CCNA Casp Engineering Crypto Questions

75 of 103 questions · Page 1/2 · Casp Engineering Crypto topic · Answers revealed

1
MCQmedium

A security administrator is configuring IPsec VPN between two sites. The data transmitted includes sensitive financial records. The administrator wants to ensure both confidentiality and integrity of the data, and also wants to authenticate the source. Which IPsec protocol and mode should be used?

A.ESP in tunnel mode
B.AH in tunnel mode
C.ESP in transport mode
D.AH in transport mode
AnswerA

ESP provides encryption and integrity, and tunnel mode encrypts the entire packet, suitable for site-to-site VPN.

Why this answer

ESP (Encapsulating Security Payload) provides both confidentiality and integrity (optionally authentication). AH only provides integrity and authentication but not confidentiality. Transport mode encrypts only the payload, while tunnel mode encrypts the entire IP packet.

For site-to-site VPN, tunnel mode is typically used.

2
MCQmedium

A company is deploying IoT sensors that require secure firmware updates over the air (OTA). To ensure integrity and authenticity of the firmware, which of the following should be implemented?

A.Code signing with a trusted certificate
B.Secure boot on the device
C.Hash verification only
D.Encryption of the firmware image
AnswerA

Digital signatures verify that the firmware came from a trusted source and hasn't been altered.

Why this answer

Code signing with digital signatures ensures firmware integrity and authenticity. Encryption alone does not guarantee authenticity. Hash verification ensures integrity but not authenticity.

Secure boot ensures only signed firmware runs but does not protect the update process itself.

3
MCQmedium

A security architect is designing a new authentication system for a high-security environment. The system must support passwordless authentication while providing strong protection against phishing attacks. Which of the following protocols best meets these requirements?

A.Kerberos with PKINIT
B.FIDO2/WebAuthn
C.TOTP/HOTP
D.X.509 certificates with smart cards
AnswerB

FIDO2/WebAuthn uses device-bound keys and is phishing-resistant, enabling passwordless authentication.

Why this answer

FIDO2/WebAuthn uses public key cryptography and is designed to resist phishing; it supports passwordless authentication. TOTP/HOTP are time-based and can be phished. X.509 certificates are not inherently passwordless.

Kerberos requires passwords or tickets.

4
MCQeasy

An organization wants to implement passwordless authentication using FIDO2/WebAuthn. Which of the following best describes the primary security advantage of this approach over traditional password-based authentication?

A.It eliminates the need for multi-factor authentication
B.It prevents phishing by using cryptographic keys bound to the origin
C.It allows users to reuse the same password across services
D.It requires a hardware token for every login
AnswerB

FIDO2 credentials are scoped to the relying party origin, making them resistant to phishing attacks.

Why this answer

FIDO2/WebAuthn uses public key cryptography, so the server does not store a shared secret (password) that can be stolen. This eliminates credential theft via server-side breaches.

5
Multi-Selectmedium

A company is designing a secure communication channel between two branch offices over the internet using IPsec. Which TWO statements are true regarding IPsec modes and protocols? (Select TWO.)

Select 2 answers
A.IKEv2 is used to negotiate IPsec security associations
B.Tunnel mode encrypts the entire original IP packet
C.AH provides confidentiality for the packet
D.Transport mode encrypts the entire IP packet including the header
E.ESP provides confidentiality and optional authentication
AnswersB, E

Tunnel mode encapsulates and encrypts the entire packet, adding a new IP header.

Why this answer

Transport mode encrypts only the payload (excluding the IP header), while tunnel mode encrypts the entire packet. AH provides integrity and authentication but no encryption; ESP provides confidentiality and optionally integrity. IKEv2 is a key exchange protocol.

6
MCQmedium

An organization is concerned about side-channel attacks on its embedded devices. Which of the following is the MOST effective countermeasure against power analysis attacks?

A.Encrypting all data in memory
B.Disabling debug interfaces
C.Increasing the clock speed of the processor
D.Using a constant-time algorithm for cryptographic operations
AnswerD

Constant-time algorithms reduce correlation between data and power consumption.

Why this answer

Power analysis attacks exploit variations in power consumption. Constant-time implementations and adding noise (power randomizers) can help, but the most effective is to use hardware with built-in countermeasures like secure enclaves.

7
MCQhard

A security architect is evaluating hardware security modules (HSMs) for a new PKI deployment. The HSM must be compliant with FIPS 140-2 Level 3. Which of the following is a requirement for Level 3 that distinguishes it from Level 2?

A.Identity-based authentication for operators
B.Cryptographic boundary includes all critical components
C.Environmental failure protections
D.Physical security mechanisms that provide tamper evidence
AnswerA

Level 3 requires identity-based authentication, whereas Level 2 only requires role-based authentication.

Why this answer

FIPS 140-2 Level 3 requires tamper-evident enclosures with active tamper response mechanisms (e.g., erasing keys) and identity-based authentication. Level 2 requires tamper-evident coatings or seals but not active response. Level 4 is more stringent.

8
MCQhard

A security engineer is configuring IPsec VPN between two sites. The requirement is to encrypt the entire IP packet, including the original IP header. Which IPsec mode and protocol should be used?

A.Transport mode with AH
B.Tunnel mode with AH
C.Transport mode with ESP
D.Tunnel mode with ESP
AnswerD

Tunnel mode with ESP encrypts the entire original packet, including headers.

Why this answer

Tunnel mode with ESP encrypts the entire original IP packet and adds a new IP header, which is required for gateway-to-gateway VPNs. ESP provides encryption and optional authentication.

9
MCQmedium

An organization is implementing a Windows Hello for Business deployment to enable passwordless authentication. The solution uses TPM 2.0 for key storage. Which of the following TPM features ensures that the system has not been tampered with before the user authenticates?

A.Secure boot
B.Sealed storage
C.Attestation
D.Measured boot
AnswerD

Measured boot records boot measurements in PCRs, enabling attestation to verify that the system has booted into a known trustworthy state.

Why this answer

Measured boot records measurements of boot components in PCR banks, which can be used for attestation to verify system integrity. Secure boot prevents execution of unauthorized code, but measured boot provides evidence of the boot chain. Sealed storage uses PCR values to restrict access to keys.

Attestation is the process of proving the measurements to a verifier.

10
Multi-Selectmedium

A security architect is designing a secure boot chain for an IoT device. Which THREE components are essential to ensure the integrity of the firmware update process? (Select THREE.)

Select 3 answers
A.Firmware update files signed with a private key
B.A mechanism to prevent firmware rollback to older versions
C.Encryption of firmware at rest on the device
D.Secure over-the-air (OTA) update delivery mechanism (e.g., TLS)
E.A hardware root of trust (e.g., read-only memory) storing the public key
AnswersA, D, E

Signing ensures authenticity and integrity of the update.

Why this answer

A secure boot chain requires that the bootloader verifies the firmware signature using a public key stored in read-only memory. The firmware must be signed by a trusted entity, and updates must be delivered over a secure channel (e.g., TLS) to prevent tampering. Encryption of firmware at rest is not essential for integrity; integrity verification is through signatures.

Rolling back to a previous version should be prevented, but that is a separate concern.

11
MCQeasy

A network administrator needs to establish a secure VPN tunnel between two branch offices using IPsec. The requirement is to encrypt the entire IP packet, including the original IP header. Which IPsec mode should be used?

A.AH mode
B.IKEv1
C.Tunnel mode
D.Transport mode
AnswerC

Tunnel mode encapsulates and encrypts the entire original packet.

Why this answer

Tunnel mode encrypts the entire IP packet and adds a new IP header, making it suitable for VPNs between networks.

12
MCQmedium

An organization is implementing IPsec VPNs between sites. The security team wants to ensure data integrity and authentication but is less concerned about confidentiality for this particular link. Which IPsec protocol and mode should they use?

A.ESP in tunnel mode
B.AH in tunnel mode
C.AH in transport mode
D.ESP in transport mode
AnswerB

AH provides integrity and authentication without encryption; tunnel mode is for site-to-site VPNs.

Why this answer

AH provides authentication and integrity without encryption. Transport mode is used for end-to-end communication, while tunnel mode is for gateway-to-gateway. Since this is between sites (gateways), tunnel mode is appropriate.

AH in transport mode is for host-to-host. ESP provides confidentiality. AH in tunnel mode is correct.

13
MCQmedium

A company is migrating its internal services to use SSH key-based authentication instead of passwords. The security policy requires using the strongest supported algorithms. The SSH server supports the following key exchange algorithms: diffie-hellman-group14-sha256, ecdh-sha2-nistp384, curve25519-sha256. Which algorithm should the administrator choose to meet the policy?

A.ecdh-sha2-nistp384
B.diffie-hellman-group14-sha256
C.All three are equally strong
D.curve25519-sha256
AnswerD

X25519 is widely recommended for its security and efficiency.

Why this answer

Curve25519 (X25519) is the recommended elliptic curve for key exchange due to its strong security and performance advantages. It is considered more secure than NIST curves and traditional Diffie-Hellman.

14
Multi-Selectmedium

A security administrator is implementing TPM 2.0 for secure boot and measured boot on new laptops. Which TWO capabilities does TPM 2.0 provide that are directly related to ensuring the integrity of the boot process? (Select TWO.)

Select 2 answers
A.Remote attestation to verify boot measurements
B.Platform Configuration Registers (PCRs) for storing measurements
C.UEFI secure boot enforcement
D.Sealed storage to protect encryption keys
E.Generation of RSA keys for code signing
AnswersA, B

TPM can sign PCR values to prove boot integrity to a remote party.

Why this answer

Measured boot stores measurements of boot components in PCRs, and attestation allows a remote verifier to check these measurements. Secure boot verifies signatures of bootloaders, but TPM stores measurements; secure boot is a UEFI feature, though TPM can participate. Sealed storage is for data protection, not boot integrity.

15
MCQeasy

Which hashing algorithm is recommended for modern applications requiring high security and resistance to quantum computing threats, and offers improved performance over SHA-2?

A.SHA-3
B.RIPEMD-160
C.MD5
D.SHA-256
AnswerA

SHA-3 is the newest NIST hash, with a sponge construction and quantum resistance.

Why this answer

SHA-3 is the latest NIST-standardized hash function, designed to be resistant to quantum attacks and offers a different structure from SHA-2, with good performance.

16
Multi-Selecteasy

A company is implementing MFA for remote access. Which TWO factors are considered possession factors?

Select 2 answers
A.A fingerprint scan
B.A hardware OTP token
C.A PIN
D.A push notification to a registered smartphone
E.A password
AnswersB, D

A tangible device the user possesses.

Why this answer

Possession factors are things the user has: a hardware token or a smartphone (for soft tokens). Biometrics and passwords are not possession factors.

17
MCQeasy

A web server is configured to use TLS 1.3. Which of the following is a key security benefit of TLS 1.3 over earlier versions?

A.Removal of weak cipher suites
B.Support for 0-RTT handshake
C.Mandatory certificate pinning
D.Forward secrecy for all key exchanges
AnswerD

TLS 1.3 mandates ephemeral Diffie-Hellman key exchanges, ensuring forward secrecy.

Why this answer

TLS 1.3 provides forward secrecy by default, meaning session keys are not compromised even if the server's long-term private key is compromised. 0-RTT is a performance feature but can be vulnerable to replay. Removed cipher suites is a cleanup. Certificate pinning is not part of TLS 1.3.

18
MCQmedium

A security engineer is selecting an asymmetric encryption algorithm for a system that must provide non-repudiation and long-term security (at least 20 years). The system has limited computational resources. Which of the following is the best choice?

A.RSA 4096
B.ECDSA P-384
C.Ed25519
D.DSA 3072
AnswerC

Ed25519 uses elliptic curves with 128-bit security, small keys, and fast operations, suitable for long-term security.

Why this answer

Ed25519 offers high security with small key sizes and efficient computation, and is suitable for long-term security. RSA 4096 is slower and has larger keys. ECDSA P-384 is secure but slower than Ed25519.

DSA is older and less efficient.

19
MCQmedium

A company is implementing a Privileged Access Management (PAM) solution to manage admin credentials. Which feature allows administrators to request temporary elevated access for a specific task?

A.Session recording
B.Just-in-time access
C.Password vaulting
D.Break-glass accounts
AnswerB

JIT provides temporary privileged access on demand.

Why this answer

Just-in-time (JIT) access provisioning grants rights only when needed, reducing standing privileges.

20
MCQmedium

A company is implementing measured boot using TPM 2.0. What is the primary purpose of storing boot measurements in Platform Configuration Registers (PCRs)?

A.To speed up the boot process.
B.To provide a root of trust for storage (sealed storage).
C.To encrypt the bootloader.
D.To enable remote attestation of the system's boot state.
AnswerD

Attestation allows a verifier to check that the system booted with trusted software.

Why this answer

PCRs store hashes of boot components; these measurements are used for remote attestation to verify the integrity of the boot process.

21
MCQmedium

A company wants to ensure that a compromised root CA does not affect the validity of previously issued certificates. Which PKI control should be implemented?

A.Certificate pinning
B.Offline root CA and online issuing CA
C.Certificate transparency logs
D.Short-lived certificates
AnswerB

Keeping root CA offline prevents compromise of root from being used to issue new certs.

Why this answer

CRLs and OCSP allow revocation, but offline root CA and issuing CA separation ensure that compromise of root does not directly affect issued certs if root is kept offline.

22
MCQmedium

A security architect is designing a new web application that must meet strict data confidentiality and integrity requirements. The application will run in a cloud environment and must support low-latency operations. The architect is considering cipher suites for TLS 1.3. Which combination of algorithms would best meet these requirements?

A.AES-128-CBC with HMAC-SHA256 and RSA-2048
B.ChaCha20-Poly1305 with static ECDH and SHA-384
C.ChaCha20-Poly1305 with ECDHE key exchange and Ed25519
D.AES-256-GCM with RSA key exchange and SHA-256
AnswerC

This combination provides authenticated encryption, forward secrecy, and efficient authentication suitable for low-latency requirements.

Why this answer

ChaCha20-Poly1305 is a symmetric cipher that offers excellent performance on mobile and low-power devices, while providing authenticated encryption. ECDHE provides forward secrecy, and Ed25519 provides efficient authentication. AES-256-GCM is also good but ChaCha20 often performs better in software.

RSA key exchange does not provide forward secrecy. SHA-256 is a hashing algorithm, not an encryption algorithm.

23
MCQmedium

An organization wants to implement passwordless authentication for its employees using FIDO2/WebAuthn. What is a primary security advantage of this approach over traditional password-based MFA?

A.It is resistant to phishing attacks because credentials are bound to the origin.
B.It eliminates the need for a second factor.
C.It allows users to reuse the same credential across multiple websites.
D.It does not require any client-side hardware.
AnswerA

WebAuthn credentials are scoped to the relying party, so they cannot be used on fake sites.

Why this answer

FIDO2 uses public key cryptography; the private key never leaves the user's device, so phishing attacks cannot steal credentials. This provides strong resistance to phishing.

24
MCQhard

An organization wants to implement a privileged access management (PAM) solution to manage administrative credentials. They require that administrators request temporary access to privileged accounts and that these credentials are automatically rotated after each use. Which PAM approach best meets these requirements?

A.Password vaulting with checkout
B.Just-in-time access provisioning with credential rotation
C.Privileged account session management
D.Break-glass account procedures
AnswerB

JIT grants temporary access, and rotation changes credentials after each use.

Why this answer

Just-in-time (JIT) access provisioning grants temporary privileges that expire; automatic credential rotation ensures each use gets new credentials. Privileged account session management records sessions but does not rotate credentials. Password vaulting stores passwords but may not rotate.

Break-glass accounts provide emergency access but are not for regular use.

25
MCQhard

During a security audit, it was discovered that an application uses RSA with 1024-bit keys for encrypting sensitive data. The organization's security policy mandates a minimum of 128-bit symmetric equivalent security. Which of the following should be recommended as a replacement?

A.RSA with 3072-bit keys
B.AES-256-GCM
C.ECDSA P-384
D.RSA with 2048-bit keys
AnswerA

RSA 3072 provides 128-bit security, meeting the requirement.

Why this answer

RSA 2048 provides approximately 112-bit security, while RSA 3072 provides 128-bit. AES-256-GCM is symmetric, not asymmetric. ECDSA is for signatures, not encryption.

So RSA 3072 is the correct choice.

26
Multi-Selectmedium

A security architect is designing a PKI for a large enterprise that issues certificates to thousands of users and devices. The architect wants to implement a mechanism to efficiently check certificate revocation status without requiring clients to download a full CRL. Which TWO technologies should be considered?

Select 2 answers
A.CRL distribution points
B.Certificate transparency logs
C.OCSP stapling
D.Online Certificate Status Protocol (OCSP)
E.Delta CRL
AnswersC, D

OCSP stapling allows the server to provide a cached OCSP response, reducing load and improving privacy.

Why this answer

OCSP allows real-time revocation status checking without downloading a CRL. OCSP stapling improves performance by having the server present a signed OCSP response. CRL distribution points are still used but require downloads.

Certificate transparency logs are for monitoring, not revocation.

27
MCQmedium

An organization uses a PKI with a three-tier hierarchy: root CA, issuing CA, and registration authority. The root CA is kept offline. An intermediate CA certificate must be renewed. Which of the following is the correct process?

A.The intermediate CA self-signs its new certificate.
B.The issuing CA signs the new intermediate CA certificate.
C.The root CA signs the new intermediate CA certificate after being brought online.
D.The registration authority signs the new intermediate CA certificate.
AnswerC

The root CA signs intermediate CA certificates. Since it's offline, it must be accessed securely for this purpose.

Why this answer

The root CA signs the intermediate CA certificate. Since the root CA is offline, it must be brought online temporarily to sign the new intermediate certificate. The RA does not sign certificates; it handles verification requests.

The intermediate CA cannot self-sign its own certificate.

28
MCQhard

A security analyst is investigating a potential side-channel attack on an IoT device. The device's cryptographic operations show variable execution times based on the key and plaintext. Which mitigation is most effective against timing attacks?

A.Use a faster processor to reduce execution time.
B.Use constant-time cryptographic implementations.
C.Implement random delays in cryptographic operations.
D.Disable caching in the CPU during cryptographic operations.
AnswerB

Constant-time code eliminates timing variations.

Why this answer

Timing attacks exploit variations in execution time. Using constant-time algorithms ensures that operations take the same amount of time regardless of input, preventing information leakage.

29
MCQmedium

An organization is deploying a just-in-time (JIT) privileged access management solution. What is a key benefit of JIT access compared to standing privileged accounts?

A.It allows users to permanently elevate privileges.
B.It eliminates the need for multi-factor authentication.
C.It requires no audit logging.
D.It reduces the window of exposure for privileged credentials.
AnswerD

JIT grants access only when needed and for a limited time.

Why this answer

JIT access provides temporary privileges that are automatically revoked after use, reducing the attack surface and limiting lateral movement.

30
MCQhard

A company is deploying a new IoT device that must perform secure boot and verify the integrity of firmware updates. The device has limited processing power. Which cryptographic algorithm combination is MOST appropriate for verifying firmware signatures efficiently?

A.AES-256-GCM for signing
B.RSA-4096 with SHA-256
C.ECDSA P-384 with SHA-384
D.Ed25519 with BLAKE3
AnswerD

Ed25519 is fast and secure, and BLAKE3 is a high-speed hash, ideal for IoT.

Why this answer

Ed25519 offers high performance and small key sizes compared to RSA or ECDSA, making it ideal for resource-constrained devices.

31
MCQeasy

An organization is implementing a PKI and wants to ensure that clients can quickly check if a certificate has been revoked without downloading a large list. Which protocol should be used?

A.Certificate Revocation List (CRL)
B.Online Certificate Status Protocol (OCSP)
C.Certificate Transparency (CT)
D.Simple Certificate Enrollment Protocol (SCEP)
AnswerB

OCSP provides real-time revocation status checks.

Why this answer

OCSP (Online Certificate Status Protocol) allows clients to check the revocation status of a single certificate in real time without downloading a full CRL.

32
MCQhard

During a security audit, it is discovered that a critical server uses SSH with password authentication and supports weak key exchange algorithms. Which of the following is the most effective hardening step to prevent brute-force attacks and ensure forward secrecy?

A.Implement fail2ban to block IPs after failed attempts
B.Disable password authentication and restrict key exchange algorithms to curve25519-sha256
C.Change the SSH port to a non-default high port
D.Use RSA keys with 4096-bit length
AnswerB

This eliminates password vulnerabilities and ensures forward secrecy.

Why this answer

Disabling password authentication forces the use of key-based authentication, which is resistant to brute-force attacks. Restricting key exchange algorithms to those providing forward secrecy (e.g., Curve25519) ensures that session keys cannot be compromised even if the long-term private key is exposed.

33
MCQhard

A company is deploying a new authentication system that leverages FIDO2/WebAuthn. Security architects want to ensure that the private key never leaves the authenticator device. Which attack vector is mitigated by this approach?

A.Man-in-the-middle attacks on TLS
B.Server-side database breach exposing credentials
C.Replay attacks on authentication tokens
D.Phishing attacks
AnswerB

Since no private keys or secrets are stored on the server, a breach does not expose authentication secrets.

Why this answer

FIDO2/WebAuthn uses public-key cryptography where the private key is generated on the authenticator and never exported. This prevents server-side database breaches from compromising private keys, as there are no shared secrets stored on the server.

34
MCQmedium

An organization is implementing SSH hardening for server access. Which configuration change most effectively reduces the attack surface against brute-force and credential theft?

A.Change the default SSH port from 22 to a high-numbered port.
B.Enable public-key authentication and disable password authentication.
C.Set MaxAuthTries to 6 to limit login attempts.
D.Use TCP wrappers to restrict source IP addresses.
AnswerB

Key-based auth is resistant to brute-force and phishing.

Why this answer

Disabling password authentication and requiring key-based authentication eliminates the risk of password brute-force attacks and credential theft via phishing.

35
MCQhard

A security engineer is configuring a web server to use TLS 1.3. Which feature of TLS 1.3 should be disabled to prevent replay attacks in 0-RTT mode?

A.0-RTT
B.Session resumption
C.Forward secrecy
D.Cipher suite negotiation
AnswerA

0-RTT data can be replayed; disabling 0-RTT prevents this.

Why this answer

0-RTT data is vulnerable to replay; disabling 0-RTT eliminates this risk. However, the question asks what should be disabled to prevent replay attacks in 0-RTT mode, so the answer is 0-RTT itself.

36
MCQeasy

An organization is deploying a new IoT device that must securely update its firmware over the air (OTA). The device has limited processing power and memory. Which cryptographic solution would provide the BEST balance of security and performance for verifying firmware updates?

A.RSA-4096 digital signatures
B.Ed25519 digital signatures
C.HMAC-SHA256 with pre-shared key
D.AES-256-GCM for authentication
AnswerB

Ed25519 offers fast verification with strong security, suitable for constrained devices.

Why this answer

Ed25519 is a fast and secure digital signature algorithm that performs well on constrained devices. RSA 4096 is computationally expensive. HMAC-SHA256 is a symmetric key technique and requires key management overhead.

AES-256-GCM is for encryption, not verification.

37
MCQmedium

An organization is implementing a PKI hierarchy. The security team wants to ensure that if an issuing CA is compromised, the root CA remains unaffected and can revoke the issuing CA's certificate. Which of the following BEST describes the recommended architecture?

A.A single-tier CA with the root CA online and issuing certificates directly
B.A three-tier hierarchy with a root CA, an intermediate CA, and an issuing CA, all online
C.Using self-signed certificates from the issuing CA without a root CA
D.A two-tier hierarchy with an offline root CA and an online issuing CA
AnswerD

The offline root CA is kept secure and can revoke the issuing CA if needed.

Why this answer

In a hierarchical PKI, the root CA is offline and issues certificates to intermediate CAs. The root CA can revoke the intermediate CA's certificate without being compromised itself.

38
MCQeasy

A company wants to implement certificate pinning for its mobile application to prevent man-in-the-middle attacks. Which of the following is the BEST practice when implementing certificate pinning?

A.Disable certificate pinning after the first successful connection
B.Pin the root CA certificate only
C.Pin the public key of the server certificate
D.Pin the entire certificate chain
AnswerC

Public key pinning remains valid across certificate renewals.

Why this answer

Pinning the public key rather than the entire certificate allows for certificate renewal without invalidating the pin.

39
MCQeasy

A security engineer is configuring a TLS 1.3 connection between a web server and client. Which feature is unique to TLS 1.3 and provides reduced latency for returning clients?

A.Cipher suite negotiation
B.0-RTT
C.Forward secrecy
D.Mutual authentication
AnswerB

0-RTT is a feature introduced in TLS 1.3 that allows a client to send data in the first message, reducing latency for returning clients.

Why this answer

TLS 1.3 includes a 0-RTT (zero round-trip time) feature that allows a client to send data immediately with the first message to a server it has previously connected to, reducing latency.

40
MCQeasy

A security team wants to implement a certificate pinning strategy for their mobile application to prevent man-in-the-middle attacks. Which of the following should be pinned in the application code?

A.The server's public key
B.The intermediate CA certificate
C.The server's IP address
D.The root CA certificate
AnswerA

Pinning the public key ensures that only the specific server key is trusted, even if the certificate changes.

Why this answer

Certificate pinning involves pinning the public key of the server's certificate or the certificate itself. Pinning the public key allows for certificate renewal without updating the app.

41
Multi-Selecthard

A security assessor is evaluating an application that uses ChaCha20-Poly1305 for encryption. Which TWO of the following are true about this cryptographic algorithm?

Select 2 answers
A.It is based on the AES algorithm
B.It requires padding to achieve correct block sizes
C.It is a stream cipher
D.It provides authenticated encryption with additional data (AEAD)
E.It is a block cipher
AnswersC, D

ChaCha20 is a stream cipher.

Why this answer

ChaCha20-Poly1305 is a stream cipher (ChaCha20) combined with a MAC (Poly1305). It is an AEAD cipher. It is not a block cipher, and it does not require padding.

42
MCQeasy

A security architect is selecting a cipher suite for TLS 1.3 to ensure forward secrecy and high performance. Which cipher suite should be recommended?

A.TLS_RSA_WITH_AES_256_CBC_SHA
B.TLS_AES_256_GCM_SHA384
C.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
D.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
AnswerB

Correct. This is a standard TLS 1.3 cipher suite providing forward secrecy and AEAD.

Why this answer

TLS 1.3 requires forward secrecy and uses AEAD ciphers. AES-256-GCM is a recommended AEAD cipher with strong security and performance.

43
MCQmedium

An organization is implementing a hardware security module (HSM) to protect cryptographic keys used for code signing. The HSM is required to meet a government standard for physical security and tamper resistance. Which FIPS 140 security level must the HSM achieve to provide tamper-evident coatings and tamper response mechanisms?

A.FIPS 140-2 Level 3
B.FIPS 140-2 Level 4
C.FIPS 140-2 Level 2
D.FIPS 140-2 Level 1
AnswerA

Level 3 requires tamper-evident coatings and tamper response mechanisms.

Why this answer

FIPS 140-2 Level 3 requires tamper-evident coatings and tamper response mechanisms that zeroize keys upon tampering. Level 2 requires tamper-evident coatings but no response, Level 4 is for extreme environments.

44
MCQmedium

A security administrator is configuring SSH for a jump host used to access critical servers. Which of the following is the most secure configuration option to restrict authentication and reduce the attack surface?

A.Enable root login with a strong password
B.Allow only SSH protocol version 2
C.Change the default port to 2222
D.Allow only key-based authentication
AnswerD

Key-based authentication is resistant to brute force and password attacks.

Why this answer

Disabling password authentication and using only key-based authentication eliminates the risk of password brute force and credential theft. Listening on a non-standard port provides security through obscurity, which is not a strong control.

45
Multi-Selecthard

An organization is deploying a new PKI and wants to ensure certificate revocation is performed efficiently. Which THREE methods should be implemented? (Select THREE.)

Select 3 answers
A.Short-lived certificates
B.Online Certificate Status Protocol (OCSP)
C.OCSP stapling
D.Certificate transparency logs
E.Certificate revocation lists (CRLs)
AnswersB, C, E

OCSP provides real-time status.

Why this answer

CRL, OCSP, and OCSP stapling are all standard revocation checking mechanisms; OCSP stapling improves performance by having the server present the OCSP response.

46
Multi-Selecthard

A security engineer is hardening an SSH server. The policy requires disabling all legacy algorithms and using only modern, secure cryptography. Which THREE of the following configurations should the engineer apply?

Select 3 answers
A.Set HMAC algorithms to use only SHA-2 or stronger.
B.Allow only SSH protocol version 1 for compatibility.
C.Enable root login with password for administrative convenience.
D.Disable password authentication and allow only key-based authentication.
E.Restrict key exchange algorithms to curve25519-sha256.
AnswersA, D, E

SHA-1 is deprecated; SHA-2 or newer should be used.

Why this answer

Key-based authentication only is more secure than passwords. Disabling password authentication prevents brute-force attacks. Restricting key exchange to curve25519 ensures strong forward secrecy.

Enabling root login with password is insecure. Using SHA-1 for HMAC is weak.

47
MCQeasy

Which key exchange algorithm provides perfect forward secrecy (PFS) and is recommended for use in TLS 1.3?

A.ECDHE
B.RSA key exchange
C.Pre-shared key (PSK)
D.Diffie-Hellman (DH)
AnswerA

ECDHE generates ephemeral keys, ensuring PFS.

Why this answer

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) provides PFS as session keys are ephemeral.

48
Multi-Selectmedium

A security engineer is hardening SSH server configuration. Which TWO options improve security? (Select TWO.)

Select 2 answers
A.Allow all cipher suites for compatibility
B.Restrict allowed key exchange algorithms to strong ones
C.Use key-based authentication only
D.Disable root login via SSH
E.Enable password authentication for convenience
AnswersB, C

Limiting to strong algorithms reduces risk.

Why this answer

Disabling password authentication prevents brute-force attacks, and restricting key exchange algorithms to strong ones reduces cryptographic risk.

49
Multi-Selectmedium

A company is evaluating multi-factor authentication methods. Which TWO are considered phishing-resistant? (Select TWO.)

Select 2 answers
A.FIDO2/WebAuthn
B.Biometric authentication on a smartphone
C.TOTP via mobile app
D.SMS one-time codes
E.Hardware security tokens (e.g., YubiKey)
AnswersA, E

FIDO2 uses public key cryptography tied to the origin.

Why this answer

FIDO2/WebAuthn uses origin-bound keys, and hardware tokens (e.g., YubiKey) generate one-time passwords or use challenge-response resistant to phishing.

50
MCQhard

A security architect is designing a system that requires hardware-enforced isolation for sensitive computations. Which technology provides the strongest isolation by running code in a protected environment within the CPU?

A.HSM
B.TPM 2.0
C.Intel SGX
D.ARM TrustZone
AnswerC

SGX creates enclaves that protect code and data from privileged software.

Why this answer

Intel SGX provides enclaves that isolate code and data even from the operating system, offering strong hardware isolation.

51
MCQmedium

A security administrator is hardening SSH access to a jump host. The requirement is to allow only key-based authentication and restrict the use of weak cryptographic algorithms. Which of the following configurations accomplishes this?

A.Set PermitRootLogin prohibit-password and PasswordAuthentication yes
B.Set PubkeyAuthentication yes, PasswordAuthentication no, and configure Ciphers and MACs to strong algorithms only
C.Set PasswordAuthentication yes and use a strong password policy
D.Set AuthenticationMethods publickey,keyboard-interactive
AnswerB

This enforces key-based auth and removes weak ciphers/MACs.

Why this answer

Setting PubkeyAuthentication yes and PasswordAuthentication no enforces key-only access. Disabling weak ciphers and MACs is also needed. Option A describes the correct approach.

Option B allows passwords. Option C allows passwords with keyboard-interactive. Option D allows passwords.

52
MCQmedium

An organization wants to implement a hardware root of trust for measuring system integrity at boot. Which technology should be used to store measurements in Platform Configuration Registers (PCRs) and support remote attestation?

A.HSM
B.Secure Enclave
C.TPM 2.0
D.UEFI Secure Boot
AnswerC

TPM 2.0 includes PCRs for boot measurements and attestation capabilities.

Why this answer

TPM 2.0 provides PCRs for measured boot and supports attestation, making it suitable for hardware root of trust.

53
MCQhard

A company is deploying a just-in-time (JIT) privileged access management solution. Which of the following BEST describes a key security benefit of JIT access?

A.It eliminates the need for multi-factor authentication
B.It replaces the need for a break-glass account
C.It reduces the risk of lateral movement by limiting the duration of elevated privileges
D.It provides continuous monitoring of all user actions
AnswerC

JIT minimizes the window of opportunity for attackers.

Why this answer

JIT access grants temporary privileges only when needed, reducing the attack surface and the risk of standing privileges being misused.

54
MCQmedium

An IoT device manufacturer wants to ensure secure firmware updates. Which approach best protects against malicious firmware being installed on devices?

A.Digitally sign the firmware with a private key
B.Compress the firmware to reduce size
C.Use a hash of the firmware for integrity verification
D.Encrypt the firmware with a symmetric key
AnswerA

Digital signatures provide authenticity and integrity.

Why this answer

Code signing with a trusted key ensures only authorized firmware can be installed.

55
MCQeasy

Which of the following is a primary advantage of using ChaCha20-Poly1305 over AES-256-GCM in certain environments?

A.Better hardware acceleration support
B.Higher security margin
C.Smaller ciphertext size
D.Faster performance on devices without AES-NI
AnswerD

ChaCha20 is optimized for software implementation.

Why this answer

ChaCha20-Poly1305 is designed to be faster in software that lacks AES hardware acceleration, making it suitable for mobile devices.

56
MCQmedium

An organization requires a cryptographic algorithm that provides both encryption and authentication in a single pass. Which algorithm should be selected?

A.AES-256-GCM
B.AES-256-CBC
C.SHA-256
D.RSA 4096
AnswerA

GCM is an authenticated encryption mode that provides both encryption and integrity.

Why this answer

AES-256-GCM is an authenticated encryption mode that provides both confidentiality and integrity in a single operation.

57
MCQhard

A security auditor is reviewing the cryptographic controls of a financial application that processes transactions. The application uses digital signatures with RSA 4096 and SHA-256. The auditor recommends migrating to a stronger algorithm due to concerns about long-term security and quantum resistance. Which of the following would be the MOST appropriate replacement?

A.SHA-3
B.Ed25519
C.ECDSA P-521
D.ECDSA P-256
AnswerB

Ed25519 is a modern, secure signature algorithm with good performance and smaller key size.

Why this answer

Ed25519 offers strong security, smaller keys, and better performance than RSA. It is also resistance to some side-channel attacks. While not quantum-resistant, it is a forward-looking choice.

ECDSA P-384 is also strong but larger key sizes. SHA-3 is a hash function, not a signature algorithm.

58
MCQmedium

A security architect is designing a PKI hierarchy for a large enterprise that issues certificates for internal users, devices, and code signing. Which of the following best practices should be implemented to minimize the impact of a CA compromise?

A.Rely on certificate transparency logs to detect compromises
B.Keep the root CA online for immediate certificate revocation
C.Use a single CA for all certificate types to reduce complexity
D.Implement a segmented CA hierarchy with offline root CA and separate issuing CAs for each purpose
AnswerD

This compartmentalizes risk and allows easier recovery.

Why this answer

Using a tiered CA hierarchy with a root CA that remains offline and issuing CAs for specific purposes limits exposure. If an issuing CA is compromised, only its certificates need to be revoked, and the root CA can issue a new subordinate CA.

59
MCQeasy

A system administrator needs to securely store cryptographic keys and perform signing operations in a tamper-resistant hardware device. Which solution should be used?

A.A Hardware Security Module (HSM) with FIPS 140-2 Level 3 certification.
B.A secure enclave like Intel SGX.
C.A software-based key store with encrypted files.
D.A Trusted Platform Module (TPM) 2.0.
AnswerA

HSMs provide strong tamper resistance and are designed for cryptographic operations.

Why this answer

An HSM (Hardware Security Module) is designed to securely generate, store, and manage cryptographic keys in a tamper-resistant environment.

60
MCQmedium

A security engineer is configuring a new web server to support TLS 1.3. The server must provide forward secrecy and support clients that may not have updated certificates frequently. Which of the following is a feature of TLS 1.3 that addresses these requirements?

A.Mandatory use of ephemeral Diffie-Hellman key exchange
B.Support for certificate pinning
C.Support for 0-RTT handshake
D.Removal of cipher suites that use RSA key exchange
AnswerA, D

TLS 1.3 requires forward secrecy via ephemeral key exchange.

Why this answer

TLS 1.3 mandates forward secrecy by requiring ephemeral key exchange (ECDHE). 0-RTT is a feature but does not directly relate to forward secrecy. Removal of RSA key exchange ensures forward secrecy. Certificate pinning is not part of TLS 1.3 protocol.

61
MCQmedium

A company wants to implement certificate pinning for its mobile app to prevent man-in-the-middle attacks. Which approach is most secure and maintainable?

A.Pin the entire certificate chain, including the root CA certificate.
B.Pin the SHA-256 hash of the server's public key.
C.Pin the Subject Public Key Info (SPKI) using base64 encoding.
D.Pin the issuing CA certificate only.
AnswerB

This allows certificate renewal without changing the key, providing flexibility and security.

Why this answer

Pinning the public key hash rather than the certificate itself allows certificate rotation without updating the app, as long as the key pair remains the same.

62
Multi-Selecthard

A company is migrating its legacy VPN to use IPsec with IKEv2. The security team wants to ensure the strongest possible security. Which THREE configuration options should be selected?

Select 3 answers
A.Use ECDSA P-384 for authentication
B.Use SHA-1 for integrity
C.Use AES-256-GCM for encryption
D.Use IKEv1 instead of IKEv2
E.Enable perfect forward secrecy (DHE)
AnswersA, C, E

ECDSA P-384 provides strong public key authentication.

Why this answer

IKEv2, AES-256-GCM for encryption, and ECDSA for authentication provide strong security. AES-128 is weaker, SHA-1 is deprecated, and IKEv1 is legacy.

63
Multi-Selectmedium

A security architect is designing a just-in-time (JIT) privileged access management (PAM) solution. Which TWO of the following are key characteristics of JIT access?

Select 2 answers
A.Privileges are permanent but require approval each time.
B.Access rights are automatically revoked after use or expiry.
C.Break-glass accounts are used for emergency access.
D.Privileges are granted on-demand for a limited time period.
E.Users have standing privileges for routine tasks.
AnswersB, D

Automatic revocation ensures that privileges are not left open.

Why this answer

JIT access provisioning grants temporary privileges that are automatically revoked after a set time or after use. This reduces the attack surface. Standing privileges are the opposite.

Approval workflows are not necessarily part of JIT; JIT can be automatic. Break-glass accounts are for emergency access, which is a separate concept.

64
MCQmedium

A security engineer is configuring SSH for a jump host used to access critical servers. The engineer wants to restrict the cryptographic algorithms to the most secure options. Which of the following should be DISABLED?

A.Diffie-Hellman group-exchange with SHA-1
B.AES-256-CTR
C.Ed25519 for host keys
D.HMAC-SHA2-256
AnswerA

SHA-1 is deprecated due to collision attacks.

Why this answer

Diffie-Hellman group-exchange with SHA-1 is weak and should be disabled in favor of stronger key exchange algorithms.

65
Multi-Selectmedium

A security engineer is evaluating a new Hardware Security Module (HSM) for a financial application that requires FIPS 140-2 Level 3 compliance. Which TWO features are required for Level 3 validation? (Select TWO.)

Select 2 answers
A.Encryption of all data at rest
B.Tamper-evident coatings or seals on the HSM
C.Role-based access control
D.Identity-based authentication for operators
E.Environmental failure protection
AnswersB, D

Level 3 requires physical security mechanisms that show evidence of tampering.

Why this answer

FIPS 140-2 Level 3 requires tamper-evident coatings or seals and identity-based authentication (e.g., passwords, biometrics). Level 2 requires tamper-evident coatings but not identity-based. Level 4 requires tamper detection and zeroization.

66
Multi-Selecthard

A security analyst is reviewing cryptographic implementations for a new application. The application needs to support digital signatures that are quantum-resistant and provide high performance. Which TWO algorithms should the analyst consider? (Select TWO.)

Select 2 answers
A.Ed25519
B.XMSS (eXtended Merkle Signature Scheme)
C.ECDSA P-384
D.BLAKE3
E.CRYSTALS-Dilithium
AnswersB, E

XMSS is a hash-based signature scheme that is quantum-resistant.

Why this answer

Ed25519 is a high-performance signature algorithm based on Curve25519, but it is not quantum-resistant. BLAKE3 is a hash function, not a signature. ECDSA P-384 is also not quantum-resistant.

Currently, NIST is standardizing post-quantum algorithms like CRYSTALS-Dilithium and XMSS (hash-based). CRYSTALS-Dilithium is a lattice-based signature scheme, and XMSS is a hash-based signature scheme that is quantum-resistant. Both are suitable for high performance in software.

67
MCQhard

A security engineer is reviewing a TLS 1.3 configuration. Which of the following is a key feature of TLS 1.3 that improves security compared to earlier versions?

A.Mandatory forward secrecy using ephemeral Diffie-Hellman
B.Support for RC4 cipher suite
C.Support for static RSA key exchange
D.Ability to downgrade to TLS 1.2
AnswerA

TLS 1.3 requires ephemeral key exchange, ensuring forward secrecy.

Why this answer

TLS 1.3 removes support for insecure cipher suites like CBC mode and RC4, and only supports AEAD ciphers. It also provides forward secrecy by default.

68
MCQmedium

A PKI administrator is deploying certificates for code signing. Which certificate type should be used to ensure that the signed code can be verified by clients without requiring a full chain validation?

A.EV certificate
B.S/MIME certificate
C.Code signing certificate
D.DV certificate
AnswerC

Code signing certificates are specifically for signing code and are trusted by operating systems.

Why this answer

Code signing certificates are specifically designed for signing software; they are typically issued by a publicly trusted CA.

69
MCQmedium

A PKI administrator is concerned about the risk of a compromised issuing CA. Which certificate transparency feature helps detect unauthorized certificate issuance?

A.Certificate Transparency logs
B.CRL distribution points
C.OCSP stapling
D.Key usage extensions
AnswerA

CT logs enable public auditing of certificate issuance.

Why this answer

Certificate Transparency (CT) requires all certificates to be publicly logged in CT logs. This allows domain owners and CAs to monitor for misissuance.

70
MCQeasy

An organization is implementing a PKI to issue certificates for internal applications. The security team wants to minimize the risk of compromise to the root CA. Which of the following is the BEST practice to protect the root CA?

A.Delegate root CA responsibilities to a public CA
B.Keep the root CA offline and store its private key in a hardware security module
C.Install the root CA on a VM with strict firewall rules
D.Use a self-signed certificate for the root CA and distribute it manually
AnswerB

This is the industry-standard approach to protect the root CA.

Why this answer

Keeping the root CA offline and using a hardware security module (HSM) for key storage ensures its private key is never exposed to network threats. This is a standard best practice.

71
MCQhard

During a security audit, it was discovered that an HSM used for code signing is FIPS 140-2 Level 3 certified. The auditor is concerned about the key ceremony process. Which of the following is a required element of a secure key ceremony for an HSM at this level?

A.The HSM is configured to allow remote key backup over TLS
B.Keys are backed up to a USB drive stored in a safe
C.Keys are generated inside the HSM using a key ceremony with multiple officers
D.Keys are generated on a laptop and then imported into the HSM
AnswerC

This ensures keys never leave the HSM in plaintext.

Why this answer

FIPS 140-2 Level 3 requires that cryptographic keys be created and stored in the HSM and never exist in plaintext outside the device. A key ceremony involves splitting keys into parts (m of n) and distributing them to multiple trusted individuals.

72
MCQmedium

A company is implementing a privileged access management (PAM) solution to reduce the risk of standing privileges. Which feature allows users to request temporary elevated access for a specific task, which is automatically revoked after the task is completed?

A.Break-glass accounts
B.Password vaulting
C.Session recording
D.Just-in-time (JIT) access provisioning
AnswerD

JIT grants temporary privileges that expire automatically.

Why this answer

Just-in-time (JIT) access provisioning grants temporary privileges that expire after use, reducing standing privileges. Break-glass accounts are emergency accounts, not time-based.

73
Multi-Selecthard

An incident response team discovers that an attacker was able to forge a certificate for a legitimate domain. Which TWO mechanisms should the team implement to detect and prevent such misissuance in the future? (Select TWO.)

Select 2 answers
A.Certificate Revocation Lists (CRLs)
B.Implementing Extended Validation (EV) certificates
C.Online Certificate Status Protocol (OCSP) stapling
D.Certificate Transparency (CT) logging and monitoring
E.Certificate pinning in client applications
AnswersD, E

CT logs provide a public record of certificates; domain owners can monitor for unauthorized issuance.

Why this answer

Certificate Transparency (CT) logs provide an audit trail of all issued certificates, allowing domain owners to detect misissuance. Certificate pinning (or HTTP Public Key Pinning) can prevent the acceptance of fraudulent certificates by clients. OCSP stapling helps check revocation but does not prevent misissuance; CRLs are for revocation; OSCP itself doesn't prevent misissuance.

74
Multi-Selectmedium

A security engineer is evaluating hardware security modules (HSMs) for key management. The HSM must support key generation, storage, and cryptographic operations without exposing private keys. Additionally, the solution must comply with FIPS 140-2 Level 3. Which THREE features are essential for this requirement? (Select THREE.)

Select 3 answers
A.Physical security mechanisms (e.g., locks, tamper switches)
B.Cryptographic boundary
C.Key ceremony support
D.Tamper-evident seals and coatings
E.Secure boot of the HSM firmware
AnswersA, B, D

Level 3 requires physical security mechanisms to prevent unauthorized access.

Why this answer

FIPS 140-2 Level 3 requires tamper-evident coatings, physical security, and cryptographic boundary. Key ceremony is a procedural control, not a feature of the HSM itself. Secure boot is for general computing.

Multi-factor authentication is a user access control, not a core HSM feature.

75
MCQmedium

An organization uses a TPM 2.0 for measured boot and attestation. Which TPM feature ensures that the boot process has not been tampered with by measuring each component before it executes?

A.Platform Configuration Registers (PCRs)
B.Endorsement Key (EK)
C.Secure boot
D.Sealed storage
AnswerA

PCRs store measurements that can be used for attestation.

Why this answer

Platform Configuration Registers (PCRs) store hash measurements of boot components. Any change in the boot sequence will result in different PCR values, alerting to tampering.

Page 1 of 2 · 103 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Casp Engineering Crypto questions.

CCNA Casp Engineering Crypto Questions — Page 1 of 2 | Courseiva