• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/30

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

30 Cards in this Set

  • Front
  • Back

1. Which of the following ciphers is/are symmetric?

A. DES
B. DES and Skytale
C. DES, Skytale, and Caesar’s cipher
D. DES, Skytale, Caesar’s cipher, and RSA

1.Answer: C. Symmetric refers to the fact that the “key” used to encrypt a message is also used to decrypt. This is the case with DES, Skytale, and Caesar’s cipher (although with DES and Caesar’s cipher the actual mechanism—or cipher—performed when encrypting is opposite the process for decrypting). RSA is an asymmetric process involving two keys—one to encrypt and one to decrypt.

2. An employee is leaving your company. You debrief the individual and escort him to the door. After reviewing the materials in his office, you realize he left with the VPN router that had been configured for him to use when he worked from home. This router had a certificate issued to that employee, and it is not deemed worth the effort to retrieve it. What action should be taken in regards to the certificate?

A. Suspend it.
B. Destroy it.
C. Revoke it.
D. Transfer it.
2.Answer: C. A certificate is revoked if lost or stolen. Certificates are suspended when it is expected that the cognizant authority will resume use in the future. PKI does define a mechanism (PKCS #12) for transferring private and public certificates. However, because this is an issue from your corporation, it is unlikely that you would want to transfer it to another individual. You cannot destroy the certificate after it is out of your control. However, you can prevent the public from recognizing the certificate as legitimate by revoking it. The certificate authority (CA) adds the certificate to the Certificate Revocation List (CRL).
3. Which algorithm provides for key distribution but does not provide encryption nor nonrepudiation?

A. Diffie-Hellman
B. ElGamal
C. RSA
D. Elliptic Curve Cryptosystem (ECC)
3.Answer: A. Diffie-Hellman enables key distribution over an insecure channel but does not provide encryption or digital signatures. ElGamal, RSA, and ECC provide key distribution, encryption, and nonrepudiation.
4. A coworker reports that she has lost her public key ring. What does this mean?

A. This is a security violation. You need to revoke her digital certificate.
B. She can regenerate it.
C. She will be unable to decrypt her stored files.
D. The PKI is gone.
4.Answer: B. A key ring refers to all the keys a person has collected in support of PGP, a peer-to-peer public key cryptography. The user should be able to recollect the public keys she requires. Digital certificates are revoked when someone has lost (or had stolen) a private key. Files are encrypted with session-type keys, which are then encrypted with the user’s public key. These encrypted session keys are stored as part of the Encrypting File System (EFS) mechanism on an NTFS drive.
5. What is the risk to an organization when a cryptosystem fails to use the full keyspace available?

A. Keys are too short.
B. Keys cause a collision.
C. Keys are clustered.
D. Keys repeat.
5.Answer: D. The keyspace represents the entire range of values from which keys can be derived. Uniqueness is maximized by ensuring use of the entire keyspace; otherwise, patterns and repetitions surface. The size of the key, collisions, and clusters are all characteristics that are associated with the cipher itself, not with the keyspace. Collisions occur when two files form the same hash result. Clustering results when different keys yield the same result.

6. Which DES modes of operation encrypt blocks of 1 to 8 bits?

A. CTR, OFB, CFB
B. OFB, CFB, EFB
C. CBC, OFB, EFB
D. OFB, CTR, CBC

6.Answer: A. Counter mode (CTR), output feedback mode (OFB), and cipher feedback (CFB) all are ciphers that can handle small or streaming input. They are distinguished by how data is chained forward for successive blocks of encryption. Electronic code book (ECB) is the only one that does not involve chaining, and it always yields the same result for a given input. It is satisfactory for small, nonrepeating transmissions. Both OFB and CBC use 64-bit blocks with chaining.
7. Which type of cipher causes confusion?

A. Transposition
B. Substitution
C. Concealment
D. Running key
7.Answer: B. Transposition causes diffusion, and substition causes confusion. When encoding with block ciphers, S-boxes are used. These S-boxes perform a certain number of transpositions and substitutions, because today’s complex ciphers require both methods. A concealment cipher uses an agreed-on pattern to embed or hide the message. A running key cipher uses patterns found in the environment.
8. When an attacker is questioned about his attack vector, he confesses that he analyzed the messages based on the lengths of the encrypted messages. What type of cipher was the attacker most likely attacking?

A. Block
B. Symmetric
C. Stream
D. Asymmetric
8.Answer: C. Stream ciphers do not alter the lengths of the encrypted message. Block ciphers pad the message to conform to the needed block size. Symmetric ciphers can be block or stream. Asymmetric ciphers are not used for bulk encryption but are used to create tunnels, encrypt session keys, perform authentication, and create digital signatures.
9. Which type of encryption uses only one shared key to encrypt and decrypt?

A. Public key
B. Asymmetric
C. Symmetric
D. TCB key
9.Answer: C. Symmetric encryption uses a single key to encrypt and decrypt. This was the default standard before the 1970s. Public key refers to asymmetric encryption, and TCB is not a valid form of encryption.
10. Which type of cipher operates in real time on a single character or single bits of data?

A. Block
B. Rolling
C. Stream
D. Continuous
10.Answer: C. Stream ciphers typically are implemented in hardware and operate in real time on a continuous stream of bits or characters of data. Answer A is incorrect because a block cipher processes blocks of data, Answers B and D are distracters.
11. Your CISSP exam study group has asked you to prepare a list of the various DES modes of operation. Which of the following is most similar to output feedback mode?

A. Cipher Block Chaining (CBC)
B. Electronic Code Book (ECB)
C. Cipher Feedback mode (CFB)
D. Counter mode (CTR)
11.Answer: D. CBC, ECB, and CFB are all modes of DES but are not the most similar to output feedback mode (OFB). Counter mode uses a counter and XORs each block, whereas OFB uses a randomly generated initialization vector (IV).
12. Because of the excellent material you provided your study group on DES encryption, you have been assigned a new task for next week’s meeting. You have been asked to discuss the weakest mode of DES. Which of the following will you discuss?

A. CBC
B. ECB
C. CFB
D. RID
12.Answer: B. ECB (Electronic Code Book) is the weakest implementation of DES because identical blocks of plaintext always produce the same ciphertext. Any type of encryption system that produces a pattern is subject to attack. CBC (Cipher Block Chaining) and CFB (Cipher Feedback Mode) are considered more secure. RID is a distracter.
13. Bob, a member of your CISSP study group, asks you to explain the functionality of Triple DES. How do you respond?

A. Triple DES works by always using three separate 128-bit encryption keys that produce an effective key strength of 384 bits.
B. Triple DES works by first using two separate 56-bit encryption keys and then using a meet-in-the-middle function.
C. Triple DES works by using either two or three separate 56-bit encryption keys that can encrypt/encrypt/encrypt or encrypt/decrypt/encrypt.
D. Triple DES works by first using either two or three keys that must always encrypt/encrypt/encrypt to work correctly.
13.Answer: C. Triple DES can use either two or three keys, depending on the mode that is used. For example, two-key DES uses the first key to encrypt, the second key to decrypt (which further scrambles the data), and the first key to reencrypt.
14. Which of the following is not a component of PKI?

A. Rejection authority
B. Certificate authority
C. Repository
D. Archive
14.Answer: A. PKI (Public Key Infrastructure) has four key components: certificate authority, registration authority, repository, and archive. There is no such component as the rejection authority.
15. Your manager asks you to use a hashing algorithm to verify the integrity of a software program he received from the R&D branch in Hyderabad, India. Which of the following would you recommend?

A. IDEA
B. MD5
C. AES
D. DES
15.Answer: B. MD5 is a one-way hashing algorithm that is often used to check file integrity. The creator of a file or message can use MD5 to create an MD5 checksum. Then, when the message or program is received, a new MD5 checksum can be created. If the two checksums match, the data is unchanged. Programs such as Tripwire automate this process. You can check out Tripwire at www.tripwire.org. The other answers are incorrect because they are not hashing algorithms. IDEA is asymmetric, AES is asymmetric, and DES is a symmetric algorithm.
16. Black Hat Bob has decided to attempt a chosen plaintext attack. Which of the following accurately describes this attack?

A. Black Hat Bob chooses the ciphertext to be decrypted. Then, based on the results, he chooses another sample to be decrypted and compares the results.
B. Black Hat Bob chooses the plaintext to be encrypted and obtains the corresponding ciphertext.
C. Black Hat Bob attempts to exploit the probability that two messages will use the same hashing algorithm and produce the same ciphertext.
D. Black Hat Bob intercepts messages between two parties and attempts to modify the ciphertext.
16.Answer: B. The attacker chooses the plaintext to be encrypted and then obtains the corresponding ciphertext. Answer A describes an adaptive chosen ciphertext attack. Answer C describes a birthday attack. Answer D describes a man-in-the-middle attack.
17. Alice, a member of the web development group, is preparing to load a demo version of the company’s new software onto the updated website. She wants to know which of the following message authentication algorithms can be used to validate the demo software as authentic. Which of the following would you not recommend?

A. HAVAL
B. SHA
C. PEM
D. MD5
17.Answer: C. SHA, MD5, and HAVAL are three hashing algorithms that can be used for file integrity and authentication. Each produces a message digest that cannot be reversed. Message digests are produced using one-way hashing functions. They are not intended to be used to reproduce the data. The purpose of a digest is to verify the integrity of data and messages. PEM is the correct answer because it is not a hashing algorithm.

18. CISSPs need to understand how digital signatures are generated and verified; therefore, place the following four items in the proper order:
1.Encrypt the digest with your private key.

2.Compare the message digest to one you created.

3.Generate a message digest.

4.Decrypt the signature with the sender’s public key.


A. 4, 2, 1, 3
B. 1, 4, 3, 2
C. 3, 1, 4, 2
D. 3, 4, 2, 1

18.Answer: C. Digital signatures are generated and verified as follows: First, you generate a message digest, and then you encrypt the digest with your private key. Next, you verify the digital signature by decrypting the signature with the sender’s public key. Finally, you compare the message digest to one you originally generated. If they match, the message is authentic.
19. Which of the following is not a good choice to secure email?

A. S/MIME
B. SSH
C. PEM
D. PGP
19.Answer: B. Secure email solutions are important because email is one of the most widely used Internet applications and is cleartext by default. S/MIME, PEM, and PGP are all good options to protect the confidentiality of email. Secure Shell (SSH) is the incorrect answer because it cannot be used to protect email. SSH is a program designed for secure computer-to-computer communication. SSH allows remote users to execute commands and move files, and it serves as a replacement for insecure communication protocols. SSH is a replacement for Berkley programs such as rlogin and rcp.
20. Which type of cipher works on a single segment of data, such as 64 bits, at a time to produce a corresponding segment of encrypted data?

A. Block
B. Segmented
C. Stream
D. Continuous
20.Answer: A. Block ciphers work on a single block of data at a time to produce a corresponding block of encrypted data. Block ciphers pad the message to conform to the needed block size. Block ciphers are widely used; they are implemented in software, and most work with 64-bit blocks. Answers B and D are distracters. Answer C is incorrect because stream ciphers do not alter the lengths of the encrypted message.
21. Jan asks you to explain asymmetric encryption. You respond by saying, “With asymmetric encryption, some keys are freely shared among communicating parties, and others are kept secret.” Which keys are shared, and which are secret?

A. Public, private
B. Secret, private
C. Public, public
D. Domain, controlled
21.Answer: A. Asymmetric encryption or public key cryptography is unlike symmetric encryption in that it uses two unique keys. One key is used to encrypt the data, and another is used to decrypt it. One of the great things about asymmetric encryption is that it overcomes one of the main barriers of symmetric encryption, key distribution. Asymmetric encryption works by freely sharing public keys among communicating parties, whereas private keys are kept secret and are not released to other parties.
.22. Which of the following provides communicating parties with the assurance that they are communicating with people or entities who truly are who they claim to be?

A. Hashing
B. Biometric signatures
C. Symmetric encryption
D. Digital certificates
22.Answer: D. A digital signature is a way to prove the authenticity of a person or entity you are communicating with. Answers A, B, and C are incorrect because hashing is used for integrity, biometric signatures is a distracter, and symmetric encryption provides confidentiality
23. Which of the following would you define as a neutral organization that notarizes digital certificates?

A. Certificate authority
B. Public key authority
C. Public key infrastructure
D. Authorization zone
23.Answer: A. A certificate authority is a neutral organization that offers notarization for digital certificates. One analogy for a CA is the Department of Motor Vehicles (DMV). This is the state entity that is responsible for issuing driver’s licenses. A driver’s license is a standard for physical identification. Whenever you cash a check, go to a nightclub, or catch a plane, your driver’s license is the one document accepted at all these locations to prove your identity. Certificate authorities are like the DMV because they vouch for your identity in the digital world.

24. Which method of encryption was reported to have been used by al Qaeda before 9/11 and functions by hiding information inside a picture or graphic?

A. Port redirection
B. Stealthography
C. Steganography
D. Tunneling

24.Answer: C. Steganographic programs take a piece of information and hide it within another. Steganography can use pictures, graphics, or sound files. For example, I could take a picture of Sara Lee and embed a text file that contains my mother’s secret German chocolate cake recipe and then send it to a friend.
25. Your manager wants to implement PKI and wants to make sure that the system is fully standardized. Therefore, your digital certificates should comply with which standard?

A. X.501
B. X.509
C. IEEE 802.3
D. IEEE 802.11

25.Answer: B. Digital certificates conform to the X.509 international standard for interoperability. Answer A is the ITU-T standard for directory models, answer C refers to IEEE Ethernet standards, and answer D refers to IEEE wireless standards

26. Your manager asks you to explain the ways in which certificates can be revoked. What do you tell her?

A. Online certificate status protocol and certificate revocation lists
B. Certificate revocation lists and certificate denial lists
C. Online certificate status update and certificate denial lists
D. Certificate denial lists and online certificate status update

26.Answer: A. There are two ways to verify the authenticity of certificates and to verify that they have not been revoked. The first method involves certificate revocation lists. These are maintained by various certificate authorities. The user must download and cross-reference the list to verify that the certificate has been revoked. The second method is via the online certificate status protocol. This is a more automated method by which to handle this process, because it offers a real-time response to the user’s question about a certificate’s validity. All the other answers do not represent real services.

27. What is the maximum key length for the Blowfish algorithm?

A. 56 bits
B. 128 bits
C. 256 bits
D. 448 bits
27.Answer: D. The maximum key length for the Blowfish algorithm is 448 bits. Blowfish is a block cipher that processes 64 bits of data at a time. Make sure to take the time to review the various encryption types, block sizes, and key lengths, because you can expect to find these items on the exam.
28. Which of the following is one of the algorithms that might be used in PGP for encryption?

A. Tiger
B. DES
C. SHA
D. IDEA
28.Answer: D. IDEA (International Data Encryption Algorithm) is a symmetric encryption used in PGP software. This 64-bit block cipher uses a 128-bit key. Although it has been patented by a Swiss company, it is freely available for noncommercial use. It is considered a secure encryption standard, and there have been no known attacks against it. DES, SHA, and Tiger typically are not used in PGP.
29. Your CISSP study group asks you to research the various hashing algorithms. They want you to report back and let them know which one was designed to be used in high-speed computations. What will you say?

A. HMAC
B. MD4
C. SHA
D. MD5
29.Answer: B. All the MD algorithms were developed by Ron Rivest. These have progressed through the years as technology has advanced. MD4 was designed to be used in high-speed computations.
30. Your nephew, Richard, has been putting in lots of time trying to learn about security. He comes to you with a question: What is the science of taking plaintext and converting it to ciphertext with the goal of providing confidentiality, integrity, authenticity, and nonrepudiation? What will your answer be?

A. Cryptosystems
B. Cryptanalysis
C. Cryptology
D. Cryptography
30.Answer: D. Cryptography is the science (some claim it is an art) of taking plaintext and converting it into ciphertext with the goal of providing confidentiality, integrity, authenticity, and nonrepudiation. These are the four main potential goals of cryptography. Cryptanalysis is the science of cracking ciphertext with a cryptographic key. Cryptology is the science that encompasses both cryptography and cryptanalysis.