CISSP Cert Library Topic 11

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Enigma was: A. The German rotor machine used in WWII. B. Probably the first programmable digital computer. C. An English project created to break German ciphers. D. The Japanese rotor machine used in WWII.

Answer : A Explanation: Answer "An English project created to break German ciphers" describes the Ultra Project based in Bletchley Park , England. Answer "The Japanese rotor machine used in WWII" describes the Japanese Purple Machine. Answer "Probably the first programmable digital computer" refers to Collossus. NEXT QUESTION

The Number Field Sieve (NFS) is a: A. General purpose factoring algorithm that can be used to factor large numbers B. General purpose algorithm used for brute force attacks on secret key cryptosystems C. General purpose hash algorithm D. General purpose algorithm to calculate discreet logarithms

Answer : A Explanation: The NFS has been successful in efficiently factoring numbers larger than 115 digits and a version of NFS has successfully factored a 155-digit number. Clearly, factoring is an attack that can be used against the RSA cryptosystem in which the public and private keys are calculated based on the product of two large prime numbers. The other answers are distracters. NEXT QUESTION

A 1999 law that addresses privacy issues related to health care, insurance and finance and that will be implemented by the states is: A. Kennedy-Kassebaum B. Gramm-Leach-Bliley (GLB) C. Insurance Reform Act D. Medical Action Bill

Answer : B Explanation: See the answers to Question 15 for a discussion of GLb. * Answer Kennedy-Kassebaum refers to the HIPAA legislation (US Kennedy-Kassebaum Health Insurance and Portability Accountability Act HIPAA-Public Law 104-19). Answers Medical Action Bill and Insurance Reform Act are distracters. NEXT QUESTION

The hashing algorithm in the Digital Signature Standard (DSS) generates a message digest of: A. 130 bit B. 56 bits C. 120 bits D. 160 bits

Answer : D NEXT QUESTION

In the Common Criteria, an implementation-independent statement of security needs for a set of IT security products that could be built is called a: A. Package. B. Security Target (ST). C. Target of Evaluation (TOE). D. Protection Profile (PP).

Answer : D Explanation: The correct answer is "Protection Profile (PP)". Answer a, ST, is a statement of security claims for a particular IT product or system. * A Package is defined in the CC as an intermediate combination of security requirement components. * ATOE is an IT product or system to be evaluated. NEXT QUESTION

Which of the following is NOT a proper media control? A. Aproper storage environment should be provided for the media. B. The data media should be logged to provide a physical inventory control. C. All data storage media should be accurately marked. D. The media that is reused in a sensitive environment does not need sanitization.

Answer : D Explanation: The correct answer is "The media that is reused in a sensitive environment does not need sanitization". Sanitization is the process of removing information p p g from used data media to prevent data remanence. Different media require different types of sanitation. All the others are examples of proper media controls. NEXT QUESTION

ATrusted Computing Base (TCB) is defined as: A. The total combination of protection mechanisms within a computer system that are trusted to enforce a security policy. B. A system that employs the necessary hardware and software assurance measures to enable processing multiple levels of classified or sensitive information to occur. C. The boundary separating the trusted mechanisms from the remainder of the system. D. A trusted path that permits a user to access resources.

Answer : A Explanation: * Answer "The boundary separating the trusted mechanisms from the remainder of the system" is the security perimeter. * Answer "A trusted path that permits a user to access resources" is the definition of a trusted path. * Answer "A system that employs the necessary hardware and software assurance measures to enable processing multiple levels of classified or sensitive information to occur" is the definition of a trusted computer system. NEXT QUESTION

Which choice below is NOT an element of a fiber optic cable? A. BNC B. Jacket C. Core D. Cladding

Answer : A Explanation: A BNC refers to a Bayonet Neil Concelman RG58 connector for 10Base2. Fiber optic cable has three basic physical elements, the core, the cladding, and the jacket. The core is the innermost transmission medium, which can be glass or plastic. The next outer layer, the cladding is also made of glass or plastic, but has different properties, and helps to reflect the light back into the core. The outermost layer, the jacket, provides protection from heat, moisture, and other environmental elements. Source: Gigabit Ethernet by Jayant Kadambi, Ian Crayford, and Mohan Kalkunte (Prentice Hall PTR, 1998). Figure shows a cross-section of a fiber optic cable. Exhibit: image010 NEXT QUESTION

In the Common Criteria, a Protection Profile: A. Specifies the security requirements and protections of the products to be evaluated. B. Is also known as the Orange Book. C. Is also known as the Target of Evaluation (TOE). D. Specifies the mandatory protection in the product to be evaluated.

Answer : A Explanation: Answer "Specifies the mandatory protection in the product to be evaluated" is a distracter. * Answer "Is also known as the Target of Evaluation (TOE)" is the product to be evaluated. * Answer "Is also known as the Orange Book" refers to TCSEC. NEXT QUESTION

An associative memory operates in which one of the following ways? A. Searches for a specific data value in memory B. Uses indirect addressing only C. Returns values stored in a memory address location specified in the CPU address register D. Searches for values in memory exceeding a specified value y g p

Answer : A Explanation: Answer a refers to an addressing mode used in computers where the address location that is specified in the program instruction contains the address of the final desired location. * Answer "Searches for values in memory exceeding a specified value" is a distracter and answer "Returns values stored in a memory address location specified in the CPU address register" is the description of the direct or absolute addressing mode. NEXT QUESTION

Which one of the following is generally NOT considered a covered entity under Title II, Administrative Simplification, of the HIPAA law? A. Employers B. Health care providers who transmit health information electronically in connection with standard transactions C. Health plans D. Health care clearinghouses

Answer : A Explanation: Employers are not specifically covered under HIPAa. HIPAA applies to health care providers that transmit health care information in electronic form, health care clearinghouses, and health plans. However, some employers may be covered under the Gramm-Leach-Bliley Act. The Gramm-Leach-Bliley (GLB) Act was enacted on November 12, 1999, to remove Depression era restrictions on banks that limited certain business activities, mergers, and affiliations. It repeals the restrictions on banks affiliating with securities firms contained in sections 20 and 32 of the Glass-Steagall Act. GLB became effective on November 13, 2001. GLB also g g , requires health plans and insurers to protect member and subscriber data in electronic and other formats. These health plans and insurers will fall under new state laws and regulations that are being passed to implement GLB, since GLB explicitly assigns enforcement of the health plan and insurer regulations to state insurance authorities (15 USc. 6805). Some of the privacy and security requirements of Gramm-Leach-Bliley are similar to those of HIPAA. Most states required that health plans and insurers comply with the GLB requirements by July 1, 2001, and financial institutions were required to be in full compliance with Gramm-Leach-Bliley by this date. The other answers are incorrect since they are covered by the HIPAAregulations. NEXT QUESTION

What is a protocol that adds digital signatures and encryption to Internet MIME (Multipurpose Internet Mail Extensions)? A. S/MIME B. PGP C. SET/MIME D. IPSEC

Answer : A Explanation: The MIME protocol specifies a structure for the body of an email message. MIME supports a number of formats in the email body, including graphic, enhanced text and audio, but does not provide security services for these messages. S/MIME defines such services for MIME as digital signatures and encryption based on a standard syntax. *Answer IPSEC is incorrect since IPSEC is not an email protocol but is a standard that provides encryption, access control, nonrepudiation, and authentication of messages over IP. It is designed to be functionally compatible with IPv6. Answer b is incorrect because PGP, Pretty Good Privacy, brings security to email through the use of a symmetric cipher, such as IDEA, to encipher the message. RSA is used for symmetric key exchange and for digital signatures. PGP is not an augmentation of MIMe. RFC 2440 permits other algorithms to be used in PGP. In order of preference, they are ElGamal and RSAfor key distribution; triple DES, IDEAand CAST5 for encryption of messages; DSA and RSA for digital signatures and SHA-1 or MD5 for generating hashes of the messages. Answer d is incorrect because there is no such protocol. There is a protocol called SET for Secure Electronic Transaction. It was developed by Visa and MasterCard to secure electronic bankcard transactions. SET requests authorization for payment and requires certificates binding a person's public key to their identity. NEXT QUESTION

In a multilevel security system (MLS), the Pump is: A. A one-way information flow device B. A two-way information flow device C. A device that implements role-based access control D. Compartmented Mode Workstation (CMW)

Answer : A Explanation: The Pump (M.h. Kang, I.S. Moskowitz, APump for Rapid, Reliable, Secure Communications, The 1st ACM Conference on Computer and Communications Security, Fairfax, VA, 1993) was developed at the US Naval Research Laboratory (NRL). It permits information flow in one direction only, from a lower level of security classification or sensitivity to a higher level. It is a convenient approach to multilevel security in that it can be used to put together systems with different security levels. * Answer "A two-way information flow device" is a distracter. * Answer "Compartmented Mode Workstation (CMW)", the CMW, refers to y y p ( ) , , windows-based workstations that require users to work with information at different classification levels. Thus, users may work with multiple windows with different classification levels on their workstations. When data is attempted to be moved from one window to another, mandatory access control policies are enforced. This prevents information of a higher classification from being deposited to a location of lower classification. * Answer "A device that implements role-based access control", role-based access control, is an access control mechanism and is now being considered for mandatory access control based on users' roles in their organizations. NEXT QUESTION

The primary goal of the TLS Protocol is to provide: A. Privacy and data integrity between two communicating applications B. Authentication and data integrity between two communicating applications C. Privacy and authentication between two communicating applications D. Privacy, authentication and data integrity between two communicating applications

Answer : A Explanation: The TLS Protocol is comprised of the TLS Record and Handshake Protocols. The TLS Record Protocol is layered on top of a transport protocol such as TCP and provides privacy and reliability to the communications. The privacy is implemented by encryption using symmetric key cryptography such as DES or RC4. The secret key is generated anew for each connection; however, the Record Protocol can be used without encryption. Integrity is provided through the use of a keyed Message Authentication Code (MAC) using hash algorithms such as SHA or MD5. The TLS Record Protocol is also used to encapsulate a higher-level protocol such as the TLS Handshake Protocol. This Handshake Protocol is used by the server and client to authenticate each other. The authentication can be accomplished using asymmetric key cryptography such as RSA or DSS. The Handshake Protocol also sets up the encryption algorithm and cryptographic keys to enable the application protocol to transmit and receive information. NEXT QUESTION

A portion of a Vigenre cipher square is given below using five (1, 2, 14, 16, 22) of the possible 26 alphabets. Using the key word bow, which of , ) p p g y , the following is the encryption of the word advance using the Vigenre cipher? Exhibit: A. b r r b b y f B. b r r b b y h C. b r r b c y f D. b r r b j y f

Answer : A Explanation: The Vigenre cipher is a polyalphabetic substitution cipher. The key word bow indicates which alphabets to use. The letter b indicates the alphabet of row 1, the letter o indicates the alphabet of row 14, and the letter w indicates the alphabet of row 22. To encrypt, arrange the key word, repetitively over the plaintext as shown in Table. Exhibit: image028 Thus, the letter a of the plaintext is transformed into b of alphabet in row 1, the letter d is transformed into r of row 14, the letter v is transformed into r of row 22 and so on. NEXT QUESTION

Which of the following is NOT a property of a public key cryptosystem? (Let P represent the private key, Q represent the public key and M the plaintext message.) A. P and Q are difficult to generate from a particular key value. B. P[Q(M)] = M C. Q[P(M)] = M D. It is computationally infeasible to derive P from Q.

Answer : A Explanation: The answer refers to the initial computation wherein the private and public keys are computed. The computation in this direction is relatively straightforward. Answers "Q[P(M)] = M" and "P[Q(M)] = M" state the true property of public key cryptography which is that a plaintext message encrypted with the private key can be decrypted by the public key and vice versa. Answer "It is computationally infeasible to derive P from Q" states that it is computationally infeasible to derive the private key from the public key. Obviously, this is a critical property of public key cryptography. NEXT QUESTION

Which of the following would NOT be a component of a general enterprise security architecture model for an organization? A. IT system auditing B. Consideration of all the items that comprise information security, including distributed systems, software, hardware, communications systems, and networks C. Information and resources to ensure the appropriate level of risk management D. A systematic and unified approach for evaluating the organization's information systems security infrastructure and defining approaches to implementation and deployment of information security controls

Answer : A Explanation: The auditing component of the IT system should be independent and distinct from the information system security architecture for a system. * In answer "Information and resources to ensure the appropriate level of risk management", the resources to support intelligent risk management decisions include technical expertise, applicable evaluation processes, refinement of business objectives, and delivery plans. * Answer "Consideration of all the items that comprise information security, including distributed systems, software, hardware, communications systems, and networks" promotes an enterprise-wide view of information system security issues. * For answer "A systematic and unified approach for evaluating the organization's information systems security infrastructure and defining approaches to implementation and deployment of information security controls", the intent is to show that a comprehensive security architecture model includes all phases involved in information system security including planning, design, integrating, testing, and production. NEXT QUESTION

The following compilation represents what facet of cryptanalysis? A 8.2 B 1.5 C 2.8 D 4.3 E 12.7 F 2.2 G 2.0 H 6.1 I 7.0 J 0.2 K 0.8 L 4.0 M 2.4 N 6.7 O 7.5 P 1.9 Q 0.1 R 6.0 S 6.3 T 9.1 U 2.8 V 1.0 W 2.4 X 0.2 Y 2.0 Z 0.1 A. Frequency analysis B. Cilly analysis C. Cartouche analysis D. Period analysis

Answer : A Explanation: The compilation is from a study by h. Becker and f. Piper that was originally published in Cipher Systems: The Protection of Communication. The listing shows the relative frequency in percent of the appearance of the letters of the English alphabet in large numbers of passages taken from newspapers and novels. Thus, in a substitution cipher, an analysis of the frequency of appearance of certain letters may give clues to the actual letter before transformation. Note that the letters E, A, and T have relatively high percentages of appearance in English text. *Answer "Period analysis" refers to a cryptanalysis that is looking for sequences that repeat themselves and for the spacing between repetitions. This approach is used to break the Vigenre cipher. * Answer "Cilly analysis" is a reference to a cilly, which was a p g p pp g p y y y, three-character message key used in the German Enigma machine. * In answer "Cartouche analysis", a cartouche is a set of hieroglyphs surrounded by a loop. A cartouche referring to King Ptolemy was found on the Rosetta Stone. NEXT QUESTION

Which of the following is the best example of need-to-know? A. An operator does not know more about the system than the minimum required to do the job. B. An operator cannot generate and verify transactions alone. C. The operators' duties are frequently rotated. D. Two operators are required to work together to perform a task.

Answer : A Explanation: The correct answer is "An operator does not know more about the system than the minimum required to do the job". Need-to-know means the operators are working in an environment that limits their knowledge of the system, applications, or data to the minimum elements that they require to perform their job. * Answer "Two operators are required to work together to perform a task" is dual-control * "The operators' duties are frequently rotated" is job rotation * answer "An operator cannot generate and verify transactions alone" is separation of duties. NEXT QUESTION

The memory hierarchy in a typical digital computer, in order, is: A. CPU, cache, primary memory, secondary memory. B. CPU, cache, secondary memory, primary memory. C. CPU, secondary memory, cache, primary memory. D. CPU, primary memory, secondary memory, cache.

Answer : A Explanation: The correct answer is "CPU, cache, primary memory, secondary memory". In this architecture, the CPU sees the high-speed cache, which holds the instructions and data from primary memory that have a high probability of being executed by the program. In order of speed of access, the order in the correct answer goes from the fastest to the slowest access time. NEXT QUESTION

Acryptographic attack in which portions of the ciphertext are selected for trial decryption while having access to the corresponding decrypted plaintext is known as what type of attack? A. Chosen ciphertext B. Adaptive chosen plaintext C. Known plaintext D. Chosen plaintext

Answer : A Explanation: The correct answer is "Chosen ciphertext. In answer Known plaintext, the attacker has a copy of the plaintext corresponding to the ciphertext. Answer Chosen plaintext describes the situation where selected plaintext is encrypted and the output ciphertext is obtained. The adaptive chosen plaintext attack, answer "Adaptive chosen plaintext, is a form of chosen plaintext attack where the selection of the plaintext is altered according to previous results. NEXT QUESTION

Which of the following would NOT be an example of compensating controls being implemented? A. Modifying the timing of a system resource in some measurable way to covertly transmit information B. Sensitive information requiring two authorized signatures to release C. Asafety deposit box needing two keys to open D. Signing in or out of a traffic log and using a magnetic card to access to an operations center

Answer : A Explanation: The correct answer is "Modifying the timing of a system resource in some measurable way to covertly transmit information". This is the definition for a covert timing channel. The other three are examples of compensating controls, which are a combination of technical, administrative, or physical controls to enhance security. NEXT QUESTION

The minimum information necessary on a digital certificate is: A. Name, public key, digital signature of the certifier B. Name, expiration date, public key C. Name, expiration date, digital signature of the certifier D. Name, serial number, private key , ,p y

Answer : A Explanation: The correct answer is "Name, public key, digital signature of the certifier", where the name of the individual is certified and bound to his/her public key. This certification is validated by the digital signature of the certifying agent. In answer a, the public key is not present to be bound to the person's name. * In answer "Name, public key, digital signature of the certifier" the public key and name are present, but there is no digital signature verifying that the public key belongs to the name. * Answer "Name, serial number, private key" is incorrect on a number of counts. First, the private key is never disclosed to the public and secondly, there is no digital signature. NEXT QUESTION

Using pre-numbered forms to initiate a transaction is an example of what type of control? A. Preventative control B. Deterrent control C. Detective control D. Application control

Answer : A Explanation: The correct answer is "Preventative control". Pre-numbered forms are an example of preventative controls. They can also be considered a transaction control and input control. NEXT QUESTION

In most security protocols that support authentication, integrity and confidentiality, A. Public key cryptography is used to create digital signatures. B. Private key cryptography is used to create digital signatures. C. Digital signatures are not implemented. D. DES is used to create digital signatures.

Answer : A Explanation: The correct answer is "Public key cryptography is used to create digital signatures.". Answer "Private key cryptography is used to create digital signatures" is incorrect because private key cryptography does not create digital signatures. Answer "DES is used to create digital signatures" is incorrect because DES is a private key system and, therefore, follows the same logic as in "Private key cryptography is used to create digital signatures"; and answer "Digital signatures are not implemented" is incorrect because digital signatures are implemented to obtain authentication and integrity. p g g p g y NEXT QUESTION

The MULTICS operating system is a classic example of: A. Ring protection system. B. Object orientation. C. An open system. D. Database security.

Answer : A Explanation: The correct answer is "Ring protection system". Multics is based on the ring protection architecture. NEXT QUESTION

The protocol of the Wireless Application Protocol (WAP), which performs functions similar to SSL in the TCP/IP protocol, is called the: A. Wireless Transport Layer Security Protocol (WTLS). B. Wireless Transaction Protocol (WTP). C. Wireless Session Protocol (WSP). D. Wireless Application Environment (WAE).

Answer : A Explanation: The correct answer is "Wireless Transport Layer Security Protocol (WTLS)". SSL performs security functions in TCP/IP. The other answers refer to protocols in the WAP protocol stack also, but their primary functions are not security. NEXT QUESTION

In the access control matrix, the rows are: A. Capability lists. B. Tuples. C. Access Control Lists (ACLs). D. Domains.

Answer : A Explanation: The correct answer is Capability lists. * Answer "Access Control Lists (ACLs)" is incorrect because the access control list is not a row in the access p p y ( ) control matrix. * Answer Tuples is incorrect because a tuple is a row in the table of a relational database. * Answer Domains is incorrect because a domain is the set of allowable values a column or attribute can take in a relational database. NEXT QUESTION

Which one of the following is NOT a security mode of operation in an information system? A. Contained B. System high C. Multilevel D. Dedicated

Answer : A Explanation: The correct answer is Contained, a distracter. * In the system high mode the information system operates at the highest level of information classification. In this mode, all users must have security clearances for the highest level of classified information. * Answer the dedicated mode requires that all users must have a clearance or an authorization and a need-to-know for all information that is produced by the information system. * The multi-level mode of operation, answer c, supports users with different clearances and data at multiple classification levels. NEXT QUESTION

A computer system that employs the necessary hardware and software assurance measures to enable it to process multiple levels of classified or sensitive information is called a: A. Trusted system. B. Open system. C. Closed system. D. Safe system.

Answer : A Explanation: The correct answer is Trusted system, by definition of a trusted system. Answers Closed system and Open system refer to open, standard information on a product as opposed to a closed or proprietary product. Answer Safe system is a distracter. NEXT QUESTION

What is the result of the Exclusive Or operation, 1XOR 0? A. 1 B. Indeterminate C. 10 D. 0

Answer : A Explanation: The correct answer is a. An XOR operation results in a 0 if the two input bits are identical and a 1 if one of the bits is a 1 and the other is a 0. NEXT QUESTION

The Transport Layer Security (TLS) 1.0 protocol is based on which Protocol Specification? A. SSL-3.0 B. IPSEC C. TCP/IP D. SSH-2

Answer : A Explanation: The differences between TLS and SSL are not great, but there is enough of a difference such that TLS 1.0 and SSL 3.0 are not operationally compatible. If interoperability is desired, there is a capability in TLS that allows it to function as SSL. Question 5 provides additional discussion of the TLS protocol. NEXT QUESTION

The Rijndael Cipher employs a round transformation that is comprised of three layers of distinct, invertible transformations. These transformations are also defined as uniform, which means that every bit of the State is treated the same. Which of the following is NOT one of these layers? A. The key inversion layer, which provides confusion through the multiple rounds B. The non-linear layer, which is the parallel application of S-boxes that have the optimum worst-case non-linearity properties C. The linear mixing layer, which provides a guarantee of the high diffusion of multiple rounds D. The key addition layer, which is an Exclusive Or of the Round Key to the intermediate State

Answer : A Explanation: This answer is a distracter and does not exist. NEXT QUESTION

The algorithm of the 802.11 Wireless LAN Standard that is used to protect transmitted information from disclosure is called: A. Wired Equivalency Privacy (WEP) B. Wireless Transaction Protocol (WTP) C. Wireless Application Environment (WAE) D. Wireless Transport Layer Security Protocol (WTLS)

Answer : A Explanation: WEP is designed to prevent the violation of the confidentiality of data transmitted over the wireless LAN. Another feature of WEP is to prevent unauthorized access to the network. The other answers are protocols in the Wireless Application Protocol, the security. NEXT QUESTION

What do the message digest algorithms MD2, MD4 and MD5 have in common? A. They are all used in the Secure Hash Algorithm (SHA). B. They all take a message of arbitrary length and produce a message digest of 128-bits. C. They all take a message of arbitrary length and produce a message digest of 160-bits. D. They are all optimized for 32-bit machines.

Answer : B Explanation: * Answer "They all take a message of arbitrary length and produce a message digest of 160-bits" is obviously, then, incorrect. * Answer "They are all optimized for 32-bit machines" is incorrect since MD2 (B.S. Kaliski, The MD2 Message Digest Algorithm, RFC 1319, April 1992) is targeted for 8-bit machines. It is used in Privacy Enhanced Mail (PEM). MD4 (R.L. Rivest, The MD4 Message Digest Algorithm, RFC 1186, Oct 1990) and MD5 (R.L. Rivest, The MD5 Message Digest Algorithm, RFC 1321, April 1992) are designed for 32-bit machines. MD5 is considered more secure than MD4, and MD5 is also used in PEM. Answer d is incorrect since the SHAis a separate algorithm from MD2, MD4, and MD5, but is modeled after MD4. SHA produces a 160-bit message digest. NEXT QUESTION

Digital cash refers to the electronic transfer of funds from one party to another. When digital cash is referred to as anonymous or identified, it means that: A. Anonymous the identity of the bank is withheld; Identified the identity of the bank is not withheld B. Anonymous the identity of the cash holder is not known; Identified the identity of the cash holder is known C. Anonymous the identity of the cash holder is not known; Identified the identity of the merchant is known D. Anonymous the identity of merchant is withheld; Identified the identity of the merchant is not withheld

Answer : B Explanation: Anonymous implementations of digital cash do not identify the cash holder and use blind signature schemes; identified implementations use conventional digital signatures to identify the cash holder. In looking at these two approaches, anonymous schemes are analogous to cash since cash does not allow tracing of the person who made the cash payment while identified approaches are the analog of credit or debit card transactions. NEXT QUESTION

Which utility below can create a server-spoofing attack? A. DNS poisoning B. C2MYAZZ C. BO2K D. Snort

Answer : B Explanation: C2MYAZZ is a utility that enables server spoofing to implement a session highjacking or man-in-the-middle exploit. It intercepts a client LANMAN authentication logon and obtains the session's logon credentials and password combination, transparently to the user. * DNS poisoning is also known as cache poisoning. It is the process of distributing incorrect IP address information for a specific host with the intent to divert traffic from its true destination. * Snort, is a utility used for network sniffing. Network sniffing is the process of gathering traffic from a network by capturing the data as it passes and storing it to analyze later. * Back Orifice 2000 (BO2K), is an application-level Trojan Horse used to give an attacker backdoor network access. Source: Security Complete, edited by Mark Lierley (Sybex, 2001). NEXT QUESTION

Which type of cabling below is the most common type for recent Ethernet installations? A. Twinax B. Twisted Pair C. ThickNet D. ThinNet

Answer : B Explanation: Category 5 Unshielded Twisted Pair (UTP) is rated for very high data throughput (100 Mbps) at short distances (up to 100 meters), and is the standard cable type for Ethernet installations. * ThickNet, also known as 10Base5, uses traditional thick coaxial (coax) cable at data rates of up to 10 Mbps. * ThinNet, uses a thinner gauge coax, and is known as 10Base2. It has a shorter maximum segment distance than ThickNet, but is less expensive to install (also known as CheaperNet). * Twinax, is like ThinNet, but has two conductors, and was used in IBM Systems 36 and earlier AS/400 installations. Source: Communications Systems and Networks by Ray Horak (M&T Books, 2000). NEXT QUESTION

The two categories of the policy of separation of duty are: A. Dual control and aggregation control B. Dual control and functional separation C. Span of control and functional separation D. Inference control and functional separation

Answer : B Explanation: Dual control requires that two or more subjects act together simultaneously to authorize an operation. A common example is the requirement that two individuals turn their keys simultaneously in two physically separated areas to arm a weapon. Functional separation implies a sequential approval process such as requiring the approval of a manager to send a check generated by a subordinate. * Answer "Span of control and functional separation" is incorrect. Span of control refers to the number of subordinates that can be optimally managed by a superior. * Answer "Inference control and functional separation" is incorrect. Inference control is implementing protections that prevent the inference of information not authorized to a user from information that is authorized to be accessed by a user. * Answer "Dual control and aggregation control" is incorrect, but aggregation refers to the acquisition of large numbers of data items to obtain information that would not be available by analyzing a small number of the data items. NEXT QUESTION

Which of the following is NOT a key recovery method? A. A secret key or a private key is broken into a number of parts and each part is deposited with a trustee agent. The agents can then provide their parts of the key to a central authority, when presented with appropriate authorization. The key can then be reconstructed and used to decrypt messages encrypted with that key. B. A message is encrypted with a session key and the session key is, in turn, encrypted with the private key of a trustee agent. The encrypted session key is sent along with the encrypted message. The trustee, when authorized, can then decrypt the message by recovering the session key with the trustee's public key. C. A message is encrypted with a session key. The session key, in turn, is broken into parts and each part is encrypted with the public key of a different trustee agent. The encrypted parts of the session key are sent along with the encrypted message. The trustees, when authorized, can then decrypt their portion of the session key and provide their respective parts of the session key to a central agent. The central agent can then decrypt the message by reconstructing the session key from the indivi D. A message is encrypted with a session key and the session key is, in turn, encrypted with the public key of a trustee agent. The encrypted session key is sent along with the encrypted message. The trustee, when authorized, can then decrypt the message by recovering the session key with the trustee's private key.

Answer : B Explanation: Encrypting parts of the session key with the private keys of the trustee agents provides no security for the message since the message can be decrypted by recovering the key components of the session key using the public keys of the respective agents. These public keys are available to anyone. The other answers are valid means of recovering keys, since key recovery refers to permitting access to encrypted messages under predefined circumstances. Two of these answers are also called key encapsulation since the session key is encapsulated in the public keys of the trustee agents and, therefore, can be decrypted only by these trustee agents with their private keys. NEXT QUESTION

Which of the following is NOT a characteristic of a cryptographic hash function, H (m), where m denotes the message being hashed by the function H? A. H (m) is a one-way function. B. H (m) is difficult to compute for any given m. C. The output is of fixed length. D. H (m) is collision free.

Answer : B Explanation: For a cryptographic hash function, H (m) is relatively easy to compute for a given m. * Answer "H (m) is collision free" is a characteristic of a good cryptographic hash function, in that collision free means that for a given message, M, that produces H (M) = Z, it is computationally infeasible to find another message, M1, such that H (M1) = Z. * Answer "The output is of fixed length" is part of the definition of a hash function since it generates a fixed-length result that is independent of the length of the input message. This characteristic is useful for generating digital signatures since the signature can be applied to the fixed-length hash that is uniquely characteristic of the message instead of to the entire message, which is usually much longer than the hash. * Answer "H (m) is a one-way function" relates to answer "H (m) is difficult to compute for any given m" in that a one-way function is difficult or impossible to invert. This means that for a hash function H (M) = Z, it is computationally infeasible to reverse the process and find M given the hash Z and the function H. NEXT QUESTION

The model that addresses the situation wherein one group is not affected by another group using specific commands is called the: A. Information flow model B. Non-interference model C. Composition model D. Clark-Wilson model

Answer : B Explanation: In the non-interference model, security policy assertions are defined in the abstract. The process of moving from the abstract to developing conditions that can be applied to the transition functions that operate on the objects is called unwinding. * Answer "Information flow model" refers to the information flow model in which information is categorized into classes, and rules define how information can flow between the classes. The model can be defined as [O, P, S, T] where O is the set of objects, P is the flow policy, S represents the valid states, and T repre- sents the state transitions. The flow policy is usually implemented as a lattice structure. * j , p y, p , p p y y p The composition model, answer Composition model, investigates the resultant security properties when subsystems are combined. NEXT QUESTION

Which of the following is an example of least privilege? A. An operator cannot generate and verify transactions alone. B. An operator does not have more system rights than the minimum required to do the job. C. An operator does not know more about the system than the minimum required to do the job. D. The operators' duties are frequently rotated.

Answer : B Explanation: Least Privilege embodies the concept that users or operators should be granted the lowest level of system access or system rights that allows them to perform their job. * Answer "An operator does not know more about the system than the minimum required to do the job" is need-to-know * "The operators' duties are frequently rotated" is job rotation * "An operator cannot generate and verify transactions alone" is separation of duties. NEXT QUESTION

Which attack type below does NOT exploit TCP vulnerabilities? A. Sequence Number attack B. Ping of Death C. SYN attack D. land.c attack

Answer : B Explanation: The Ping of Death exploits the fragmentation vulnerability of large ICMP ECHO request packets by sending an illegal packet with more than 65K of data, creating a buffer overflow. * a TCP sequence number attack, which exploits the nonrandom predictable pattern of TCP connection sequence numbers to spoof a session. * a TCP SYN attack, is a DoS attack that exploits the TCP threeway handshake. The attacker rapidly generates randomly sourced SYN packets filling the target's connection queue before the connection can timeout. * land.c attack, is also a DoS attack that exploits TCP SYN packets. The attacker sends a packet that gives both the source and destination as the target's address, and uses the same source and destination port. Sources: Designing Network Security by Merike Kaeo (Cisco Press, 1999) and Mastering Network Security by Chris Brenton (Sybex, 1999). NEXT QUESTION

The Advanced Encryption Standard, the Rijndael cipher, can be described as: A. A recursive, sequential cipher B. An iterated block cipher C. As treaming block cipher D. A Feistel network

Answer : B Explanation: The correct answer is "An iterated block cipher". Answers A recursive, sequential cipher, A Feistel network, and As treaming block cipher are distracters; however, answer A Feistel network characterizes the Data Encryption Standard (DES) cipher. NEXT QUESTION

Elliptic curve cryptosystems: A. Cannot be used to implement digital signatures. B. Have a higher strength per bit than an RSA. C. Cannot be used to implement encryption. D. Have a lower strength per bit than an RSA.

Answer : B Explanation: The correct answer is "Have a higher strength per bit than an RSA". It is more difficult to compute Elliptic Curve discreet logarithms than conventional discreet logarithms or factoring. Smaller key sizes in the elliptic curve implementation can yield higher levels of security. Therefore, answer "Have a lower strength per bit than an RSA" is incorrect. Answers "Cannot be used to implement digital signatures" and "Cannot be used to implement encryption" are incorrect because elliptic curve cryptosystems can be used for digital signatures and encryption. NEXT QUESTION

Which of the following does the Clark-Wilson model NOT involve? A. Well-formed transactions B. Confidentiality items C. Transformational procedures D. Constrained data items

Answer : B Explanation: The correct answer is Confidentiality items. The other answers are parts of the Clark- Wilson model. NEXT QUESTION

An audit trail is an example of what type of control? A. Application control B. Detective control C. Deterrent control D. Preventative control

Answer : B Explanation: The correct answer is Detective control. An audit trail is a record of events to piece together what has happened and allow enforcement of individual accountability by creating a reconstruction of events. They can be used to assist in the proper implementation of the other controls, however. NEXT QUESTION

Which algorithm is used in the Clipper Chip? A. IDEA B. SKIPJACK C. 3 DES D. DES

Answer : B Explanation: The correct answer is SKIPJACK. The other options are other symmetric key algorithms. NEXT QUESTION

In a digitally-signed message transmission using a hash function, A. The message digest is encrypted in the public key of the sender. B. The message digest is encrypted in the private key of the sender. C. The message is encrypted in the private key of the sender. D. The message is encrypted in the public key of the sender.

Answer : B Explanation: The hash function generates a message digest. The message digest is encrypted with the private key of the sender. Thus, if the message can be opened with the sender's public key that is known to all, the message must have come from the sender. The message is not encrypted with the public key because the message is usually longer than the message digest and would take more computing resources to encrypt and decrypt. Because the message digest uniquely characterizes the message, it can be used to verify the identity of the sender. Answers "The message digest is encrypted in the public key of the sender" and "The message is encrypted in the public key of the sender" will not work because a message encrypted in the public key of the sender can only be read by using the private key of the sender. Because the sender is the only one who knows this key, no one else can read the message. Answer "The message is encrypted in the private key of the sender" is incorrect because the message is not encrypted, but the message digest is encrypted. NEXT QUESTION

The organization that establishes a collaborative partnership of computer incident response, security and law enforcement professionals who work together to handle computer security incidents and to provide both proactive and reactive security services for the A. Federal CIO Council B. FederalComputer Incident Response Center C. CERT/CC D. Center for Infrastructure Protection

Answer : B Explanation: To again quote the FedCIRC charter, FedCIRC provides assistance and guidance in incident response and provides a centralized approach to incident handling across agency boundaries. Specifically, the mission of FedCIRC is to: Provide civil agencies with technical information, tools, methods, assistance, and guidance Be proactive and provide liaison activities and analytical support Encourage the development of quality products and services through collaborative relationships with Federal civil agencies, the Department of Defense, academia, and private industry Promote the highest security profile for government information technology (IT) resources Promote incident response and handling procedural awareness with the federal government * Answer CERT Coordination Center (CERT/CC), is a unit of the Carnegie Mellon University Software Engineering Institute (SEI). SEI is a Federally funded R&D Center . CERT's mission is to alert the Internet community to vulnerabilities and attacks and to conduct research and training in the areas of computer security, including incident response. * Answer "Center for Infrastructure Protection" is a distracter and answer "Federal CIO Council", the Federal Chief Information Officers' Council, is the sponsor of FedCIRC. NEXT QUESTION

Which of the following items BEST describes the standards addressed by Title II, Administrative Simplification, of the Health Insurance Portability and Accountability Act (US Kennedy-Kassebaum Health Insurance and Portability Accountability Act -HIPAA-Public Law 104-19)? A. Transaction Standards, to include Code Sets; Security and Electronic Signatures and Privacy B. Security and Electronic Signatures and Privacy C. Transaction Standards, to include Code Sets; Unique Health Identifiers; Security and Electronic Signatures and Privacy D. Unique Health Identifiers; Security and Electronic Signatures and Privacy

Answer : C Explanation: HIPAA was designed to provide for greater access to personal health care information, enable portability of health care insurance, establish strong penalties for health care fraud, and streamline the health care claims process through administrative simplification. To accomplish the latter, Title II of the HIPAA law, Administrative Simplification, requires standardizing the formats for the electronic transmission of health care information. The transactions and code sets portion includes standards for submitting claims, enrollment information, premium payments, and others as adopted by HHS. The standard for transactions is the ANSI ASC X12N version 4010 EDI Standard. Standard code sets are required for diagnoses and inpatient services, professional services, dental services (replaces D' codes), and drugs (instead of J' codes). Also, local codes are not to be used. Unique health identifiers are required to identify health care providers, health plans, employers, and individuals. Security and electronic signatures are specified to protect health care information. Pri- vacy protections are required to ensure that there is no unauthorized disclosure of individually identifiable health care information. The other answers are incorrect since they do not include all four major standards. Additional information can be found at http:// aspe.hhs.gov/adminsimp. NEXT QUESTION

The Bell-LaPadula model addresses which one of the following items? A. Covert channels B. Definition of a secure state transition C. Information flow from high to low D. The creation and destruction of subjects and objects

Answer : C Explanation: Information flow from high to low is addressed by the * -property of the BellLaPadula model, which states that a subject cannot write data from a higher level of classification to a lower level of classification. This property is also known as the confinement property or the no write down property. * In answer "Covert channels", covert channels are not addressed by the model. The Bell- LaPadula model deals with information flow through normal channels and does not address the covert passing of information through unintended paths. The creation and destruction of subjects and objects, answer "The creation and destruction of subjects and objects", is not addressed by the model. * Answer "Definition of a secure state transition" refers to the fact that the model discusses a secure transition from one secure state to another, but it never provides a definition of a secure transition. NEXT QUESTION

Which choice below does NOT accurately describe the difference between multi-mode and single-mode fiber optic cabling? A. Multi-mode fiber propagates light waves through many paths, single-mode fiber propagates a single light ray only. B. Both types have a longer allowable maximum transmission distance than UTP Cat 5. C. Multi-mode fiber has a longer allowable maximum transmission distance than single-mode fiber. D. Single-mode fiber has a longer allowable maximum transmission distance than multi-mode fiber.

Answer : C Explanation: Multi-mode fiber has a shorter allowable maximum transmission distance than single-mode fiber (2km vs. 10km). Multi-mode transmits the light through several different paths in the cable, whereas single-mode uses one light path, making single mode perform better. However, multi-mode is less expensive to install and is used more often in short-to-medium haul networks. Category 5 unshielded twisted pair (UTP) has a maximum transmission distance of 100 meters. Sources: Catalyst 5000 Series Installation Guide (Cisco Systems, 1996) and Gigabit Ethernet by Jayant Kadambi, Ian Crayford, and Mohan Kalkunte (Prentice Hall PTR, 1998). NEXT QUESTION

Which of the following statements BEST describes the Public Key Cryptography Standards (PKCS)? A. A set of public-key cryptography standards that support only standard algorithms such as Diffie-Hellman and RSA B. A set of public-key cryptography standards that support only algorithm-independent implementations C. A set of public-key cryptography standards that support algorithms such as Diffie-Hellman and RSA as well as algorithm independent standards D. A set of public-key cryptography standards that support encryption algorithms such as Diffie-Hellman and RSA, but does not address digital signatures

Answer : C Explanation: PKCS supports algorithm-independent and algorithm-specific implementations as well as digital signatures and certificates. It was developed by a consortium including RSA Laboratories, Apple, DEC, Lotus, Sun, Microsoft and MIT. At this writing, there are 15 PKCS standards. Examples of these standards are: PKCS #1. Defines mechanisms for encrypting and signing data using the RSA public-key system PKCS #3. Defines the Diffie-Hellman key agreement protocol PKCS #10. Describes a syntax for certification requests PKCS #15. Defines a standard format for cryptographic credentials stored on cryptographic tokens NEXT QUESTION

The Clark-Wilson Integrity Model (d. Clark, d. Wilson, A Comparison of Commercial and Military Computer Security Policies, Proceedings of the 1987 IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, CA, IEEE Computer Society Press, 1987) focuses on what two concepts? A. Capability lists and domains B. Least privilege and well-formed transactions C. Separation of duty and well-formed transactions D. Well-formed transactions and denial of service

Answer : C Explanation: The Clark-Wilson Model is a model focused on the needs of the commercial world and is based on the theory that integrity is more important than confidentiality for commercial organizations. Further, the model incorporates the commercial concepts of separation of duty and wellformed transactions. The well- formed transaction of the model is implemented by the transformation procedure (TP.)ATP is defined in the model as the mechanism for transforming the set of constrained data items (CDIs) from one valid state of integrity to another valid state of integrity. The Clark-Wilson Model defines rules for separation of duty that denote the relations between a user, TPs, and the CDIs that can be operated upon by those TPs. The model talks about the access triple that is the user, the program that is permitted to operate on the data, and the data. The other answers are distracters. NEXT QUESTION

Which of the following is NOT a characteristic of the ElGamal public key cryptosystem? A. It is based on the discrete logarithm problem. B. It can be used to generate digital signatures. C. It can perform encryption, but not digital signatures. D. It can perform encryption.

Answer : C Explanation: The ElGamal public key cryptosystem can perform both encryption and digital signatures based on the discrete logarithm problem. These three characteristics are shown in the examples that follow. To generate a key pair in the ElGamal system: A. Choose a prime number, p. B. Choose two random numbers, g and x (g and x must both be less than p). C. Calculate y = g x mod p. D. The private key is x and the public key is y, g, and p. To encrypt a message, M, in the ElGamal system: A. Select a random number, j, such that j is relatively prime to p-1. Recall that two numbers are relatively prime if they have no common factors other than 1. B. Generate w = g j mod p and z = y j M mod p. C. w and z comprise the ciphertext. To decrypt the message, M, in the ElGamal system, calculate M = z/w xmod p. This can be shown by substituting the values of z and w in the equation as follows: M = y j M mod p/ g jx mod p Since y j = g xj mod p M = (g xj M / g jx ) mod p To sign a message, M, in the ElGamal system: A. Select a random number, j, such that j is relatively prime to p-1. The value of j must not be disclosed. Generate w = g j mod p. B. Solve for z in the equation M = (xw + jz) mod (p-1). The solution to this equation is beyond the scope of this coverage. Suffice to say that an algorithm exists to solve for the variable z. C. w and z comprise the signature. D. Verification of the signature is accomplished if g M mod p = y w w z mod p. NEXT QUESTION

The Common Criteria terminology for the degree of examination of the product to be tested is: A. Functionality (F) B. Target of Evaluation (TOE) C. Evaluation Assurance Level (EAL) D. Protection Profile (PP)

Answer : C Explanation: The Evaluation Assurance Levels range from EA1 (functional testing) to EA7 (detailed testing and formal design verification). The Target of Evaluation (TOE), answer a, refers to the product to be tested. Answer b, Protection Profile (PP), is an implementationindependent specification of the security requirements and protections of a product that could be built. A Security Target (ST) is a listing of the security claims for a particular IT security product. Also, the Common Criteria describes an intermediate grouping of security requirement components as a package. Functionality, answer c, refers to Part 2 of the Common Criteria that contains standard and well-understood functional security requirements for IT systems. NEXT QUESTION

Which of the following is true? A. No successful attacks have been reported against double DES. B. The work factor of single DES is the same as for triple DES. C. The work factor of double DES is the same as for single DES. D. The work factor of triple DES is the same as for double DES.

Answer : C Explanation: The Meet-in-the-Middle attack has been successfully applied to double DES, and the work factor is equivalent to that of single DES. Thus, answer "No successful attacks have been reported against double DES" is incorrect. Answer "The work factor of triple DES is the same as for double DES" is false because the work factor of triple DES is greater than that for double DES. In triple DES, three levels of encryption and/or decryption are applied to the message. The work factor of double DES is equivalent to the work factor of single DES. Answer "The work factor of single DES is the same as for triple DES" is false because the work factor of single DES is less than for triple DES. In triple DES, three levels of encryption and/or decryption are applied to the message in triple DES. NEXT QUESTION

For fault-tolerance to operate, a system must be: A. Capable of a cold start. B. Capable of terminating operations in a safe mode. C. Capable of detecting and correcting the fault. D. Capable of only detecting the fault.

Answer : C Explanation: The correct answer is "Capable of detecting and correcting the fault". The two conditions required for a faulttolerant system. Answer "Capable of only detecting the fault" is a distracter. Answer "Capable of terminating operations in a safe mode" is the definition of fail safe and answer "Capable of a cold start" refers to starting after a system shutdown. NEXT QUESTION

The Secure Hash Algorithm (SHA) is specified in the: A. Data Encryption Standard. B. Advanced Encryption Standard. C. Digital Signature Standard. g g D. Digital Encryption Standard.

Answer : C Explanation: The correct answer is "Digital Signature Standard". *Answer "Data Encryption Standard" refers to DES, a symmetric encryption algorithm. * answer "Digital Encryption Standa" is a distracter there is no such term; * answer "Advanced Encryption Standard" is the Advanced Encryption Standard, which has replaced DES and is now the Rijndael algorithm. NEXT QUESTION

Elliptic curves, which are applied to public key cryptography, employ modular exponentiation that characterizes the: A. Knapsack problem. B. Elliptic curve modular addition. C. Elliptic curve discrete logarithm problem. D. Prime factors of very large numbers.

Answer : C Explanation: The correct answer is "Elliptic curve discrete logarithm problem". Modular exponentiation in elliptic curves is the analog of the modular discreet logarithm problem. * Answer "Prime factors of very large numbers" is incorrect because prime factors are involved with RSA public key systems; answer c is incorrect because modular addition in elliptic curves is the analog of modular multiplication; and answer "Knapsack problem" is incorrect because the knapsack problem is not an elliptic curve problem. NEXT QUESTION

In public key cryptography, A. The public key is used to encrypt and decrypt. B. Only the private key can encrypt and only the public key can decrypt. C. If the public key encrypts, then only the private key can decrypt. D. Only the public key can encrypt and only the private key can decrypt.

Answer : C Explanation: The correct answer is "If the public key encrypts, then only the private key can decrypt". Answers "Only the private key can encrypt and only the public p p y yp , y p y yp y p y yp y p key can decrypt" and "Only the public key can encrypt and only the private key can decrypt" are incorrect because if one key encrypts, the other can decrypt. Answer "The public key is used to encrypt and decrypt"is incorrect because if the public key encrypts, it cannot decrypt. NEXT QUESTION

The Secure Hash Algorithm (SHA-1) of the Secure Hash Standard (NIST FIPS PUB 180) processes data in block lengths of: A. 128 bits. B. 256 bits. C. 512 bits. D. 1024 bits.

Answer : C Explanation: The correct answer is 512 bits. If a block length is fewer than 512 bits, padding bits are added to make the block length equal to 512 bits. The other answers are distracters. NEXT QUESTION

What information security model formalizes the US Department of Defense multi-level security policy? A. Stark-Wilson B. Clark-Wilson C. Bell-LaPadula D. Biba

Answer : C Explanation: The correct answer is Bell-LaPadula. The Bell-LaPadula model addresses the confidentiality of classified material. Answers . Clark-Wilson and Biba are integrity models, and answer Stark-Wils is a distracter. NEXT QUESTION

h b d h f h d f h The boundary separating the TCB from the remainder of the system is called the: A. Star property. B. Discretionary control boundary. C. Security perimeter. D. Simple security property.

Answer : C Explanation: The correct answer is Security perimeter. Answers Star property and Simple security property deal with security models and answer Discretionary control boundary is a distracter. NEXT QUESTION

What does Secure Sockets Layer (SSL)/Transaction Security Layer (TSL) do? A. Implements confidentiality, authentication, and integrity below the Transport Layer B. Implements only confidentiality below the Transport Layer C. Implements confidentiality, authentication, and integrity above the TransportLayer D. Implements only confidentiality above the Transport Layer

Answer : C Explanation: The correct answer is a by definition. Answer "Implements confidentiality, authentication, and integrity below the Transport Layer" is incorrect because SSL/TLS operates above the Transport Layer. Answer "Implements only confidentiality above the Transport Layer" is incorrect because authentication and integrity are provided also. Answer "Implements only confidentiality below the Transport Layer" is incorrect because it cites only confidentiality and SSL/TLS operates above the Transport Layer. NEXT QUESTION

In order to recognize the practical aspects of multilevel security in which, for example, an unclassified paragraph in a Secret document has to be moved to an Unclassified document, the Bell-LaPadula model introduces the concept of a: A. Data flow B. Simple security property C. Trusted subject D. Secure exchange

Answer : C Explanation: The model permits a trusted subject to violate the *-property but to comply with the intent of the *-property. Thus, a person who is a trusted subject could move unclassified data from a classified document to an unclassified document without violating the intent of the *-property. Another example would be for a trusted subject to downgrade the classification of material when it has been determined that the downgrade would not harm national or organizational security and would not violate the intent of the *-property. The simple security property (ss-property), answer "Simple security property", states that a subject cleared for one classification cannot read data from a higher classification. This property is also known as the no read up property. Answers Secure exchange and Data flow are distracters. NEXT QUESTION

The Wired Equivalency Privacy algorithm (WEP) of the 802.11 Wireless LAN Standard uses which of the following to protect the confidentiality of information being transmitted on the LAN? A. A digital signature that is sent between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point B. A public/private key pair that is shared between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point C. A secret key that is shared between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point D. Frequency shift keying (FSK) of the message that is sent between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point

Answer : C Explanation: The transmitted packets are encrypted with a secret key and an Integrity Check (IC) field comprised of a CRC-32 check sum that is attached to the message. WEP uses the RC4 variable key-size stream cipher encryption algorithm. RC4 was developed in 1987 by Ron Rivest and operates in output feedback mode. Researchers at the University of California at Berkely ([email protected]) have found that the security of the WEP algorithm can be compromised, particularly with the following attacks: Passive attacks to decrypt traffic based on statistical analysis Active attack to inject new traffic from unauthorized mobile stations, based on known plaintext Active attacks to decrypt traffic, based on tricking the access point Dictionary-building attack that, after analysis of about a day's worth of traffic, allows real-time automated decryption of all traffic The Berkeley researchers have found that these attacks are effective against both the 40-bit and the so-called 128-bit versions of WEP using inexpensive off-the-shelf equipment. These attacks can also be used against networks that use the 802.11b Standard, which is the extension to 802.11 to support higher data rates, but does not change the WEP algorithm. The weaknesses in WEP and 802.11 are being addressed by the IEEE 802.11i Working Group. WEP will be upgraded to WEP2 with the following proposed changes: Modifying the method of creating the initialization vector (IV) Modifying the method of creating the encryption key Protection against replays Protection against IV collision attacks Protection against forged packets In the longer term, it is expected that the Advanced Encryption Standard (AES) will replace the RC4 encryption algorithm currently used in WEP. NEXT QUESTION

What is the simple security property of which one of the following models is described as: A user has access to a client company's information, c, if and only if for all other information, o, that the user can read, either x(c) z (o) or x(c) , , , ( ) ( ) ( ) = x (o), where x(c) is the client's company and z (o) is the competitors of x(c). A. Bell-LaPadula B. Lattice C. Chinese wall D. Biba

Answer : C Explanation: This model, (D.c. Brewer and M.j. Nash, Chinese Wall Model, Proceedings of the 1989 IEEE Computer Society Symposium on Security and Privacy, 1989), defines rules that prevent conflicts of interest in organizations that may have access to information from companies that are competitors of each other. Essentially, the model states that a user working on one account cannot work on a competitor's account for a designated period of time. Answer the Biba model is an integrity model that is an analog of the Bell-LaPadula confidentiality model of answer Bell-LaPadula. Answer the lattice refers to the general information flow model where security levels are represented by a lattice structure. The model defines a transitive ordering relation, , on security classes. Thus, for security classes X, Y, and Z, the ordering relation X Y Z describes the situation where Z is the highest security class and X is the lowest security class, and there is an ordering among the three classes. NEXT QUESTION

Which of the following are the three types of NIACAP accreditation? A. Site, type, and general B. Type, system, and location C. Site, type, and system D. Site, type, and location

Answer : C NEXT QUESTION

Superscalar computer architecture is characterized by a: A. Computer using instructions that are simpler and require less clock cycles to execute. B. Computer using instructions that perform many operations per instruction. C. Processor that executes one instruction at a time. D. Processor that enables concurrent execution of multiple instructions in the same pipeline stage.

Answer : D Explanation: * Answer "Computer using instructions that perform many operations per instruction" is the definition of a complex instruction set computer. * Answer "Computer using instructions that are simpler and require less clock cycles to execute" is the definition of a reduced instruction set computer. * Answer "Processor that executes one instruction at a time" is the definition of a scalar processor. NEXT QUESTION

What is one of the most common drawbacks to using a dual-homed host firewall? A. The examination of the packet at the Network layer introduces latency. B. The examination of the packet at the Application layer introduces latency. C. The ACLs must be manually maintained on the host. D. Internal routing may accidentally become enabled.

Answer : D Explanation: A dual-homed host uses two NICs to attach to two separate networks, commonly a trusted network and an untrusted network. It's important that the internal routing function of the host be disabled to create an application-layer chokepoint and filter packets. Many systems come with routing enabled by default, such as IP forwarding, which makes the firewall useless. The other answers are distracters. Source: Hacker Proof by Lars Klander (Jamsa Press, 1997). NEXT QUESTION

The British Standard 7799/ISO Standard 17799 discusses cryptographic policies. It states, An organization should develop a policy on its use of cryptographic controls for protection of its information . . . . When developing a policy, the following should be considered: (Which of the following items would most likely NOT be listed?) A. The approach to key management, including methods to deal with the recovery of encrypted information in the case of lost, compromised or damaged keys B. Roles and responsibilities C. The management approach toward the use of cryptographic controls across the organization D. The encryption schemes to be used

Answer : D Explanation: A policy is a general statement of management's intent, and therefore, a policy would not specify the encryption scheme to be used. The other answers are appropriate for a cryptographic policy. The general standards document is BSI ISO/IEC 17799:2000,BS 7799- I: 2000, Information technology-Code of practice for information security management, British Standards Institution, London , UK . The standard is intended to provide a comprehensive set of controls comprising best practices in information security. ISO refers to the International Organization for Standardization and IEC is the International Electrotechnical Commission. These two entities form the system for worldwide standardization. The main chapter headings of the standard are: Security Policy Organizational Security Asset Classification and Control Personnel Security Physical and Environmental Security Communications and Operations Management Access Control Systems Development and Maintenance Business Continuity Management Compliance NEXT QUESTION

As an analog of confidentiality labels, integrity labels in the Biba model are assigned according to which of the following rules? A. Objects are assigned integrity labels according to their trustworthiness; subjects are assigned classes according to the harm that would be done if the data were modified improperly. B. Objects are assigned integrity labels identical to the corresponding confidentiality labels. C. Integrity labels are assigned according to the harm that would occur from unauthorized disclosure of the information. D. Subjects are assigned classes according to their trustworthiness; objects are assigned integrity labels according to the harm that would be done if the data were modified improperly.

Answer : D Explanation: As subjects in the world of confidentiality are assigned clearances related to their trustworthiness, subjects in the Biba model are assigned to integrity classes that are indicative of their trustworthiness. Also, in the context of confidentiality, objects are assigned classifications related to the amount of harm that would be caused by unauthorized disclosure of the object. Similarly, in the integrity model, objects are assigned to classes related to the amount of harm that would be caused by the improper modification of the object. Answer a is incorrect since integrity properties and confidentiality properties are opposites. For example, in the Bell- LaPadula model, there is no prohibition against a subject at one classification reading information from a lower level of confidentiality. However, when maintenance of the integrity of data is the objective, reading of information from a lower level of integrity by a subject at a higher level of integrity risks contaminating data at the higher level of integrity. Thus, the simple and * -properties in the Biba model are complements of the corresponding properties in the Bell-LaPadula model. Recall that the Simple Integrity Property states that a subject at one level of integrity is not permitted to observe (read) an object of a lower integrity (no read down). Also, the *- Integrity Property states that an object at one level of integrity is not permitted to modify (write to) an object of a higher level of integrity (no write up). * Answer "Objects are assigned integrity labels according to their trustworthiness; subjects are assigned classes according to the harm that would be done if the data were modified improperly" is incorrect since the words object and subject are interchanged. * In answer "Integrity labels are assigned according to the harm that would occur from unauthorized disclosure of the information", unauthorized disclosure refers to confidentiality and not to integrity. NEXT QUESTION

There are two fundamental security protocols in IPSEc. These are the Authentication Header (AH) and the Encapsulating Security Payload (ESP). Which of the following correctly describes the functions of each? A. ESP-data encrypting and source authenticating protocol that also validates the integrity of the transmitted data; AH-source authenticating protocol B. ESP-data encrypting and source authenticating protocol; AH-source authenticating protocol that also validates the integrity of the transmitted data C. ESP-data encrypting protocol that also validates the integrity of the transmitted data; AH-source authenticating protocol that also validates the integrity of the transmitted data D. ESP-data encrypting and source authenticating protocol that also validates the integrity of the transmitted data; AH-source authenticating protocol that also validates the integrity of the transmitted data

Answer : D Explanation: ESP does have a source authentication and integrity capability through the use of a hash algorithm and a secret key. It provides confidentiality by means of secret key cryptography. DES and triple DES secret key block ciphers are supported by IPSEC and other algorithms will also be supported in the future. AH uses a hash algorithm in the packet header to authenticate the sender and validate the integrity of the transmitted data. NEXT QUESTION

Ablock cipher: A. Converts a variable-length of plaintext into a fixed length ciphertext. B. Is an asymmetric key algorithm. C. Encrypts by operating on a continuous data stream. D. Breaks a message into fixed length units for encryption.

Answer : D Explanation: The correct answer is "Breaks a message into fixed length units for encryption". Answer "Encrypts by operating on a continuous data stream" describes a stream cipher. Answer "Is an asymmetric key algorithm" is incorrect because a block cipher applies to symmetric key algorithms; and answer "Converts a variable- length of plaintext into a fixed length ciphertext" describes a hashing operation. NEXT QUESTION

Configuration management control best refers to: A. The use of privileged-entity controls for system administrator functions. p g y y B. Implementing resource protection schemes for hardware control. C. The concept of least control in operations. D. Ensuring that changes to the system do not unintentionally diminish security.

Answer : D Explanation: The correct answer is "Ensuring that changes to the system do not unintentionally diminish security". Configuration Management Control (and Change Control) are processes to ensure that any changes to the system are managed properly and do not inordinately affect either the availability or security of the system. NEXT QUESTION

Which of the following characteristics does a one-time pad have if used properly? A. The key has to be of greater length than the message to be encrypted. B. The key does not have to be random. C. It can be used more than once. D. It is unbreakable.

Answer : D Explanation: The correct answer is "It is unbreakable". If the one-time-pad is used only once and its corresponding key is truly random and does not have repeating characters, it is unbreakable. Answer "It can be used more than once" is incorrect because if used properly, the one-time-pad should be used only once. Answer "The key does not have to be random" is incorrect because the key should be random. Answer "The key has to be of greater length than the message to be encrypted" is incorrect because the key has to be of the same length as the message. NEXT QUESTION

The Clark-Wilson model focuses on data's: A. Availability. B. Confidentiality. C. Format. D. Integrity.

Answer : D Explanation: The correct answer is Integrity. The Clark-Wilson model is an integrity model. NEXT QUESTION

Which one of the following is NOT a typical bus designation in a digital computer? A. Control B. Address C. Data D. Secondary

Answer : D Explanation: The correct answer is Secondary, a distracter. NEXT QUESTION

What is the block length of the Rijndael Cipher? A. 64 bits B. 128 bits C. 256 bits D. Variable

Answer : D Explanation: The correct answer is Variable. The other answers with fixed numbers are incorrect. NEXT QUESTION

The termination of selected, non-critical processing when a hardware or software failure occurs and is detected is referred to as: A. Fault tolerant. B. Fail safe. C. An exception. D. Fail soft.

Answer : D NEXT QUESTION

What is a computer bus? A. A group of conductors for the addressing of data and control B. A message in object-oriented programming C. A message sent around a Token Ring network D. Secondary storage

Answer : A Explanation: * Answer "A message sent around a Token Ring network" is a token. * Answer Secondary stora refers to disk storage. * Answer "A message in object- oriented programming" is a distracter. NEXT QUESTION

In a refinement of the BellLaPadula model, the strong tranquility property states that: A. Objects never change their security level. B. Objects can change their security level in an unconstrained fashion. C. Objects never change their security level in a way that would violate the system security policy. D. Subjects can read up.

Answer : A Explanation: Answer "Objects never change their security level in a way that would violate the system security policy" is known as the weak tranquility property. The two other answers are distracters. NEXT QUESTION

The Wireless Transport Layer Security (WTLS) Protocol in the Wireless Application Protocol (WAP) stack is based on which Internet Security Protocol? A. TLS B. SET C. S-HTTP D. IPSEC

Answer : A Explanation: TLS is discussed in the answer to question 5. WTLS has to incorporate functionality that is provided for in TLS by TCP in the TCP/IP Protocol suite in that WTLS can operate over UDP. WTLS supports data privacy, authentication and integrity. Because WTLS has to incorporate a large number of handshakes when security is implemented, significant delays may occur. During a WTLS handshake session, WTLS can set up the following security classes: Class 1. No certificates Class 2. The client does not have a certificate; the server has a certificate Class 3. The client and server have certificates NEXT QUESTION

The technique of confusion, proposed by Claude Shannon, is used in block ciphers to: A. Conceal the statistical connection between ciphertext and plaintext. B. Implement transposition to obtain the ciphertext. C. Spread the influence of a plaintext character over many ciphertext characters. D. Limit the influence of a plaintext character across ciphertext characters.

Answer : A NEXT QUESTION

The vulnerability associated with the requirement to change security protocols at a carriers' Wireless Application Protocol (WAP) gateway from the Wireless Transport Layer Security Protocol (WTLS) to SSL or TLS over the wired network is called: A. Wired Equivalency Privacy (WEP) Gap. B. Wireless Application Protocol (WAP) Gap. C. Wireless Transaction Protocol (WTP) Gap. D. Wireless Transport Layer Security Protocol (WTLS) Gap.

Answer : B Explanation: The correct answer is the WAP Gap. The other answers are distracters. NEXT QUESTION

The * (star) property of the Biba model states that: A. Subjects cannot read from a higher level of integrity relative to their level of integrity. B. Subjects cannot write to a higher level of integrity relative to their level of integrity. C. Subjects cannot read from a lower level of integrity relative to their level of integrity. D. Subjects cannot write to a lower level of integrity relative to their level of integrity.

Answer : B NEXT QUESTION

The DES key is: A. 128 bits. B. 56 bits. C. 512 bits. D. 64 bits.

Answer : B NEXT QUESTION

What is the key length of the Rijndael Block Cipher? A. 56 or 64 bits B. 128, 192, or 256 bits C. 512 or 1024 bits D. 512 bits

Answer : B NEXT QUESTION

Which standard below does NOT specify fiber optic cabling as its physical media? A. 1000BaseSX B. 100BaseFX C. 1000BaseCX D. 1000BaseLX

Answer : C Explanation: 1000BaseCX refers to 1000Mbps baseband copper cable, using two pairs of 150 ohm balanced cable for CSMA/CD LANs. * 100BaseFX, specifies a 100 Mbps baseband fiber optic CSMA/CD LAN. Answer c, 1000BaseLX, specifies a 1000Mbps CSMA/CD LAN over long wavelength fiber optics. * 1000BaseSX, specifies a 1000Mbps CSMA/CD LAN over short wavelength fiber optics. NEXT QUESTION

What are MD4 and MD5? A. Symmetric encryption algorithms B. Digital certificates C. Hashing algorithms D. Asymmetric encryption algorithms

Answer : C Explanation: The correct answer is "Hashing algorithms". Answers "Symmetric encryption algorithms" and "Asymmetric encryption algorithms" are incorrect because they are general types of encryption systems, and answer "Digital certificates" is incorrect because hashing algorithms are not digital certificates. NEXT QUESTION

Which of the following is a problem with symmetric key encryption? W c o t e o ow g s a p ob e w t sy et c ey e c ypt o ? A. Work factor is not a function of the key size. B. Most algorithms are kept proprietary. C. Secure distribution of the secret key. D. It is slower than asymmetric key encryption.

Answer : C Explanation: The correct answer is "Secure distribution of the secret key". Answer "It is slower than asymmetric key encryption" is incorrect because the opposite is true; answer "Most algorithms are kept proprietary" is incorrect because most symmetric key algorithms are published; and answer "Work factor is not a function of the key size" is incorrect because work factor is a function of key size. The larger the key is, the larger the work factor. NEXT QUESTION

In a block cipher, diffusion: A. Conceals the connection between the ciphertext and plaintext B. Is usually implemented by non-linear S-boxes C. Spreads the influence of a plaintext character over many ciphertext characters D. Cannot be accomplished

Answer : C NEXT QUESTION

Which of the following terms is NOT associated with a Read Only Memory (ROM)? A. Field Programmable Gate Array (FPGA) B. Flash memory C. Firmware D. Static RAM (SRAM)

Answer : D Explanation: Static Random Access Memory (SRAM) is volatile and, therefore, loses its data if power is removed from the system. Conversely, a ROM is nonvolatile in that it does not lose its content when power is removed. * Flash memories are a type of electrically programmable ROM. * Answer FPGA is a type of Programmable Logic Device (PLD) that is programmed by blowing fuse connections on the chip or using an antifuse that makes a connection when a high voltage is applied to the junction. * For answer firmware is a program that is stored on ROMs. NEXT QUESTION

What type of firewall architecture employs two network cards and a single screening router? A. A dual-homed host firewall B. An application-level proxy server C. A screened-subnet firewall D. A screened-host firewall

Answer : D Explanation: Like a dual-homed host, a screened-host firewall uses two network cards to connect to the trusted and untrusted networks, but adds a screening router between the host and the untrusted network. * dual-homed host has two NICs but not necessarily a screening router. * screened-subnet firewall uses two NICs also, but has two screening routers with the host Exhibit: image002 acting as a proxy server on its own network segment. One screening router controls tra c local to the network while the second monitors and controls incoming and outgoing Internet tra c, * application-level proxy, is unrelated to this question. Source: Hacker Proof by Lars Klander (Jamsa Press, 1997). Question ( Topic 11) NEXT 1821 QUESTION Theoretically, quantum computing offers the possibility of factoring the products of large prime numbers and calculating discreet logarithms in polynomial time. These calculations can be accomplished in such a compressed time frame because: A. A quantum computer takes advantage of quantum tunneling in molecular scale transistors. This mode permits ultra high-speed switching to take place, thus, exponentially increasing the speed of computations. B. Information can be transformed into quantum light waves that travel through fiber optic channels. Computations can be performed on the associated data by passing the light waves through various types of optical filters and solid-state materials with varying indices of refraction, thus drastically increasing the throughput over conventional computations. C. A quantum computer exploits the time-space relationship that changes as particles approach the speed of light. At that interface, the resistance of conducting materials effectively is zero and exponential speed computations are possible. D. A quantum bit in a quantum computer is actually a linear superposition of both the one and zero states and, therefore, can theoretically represent both values in parallel. This phenomenon allows computation that usually takes exponential time to be accomplished in polynomial time since different values of the binary pattern of the solution can be calculated simultaneously. }{ Answer : D Explanation: In digital computers, a bit is in either a one or zero state. In a quantum computer, through linear superposition, a quantum bit can be in both states, essentially simultaneously. Thus, computations consisting of trail evaluations of binary patterns can take place simultaneously in exponential time. The probability of obtaining a correct result is increased through a phenomenon called constructive interference of light while the probability of obtaining an incorrect result is decreased through destructive interference. Answer a describes optical computing that is effective in applying Fourier and other transformations to data to perform high-speed computations. Light representing large volumes of data passing through properly shaped physical objects can be subjected to mathematical transformations and recombined to provide the appropriate results. However, this mode of computation is not defined as quantum computing. Answers c and d are diversionary answers that do not describe quantum computing. NEXT QUESTION

Which one the following is NOT one of the three major parts of the Common Criteria (CC)? A. Introduction and General Model B. Security Assurance Requirements C. Security Functional Requirements D. Security Evaluation Requirements

Answer : D Explanation: The correct answer is "Security Evaluation Requirements", a distracter. * Answer "Introduction and General Model" is Part 1 of the Cc. It defines general concepts and principles of information security and defines the contents of the Protection Profile (PP), Security Target (ST), and the Package. * The Security Functional Requirements are Part 2 of the CC, which contains a catalog of well-defined standard means of expressing security requirements of IT products and systems. * Answer "Security Assurance Requirements" is Part 3 of the CC and comprises a catalog of a set of standard assurance components. NEXT QUESTION

The term failover refers to: A. A fail-soft system. B. Terminating processing in a controlled fashion. C. Resiliency. D. Switching to a duplicate, hot backup component.

Answer : D Explanation: The correct answer is "Switching to a duplicate, hot backup component". Failover means switching to a hot backup system that maintains duplicate states p g p , p p g p y p with the primary system. Answer "Terminating processing in a controlled fashion" refers to fail safe, and answers Resiliency and A fail-soft system refer to fail soft. NEXT QUESTION

Content-dependent control makes access decisions based on: A. The object's environment. B. The object's view. C. The object's owner. D. The object's data.

Answer : D Explanation: The correct answer is "The object's data". Answer "The object's environment" is context- dependent control. Answers The object's owner and The object's view are distracters. Question ( Topic 11) NEXT 1825 QUESTION In Part 3 of the Common Criteria, Security Assurance Requirements, seven predefined Packages of assurance components that make up the CC scale for rating confidence in the security of IT products and systems are called: A. Protection Assurance Levels (PALs). B. Security Target Assurance Levels (STALs). C. Assurance Levels (ALs). D. Evaluation Assurance Levels (EALs). }{ Answer : D Explanation: The correct answer is "Evaluation Assurance Levels (EALs)". The other answers are distracters. NEXT QUESTION


Ensembles d'études connexes

CompTIA Network + 1.2 (Network Topologies and types)

View Set

Organic Fruits and Vegetable Production

View Set

Targeted Medical-Surgical: Endocrine

View Set

peds - Chapter 15, 16, 17, 19 perception, sexuality, relationships, coping, values, stress,

View Set

Reasoning & Analysis Course Pre-Test

View Set

Chapter 2 Managing Public Issues and Stakeholder Relationships

View Set

Chapter 3: Taxes in Your Financial Plan

View Set