D488 | D488 Cybersecurity Architecture and
Engineering Exam 3 Version 1 Questions with
Correct Answers and Expert Explanation for Each
Question
1. Which cryptographic principle ensures that a sender cannot deny having sent a
specific message?
A. Confidentiality
B. Integrity
C. Non-repudiation
D. Availability
Correct Answer: C
Expert Explanation: Non-repudiation is achieved through digital signatures which
link a message to a specific private key holder. This prevents the sender from
claiming they did not originate the data after it has been sent. Confidentiality
focuses on keeping data secret while integrity focuses on preventing unauthorized
changes. Availability ensures that systems remain accessible to authorized users.
Therefore, non-repudiation is the specific goal of digital signatures in legal and
technical contexts.
,2. In a Public Key Infrastructure (PKI) environment, what is the primary role of a
Certificate Authority (CA)?
A. To generate session keys for TLS handshakes
B. To encrypt data-at-rest for end users
C. To verify the identity of entities and issue digital certificates
D. To act as a gateway for secure web traffic
Correct Answer: C
Expert Explanation: The Certificate Authority acts as a trusted third party that
validates the identity of an applicant. Once validated, the CA signs a digital
certificate that binds a public key to that identity. This allows users to trust that a
public key actually belongs to the person or server claiming it. Other roles like
session key generation are handled by the protocol itself rather than the CA.
Without a CA, the decentralized web would lack a scalable trust model.
3. Which symmetric encryption algorithm is currently considered the industry
standard for securing sensitive data?
A. DES
B. AES
C. RC4
,D. RSA
Correct Answer: B
Expert Explanation: AES is widely recognized as the standard for symmetric
encryption due to its efficiency and high security. DES is considered obsolete
because its key size is too small to resist modern brute-force attacks. RC4 is a stream
cipher that has been deprecated in many protocols due to discovered
vulnerabilities. RSA is an asymmetric algorithm rather than a symmetric one. AES
supports key lengths of 128, 192, and 256 bits to provide robust protection.
4. What is the main advantage of using asymmetric encryption over symmetric
encryption?
A. It is significantly faster for large data sets
B. It requires less computational power
C. It solves the problem of secure key distribution
D. It uses a single shared secret key
Correct Answer: C
Expert Explanation: Asymmetric encryption uses a public and private key pair
which allows users to communicate securely without pre-sharing a secret key.
Symmetric encryption is faster and more efficient but requires a secure method to
exchange the initial key. By using the recipient’s public key, anyone can send an
, encrypted message that only the recipient can decrypt. This removes the logistical
nightmare of distributing millions of unique secret keys across a network. It is the
foundation for modern internet security protocols like HTTPS.
5. Which hash function property ensures that it is computationally infeasible to find
two different inputs that produce the same output?
A. Pre-image resistance
B. Diffusion
C. Second pre-image resistance
D. Collision resistance
Correct Answer: D
Expert Explanation: Collision resistance is the property that prevents two different
datasets from generating the same hash value. If an attacker can find a collision, they
could replace legitimate data with malicious data without changing the hash. Pre-
image resistance refers to the difficulty of reversing a hash to find the original input.
Diffusion is a property of encryption where a small change in input causes a large
change in output. Maintaining collision resistance is vital for the integrity of digital
signatures and blockchain technology.
6. During the TLS handshake, what is the purpose of the ‘Server Hello’ message?
A. To send the server’s chosen cipher suite and certificate
Engineering Exam 3 Version 1 Questions with
Correct Answers and Expert Explanation for Each
Question
1. Which cryptographic principle ensures that a sender cannot deny having sent a
specific message?
A. Confidentiality
B. Integrity
C. Non-repudiation
D. Availability
Correct Answer: C
Expert Explanation: Non-repudiation is achieved through digital signatures which
link a message to a specific private key holder. This prevents the sender from
claiming they did not originate the data after it has been sent. Confidentiality
focuses on keeping data secret while integrity focuses on preventing unauthorized
changes. Availability ensures that systems remain accessible to authorized users.
Therefore, non-repudiation is the specific goal of digital signatures in legal and
technical contexts.
,2. In a Public Key Infrastructure (PKI) environment, what is the primary role of a
Certificate Authority (CA)?
A. To generate session keys for TLS handshakes
B. To encrypt data-at-rest for end users
C. To verify the identity of entities and issue digital certificates
D. To act as a gateway for secure web traffic
Correct Answer: C
Expert Explanation: The Certificate Authority acts as a trusted third party that
validates the identity of an applicant. Once validated, the CA signs a digital
certificate that binds a public key to that identity. This allows users to trust that a
public key actually belongs to the person or server claiming it. Other roles like
session key generation are handled by the protocol itself rather than the CA.
Without a CA, the decentralized web would lack a scalable trust model.
3. Which symmetric encryption algorithm is currently considered the industry
standard for securing sensitive data?
A. DES
B. AES
C. RC4
,D. RSA
Correct Answer: B
Expert Explanation: AES is widely recognized as the standard for symmetric
encryption due to its efficiency and high security. DES is considered obsolete
because its key size is too small to resist modern brute-force attacks. RC4 is a stream
cipher that has been deprecated in many protocols due to discovered
vulnerabilities. RSA is an asymmetric algorithm rather than a symmetric one. AES
supports key lengths of 128, 192, and 256 bits to provide robust protection.
4. What is the main advantage of using asymmetric encryption over symmetric
encryption?
A. It is significantly faster for large data sets
B. It requires less computational power
C. It solves the problem of secure key distribution
D. It uses a single shared secret key
Correct Answer: C
Expert Explanation: Asymmetric encryption uses a public and private key pair
which allows users to communicate securely without pre-sharing a secret key.
Symmetric encryption is faster and more efficient but requires a secure method to
exchange the initial key. By using the recipient’s public key, anyone can send an
, encrypted message that only the recipient can decrypt. This removes the logistical
nightmare of distributing millions of unique secret keys across a network. It is the
foundation for modern internet security protocols like HTTPS.
5. Which hash function property ensures that it is computationally infeasible to find
two different inputs that produce the same output?
A. Pre-image resistance
B. Diffusion
C. Second pre-image resistance
D. Collision resistance
Correct Answer: D
Expert Explanation: Collision resistance is the property that prevents two different
datasets from generating the same hash value. If an attacker can find a collision, they
could replace legitimate data with malicious data without changing the hash. Pre-
image resistance refers to the difficulty of reversing a hash to find the original input.
Diffusion is a property of encryption where a small change in input causes a large
change in output. Maintaining collision resistance is vital for the integrity of digital
signatures and blockchain technology.
6. During the TLS handshake, what is the purpose of the ‘Server Hello’ message?
A. To send the server’s chosen cipher suite and certificate
