$1.$ True or False. SSL and TLS two different names for the exact same, interchangeable technology. Since they are the same thing, if a system uses SSL it can also use TLS and vice versa.

a$.$ True

b$.$ False

$2.$ Asymmetric encryption takes a bit of work to set up$.$ That is$,$ first both parties need to

agree on which algorithm to use, one or both parties need to generate a set of

public$/$private keys, and then the key exchange needs to occur. When asymmetric was

first implemented each user had to perform these steps manually. With modern

encryption systems the steps in this process can be performed automatically. What is

the name of the technology or technologies that have automated this setup?

a$.$ TLS

b$.$ RSA

c$.$ AES

d$.$ OpenSSL

e$.$ SHA$-256$

f$.$ HMAC

g$.$ EC$-$DH

$3.$ While asymmetric encryption solved the key exchange problem faced by symmetric

encryption, it is vulnerable to Man$-$In$-$The$-$Middle Attacks, where the attacker replaces

the valid asymmetric public key$($s$)$ with their own public key. What is the name of the

system that has been implemented to authenticate public keys?

a$.$ PKE

b$.$ PKI

c$.$ TKI

d$.$ DNS

e$.$ RSA

f$.$ HMAC

$4.$ True or False. Asymmetric encryption solved the key exchange problem, but it is much

slower than symmetric encryption.

a$.$ True

b$.$ False

$5.$ In modern encryption asymmetric encryption is used at the very beginning of the

process, but typically only to exchange a symmetric seed$/$key$.$ After the symmetric

seed$/$key is exchanged, modern systems switch to fast symmetric encryption. What is

the name of the technology or technologies that have automated switching from

asymmetric encryption to symmetric encryption in the modern encryption process?

a$.$ TLS

b$.$ PKI

c$.$ AES

d$.$ OpenSSL

e$.$ SHA$-256$

f$.$ HMAC

g$.$ EC$-$DH

$6.$ True or False. Even though there are three asymmetric encryption algorithms, all web

clients and web servers use RSA exclusively, making E$-$Commerce possible.

a$.$ True

b$.$ False

$7.$ True or False. Even though there are a few different symmetric encryption algorithms, all

web clients and web servers use AES exclusively, making E$-$Commerce possible.

a$.$ True

b$.$ False

$8.$ True or False. Even though there are a few different hash algorithms, all web clients and

web servers use SHA$-3$ exclusively, making E$-$Commerce possible.

a$.$ True

b$.$ False

$9.$ True or False. The client PKI certificate mandates the set of symmetric and asymmetric

encryption algorithms to use when setting up a secure connection between a client and

server.

a$.$ True

b$.$ False

$10.$ Which of the following is most true regarding TLS$?$

a$.$ All transmissions are secured using asymmetric encryption.

b$.$ All transmissions are secured using symmetric encryption.

c$.$ Initially asymmetric encryption is used to exchange a symmetric key. After this

initial key exchange, all remaining transmissions are secured using symmetric

encryption.

d$.$ Initially symmetric encryption is used to exchange an asymmetric key. After this

all remaining transmissions are secured using asymmetric encryption.

e$.$ The form of encryption used depends on whether SSL or TLS is used.

$11.$ In the big Internet PKI system, which of the following components acts as the

gatekeeper into the PKI system for businesses and organizations by ensuring a

background check is passed and verifying the organization$$s identity before approving a

certificate for the organization?

a$.$ Certificate Authority

b$.$ Validation Authority

c$.$ Registration Authority

d$.$ United States Department of Commerce

e$.$ ICANN $($Internet Corporation for Assigned Names and Numbers$)$

$12.$ True or False. In the big Internet PKI system there are multiple types of authentication

certificates that can be used to authenticate a web site and result in a lock icon being

displayed when pages from the web site are displayed.

a$.$ True

b$.$ False

$13.$ True of False. The background check performed by all of the current Certificate

Authorities is so robust that it$$s impossible for a fraudulent company to obtain a

certificate. If you are on the Internet and see the lock in a web site$$s URL, indicating they

have a valid certificate, you can be $100\%$ assured that the organization running the web

site is genuine.

a$.$ True

b$.$ False

$14.$ Assume that Alice and Bob live in two different countries and want to exchange email

messages in a secure manner. They decide to use OpenPGP to protect their messages.

Which trust model are they using?

a$.$ Centralized Trust Model

b$.$ Symmetric Trust Model

c$.$ International Trust Model

d$.$ Web of Trust

$15.$ Assume you$$re buying your favorite cryptology teacher a new Lego set from

Amazon.com. During the process of paying Amazon for the purchase are you using

centralized or decentralized trust model $($web of trust$)?$

a$.$ Centralized

b$.$ Decentralized