Fill-the-gaps questions really test your knowledge base, and can be quite vague at times. In the CompTIA Security+ examination, some of the test questions can also be quite vague, hence the value of this section.
Complete the answers that you can, then make a list of those topics that you are getting wrong, as you need to revise these areas before you take the test. Best of luck.
In the following questions, fill in the gaps to make the statement. Each underlined section of the sentence represents one word—for example, ___________ means that one word is missing; ________ ___________ means that two words are missing:
1. The __________ key length, the faster it is, but larger the key length, the more __________ it is.
2. Key stretching and __________ are techniques where random characters are __________ to the password to make them harder to crack using brute force.
3. Full Disk Encryption is used to protect data-at-rest on a __________ and Full Device Encryption is used to protect data-at-rest on a _________ ______________.
4. _______ is used for encryption on small devices as it has a small key but uses the Diffie Hellman handshake, however, when encrypting data on a military mobile telephone ____- _______ is used.
5. Ephemeral keys are ________ lived keys and the two examples are ________ and _____.
6. The first stage in encryption whether we are using asymmetric or symmetric encryption is to ____________ ______.
7. Encryption between two people can be carried out using _____, where no PKI architecture is required.
8. To ensure integrity of data, we will use a technique called _________; two examples of these are ______ and ______.
9. Two key stretching algorithms are ________ and ________. These increase the ________ time it takes a brute force attack to crack a password.
10. HMAC provides both data _____________ and data ________________.
11. The strongest encryption protocol used by a VPN is _____ and the weakest encryption used by a VPN is _____. They are both symmetric encryption; this means that they use ____ key.
12. When using symmetric encryption, one key is used and this is known as the __________ _____ or the ________ ______.
13. Blowfish is _________ than Twofish as it uses a ____-bit key length whereas Twofish uses a _____-bit key length.
14. When encrypting data, we will use someone else's ________ key and for decryption, they will use the corresponding _________ key.
15. ________________ is a technique where we will either mask data or make it difficult to be read should it be stolen.
16. When a data packet is leaving the network and is stopped by the _________ firewall as it is larger than expected, this shows that someone is trying to steal the data using a technique called _____________.
17. A technique called a ________ ____________ provides integrity of an email; this is where the email is signed using the originator's ___________ key, and this also provides non-repudiation.
18. The Data Recovery Agent needs to obtain the user's __________ key to recover their data when their certificates are corrupt and he obtains this key from the _____ __________.
19. Certificate __________ is where the web server bypasses the CRL and goes directly to the ________ for faster validation of the certificate.
20. A private key has a _____ format with an extension of _____, whereas the public key has a ______ format with a ______ format.
21. Certificate _________ prevents fraudulent certificate from being produced and prevents compromise of the CA.
22. The function of the certificate architect is to design the PKI structure and install both the CA and the _______________.
23. The Key Escrow manages the private keys for third parties and stores them in a ___________ ___________ ____________.
24. The _____________ ________ shows your certificate and the path from the intermediary who issued the certificate to the CA who signed the certificate. It uses three different layers or a trust error will occur.
25. A ____________ __________ is where an attacker tries to match a hash value so that he knows the password.
26. WPA2-Enterprise uses ________ with a __________ server for authentication to a domain.
27. _____________ ____________ ________ is used to check the validity of certificates, even if you have no internet, but when it goes slow you might adopt an ________ for faster validation.
28. A _____________ certificate can be used when one certificate can be purchased for use on multiple servers in the same domain.
29. A _________ certificate can be used when you need to insert multiple domains using a single IP address.
30. A ________ ________ is where two separate PKIs trust each other for cross-certification.
31. ______-_______ is the more secure wireless encryption protocol as it used AES.
32. The certificate serial number is called the _____ and is located on the X.509 itself.
33. ________ is used for wireless connection and is set up by first inserting a ______________ then afterward, you access the network by simply pushing a button.
34. When setting up _____-_____ for authentication, a certificate needs to be installed on the endpoint or host.
35. When setting up ______-______ for authentication, a certificate needs to be installed on the server.
36. When encrypting data, you will use ___________ _______ public key and they will decrypt the data with the corresponding __________ key.
37. Asymmetric encryption uses two keys, and these are known as the __________ key and the _______ key and the public key. The __________ key is never given away.
38. A private key has a ______ format and a file extension of .pfx and can be protected by a __________.
39. A public key has a P7B format and a file extension of _______ and ________ be protected by a password.
40. A PEM certificate uses a ______ ____ format.
41. ____________ is where we have a small change to plaintext and this results in many more changes to the ciphertext.
42. _____ encrypts data-in-transit; this replaced the legacy SSL protocol.
43. ____________ encryption is used to encrypt large amounts of data as it uses a small key with _______ cipher.
44. L2TP/IPSec uses a ________ _________ handshake to create a secure session before the data is transferred. This is known as ______.
45. Six different symmetric encryption algorithms are RC4, ____, _____, _____, Blowfish, and ___________.
46. __________ ____________ and __________ are methods of email integrity and data integrity.
47. A _____-________ certificate cannot be validated as it has no method of checking its validity.
48. ______ is a substitution cipher used by Julian Caesar to encrypt his battle plans and prevent his enemies from intercepting them. Each letter is replaced by the ____ letter after it in the ___________.
49. A ________ is a random number used once in cryptography.
50. ___________ make the relationship between the cyphertext as encryption key as complex as possible.