CISSP | Test Questions | Domain 5 | Cryptography

What is a digital signature? a. A form of authenticator b. An actual signature written on the computer c. The same as the checksum d. Different from analog signature

a. A digital signature authorizes and legitimizes the transaction by using a secret decryption key to send it to the receiver. An actual signature written on the computer is incorrect because it is not an actual signature. Instead, a digital signature is decrypted using the secret decryption key and sent to the receiver. Checksum is incorrect because it is a technique to ensure the accuracy of transmission, and it ensures the integrity of files. There is no such thing as an analog signature because a digital signature is needed.

What is a simpler alternative to a digital signature? a. Hash function b. Digital certificate c. Handwritten signature d. Certificate authority

a. A digital signature provides for nonrepudiation of origin. A simpler alternative to a digital signature is a hash function, where the message is indexed to a digest for integrity checking. It requires that both parties trust one another. However, it is of limited use because it does not provide for repudiation of origin. A digital certificate contains identification information about its holder. It includes a public key and a unique private key. Exchanging keys and certificates allows two parties to verify each other's identities before communicating. A handwritten signature is similar to a digital signature in that it places a unique mark on a document that verifies the identity of the sender. A major problem with the handwritten signature is that it can be forged. A certificate authority is a third party that distributes public and private key pairs.

Which of the following should not be distributed? a. Shared secrets b. Domain parameters c. Initialization vectors d. Random number generator seeds

a. A shared secret is a secret value that has been computed using a key agreement scheme and is used as input to a key derivation function. Hence, shared secrets should not be distributed while the other three choices can be safely distributed most of the time. Because the initialization vectors are often stored with the data that they protect, a determined attacker (not a normal attacker) could take advantage of them for hacking.

Which of the following need not be archived? a. Private signature key b. Symmetric authentication key c. Public authentication key d. Symmetric master key

a. An archive for keying material (i.e., keys and initialization vectors) should provide both integrity and access control. When archived, keying material should be archived prior to the end of the crypto-period of the key. When no longer required, the keying material should be destroyed. Private signature key need not be archived because it is private but should be protected in a safe and secure location. Both symmetric and public authentication keys should be archived until no longer required to authenticate the data. A symmetric master key should be archived until no longer needed to derive other keys.

Which of the following should be destroyed immediately after use? a. Random number generator seeds and intermediate results b. Nonce and shared secrets c. Domain parameters and initialization vectors d. Shared secrets and intermediate results

a. Both random number generator (RNG) seeds and intermediate results should be destroyed after use due to their sensitivity. Domain parameters remain in effect until changed. Shared secrets and initialization vectors should be destroyed as soon as they are no longer needed. A nonce should not be retained longer than needed for cryptographic processing.

Which of the following is often distributed as a self-signed certificate? a. Trust anchors b. Root certificate store c. Trust list d. Trust keys

a. Certificate authorities (CAs) generally issue a self-signed certificate (called root certificate), which is also called a trust anchor. CAs that a relying party trusts directly are called trust anchors. When multiple trust anchors are recognized, the set of trust anchors is referred to as the trust list. CA certificates play a key role in many protocols and applications and are generally kept in what is often called a root certificate store. Trust keys are used in trust anchors. Root certificate store is used in validating certificate path.

Countermeasures against brute force attacks on cryptographic keys include which of the following? 1. Change keys 2. Increase key length 3. Change protocol 4. Change algorithm a. 1 and 2 b. 2 and 3 c. 3 and 4 d. 1 and 3

a. Changing cryptographic keys frequently and increasing the key length can fight against the brute force attacks on keys. Changing protocols and algorithms cannot fight against the brute force attacks because the changed protocols and algorithms could be subjected to the same attacks or different attacks.

Cryptographic key establishment schemes use which of the following? a. Key transport and key agreement b. Key wrapping and key confirmation c. Key usage and key distribution d. Key splits and key bundles

a. Cryptographic key establishment schemes are used to set up keys to be used between communicating entities. The scheme uses key transport and key agreement. The key transport is the distribution of a key from one entity to another entity. The key agreement is the participation by both entities in the creation of shared keying material (for example, keys and initialization vectors). The key establishment scheme does not deal with the other three choices.

Digital signatures cannot provide which of the following security services? a. Confidentiality b. Authentication c. Integrity d. Nonrepudiation

a. Digital signatures cannot by themselves provide confidentiality service; instead, they provide authentication, integrity, and non-repudiation services. Specific algorithms used for digital signatures include DSA, RSA, PKCS, and ECDSA.

Which of the following need to be archived? a. Domain parameters b. Shared secrets c. Random number generator seeds d. Intermediate results

a. Domain parameters should be archived until all keying material, signatures, and signed data using the domain parameters are removed from the archive. The other three choices should not be archived due to their secrecy and because they are temporary in nature. One exception is that a shared secret is sometimes permanent as in a preshared key (PSK) for a site-to-site IPsec VPN.

The RSA-1024-bit key or the DSA-1024 bit key is used to provide which of the following? a. Digital signatures b. Hash values c. Key agreement d. Encryption

a. Either the Rivest, Shamir, and Adelman (RSA) or digital signature algorithm (DSA) with key sizes greater than or equal to 1024 bits is used to provide digital signatures. They are not used for hash values and key agreement, although less than 1024-bit keys are used for encryption.

Which of the following is a measure of the amount of uncertainty that an attacker faces to determine the value of a secret? a. Entropy b. Random number c. Nonce d. Pseudonym

a. Entropy is a measure of the amount of uncertainty that an attacker faces to determine the value of a secret. Entropy is usually stated in bits as it relates to information theory. It is a statistical parameter. Random number is incorrect because it can be used to generate passwords or keys. Nonce is incorrect because it is a value used in security protocols that is never repeated with the same key. Pseudonym is incorrect because it is a subscriber name that has been chosen by the subscriber that is not verified as meaningful by identity proofing.

Which of the following need not be subject to maintenance of special accounting records for cryptographic keying materials? a. Ephemeral keys b. Encrypted keys c. Decrypted keys d. Key encrypting keys

a. Ephemeral keys are cryptographic keys that are generated for each execution of a key establishment process and that meet other requirements of the key (for example, unique to each message or session and short-lived). It may not be practical or necessary to maintain accounting records for relatively short-lived keys such as ephemeral keys. This is because user devices (for example, user entities at client nodes) generate ephemeral keys, and they are intended for use within the client node. The other three choices need accounting records. Encrypted keys are encrypted with a key encrypting key to disguise the value of the underlying plaintext key. The key encrypting key is used for the encryption or decryption of other keys.

For security protection mechanisms for cryptographic data in storage, the encryption mechanism should not be easier to recover the key encrypting key than it is to recover the key being encrypted is a part of which of the following cryptographic service? a. Confidentiality b. Availability c. Integrity d. Labels

a. For confidentiality service, encryption with an approved algorithm is needed for the cryptographic module. Moreover, the encryption mechanism should not be an easier way to recover the key encrypting key than it is to recover the key being encrypted. In other words, recovering the key being encrypted should be relatively easier and recovering the key encrypting key should be difficult.

Key wrapping provides which of the following services to the wrapped material? a. Confidentiality and integrity b. Authentication and integrity c. Accountability and availability d. Assurance and reliability

a. Key wrapping is the encryption of a key by a key encrypting key using a symmetric algorithm. Key wrapping provides both confidentiality and integrity services to the wrapped material and does not provide services listed in the other three choices.

For cryptography, what is nonce? a. Timestamp plus sequence number b. Checksum plus check digit c. Payload plus protocol d. Public key plus private key

a. Nonce is a time-varying and nonrepeating cryptographic value with the use of a timestamp, a sequence number, or combination, which are freshly generated random values. Checksums and check digits are used to ensure data accuracy during data entry and data transmission. Payload is a part of the data stream representing the user information in a communication. Protocol is a set of rules used by two or more entities that describe the message order and data structures for information exchange between the entities. A public key is a cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and that may be made public. A private key is a cryptographic key, used with a public key cryptographic algorithm that is uniquely associated with an entity and that is not made public.

A cryptographic keying material is compromised during the course of regular or normal work. Which of the following actions may not be necessary during the compromise recovery process? a. Key destruction b. Notification of users of compromised keys c. Emergency key revocation d. Replacement of the compromised keys

a. Notification of users of compromised keys, emergency key revocation, and secure replacement of the compromised keys are a part of normal recovery procedures. Key destruction must take place only when an external attacker is involved, not when user errors and system problems are involved during the course of regular work. The other three choices are normally used during the compromise recovery process.

Which of the following is an example of passive wiretapping? a. Traffic analysis b. Message modification c. Message delay d. Message deletion

a. Passive wiretapping includes not only information release but also traffic analysis (using addresses, other header data, message length, and message frequency). Security measures such as traffic padding can be used to prevent traffic analysis attacks. Active wiretapping includes message stream modifications, including delay, duplication, deletion, or counterfeiting.

What is password hashing? a. Storing a hash of the password b. Storing the password in a clear text and encrypting it as needed c. Guessing a password d. Cracking a password

a. Password hashing requires storing a password in its hash form, which is better than storing an unencrypted password. When a password is supplied, it computes the password's hash and compares it with the stored value. If they match, the password is correct. An attacker cannot derive the password from the hashes. It is good to hide the hashed password list. The other three incorrect choices are weak forms of handling a password. Encrypting passwords leads to judgmental errors. A password can be easily guessed if the user selects the password from a word dictionary. An exhaustive search may then "crack" the password.

What is a public key cryptographic algorithm that does both encryption and digital signature? a. Rivest, Shamir, and Adelman (RSA) b. Data encryption standard (DES) c. International data encryption algorithm (IDEA) d. Digital signature standard (DSS)

a. RSA's technique can be used for document encryption as well as creating digital signatures. DSS is a public key cryptographic system for computing digital signatures only, but not for encryption. Both RSA and DSS appear to be similar. DES is a secret key cryptographic scheme. IDEA is also a secret key cryptographic scheme gaining popularity. Both DES and IDEA use secret (private) key algorithms, whereas DSS and RSA use public key algorithms.

A digital signature is implemented using which of the following cryptographic techniques? a. Public key cryptography b. Key escrow cryptography c. Secret key cryptography d. Hybrid cryptographic systems

a. Recent advances in cryptographic technology have lead to the development of public key cryptographic algorithms. These algorithms are referred to as "asymmetric" because they rely on two different keys to perform cryptographic processing of data. These keys are generated and used in pairs consisting of private and public key components. Public key crypto-systems make possible authentication schemes in which a secret can be verified without the need to share that secret. In public key cryptography, each user independently generates two mathematically related keys. One is typically made public, so it is referred to as the public key. The other is kept private, so it is referred to as the user's private key. The public key becomes in effect part of the user's identity and should be made well known as necessary, like a phone number. Conversely, the private key should be known only to the user because it can be used to prove ownership of the public key and thus the user's identity. It is computationally infeasible to derive a user's private key from the corresponding public key, so free distribution of the public key poses no threat to the secrecy of the private key. The private key component of the public key cryptography is used to create the digital signatures. Similar to a written signature, a digital signature is unique to the signer except that it can be verified electronically. This is made possible by the fact that in public key cryptosystems, digital signatures are generated with the private key component of the public/private key pair. The corresponding public key is used to verify the signature. Because a given user's private key does not need to be shared with other parties, there is a strong association between the user's identity and possession of the private key. Key escrow cryptographic techniques are used in electronic surveillance of telecommunications by law enforcement officials. A definition of a key escrow system is that an encryption key or a document is delivered to a third person to be given to the grantee only upon the fulfillment of a condition. A key escrow system is one that entrusts the two components comprising a cryptographic key (for example, a device unique key) to two key component holders (also called "escrow agents"). The key component holders provide the components of a key to a "grantee" (for example, a law enforcement official) only upon fulfillment of the condition that the grantee has properly demonstrated legal authorization to conduct electronic surveillance of telecommunications encrypted using the specific device whose device unique key is being requested. The key components obtained through this process are then used by the grantee to reconstruct the device unique key and obtain the session key that is then used to decrypt the telecommunications that are encrypted with that session key. The digital signature does not use the key escrow cryptography. The primary feature distinguishing secret key algorithms is the use of a single secret key for cryptographic processing. The use of advanced encryption standard (AES) is an example of secret key cryptography. The AES algorithm can be implemented with reasonable efficiency in the firmware of a smart token. Electronic signatures can use either secret key or public key cryptography. The digital signature is not using the secret key cryptography due to sharing of a secret key by two parties. Hybrid approaches are possible, where public key cryptography is used to distribute keys for use by secret key algorithms. However, the digital signature is not using the hybrid approaches.

Which of the following is a nonsecret value that is used in a cryptographic process? a. Salt b. Shared secret c. Min-entropy d. Guessing entropy

a. Salt is a nonsecret value that is used in a cryptographic process, usually to ensure that an attacker cannot reuse the results of computations for one instance. Shared secret is incorrect because it is a secret used in authentication that is known to the claimant and the verifier. Min-entropy is incorrect because it is a measure of the difficulty that an attacker has to guess the most commonly chosen password used in a system. Guessing entropy is incorrect because it is a measure of the difficulty that an attacker has to guess the average password used in a system.

Which of the following should not exist outside the cryptographic boundary of the crypto-module? a. Shared secrets and intermediate results b. Domain parameters and initialization vectors c. Random number generator seeds and nonce d. Nonce and salt

a. Shared secrets are generated during a key establishment process. Intermediate results of cryptographic operations are generated using secret information. Therefore, both shared secrets and intermediate results should not exist outside the cryptographic boundary of the cryptomodule due to their sensitivity and criticality. The other three choices either do not exist outside the cryptographic boundary or they are less sensitive and critical.

Within the Internet Protocol security (IPsec) protocol suite, which of the following should not be used because it introduces unnecessary complexity in processing? a. Authentication header (AH) b. Encapsulating security protocol (ESP) c. Security association (SA) d. Internet key exchange (IKE)

a. The authentication header (AH) protects the Internet Protocol (IP) header and the data following the IP header. However, the AH processing introduces unnecessary complexity. Because the encapsulating security protocol (ESP) can provide equivalent functionality as the AH, the use of AH is not recommended due to its complexity in processing. Moreover, the ESP protects the source and destination addresses in the IP header in both transport and tunnel modes. Hence, the ESP is better than the AH.

Countermeasures against man-in-the-middle attacks include which of the following? 1. Implement digital signatures 2. Use split knowledge procedures 3. Use faster hardware 4. Use packet filters a. 1 and 2 b. 2 and 3 c. 3 and 4 d. 1 and 4

a. The man-in-the-middle (MitM) attack takes advantage of the store-and-forward mechanism used by insecure networks such as the Internet. Digital signatures and split knowledge procedures are effective against such attacks. Faster hardware and packet filters are effective against denial-of-service (DoS) attacks.

The owner of a cryptographic key pair demonstrates proof-of-possession by using: a. Private key b. Public key c. Ephemeral key d. Encrypted key

a. The proof-of-possession is a verification process whereby it is proven that the owner of a key pair actually has the private key associated with the public key. The owner demonstrates the possession by using the private key in its intended manner. Without the assurance of possession, it would be possible for the certificate authority to bind the public key to the wrong entity. The other three choices do not demonstrate proof-of-possession.

If cryptographic key materials are compromised, the compromise recovery process can be relatively simple and inexpensive for which of the following? a. Symmetric keys used by a single user b. A certification authority's private key c. A key used to protect a large number of stored keys d. Keys used by many users of large distributed databases

a. Where symmetric keys or private asymmetric keys are used to protect only a single user's local information in communications between a single pair of users, the compromise recovery process can be relatively simple and inexpensive. The damage assessment and mitigation measures are often local matters. On the other hand, damage assessment can be complex and expensive where (i) a key is shared by or affects a large number of users, (ii) certification authority's (CA's) private key is replaced, (iii) transport keys are widely used, (iv) keys are used by many users of large distributed databases, and (v) a key is used to protect a large number of stored keys.

What is the major advantage of a checksum program? a. Adds more bytes to programs b. Verifies integrity of files c. Increases boot-up time d. Misleads a program recompilation

b. A checksum is a program that forms a cryptographic checksum of files in a computer system to allow their integrity to be checked at will. However, the checksum program adds overhead to the system in terms of adding more bytes to each program and increases boot-up time by several minutes. Any attempt to recompile a program will be flagged as a "virus type" activity (when it is not) and will be stopped. It misleads a program recompilation process.

What is a message authentication code? a. Data checksum b. Cryptographic checksum c. Digital signature d. Cyclic redundancy check

b. A checksum is digits or bits summed according to arbitrary rules and used to verify the integrity of data. All forms of checksums have the same objective, that is, to ensure that the conveyed information has not been changed in transit from sender to recipient. The difference between these checksums is how strong the protective mechanism is for changing the information, that is, how hard it will be to attack for a knowledgeable attacker, not for a natural source. A message authentication code is a cryptographic checksum with the highest form of security against attacks. The public key is used to encrypt the message prior to transmission, and knowledge of a private (secret) key is needed to decode or decrypt the received message. A data checksum is incorrect because it catches errors that are the result of noise or other more natural or nonintentional sources. For example, most of these errors are due to human errors. A digital signature is incorrect because it is a form of authenticator. It is decrypted using the secret decryption key and sent to the receiver. The receiver may encrypt, using the public key, and may verify the signature, but the signature cannot be forged because only the sender knows the secret decryption key. Nonpublic key algorithms can also be used for digital signatures. The basic difference between the message authentication code and the digital signature is that although message authentication codes require a secret (private) key to verify, digital signatures are verifiable with a public key, that is, a published value. Message authentication codes are used to exchange information between two parties, where both have knowledge of the secret key. A digital signature does not require any secret key to be verified. A cyclic redundancy check (CRC) is incorrect because it uses an algorithm for generating error detection bits, and the receiving station performs the same calculation as the transmitting station. If the results differ, then one or more bits are in error. Both message authentication codes and digital signatures operate with keys (whether public or private), are based on cryptography, and are hard to attack by intruders. On the other hand, data checksums and cyclic redundancy checks operate on algorithms, are not based on cryptography, and are easily attacked by intruders.

How is a cryptographic algorithm's security life defined? a. Security life of data plus retention data life b. Originator usage period plus the security life of the data c. Recipient usage period plus the retention period d. Crypto-period plus security life of the data

b. A cryptographic algorithm's originator usage period is the period of time that a cryptographic algorithm and the key size are used to apply cryptographic protection. When the security life of the data is taken into account, cryptographic protection should not be applied to data using a given algorithm and key size if the security life of the data extends beyond the end of the algorithm security lifetime. Hence, the algorithm security life is the algorithm originator usage period plus the security life of the data.

Which of the following represents the correct order of nodes (from highest to lowest) in a cryptographic key management infrastructure? 1. Client node 2. User entities 3. Key processing facility 4. Service agent a. 4, 2, 3, and 1 b. 3, 4, 1, and 2 c. 3, 4, 2, and 1 d. 2, 4, 1, and 3

b. A key management infrastructure provides a unified and seamless structure for the generation, distribution, and management of cryptographic keys. It starts at the central oversight authority (the highest node, which is not used in the question) and moves down to key processing facility (the next highest node), service agent, client node, and user entities (the lowest node).

What is a major drawback of digital certificates? a. Certificate authority b. Internet addresses c. Message digest d. Digital signature

b. A major drawback of digital certificates is that they do not identify individuals, only Internet addresses. A different person could use the same computer with bad intent and be seen as the legitimate owner of the digital certificate. The certificate authority, the message digest, and the digital signatures are the strengths of digital certificates.

Which of the following is a noncryptographic technique that provides message integrity and creates insecurity? a. Message authentication code b. Error detection codes c. Cryptographic checksum d. Block cipher algorithms

b. Although message integrity is often provided using noncryptographic techniques known as error detection codes, these codes can be altered by an attacker for his benefit and hence create insecurity. Use of message authentication code (MAC) can alleviate this problem as it is based on block cipher algorithm. The cryptographic checksum is an algorithm that uses the bits in the transmission to create a checksum value and hence is secure. A noncryptographic technique does not use a cryptographic key.

For cryptography, which of the following refers to the worst-case measure of uncertainty for a random variable with the greatest lower bound? a. Max-entropy b. Min-entropy c. Guessing entropy d. Min-Max entropy

b. Entropy is the uncertainty of a random variable, which is stated in bits. Min-entropy is the worst-case measure of uncertainty for a random variable with the greatest lower bound. Minentropy is a measure of the difficulty that an attacker has to guess the most commonly chosen password used in a system. Guessing entropy is a measure of the difficulty that an attacker has to guess the value of a secret (e.g., a password). Guessing entropy refers to an attacker that knows the actual password frequency distribution. Max-entropy and min-max entropy are not usually used in the context of entropy.

The strength of all cryptographically based mechanisms lies in large part in which of the following? a. The strength of the cryptographic algorithm b. The protection provided to secret key material c. The strength of the key size d. The security of communication protocol

b. For all cryptographically based mechanisms, the strength of the mechanism lies partly in the strength of the cryptographic algorithm (including key size), partly in the security of any communication protocol, and in large part, in the protection provided to secret key material (i.e., keys and initialization vectors). A secret key is a symmetric key that is not made public and requires protection from disclosure.

Network communication channels contain unintentional errors due to transmission media and create network congestion, leading to lost packets. Which of the following statements is incorrect about forward error-correcting codes? a. Forward error-correcting codes are a subset of non-cryptographic checksums. b. Forward error-correction mechanism should be applied before encryption. c. Forward error-correcting codes can correct a limited number of errors without retransmission. d. Forward error-correction mechanism should be applied after encryption.

b. Forward error-correcting codes are a subset of noncryptographic checksums (i.e., they use an algorithm without secret information in terms of a cryptographic key) that can be used to correct a limited number of errors without retransmission. If forward error-correction is applied before encryption and errors are inserted in the ciphertext during transmission, it is difficult to decrypt, thus making the errors uncorrectable. Therefore, it is preferable to apply the forward error-correction mechanism after the encryption process. This will allow the error correction by the receiving entity's system before the ciphertext is decrypted, resulting in correct plaintext.

During the design of data communication networks, a functional capability of providing link encryption and end-to-end encryption is addressed by which of the following? a. Administrative control b. Access control c. Cost control d. Technical control

b. Functional capabilities can be placed inside network components to control access and protect information from misuse. Automated access control systems can require users and systems to log on to a network by identifying themselves and providing an automated password or similar control. Link and end-to-end encryption devices can protect information from misuse during transmission over a circuit or through a network. Link encryption is the application of online crypto-operation to a link of a communications system so that all information passing over the link is encrypted in its entirety. End-to-end encryption is the encryption of information at its origin and decryption at its intended destination without any intermediate decryption. Administrative control is incorrect because it deals with handling the paperwork associated with operating a network. The scope includes receiving requests for service from prospective users, notifying operations personnel of dates that devices should be connected and disconnected, maintaining a directory of network users and services, authorizing users to access the network and, issuing passwords. Cost control is incorrect because it deals with cost recovery and avoidance. It includes price setting for network services and billing the users. The price of network services is often a function of the volume of information exchanged, the duration of usage, the distance between parties, and the time of day of usage. Technical control is incorrect because it includes activities such as failure detection, problem diagnosis, and service restoration of network components. The scope includes alarms, status indicators, test-equipment interfaces, remote controls, and automatic monitoring.

Which of the following is referred to when two cryptographic key component holders manage the process of handling the two components of a cryptographic key? a. Key list b. Key escrow c. Key loader d. Key exchange

b. In general, escrow is something (for example, a document or an encryption key) that is delivered to a third party to be given to the grantee only upon the fulfillment of a predefined condition (i.e., a grantor and grantee relationship with a third party in the middle). Key escrow is the processes of managing (for example, generating, storing, transferring, and auditing) the two components of a cryptographic key by two component holders. A key component is the two values from which a key can be derived. A key escrow system entrusts the two components comprising a cryptographic key (for example, a device unique key) to two key component holders (also called escrow agents). The other three choices are incorrect. Key list is a printed series of key settings for a specific cryptonet. Key lists may be produced in list, pad, or printed tape format. Key loader is a selfcontained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module. Key exchange is the process of exchanging public keys and other information in order to establish secure communications.

Which of the following is not the recommended combination of authentication type key, digital signature key, and key establishment key respectively? a. RSA 1024, RSA 2048, and DH 2048 b. ECDSA P-256, ECDSA P-256, and RSA 2048 c. RSA 1024, RSA 2048, and RSA 2048 d. ECDSA P-384, ECDSA P-384, and ECDH P-384

b. In general, protocols and applications are designed to use cryptographic algorithms from one mathematical family. For most uses, digital signature keys and key establishment keys should provide consistent cryptographic strength. For example, applications that encounter certificates with elliptic curve digital signature algorithm (ECDSA) digital signatures would expect to use elliptic curve Diffie-Hellman (ECDH) for the key establishment key. Rivest, Shamir, and Adelman (RSA) is not compatible with ECDSA, whereas it is compatible with DH. It is advisable that users obtain an authentication type key, a digital signature key, and a key establishment key that are complementary in nature to ensure that the keys can be used together in protocols and applications. Complementary algorithms for public keys enhance interoperability.

A cryptographic key has been compromised due to usage and age. The next step is to use which of the following? a. DNSSEC-aware resolver b. Key rollover c. Zone signing key d. Key signing key

b. Key rollover is the process of generating and using a new key (symmetric or asymmetric key pair) to replace one already in use. Rollover is done because a key has been compromised as a result of usage and age. The DNSSEC-aware resolver is incorrect because it is an entity that sends DNS queries, receives DNS responses, and understands the DNSSEC specification, even if it is incapable of performing validation. A zone-signing key is incorrect because it is an authentication key that corresponds to a private key used to sign a zone. A key signing key is incorrect because it is an authentication key that corresponds to a private key used to sign one or more other authentication keys for a given zone.

Most commonly, what are certificate revocation lists (CRLs) distributed through? 1. Certificate management protocol 2. LDAP directories protocol 3. Web servers 4. HTTP URLs a. 1 or 2 b. 2 or 3 c. 1 or 3 d. 3 or 4

b. Most commonly, the certificate revocation lists (CRLs) are distributed via lightweight directory access protocol (LDAP) directories or Web servers. The certificate management protocol (CMP) and HTTP uniform resource locators (HTTP URLs) are not used to distribute CRLs. Both the LDAP and HTTP URLs are used to specify the location of CRLs. Both certification authority (CA) and registration authority (RA) software support the use of a certificate management protocol (CMP). An LDAP is a centralized directory that becomes a major focal point as a tool for access control.

Which of the following is the major reason for the transport layer security (TLS) protocol to provide end-to-end reliable delivery of data and messages? a. Cyclical redundancy checks b. Message reassembly c. Forward error correction technique d. Message fragmentation

b. Reliable delivery of data implies that all messages presented to the sending TCP/IP stack are delivered in proper sequence by the receiving TCP/IP stack. These messages may be broken up into packets and fragmented or segmented as they are sent and routed through any arrangement of local-area, wide-area, or metropolitan-area networks. During routing through networks, data are augmented with cyclical redundancy checks or forward error correction techniques to help ensure that the delivered messages are identical to the transmitted messages. Reliable delivery means that the messages are properly reassembled and presented in proper sequence to the peer protocol TLS entity. Here, the TLS relies on the communications functionality of the OSI/ISO lower layer protocols.

Which of the following specifically deals with hiding messages and obscuring senders and receivers? a. Quantum cryptography b. Steganography c. Cryptology d. Cryptography

b. Steganography is a part of cryptology that deals with hiding messages and obscuring who is sending or receiving them. Message traffic is padded to reduce the signals that otherwise would come from the sudden beginning of messages. Quantum cryptography is based on quantum-mechanics principles where eavesdroppers alter the quantum state of the system. Cryptology is the science and study of writing, sending, receiving, and deciphering secret messages. It includes authentication, digital signatures, steganography, and cryptanalysis. Cryptology includes both cryptography and cryptanalysis. Cryptology is the science that deals with hidden communications. Cryptography involves the principles, means, and methods used to render information unintelligible and for restoring encrypted information to intelligible form.

Most commonly used X.509 certificates do not refer to which of the following? a. Tamper-evident envelope b. Attribute certificate c. Public key certificate d. Basic certificate content

b. The ISO/ITU-T X.509 standard defines two types of certificates: the X.509 public key certificate and the X.509 attribute certificate. Most commonly, an X.509 certificate refers to the X.509 public key certificate. The public key certificate contains three nested elements: (i) the tamper-evident envelope (digitally signed by the source), (ii) the basic certificate content (for example, identifying information and public key), and (iii) extensions that contain optional certificate information. The X.509 attribute certificate is less commonly used.

For security protection mechanisms for cryptographic data in storage, backup, and archives, the storage of keying material is a part of which of the following cryptographic services? a. Confidentiality b. Availability c. Integrity d. Labels

b. The availability service for data in storage deals with backup and archive storages. During a key's crypto-period, keying material (i.e., keys and initialization vectors) should be stored in both normal operational storage and in backup storage. After the end of a key's crypto-period, keying material should be placed in archive storage. The other three choices do not deal with backup and archive storages.

Which of the following statements is true about digital signatures using the digital signature algorithm? a. The length of the digital signature is one-time the length of the key size. b. The length of the digital signature is two-times the length of the key size. c. The length of the digital signature is three-times the length of the key size. d. The length of the digital signature is four-times the length of the key size.

b. The digital signature algorithm (DSA) produces digital signatures of 320, 448, or 512 bits using the key size of 160, 224, or 256 respectively. Hence, the length of the digital signature is two-times the length of the key size.

Message authentication code (MAC) provides which of the following security services? a. Confidentiality and integrity b. Authentication and integrity c. Accountability and availability d. Assurance and reliability

b. The message authentication code (MAC) provides data authentication and integrity. A MAC is a cryptographic checksum on the data that is used to provide assurance that the data has not changed and that the MAC was computed by the expected entity. It cannot provide other security services.

Which of the following is more secure? a. Private key system b. Public key system c. Authentication key system d. Encryption key system

b. The public key system is more secure because transmission involves the public key only; the private key is never transmitted and is kept secret by its holder. On the other hand, in a private key system, both the sender and the recipient know the secret key and thus it can be less secure. Authentication and encryption key systems are incorrect because they can be either public (more secure) or private (less secure) key systems.

Which of the following provides the weakest cryptographic algorithms? 1. A 160-bit ECDSA key is used to establish a 128-bit AES key. 2. A 256-bit ECDSA key is used to establish a 128-bit AES key. 3. A 256-bit SHA key is used with a 1024-bit RSA key. 4. A 256-bit SHA key is used with a 2048-bit RSA key. a. 1 only b. 1 and 3 c. 2 and 3 d. 2 and 4

b. The strength of cryptographic protection is determined by the weakest algorithm and the key size used. This is explained as follows: A 160-bit ECDSA and 128-bit AES provide 80 bits of security. A 256-bit ECDSA and 128-bit AES provide 128 bits of security. A 256-bit SHA and 1024-bit RSA provide 80 bits of security. A 256-bit SHA and 2048-bit RSA provide 112 bits of security. Therefore, 80 bits of security is weaker than 112 bits and 128 bits of security.

Which of the following provides end-to-end security to protect information on the Internet? a. DES and RC2 b. TLS and SSL c. HTTP and HTTPS d. TDEA and AES

b. The transport layer security (TLS) and secure socket layer (SSL) protocols are the primary end-to-end security protocols used to protect information on the Internet. TLS is an enhanced version of SSL; these protocols are similar but not identical. TLS is a robust protocol that is used to protect various links, such as authentication server to a wireless access point, the electronic mail link between client and server, or dedicated network infrastructure applications primarily involving machines with no human user involvement.

The transport layer security (TLS) protocol does not provide which of the following? a. Integrity b. Error recovery c. Authentication d. Encrypted payload

b. The transport layer security (TLS) protocol is protected by strong cryptographic integrity, an authentication mechanism, and encrypted payload. The TLS can detect any attack or noise event but cannot recover from errors. If an error is detected, the protocol run is simply terminated. Hence, the TLS needs to work with the TCP (transport control protocol) to recover from errors.

Which of the following does n o t need to be destroyed after the corresponding certificate expires? a. Old key pairs b. Private key establishment key c. Private signature keys d. Public keys

b. The user should not destroy the private key establishment key until all symmetric keys established using this key have been recovered or protected by encryption under a different key. Premature destruction of private key establishment keys may prevent recovery of the subscriber's plaintext data. The keys in the other three choices can be destroyed safely.

Which of the following is not a common route to data interception? a. Direct observation b. Data encryption c. Interception of data transmission d. Electromagnetic interception

b. There are three routes of data interception: direct observation, interception of data transmission, and electromagnetic interception. Data encryption can be a solution to data interception.

Transaction privacy controls do not include which of the following? a. Secure sockets layer (SSL) b. Mandatory access controls (MAC) c. Transmission layer security (TLS) d. Secure shell (SSH)

b. Transaction privacy controls include secure sockets layer (SSL), transport layer security (TLS), and secure shell (SSH) to protect against loss of privacy for transactions performed by an individual. Mandatory access controls (MAC) define access control security policy.

What is a hash-based message authentication code (HMAC) based on? a. Asymmetric key b. Public key c. Symmetric key d. Private key

c. A hash-based message authentication code (HMAC) is based on a symmetric key authentication method using hash functions. A symmetric key is a cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt and decrypt, or create a message authentication code (MAC), and to verify the code. Asymmetric key is incorrect because there are two related keys in asymmetric keys; a public key and a private key that are used to perform complementary operations, such as encryption and decryption, or signature generation and signature verification. Public key is incorrect because it is the public part of an asymmetric key pair that is typically used to verify signatures or encrypt data. Private key is incorrect because it is the secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data.

What is encrypting a symmetric key using another symmetric key called? a. Key transport b. Key update c. Key wrapping d. Key bundle

c. A key used for key wrapping is known as a key encrypting key, which is used to encrypt a symmetric key using another symmetric key. Key wrapping provides both confidentiality and integrity protection using a symmetric key. The other three choices are not used in key wrapping. Key transport is a key establishment procedure whereby one party (sender) selects and encrypts the keying material and then distributes the material to another party (the receiver). Key update is a function performed on a cryptographic key to compute a new but related key. Key bundle is a set of keys used during one operation, typically a TDEA operation.

Which of the following enables one to locate organizations, individuals, files, and devices in a network whether on the Internet or on a corporate intranet? a. Online certificate status protocol (OCSP) b. Certificate management protocol (CMP) c. Lightweight directory access protocol (LDAP) d. Over-the-air rekeying protocol (OTAR)

c. A lightweight directory access protocol (LDAP) is a centralized directory that becomes a major focal point as a tool for access control. It uses names, addresses, groups, roles, devices, files, and profiles to enable a modular, expandable access control and single sign-on solution to be deployed rapidly for all application systems. The other three choices do not have such capabilities as the LDAP does. An online certificate status protocol (OCSP) responder is a trusted system and provides signed status information, on a per certificate basis, in response to a request from a relying party. Both certification authority (CA) and registration authority (RA) software support the use of a certificate management protocol (CMP). An over-the-air rekeying (OTAR) protocol is used in digital radios to handle cryptographic security. LDAP, CRLs, and OCSP are used to provide a path validation in a public-key certificate.

What is the main purpose of a message authentication code (MAC)? a. Recovery b. Prevention c. Detection d. Correction

c. A message authentication code (MAC) is a cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of data.

The transport layer security (TLS) protocol does not provide which of the following cryptographic services? a. Authentication b. Integrity c. Nonrepudiation d. Encryption

c. After completion of the handshake sequence, the transport layer security (TLS) protocol provides a secure communication channel between the server and client for the duration of a communication session. All cipher suites provide authentication and integrity protection for transferred data, and most TLS cipher suites also provide encryption. If encryption is provided, data is encrypted when sent and decrypted when received. TLS does not, however, provide a cryptographic nonrepudiation service to allow a validation of the session data or authentication after the communication session has been ended by a third party.

Which of the following refers to a communications network architecture in which user data traversing a global Internet Protocol (IP) network is end-to-end encrypted at the IP layer? a. RED b. BLACK c. Black core d. Striped core

c. Black core refers to a communications network architecture in which user data traversing a core (global) Internet Protocol (IP) network is end-to-end encrypted at the IP layer. RED refers to data/information or messages that contain sensitive or classified information that is not encrypted whereas BLACK refers to information that is encrypted. Striped core is a communications network architecture in which user data traversing a core (global) IP network is decrypted, filtered, and re-encrypted one or more times. The process of decryption filtering, and re-encryption is performed within a "red gateway"; consequently, the core is "striped" because the data path is alternatively black, red, and black.

Which of the following does not require cryptographic keys? a. Symmetric key algorithms b. Asymmetric key algorithms c. Cryptographic hash algorithms d. Secret key algorithms

c. Cryptographic hash algorithms (hash functions) do not require keys. The hash functions generate a relatively small digest (hash value) from a large input that is difficult to reverse. However, in some instances such as in the generation of hashed message authentication codes (HMAC), keyed hash functions are used. Symmetric key algorithms (known as secret/private) transform data that is difficult to undo without knowledge of a secret key. Asymmetric key algorithms (known as public) use two related keys to perform their functions (i.e., a public key and a private key forming a key pair).

Digital signature generation should provide security strength of which of the following? a. Less than 80 bits b. Equal to or greater than 80 bits c. Equal to or greater than 112 bits d. Between 80 and 112 bits

c. Digital signature generation should provide security strength of 112 bits or more. Digital signature verification should provide security strength of 80 bits or more. Less than 80 bits or a range between 80 and 112 bits are not acceptable for the digital signature generation.

A technique to protect software from potential forgeries is to use: a. Digital libraries b. Digital signals c. Digital watermarks d. Digital signatures

c. Digital watermarks are used to prove proprietary rights. It is the process of irreversibly embedding information into a digital signal. An example is embedding copyright information about the copyright owner. Digital libraries are storage places for data and programs. Digital signals are electronic switches in computers and are represented as binary digits called bits. Digital signatures are a security authorization method to prove that a message was not modified.

Which of the following methods can prevent eavesdropping? a. Authentication b. Access controls c. Encryption d. Intrusion detection

c. Encryption can be used to prevent eavesdroppers from obtaining data traveling over unsecured networks. The items mentioned in the other three choices do not have the same features as encryption. Authentication is the act of verifying the identity of a user and the user's eligibility to access computerized information. Access controls determine what users can do in a computer system. Intrusion detection systems are software or hardware systems that detect unauthorized use of, or attack upon, a computer or network.

Which of the following is generally the most difficult method of attacking a computer system? a. Password cracking b. Packet sniffing c. Encryption key breaking d. Sendmail

c. Encryption key breaking is not a common method because it is difficult to do and may take years to do. It requires an extensive knowledge of algorithms, hardware, and software that is not possessed by too many people. Password cracking involves guessing a password, which can then be used to gain access to a system. Packet sniffing involves placing a rogue program in a host computer or in a network switch. The program will then monitor all information packets as they go through the network. A malicious code can be sent along with Internet-based e-mail. When the message is received, the attacker's code will be executed.

For security protection mechanisms for cryptographic data in transit, side channel attacks are possible in which of the following cryptographic services? a. Confidentiality b. Availability c. Integrity d. Labels

c. Improper error handling during a transmission between a sender and a receiver can result in side channel attacks, which can result in integrity failures. A security policy should define the response to such a failure. Remedies for integrity failures can include retransmission limited to a predetermined number of times and storing the error data in an audit log for later identification of the source of the error. The other three choices do not allow side channel attacks because they do not deal with transmission errors. Confidentiality deals with privacy and nondisclosure of information, and more. Availability deals with making data and systems within the reach of users. Labels are used to identify attributes, parameters, or the intended use of a key.

Which of the following are examples of mandatory-to-implement cryptographic algorithms that do not provide adequate security over computer networks? a. AES or 3-TDEA b. RSA or ECDSA c. DES or RC2 d. DH or ECDH

c. Mandatory-to-implement cryptographic algorithms will be in any cryptographic product that meets the public standards (for example, IETF's RFCs and ANSI) enabling interoperability between products. AES is an optional-to-implement algorithm now that could become mandatory-to-implement in the future. DES and RC2 are mandatory and do not provide adequate security. DH is the Diffie-Hellman algorithm, which is used to provide key agreement. ECDH is the elliptic curve Diffie-Hellman algorithm, which is used to support key establishment; 3-TDEA is three key TDEA; RSA is a public-key algorithm, whereas ECDSA is a digital signature algorithm.

Which of the following statements is true about message padding? a. It is the same as traffic padding. b. It is similar to a data checksum. c. It is adding additional bits to a message. d. It is the same as one-time pad.

c. Message padding adds bits to a message to make it a desired length—for instance, an integral number of bytes. Traffic padding involves adding bogus traffic into the channel to prevent traffic analysis, which is a passive attack. Data checksums are digits or bits summed according to arbitrary rules and used to verify the integrity of data. The one-time pad contains a random number for each character in the original message. The pad is destroyed after its initial use.

Public key authentication systems: a. Are faster than private key systems b. Do not use digital signatures c. Are slower than private key systems d. Do not use alpha characters in the key

c. Public key methods are much slower than private methods and cause overhead, which are their main disadvantages. The public key contains alphanumeric characters. The public key systems use digital signatures for authentication.

Which of the following protocols is used to encrypt individual messages? a. Secure sockets layer (SSL) b. Transport layer security (TLS) c. Secure hypertext transfer protocol (S-HTTP) d. Hypertext transfer protocol (HTTP)

c. Secure hypertext transfer protocol (S-HTTP) is used for encrypting data flowing over the Internet, but it is limited to individual messages. Secure sockets layer (SSL) and transport layer security (TLS) are designed to establish a secure connection between two computers. Hypertext transfer protocol (HTTP) cannot do encryption and is not as secure as S-HTTP.

Which of the following is an example of optional-to-implement cryptographic algorithms that provide greater security? a. DES b. RSA-512 bit key c. AES-128 bit key d. RC2

c. The AES-128 bit key is an example of optional-to-implement encryption algorithm that provides a greater security. Other variants of AES include AES-192 bit keys and AES-256 bit keys. The DES algorithm, RC2, and the RSA-512 bit key do not provide adequate security. The DES and RC2 are examples of mandatory-to-implement encryption algorithms that do not provide adequate security. Mandatory-to-implement algorithms will be in any product that meets the public standards, enabling interoperability between products. Optional-to-implement algorithms are next-generation algorithms with improved security that could increase the longevity of a system.

The Diffie-Hellman (DH) algorithm is used to provide which of the following? a. Digital signatures b. Hash values c. Key agreement d. Encryption

c. The Diffie-Hellman (DH) algorithm is used to provide key agreement. The DH algorithm cannot provide digital signatures, hash values, and encryption.

The combination of XEX tweakable block cipher with ciphertext stealing and advanced encryption standard (XTS-AES) algorithm was designed to provide which of the following? 1. Encryption of data on storage devices 2 Encryption of data in transit 3. Confidentiality for the protected data 4. Authentication of data a. 1 and 2 b. 1 and 3 c. 2 and 4 d. 3 and 4

c. The XTS-AES mode was designed for the cryptographic protection of data on storage devices that use fixed length data units, and it was not designed for encryption of data in transit. This mode also provides confidentiality for the protected data but not authentication of data or access control.

For the willful or negligent mishandling of cryptographic keying materials, the consequences of policy violation should be commensurate with which of the following? a. Actual harm b. Known harm c. Potential harm d. Guaranteed harm

c. The consequences of willful or negligent mishandling of cryptographic keying materials (for example, keys and initialization vectors) should be commensurate with the potential harm that the policy violation can result in for the organization and other affected parties. The actual harm cannot be known in advance, and there is no guarantee that harm will occur for certain.

The security of which of the following cryptographic algorithm's confidentiality mechanism is not compromised? a. AES-GCM (Galois counter mode) b. AES-GMAC (Galois message authentication code) c. The Internet key exchange (IKE) d. Data encryption standard-cipher block chaining (DES-CBC) mode

c. The counter value in the AES-GCM or AES-GMAC is used for more than one packet with the same key. Therefore, the security of these algorithms' confidentiality mechanism is compromised. The DES-CBC mode is susceptible to compromise. Also, the AES-GCM and AES-GMAC should not be used with manually distributed keys. Automated keying using the Internet key exchange (IKE) establishes secret keys for the two peers within each security association (SA) with low probability of duplicate keys.

What describes the crypto-period of a symmetric key? a. Originator usage period plus retention period b. Retention period minus recipient usage period c. Originator usage period plus recipient usage period d. Recipient usage period minus originator usage period

c. The crypto-period of a symmetric key is the period of time from the beginning of the originator usage period to the end of the recipient usage period.

The major functions of a public key used in cryptography include which of the following? 1. Encrypt data 2. Decrypt data 3. Generate signatures 4. Verify signatures a. 1 only b. 2 only c. 1 or 4 d. 2 or 3

c. The public key is the public part of an asymmetric key pair that is typically used to encrypt data or verify signatures. The private key is the secret part of an asymmetric key pair that is typically used to decrypt data and to digitally sign (i.e., generate signatures).

The transport layer security (TLS) protocol's security specification for ensuring confidentiality goal is: a. Rivest, Shamir, and Adelman (RSA) b. Digital signature algorithm (DSA) c. Triple-data encryption standard (3DES) using encryption-decryption-encryption (EDE) and cipher block chaining (CBC) d. Message digest 5 (MD5)

c. The transport layer security (TLS) protocol's security specification for ensuring the confidentiality goal is 3DES-EDE-CBC. RSA is used for key establishment, a DSA is used for digital signatures, and MD5 is used for hash function purposes.

Which of the following can be used with traffic padding security mechanisms? a. Passwords b. Smart tokens c. Encryption d. Memory tokens

c. Traffic padding is a function that generates a continuous stream of random data or ciphertext. True data is mixed with extraneous data thus making it difficult to deduce the amount of traffic, that is, traffic analysis. Encryption is good with traffic padding because it can disguise the true data very well and requires a key to decipher the encrypted data. Passwords are incorrect because they are most often associated with user authentication, not with traffic padding. Smart tokens and memory tokens are incorrect because they are also used to authenticate users. Memory tokens store, but do not process, information, whereas smart tokens both store and process information.

Which of the following is not true about a digital signature? a. It is an encrypted digest of the text that is sent along with a message. b. It authenticates the identity of the sender of a message. c. It guarantees that no one has altered the sent document. d. Electronic signatures and digital signatures are the same.

d. A digital signature is an electronic analogue of a handwritten signature in that it can be used to prove to the recipient, or a third party, that the originator in fact signed the message. It is an encrypted digest of the text that is sent along with a message, usually a text message, but possibly one that contains other types of information, such as pictures. A digital signature authenticates the identity of the sender of the message and also guarantees that no one has altered the document. On the other hand, an electronic signature is a cryptographic mechanism that performs a similar function to a handwritten signature. It is used to verify the origin and contents of a message (for example, an e-mail message). It is a method of signing an electronic message that (i) identifies and authenticates a particular person as the source of the electronic message and (ii) indicates such person's approval of the information contained in the electronic message. Electronic signatures can use either secret key or public key cryptography. Hence, electronic signatures and digital signatures are not the same.

Approved hash functions must satisfy which of the following properties? 1. One-way 2. Collision resistant 3. Resistant to offline attacks 4. Resistant to online attacks a. 1 only b. 3 only c. 4 only d. 1 and 2

d. A hash function maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions must satisfy the following two properties: one-way and collision resistant. It is computationally infeasible to find any input that map to any prespecified output or two distinct inputs that map to the same output. Offline attack is an attack where the attacker obtains some data through eavesdropping that he can analyze in a system of his own choosing. Online attack is an attack against an authentication protocol where the attacker either assumes the role of a claimant with a genuine verifier or actively alters the authentication channel. The goal of the attack may be to gain authenticated access or learn authentication secrets.

Which of the following is not used for public key infrastructure-based (PKI-based) authentication of system users? a. Validates certificates by constructing a certification path to an accepted trust anchor b. Establishes user control of the corresponding private key c. Maps the authenticated identity to the user account d. Uses a radius server with extensible authentication protocol and transport layer security authentication

d. A radius server with extensible authentication protocol (EAP) and transport layer security (TLS) authentication is used to identify and authenticate devices on LANs and/or WANs. It is not used for authenticating system users. The other three choices are used for PKIbased authentication of system users.

For cryptography, which of the following protects the integrity of the data but does not guarantee authenticity of the information? a. X.509 public key certificate b. Public key certificate c. Private key certificate d. Self-signed certificate

d. A self-signed certificate is a public key certificate whose digital signature may be verified by the public key contained within the certificate. The signature on a self-signed certificate protects the integrity of the data but does not guarantee authenticity of the information. The trust of a self-signed certificate is based on the secure procedures used to distribute it. The X.509 certificate comes in two types: X.509 public key certificate (most common) and the X.509 attribute certificate (less common). A public key certificate is a set of data that uniquely identifies an entity and binds the public key to the entity. The private key is mathematically linked with a corresponding public key.

Which of the following should not be used during a transport layer security (TLS) session between a client and a server? a. DH key agreement b. RSA key transport c. Ephemeral DH key d. Static-to-static DH key agreement

d. A transport layer security (TLS) session requires server authentication and requests certificates from the client and the server. The RSA key transport method implicitly authenticates the server to the client. In a Diffie-Hellman (DH) key agreement, the server authenticates itself by supplying a signed static DH key in a certificate or by signing an ephemeral key and sending a certificate with its public signing key. Thus, the server will always send a certificate, with either a signing key or a key-establishment key. In a static-tostatic DH key agreement, client certificates will not contain a signing key thus are not recommended to use in a TLS session. This is because the server may request a certificate from the client.

Procedural security controls for recognizing trusted certificate authority (CA) and registration authority (RA) roles should include: 1. Least privilege concept must be practiced. 2. Separation of duties concept must be practiced. 3. A single person should not generate a new CA key pair. 4. A person authorizing certificates to a subject should not be verifying the subject's identity. a. 1 and 2 b. 1 and 4 c. 3 and 4 d. 1, 2, 3, and 4

d. All four items are examples of procedural security controls for recognizing trusted CA and RA roles. The CA is a trusted third party that generates, issues, signs, and revokes public key certificates. The CA can delegate responsibility for the verification of the subject's identity to an RA. The RA is a trusted entity that establishes and vouches for the identity of a subscriber to a credentials service provider (CSP).

Using the security features within a secure/multipurpose Internet mail extension (S/MIME) implementation, end users should not do which of the following? a. Operate their systems according to instructions. b. Use unique digital certificates for each security function. c. Protect their private key from unauthorized disclosure. d. Send the same message both encrypted and in plaintext.

d. An end user is the individual using a client to access the system. Even within a centrally managed environment, end users may find that they have a significant amount of control over some of the security features within an S/MIME implementation. End users should not send the same message both encrypted and in plaintext. The end users can do the other three choices.

Which of the following is least effective in verifying against malicious tampering? a. Message authentication code b. Digital signatures c. Message digests d. Cyclic redundancy code

d. Checksums are of two types: a cryptographic checksum and a noncryptographic checksum. A cyclic redundancy code is a noncryptographic checksum, which is designed to detect random bit changes, not purposeful alterations or malicious tampering. These checksums are good at finding a few bits changed at random. The other three incorrect choices are based on cryptographic checksum techniques. Message authentication code is a message digest with a password attached to it. The intent is that someone cannot re-create the code with the same input unless that person also knows the secret key (password). A digital signature is a message digest encrypted with someone's private key to certify the contents. Digital signatures perform three important functions: integrity, authentication, and nonrepudiation. A message digest is a hash code produced by a mathematical function. It takes variable length input and reduces it to a small value, and a small change in the input results in a significant change in the output. Secure hash algorithms create a short message digest. The message digest is then used, with the sender's private key and the algorithm specified in digital signature standard, to produce a message-specific signature. Verifying the digital signature standard involves a mathematical operation on the signature and message digest, using the sender's public key and the hash standard.

Effective controls to ensure data integrity of messages does not include: a. Encryption algorithms b. Hashing algorithms c. File seals d. File labels

d. File labels are used in computer job runs to process application systems data to ensure that the right file is used. Encryption algorithms, due to their encryption and decryption mechanisms and by keeping the encryption keys secure, provide integrity to the message transmitted or stored. Hashing algorithms are a form of authentication that provides data integrity. File seal is adding a separate signature to software and partly works with virus checking software. When the file seal and virus checking software signatures do not match, it is an indication that data integrity has been compromised.

Which of the following features of Secure Hypertext Transfer Protocol (S-HTTP) achieves higher levels of protection? a. Freshness feature b. Algorithm independence feature c. Syntax compatibility feature d. Recursive feature

d. In the recursive feature, the message is parsed one protection at a time until it yields a standard HTTP content type. Here, protections are applied in layers, one layer after another to achieve higher levels of protection. S-HTTP uses a simple challenge-response to ensure that data being returned to the server is "fresh." Algorithm independence means new cryptographic methods can be easily implemented. Syntax compatibility means that the standard HTTP messages are syntactically the same as secure HTTP messages.

In a cryptographic key management infrastructure, which of the following supports single point-of-access for other nodes? a. Key processing facility b. User entities c. Client nodes d. Service agents

d. Service agents support an organization's key management infrastructure as single pointof- access for other nodes, including key processing facility, client nodes, and user entities.

For the encapsulating security protocol (ESP) header of the Internet Protocol security (IPsec), which of the following cryptographic algorithms or modes provides both encryption and integrity services to the ESP-protected traffic? a. AES-128 bit in cipher block chaining (CBC) mode b. AES-128 bit in counter mode c. HMAC SHA1-96 bit d. AES-128 bit in counter mode with CBC-MAC

d. The AES-128 bit key in counter mode with CBC-MAC provides both encryption and integrity protection. The AES-128 bit in CBC mode and the AES-128 bit in counter mode provide only encryption whereas the HMAC SHA1-96 bit provides only integrity protection. The encrypted ESP should not be used without integrity protection because the ESP needs both encryption and integrity protection.

The Secure Sockets Layer (SSL) transport protocol provides all the following services except: a. Mutual authentication b. Message privacy c. Message integrity d. Mutual handshake

d. The Secure Sockets Layer (SSL) is an open and nonproprietary protocol that provides services such as mutual authentication, message privacy, and message integrity. Mutual handshake is not done by SSL.

The transport layer security (TLS) protocol version 1.1 mandates the use of which of the following cipher suites? a. TLS and DES with RC4-40, RC2-CBC-40, and DES-40 b. TLS and DHE-DSA with 3DES-EDE-CBC and SHA-1 c. TLS and DHE-DSS with 3DES-EDE-CBC and SHA-1 d. TLS and RSA with 3DES-EDE-CBC and SHA-1

d. The TLS version 1.1 mandates the use of the TLS and RSA with 3DES-EDE-CBC and SHA-1 cipher suite, and is more commonly used. The DES with RC4-40, RC2-CBC-40, and DES-40 cannot be combined with TLS because the algorithm is deprecated. The TLS and DHEDSA with 3DES-EDE-CBCand SHA-1 is not often used. The TLS version 1.0 uses the TLS and DHE-DSS with 3DES-EDE-CBC and SHA-1.

What is an encryption algorithm that encrypts and decrypts arbitrarily sized messages called? a. Link encryption b. Bulk encryption c. End-to-end encryption d. Stream encryption

d. The cipher block chaining method is used to convert a block encryption scheme with a variable length key into a stream encryption of arbitrarily sized messages. In link encryption, all information passing over the link is encrypted in its entirety. Link encryption is also called an online encryption. Simultaneous encryption of all channels of a multichannel telecommunications trunk is called a bulk encryption. In end-to-end encryption, the information is encrypted at its origin and decrypted at its intended destination without any intermediate decryption. End-to-end encryption is also called an offline encryption. In link encryption, bulk encryption, and end-to-end encryption, the algorithm takes a fixed-length block of message (for example, 64 bits in the case of both DES and IDEA).

Effective controls to detect attempts to replay an earlier successful authentication exchange do not include: a. A timestamp b. A sequence number c. An unpredictable value d. A statistical random value

d. The emphasis should be to use nonrepeating values in message authentication to ensure that an attempt to replay an earlier successful authentication exchange will be detected. Timestamps, sequence numbers, and unpredictable values can detect replay attempts. Timestamps assume there is a common reference that logically links a claimant and verifier. On receipt of an authentication message, the verifier calculates the difference between the timestamp in the message and the time of receipt. If this difference is within the expected time window, the message is accepted. A message with a particular sequence number is accepted only once as agreed by the claimant and verifier in advance. Messages received by a verifier are checked for acceptability within the range of agreed-upon values. An unpredictable value, or challenge, is sent by the verifier, and he will ensure that the same challenge is not reused within the time frame of concern. The values used do not require true statistical randomness. The only requirement is that the values should be unpredictable with a high probability of nonrepeating. The problem with the statistical random value is that it deals with probabilities of occurrence and sampling methods, which will not meet the requirements of the other three choices.

Which of the following need not be backed up? a. Private key transport key b. Public key transport key c. Public authentication d. Private signature key

d. The private signature key need not be backed up because nonrepudiation would be in question. This is because proof-of-origin and proof-of-delivery are needed for a successful nonrepudiation using private signature key by the originator (i.e., the signatory). Therefore, the private signature key should be protected in a safe and secure location. The other three choices can be backed up without any question.

In secure/multipurpose Internet mail extension (S/MIME), TDEA in CBC mode or AES-128 bit in CBC mode is used to provide which of the following? a. Digital signatures b. Hash values c. Key transport d. Encryption

d. The secure/multipurpose Internet mail extension (S/MIME) provides a consistent way to send and receive secure Internet mail. However, S/MIME is not restricted to e-mail; it can be used with any transport mechanism that employs MIME protocols, such as HTTP. The TDEA in CBC mode or AES-128-bit key in CBC mode is used to provide encryption only.

Which of the following can be specified in bits? 1. Security strength of a cryptographic algorithm 2. Entropy 3. Hash function 4. Internet Protocol (IP) address identifier a. 1 and 4 b. 2 and 3 c. 1, 3, and 4 d. 1, 2, 3, and 4

d. The security strength of a cryptographic algorithm as well as entropy, hash function, and the Internet Protocol (IP) address identifier are specified in bits.

Which of the following are countermeasures against traffic analysis attacks? 1. Traffic flow signal control 2. Traffic encryption key 3. Traffic flow security 4. Traffic padding a. 1 and 2 b. 1 and 3 c. 2 and 4 d. 3 and 4

d. Traffic flow security is a technique to counter traffic analysis attacks, which is the protection resulting from encrypting the source and destination addresses of valid messages transmitted over a communications circuit. Security is assured due to use of link encryption and because no part of the data is known to an attacker. Traffic padding, which generates mock communications or data units to disguise the amount of real data units being sent, also protects traffic analysis attacks. The other two items cannot control traffic analysis attacks. Traffic flow signal control is used to conduct traffic flow analysis. Traffic encryption key is used to encrypt plaintext or to superencrypt previously encrypted text and/or to decrypt ciphertext.