COURSE 3 – CYBERSECURITY COMPLIANCE FRAMEWORK & SYSTEM ADMINISTRATION
Module 4: Cryptography and Compliance Pitfalls
IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE
Complete Coursera Study Guide
TABLE OF CONTENT
INTRODUCTION – Cryptography and Compliance Pitfalls
In this module, you’ll delve into cryptography and encryption from the perspective of a penetration tester. Explore the typical challenges organizations encounter with cryptography, particularly during product development. Gain insight into the various digital states of data: Data at Rest, Data in Use, and Data in Transit. Additionally, grasp the fundamentals of hashing and its correlation with encryption.
Learning Objectives
- Summarize the impacts of quantum computing on cryptography
- Encrypt and decrypt emails using Mailvelope
- Describe the OpenPGP protocol
- Encrypt and decrypt files using ccrypt
- Describe recommended ways to secure a key encryption key (KEK)
- Explain how to safeguard encryption keys
- List recommended uses for digital signatures
- Explain how message authentication codes (MACs) work with hashing to ensure integrity
- Describe additional considerations when using hashing
- Discuss common pitfalls of using hashing
- Explain the purpose of using hashing
- Describe pitfalls and best practices for encrypting data in transit
- Explain the recommended method for encrypting data in use
- Describe best practices for encrypting data at rest
- Describe common cryptography pitfalls and recommended solutions
- Define cryptographic terms, including hash functions and digital signatures
- Contrast symmetric and public key cryptography
- Define encryption
- Describe the Open Web Application Security Project (OWASP) Top 10 Project and the SANS Institute Top 25 Software Errors
- Explain why organizations use cryptography and encryption
CRYPTOGRAPHY BASICS
1. Which of the cryptography basics ensures authentication, non-repudiation and integrity?
- Hashing
- Digital Signatures (CORRECT)
- Public key encryption
- Symmetric key encryption
Correct, digital signatures ensure authentication, non-repudiation and integrity.
2. Complete the following statement.
- Data can be encrypted_____
- at rest only.
- in use only.
- in transit only.
- at rest, in use, and in transit. (CORRECT)
Correct, Data can be encrypted at rest, in use and in transit.
3. Which is NOT a pitfall of encryption?
- Missing encryption of data and communications
- Implementing a reliable and proven cryptography (CORRECT)
- Using hardcoded/predictable weak keys
- Relying on algorithms being secret
4. True or False: Internal commands are built into the shell program and are shell dependent.
- True (CORRECT)
- False
Correct, Internal commands are built into the shell program and are shell dependent.
5. You are using the command line in Kali Linux. An encrypted file named topsecret.cpt is in your present working directory, and you used ccrypt to encrypt this file. You want to view the file’s plaintext content while leaving the file’s encryption intact. Which command should you use?
- ccrypt -decrypt topsecret.cpt
- ccrypt -x topsecret.cpt
- ccat topsecret.cpt (CORRECT)
- ccencrypt topsecret.cpt
Correct. The ccat command is part of the ccrypt tool. The command outputs the specified file’s plaintext content in the command line while leaving the file’s encryption intact.
OPENPGP
1. In what way does OpenPGP encryption protect email communication?
- Prevents attackers from reading an email’s contents (CORRECT)
- Prevents attackers from intercepting an email
- Prevents attackers from blocking the transmission of the message
- Prevents attackers from performing replay attacks
Correct. An attacker can intercept the email, but they won’t be able to read the email’s contents. They will see only useless gibberish known as ciphertext, the encrypted form of the message.
2. You and a friend have each set up Mailvelope to encrypt your email communications. What must you use to decrypt encrypted messages that your friend sends you?
- Your public key
- Your private key password (CORRECT)
- Your email account password
- Your friend’s public key
Correct. To decrypt a message using Mailvelope, you enter the password you created when generating your key pair. This password is for your private key.
Cryptography and Compliance Pitfalls
1. True or False: A whole branch of hacking – Reverse Engineering – is devoted to discovering hidden algorithms and data.
- True (CORRECT)
- False
2. Which is not a key takeaway of best practices of cryptography?
- Do use hard to guess keys and store them correctly.
- Do rely on your own encryption algorithms. (CORRECT)
- Do encrypt all sensitive data, at rest, in use, and in transit.
- Do rely on proven algorithms.
3. What is the recommendation to avoid the encrypting data at rest pitfall “Using hardcoded/easily guessed keys”?
- Select cryptographically-random keys, do not reuse keys for different installs. (CORRECT)
- Use a new random initialization vectors every time.
- Phase them out
- Store keys in secure keystores.
4. You are using the command line in Kali Linux. An encrypted file named confidential.cpt is in your present working directory, and you used ccrypt to encrypt this file. You just learned that the file’s encryption key is compromised, so you should change it for security purposes. Which command can you use to change the file’s encryption key?
- ccrypt -K confidential.cpt
- ccrypt -c confidential.cpt
- ccrypt -u confidential.cpt
- ccrypt -x confidential.cpt (CORRECT)
5. You need to send your coworker an encrypted message through email. For encryption, you will both use an OpenPGP-compliant program such as Mailvelope. Which key must you use to encrypt the message?
- Your public key
- Your coworker’s private key
- Your coworker’s public key (CORRECT)
- Your private key
CONCLUSION – Cryptography and Compliance Pitfalls
In conclusion, this module provides a comprehensive understanding of cryptography and encryption from the viewpoint of a penetration tester. By examining common pitfalls faced by organizations during product development, exploring different digital states of data, and delving into the relationship between hashing and encryption, you’ll be well-equipped to navigate the complexities of securing digital information.
Armed with this knowledge, you can effectively identify vulnerabilities and implement robust security measures to safeguard sensitive data against potential threats.
Subscribe to our site
Get new content delivered directly to your inbox.
Quiztudy Top Courses
Popular in Coursera
- Google Advanced Data Analytics
- Google Cybersecurity Professional Certificate
- Meta Marketing Analytics Professional Certificate
- Google Digital Marketing & E-commerce Professional Certificate
- Google UX Design Professional Certificate
- Meta Social Media Marketing Professional Certificate
- Google Project Management Professional Certificate
- Meta Front-End Developer Professional Certificate
Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!