Cryptography Flashcards
Which of the following elements is not included in a Public Key Infrastructure (PKI)?
A. Timestamping
B. Lightweight Directory Access Protocol (LDAP)
C. Certificate revocation
D. Internet Key Exchange (IKE)
Answer: D
Explanation:
In a Public Key Infrastructure (PKI) context, which of the following is a primary concern with LDAP servers? A. Availability B. Accountability C. Confidentiality D. Flexibility
Answer: A
Explanation:
What is NOT true with pre shared key authentication within IKE/IPsec protocol:
A. pre shared key authentication is normally based on simple passwords
B. needs a PKI to work
C. Only one preshared key for all VPN connections is needed
D. Costly key management on large user groups
Answer: B
Explanation:
What is the role of IKE within the IPsec protocol: A. peer authentication and key exchange B. data encryption C. data signature D. enforcing quality of service
Answer: A
Explanation: “In order to set up and manage Sas on the Internet, a standard format called the Internet Security Association and Key Management Protocol (ISAKMP) was established. ISAKMP provides for secure key exchange and data authentication. However, ISAKMP is independent of the authentication protocols, security protocols, and encryption algorithms. Strictly speaking, a combination of three protocols is used to define key management for IPSEC. These protocols are ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley. When combined and applied to IPSEC, these protocols are called the Internet Key Exchange (IKE) protocol.” Pg. 222 Krutz: The CISSP Prep Guide: Gold Edition
In a Public Key Infrastructure, how are public keys published? A. They are sent via e-mail B. Through digital certificates C. They are sent by owners D. They are not published
Answer: B
Explanation:
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?
A. Diffie-Hellman Key Exchange Protocol
B. Internet Security Association and Key Management Protocol (ISAKMP)
C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY
Answer: D
Explanation:
Which of the following defines the key exchange for Internet Protocol Security (IPSEC)?
A. Internet Security Association Key Management Protocol (ISAKMP)
B. Internet Key Exchange (IKE)
C. Security Key Exchange (SKE)
D. Internet Communication Messaging Protocol (ICMP)
Answer: A
Explanation: Because Ipsec is a framework, it does not dictate what hashing and encryption algorithms are to be used or how keys are to be exchanged between devices. Key management can be handled through manual process or automated a key management protocol. The Internet Security Association and Key management Protocol (ISAKMP) is an authentication and key exchange architecture that is independent of the type of keying mechanisms used. Pg 577 Shon Harris All-In-One CISSP Certification Exam Guide
A network of five nodes is using symmetrical keys to securely transmit data. How many new keys are required to re-establish secure communications to all nodes in the event there is a key compromise? A. 5 B. 10 C. 20 D. 25
Answer: B
Explanation: Per Sybex CISSP Study Guide 3rd Edition (page #314)
total # of symmetrical keys needed is expressed as:
[number of participants * (number of participants-1)]/2 s/b B. 10 not A. 5
What is the effective key size of DES? A. 56 bits B. 64 bits C. 128 bits D. 1024 bits
Answer: A
Explanation:
Matches between which of the following are important because they represent references from one relation to another and establish the connection among these relations? A. foreign key to primary key B. foreign key to candidate key C. candidate key to primary key D. primary key to secondary key
Answer: A
Explanation:
Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets?
A. Internet Security Association and Key Management Protocol (ISKAMP)
B. Simple Key-Management for Internet Protocols (SKIP)
C. Diffie-Hellman Key Distribution Protocol
D. IPsec Key Exchange (IKE)
Answer: B
Reference: pg 117 Krutz
What is the PRIMARY advantage of secret key encryption systems as compared with public key systems? A. Faster speed encryption B. Longer key lengths C. Easier key management D. Can be implemented in software
Answer: A
Explanation: “The major strength of symmetric key cryptography is the great speed at which it can operate. By the nature of the mathematics involved, symmetric key cryptography also naturally lends itself to hardware implementations, creating the opportunity for even higher-speed operations.” Pg. 309 Tittel: CISSP Study Guide
In a cryptographic key distribution system, the master key is used to exchange? A. Session keys B. Public keys C. Secret keys D. Private keys
Answer: A
Explanation: “The Key Distribution Center (KDC) is the most import component within a Kerberos environment. The KDC holds all users’ and services’ cryptographic keys. It provides authentication services, as well as key distribution functionality. The clients and services trust the integrity of the KDC, and this trust is the foundation of Kerberos security.” Pg. 148 Shon Harris CISSP All-In-One Certification Exam Guide ‘The basic principles of Kerberos operation are as follows: 1.)The KDC knows the secret keys of all clients and servers on the network. 2.)The KDC initially exchanges information with the client and server by using these secret keys. 3.)Kerberos authenticates a client to a requested service on a server through TGS, and by using temporary symmetric session keys for communications between the client and KDC, the server and the KDC, and the client and server. 4.)Communication then takes place between the client and the server using those temporary session keys.” Pg. 40 Krutz: The CISSP Prep Guide
Which Application Layer security protocol requires two pair of asymmetric keys and two digital certificates? A. PEM B. S/HTTP C. SET D. SSL
Answer: C
Explanation: SET – Secure Electronic Transaction Page 753 of Shon Harris’ book (5th edition)
Which of the following can be defined as an attribute in one relation that has values matching the primary key in another relation? A. foreign key B. candidate key C. Primary key D. Secondary key
Answer: A
Reference: pg 243 Hansche: Official (ISC)2 Guide to the CISSP Exam
What key size is used by the Clipper Chip? A. 40 bits B. 56 bits C. 64 bits D. 80 bits
Answer: D
Explanation: “Each Clipper Chip has a unique serial number and an 80-bit unique unit or secret key. The unit key is divided into tow parts and is stored at two separate organizations with the serial number that uniquely identifies that particular Clipper Chip.” Pg 166 Krutz: The CISSP Prep Guide
What uses a key of the same length as the message? A. Running key cipher B. One-time pad C. Steganography D. Cipher block chaining
Answer: B
Reference:
“A one-time pad is an extremely powerful type of substitution cipher. One-time pads use a different alphabet for each letter of the plaintext message.
Normally, one-time pads are written as a very long series of numbers to be plugged into the function.
The great advantage to one-time pads is that, when used properly, they are an unbreakable encryption scheme. There is no repeating pattern of alphabetic substitution, redering cryptanalytic efforts useless. However, several requirements must be met to ensure the integrity of the algorithm:
The encryption key must be randomly generated. Using a phrase or a passage from a book would introduce the possibility of cryptanalysts breaking the code.
The one-time pad must be physically secured against disclosure. If the enemy has a copy of the pad, they can easily decrypt the enciphered messages.
Each one-time pad must be used only once. If pads are reused, cryptanalysts can compare similarities in multiple messages encrypted with the same pad and possibly determine the key values used.
The key must be at least as long as the message to be encrypted. This is because each key element is used to encode only one character of the message.
Pg. 304-305 Tittel: CISSP Study Guide
Which of the following statements related to a private key cryptosystem is FALSE?
A. The encryption key should be secure
B. Data Encryption Standard (DES) is a typical private key cryptosystem
C. The key used for decryption is known to the sender
D. Two different keys are used for the encryption and decryption
Answer: D
Explanation: “In symmetric key cryptography, a single secret key is used between entities, wheareas in public key systems, each entity has different keys, or asymmetric keys.” Pg 476 Shon
Harris CISSP Certification All-in-One Exam Guide
Simple Key Management for Internet Protocols (SKIP) is similar to Secure Sockets Layer (SSL), except that it requires no prior communication in order to establish or exchange keys on a: A. Secure Private keyring basis B. response-by-session basis C. Remote Server basis D. session-by-session basis
Answer: D Reference: pg 117 Krutz: CISSP Prep Guide: Gold Edition
A weak key of an encryption algorithm has which of the following properties?
A. It is too short, and thus easily crackable
B. It facilitates attacks against the algorithm
C. It has much more zeroes than ones
D. It can only be used as a public key
Answer: B
Explanation:
Security measures that protect message traffic independently on each communication path are called: A. Link oriented B. Procedure oriented C. Pass-through oriented D. End-to-end oriented
Answer: A
Explanation: Link encryption encrypts all the data along a specific communication path like a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data hat are part of the packets are also encrypted. This provides extra protection against packet sniffers and eavesdroppers. - Shon Harris All-in-one CISSP Certification Guide pg 560
Who is responsible for the security and privacy of data during a transmission on a public communications link? A. The carrier B. The sending party C. The receiving party D. The local service provider
Answer: B
Explanation: The sender of an email is responsible for encryption if security is desired. A bank that sends data across web is responsible to utilize a secure protocol.
QUESTION NO: 742
Which of the following best provides e-mail message authenticity and confidentiality?
A. Signing the message using the sender’s public key and encrypting the message using the receiver’s private key
B. Signing the message using the sender’s private key and encrypting the message using the receiver’s public key
C. Signing the message using the receiver’s private key and encrypting the message using the sender’s public key
D. Signing the message using the receiver’s public key and encrypting the message with the sender’s private key
Answer: B
Explanation:
Cryptography does not help in: A. Detecting fraudulent insertion B. Detecting fraudulent deletion C. Detecting fraudulent modifications D. Detecting fraudulent disclosure
Answer: D
Explanation:
Which of the following is NOT a property of a one-way hash function?
A. It converts a message of a fixed length into a message digest of arbitrary length
B. It is computationally infeasible to construct two different messages with the same digest
C. It converts a message of arbitrary length into a message digest of a fixed length
D. Given a digest value, it is computationally infeasible to find the corresponding message
Answer: A
Explanation:
How much more secure is 56 bit encryption opposed to 40 bit encryption? A. 16 times B. 256 times C. 32768 times D. 65,536 times
Answer: D
Explanation: 2 to the (56-40)th power – 2 to the 16th power = 65536 Note: 2 to the power of 40 = 1099511627776 2 to the power of 56 = 72057594037927936 72057594037927936 / 1099511627776 = 65,536
Which of the following statements is true about data encryption as a method of protecting data?
A. It should sometimes be used for password files
B. It is usually easily administered
C. It makes few demands on system resources
D. It requires careful key Management
Answer: D
Explanation: “Cryptography can be used as a security mechanism to provide confidentiality, integrity, and authentication, but not if the keys are compromised in any way. The keys can be captured, modified, corrupted, or disclosed to unauthorized individuals. Cryptography is based on a trust mode. Individuals trust each other to protect their own keys, they trust the administrator who is maintaining the keys, and they trust a server that holds, maintains and distributes the keys.
Many administrators know that key management causes one of the biggest headaches in cryptographic implementation. There is more to key maintenance than using them to encrypt messages. The keys have to be distributed securely to the right entities and updated continuously. The keys need to be protected as they are being transmitted and while they are being stored on each workstation and server. The keys need to be generated, destroyed, and recovered properly, Key management can be handled through manual or automatic processes.
Unfortunately, many companies use cryptographic keys, but rarely if ever change them. This is because of the hassle of key management and because the network administrator is already overtaxed with other tasks or does not realize the task actually needs to take place. The frequency
ISC CISSP Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 351
of use of a cryptographic key can have a direct correlation to often the key should be changed. The more a key is used, the more likely it is to be captured and compromised. If a key is used infrequently, then this risk drops dramatically. The necessary level of security and the frequency of use can dictate the frequency of the key updates.
Key management is the most challenging part of cryptography and also the most crucial. It is one thing to develop a very complicated and complex algorithm and key method, but if the keys are not securely stored and transmitted, it does not really matter how strong the algorithm is. Keeping keys secret is a challenging task.” Pg 512-513 Shon Harris CISSP Certification All-In-One Exam Guide
The primary purpose for using one-way encryption of user passwords within a system is which of the following?
A. It prevents an unauthorized person from trying multiple passwords in one logon attempt
B. It prevents an unauthorized person from reading or modifying the password list
C. It minimizes the amount of storage required for user passwords
D. It minimizes the amount of processing time used for encrypting password
Answer: B
Explanation:
Which of the following is not a known type of Message Authentication Code (MAC)? A. Hash function-based MAC B. Block cipher-based MAC C. Signature-based MAC D. Stream cipher-based MAC
Answer: C
Explanation:
Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT)? A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundency Check (CRC) D. Secure Hash Standard (SHS)
Answer: B
Reference: pg 218 Krutz: CISSP Prep Guide: Gold Edition
Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use a hybrid encryption technique. What does this mean?
A. Use of public key encryption to secure a secret key, and message encryption using the secret key
B. Use of the recipient’s public key for encryption and decryption based on the recipient’s private key
C. Use of software encryption assisted by a hardware encryption accelerator
D. Use of elliptic curve encryption
Answer: A
Explanation:
One-way hash provides: A. Confidentiality B. Availability C. Integrity D. Authentication
Answer: C
Explanation: “Hash Functions ….how cryptosystems implement digital signatures to provide proof that a message originated from a particular user of a cryptosystem and to ensure that the message was not modified while in transit between the two parties.”
Pg. 292 Tittel: CISSP Study Guide Second Edition
Pg. 292 Tittel: CISSP Study Guide Second Edition
“integrity A state characterized by the assurance that modifications are not made by unauthorized users and authorized users do not make unauthorized modifications.”
Pg. 616 Tittel: CISSP Study Guide Second Edition
What size is an MD5 message digest (hash)? A. 128 bits B. 160 bits C. 256 bits D. 128 bytes
Answer: A
Explanation: “MD4 MD4 is a one-way hash function designed by Ron Rivest. It produces 128-bit hash, or message digest, values. It is used for high-speed computation in software implementations and is optimized for microprocessors.
MD5 MD5 is the newer version of MD4. It still produces a 128-bit hash, but the algorithm is more complex, which makes it harder to break. MD5 added a fourth round of operations to be performed during the hashing functions and makes several of it mathematical operations carry out more steps or more complexity to provide a higher level of security.
MD2 MD2 is also a 128-bit one-way hash designed by Ron Rivest. It is not necessarily any weaker than the previously mentioned hash functions, but is much slower.
SHA SHA was designed by NIST and NSA to be used with DSS. The SHA was designed to be used with digital signatures and was developed when a more secure hashing algorithm was required for federal application. SHA produces a 160-bit hash value, or message digest. This is then inputted into the DSA, which computes the signature for a message. The message digest is signed instead of the whole message because it is a much quicker process. The sender computes a 160-bit hash value, encrypts it with his private key (signs it), appends it to the message, and sends it. The receiver decrypts the value with the sender’s public key, runs the same hashing function, and compares the two values. If the values are the same, the receiver can be sure that the message has not been tampered with in transit. SHA is similar to MD4. It has some extra mathematical functions and produces a 160-bit hash instead of 128-bit, which makes it more resistant to brute force attacks, including birthday attacks.
HAVAL HAVAL is a variable-length one-way hash function and is the modification of MD5. It processes message blocks twice the size of those used in MD5; thus it processes blocks of 1,024 bits.
Pg. 508-509 Shon Harris CISSP Certification All-In-One Exam Guide
Which of the following is NOT a property of a one-way hash function?
A. It converts a message of a fixed length into a message digest of arbitrary length.
B. It is computationally infeasible to construct two different messages with the same digest
C. It converts a message of arbitrary length into a message digest of a fixed length
D. Given a digest value, it is computationally infeasible to find the corresponding message
Answer: A
Explanation:
Which of the following would best describe a Concealment cipher?
A. Permutation is used, meaning that letters are scrambled
B. Every X number of words within a text, is a part of the real message
C. Replaces bits, characters, or blocks of characters with different bits, characters, or blocks.
D. Hiding data in another message so that the very existence of the data is concealed.
Answer: B
Reference: pg 468 Shon Harris: All-in-One CISSP Certification
Which of the following ciphers is a subset of the Vignere polyalphabetic cipher? A. Caesar B. Jefferson C. Alberti D. SIGABA
Answer: A
Explanation: “The Caesar Cipher,…., is a simple substitution cipher that involves shifting the alphabet three positions to the right. The Caesar Cipher is a subset of the Vigenere polyalphabetic cipher. In the Caesar cipher, the message’s characters and repetitions of the key are added together, modulo 26. In modulo 26, the letters A to Z of the alphabet are given a value of 0 to 25, respectively.”
Pg. 189 Krutz: The CISSP Prep Guide: Gold Edition
Which of the following is not a property of the Rijndael block cipher algorithm?
A. Resistance against all known attacks
B. Design simplicity
C. 512 bits maximum key size
D. Code compactness on a wide variety of platforms
Answer: C
Explanation:
What are two types of ciphers? A. Transposition and Permutation B. Transposition and Shift C. Transposition and Substitution D. Substitution and Replacement
Answer: C
Explanation: “Classical Ciphers: Substitution Transposition (Permutation) Vernam (One-Time Pad) Book or Running Key Codes Steganography”
Pg 189-193 Krutz: CISSP Prep Guide: Gold Edition.