CISSP - Domain 5: Cryptography
A DES key is? A. 56 bits B. 128 bits C. 512 bits D. 1024 bits
A (56 bits; DES is an algorithm with a fixed key length)
With respect to block cipher algorithms, CBC stands for which of the following? A. Cipher Block Chaining B. Code Book Cipher C. Cipher Block Chain D. Code Block Chain
A (Cipher Block Chaining)
Double-DES, or 2DES, is not considered much stronger than DES for which of the following reasons? A. Double-DES is vulnerable to the meet-in-the-middle attack. B. Double-DES has an effective key length of 47 bits due to the double encryption of the message. C. Because DES is not a mathematical "group", successive iterations of message encryption produce weaker and weaker ciphertext with respect to cryptanalysis. D. Each successive pass of encryption using DES reduces the effective key length by 9 bits.
A (Double-DES is vulnerable to the meet-in-the-middle attack)
Which of the following is also referred to as rotor systems, such as the 'American sigaba'? A. Hebern machines B. Enigma machines C. Vernam ciphers D. Jefferson disks
A (Hebern machines)
Which of the following BEST describes the ROT-13 cipher? A. It rotates each letter in the message thirteen places through the alphabet. B. It runs the message through the Rjindael cipher thirteen successive times. C. It runs the message through the ROT-3 thirteen successive times. D. It applies the Caesar cipher thirteen times to the message.
A (It rotates each letter in the message thirteen places through the alphabet)
Which algorithms are used for message integrity? A. MD5 and SHA-1 B. RSA and RC4 C. DES and 3DES D. Diffie-Hellman and DSS
A (MD5 and SHA-1)
Which of the following choices describes the basic encryption technique of shuffling the order in which the characters appear? A. Permutation B. Rotation C. Hybrid D. Substituting
A (Permutation)
Which of the following is NOT a steganography method? A. Superimposition B. Injection C. Substitution D. Generation of a new file
A (Superimposition)
What is the key length of the Rijndael Cipher? A. Variable B. 56 bits C. 128 bits D. 256 bits
A (Variable - Also known as AES)
Block ciphers can operate in several modes. Which of the following modes is the simplest, most obvious application? A. Electronic Codebook (ECB) B. Output Feedback (OFB) C. Cipher Feedback (CFB) D. Cipher Block Chaining (CBC)
A. (Electronic Codebook - ECB)
Our organization is using ESP for two-way communication? How many SAs are needed? A. One B. Two C. Three D. None
B (2 - Security Associations, or SAs, are uni-directional. One for Client->Server and one for Server->Client)
Kerberos' main application is which of the following? A. Public-key cryptosystem used in Microsoft products. B. A single sign-on system for client-server authentication schemes. C. A hash function used for integrity in modern cryptosystems. D. An authentication scheme used with TLS (Transaction Layer Security)
B (A single sign-on system for client-server authentication schemes)
Our organization has been utilizing McAfee full-disk encryption to protect our information. We have decided to switch to Bitlocker version 3.6 in Windows 2008 across our platform. In doing so, what is the new algorithm that we are going to use for confidentiality on our hard drive? A. RIPEMD B. AES C. El Gamel D. HMAC
B (AES - Confidentiality is Symmetric. RIPEMD and HMAC are Hash; El Gamel is Asymmetric)
Which of the following requirements is NOT a goal of cryptography? A. Confidentiality B. Availability C. Non-repudiation D. Authentication
B (Availability)
Which of the following crypto attacks requires only encrypted messages (no plaintext is available)? A. Chosen-key attack B. Chosen-ciphertext attack C. Ciphertext-only attack D. Multi-cipher attack
B (Ciphertext-only attack)
Which of the following is NOT a method of encryption? A. Substitution B. Combination C. Permutation D. Hybrid
B (Combination)
If our organization is utilizing encryption. Here is the representation of the encryption model E(m,k) = c. Which of the following is a representation of our decryption model? A. D(c)=m B. D(E(m,k),k)=m C. E(D(c,k),k)=c D. D(m,k)=c
B (D(E(m,k),k)=m is the same as D(c,k)=m)
Which of the following is NOT a hash algorithm A. SHA B. ECC C. MD5 D. HMAC
B (ECC - Elliptic Curve Cryptography)
Which component of IPSec provides encryption and limited authentication? A. AH (Authentication Header) B. ESP (Encapsulation Security Payload) C. SA (Security Association) D. VPN (Virtual Private Network)
B (ESP - Encapsulation Security Payload provides encryption and limited authentication. AH (AH, Authentication Header does not provide encryption)
Block ciphers can operate in several modes. Which of the following modes is susceptible to a variety of brute-force attacks? A. Output Feedback (OFB) B. Electronic Codebook (ECB) C. Cipher Feedback (CFB) D. Cipher Block Chaining (CBC)
B (Electronic Codebook - ECB)
Which of the following is a cipher that uses one particular letter to replace another? A. Polyalphabetic cipher B. Monoalphabetic cipher C. Caesar cipher D. Polymorphic cipher
B (Monoalphabetic cipher)
Which of the following is NOT a symmetric-key cryptosystem? A. RC4 B. RSA C. IDEA D. DES
B (RSA)
Our organization has critical intellectual property of our clients. We could lose significant amounts of money if that information was compromised. We are deploying crypto and we want to make sure that information is protected as much as possible. Which of the following should be one of our primary areas of focus: A. Writing our own cryptographic algorithms B. Securing the cryptographic key C. Validating our algorithms D. Take a lifecycle approach to crypto
B (Securing the cryptographic key - if you do not secure the key, crypto is defeated)
Which of the following could not be used as a secure channel for symmetric key exchange? A. Diffie Hellman B. RSA C. AES D. El Gamal
C (AES - this is a symmetric key cipher)
What is an adaptive-chosen plaintext attack? A. An adaptive-chosen plaintext attack allows the cryptanalyst to choose the initial ciphertext that gets decrypted, and then choose additional blocks of text that get decrypted for further analysis based upon each decryption step. B. An adaptive-chosen plaintext attack allows the cryptanalyst to choose the initial plaintext that gets encrypted, and then choose additional blocks of text that get decrypted for further analysis based upon decryption step. C. An adaptive-chosen plaintext attack allows the cryptanalyst to choose the initial plaintext that gets encrypted, and then choose additional blocks of text that get encrypted for further analysis based upon each encryption step. D. An adaptive-chosen plaintext attack allows the cryptanalyst to choose the initial ciphertext that gets decrypted, and then choose additional blocks of text that get encrypted for further analysis based upon each encryption step.
C (An adaptive-chosen plaintext attack allows the cryptanalyst to choose the initial plaintext that gets encrypted, and then choose additional blocks of text that get encrypted for further analysis based upon each encryption step)
We are looking at buying Alpha-tech's product which has built in encryption. We asked them what algorithm they are using and they are using a proprietary algorithm. They would not give us the algorithm to test. Which of the following is the best option for us: A. Trust Alpha-tech B. Verify that the proprietary algorithm utilized basic principles of cryptography C. Don't buy the product D. Go in and trust what Alpha-tech tells you
C (Don't buy the product. Good cryptography is secure even when the algorithm is known)
Given the following plaintext and ciphertext, which choice would be the encryption for the word CAB Plaintext: ABCDEF Ciphertext:WKMPDO A. MDK B. MKW C. MWK D. WKM
C (MWK)
Which of the following plays the MOST important part in protecting a cryptosystem? A. A sufficiently large key length. B. Using a newer cipher such as Rjindael or Blowfish, versus an older cipher like 3DES. C. Protecting the secret key for a symmetric cryptosystem and the private key for a public-key system. D. Ensuring the cipher used has been publicly studied and scrutinized.
C (Protecting the secret key for a symmetric cryptosystem and the private key for a public-key system)
Chosen ciphertext attacks are mainly used against which kinds of ciphers? A. Private-key B. Symmetric-key C. Public-Key D. Hash functions
C (Public-Key)
Which of the following is NOT a characteristic of public-key cryptosystems? A. Public-key cryptosystems are "slower" than symmetric-key cryptosystems when encrypting and decrypting a message. B. Public-key cryptosystems distribute public-keys within digital signatures. C. Public-key cryptosystems require a secure key distribution channel. D. Public-key cryptosystems provide technical non-repudiation via digital signatures.
C (Public-key cryptosystems require a secure key distribution channel)
The U.S. Government's clipper chip embodied the escrowed encryption standard using which of the following algorithms? A. Blowfish B. RC4 C. Skipjack D. 3DES
C (Skipjack)
Our organization is deploying many different applications. Every single application needs to be encrypted. If a certain application, for performance reasons, requires that we use a stream cipher; which of the following layer 4 protocols would be most appropriate? A. IP B. TCP C. UDP D. ICMP
C (UDP, real-time communications tends to use UDP instead of TCP. IP & ICMP are Layer 3)
Our organization wants to allow clients and servers to communicate back and forth with confidentiality, robust integrity, and robust authentication? How many SAs will we need to set up? A. One B. Two C. Three D. Four
D (2 for setting up AH; 2 for ESP; Security Association's (SAs) are unidirectional per header type)
Our organization is looking at deploying a cryptographic algorithm. Which of the following would be our best option: A. 5 year-old proprietary algorithm B. 30 year-old proprietary algorithm C. 5 year-old public algorithm D. 30 year-old public algorithm
D (30-year old public algorithm; out for more than 10 years and publicly available)
Our company just purchased Pointsec. Pointsec is a full blown, full disk encryption solution. Which of the following algorithms does Pointsec use for confidentiality? A. RSA B. MD5 C. El Gamel D. AES
D (AES - symmetric-key is primarily used for confidentiality. Others are Asymmetric or Hash)
What does AES stand for? A. Advanced Encryption Sample B. Advanced Encryption Sanction C. Advanced Encryption Signal D. Advanced Encryption Standard
D (Advanced Encryption Standard)
Which of the following choices is NOT one of the four common cryptographic terms? A. Ciphertext B. Plaintext C. Decryption D. Authentication
D (Authentication)
Which of the following is one of the main differences between cryptography and steganography? A. Cryptography provides secrecy but not confidentiality, whereas steganography provides confidentiality but does not provide secrecy (unless combined with cryptography). B. Cryptography and steganography both provide secrecy, but only steganography provides confidentiality. C. Steganography uses cryptography to provide secrecy. D. Cryptography provides confidentiality but not secrecy, whereas steganography provides secrecy but does not provide confidentiality (unless combined with cryptography).
D (Cryptography provides confidentiality but not secrecy, whereas steganography provides secrecy but does not provide confidentiality (unless combined with cryptography)
Using the ROT-3 scheme, which of the following choices would be the correct encryption for the word CAB? A. ABC B. EFG C. BAC D. FDE
D (FDE)
The RSA algorithm uses what kind of intractable problem as the basis of its cryptosystem? A. Solving the discrete logarithm problems over finite fields. B. Computing elliptic curves over finite fields. C. Factoring super-polynomials. D. Factoring certain large integers into their two prime factors.
D (Factoring certain large integers into their two prime factors)
Which type of cryptosystem uses a one-way transformation that is not reversible? A. Symmetric encryption functions B. Asymmetric cryptographic functions C. Diffie Hellman exchange functions D. Hash functions
D (Hash functions)
There are three general types of crypto algorithms. Which of the following algorithms offers no key encryption? A. Symmetric B. Asymmetric C. Secret Key D. Hash
D (Hash)
Which of the following key issues is based on the fact that the keys are not going to last forever, but if you do not discard it someone else may be able to use it? A. Key theft B. Key generation C. Key change D. Key retirement
D (Key retirement)
Which of the following does NOT provide for confidentiality? A. CAST B. IDEA C. 3DES D. MD5
D (MD5 - It is a Hash algorithm)
Hash functions provide what primary function in a cryptosystem? A. Confidentiality B. Non-repudiation C. Authentication D. Message Integrity
D (Message Integrity)
The classic Caesar cipher is a? A. Code sharing B. Polyalphabetic cipher C. Monoalphabetic cipher D. Transposition cipher
D (Monoalphabetic cipher)
We want to go in and ensure a safe cryptographic environment. Which is better? A. A 300-bit unprotected key B. A 50-bit protected key C. A 50-bit unprotected key D. A 100-bit protected key
D (Protecting the key is more important than key length, but key length is also important)
What is the 'weakest link' in cryptographic systems? A. The key length of the cipher. B. The particular cipher, such as 3DES or Blowfish. C. The number of rounds of encryption, such as three for 3DES and one for DES. D. Protection and secure storage of public/private and symmetric keys.
D (Protection and secure storage of public, private and symmetric keys)
The AES (Advanced Encryption Standard) uses which of the following algorithms? A. Serpent B. Twofish C. Blowfish D. Rijndael
D (Rijndael)
Which of the following BEST describes non-repudiation as it relates to a cryptosystem? A. The cryptosystem should be able to prove that the message has not been tampered with. B. The cryptosystem should allow a person to know for sure that the message given to him by another person is really from that person. C. The cryptosystem should hide the contents of the message from all other persons except the sender and the intended recipient. D. The cryptosystem should be able to prove that a specific person, and only that person, sent the message and that it has not been altered or falsified.
D (The cryptosystem should be able to prove that a specific person, and only that person, sent the message, and that it has not been altered or falsified)