CISSP: Cryptography Flashcards
- A type of cipher that replaces bits, characters, or character blocks with alternate bits, characters, or character blocks to produce ciphertext is known as a
A. Permutation cipher
B. Block cipher
C. Transposition cipher
D. Substitution cipher
D. Substitution cipher
Transposition ciphers and permutation ciphers rearrange data to produce ciphertext. A block cipher is a type of cipher that operates on a block of data. Review “Types of ciphers.”
1 The four modes of DES include all the following except
A. ECB
B. ECC
C. CFB
D. CBC
B. ECC
ECC is the Elliptic Curve cryptosystem, an asymmetric algorithm. ECB (Electronic Code Book), CFB (Cipher Feedback), CBC (Cipher Block Chaining), and OFB (Output Feedback) are all valid DES modes of operation. Review “Data Encryption Standard (DES).”
- Which of the following is not an advantage of symmetric key systems?
A. Scalability
B. Speed
C. Strength
D. Availability
A. Scalability
Symmetric key systems aren’t scalable because of the difficulty of key management between individual pairs of communicating parties. Review “Symmetric key cryptography.”
- The Advanced Encryption Standard (AES) is based on what symmetric key algorithm?
A. Twofish
B. Knapsack
C. Diffie-Hellman
D. Rijndael
D. Rijndael
The NIST selected the Rijndael Block Cipher as the AES. Twofish was a finalist for the AES standard but wasn’t selected. Knapsack and Diffie-Hellman are asymmetric key systems. Review “Advanced Encryption Standard (AES).”
- A message that’s encrypted with only the sender’s private key, for the purpose of authentication, is known as a(n)
A. Secure message format
B. Signed and secure message format
C. Open message format
D. Message digest
C. Open message format
A secure message is encrypted by using the receiver’s public key to achieve confidentiality. A signed and secure message is encrypted with both the receiver’s public key and the sender’s private key. A one-way hashing function produces a message digest to digitally sign a message for authentication. Review “Asymmetric key cryptography.”
- All the following are examples of asymmetric key systems based on discrete logarithms except
A. Diffie-Hellman
B. Elliptic Curve
C. RSA
D. El Gamal
C. RSA
RSA is based on factoring large prime numbers. Review “RSA.”
- The four main components of a Public Key Infrastructure (PKI) include all the following except
A. Directory Service
B. Certification Authority
C. Repository
D. Archive
A. Directory Service
The four basic components of a PKI are the Certificate Authority (CA), Registration Authority (RA), Repository, and Archive. Review “Public Key Infrastructure (PKI).”
- Which of the following Internet specifications provides secure e-commerce by using symmetric key systems, asymmetric key systems, and dual signatures?
A. Public Key Infrastructure (PKI)
B. Secure Electronic Transaction (SET)
C. Secure Sockets Layer (SSL)
D. Secure Hypertext Transfer Protocol (S-HTTP)
B. Secure Electronic Transaction (SET). Only SET implements the concept of dual signatures for authentication. Review “Internet Security Applications
- The minimum number of SAs required for a two-way IPSec session between two communicating hosts using both AH and ESP is
A. 1
B. 2
C. 4
D. 8
C. 4
Four Security Associations (SAs) are required because SAs are simplex (one-way) and an SA is required for each protocol. Review “IPSec.”
- An IPSec SA consists of the following parameters, which uniquely identify it in an IPSec session, except
A. Source IP Address
B. Destination IP Address
C. Security Protocol ID
D. Security Parameter Index (SPI)
A. Source IP Address
The Source IP Address isn’t included in an SA. Review “IPSec.”
Which feature or mode of IPsec protects the actual source and destination IP addresses?
a. Transport mode
b. Tunnel mode
c. Internet Key Exchange (IKE)
d. Security Parameter Index (SPI)
B. Tunnel mode encrypts the actual source and destination IP addresses and is added to the beginning of the packet with a new Layer 3 header.
What network location needs to be checked to verify whether the issuer of an X.509 digital certificate has withdrawn its claim of trust for the subject of the certificate?
a. The certificate revocation list (CRL)
b. Directory services registry
c. The email server for the organization
d. The CRL distribution point (CDP)
D. The CDP is a network location where the CRL is published.
Which of the following is not a characteristic of the one-time pad?
a. The key must be as long as the message.
b. The key is never reused.
c. The key is bound to a certificate.
d. The key should be highly randomized.
C. The public key in a PKI is bound to a digital certificate. This has nothing to do with a one-time pad.
Which of the following describes an attacker attempting to create a collision by using a hashing algorithm?
a. The brute force attack
b. The rainbow attack
c. The birthday attack
d. The ciphertext-only attack
C. The birthday attack is an attempt to produce the same hash value for a modified message.
Which of the following accurately describes the requirement to produce a signed and sealed message?
a. Sender’s public key, sender’s private key, and a hashing algorithm
b. Sender’s private key, recipient’s public key, and a hashing algorithm
c. Sender’s private key, recipient’s private key, and a hashing algorithm
d. Sender’s private key, recipient’s public key, and recipient’s private key
B. The digital signature requires the sender’s private key and a hashing algorithm. The sealing of a message requires the recipient’s public key.
