CISSP Sybex Official Study Guide Chapter 6 Review Questions

Question 1

How many possible keys exist in a 4-bit key space?

A. 4
B. 8
C. 16
D. 128

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 232). Wiley. Kindle Edition.

Answer 1

C. 16

Explanation:
To determine the number of keys in a key space, raise 2 to the power of the number of bits in the key space. In this example, 24 = 16.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 958). Wiley. Kindle Edition.

Question 2

John recently received an email message from Bill. What cryptographic goal would need to be met to convince John that Bill was actually the sender of the message?

A. Nonrepudiation
B. Confidentiality
C. Availability
D. Integrity

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 232). Wiley. Kindle Edition.

Answer 2

A. Nonrepudiation

Explanation:
Nonrepudiation prevents the sender of a message from later denying that they sent it.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 958). Wiley. Kindle Edition.

Question 3

What is the length of the cryptographic key used in the Data Encryption Standard (DES) cryptosystem?

A. 56 bits
B. 128 bits
C. 192 bits
D. 256 bits

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 232). Wiley. Kindle Edition.

Answer 3

A. 56 bits

Explanation:
DES uses a 56-bit key. This is considered one of the major weaknesses of this cryptosystem.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 4

What type of cipher relies on changing the location of characters within a message to achieve confidentiality?

A. Stream cipher
B. Transposition cipher
C. Block cipher
D. Substitution cipher

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 232). Wiley. Kindle Edition.

Answer 4

B. Transposition cipher

Explanation:
Transposition ciphers use a variety of techniques to reorder the characters within a message.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 5

Which one of the following is not a possible key length for the Advanced Encryption Standard Rijndael cipher?

A. 56 bits
B. 128 bits
C. 192 bits
D. 256 bits

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 232). Wiley. Kindle Edition.

Answer 5

A. 56 bits

Explanation:
The Rijndael cipher allows users to select a key length of 128, 192, or 256 bits, depending on the specific security requirements of the application.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 6

Which one of the following cannot be achieved by a secret key cryptosystem?

A. Nonrepudiation
B. Confidentiality
C. Authentication
D. Key distribution

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (pp. 232-233). Wiley. Kindle Edition.

Answer 6

A. Nonrepudiation

Explanation:
Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely denying that they originated a message.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 7

When correctly implemented, what is the only cryptosystem known to be unbreakable?

A.Transposition cipher
B. Substitution cipher
C. Advanced Encryption
D. Standard One-time pad

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 233). Wiley. Kindle Edition.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 233). Wiley. Kindle Edition.

Answer 7

D. Standard One-time pad

Explanation:
Assuming that it is used properly, the onetime pad is the only known cryptosystem that is not vulnerable to attacks.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 8

What is the output value of the mathematical function 16 mod 3?

A. 0
B. 1
C. 3
D. 5

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 233). Wiley. Kindle Edition.

Answer 8

B. 1

Explanation:
Option B is correct because 16 divided by 3 equals 5, with a remainder value of 1.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 9

What block size is used by the 3DES encryption algorithm?

A. 32 bits
B. 64 bits
C. 128 bits
D. 256 bits

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 233). Wiley. Kindle Edition.

Answer 9

B. 64 bits

Explanation:
3DES simply repeats the use of the DES algorithm three times. Therefore, it has the same block length as DES: 64 bits.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 10

Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message?

A. Stream cipher
B. Caesar cipher
C. Block cipher
D. ROT3 cipher

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 233). Wiley. Kindle Edition.

Answer 10

C. Block cipher

Explanation:
Block ciphers operate on message “chunks” rather than on individual characters or bits. The other ciphers mentioned are all types of stream ciphers that operate on individual bits or characters of a message.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 11

What is the minimum number of cryptographic keys required for secure two-way communications in symmetric key cryptography?

A. One
B. Two
C. Three
D. Four

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 233). Wiley. Kindle Edition.

Answer 11

A. One

Explanation:
Symmetric key cryptography uses a shared secret key. All communicating parties utilize the same key for communication in any direction.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 12

Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present. What type of technique is he using?

A. Split knowledge
B. M of N Control
C. Work function
D. Zero-knowledge proof

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 233). Wiley. Kindle Edition.

Answer 12

B. M of N Control

Explanation:
M of N Control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 13

Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won’t spoil results throughout the communication?

A. Cipher Block Chaining (CBC)
B. Electronic Code Book (ECB)
C. Cipher Feedback (CFB)
D. Output feedback (OFB)

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 234). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 234). Wiley. Kindle Edition.

Answer 13

D. Output feedback (OFB)

Explanation:
Output feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large amounts of data.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 14

Many cryptographic algorithms rely on the difficulty of factoring the product of large prime numbers. What characteristic of this problem are they relying on?

A. It contains diffusion.
B. It contains confusion.
C. It is a one-way function.
D. It complies with Kerckhoffs’s principle.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 234). Wiley. Kindle Edition.

Answer 14

C. It is a one-way function.

Explanation:
A one-way function is a mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 15

How many keys are required to fully implement a symmetric algorithm with 10 participants?

A. 10
B. 20
C. 45
D. 100

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 234). Wiley. Kindle Edition.

Answer 15

C. 45

Explanation:
The number of keys required for a symmetric algorithm is dictated by the formula (n*(n–1))/2, which in this case, where n = 10, is 45.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 16

What block size is used by the Advanced Encryption Standard?

A. 32 bits
B. 64 bits
C. 128 bits
D. Variable

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 234). Wiley. Kindle Edition.

Answer 16

C. 128 bits

Explanation:
C. The Advanced Encryption Standard uses a 128-bit block size, even though the Rijndael algorithm it is based on allows a variable block size.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 17

What kind of attack makes the Caesar cipher virtually unusable?

A. Meet-in-the-middle attack
B. Escrow attack
C. Frequency analysis attack
D. Transposition attack

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 234). Wiley. Kindle Edition.

Answer 17

C. Frequency analysis attack

Explanation:
The Caesar cipher (and other simple substitution ciphers) are vulnerable to frequency analysis attacks that analyze the rate at which specific letters appear in the ciphertext.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 18

What type of cryptosystem commonly makes use of a passage from a well-known book for the encryption key?

A. Vernam cipher
B. Running key cipher
C. Skipjack cipher
D. Twofish cipher

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 234). Wiley. Kindle Edition.

Answer 18

B. Running key cipher

Explanation:
B. Running key (or “book”) ciphers often use a passage from a commonly available book as the encryption key.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 19

Which AES finalist makes use of prewhitening and postwhitening techniques?

A. Rijndael
B. Twofish
C. Blowfish
D. Skipjack

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 235). Wiley. Kindle Edition.

Answer 19

B. Twofish

Explanation:
The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.

Question 20

How many encryption keys are required to fully implement an asymmetric algorithm with 10 participants?

A. 10
B. 20
C. 45
D. 100

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 235). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 235). Wiley. Kindle Edition.

Answer 20

B. 20

Explanation:
In an asymmetric algorithm, each participant requires two keys: a public key and a private key.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 959). Wiley. Kindle Edition.