnerable to interception.
114. Which of the following is the most secure key exchange mechanism used in TLS 1.3?
π A) RSA key exchange
π B) Diffie-Hellman key exchange
π C) Elliptic Curve Diffie-Hellman (ECDHE)
π D) Static Diffie-Hellman
β
Answer: C) Elliptic Curve Diffie-Hellman (ECDHE)
π‘ Explanation: ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) provides Forward Secrecy and is the most secure key exchange method used in TLS 1.3.
115. What does the ssh-copy-id command do?
π A) Copies a public SSH key to a remote system for authentication
π B) Copies a file securely to a remote system
π C) Verifies the fingerprint of an SSH key
π D) Generates a new SSH key pair
β
Answer: A) Copies a public SSH key to a remote system for authentication
π‘ Explanation: The ssh-copy-id command installs a public SSH key on a remote system for passwordless authentication.
116. What is the key difference between SSH and SSL/TLS?
π A) SSH is used for file transfers, while SSL/TLS is used for web traffic
π B) SSH encrypts web traffic, while SSL/TLS is for remote logins
π C) SSH uses symmetric encryption, while SSL/TLS uses asymmetric encryption
π D) SSH is used for remote login and command execution, while SSL/TLS secures web traffic
β
Answer: D) SSH is used for remote login and command execution, while SSL/TLS secures web traffic
π‘ Explanation: SSH is used for remote logins and command execution, while SSL/TLS secures web traffic.
117. Which of the following is the most secure hashing algorithm used in SSL/TLS for integrity checks?
π A) MD5
π B) SHA-1
π C) SHA-256
π D) SHA-512
β
Answer: C) SHA-256
π‘ Explanation: SHA-256 is the most commonly used hashing algorithm for integrity checks in SSL/TLS.
118. Which TLS cipher suite provides both encryption and integrity protection?
π A) RSA
π B) AES-GCM
π C) ECDSA
π D) SHA-1
β
Answer: B) AES-GCM
π‘ Explanation: AES-GCM (Advanced Encryption Standard with Galois/Counter Mode) provides both encryption and integrity protection.
119. What is the main purpose of OCSP (Online Certificate Status Protocol)?
π A) To verify SSL/TLS certificate expiration dates
π B) To check the revocation status of SSL/TLS certificates
π C) To store SSL/TLS certificates
π D) To sign SSL/TLS certificates
β
Answer: B) To check the revocation status of SSL/TLS certificates
π‘ Explanation: OCSP is used to check whether an SSL/TLS certificate has been revoked by the issuing Certificate Authority (CA).
120. Which SSH authentication method uses cryptographic keys instead of passwords?
π A) Public-key authentication
π B) Password-based authentication
π C) Two-factor authentication
π D) Challenge-response authentication
β
Answer: A) Public-key authentication
π‘ Explanation: Public-key authentication uses a private/public key pair instead of passwords for secure SSH authentication.
121. What is the primary role of a TLS handshake?
π A) Encrypt data transmission
π B) Authenticate the client and server and negotiate encryption parameters
π C) Store session keys for later use
π D) Verify the client’s IP address
β
Answer: B) Authenticate the client and server and negotiate encryption parameters
π‘ Explanation: The TLS handshake is used to authenticate both parties and establish encryption settings before data transfer.
122. What does SSH port forwarding allow?
π A) Running a web server over SSH
π B) Encrypting FTP transfers
π C) Securely tunneling network traffic through an SSH connection
π D) Automating SSH authentication
β
Answer: C) Securely tunneling network traffic through an SSH connection
π‘ Explanation: SSH port forwarding (tunneling) allows secure routing of network traffic through an SSH connection.
123. What is the main advantage of Elliptic Curve Cryptography (ECC) over RSA in TLS?
π A) It is more resistant to quantum computing attacks
π B) It provides stronger security with smaller key sizes
π C) It does not require key exchange
π D) It is faster for encryption but slower for decryption
β
Answer: B) It provides stronger security with smaller key sizes
π‘ Explanation: ECC (Elliptic Curve Cryptography) provides strong security with smaller key sizes, making it more efficient than RSA.
124. Which SSH key type is recommended for maximum security?
π A) RSA (2048-bit)
π B) DSA (1024-bit)
π C) Ed25519
π D) MD5
β
Answer: C) Ed25519
π‘ Explanation: Ed25519 is a modern and secure SSH key algorithm, offering high security and fast performance.
125. What is the main purpose of Transport Layer Security (TLS)?
π A) Encrypting and securing data in transit
π B) Encrypting stored data
π C) Generating cryptographic hashes
π D) Creating symmetric encryption keys
β
Answer: A) Encrypting and securing data in transit
π‘ Explanation: TLS is used to encrypt network traffic, ensuring secure communication between clients and servers.
126. What does the SSH -L option do?
π A) Enables logging for SSH
π B) Starts an SSH listener for incoming connections
π C) Creates a local port forwarding tunnel
π D) Lists all active SSH sessions
β
Answer: C) Creates a local port forwarding tunnel
π‘ Explanation: The ssh -L option is used for local port forwarding, allowing a remote service to be accessed securely.
127. Which attack exploits the vulnerability in SSL/TLS renegotiation?
π A) POODLE
π B) BEAST
π C) Triple Handshake Attack
π D) Heartbleed
β
Answer: C) Triple Handshake Attack
π‘ Explanation: The Triple Handshake Attack allows an attacker to intercept and manipulate TLS connections by exploiting session renegotiation.
128. What is the purpose of a root certificate in SSL/TLS?
π A) To encrypt user data
π B) To validate and sign other certificates in the trust hierarchy
π C) To store SSL keys
π D) To manage TLS handshakes
β
Answer: B) To validate and sign other certificates in the trust hierarchy
π‘ Explanation: A root certificate is the top-level certificate in a Public Key Infrastructure (PKI) and is used to sign and validate other certificates.
129. What is the main purpose of the .ssh/authorized_keys file in SSH?
π A) To store SSH client configuration
π B) To list public keys authorized for SSH login
π C) To generate new SSH keys
π D) To store SSH logs
β
Answer: B) To list public keys authorized for SSH login
π‘ Explanation: The .ssh/authorized_keys file contains public keys that are allowed to authenticate without a password.
130. What is Forward Secrecy in SSL/TLS?
π A) The ability to reuse session keys for faster encryption
π B) The protection of past communications even if the private key is compromised
π C) The automatic renewal of SSL certificates
π D) The use of self-signed certificates
β
Answer: B) The protection of past communications even if the private key is compromised
π‘ Explanation: Forward Secrecy ensures that past encrypted sessions remain secure, even if the private key is later compromised.
131. What is the recommended way to disable weak ciphers in an SSH server?
π A) Using Ciphers directive in sshd_config
π B) Changing the SSH port to a non-standard one
π C) Running SSH in debug mode
π D) Disabling password authentication
β
Answer: A) Using Ciphers directive in sshd_config
π‘ Explanation: The Ciphers directive in sshd_config is used to disable weak encryption algorithms in SSH.
132. What does the TLS “Certificate Transparency” mechanism prevent?
π A) Unauthorized certificate issuance
π B) DNS spoofing attacks
π C) SQL injection attacks
π D) Side-channel attacks
β
Answer: A) Unauthorized certificate issuance
π‘ Explanation: Certificate Transparency (CT) helps detect and prevent fraudulent certificate issuance by maintaining public logs of issued certificates.
133. What is the function of gpg --list-keys in PGP?
π A) Encrypts a message
π B) Lists all stored PGP keys
π C) Generates a new key pair
π D) Deletes a public key
β
Answer: B) Lists all stored PGP keys
π‘ Explanation: The gpg --list-keys command is used to display all PGP keys stored in a user’s keyring.
134. What does the TLS_FALLBACK_SCSV mechanism prevent?
π A) TLS downgrade attacks
π B) MITM attacks
π C) Certificate spoofing
π D) Key exchange failures
β
Answer: A) TLS downgrade attacks
π‘ Explanation: TLS_FALLBACK_SCSV is a security measure that prevents forced downgrades to weaker TLS versions.
135. What is the recommended replacement for SHA-1 in TLS?
π A) MD5
π B) SHA-256
π C) AES-128
π D) RSA
β
Answer: B) SHA-256
π‘ Explanation: SHA-256 is recommended to replace the deprecated SHA-1 in modern TLS implementations.
136. What is the purpose of the SSH -N flag?
π A) Disables encryption
π B) Prevents remote commands from executing
π C) Disables password authentication
π D) Enables verbose logging
β
Answer: B) Prevents remote commands from executing
π‘ Explanation: The ssh -N option is used to set up SSH tunneling without executing remote commands.
137. What is the purpose of HSTS in web security?
π A) To prevent HTTPS downgrade attacks
π B) To encrypt email communication
π C) To validate SSH fingerprints
π D) To generate TLS keys
β
Answer: A) To prevent HTTPS downgrade attacks
π‘ Explanation: HSTS (HTTP Strict Transport Security) forces browsers to use HTTPS, preventing downgrade attacks.
138. Which of the following is a major improvement in TLS 1.3?
π A) Removal of insecure ciphers
π B) Faster handshakes
π C) Stronger encryption algorithms
π D) All of the above
β
Answer: D) All of the above
π‘ Explanation: TLS 1.3 improves security, speed, and efficiency by removing insecure ciphers, reducing handshake latency, and enhancing encryption.
141. What does SSH multiplexing help with?
π A) Running multiple SSH commands without establishing a new connection each time
π B) Encrypting SSH keys
π C) Increasing the security of SSH connections
π D) Preventing SSH session hijacking
β
Answer: A) Running multiple SSH commands without establishing a new connection each time
π‘ Explanation: SSH multiplexing allows multiple SSH sessions to reuse the same TCP connection, reducing overhead.
142. What is the primary purpose of a wildcard SSL certificate?
π A) To secure multiple subdomains under the same domain
π B) To provide stronger encryption than regular certificates
π C) To support multiple key exchange mechanisms
π D) To encrypt TLS handshakes
β
Answer: A) To secure multiple subdomains under the same domain
π‘ Explanation: Wildcard SSL certificates can secure all subdomains of a domain (e.g., *.example.com).
143. Which SSH option is used to specify an identity file for authentication?
π A) -p
π B) -i
π C) -X
π D) -L
β
Answer: B) -i
π‘ Explanation: The -i flag allows SSH users to specify a private key file for authentication.
144. What is the default validity period of an SSL/TLS certificate issued by a Certificate Authority (CA)?
π A) 90 days
π B) 1 year
π C) 2 years
π D) 10 years
β
Answer: B) 1 year
π‘ Explanation: As per recent guidelines, SSL/TLS certificates issued by CAs typically have a maximum validity of 1 year.
145. What feature in TLS 1.3 replaces the traditional RSA key exchange?
π A) Ephemeral Diffie-Hellman (DHE)
π B) Pre-shared keys
π C) Elliptic Curve Diffie-Hellman (ECDHE)
π D) Static RSA
β
Answer: C) Elliptic Curve Diffie-Hellman (ECDHE)
π‘ Explanation: TLS 1.3 removed RSA key exchange and replaced it with ECDHE, which provides Forward Secrecy.
146. What is the primary function of the ssh-agent program?
π A) To store decrypted SSH private keys securely in memory
π B) To generate SSH keys
π C) To copy SSH keys to a remote server
π D) To encrypt SSH traffic
β
Answer: A) To store decrypted SSH private keys securely in memory
π‘ Explanation: ssh-agent allows users to store private keys so they donβt have to enter passphrases repeatedly.
147. Which of the following is a common risk of self-signed SSL certificates?
π A) They are not trusted by default in web browsers
π B) They have shorter expiration periods
π C) They provide weaker encryption
π D) They require manual installation on all clients
β
Answer: A) They are not trusted by default in web browsers
π‘ Explanation: Self-signed certificates are not issued by a trusted Certificate Authority (CA), leading to browser security warnings.
148. What is the primary function of the sshd_config file?
π A) To configure the SSH client
π B) To configure the SSH server
π C) To store private SSH keys
π D) To monitor SSH logs
β
Answer: B) To configure the SSH server
π‘ Explanation: The /etc/ssh/sshd_config file controls SSH server settings, including authentication and encryption settings.
149. What attack exploits vulnerabilities in SSL/TLS compression mechanisms?
π A) BEAST
π B) POODLE
π C) CRIME
π D) Heartbleed
β
Answer: C) CRIME
π‘ Explanation: The CRIME attack exploits vulnerabilities in TLS compression, allowing attackers to recover session cookies.
150. What is the purpose of an HMAC in SSH?
π A) To verify data integrity
π B) To encrypt SSH traffic
π C) To generate SSH keys
π D) To enable Forward Secrecy
β
Answer: A) To verify data integrity
π‘ Explanation: HMAC (Hash-based Message Authentication Code) is used in SSH to ensure message integrity.
151. What is the primary benefit of using TLS session tickets?
π A) Faster reconnection times
π B) Stronger encryption
π C) Forward Secrecy
π D) Protection against MITM attacks
β
Answer: A) Faster reconnection times
π‘ Explanation: TLS session tickets allow a client to resume a previous session quickly, reducing the need for a full handshake.
152. What type of encryption does PGP use?
π A) Only symmetric encryption
π B) Only asymmetric encryption
π C) A combination of symmetric and asymmetric encryption
π D) Hashing only
β
Answer: C) A combination of symmetric and asymmetric encryption
π‘ Explanation: PGP encrypts messages using symmetric encryption, and then asymmetrically encrypts the session key.
153. What command lists the fingerprints of known SSH host keys?
π A) ssh -K
π B) ssh-keygen -l
π C) ssh-agent -L
π D) ssh-add -F
β
Answer: B) ssh-keygen -l
π‘ Explanation: The ssh-keygen -l command displays the fingerprint of an SSH public key.
154. Which TLS version deprecated weak ciphers like RC4 and MD5?
π A) TLS 1.1
π B) TLS 1.2
π C) TLS 1.3
π D) SSL 3.0
β
Answer: B) TLS 1.2
π‘ Explanation: TLS 1.2 deprecated insecure ciphers like RC4 and MD5, enhancing security.
155. What does gpg --sign do?
π A) Encrypts a message
π B) Creates a digital signature for a file
π C) Decrypts a file
π D) Lists PGP keys
β
Answer: B) Creates a digital signature for a file
π‘ Explanation: The gpg --sign command generates a PGP digital signature, verifying file authenticity.
156. What does SSH X11 forwarding allow?
π A) Running graphical applications over SSH
π B) Faster SSH key exchange
π C) Encrypting all SSH sessions
π D) Secure remote file transfers
β
Answer: A) Running graphical applications over SSH
π‘ Explanation: X11 forwarding enables users to run graphical applications remotely over SSH.
157. What is a common attack against weak SSH passwords?
π A) Brute-force attack
π B) DNS spoofing
π C) TLS downgrade
π D) Clickjacking
β
Answer: A) Brute-force attack
π‘ Explanation: Attackers attempt to guess weak SSH passwords using brute-force methods.
158. What does the ssh -o option do?
π A) Specifies an SSH configuration option
π B) Enables verbose logging
π C) Disables authentication
π D) Encrypts SSH traffic
β
Answer: A) Specifies an SSH configuration option
π‘ Explanation: The ssh -o option allows users to define specific SSH settings in a command-line session.
159. Which component of TLS handles encryption?
π A) TLS Record Protocol
π B) TLS Handshake Protocol
π C) OCSP
π D) HSTS
β
Answer: A) TLS Record Protocol
π‘ Explanation: The TLS Record Protocol encrypts and secures transmitted data.
160. What is the purpose of a client certificate in TLS?
π A) To authenticate the client to the server
π B) To encrypt data
π C) To sign server certificates
π D) To verify TLS ciphers
β
Answer: A) To authenticate the client to the server
π‘ Explanation: Client certificates are used in mutual TLS authentication to verify client identity.
161. What is the primary function of an SSH jump server?
π A) To act as an intermediary for accessing internal systems securely
π B) To encrypt SSH private keys
π C) To store SSH logs
π D) To block brute-force attacks
β
Answer: A) To act as an intermediary for accessing internal systems securely
π‘ Explanation: An SSH jump server is used to provide controlled access to internal systems, reducing direct exposure.
162. Which OpenSSL command is used to generate a new RSA private key?
π A) openssl genrsa -out key.pem 2048
π B) openssl enc -rsa -genkey
π C) openssl create-key -rsa
π D) openssl generate-rsa 4096
β
Answer: A) openssl genrsa -out key.pem 2048
π‘ Explanation: The openssl genrsa command generates an RSA private key, specifying the key size (e.g., 2048-bit).
163. What type of key does SSH use for secure authentication?
π A) Symmetric key
π B) Public-private key pair
π C) AES key
π D) TLS session key
β
Answer: B) Public-private key pair
π‘ Explanation: SSH uses public-private key pairs to authenticate users securely.
164. What does the TLS “Finished” message indicate?
π A) The handshake is complete, and encryption can begin
π B) The TLS session has been terminated
π C) The certificate is verified
π D) The client and server have agreed on a new session key
β
Answer: A) The handshake is complete, and encryption can begin
π‘ Explanation: The TLS “Finished” message signifies the successful completion of the handshake, allowing encrypted communication to begin.
165. What SSH option prevents a remote command from being executed?
π A) ssh -N
π B) ssh -X
π C) ssh -R
π D) ssh -L
β
Answer: A) ssh -N
π‘ Explanation: The ssh -N option is used when setting up SSH tunnels without executing any remote command.
166. What type of TLS certificate is required for EV (Extended Validation) status?
π A) Self-signed certificate
π B) Wildcard certificate
π C) Organization Validated (OV) certificate
π D) Extended Validation (EV) certificate
β
Answer: D) Extended Validation (EV) certificate
π‘ Explanation: EV certificates require strict identity verification and display a trust indicator in browsers.
167. What is the primary purpose of an SSH bastion host?
π A) To provide controlled access to internal networks
π B) To generate encryption keys
π C) To encrypt all SSH sessions
π D) To act as a load balancer
β
Answer: A) To provide controlled access to internal networks
π‘ Explanation: A bastion host is a hardened system that acts as an access gateway to internal systems.
168. What is the default port for the OCSP protocol?
π A) 80
π B) 443
π C) 21
π D) 53
β
Answer: A) 80
π‘ Explanation: OCSP (Online Certificate Status Protocol) typically operates on port 80 for certificate status checks.
169. What does the Strict-Transport-Security header prevent?
π A) HTTPS downgrade attacks
π B) DNS spoofing
π C) Buffer overflow attacks
π D) SQL injection
β
Answer: A) HTTPS downgrade attacks
π‘ Explanation: HSTS (HTTP Strict Transport Security) ensures that browsers always use HTTPS, preventing downgrade attacks.
170. Which command is used to generate a new SSH key pair?
π A) ssh-genkey
π B) ssh-keygen
π C) ssh-add
π D) ssh-copy-id
β
Answer: B) ssh-keygen
π‘ Explanation: The ssh-keygen command is used to generate new SSH key pairs for authentication.
171. What is the function of the tls-prober tool?
π A) To check for TLS misconfigurations and vulnerabilities
π B) To monitor SSH sessions
π C) To generate encryption keys
π D) To encrypt SSL traffic
β
Answer: A) To check for TLS misconfigurations and vulnerabilities
π‘ Explanation: tls-prober is a security tool that scans servers for TLS-related security flaws.
172. What is the maximum validity of Let’s Encrypt SSL certificates?
π A) 30 days
π B) 90 days
π C) 1 year
π D) 3 years
β
Answer: B) 90 days
π‘ Explanation: Let’s Encrypt certificates are valid for 90 days and must be renewed frequently.
173. What is the purpose of SSH reverse port forwarding?
π A) To allow remote systems to access a local service
π B) To encrypt an SSH session
π C) To secure web traffic over SSH
π D) To bypass firewall restrictions
β
Answer: A) To allow remote systems to access a local service
π‘ Explanation: Reverse SSH port forwarding allows remote systems to connect back to a local service.
174. What protocol does SSH use for key exchange?
π A) AES
π B) RSA
π C) Diffie-Hellman
π D) SHA-256
β
Answer: C) Diffie-Hellman
π‘ Explanation: SSH uses Diffie-Hellman key exchange to securely establish a shared session key.
175. What feature in TLS 1.3 significantly improves security?
π A) Removal of RSA key exchange
π B) Faster handshake process
π C) Improved cipher selection
π D) All of the above
β
Answer: D) All of the above
π‘ Explanation: TLS 1.3 introduced improved security by removing RSA key exchange, speeding up the handshake, and enhancing cipher security.
176. Which hashing algorithm is used in TLS 1.3 for integrity verification?
π A) MD5
π B) SHA-256
π C) SHA-1
π D) Blowfish
β
Answer: B) SHA-256
π‘ Explanation: TLS 1.3 uses SHA-256 for integrity verification to protect against tampering.
177. What is the primary advantage of using a VPN over SSH tunneling for secure connections?
π A) VPN can encrypt all network traffic
π B) SSH is slower than VPN
π C) VPN provides stronger encryption
π D) SSH cannot be used for encryption
β
Answer: A) VPN can encrypt all network traffic
π‘ Explanation: A VPN encrypts all network traffic, while SSH tunneling only encrypts specific traffic.
178. What is the function of gpg --decrypt?
π A) Encrypts a file
π B) Decrypts a PGP-encrypted file
π C) Generates a new PGP key
π D) Exports a public key
β
Answer: B) Decrypts a PGP-encrypted file
π‘ Explanation: The gpg --decrypt command is used to decrypt files encrypted using PGP.
179. What is the primary weakness of using a self-signed SSL certificate?
π A) It is not trusted by browsers
π B) It has weaker encryption
π C) It cannot be revoked
π D) It expires faster than CA-issued certificates
β
Answer: A) It is not trusted by browsers
π‘ Explanation: Self-signed certificates are not issued by a trusted CA, making them untrusted in browsers.
180. What does OCSP (Online Certificate Status Protocol) check?
π A) Whether an SSL certificate is revoked
π B) The expiration date of a certificate
π C) The encryption strength of TLS
π D) The hostname in a TLS certificate
β
Answer: A) Whether an SSL certificate is revoked
π‘ Explanation: OCSP checks whether a certificate has been revoked before its expiration date.
181. What is the purpose of TLS Server Name Indication (SNI)?
π A) To allow multiple SSL certificates on the same IP address
π B) To encrypt DNS queries
π C) To enforce mutual authentication
π D) To improve SSL handshake speed
β
Answer: A) To allow multiple SSL certificates on the same IP address
π‘ Explanation: SNI (Server Name Indication) enables a single server to host multiple SSL/TLS certificates for different domains.
182. What does the SSH -T option do?
π A) Disables pseudo-terminal allocation
π B) Enables X11 forwarding
π C) Forces password authentication
π D) Lists active SSH sessions
β
Answer: A) Disables pseudo-terminal allocation
π‘ Explanation: The ssh -T option prevents SSH from allocating a pseudo-terminal, often used in automation scripts.
183. What is the primary goal of SSL/TLS renegotiation?
π A) To refresh encryption keys during a session
π B) To extend the validity of a TLS certificate
π C) To speed up HTTPS connections
π D) To force certificate re-validation
β
Answer: A) To refresh encryption keys during a session
π‘ Explanation: SSL/TLS renegotiation allows refreshing session keys for additional security.
184. Which SSH authentication method is the most secure?
π A) Password authentication
π B) Public-key authentication
π C) Challenge-response authentication
π D) Plaintext authentication
β
Answer: B) Public-key authentication
π‘ Explanation: Public-key authentication is the most secure SSH authentication method as it eliminates password-based attacks.
185. What does the tlsdate tool do?
π A) Synchronizes system time securely using TLS
π B) Generates TLS keys
π C) Checks SSL certificate expiration
π D) Encrypts SSH traffic
β
Answer: A) Synchronizes system time securely using TLS
π‘ Explanation: tlsdate synchronizes system time by securely retrieving it from TLS-enabled servers.
186. What is the function of OCSP stapling?
π A) Reduces the need for real-time OCSP requests
π B) Encrypts TLS handshakes
π C) Prevents certificate spoofing
π D) Provides automatic certificate renewal
β
Answer: A) Reduces the need for real-time OCSP requests
π‘ Explanation: OCSP stapling allows a web server to pre-fetch the OCSP response and send it during the TLS handshake.
187. What command is used to force SSH to use a specific private key?
π A) ssh -k
π B) ssh -i
π C) ssh -P
π D) ssh -X
β
Answer: B) ssh -i
π‘ Explanation: The ssh -i option specifies a custom private key file for authentication.
188. What does the TLS_PSK cipher suite use for authentication?
π A) Pre-shared keys
π B) RSA certificates
π C) Diffie-Hellman key exchange
π D) HMAC
β
Answer: A) Pre-shared keys
π‘ Explanation: The TLS_PSK cipher suite uses Pre-Shared Keys (PSK) instead of public-key cryptography.
189. What is a common vulnerability in older versions of SSL/TLS?
π A) Lack of Forward Secrecy
π B) Weak encryption algorithms
π C) Susceptibility to MITM attacks
π D) All of the above
β
Answer: D) All of the above
π‘ Explanation: Older SSL/TLS versions suffer from weak encryption, lack of Forward Secrecy, and vulnerabilities to MITM attacks.
190. What protocol replaces SSL in modern secure communications?
π A) IPSec
π B) TLS
π C) SSH
π D) VPN
β
Answer: B) TLS
π‘ Explanation: TLS (Transport Layer Security) is the modern replacement for the outdated SSL protocol.
191. What is the primary risk of using expired SSL/TLS certificates?
π A) Reduced encryption strength
π B) Certificate errors and trust issues
π C) Increased website speed
π D) Faster handshake times
β
Answer: B) Certificate errors and trust issues
π‘ Explanation: Expired SSL/TLS certificates cause trust errors, leading to browser security warnings.
192. What is the default SSH key file name for RSA authentication?
π A) id_ecdsa
π B) id_dsa
π C) id_rsa
π D) id_ed25519
β
Answer: C) id_rsa
π‘ Explanation: RSA keys are stored in ~/.ssh/id_rsa for SSH authentication.
193. What is the purpose of ssh-copy-id?
π A) To copy public SSH keys to a remote host for authentication
π B) To generate new SSH keys
π C) To delete SSH keys from a remote server
π D) To list all stored SSH keys
β
Answer: A) To copy public SSH keys to a remote host for authentication
π‘ Explanation: ssh-copy-id simplifies public key authentication by copying public SSH keys to remote servers.
194. Which hashing algorithm was removed from TLS 1.3?
π A) SHA-256
π B) MD5
π C) SHA-3
π D) Whirlpool
β
Answer: B) MD5
π‘ Explanation: TLS 1.3 removed MD5 due to its weaknesses in collision attacks.
195. What is the primary use of gpg --armor?
π A) To export keys in ASCII format
π B) To encrypt files
π C) To sign emails
π D) To generate PGP keys
β
Answer: A) To export keys in ASCII format
π‘ Explanation: The gpg --armor option exports keys and messages in ASCII format, making them more portable.
196. What is the main benefit of TLS session resumption?
π A) Faster reconnection times
π B) Increased encryption strength
π C) Automatic certificate renewal
π D) Reduced need for HSTS
β
Answer: A) Faster reconnection times
π‘ Explanation: TLS session resumption speeds up subsequent connections by reusing previously established session parameters.
197. What does the ssh -q option do?
π A) Runs SSH in quiet mode, suppressing warnings and errors
π B) Lists active SSH keys
π C) Enables verbose logging
π D) Forces password authentication
β
Answer: A) Runs SSH in quiet mode, suppressing warnings and errors
π‘ Explanation: The ssh -q option suppresses output messages, making SSH connections quieter.
198. What is the purpose of an Extended Validation (EV) TLS certificate?
π A) To provide strict identity verification for organizations
π B) To increase encryption strength
π C) To support wildcard domains
π D) To enable Forward Secrecy
β
Answer: A) To provide strict identity verification for organizations
π‘ Explanation: EV TLS certificates require rigorous identity verification before being issued.
199. Which TLS extension prevents downgrade attacks?
π A) TLS_FALLBACK_SCSV
π B) OCSP Stapling
π C) SNI
π D) PFS
β
Answer: A) TLS_FALLBACK_SCSV
π‘ Explanation: TLS_FALLBACK_SCSV prevents protocol downgrade attacks by ensuring clients do not fall back to weaker TLS versions.
200. What does gpg --delete-key do?
π A) Removes a PGP key from the keyring
π B) Revokes a PGP key
π C) Encrypts a file
π D) Lists available keys
β
Answer: A) Removes a PGP key from the keyring
π‘ Explanation: The gpg --delete-key command removes a stored PGP key from the local keyring.
201. What is the purpose of the SSH -C option?
π A) Enables compression for SSH connections
π B) Copies SSH keys to a remote server
π C) Forces password authentication
π D) Disables encryption for faster connections
β
Answer: A) Enables compression for SSH connections
π‘ Explanation: The ssh -C option enables compression, which can improve performance on low-bandwidth networks.
202. What is the primary benefit of using TLS 1.3 over TLS 1.2?
π A) Improved handshake speed and security
π B) Support for older cipher suites
π C) More reliance on RSA key exchange
π D) Increased key sizes for SSL certificates
β
Answer: A) Improved handshake speed and security
π‘ Explanation: TLS 1.3 offers a faster handshake and removes insecure algorithms, making it more secure and efficient than TLS 1.2.
203. What does gpg --edit-key allow you to do?
π A) Modify or manage PGP key properties
π B) Encrypt a file using GPG
π C) Export a GPG key
π D) Delete a GPG key
β
Answer: A) Modify or manage PGP key properties
π‘ Explanation: The gpg --edit-key command allows users to modify key properties, such as adding new user IDs or revoking keys.
204. What is the purpose of the CipherSuites directive in TLS configurations?
π A) To specify the list of allowed encryption algorithms
π B) To manage SSH key authentication
π C) To enforce SSL certificate renewal
π D) To store cryptographic keys
β
Answer: A) To specify the list of allowed encryption algorithms
π‘ Explanation: The CipherSuites directive defines which encryption algorithms a TLS server will support, helping enforce security policies.
205. What does an SSH honeypot do?
π A) Captures unauthorized SSH login attempts for security monitoring
π B) Encrypts SSH connections with stronger algorithms
π C) Automatically blocks IP addresses after failed logins
π D) Creates SSH keys for authentication
β
Answer: A) Captures unauthorized SSH login attempts for security monitoring
π‘ Explanation: An SSH honeypot is a security tool designed to attract and monitor unauthorized SSH login attempts to detect and analyze attack patterns.