CISSP Cram Test Questions: Domain 7 - Security Engineering

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?

64 bit blocks with a 64 bit total key length

What key size is used by the Clipper Chip?

80 bits

PGP uses which of the following to encrypt data?

A symmetric encryption algorithm

Readable is to unreadable just as plain text is to _____?

Cipher Text

The Diffie-Hellman algorithm is used for:

Key agreement

What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?

Key clustering

Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?

The use of session keys.

Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?

message integrity.

What is the key size of the International Data Encryption Algorithm (IDEA)?

128 bits

What is the length of an MD5 message digest?

128 bits

What size is an MD5 message digest (hash)?

128 bits

How many rounds are used by DES?

16

The Data Encryption Algorithm performs how many rounds of substitution and permutation?

16

What is the maximum key size for the RC5 algorithm?

2040 bits

What is the maximum allowable key size of the Rijndael encryption algorithm?

256 bits

What is the maximum number of different keys that can be used when encrypting with Triple DES?

3

How many bits is the effective length of the key of the Data Encryption Standard algorithm?

56

What is the effective key size of DES?

56 bits

What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity?

A digital signature

What is a characteristic of using the Electronic Code Book mode of DES encryption?

A given block of plaintext and a given key will always produce the same ciphertext.

Which of the following can best be defined as a cryptanalysis techniQue in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs?

A known-plaintext attack

What is the RESULT of a hash algorithm being applied to a message?

A message digest

Which of the following binds a subject name to a public key value?

A public key infrastructure

Which of the following statements pertaining to stream ciphers is correct?

A stream cipher generates what is called a keystream.

which of the following example is NOT an asymmetric key algorithms?

Advanced Encryption Standard(AES)

What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?

An attribute certificate

The RSA algorithm is an example of what type of cryptography?

Asymmetric Key.

Which of the following protocols that provide integrity and authentication for IPSec, can also provide nonrepudiation in IPSec?

Authentication Header (AH)

What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire?

Authority revocation list

Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?

Birthday attack

Which of the following was not designed to be a proprietary encryption algorithm?

Blowfish

Which of the following concerning the Rijndael block cipher algorithm is false?

Both block size and key length can be extended to multiples of 64 bits.

Which of the following is NOT true of Secure Sockets Layer (SSL)?

By convention it uses 's-http://' instead of 'http://'.

Which is NOT a suitable method for distributing certificate revocation information?

CA revocation mailing list

What is NOT an authentication method within IKE and IPsec?

CHAP

In a PKI infrastructure where are list of revoked certificates stored?

CRL

Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on?

Caesar

Who vouches for the binding between the data items in a digital certificate?

Certification authority

This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I?

Chosen-Ciphertext attack

In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process?

Ciphertext-only attack

Complete the following sentence. A message can be encrypted, which provides __________

Confidentiality

There are basic goals of Cryptography. Which of the following most benefits from the process of encryption?

Confidentiality

Which of the following is best provided by symmetric cryptography?

Confidentiality

A message can be encrypted and digitally signed, which provides _______________

Confidentiality, Authentication, Non-repudiation, and Integrity.

What is the primary role of cross certification?

Creating trust between different PKIs

What enables users to validate each other's certificate when they are certified under different certification hierarchies?

Cross-certification

Which of the following does NOT concern itself with key management?

Cryptology (CRYPTO)

Which of the following is the most secure form of triple-DES encryption?

DES-EDE3

Which of the following is NOT a true statement regarding the implementaton of the 3DES modes?

DES-EEE1 uses one key

Which of the following is NOT an asymmetric key algorithm?

Data Encryption System (DES)

A code, as is pertains to cryptography:

Deals with linguistic units.

Cryptography does NOT help in:

Detecting fraudulent disclosure.

Which one of the following is a key agreement protocol used to enable two entities to agree and generate a session key (secret key used for one session) over an insecure medium without any prior secrets or communications between the entities? The negotiated key will subsequently be used for message encryption using Symmetric Cryptography.

Diffie_Hellmann

Which of the following is NOT a symmetric key algorithm?

Digital Signature Standard (DSS)

What is used to bind a document to its creation at a particular time?

Digital Timestamp

Which of the following can be best defined as computing techniQues for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?

Digital watermarking

What attribute is included in a X.509-certificate?

Distinguished name of the subject

Which encryption algorithm is BEST suited for communication with handheld wireless devices?

ECC (Elliptic Curve Cryptosystem)

In which mode of DES, a block of plaintext and a key will always give the same ciphertext?

Electronic Code Book (ECB)

Which of the following modes of DES is MOST Likely used for Database Encryption

Electronic Code Book(ECB)

Which of the following is true about digital certificate?

Electronic credential proving that the person the certificate was issued to is who they claim to be

Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?

Elliptic Curve Cryptography (ECC)

Which of the following is true about link encryption?

Encrypted messages are only decrypted by the final node.

Which of the following services is NOT provided by the digital signature standard (DSS)?

Encryption

Which of the following would best describe a Concealment cipher?

Every X number of words within a text, is a part of the real message.

What is this cryptographic operation called?

Exclusive-OR

FIPS-140 is a standard for the security of which of the following?

Hardware and software cryptographic modules

You've decided to authenticate the source who initiated a particular transfer while ensuring integrity of the data being transferred. You can do this by:

Having the sender encrypt the hash with his private key.

What kind of Encryption technology does SSL utilize?

Hybrid (both Symmetric and Asymmetric)

Which of the following algorithms is used today for encryption in PGP?

IDEA

Which of the following protocols offers native encryption?

IPSEC, SSH, SSL, TLS

Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?

IPsec and L2TP

Which of the following statements pertaining to link encryption is false?

Information stays encrypted from one end of its journey to the other.

Which of the following is not a DES mode of operation?

Input feedback

A one-way hash provides which of the following?

Integrity

What are the three most important functions that Digital Signatures perform?

Integrity, Authentication and Nonrepudiation

What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)?

Internet Key Exchange (IKE)

Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?

Internet Key Exchange (IKE)

Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations?

Internet Key exchange (IKE)

Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation techniQue, key establishment protocol, encryption algorithm, or authentication mechanism?

Internet Security Association and Key Management Protocol (ISAKMP)

Which of the following is NOT a property of a one-way hash function?

It converts a message of a fixed length into a message digest of arbitrary length.

Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)?

It is believed to require shorter keys for equivalent security.

Which of the following is not a property of the Rijndael block cipher algorithm?

It operates on 64-bit plaintext blocks and uses a 128 bit key.

The primary purpose for using one-way hashing of user passwords within a password file is which of the following?

It prevents an unauthorized person from reading the password.

What is NOT true about a one-way hashing function?

It provides authentication of the message

Which of the following statements is true about data encryption as a method of protecting data?

It requires careful key management

What is the main problem of the renewal of a root CA certificate?

It requires the authentic distribution of the new root CA certificate to all PKI participants

The Diffie-Hellman algorithm is primarily used to provide which of the following?

Key Agreement

The Clipper Chip utilizes which concept in public key cryptography?

Key Escrow

Which of the following can best be defined as a key recovery techniQue for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that that only certain third parties can perform the decryption operation to retrieve the stored key?

Key encapsulation

Which of the following is less likely to be used today in creating a Virtual Private Network?

L2F

What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database?

Level 2/Class 2

What algorithm was DES derived from?

Lucifer.

Which key agreement scheme uses implicit signatures ?

MQV

Which of the following is NOT a property of the Rijndael block cipher algorithm?

Maximum key size is 512 bits

Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission?

Message Authentication Code (MAC)

Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender?

Message Authentication Code - MAC

The eQuation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to communicate securely with each other is given by which of the following?

N(N 1)/ 2

What is NOT true with pre shared key authentication within IKE / IPsec protocol?

Needs a Public Key Infrastructure (PKI) to work

What does the directive of the European Union on Electronic Signatures deal with?

Non repudiation

You find that a threat was sent from one user to the other in a digitally signed email. The sender of the threat says he didn't send the email in Question. What concept of PKI - Public Key Infrastructure will implicate the sender?

Non-repudiation

Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:

Not possible

Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?

OAKLEY

Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part?

One Time Pad (OTP)

What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition?

One-time pad

Which of the following encryption methods is known to be unbreakable?

One-time pads.

What is the name of a one way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string? Such a transformation cannot be reversed?

One-way hash

Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA?

PKCS#1

Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect?

PPTP is derived from L2TP.

While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the most?

Packet Header Source or Destination address

In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?

Phase 1

Which of the following statements pertaining to block ciphers is incorrect?

Plain text is encrypted with a public key and decrypted with a private key.

Which of the following is best at defeating frequency analysis?

Polyalphabetic cipher

Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key.

Private / Public

What type of key would you find within a browser's list of trusted root CA?

Public key

What kind of encryption is realized in the S/MIME-standard?

Public key based, hybrid encryption scheme

What kind of certificate is used to validate a user identity?

Public key certificate

Which of the following algorithms does NOT provide hashing?

RC4

Which of the following algorithms is a stream cipher?

RC4

Which of the following is not a one-way hashing algorithm?

RC4

Which of the following is not an example of a block cipher?

RC4

Which of the following is a symmetric encryption algorithm?

RC5

What is the name for a substitution cipher that shifts the alphabet by 13 places?

ROT13 cipher

A public key algorithm that does both encryption and digital signature is which of the following?

RSA

Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING LARGE NUMBERS?

RSA

Which of the following encryption algorithms does not deal with discrete logarithms?

RSA

Which of the following service is not provided by a public key infrastructure (PKI)?

Reliability

What algorithm has been selected as the AES algorithm, replacing the DES algorithm?

Rijndael

Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard?

Rijndael

Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?

SET (Secure Electronic Transaction)

which of the following is a Hashing Algorithm?

SHA

Which of the following is not an encryption algorithm?

SHA-1

Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network?

SSH

Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic?

SSL or TLS

The DES algorithm is an example of what type of cryptography?

Secret Key

Kerberos depends upon what encryption method?

Secret Key cryptography.

Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet?

Secure Electronic Transaction (SET)

Which of the following keys has the SHORTEST lifespan?

Session key

Which of the following is NOT a known type of Message Authentication Code (MAC)?

Signature-based MAC (SMAC)

Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then reQuires no prior communication in order to establish or exchange keys on a session-by-session basis?

Simple Key-management for Internet Protocols (SKIP)

Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric Ciphers?

Speed

What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It is sometimes referred to as "what each must bring" and joined together when getting access or decrypting a file. Each of which does not reveal the other?

Split knowledge

What can be defined as secret communications where the very existence of the message is hidden?

Steganography

Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity?

Steganography

Which of the following is more suitable for a hardware implementation?

Stream ciphers

Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other?

Symmetric Key Cryptography

Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys, passwords or certificates in a component located on the motherboard of a computer?

TPM - Trusted Platform Module

What is the primary role of smartcards in a PKI?

Tamper resistant, mobile storage and application of private keys of the users

What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)?

The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.

Which of the following statements pertaining to Secure Sockets Layer (SSL) is false?

The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates.

In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?

The client's browser

Which of the following statements pertaining to message digests is incorrect?

The message digest should be calculated using at least 128 bytes of the file.

Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that:

The recipient's identity can be positively verified by the sender.

Which of the following offers confidentiality to an e-mail message?

The sender encrypting it with the receiver's public key.

Suppose that you are the COMSEC - Communications Security custodian for a large, multinational corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID Card that she uses to digitally sign and encrypt emails in the PKI. What happens to the certificates contained on the smart card after the security officer takes appropriate action?

They are added to the CRL

In a Public Key Infrastructure, how are public keys published?

Through digital certificates.

Which of the following can best define the "revocation request grace period"?

Time period between the arrival of a revocation request and the publication of the revocation information

Which of the following protects Kerberos against replay attacks?

Time stamps

In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term?

Top Level CA

What would you call a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates.

Trusted Platform Module (TPM)

The RSA Algorithm uses which mathematical concept as the basis of its encryption?

Two large prime numbers

Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?

Use of public key encryption to secure a secret key, and message encryption using the secret key.

Cryptography does not concern itself with which of the following choices?

Validation

Which of the following would best describe certificate path validation?

Verification of the validity of all certificates of the certificate chain to the root certificate

Which of the following offers security to wireless communications?

WTLS

Which of the following statements pertaining to key management is incorrect?

When not using the full keyspace, the key should be extremely random.

Public key infrastructure(PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion. This infrastructure is based upon which of the following Standard?

X.509

Which of the following standards concerns digital certificates?

X.509

The Secure Hash Algorithm (SHA-1) creates:

a fixed length message digest from a variable length input message

Which of the following DoD Model layer provides non-repudiation services?

application layer.

In a known plaintext attack, the cryptanalyst has knowledge of which of the following?

both the plaintext and the associated ciphertext of several messages

The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is Quite feasible for computer use.

computing in Galois fields

Which of the following issues is not addressed by digital signatures?

denial-of-service

Complete the following sentence. A digital signature is a ____

hash value that has been encrypted with the senders private key

Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext?

known plaintext

What is the role of IKE within the IPsec protocol?

peer authentication and key exchange

There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?

public-key certificates

A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the following?

verifying signed messages


Set pelajaran terkait

ACC 201 Ch. 3 Practice Questions

View Set

Wrist, hand, thumb, & finger bones & muscles

View Set

PEC Chapter 4 - Articles 4.6 to 4.9

View Set

Кримінальний кодекс

View Set

Chapter 5 - Limited Liability Partnerships

View Set