4 CPPA MODULE 4 PRACTICE SOLUTION 2026 QUESTIONS GRADED A+, Exams of Nursing

4 CPPA MODULE 4 PRACTICE SOLUTION 2026 QUESTIONS GRADED A+

Typology: Exams

2025/2026

Available from 02/17/2026

alcorbgeneralstore
alcorbgeneralstore 🇺🇸

29K documents

1 / 16

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
4 CPPA MODULE 4 PRACTICE SOLUTION
2026 QUESTIONS GRADED A+
>> FIPS Standards
FIPS 186: Digital Signatures
FIPS 197: AES
FIPS 201: Identity Verification
Answer: FIPS 140: Cryptographic Modules
>> Digital Signatures
- Authentication
- Integrity
- Non-repudation
Answer: Encryption of a message digest with the sender's private key.
Provides:
>> Digital Certificate
Uesd for web servers, Cisco Secure phones, E-Commerce.
Answer: A digital document that contains a public key and some
information to allow your system to verify where that key came from.
>> PKI (Public Key Infrastructure)
Answer: Uses asymmetric key pairs and combines software, encryption and
services to provide a means of protecting the security of business
communication and transactions.
>> PKCS (Public Key Cryptography Standards)
Answer: Put in place by RSA to ensure uniform certificate management
throughout the internet.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download 4 CPPA MODULE 4 PRACTICE SOLUTION 2026 QUESTIONS GRADED A+ and more Exams Nursing in PDF only on Docsity!

4 CPPA MODULE 4 PRACTICE SOLUTION

2026 QUESTIONS GRADED A+

>> FIPS Standards FIPS 186: Digital Signatures FIPS 197: AES FIPS 201: Identity Verification

Answer: FIPS 140: Cryptographic Modules

>> Digital Signatures

  • Authentication
  • Integrity
  • Non-repudation

Answer: Encryption of a message digest with the sender's private key. Provides:

>> Digital Certificate Uesd for web servers, Cisco Secure phones, E-Commerce.

Answer: A digital document that contains a public key and some information to allow your system to verify where that key came from.

>> PKI (Public Key Infrastructure)

Answer: Uses asymmetric key pairs and combines software, encryption and services to provide a means of protecting the security of business communication and transactions.

>> PKCS (Public Key Cryptography Standards)

Answer: Put in place by RSA to ensure uniform certificate management throughout the internet.

>> Trusted Third Party (TTP)

Answer: Certificate, a digital representation of the information that identifies you as a relevant entity.

>> CA (Certification Authority)

Answer: An entity trusted by one or more users to manage certificates.

>> RA (Registration Authority)

Answer: Used to take the burden off of a CA by handling verification prior to certificates being issued. Acts as a proxy between user and CA. Receives request, authenticates it and forwards it to the CA.

>> CP (Certificate Policy)

Answer: A set of rules that defines how a certificate may be used.

>> X.

Answer: The most widely used digital certificate standard. First issued July 3, 1988. It is a digital document that contains a public key signed by the trusted third party, which is known as a Certificate Authority, or CA. Relied on by S/MIME. Contains your name, info about you, and a signature of a person who issued the certificate.

>> X.509 Certificate Content Certificate holder's public key Serial number Certificate's validity period Unique name of certificate issuer Digital signature of issuer Signature algorithm identifier

Answer: Version

>> Certificate Authority - Verisign - Class 1

Answer: For individuals, intended for email

>> Certificate Authority - Verisign - Class 2

Answer: For organizations for which proof of identity is required

>> Certificate Authority - Verisign - Class 3

Answer: For servers and software signing, for which independent verification and checking of identity and authority is done by the issuing CA

>> Certificate Authority - Verisign - Class 4

Answer: For online business transactions between companies

>> Certificate Authority - Verisign - Class 5

Answer: For private organizations or governmental security

>> Registration Authority (RA)

Answer: Used to take the burden off of a CA by handling verification prior to certificates being issued. Acts as a proxy between the user and the CA. Receives request, authenticates it, and forwards it to the CA.

>> Public Key Infrastructure (PKI)

Answer: Distributes digital certificates that contain public keys. A network of trusted certificate authority servers. An arrangement that binds public keys with user identities by means of a CA.

>> Certificate Revocation List (CRL)

Answer: A list of certificates that have been revoked.

>> Online Certificate Status Protocol (OCSP)

Answer: A real time protocol for verifying certificates (and a newer method than CRL)

>> Server-based Certificate Validation Protocol (SCVP)

Answer: An Internet protocol for determining the path between a X. digital certificate and a trusted root (Delegated Path Discovery) and the validation of that path (Delegated Path Validation) according to a particular validation policy.

>> Digital Certificate Management Centralized key-management systems Decentralized key-management systems

Answer: Two types of systems:

>> Three phases of key life cycle (Digital Certificate Management) Administration Cancellation

Answer: Setup and initialization

>> Setup and Initialization Phase (Digital Certificate Management, 3 phases) Registration Key pair generation Certificate Generation Certificate Dissemination

Answer: Process components:

>> Cancellation and History Phase (Digital Certificate Management, 3 phases) Renewal Revocation Suspension Destruction

Answer: Expiration

Answer: This is a proprietary version of PAP. Encrypts username and password as it is sent across network.

>> Challenge-Handshake Authentication Protocol (CHAP)

Answer: Authenticator sends a "challenge" message to the peer after link establishment. Peer responds with a value using a "one-way hash" function. Authenticator checks the response against its own calculation of the hash value. Authenticator sends new challenges to the peer at random intervals.

>> Kerberos Created by MIT and derives its name from the mythical three headed dog. The is a great deal of verification for the tickets and the tickets expire quickly. Client authenticates to the Authentication Server once using a long term shared secret and receives back a Ticket-Granting Server. Client can reuse this ticket to get additional tickets without reusing the shared secret. These tickets are used to prove authentication to the Service Server.

Answer: Widely used, particularly with Microsoft operating systems.

>> Principal (Components of Kerberos System)

Answer: A server or client that Kerberos can assign tickets to.

>> Authentication Server (AS) - (Components of Kerberos System)

Answer: Server that authorizes the principal and connects them to the Ticket Granting Server.

>> Ticket Granting Server (TGS) - (Components of Kerberos System)

Answer: Provides tickets.

>> Key Distribution Center (KDC) - (Components of Kerberos System)

Answer: A server that provides the initial ticket and handles TGS requests. Often runs as TGS services.

>> Realm (Components of Kerberos System)

Answer: A boundary within an organization. Each realm has its own AS and TGS.

>> Remote Ticket Granting Server (RTGS) - (Components of Kerberos System)

Answer: A TGS (Ticket Granting Server) in a remote realm.

>> Ticket Granting Ticket (TGT) - (Components of Kerberos System)

Answer: The ticket that is granted during the authentication process.

>> Ticket (Components of Kerberos System)

Answer: Used to authenticate to the server. Contains identity of client, session key, timestamp, and checksum. Encrypted with servers key.

>> Session key (Components of Kerberos System)

Answer: Temporary encryption key.

>> Authenticator (Components of Kerberos System)

Answer: Proves session key was recently created. Often expires within 5 minutes.

>> Type cryptography Kerberos uses and the port number

Answer: Uses symmetric cryptography and UDP port 88.

>> Pretty Good Privacy (PGP)

Answer: Created by Phillip Zimmerman in early 1990's. Not itself an algorithm but uses other symmetric and asymmetric algorithms. Open source software for making encryption and decryption readily usable by end users. Most often associated with email encryption. Uses certificates that contain multiple signatures but they are self-signed so they can't be validated with a CA.

>> WPA

  • Advanced Encryption Standard (AES) using the Counter Mode-Cipher Block Chaining (CBC)-Message Authentication Code (MAC) Protocol (CCMP) that provides data confidentiality, data origin authentication, and data integrity for wireless frames.
  • Optional use of Pairwise Master Key (PMK) caching and opportunistic PMK caching. (caches results of 802.1x authentications to improve access time)
  • Optional use of pre-authentication that allows WPA2 wireless client to authenticate with other wireless access points in range.

Answer: Based on IEEE 802.11i and provides:

>> SSL

Answer: Developed by Netscape and has been replaced by TLS. It was the preferred method used with secure websites (i.e. https)

>> How SSL Works

  1. The server sends back a copy of its SSL certificate.
  2. The browser checks to see if the certificate is from a CA it trusts.
  3. The server sends back a digitally signed acknowledgement and a session is started.

Answer: 1. The browser asks the web server to prove its identity.

>> TLS (Transport Layer Security)

Answer: A protocol for encrypting transmissions. A client and server negotiate a connection by using a handshaking procedure. The server sends back its identification as a X.509 certificate. The client contacts the CA to confirm the validity of the certificate before proceeding. This protocol also supports secure bilateral connection mode.

>> VPN

Answer: A way to use the internet to create a virtual connection between a remote user or site and a central location. Packets are encrypted making the network private. Emulates a direct network connection.

>> Point-to-Point Tunneling Protocol (PPTP) - (often used for VPNs)

Answer: Oldest of the three protocols used in VPNs. Designed as a secure extension to the Point-to-Point Protocol (PPP). Adds the feature of encrypting packets and authenticating users to PPP. Works at the data link layer of the OSI model.

>> PPTP VPN

EAP and CHAP

Answer: Can use two different methods of of authenticating the user:

>> Layer 2 Tunneling Protocol (L2TP) VPN Like PPTP, works at the data link layer Offers many modes of authentication: CHAP, EAP, PAP, SPAP, and MS-CHAP Can work on X.25 networks (phone) Uses IPSec for its encryption

Answer: Designed as an enhancement to PPTP

>> Internet Protocol Security (IPSec) VPN Encrypts not only the packet data, but also the header information Has protection against unauthorized re-transmission of packets

Answer: Latest of the three VPN protocols

>> SSL/TLS VPN

Answer: VPN setup through a web browser, portal that uses SSL/TLS to secure traffic. Gives user access to the target network.

>> Encrypting File System (EFS)

Answer: Since Windows 2000, this has been used along with NTFS. Allows a simple way to encrypt and decrypt files/folders. Simply right-click, choose properties, then advanced. Encrypted files will appear in green and are tied to the user who encrypted them.

>> Channel (Steganography Terms)

Answer: The type of medium used. This may be still photos, video, or sound files.

>> Steganography Details

Answer: In every file, there are a certain number of bits per unit of the file. For example, an image file in Windows is 24bits per pixel. With Least Certificate Bit (LSB) replacement, some bits can be replaced without altering the file much.

>> Steganophony

Answer: Hiding messages in sound files. Can be done via LSB and Echo Hiding

>> Video Steganography

Answer: Hiding messages in video files. Can be done via Discrete Cosine Transform

>> Steganographic File Systems

Answer: Stores data in seemingly random files. Proposed by Ross Anderson, Roger Needham, and Adi Shamir. Also something about 'vectors' and 'decrypt all lower levels'. Sorry. I was tired when making this card.

>> Steganography Implementations Invisible Secrets - robust, has free and commercial versions MP3Stego - MP3 files Stealth File 4 - Sound files, video files, and image files Snow - Hides data in whitespace StegVideo - Hides data in a video sequence

Answer: QuickStego - easy to use but limited

>> Steganalysis

Answer: Detecting steganography and extracting the hidden information. Done with software. By analyzing changes in an images close color pairs, the steganalyst can determine if LSB was used. Close color pairs consist of two colors whose binary values differ only in the LSB.

>> Steganalysis - Raw Quick Pair

Answer: A method to analyze an image to detect hidden messages. Based on statistics of the number of unique colors and close-color pairs in a 24bit image. Analyzes the pairs of colors created by LSB embedding. Countermeasure- Maintaining the color palette w/o creating new colors.

>> Steganalysis - Chi-Square Analysis

Answer: Calculates the average LSB and builds a table of frequencies and Pair of Values. Performs a test on the two tables. It measures the theoretical vs. calculated population difference.

>> Steganalysis - Audio Steganalysis

Answer: Examines noise distortion in the carrier file. Noise distortion could indicate the presence of a hidden signal.

>> Steganography Detection Tools Stegdetect StegSecret

Answer: StegSpy

>> Suite A (How the NSA classifies cryptography)

Answer: This classification of algorithms are not published. Algorithms are classified.

>> Suite B (How the NSA classifies cryptography)

Answer: This classification of algorithms are published.

>> NSA Type 3 Algorithms DES 3DES SHA AES (some implementations of AES are type 1)

Answer: Type 3 product is a device for use with Sensitive But Unclassified (SBU) information on non-national security systems. Algorithms include:

>> NSA Type 4 Algorithms

Answer: Algorithms that are registered by NIST but not FIPS published. Also, unevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any government usage.

>> One Time Pad (OTP)

Answer: The only unbreakable encryption. Has a separate substitution for each character making the key as long as the text. No substitution is used more than once. Key is used one time then destroyed. Impractical for most situations.