Common Technical Interview Questions and Answers Update on June 30, 2021

Exam Question 1

True or False? Poor data integration practices can have a negative effect on customer service.

A. True
B. False

Correct Answer:
A. True

Exam Question 2

Which is NOT something analysts say hinders companies’ efforts of attaining a 360-degree view of the customer?

A. Cost
B. Employee buy-in
C. Technology
D. A poor understanding of the customer experience
E. Siloed data

Correct Answer:
C. Technology

Exam Question 3

What approach did CRM expert Paul Greenberg recommend to companies aiming to integrate disparate customer data sets?

A. Mix and match different systems
B. Invest solely in cloud-based technology
C. Strive for a single platform that integrates all systems
D. Develop a unique, in-house CRM system

Correct Answer:
A. Mix and match different systems

Exam Question 4

True or False? According to some analysts, companies looking for ROI from their CRM investment may find it by investing in customer data integration.

A. True
B. False

Correct Answer:
A. True

Exam Question 5

Which of the following metrics did Steve Signoff say that companies should measure when looking to build an omnichannel experience for their customers?

A. Revenue by channel
B. Profitability by channel
C. Customer repeat purchases
D. Customer retention
E. Customer satisfaction
F. All of the above

Correct Answer:
F. All of the above

Exam Question 6

Which of the following are considered reasons for implementing practices to help achieve a 360-degree view of the customer?

A. Up-selling, cross-selling, or engaging in email or telemarketing campaigns
B. Customer retention and satisfaction
C. Acquisitions
D. All of the above

Correct Answer:
D. All of the above

Exam Question 7

True or False? According to some analysts, it is inappropriate to have one single view of the customer — instead, there should be many views across different departments.

A. True
B. False

Correct Answer:
B. False

Exam Question 8

What are two workarounds that can help get data out of silos, according to GetFeedback co-founder Sean Whiteley?

A. Algorithms and loops
B. Parallel processing and filters
C. APIs and Web hooks
D. Trapdoors and hotfixes

Correct Answer:
C. APIs and Web hooks

Exam Question 9

True or False? Once upper management throws its weight behind a push for customer data integration to get a 360-degree view of the customer, many of the people issues — getting disparate groups within the organization to play together nicely — get even more complicated.

A. True
B. False

Correct Answer:
A. True

Exam Question 10

Which of the following is not widely considered a potential consequence of failing to align customer data integration, profiling and quality efforts?

A. Regulatory fines
B. Inability to capitalize on cross-selling and up-selling opportunities
C. Employee churn
D. Losing customers

Correct Answer:
A. Regulatory fines

Exam Question 11

According to Derek Lonsdale, an ITSM expert and CIO advisor, which of the following is one way to overcome the bureaucracy of change management?

A. Don’t automate anything.
B. Increase the ratio of standard changes.
C. Automate all processes.
D. None of the above.

Correct Answer:
B. Increase the ratio of standard changes.
Answer Description:
“The approval process has to be automated,” Lonsdale said. “You can have standard changes that should be automated — regular changes that happen every month, such as rebooting a server. Anything that is repeatable — where you understand the risk, where it’s the same resources involved all of the time, never caused an outage, and so on — [that] can be a standard change. That’s one way to overcome the bureaucracy of change management: Have a higher ratio of standard changes.”

Exam Question 12

What does CIO Niel Nickolaisen say is at the core of IT service management?

A. Meeting customer demands for services and service levels
B. Achieving cost savings that the organization cannot realize otherwise
C. Weaving new software into established organizational processes

Correct Answer:
A. Meeting customer demands for services and service levels
Answer Description:
“In our technology-rich environment, we first need to recognize that customer expectations are being set by their best experiences with technology, and those expectations are being set by someone other than the IT department,” Nickolaisen said. “Our customers are now used to things like self-service and self-provisioning. Once our customers have experienced rapidly creating a cloud-based file storage and backup system for their personal files, they expect that our enterprise IT should also be that simple to use. So, our service management approach must include options for self-service and self-provisioning or whatever will meet our customers’ expectations for rapid, high-quality IT services.”

Exam Question 13

CIO Niel Nickolaisen also suggests that consumerization calls for new IT delivery processes. How does Nickolaisen recommend IT departments keep up with consumer expectations?

A. Improve cycle times.
B. Pick your battles.
C. Do things right the first time.
D. Excel at customer service.
E. All of the above.

Correct Answer:
E. All of the above.
Answer Description:
“As a starting point to delivering best-in-class services, we need to measure and improve our cycle times,” Nickolaisen said. “Next, we should pick and fight the right battles. Too often, we spend our resources on projects and operations that won’t really make much of a difference in the lives of our customers. It is also important for us to do things right the first time. In our technology-driven environment with others setting expectations, we don’t have the time or credibility for rework. Finally, we need to excel at customer service.”

Exam Question 14

In an ITSM tip, SearchCIO-Midmarket contributor Scott Lowe explains that many SMBs cannot institute ___________________ and instead create custom internal policies around help desk ticket resolution.

A. Service-level agreements
B. Training programs
C. Help desk talent searches

Correct Answer:
A. Service-level agreements
Answer Description:
For many small organizations, institution of a formal, committed service-level agreement (SLA) around help desk ticket resolution simply isn’t possible. A formal commitment would create a need for additional resources to support that formal commitment, so some organizations are satisfied to forgo rigidity (a formal SLA) in favor of flexibility (i.e., workload shuffling to allow help desk staff to address the highest needs).

Exam Question 15

True or false? ITSM aims to align the delivery of information technology services with the needs of the organization, but shadow IT can negatively affect ITSM efforts.

A. True
B. False

Correct Answer:
A. True
Answer Description:
CIOs who ignore the issues of shadow IT or rogue IT not only fail to address the obvious risk of jeopardizing the corporation’s data assets, regulatory obligations and brand reputation, but they also undercut the business’s ability to compete, said Gartner Inc. analyst John Mahoney. “The worst risk comes from disconnected information or disconnected processes.”

Exam Question 16

Sharon Taylor, ITIL’s chief examiner, proposes a basic service list of ingredients for building an IT service management strategy. Which of the following does not appear on her list?

A. Purpose
B. Specialists
C. Functions
D. Performance
E. Quality

Correct Answer:
B. Specialists
Answer Description:
“The companies that leave lasting impressions on us are those that offer the kind of service experience that stands out,” Taylor said. “The trick to getting it is to understand what makes it stand apart from the ordinary, and how you as the customer play a role in making that happen. Good service management should be relatively invisible to the business. Services should operate as expected, and no service disruptions should be experienced. When support is needed, it should be provided efficiently and effectively, and it should resolve issues the first time. This is typically what we think of as a good service experience.

Exam Question 17

True or false? Contributor Jonathan Hassell suggests that, when evaluating an ITSM tool for your business, first take a look at what you already have in place, then put together a list of packages that meet your needs.

A. True
B. False

Correct Answer:
A. True
Answer Description:
“If you’re looking at your ITSM tool setup, first inventory the types of management tools you have in place and make sure that the dollars you’ve already spent are being put to the best use,” Hassell said. “When you’re evaluating an ITSM tool, look for components and tools or subsets that include, at a realistic minimum, the following fundamentals: service portfolio, deployment management, workflow engines, configuration management, end-user help services, remote control and reporting tools, dashboards, scorecards, and other quick-hit monitoring features.”

Exam Question 18

According to this tip, which of the following is not once of SearchCIO-Midmarket’s top reasons to use ITIL and ITSM?

A. Interact better with global partners.
B. Maximize ROI.
C. Get rid of help desk.
D. Integrate ITSM across departments.

Correct Answer:
C. Get rid of help desk.
Answer Description:
“Use ITIL and ITSM to educate users about what resources help desk has to offer. Identify and catalogue help desk services to allow your team to focus on those priorities while leaving some built-in availability to work ‘other’ customer requests. Using ITIL and ITSM tools, in conjunction with an established set of best practices, provides a way to track services and customer satisfaction while keeping the team focused on priorities.”

Exam Question 19

Early DLP products were typically developed from regular expressions (regex) and have since moved on to use which of the following techniques?

A. Data fingerprinting
B. Using dictionaries
C. Bayesian detection algorithms
D. All of the above

Correct Answer:
D. All of the above
Answer Description:
Many early DLP products were developed from regex and then evolved to use dictionaries, Bayesian detection algorithms, data fingerprinting and other techniques to write rules and detection policies. These techniques are important for IT leaders to consider when choosing the right DLP product.

Exam Question 20

DLP is a key part of cloud access security brokers (CASBs).

A. True
B. False

Correct Answer:
A. True
Answer Description:
DLP is a key component of CASB offerings. CASBs use DLP capabilities when detecting file transfers across cloud environments.

Exam Question 21

DLP capabilities should be ______ to reduce false positives and ensure security policies are sufficiently enforced in cloud or hybrid environments.

A. Content aware
B. Context aware
C. Compliance aware
D. Both content and compliance aware
E. Both content and context aware

Correct Answer:
E. Both content and context aware
Answer Description:
DLP tools in cloud or hybrid environments should be content aware and context aware — meaning, in addition to knowing what data is in scope and where it is, DLP tools should be aware of who is accessing it, from where and whether that access follows security policies.

Exam Question 22

To advance security policies in cloud environments and improve visibility into cloud usage with log analysis, DLP tools should integrate with which of the following?

A. Cloud compliance checklist
B. CASB
C. Container orchestration platform
D. DevSecOps

Correct Answer:
B. CASB
Answer Description:
Organizations can address data security challenges in the cloud by integrating a CASB into the DLP strategy. This enables greater visibility into cloud usage and extends security policy enforcement across complex cloud environments.

Exam Question 23

Which of the following is the most important aspect in determining DLP readiness before deploying?

A. Choosing a vendor
B. Focusing on DLP limitations in extreme cases
C. Identifying data it is designed to protect
D. Relying on DLP as an infallible security control

Correct Answer:
C. Identifying data it is designed to protect
Answer Description:
The most simple yet significant aspect of ensuring DLP effectiveness is determining what data to protect and where that data resides. DLP works best when the data has a defined pattern, location or source.

Exam Question 24

How do DLP tools help organizations maintain data privacy compliance?

A. DLP software provides templates for compliance with certain regulations.
B. DLP systems log alerts and/or prevent sensitive data from being sent outside the organization.
C. Both of the above
D. None of the above

Correct Answer:
C. Both of the above
Answer Description:
By providing templates for compliance with mandates such as HIPAA and by logging and/or preventing sensitive data from being sent externally, DLP can significantly aid compliance efforts as part of an enterprise data privacy framework.

Exam Question 25

DLP products can be categorized into which of the following two deployment models?

A. Zero trust and cloud-based
B. Cloud-based and agent-based
C. Network-based and agent-based
D. None of the above

Correct Answer:
C. Network-based and agent-based
Answer Description:
When choosing a DLP product, security leaders must decide between network-based and agent-based deployment models.

Exam Question 26

Which of the following is too often considered an afterthought when implementing DLP tools for security?

A. Structured data in databases
B. Unstructured data
C. Account directory data
D. Data in transit

Correct Answer:
A. Structured data in databases
Answer Description:
To detect weaknesses and improve DLP management, pay special attention to structured data found in databases, which can often be overlooked by IT leaders preoccupied with the risks associated with unstructured data.

Exam Question 27

DLP monitoring channels yield detailed logs that can be used to build which of the following?

A. Business email compromise scams
B. Comprehensive user behavior analytics foundation
C. Sophisticated phishing tests
D. Container cluster

Correct Answer:
B. Comprehensive user behavior analytics foundation
Answer Description:
DLP monitoring channels track client behavior and create a detailed log that can be used to build a comprehensive user behavior analytics foundation.

Exam Question 28

Which of the following was a common obstacle to DLP technology success in the past?

A. Too expensive to license and install
B. Too many false positives
C. Too difficult to set up
D. All of the above

Correct Answer:
D. All of the above
Answer Description:
In years past, some IT practitioners experienced difficulty with setup or too many false positives, as well as financial barriers, which held them back from successful DLP adoption. New approaches to DLP have improved upon previous setbacks by using cloud technology and incorporating threat intelligence integration.

Exam Question 29

How does the cloud complicate enterprise identity management?

A. Cloud introduces new and potentially more application types.
B. Cloud multiplies integration points between the data center and third-party providers.
C. Cloud increases methods to access IT systems.
D. All of the above

Correct Answer:
D. All of the above
Answer Description:
Cloud exacerbates identity management complexity by introducing additional application types, more integration points between the data center and third parties, and more ways to access IT systems.

Exam Question 30

Which of the following is not a cloud-based identity governance and administration (IGA) platform use case?

A. Implementing segregation of duties for cloud services and other applications
B. Replacing the enterprise IAM program
C. Monitoring users to ensure appropriate use of cloud services
D. Managing role assignments for business-specific access requirements

Correct Answer:
B. Replacing the enterprise IAM program
Answer Description:
IGA and IAM overlap but are not the same. Identity lifecycle management and access governance constitute primary IGA functions, both of which enable effective IAM in the cloud.

Exam Question 31

True or false: Privilege creep is the result of users accumulating extraneous access rights, which makes the system’s security more resilient.

A. True
B. False

Correct Answer:
B. False
Answer Description:
One major cloud IAM challenge is when users accumulate excess access, known as privilege creep. It increases the risk of compromise, especially in the event of a credential theft attack.

Exam Question 32

Which of the following strategies can help cloud customers improve remote access security?

A. Deploying a zero-trust model and avoiding relying exclusively on VPNs
B. Implementing cloud-native IAM services to consolidate monitoring using cloud provider APIs
C. Configuring accounts based on the principle of most privilege
D. Both A and B

Correct Answer:
D. Both A and B
Answer Description:
Organizations can bolster remote access security in the cloud by adopting a zero-trust model, implementing cloud provider IAM services and configuring accounts based on the principle of least privilege.

Exam Question 33

True or false: Identity governance for PaaS and IaaS environments is typically more complex than for SaaS.

A. True
B. False

Correct Answer:
A. True
Answer Description:
One cloud identity governance challenge is that it’s typically more complex for PaaS and IaaS because all assets — including storage nodes, servers and serverless code — can have roles and privileges assigned to them.

Exam Question 34

A zero-trust security strategy is defined by which of the following primary elements?

A. VPNs and strong password policy enforcement
B. IAM, network access and segmentation design
C. Microsegmentation and multifactor authentication
D. IAM and security awareness training

Correct Answer:
B. IAM, network access and segmentation design
Answer Description:
In addition to network access and segmentation, IAM is a primary element of the zero-trust model, which takes a default-deny approach to internal and external users alike.

Exam Question 35

Fill in the blank: Intentionally designing the cloud security model to limit the potential damage an issue could cause is also known as the _________ concept.

A. Zero-trust network access
B. Blast radius
C. Insider threat
D. Risk assessment

Correct Answer:
B. Blast radius
Answer Description:
The blast radius concept is applied by designing the cloud security model — including access controls — in such a way as to limit the potential damage of credential attacks and other incidents.

Exam Question 36

True or false: Integrating an IAM service with a relatively simple cloud network should take less than one hour.

A. True
B. False

Correct Answer:
A. True
Answer Description:
Time to install IAM services varies depending on the extent of the environment, but for a comparatively simple cloud network, it should take less than one hour.

Exam Question 37

Which of the following is true of the identity-as-a-service (IDaaS) model?

A. IDaaS is also known as authentication as a service (AaaS).
B. IDaaS uses standards such as Open Authorization (OAuth) and Security Assertion Markup Language (SAML) to facilitate identity management in the cloud.
C. Neither A nor B
D. Both A and B

Correct Answer:
D. Both A and B
Answer Description:
To outsource identity management in the cloud, organizations can implement IDaaS. Also known as AaaS, this service model uses standards including SAML and OAuth to authenticate and register users.

Exam Question 38

Which of the following is true of the Secure Access Service Edge (SASE) architecture model?

A. SASE shifts cloud security to a more traditional, on-premises operating model.
B. SASE encrypts all traffic to and from the entry points of presence (POPs) to resources in the cloud or data center.
C. SASE is ill suited to accommodate cloud environments and remote work.
D. SASE relies on inspection engines in the data center.

Correct Answer:
B. SASE encrypts all traffic to and from the entry points of presence (POPs) to resources in the cloud or data center.
Answer Description:
The SASE model shifts security to a more cloudlike operating model and accommodates remote work and cloud adoption by design. SASE inspection engines are placed at a nearby POP, where all traffic between POPs and the cloud or data center is encrypted.

Exam Question 39

What is the term used to describe an OS-level virtualization method for deploying and running distributed applications?

A. Application containerization
B. Containerization
C. Container-based virtualization
D. All of the above
Correct Answer:
D. All of the above

Exam Question 40

Which of the following is a significant disadvantage of containers?

A. Time to deploy
B. Resource consumption
C. Security
D.Inefficiency
Correct Answer:
C. Security

Exam Question 41

VMs are best suited to running what kind of workloads?

A. Large, monolithic applications
B. Microservices
C. Jobs that scale, but don’t interact much
D. Cloud-based applications
Correct Answer:
A. Large, monolithic applications

Exam Question 42

Packaging a container within a VM is one approach to help ease security concerns.

A. True
B. False
Correct Answer:
A. True

Exam Question 43

Which vendor has developed its own containers that inherently run within VMs?

A. Microsoft
B. Oracle
C. Dell
D. Citrix

Correct Answer:
A. Microsoft

Exam Question 44

In which scenario can you host the most instances on a server?

A. Using only VMs
B. Using containers in VMs
C. Using only containers
D. Using VMs in containers
Correct Answer:
C. Using only containers

Exam Question 45

Which platform offers support for Docker containers?

A. VSphere Integrated Containers
B. Amazon EC2 Container Service
C. Linux Containers
D. All of the above
Correct Answer:
D. All of the above

Exam Question 46

Which of the following statements about a container is true?

A. It can run different OSes on the same physical server
B. It can run many applications on a small number of servers
C. It’s inherently isolated from other instances
D. It requires a hypervisor to function
Correct Answer:
B. It can run many applications on a small number of servers

Exam Question 47

What is a major disadvantage of VMs vs. containers?

A. Security
B. Vendor lock-in
C. Boot time
D. Limited management tools
Correct Answer:
C. Boot time

Exam Question 48

Using containers requires fewer infrastructure layers than VMs.

A. True
B. False
Correct Answer:
A. True

Exam Question 49

True or False? Poor data integration practices can have a negative effect on customer service.

A. True
B. False
Correct Answer:
A. True

Exam Question 50

Which is NOT something analysts say hinders companies’ efforts of attaining a 360-degree view of the customer ?

A. Cost
B. Employee buy-in
C. Technology
D. A poor understanding of the customer experience
E. Siloed data
Correct Answer:
C. Technology

Exam Question 51

What approach did CRM expert Paul Greenberg recommend to companies aiming to integrate disparate customer data sets?

A. Mix and match different systems
B. Invest solely in cloud-based technology
C. Strive for a single platform that integrates all systems
D. Develop a unique, in-house CRM system
Correct Answer:
A. Mix and match different systems

Exam Question 52

True or False? According to some analysts, companies looking for ROI from their CRM investment may find it by investing in customer data integration.

A. True
B. False
Correct Answer:
A. True

Exam Question 53

Which of the following metrics did Steve Signoff say that companies should measure when looking to build an omnichannel experience for their customers?

A. Revenue by channel
B. Profitability by channel
C. Customer repeat purchases
D. Customer retention
E. Customer satisfaction
F. All of the above
Correct Answer:
F. All of the above

Exam Question 54

Which of the following are considered reasons for implementing practices to help achieve a 360-degree view of the customer?

A. Up-selling, cross-selling, or engaging in email or telemarketing campaigns
B. Customer retention and satisfaction
C. Acquisitions
D. All of the above
Correct Answer:
D. All of the above

Exam Question 55

True or False? According to some analysts, it is inappropriate to have one single view of the customer — instead, there should be many views across different departments.

A. True
B. False
Correct Answer:
B. False

Exam Question 56

What are two workarounds that can help get data out of silos, according to GetFeedback co-founder Sean Whiteley?

A. Algorithms and loops
B. Parallel processing and filters
C. APIs and Web hooks
D. Trapdoors and hotfixes
Correct Answer:
C. APIs and Web hooks

Exam Question 57

True or False? Once upper management throws its weight behind a push for customer data integration to get a 360-degree view of the customer, many of the people issues — getting disparate groups within the organization to play together nicely — get even more complicated.

A. True
B. False
Correct Answer:
A. True

Exam Question 58

Which of the following is not widely considered a potential consequence of failing to align customer data integration, profiling and quality efforts?

A. Regulatory fines
B. Inability to capitalize on cross-selling and up-selling opportunities
C. Employee churn
D. Losing customers
Correct Answer:
A. Regulatory fines

Exam Question 59

Which mode of operation for a block cipher has the characteristic that each possible block of plaintext has a defined corresponding ciphertext value and vice versa?

A. Footprinting
B. Hash function
C. Watermark
D. Electronic code book
Correct Answer:
D. Electronic code book
Answer Description:
Electronic code book (ECB) is the most basic form of encryption. With ECB, messages are split into blocks of plaintext, which are encrypted into ciphertext separately. Using ECB, the same plaintext will always translate into the same ciphertext.

Exam Question 60

True or false: Rivest-Shamir-Adleman, or RSA, is an algorithm used for symmetric key cryptography.

A. True
B. False
Correct Answer:
B. False
Answer Description:
RSA is an asymmetric cryptography algorithm. Also known as public key cryptography, asymmetric cryptography uses two different but mathematically linked keys: a private key and a public key.

Exam Question 61

In password protection, what is the name of a random string of data used to modify a password hash called?

A. Sheep dip
B. Salt
C. Bypass
D. Dongle
Correct Answer:
B. Salt
Answer Description:
In password protection, a salt is random bits of data added to a password to further secure encryption or hashing. The process of adding the salt is called salting.

Exam Question 62

Which cryptography approach is most often used by today’s internet businesses and users?

A. Public key infrastructure
B. Output feedback
C. Encrypting File System
D. Single sign-on
Correct Answer:
A. Public key infrastructure
Answer Description:
Public key infrastructure, or PKI, is one of the most commonly used cryptography methods today. PKI refers to the underlying framework that enables users and devices to securely exchange information using digital certificates.

Exam Question 63

What is the name of the issuer of public key infrastructure certificates?

A. Man in the middle
B. Certificate authority
C. Resource Access Control Facility
D. Script kiddie
Correct Answer:
B. Certificate authority
Answer Description:
A certificate authority, or CA, is a trusted entity that issues digital certificates. These certificates are used in PKI to link a user or device with a public key.

Exam Question 64

Which of the following was not a final contender in NIST’s assessment of Data Encryption Standard, or DES, replacements?

A. MARS
B. RC6
C. Rijndael
D. Blowfish
Correct Answer:
D. Blowfish
Answer Description:
In 1997, NIST deemed DES vulnerable and no longer suitable for advanced encryption. In August 1999, NIST selected five Advanced Encryption Standard (AES) algorithms as replacement finalists: MARS, RC6, Rijndael, Serpent and Twofish. In the end, Rijndael was selected and became a federal government standard in 2002.

Blowfish is a symmetric key encryption algorithm designed in 1993 by Bruce Schneier as an alternative to the DES algorithm.

Exam Question 65

Which encryption algorithm supplanted DES?

A. Rijndael
B. Kerberos
C. Blowfish
D. IPsec
Correct Answer:
A. Rijndael
Answer Description:
The Rijndael block cipher, more commonly known today as AES, supplanted the DES algorithm in 2001.

Exam Question 66

What is a trial-and-error method used to decode encrypted data through exhaustive effort rather than employing intellectual strategies?

A. Chaffing and winnowing
B. Cryptanalysis
C. Serendipity
D. Brute-force cracking
Correct Answer:
D. Brute-force cracking
Answer Description:
In a brute-force attack, malicious actors use trial-and-error methods to decode encrypted data. Known as brute-force cracking, an attacker uses exhaustive effort — brute force — instead of intellectual strategies to break in.

Exam Question 67

What is the inclusion of a secret message in otherwise unencrypted text or images called?

A. Masquerade
B. Steganography
C. Spoof
D. Eye-in-hand system
Correct Answer:
B. Steganography
Answer Description:
Steganography is the art and science of hiding a message within a file, such as a picture, video or audio file, to avoid detection.

Exam Question 68

What is the Diffie-Hellman key exchange vulnerable to?

A. Snooping
B. Man-in-the-middle attacks
C. ROBOT attacks
D. Phishing attacks
Correct Answer:
B. Man-in-the-middle attacks
Answer Description:
One key weakness of Diffie-Hellman is its susceptibility to man-in-the-middle (MitM) attacks. Because the key exchange doesn’t authenticate either party involved in the exchange, a third party can imitate a legitimate party and, therefore, spoof messages. Diffie-Hellman, used in conjunction with a means of mutual authentication, can help prevent MitM attacks.

Exam Question 69

What is a widely used privacy-ensuring program by individuals and corporations?

A. Digital Signature Standard
B. Online Certificate Status Protocol
C. Secure HTTP
D. Pretty Good Privacy
Correct Answer:
D. Pretty Good Privacy
Answer Description:
Pretty Good Privacy, or PGP, is a popular program that authenticates digital certificates and encrypts and decrypts files, texts, emails, directories and whole disk partitions. It was developed in 1991 by Philip R. Zimmermann.

Exam Question 70

Until when will 2,048-bit RSA keys be sufficient?

A. 2025
B. 2030
C. 2040
D. Forever
Correct Answer:
B. 2030
Answer Description:
Quantum computing will open systems to quantum attacks, terminating the effectiveness of many encryption algorithms used today. RSA claims that 2,048-bit RSA keys will be sufficient until 2030 and recommends using 3,072-bit RSA keys for security beyond that date.

Exam Question 71

What is the name of the encryption/decryption key known only to the party or parties that exchange secret messages?

A. E-signature
B. Digital certificate
C. Private key
D. Security token
Correct Answer:
C. Private key
Answer Description:
A private key, also known as a secret key, is a variable in cryptography used to encrypt and decrypt cryptographic messages. Secret keys are only known to the party or parties exchanging secret messages, making them highly secure. Private keys are used in asymmetric and symmetric cryptography, as well as cryptocurrencies.

Exam Question 72

Which of the following was commonly used in cryptography during World War II?

A. Tunneling
B. Personalization
C. Van Eck phreaking
D. One-time pad
Correct Answer:
D. One-time pad
Answer Description:
The use of one-time pads was prominent during World War II and in the Cold War era. A one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is decrypted by a receiver using a matching one-time pad and key.

Exam Question 73

How long would a 10-bit message be after being encrypted by a stream cipher?

A. 2 bits
B. 5 bits
C. 10 bits
D. 20 bits
Correct Answer:
C. 10 bits
Answer Description:
With a stream cipher, binary digits in a message are encrypted one bit at a time, meaning each plaintext digit equals one ciphertext digit. Therefore, an encrypted 10-bit message would be 10 bits long.