CISSP Cram Test Questions: Domain 7 - Security Engineering
The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?
64 bit blocks with a 64 bit total key length
What key size is used by the Clipper Chip?
80 bits
PGP uses which of the following to encrypt data?
A symmetric encryption algorithm
Readable is to unreadable just as plain text is to _____?
Cipher Text
The Diffie-Hellman algorithm is used for:
Key agreement
What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?
Key clustering
Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?
The use of session keys.
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?
message integrity.
What is the key size of the International Data Encryption Algorithm (IDEA)?
128 bits
What is the length of an MD5 message digest?
128 bits
What size is an MD5 message digest (hash)?
128 bits
How many rounds are used by DES?
16
The Data Encryption Algorithm performs how many rounds of substitution and permutation?
16
What is the maximum key size for the RC5 algorithm?
2040 bits
What is the maximum allowable key size of the Rijndael encryption algorithm?
256 bits
What is the maximum number of different keys that can be used when encrypting with Triple DES?
3
How many bits is the effective length of the key of the Data Encryption Standard algorithm?
56
What is the effective key size of DES?
56 bits
What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity?
A digital signature
What is a characteristic of using the Electronic Code Book mode of DES encryption?
A given block of plaintext and a given key will always produce the same ciphertext.
Which of the following can best be defined as a cryptanalysis techniQue in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs?
A known-plaintext attack
What is the RESULT of a hash algorithm being applied to a message?
A message digest
Which of the following binds a subject name to a public key value?
A public key infrastructure
Which of the following statements pertaining to stream ciphers is correct?
A stream cipher generates what is called a keystream.
which of the following example is NOT an asymmetric key algorithms?
Advanced Encryption Standard(AES)
What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?
An attribute certificate
The RSA algorithm is an example of what type of cryptography?
Asymmetric Key.
Which of the following protocols that provide integrity and authentication for IPSec, can also provide nonrepudiation in IPSec?
Authentication Header (AH)
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire?
Authority revocation list
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?
Birthday attack
Which of the following was not designed to be a proprietary encryption algorithm?
Blowfish
Which of the following concerning the Rijndael block cipher algorithm is false?
Both block size and key length can be extended to multiples of 64 bits.
Which of the following is NOT true of Secure Sockets Layer (SSL)?
By convention it uses 's-http://' instead of 'http://'.
Which is NOT a suitable method for distributing certificate revocation information?
CA revocation mailing list
What is NOT an authentication method within IKE and IPsec?
CHAP
In a PKI infrastructure where are list of revoked certificates stored?
CRL
Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on?
Caesar
Who vouches for the binding between the data items in a digital certificate?
Certification authority
This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I?
Chosen-Ciphertext attack
In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process?
Ciphertext-only attack
Complete the following sentence. A message can be encrypted, which provides __________
Confidentiality
There are basic goals of Cryptography. Which of the following most benefits from the process of encryption?
Confidentiality
Which of the following is best provided by symmetric cryptography?
Confidentiality
A message can be encrypted and digitally signed, which provides _______________
Confidentiality, Authentication, Non-repudiation, and Integrity.
What is the primary role of cross certification?
Creating trust between different PKIs
What enables users to validate each other's certificate when they are certified under different certification hierarchies?
Cross-certification
Which of the following does NOT concern itself with key management?
Cryptology (CRYPTO)
Which of the following is the most secure form of triple-DES encryption?
DES-EDE3
Which of the following is NOT a true statement regarding the implementaton of the 3DES modes?
DES-EEE1 uses one key
Which of the following is NOT an asymmetric key algorithm?
Data Encryption System (DES)
A code, as is pertains to cryptography:
Deals with linguistic units.
Cryptography does NOT help in:
Detecting fraudulent disclosure.
Which one of the following is a key agreement protocol used to enable two entities to agree and generate a session key (secret key used for one session) over an insecure medium without any prior secrets or communications between the entities? The negotiated key will subsequently be used for message encryption using Symmetric Cryptography.
Diffie_Hellmann
Which of the following is NOT a symmetric key algorithm?
Digital Signature Standard (DSS)
What is used to bind a document to its creation at a particular time?
Digital Timestamp
Which of the following can be best defined as computing techniQues for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?
Digital watermarking
What attribute is included in a X.509-certificate?
Distinguished name of the subject
Which encryption algorithm is BEST suited for communication with handheld wireless devices?
ECC (Elliptic Curve Cryptosystem)
In which mode of DES, a block of plaintext and a key will always give the same ciphertext?
Electronic Code Book (ECB)
Which of the following modes of DES is MOST Likely used for Database Encryption
Electronic Code Book(ECB)
Which of the following is true about digital certificate?
Electronic credential proving that the person the certificate was issued to is who they claim to be
Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?
Elliptic Curve Cryptography (ECC)
Which of the following is true about link encryption?
Encrypted messages are only decrypted by the final node.
Which of the following services is NOT provided by the digital signature standard (DSS)?
Encryption
Which of the following would best describe a Concealment cipher?
Every X number of words within a text, is a part of the real message.
What is this cryptographic operation called?
Exclusive-OR
FIPS-140 is a standard for the security of which of the following?
Hardware and software cryptographic modules
You've decided to authenticate the source who initiated a particular transfer while ensuring integrity of the data being transferred. You can do this by:
Having the sender encrypt the hash with his private key.
What kind of Encryption technology does SSL utilize?
Hybrid (both Symmetric and Asymmetric)
Which of the following algorithms is used today for encryption in PGP?
IDEA
Which of the following protocols offers native encryption?
IPSEC, SSH, SSL, TLS
Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?
IPsec and L2TP
Which of the following statements pertaining to link encryption is false?
Information stays encrypted from one end of its journey to the other.
Which of the following is not a DES mode of operation?
Input feedback
A one-way hash provides which of the following?
Integrity
What are the three most important functions that Digital Signatures perform?
Integrity, Authentication and Nonrepudiation
What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)?
Internet Key Exchange (IKE)
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?
Internet Key Exchange (IKE)
Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations?
Internet Key exchange (IKE)
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation techniQue, key establishment protocol, encryption algorithm, or authentication mechanism?
Internet Security Association and Key Management Protocol (ISAKMP)
Which of the following is NOT a property of a one-way hash function?
It converts a message of a fixed length into a message digest of arbitrary length.
Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)?
It is believed to require shorter keys for equivalent security.
Which of the following is not a property of the Rijndael block cipher algorithm?
It operates on 64-bit plaintext blocks and uses a 128 bit key.
The primary purpose for using one-way hashing of user passwords within a password file is which of the following?
It prevents an unauthorized person from reading the password.
What is NOT true about a one-way hashing function?
It provides authentication of the message
Which of the following statements is true about data encryption as a method of protecting data?
It requires careful key management
What is the main problem of the renewal of a root CA certificate?
It requires the authentic distribution of the new root CA certificate to all PKI participants
The Diffie-Hellman algorithm is primarily used to provide which of the following?
Key Agreement
The Clipper Chip utilizes which concept in public key cryptography?
Key Escrow
Which of the following can best be defined as a key recovery techniQue for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that that only certain third parties can perform the decryption operation to retrieve the stored key?
Key encapsulation
Which of the following is less likely to be used today in creating a Virtual Private Network?
L2F
What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database?
Level 2/Class 2
What algorithm was DES derived from?
Lucifer.
Which key agreement scheme uses implicit signatures ?
MQV
Which of the following is NOT a property of the Rijndael block cipher algorithm?
Maximum key size is 512 bits
Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission?
Message Authentication Code (MAC)
Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender?
Message Authentication Code - MAC
The eQuation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to communicate securely with each other is given by which of the following?
N(N 1)/ 2
What is NOT true with pre shared key authentication within IKE / IPsec protocol?
Needs a Public Key Infrastructure (PKI) to work
What does the directive of the European Union on Electronic Signatures deal with?
Non repudiation
You find that a threat was sent from one user to the other in a digitally signed email. The sender of the threat says he didn't send the email in Question. What concept of PKI - Public Key Infrastructure will implicate the sender?
Non-repudiation
Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:
Not possible
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?
OAKLEY
Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part?
One Time Pad (OTP)
What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition?
One-time pad
Which of the following encryption methods is known to be unbreakable?
One-time pads.
What is the name of a one way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string? Such a transformation cannot be reversed?
One-way hash
Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA?
PKCS#1
Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect?
PPTP is derived from L2TP.
While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the most?
Packet Header Source or Destination address
In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?
Phase 1
Which of the following statements pertaining to block ciphers is incorrect?
Plain text is encrypted with a public key and decrypted with a private key.
Which of the following is best at defeating frequency analysis?
Polyalphabetic cipher
Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key.
Private / Public
What type of key would you find within a browser's list of trusted root CA?
Public key
What kind of encryption is realized in the S/MIME-standard?
Public key based, hybrid encryption scheme
What kind of certificate is used to validate a user identity?
Public key certificate
Which of the following algorithms does NOT provide hashing?
RC4
Which of the following algorithms is a stream cipher?
RC4
Which of the following is not a one-way hashing algorithm?
RC4
Which of the following is not an example of a block cipher?
RC4
Which of the following is a symmetric encryption algorithm?
RC5
What is the name for a substitution cipher that shifts the alphabet by 13 places?
ROT13 cipher
A public key algorithm that does both encryption and digital signature is which of the following?
RSA
Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING LARGE NUMBERS?
RSA
Which of the following encryption algorithms does not deal with discrete logarithms?
RSA
Which of the following service is not provided by a public key infrastructure (PKI)?
Reliability
What algorithm has been selected as the AES algorithm, replacing the DES algorithm?
Rijndael
Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard?
Rijndael
Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?
SET (Secure Electronic Transaction)
which of the following is a Hashing Algorithm?
SHA
Which of the following is not an encryption algorithm?
SHA-1
Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network?
SSH
Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic?
SSL or TLS
The DES algorithm is an example of what type of cryptography?
Secret Key
Kerberos depends upon what encryption method?
Secret Key cryptography.
Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet?
Secure Electronic Transaction (SET)
Which of the following keys has the SHORTEST lifespan?
Session key
Which of the following is NOT a known type of Message Authentication Code (MAC)?
Signature-based MAC (SMAC)
Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then reQuires no prior communication in order to establish or exchange keys on a session-by-session basis?
Simple Key-management for Internet Protocols (SKIP)
Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric Ciphers?
Speed
What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It is sometimes referred to as "what each must bring" and joined together when getting access or decrypting a file. Each of which does not reveal the other?
Split knowledge
What can be defined as secret communications where the very existence of the message is hidden?
Steganography
Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity?
Steganography
Which of the following is more suitable for a hardware implementation?
Stream ciphers
Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other?
Symmetric Key Cryptography
Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys, passwords or certificates in a component located on the motherboard of a computer?
TPM - Trusted Platform Module
What is the primary role of smartcards in a PKI?
Tamper resistant, mobile storage and application of private keys of the users
What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)?
The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.
Which of the following statements pertaining to Secure Sockets Layer (SSL) is false?
The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates.
In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?
The client's browser
Which of the following statements pertaining to message digests is incorrect?
The message digest should be calculated using at least 128 bytes of the file.
Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that:
The recipient's identity can be positively verified by the sender.
Which of the following offers confidentiality to an e-mail message?
The sender encrypting it with the receiver's public key.
Suppose that you are the COMSEC - Communications Security custodian for a large, multinational corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID Card that she uses to digitally sign and encrypt emails in the PKI. What happens to the certificates contained on the smart card after the security officer takes appropriate action?
They are added to the CRL
In a Public Key Infrastructure, how are public keys published?
Through digital certificates.
Which of the following can best define the "revocation request grace period"?
Time period between the arrival of a revocation request and the publication of the revocation information
Which of the following protects Kerberos against replay attacks?
Time stamps
In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term?
Top Level CA
What would you call a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates.
Trusted Platform Module (TPM)
The RSA Algorithm uses which mathematical concept as the basis of its encryption?
Two large prime numbers
Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?
Use of public key encryption to secure a secret key, and message encryption using the secret key.
Cryptography does not concern itself with which of the following choices?
Validation
Which of the following would best describe certificate path validation?
Verification of the validity of all certificates of the certificate chain to the root certificate
Which of the following offers security to wireless communications?
WTLS
Which of the following statements pertaining to key management is incorrect?
When not using the full keyspace, the key should be extremely random.
Public key infrastructure(PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion. This infrastructure is based upon which of the following Standard?
X.509
Which of the following standards concerns digital certificates?
X.509
The Secure Hash Algorithm (SHA-1) creates:
a fixed length message digest from a variable length input message
Which of the following DoD Model layer provides non-repudiation services?
application layer.
In a known plaintext attack, the cryptanalyst has knowledge of which of the following?
both the plaintext and the associated ciphertext of several messages
The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is Quite feasible for computer use.
computing in Galois fields
Which of the following issues is not addressed by digital signatures?
denial-of-service
Complete the following sentence. A digital signature is a ____
hash value that has been encrypted with the senders private key
Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext?
known plaintext
What is the role of IKE within the IPsec protocol?
peer authentication and key exchange
There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?
public-key certificates
A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the following?
verifying signed messages