CISSP

Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the following statements pertaining to these types of controls is correct? A. Examples of these types of controls include policies and procedures, security awareness training,background checks, work habit checks but do not include a review of vacation history, and also do not include increased supervision. B. Examples of these types of controls do not include encryption, smart cards, access lists, and transmissionprotocols. C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.D. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation history, and increased supervision

C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.

Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model? A. S/MIME and SSH B. TLS and SSL C. IPsec and L2TP D. PKCS#10 and X.509

C. IPsec and L2TP

Which of the following is the FIRST step in protecting data's confidentiality? A. Install a firewall B. Implement encryption C. Identify which information is sensitive D. Review all user access rights

C. Identify which information is sensitive

Which of the following statements pertaining to link encryption is false? A. It encrypts all the data along a specific communication path. B. It provides protection against packet sniffers and eavesdroppers. C. Information stays encrypted from one end of its journey to the other. D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted

C. Information stays encrypted from one end of its journey to the other.

Which of the following is true about Kerberos? A. It utilizes public key cryptography. B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text. C. It depends upon symmetric ciphers. D. It is a second party authentication system

C. It depends upon symmetric ciphers.

Which of the following is not a property of the Rijndael block cipher algorithm? A. It employs a round transformation that is comprised of three layers of distinct and invertibletransformations. B. It is suited for high speed chips with no area restrictions. C. It operates on 64-bit plaintext blocks and uses a 128 bit key. D. It could be used on a smart card

C. It operates on 64-bit plaintext blocks and uses a 128 bit key.

The Clipper Chip utilizes which concept in public key cryptography? A. Substitution B. Key Escrow C. An undefined algorithm D. Super strong encryption

B. Key Escrow

Which access control model provides upper and lower bounds of access capabilities for a subject? A. Role-based access control B. Lattice-based access control C. Biba access control D. Content-dependent access control

B. Lattice-based access control

What is NOT true with pre shared key authentication within IKE / IPsec protocol? A. Pre shared key authentication is normally based on simple passwords B. Needs a Public Key Infrastructure (PKI) to work C. IKE is used to setup Security Associations D. IKE builds upon the Oakley protocol and the ISAKMP protocol

B. Needs a Public Key Infrastructure (PKI) to work

While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the most? A. Key session exchange B. Packet Header Source or Destination address C. VPN cryptographic key size D. Crypotographic algorithm used

B. Packet Header Source or Destination address

In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed? A. Pre Initializatio n Phase B. Phase 1 C. Phase 2 D. No peer authentication is performed

B. Phase 1

Which of the following is best at defeating frequency analysis? A. Substitution cipher B. Polyalphabetic cipher C. Transposition cipher D. Ceasar Cipher

B. Polyalphabetic cipher

Which of the following pairings uses technology to enforce access control policies? A. Preventive/Administrative B. Preventive/Technical C. Preventive/Physical D. Detective/Administrative

B. Preventive/Technical

Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing? A. Preventive/Administrative Pairing B. Preventive/Technical Pairing C. Preventive/Physical Pairing D. Detective/Technical Pairing

B. Preventive/Technical Pairing

Which of the following algorithms is a stream cipher? A. RC2 B. RC4 C. RC5 D. RC6

B. RC4

Kerberos depends upon what encryption method? A. Public Key cryptography. B. Secret Key cryptography. C. El Gamal cryptography. D. Blowfish cryptography

B. Secret Key cryptography.

What can be defined as secret communications where the very existence of the message is hidden? A. Clustering B. Steganography C. Cryptology D. Vernam cipher

B. Steganography

Which type of password token involves time synchronization? A. Static password tokens B. Synchronous dynamic password tokens C. Asynchronous dynamic password tokens D. Challenge-response tokens

B. Synchronous dynamic password tokens

In Mandatory Access Control, sensitivity labels attached to object contain what information? A. The item's classification B. The item's classification and category set C. The item's category D. The items's need to know

B. The item's classification and category

In Synchronous dynamic password tokens: A. The token generates a new password value at fixed time intervals (this password could be based on thetime of day encrypted with a secret key). B. The token generates a new non-unique password value at fixed time intervals (this password could bebased on the time of day encrypted with a secret key). C. The unique password is not entered into a system or workstation along with an owner's PIN. D. The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entityverifies that the entered password is invalid and that it was entered during the invalid time window

B. The token generates a new non-unique password value at fixed time intervals (this password could bebased on the time of day encrypted with a secret key).

Which of the following tools is less likely to be used by a hacker? A. l0phtcrack B. Tripwire C. OphCrack D. John the Ripper

B. Tripwire

When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED? A. Type I error B. Type II error C. Type III error D. Crossover error

B. Type II error

Which of the following DoD Model layer provides nonrepudiation services? A. network layer. B. application layer. C. transport layer. D. data link layer.

B. application layer.

The following is NOT a security characteristic we need to consider while choosing a biometric identification systems: A. data acquisition process B. cost C. enrollment process D. speed and user interface

B. cost

In biometric identification systems, the parts of the body conveniently available for identification are: A. neck and mouth B. hands, face, and eyes C. feet and hair D. voice and neck

B. hands, face, and eyes

What does the directive of the European Union on Electronic Signatures deal with? A. Encryption of classified data B. Encryption of secret data C. Non repudiation D. Authentication of web servers

C. Non repudiation

In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessity of answering 2 questions : A. what was the sex of a person and his age B. what part of body to be used and how to accomplish identification that is viable C. what was the age of a person and his income level D. what was the tone of the voice of a person and his habits

B. what part of body to be used and how to accomplish identification that is viable

What kind of encryption is realized in the S/MIMEstandard? A. Asymmetric encryption scheme B. Password based encryption scheme C. Public key based, hybrid encryption scheme D. Elliptic curve based encryption

C. Public key based, hybrid encryption scheme

Which access control model is also called Non Discretionary Access Control (NDAC)? A. Lattice based access control B. Mandatory access control C. Role-based access control D. Label-based access control

C. Role-based access control

Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank? A. SSH ( Secure Shell) B. S/MIME (Secure MIME) C. SET (Secure Electronic Transaction) D. SSL (Secure Sockets Layer)

C. SET (Secure Electronic Transaction)

Which of the following keys has the SHORTEST lifespan? A. Secret key B. Public key C. Session key D. Private key

C. Session key

Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric Ciphers? A. Provides Limited security services B. Has no built in Key distribution C. Speed D. Large number of keys are needed

C. Speed

Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that: A. The sender and recipient have reached a mutual agreement on the encryption key exchange that they willuse. B. The channels through which the information flows are secure. C. The recipient's identity can be positively verified by the sender. D. The sender of the message is the only other person with access to the recipient's private key

C. The recipient's identity can be positively verified by the sender.

Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access Control System TACACS for communication between clients and servers? A. TCP B. SSL C. UDP D. SSH

C. UDP

Which of the following standards concerns digital certificates? A. X.400 B. X.25 C. X.509 D. X.75

C. X.509

The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics? A. 64 bits of data input results in 56 bits of encrypted output B. 128 bit key with 8 bits used for parity C. 64 bit blocks with a 64 bit total key length D. 56 bits of data input results in 56 bits of encrypted output

C. 64 bit blocks with a 64 bit total key length

Who developed one of the first mathematical models of a multilevel-security computer system? A. Diffie and Hellman. B. Clark and Wilson. C. Bell and LaPadula. D. Gasser and Lipner.

C. Bell and LaPadula

Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack

C. Birthday attack

Which of the following was not designed to be a proprietary encryption algorithm? A. RC2 B. RC4 C. Blowfish D. Skipjack

C. Blowfish

Which of the following concerning the Rijndael block cipher algorithm is false? A. The design of Rijndael was strongly influenced by the design of the block cipher Square. B. A total combinations of key length and block length are possibleC. Both block size and key length can be extended to multiples bits. D. The cipher has a variable block length and key length

C. Both block size and key length can be extended to multiples bits.

Which of the following does NOT concern itself with key management? A. Internet Security Association Key Management Protocol (ISAKMP) B. Diffie-Hellman (DH) C. Cryptology (CRYPTO) D. Key Exchange Algorithm (KEA)

C. Cryptology (CRYPTO)

Which of the following modes of DES is MOST Likely used for Database Encryption A. Electronic Code Book(ECB) B. Cipher Block Chaining(CBC) C. Cipher Feedback(CFB) D. Output Feedback(OFB)

A. Electronic Code Book(ECB)

An employee ensures all cables are shielded, builds concrete walls that extend from the true floor to the true ceiling and installs a white noise generator. What attack is the employee trying to protect against? A. Emanation Attacks B. Social Engineering C. Object reuse D. Wiretaping

A. Emanation Attacks

Which of the following services is NOT provided by the digital signature standard (DSS)? A. Encryption B. Integrity C. Digital signatureD. Authentication

A. Encryption

The type of discretionary access control (DAC) that is based on an individual's identity is also called: A. Identity-based Access control B. Rule-based Access control C. Non-Discretionary Acces

A. Identity-based Access control

Which key agreement scheme uses implicit signatures ? A. MQV B. DH C. ECC D. RSA

A. MQV

You are an information systems security officer at a mid-sized business and are called upon to investigate a threat conveyed in an email from one employee to another. You gather the evidence from both the email server transaction logs and from the computers of the two individuals involved in the incident and prepare an executive summary. You find that a threat was sent from one user to the other in a digitally signed email. The sender of the threat says he didn't send the email in question. What concept of PKI - Public Key Infrastructure will implicate the sender? A. Non-repudiation B. The digital signature of the recipient C. Authentication D. Integrity

A. Non-repudiation

A host-based IDS is resident on which of the following? A. On each of the critical hosts B. decentralized hosts C. central hosts D. bastion hosts

A. On each of the critical hosts

Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key. A. Private / Public B. Public / Private C. Symmetric / Asymmetric D. Private / Symmetric

A. Private / Public

What kind of certificate is used to validate a user identity? A. Public key certificate B. Attribute certificate C. Root certificate D. Code signing certificate

A. Public key certificate

Suppose you are a domain administrator and are choosing an employee to carry out backups. Which access control method do you think would be best for this scenario? A. RBAC - Role-Based Access Control B. MAC - Mandatory Access Control C. DAC - Discretionary Access Control D. RBAC - Rule-Based Access Control

A. RBAC - Role-Based Access Control

Which of the following biometric devices has the lowest user acceptance level? A. Retina Scan B. Fingerprint scan C. Hand geometry D. Signature recognition

A. Retina Scan

Which of the following is used to create and modify the structure of your tables and other objects in the database? A. SQL Data Definition Language (DDL) B. SQL Data Manipulation Language (DML) C. SQL Data Relational Language (DRL) D. SQL Data Identification Language (DIL)

A. SQL Data Definition Language (DDL)

Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic? A. SSL or TLS B. 802.1X C. ARP Cache Security D. SSH - Secure Shell

A. SSL or TLS

Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet? A. Secure Electronic Transaction (SET) B. MONDEX C. Secure Shell (SSH-2) D. Secure Hypertext Transfer Protocol (S-HTTP)

A. Secure Electronic Transaction (SET)

Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity? A. Steganography B. ADS - Alternate Data Streams C. Encryption D. NTFS ADS

A. Steganography

Which of the following is more suitable for a hardware implementation? A. Stream ciphers B. Block ciphers C. Cipher block chaining D. Electronic code book

A. Stream ciphers

Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense? A. TCSEC B. ITSEC C. DIACAP D. NIACAP

A. TCSEC

Suppose that you are the COMSEC - Communications Security custodian for a large, multinational corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID Card that she uses to digitally sign and encrypt emails in the PKI. What happens to the certificates contained on the smart card after the security officer takes appropriate action? A. They are added to the CRL B. They are reissued to the user C. New certificates are issued to the user D. The user may no longer have certificates

A. They are added to the CRL

Which of the following would best describe certificate path validation? A. Verification of the validity of all certificates of the certificate chain to the root certificate B. Verification of the integrity of the associated root certificate C. Verification of the integrity of the concerned private key D. Verification of the revocation status of the concerned certificate

A. Verification of the validity of all certificates of the certificate chain to the root certificate

Which of the following testing method examines internal structure or working of an application? A. White-box testing B. Parallel Test C. Regression Testing D. Pilot Testing

A. White-box testing

The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for computer use. A. computing in Galois fields B. computing in Gladden fields C. computing in Gallipoli fields D. computing in Galbraith fields

A. computing in Galois fields

Complete the following sentence. A digital signature is a ____ A. hash value that has been encrypted with the senders private key B. hash value that has been encrypted with the senders public key C. hash value that has been encrypted with the senders Session key D. it is senders signature signed and scanned in a digital format

A. hash value that has been encrypted with the senders private key

Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)? A. signature-based IDS B. statistical anomaly-based IDS C. event-based IDS D. inferent-based IDS

A. signature-based IDS

Which of the following best describes an exploit? A. An intentional hidden message or feature in an object such as a piece of software or a movie. B. A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order tocause unintended or unanticipated behavior to occur on computer software C. An anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer D. A condition where a program (either an application or part of the operating system) stops performing itsexpected function and also stops responding to other parts of the system

B. A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order tocause unintended or unanticipated behavior to occur on computer software

What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate? A. A public-key certificate B. An attribute certificate C. A digital certificate D. A descriptive certificate

B. An attribute certificate

Which division of the Orange Book deals with discretionary protection (need-toknow)? A. D B. C C. B D. A

B. C

Who vouches for the binding between the data items in a digital certificate? A. Registration authority B. Certification authority C. Issuing authority D. Vouching authority

B. Certification authority

Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and testing. Which of following assure the Target of Evaluation (or TOE) is methodically designed, tested and reviewed? A. EAL 3 B. EAL 4 C. EAL 5 D. EAL 6

B. EAL 4

Which of the following is true about digital certificate? A. It is the same as digital signature proving Integrity and Authenticity of the data B. Electronic credential proving that the person the certificate was issued to is who they claim to be C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user. D. Can't contain geography data such as country for example.

B. Electronic credential proving that the person the certificate was issued to is who they claim to be

What is an error called that causes a system to be vulnerable because of the environment in which it is installed? A. Configuration error B. Environmental error C. Access validation error D. Exceptional condition handling error

B. Environmental error

Which of the following would best describe a Concealment cipher? A. Permutation is used, meaning that letters are scrambled. B. Every X number of words within a text, is a part of the real message. C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks. D. Hiding data in another message so that the very existence of the data is concealed.

B. Every X number of words within a text, is a part of the real message

You've decided to authenticate the source who initiated a particular transfer while ensuring integrity of the data being transferred. You can do this by: A. Having the sender encrypt the message with his private key. B. Having the sender encrypt the hash with his private key. C. Having the sender encrypt the message with his symmetric key. D. Having the sender encrypt the hash with his public key.

B. Having the sender encrypt the hash with his private key.

What are the three most important functions that Digital Signatures perform? A. Integrity, Confidentiality and Authorization B. Integrity, Authentication and Nonrepudiation C. Authorization, Authentication and Nonrepudiation D. Authorization, Detection and Accountability

B. Integrity, Authentication and Nonrepudiation

The primary purpose for using one-way hashing of user passwords within a password file is which of the following? A. It prevents an unauthorized person from trying multiple passwords in one logon attempt. B. It prevents an unauthorized person from reading the password. C. It minimizes the amount of storage required for user passwords. D. It minimizes the amount of processing time used for encrypting passwords

B. It prevents an unauthorized person from reading the password.

Which of the following issues is not addressed by digital signatures? A. nonrepudiation B. authentication C. data integrity D. denial-of-service

D. denial-of-service

Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? A. message non-repudiation. B. message confidentiality. C. message interleave checking. D. message integrity

D. message integrity

What size is an MD5 message digest (hash)? A. 128 bits B. 160 bits C. 256 bits D. 128 bytes

A. 128 bits

How many rounds are used by DES? A. 16 B. 32 C. 64 D. 48

A. 16

What is the effective key size of DES? A. 56 bits B. 64 bits C. 128 bits D. 1024 bits

A. 56 bits

What is a characteristic of using the Electronic Code Book mode of DES encryption? A. A given block of plaintext and a given key will always produce the same ciphertext. B. Repetitive encryption obscures any repeated patterns that may have been present in the plaintext. C. Individual characters are encoded by combining output from earlier encryption routines with plaintext. D. The previous DES output is used as input

A. A given block of plaintext and a given key will always produce the same ciphertext

Which of the following protocols that provide integrity and authentication for IPSec, can also provide nonrepudiation in IPSec? A. Authentication Header (AH) B. Encapsulating Security Payload (ESP) C. Secure Sockets Layer (SSL) D. Secure Shell (SSH-2)

A. Authentication Header (AH)

Which of the following is NOT true of Secure Sockets Layer (SSL)? A. By convention it uses 's-http://' instead of 'http://'. B. Is the predecessor to the Transport Layer Security (TLS) protocol. C. It was developed by Netscape. D. It is used for transmitting private information, data, and documents over the Internet

A. By convention it uses 's-http://' instead of 'http://'

In a PKI infrastructure where are list of revoked certificates stored? A. CRL B. Registration Authority C. Recovery Agent D. Key escrow

A. CRL

Readable is to unreadable just as plain text is to _____? A. Cipher Text B. Encryption C. Unplain Text D. Digitally Signed

A. Cipher Text

Complete the following sentence. A message can be encrypted, which provides __________ A. Confidentiality B. Non-Repudiation C. Authentication D. Integrity

A. Confidentiality

3 What is the primary role of cross certification? A. Creating trust between different PKIs B. Build an overall PKI hierarchy C. set up direct trust to a second root CA D. Prevent the nullification of user certificates by CA certificate revocation

A. Creating trust between different PKIs

What enables users to validate each other's certificate when they are certified under different certification hierarchies? A. Cross-certification B. Multiple certificates C. Redundant certification authorities D. Root certification authorities

A. Cross-certification

Which of the following is NOT a true statement regarding the implementaton of the 3DES modes? A. DES-EEE1 uses one key B. DES-EEE2 uses two keys C. DES-EEE3 uses three keys D. DES-EDE2 uses two keys

A. DES-EEE1 uses one key

In which mode of DES, a block of plaintext and a key will always give the same ciphertext? A. Electronic Code Book (ECB) B. Output Feedback (OFB) C. Counter Mode (CTR) D. Cipher Feedback (CFB)

A. Electronic Code Book (ECB)

What key size is used by the Clipper Chip? A. 40 bits B. 56 bits C. 64 bits D. 80 bits

D. 80 bits

RADIUS incorporates which of the following services? A. Authentication server and PIN codes. B. Authentication of clients and static passwords generation. C. Authentication of clients and dynamic passwords generation. D. Authentication server as well as support for Static and Dynamic passwords

D. Authentication server as well as support for Static and Dynamic passwords

This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What best describes this scenario? A. Excessive Rights B. Excessive Access C. Excessive Permissions D. Excessive Privileges

D. Excessive Privileges

Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? A. Timestamping B. Repository C. Certificate revocation D. Internet Key Exchange (IKE)

D. Internet Key Exchange (IKE)

Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)? A. It has been mathematically proved to be more secure. B. It has been mathematically proved to be less secure. C. It is believed to require longer key for equivalent security. D. It is believed to require shorter keys for equivalent security

D. It is believed to require shorter keys for equivalent security

Which of the following access control models requires security clearance for subjects? A. Identity-based access control B. Role-based access control C. Discretionary access control D. Mandatory access control

D. Mandatory access control

The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to communicate securely with each other is given by which of the following? A. K(N - 1)/ 2 B. N(K - 1)/ 2 C. K(N + 1)/ 2 D. N(N - 1)/ 2

D. N(N - 1)/ 2

Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network? A. S-Telnet B. SSL C. Rlogin D. SSH

D. SSH

Which of the following protects Kerberos against replay attacks? A. Tokens B. Passwords C. Cryptography D. Time stamps

D. Time stamps

The RSA Algorithm uses which mathematical concept as the basis of its encryption? A. Geometry B. 16-round ciphers C. PI (3.14159...) D. Two large prime numbers

D. Two large prime numbers