Exam SET B Flashcards
For fault-tolerance to operate, a system must be:
A. Capable of a cold start.
B. Capable of terminating operations in a safe mode.
C. Capable of detecting and correcting the fault.
D. Capable of only detecting the fault.
Answer: C
Explanation: The correct answer is “Capable of detecting and correcting the fault”. The two conditions required for a faulttolerant system. Answer “Capable of only detecting the fault” is a distracter. Answer “Capable of terminating operations in a safe mode” is the definition of fail safe and answer “Capable of a cold start” refers to starting after a system shutdown.
The classic Caesar cipher is a: A. Code group. B. Transposition cipher. C. Monoalphabetic cipher. D. Polyalphabetic cipher.
Answer: C
Explanation: The correct answer is Monoalphabetic cipher. It uses one alphabet shifted three places. Answers Polyalphabetic cipher and Transposition cipher are incorrect because in answer a, multiple alphabets are used and in answer Transposition cipher, the letters of the message are transposed.
Answer Code group is incorrect because code groups deal with words and phrases and ciphers deal with bits or letters.
Apolyalphabetic cipher is also known as: A. One-time pad. B. Steganography. C. Vernam cipher. D. VigenËre cipher.
Answer: D
Explanation: The correct answer is VigenËre cipher.
* Answer “One-time pad” is incorrect because a one-time pad uses a random key with length equal to the plaintext message and is used only once. * Answer “Steganography” is the process of sending a message with no indication that a message even exists. *Answer “Vernam cipher” is incorrect because it applies to stream ciphers that are XORed with a random key string.
Superscalar computer architecture is characterized by a:
A. Computer using instructions that are simpler and require less clock cycles to execute.
B. Computer using instructions that perform many operations per instruction.
C. Processor that executes one instruction at a time.
D. Processor that enables concurrent execution of multiple instructions in the same pipeline stage.
Answer: D
Explanation: * Answer “Computer using instructions that perform many operations per instruction” is the definition of a complex instruction set computer. * Answer “Computer using instructions that are simpler and require less clock cycles to execute” is the definition of a reduced instruction set computer. * Answer “Processor that executes one instruction at a time” is the definition of a scalar processor.
Which of the following is NOT a characteristic of the ElGamal public
key cryptosystem?
A. It is based on the discrete logarithm problem.
B. It can be used to generate digital signatures.
C. It can perform encryption, but not digital signatures.
D. It can perform encryption.
Answer: C
Explanation: The ElGamal public key cryptosystem can perform both encryption and digital signatures based on the discrete logarithm problem. These three characteristics are shown in the examples that follow. To generate a key pair in the ElGamal system: A. Choose a prime number, p. B. Choose two random numbers, g and x (g and x must both be less than p). C. Calculate y = g x mod p. D. The private key is x and the public key is y, g, and p. To encrypt a message, M, in the ElGamal system: A. Select a random number, j, such that j is relatively prime to p-1. Recall that two numbers are relatively prime if they have no common factors other than 1. B. Generate w = g j mod p and z = y j M mod p. C. w and z comprise the ciphertext. To decrypt the message, M, in the ElGamal system, calculate M = z/w xmod p. This can be shown by substituting the values of z and w in the equation as follows: M = y j M mod p/ g jx mod p Since y j = g xj mod p M = (g xj M / g jx ) mod p To sign a message, M, in the ElGamal system: A. Select a random number, j, such that j is relatively prime to p-1. The value of j must not be disclosed. Generate w = g j mod p. B. Solve for z in the equation M = (xw + jz) mod (p-1). The solution to this equation is beyond the scope of this coverage. Suffice to say that an algorithm exists to solve for the variable z. C. w and z comprise the signature. D. Verification of the signature is accomplished if g M mod p = y w w z mod p.
Which is NOT true about Covert Channel Analysis? A. It is required for B2 class systems in order to protect against covert storage channels. B. It is an operational assurance requirement that is specified in the Orange Book. C. It is required for B3 class systems to protect against both covert storage and covert timing channels. D. It is required for B2 class systems to protect against covert timing channels.
Answer: D Explanation: The correct answer is "It is required for B2 class systems to protect against covert timing channels". Orange Book B2 class systems do not need to be protected from covert timing channels. Covert channel analysis must be performed for B2-level class systems to protect against covert storage channels only. B3 class systems need to be protected against both covert storage channels and covert timing channels.
In public key cryptography,
A. The public key is used to encrypt and decrypt.
B. Only the private key can encrypt and only the public key can decrypt.
C. If the public key encrypts, then only the private key can decrypt.
D. Only the public key can encrypt and only the private key can decrypt.
Answer: C
Explanation: The correct answer is “If the public key encrypts, then only the private key can decrypt”.
Answers “Only the private key can encrypt and only the public key can decrypt” and “Only the public key can encrypt and only the private key can decrypt” are incorrect because if one key encrypts, the other can decrypt.
Answer “The public key is used to encrypt and decrypt”is incorrect because if the public key encrypts, it cannot decrypt.
When two different keys encrypt a plaintext message into the same ciphertext, this situation is known as: A. Cryptanalysis. B. Public key cryptography. C. Hashing. D. Key clustering.
Answer: D
Explanation: The correct answer is “Key clustering” Answer “Public key cryptography” describes a type of cryptographic system using a public and a private key; answer Cryptanalysis is the art/science of breaking ciphers; answer Hashing is the conversion of a message of variable length into a fixed-length message digest.
Which attack type below does NOT exploit TCP vulnerabilities? A. Sequence Number attack B. Ping of Death C. SYN attack D. land.c attack
Answer: B
Explanation: The Ping of Death exploits the fragmentation vulnerability of large ICMP ECHO request packets by sending an illegal packet with more than 65K of data, creating a buffer overflow. * a TCP sequence number attack, which exploits the nonrandom predictable pattern of TCP connection sequence numbers to spoof a session. * a TCP SYN attack, is a DoS attack that exploits the TCP threeway handshake. The attacker rapidly generates randomly sourced SYN packets filling the target’s connection queue before the connection can timeout. * land.c attack, is also a DoS attack that exploits TCP SYN packets. The attacker sends a packet that gives both the source and destination as the target’s address, and uses the same source and destination port. Sources: Designing Network Security by Merike Kaeo (Cisco Press, 1999) and Mastering Network Security by Chris Brenton (Sybex, 1999).
The Biba model addresses: A. Unauthorized modification of data. B. Transformation procedures. C. Constrained data items. D. Data disclosure.
Answer: A
Explanation: The correct answer is “Unauthorized modification of data”. The Biba model is an integrity model. Answer “Data disclosure” is associated with confidentiality. Answers “Transformation procedures” and “Constrained data items” are specific to the ClarkWilson model.
A block cipher:
A. Converts a variable-length of plaintext into a fixed length ciphertext.
B. Is an asymmetric key algorithm.
C. Encrypts by operating on a continuous data stream.
D. Breaks a message into fixed length units for encryption.
Answer: D
Explanation: The correct answer is “Breaks a message into fixed length units for encryption”. Answer “Encrypts by operating on a continuous data stream” describes a stream cipher. Answer “Is an asymmetric key algorithm” is incorrect because a block cipher applies to symmetric key algorithms; and answer “Converts a variable-length of plaintext into a fixed length ciphertext” describes a hashing operation.
What do the message digest algorithms MD2, MD4 and MD5 have in common?
A. They are all used in the Secure Hash Algorithm (SHA).
B. They all take a message of arbitrary length and produce a message digest of 128-bits.
C. They all take a message of arbitrary length and produce a message digest of 160-bits.
D. They are all optimized for 32-bit machines.
Answer: B
Explanation: * Answer “They all take a message of arbitrary length and produce a message digest of 160-bits” is obviously, then, incorrect. * Answer “They are all optimized for 32-bit machines” is incorrect since MD2 (B.S. Kaliski, The MD2 Message Digest Algorithm, RFC 1319, April 1992) is targeted for 8-bit machines. It is used in Privacy Enhanced Mail (PEM). MD4 (R.L. Rivest, The MD4 Message Digest Algorithm, RFC 1186, Oct 1990) and MD5 (R.L. Rivest, The MD5 Message Digest Algorithm, RFC 1321, April 1992) are designed for 32-bit machines. MD5 is considered more secure than MD4, and MD5 is also used in PEM. Answer d is incorrect since the SHAis a separate algorithm from MD2, MD4, and MD5, but is modeled after MD4. SHA produces a 160-bit message digest.
The addressing mode in which an instruction accesses a memory location whose contents are the address of the desired data is called: A. Implied addressing. B. Direct addressing. C. Indirect addressing. D. Indexed addressing.
Answer: C
Explanation:
Which of the following would NOT be an example of compensating controls being implemented?
A. Modifying the timing of a system resource in some measurable way to covertly transmit information
B. Sensitive information requiring two authorized signatures to release
C. Asafety deposit box needing two keys to open
D. Signing in or out of a traffic log and using a magnetic card to access to an operations center
Answer: A
Explanation: The correct answer is “Modifying the timing of a system resource in some measurable way to covertly transmit information”. This is the definition for a covert timing channel. The other three are examples of compensating controls, which are a combination of technical, administrative, or physical controls to enhance security.
Which of the following is an example of a symmetric key algorithm? A. Rijndael B. Knapsack C. RSA D. Diffie-Hellman
Answer: A
Explanation: The correct answer is Rijndael. The other answers are examples of asymmetric key systems.
Elliptic curves, which are applied to public key cryptography, employ modular exponentiation that characterizes the:
A. Knapsack problem.
B. Elliptic curve modular addition.
C. Elliptic curve discrete logarithm problem.
D. Prime factors of very large numbers.
Answer: C
Explanation: The correct answer is “Elliptic curve discrete logarithm problem”. Modular exponentiation in elliptic curves is the analog of the modular discreet logarithm problem.
* Answer “Prime factors of very large numbers” is incorrect because prime factors are involved with RSA public key systems; answer c is incorrect because modular addition in elliptic curves is the analog of modular multiplication; and answer “Knapsack problem” is incorrect because the knapsack problem is not an elliptic curve problem.
Which of the following items BEST describes the standards addressed by Title II, Administrative Simplification, of the Health Insurance Portability and Accountability Act (US Kennedy-Kassebaum Health
Insurance and Portability Accountability Act -HIPAA-Public Law 104-19)?
A. Transaction Standards, to include Code Sets; Security and Electronic Signatures and Privacy
B. Security and Electronic Signatures and Privacy
C. Transaction Standards, to include Code Sets; Unique Health Identifiers; Security and Electronic Signatures and Privacy
D. Unique Health Identifiers; Security and Electronic Signatures and Privacy
Answer: C
Explanation: HIPAA was designed to provide for greater access to personal health care information, enable portability of health care insurance, establish strong penalties for health care fraud, and streamline the health care claims process through administrative simplification. To accomplish the latter, Title II of the HIPAA law, Administrative Simplification, requires standardizing the formats for the electronic transmission of health care information. The transactions and code sets portion includes standards for submitting claims, enrollment information, premium payments, and others as adopted by HHS. The standard for transactions is the ANSI ASC X12N version 4010 EDI Standard. Standard code sets are required for diagnoses and inpatient services, professional services, dental services (replaces D’ codes), and drugs (instead of J’ codes). Also, local codes are not to be used. Unique health identifiers are required to identify health care providers, health plans, employers, and individuals. Security and electronic signatures are specified to protect health care information. Pri- vacy protections are required to ensure that there is no unauthorized disclosure of individually identifiable health care information. The other answers are incorrect since they do not include all four major standards. Additional information can be found at http:// aspe.hhs.gov/adminsimp.
Which protocol is used to resolve a known IP address to an unknown MAC address? A. ICMP B. RARP C. ARP D. TFTP
Answer: C
Explanation: The Address Resolution Protocol (ARP) sends a broadcast asking for the host with a specified IP address to reply with its MAC, or hardware address. This information is kept in the ARP Cache. * the Reverse Address Resolution Protocol (RARP) is commonly used on diskless machines, when the MAC is known, but not the IP address. It asks a RARP server to provide a valid IP address, which is somewhat the reverse of ARP. * the Internet Control Message Protocol (ICMP) is a management protocol for IP. * the Trivial File Transfer Protocol (TFTP), is a stripped-down version of the File Transfer Protocol (FTP).
Source: CCNA Study Guide by Todd Lammle, Donald Porter, and James Chellis (Sybex, 1999).
Which of the following BEST describes a block cipher?
A. An asymmetric key algorithm that operates on a variable-length block of plaintext and transforms it into a fixed-length block of ciphertext
B. A symmetric key algorithm that operates on a fixed-length block of plaintext and transforms it into a fixed-length block of ciphertext
C. An asymmetric key algorithm that operates on a fixed-length block of plaintext and transforms it into a fixed-length block of ciphertext
D. A symmetric key algorithm that operates on a variable-length block of plaintext and transforms it into a fixed-length block of ciphertext
Answer: B
Explanation: A block cipher breaks the plaintext into fixed-length blocks, commonly 64-bits, and encrypts the blocks into fixed-length blocks of ciphertext. Another characteristic of the block cipher is that, if the same key is used, a particular plaintext block will be transformed into the same ciphertext block. Examples of block ciphers are DES, Skipjack, IDEA, RC5 and AES. An example of a block cipher in a symmetric key cryptosystem is the Electronic Code Book (ECB) mode of operation. In the ECB mode, a plaintext block is transformed into a ciphertext block as shown in Figure. If the same key is used for each transformation, then a Code Book can be compiled for each plaintext block and corresponding ciphertext block. Answer a is incorrect since it refers to a variable-length block of plaintext being transformed into a fixed-length block of ciphertext. Recall that this operation has some similarity to a hash function, which takes a message of arbitrary length and converts it into a fixedlength message digest.
* Answers “An asymmetric key algorithm that operates on a variable-length block of plaintext and transforms it into a fixed-length block of ciphertext” and “An asymmetric key algorithm that operates on a fixed-length block of plaintext and transforms it into a fixed-length block of ciphertext”are incorrect because they involve asymmetric key algorithms, and the block cipher is used with symmetric key algorithms In other cryptographic modes of operation, such as Cipher Block Chaining (CBC), the result of the encryption of the plaintext block, Pn, is fed into the encryption process of plaintext block Pn+1. Thus, the result of the encryption of one block affects the result of the encryption of the next block in the sequence
In the discretionary portion of the Bell-LaPadula mode that is based on the access matrix, how the access rights are defined and evaluated is called: A. Validation. B. Identification. C. Authorization. D. Authentication.
Answer: C
Explanation: The correct answer is Authorization, since authorization is concerned with how access rights are defined and how they are evaluated.
Which of the following processes establish the minimum national standards for certifying and accrediting national security systems? A. DITSCAP B. NIACAP C. CIAP D. Defense audit
Answer: B
Explanation: The NIACAP provides a standard set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the information assurance and security posture of a system or site. The NIACAP is designed to certify that the information system meets documented accreditation requirements and will continue to maintain the accredited security posture throughout the system life cycle. * Answer CIAP is being developed for the evaluation of critical commercial systems and uses the NIACAP methodology. * DITSCAP establishes for the defense entities a standard process, set of activities, general task descriptions, and a management structure to certify and accredit IT systems that will maintain the required security posture. The process is designed to certify that the IT system meets the accreditation requirements and that the system will maintain the accredited security posture throughout the system life cycle. The four phases to the DITSCAP are Definition, Verification, Validation, and Post Accreditation. * Answer “Defense audit” is a distracter.
The primary goal of the TLS Protocol is to provide:
A. Privacy and data integrity between two communicating applications
B. Authentication and data integrity between two communicating applications
C. Privacy and authentication between two communicating applications
D. Privacy, authentication and data integrity between two communicating applications
Answer: A
Explanation: The TLS Protocol is comprised of the TLS Record and Handshake Protocols. The TLS Record Protocol is layered on top of a transport protocol such as TCP and provides privacy and reliability to the communications. The privacy is implemented by encryption using symmetric key cryptography such as DES or RC4. The secret key is generated anew for each connection; however, the Record Protocol
ISC CISSP Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 832
can be used without encryption. Integrity is provided through the use of a keyed Message Authentication Code (MAC) using hash algorithms such as SHA or MD5. The TLS Record Protocol is also used to encapsulate a higher-level protocol such as the TLS Handshake Protocol. This Handshake Protocol is used by the server and client to authenticate each other. The authentication can be accomplished using asymmetric key cryptography such as RSA or DSS. The Handshake Protocol also sets up the encryption algorithm and cryptographic keys to enable the application protocol to transmit and receive information.
The Rijndael cipher employs a round transformation that is itself comprised of three layers of transformations. Which of the following is NOT one of these layers? A. Non-linear mixing layer B. Non-linear layer C. Key addition layer D. Linear mixing layer
Answer: A
Explanation: The correct answer is Non-linear mixing layer, a distracter.
Context-dependent control uses which of the following to make decisions?
A. Subject or object attributes or environmental characteristics
B. Data
C. Formal models
D. Operating system characteristics
Answer: A
Explanation: The correct answer is Subject or object attributes or environmental characteristics. Answer Data refers to content-dependent characteristics, and answers Formal models and “Operating system characteristics” are distracters.
The Number Field Sieve (NFS) is a:
A. General purpose factoring algorithm that can be used to factor large numbers
B. General purpose algorithm used for brute force attacks on secret key cryptosystems
C. General purpose hash algorithm
D. General purpose algorithm to calculate discreet logarithms
Answer: A
Explanation: The NFS has been successful in efficiently factoring numbers larger than 115 digits and a version of NFS has successfully factored a 155-digit number. Clearly, factoring is an attack that can be used against the RSA cryptosystem in which the public and private keys are calculated based on the product of two large prime numbers. The other answers are distracters.
The following compilation represents what facet of cryptanalysis? A 8.2 B 1.5 C 2.8 D 4.3 E 12.7 F 2.2 G 2.0 H 6.1 I 7.0 J 0.2 K 0.8 L 4.0 M 2.4 N 6.7 O 7.5 P 1.9 Q 0.1 R 6.0 S 6.3 T 9.1 U 2.8 V 1.0 W 2.4 X 0.2 Y 2.0 Z 0.1 A. Frequency analysis B. Cilly analysis C. Cartouche analysis D. Period analysis
Answer: A
Explanation: The compilation is from a study by h. Becker and f. Piper that was originally published in Cipher Systems: The Protection of Communication. The listing shows the relative frequency in percent of the appearance of the letters of the English alphabet in large numbers of passages taken from newspapers and novels. Thus, in a substitution cipher, an analysis of the frequency of appearance of certain letters may give clues to the actual letter before transformation. Note that the letters E, A, and T have relatively high percentages of appearance in English text. *Answer “Period analysis” refers to a cryptanalysis that is looking for sequences that repeat themselves and for the spacing between repetitions. This approach is used to break the VigenËre cipher. * Answer “Cilly analysis” is a reference to a cilly, which was a three-character message key used in the German Enigma machine. * In answer “Cartouche analysis”, a cartouche is a set of hieroglyphs surrounded by a loop. A cartouche referring to King Ptolemy was found on the Rosetta Stone.
In Part 3 of the Common Criteria, Security Assurance Requirements, seven predefined Packages of assurance components that make up the CC scale for rating confidence in the security of IT products and systems are called:
A. Protection Assurance Levels (PALs).
B. Security Target Assurance Levels (STALs).
C. Assurance Levels (ALs).
D. Evaluation Assurance Levels (EALs).
Answer: D
Explanation: The correct answer is “Evaluation Assurance Levels (EALs)”. The other answers are distracters.
The principles of Notice, Choice, Access, Security, and Enforcement refer to which of the following? A. Nonrepudiaton B. Privacy C. Authorization D. Authentication
Answer: B
Explanation: These items are privacy principles. Notice refers to the collection, use, and disclosure of personally identifiable information (PII). Choice is the choice to opt out or opt in regarding the disclosure of PII to third parties; Access is access by consumers to their PII to permit review and correction of information. Security is the obligation to protect PII from unauthorized disclosure. Enforcement is the enforcement of applicable privacy policies and obligations. The other answers are distracters
Which statement below is correct regarding VLANs?
A. A closed VLAN configuration is the least secure VLAN configuration.
B. A VLAN is less secure when implemented in conjunction with private port switching.
C. A VLAN is a network segmented physically, not logically.
D. A VLAN restricts flooding to only those ports included in the VLAN.
Answer: D
Explanation: A virtual local area network (VLAN) allows ports on the same or different switches to be grouped so that traffic is confined to members of that group only, and restricts broadcast, unicast, and multicast traffic. Answer “A VLAN is a network segmented physically, not logically” is incorrect, because a VLAN is segmented logically, rather than physically. Answer “A VLAN is less secure when implemented in conjunction with private port switching” is incorrect. When a VLAN is implemented with private port, or single-user, switching, it provides fairly stringent security because broadcast vulnerabilities are minimized. Answer “A closed VLAN configuration is the least secure VLAN configuration” is incorrect, as a closed VLAN authenticates a user to an access control list on a central authentication server, where they are assigned authorization parameters to determine their level of network access. Sources: Catalyst 5000 Series Installation Guide (Cisco Systems) and Virtual LANs by Mariana Smith (McGraw-Hill, 1998)
The protocol of the Wireless Application Protocol (WAP), which performs functions similar to SSL in the TCP/IP protocol, is called the:
A. Wireless Transport Layer Security Protocol (WTLS).
B. Wireless Transaction Protocol (WTP).
C. Wireless Session Protocol (WSP).
D. Wireless Application Environment (WAE).
Answer: A
Explanation: The correct answer is “Wireless Transport Layer Security Protocol (WTLS)”. SSL performs security functions in TCP/IP.
The other answers refer to protocols in the WAP protocol stack also, but their primary functions are not security.
The property that states, Reading or writing is permitted at a particular level of sensitivity, but not to either higher or lower levels of sensitivity is called the: A. Strong * (star) Property. B. Simple * (star) Property. C. * (star) Security Property. D. Discretionary Security Property.
Answer: A
Explanation: The correct answer is “Strong * (star) Property”. * Answer “the Discretionary Security Property” specifies discretionary access control in the BellLaPadula model by the use of an access matrix. * Answer “Simple * (star) Property” is distracter. * Answer “* (star) Security Property”, in the Bell-LaPadula model, states,
The writing of information by a subject at a higher level of sensitivity to an object at a lower level of sensitively is not permitted (no write down).
In a refinement of the BellÖLaPadula model, the strong tranquility property states that:
A. Objects never change their security level.
B. Objects can change their security level in an unconstrained fashion.
C. Objects never change their security level in a way that would violate the system security policy.
D. Subjects can read up.
Answer: A
Explanation: Answer “Objects never change their security level in a way that would violate the system security policy” is known as the weak tranquility property. The two other answers are distracters.
The secure path between a user and the Trusted Computing Base (TCB) is called: A. Trusted facility management B. Trusted distribution C. Trusted path D. The security perimeter
Answer: C
Explanation: Answer trusted distribution ensures that valid and secure versions of software have been received correctly. Trusted facility management, answer “Trusted facility management”, is concerned with the proper operation of trusted facilities as well as system administration and configuration. Answer “The security perimeter”, the security perimeter, is the boundary that separates the TCB from the remainder of the system. Recall that the TCB is the totality of protection mechanisms within a computer system that are trusted to enforce a security policy.
Which standard below does NOT specify fiber optic cabling as its physical media? A. 1000BaseSX B. 100BaseFX C. 1000BaseCX D. 1000BaseLX Answer: C
Explanation: 1000BaseCX refers to 1000Mbps baseband copper cable, using two pairs of 150 ohm balanced cable for CSMA/CD LANs. * 100BaseFX, specifies a 100 Mbps baseband fiber optic CSMA/CD LAN. Answer c, 1000BaseLX, specifies a 1000Mbps CSMA/CD LAN over long wavelength fiber optics. * 1000BaseSX, specifies a 1000Mbps CSMA/CD LAN over short wavelength fiber optics.
A portion of a VigenËre cipher square is given below using five (1, 2, 14, 16, 22) of the possible 26 alphabets. Using the key word bow, which of the following is the encryption of the word advance using the VigenËre cipher? Exhibit: A. b r r b b y f B. b r r b b y h C. b r r b c y f D. b r r b j y f
Answer: A
Explanation:
The VigenËre cipher is a polyalphabetic substitution cipher. The key word bow indicates which alphabets to use. The letter b indicates the alphabet of row 1, the letter o indicates the alphabet of row 14, and the letter w indicates the alphabet of row 22. To encrypt, arrange the key word, repetitively over the plaintext as shown in Table.
Thus, the letter a of the plaintext is transformed into b of alphabet in row 1, the letter d is transformed into r of row 14, the letter v is transformed into r of row 22 and so on.
A secret mechanism that enables the implementation of the reverse function in a one-way function is called a: A. View. B. Open door. C. Trap door. D. Data diode.
Answer: C
Explanation: The correct answer is Trap door. Answer view refers to a mechanism in a database system that restricts access to certain information within the database. The view implements the principle of least privilege. Answer Open door is a distracter, and answer Data diode refers to a mechanism usually in multilevel security systems that limits the flow of classified information to one direction.
The Clark-Wilson Integrity Model (d. Clark, d. Wilson, A Comparison of Commercial and Military Computer Security Policies, Proceedings of the 1987 IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, CA, IEEE Computer Society Press, 1987) focuses on what two concepts?
A. Capability lists and domains
B. Least privilege and well-formed transactions
C. Separation of duty and well-formed transactions
D. Well-formed transactions and denial of service
Answer: C
Explanation: The Clark-Wilson Model is a model focused on the needs of the commercial world and is based on the theory that integrity is more important than confidentiality for commercial organizations. Further, the model incorporates the commercial concepts of separation of duty and wellformed transactions. The well-formed transaction of the model is implemented by the transformation procedure (TP.)ATP is defined in the model as the mechanism for transforming the set of constrained data items (CDIs) from one valid state of integrity to another valid state of integrity. The Clark-Wilson Model defines rules for separation of duty that denote the relations between a user, TPs, and the CDIs that can be operated upon by those TPs. The model talks about the access triple that is the user, the program that is permitted to operate on the data, and the data. The other answers are distracters.
An associative memory operates in which one of the following ways?
A. Searches for a specific data value in memory
B. Uses indirect addressing only
C. Returns values stored in a memory address location specified in the CPU address register
D. Searches for values in memory exceeding a specified value
Answer: A
Explanation: Answer a refers to an addressing mode used in computers where the address location that is specified in the program instruction contains the address of the final desired location. * Answer “Searches for values in memory exceeding a specified value” is a distracter and answer “Returns values stored in a memory address location specified in the CPU address register” is the description of the direct or absolute addressing mode.
The British Standard 7799/ISO Standard 17799 discusses cryptographic policies. It states, An organization should develop a policy on its use of cryptographic controls for protection of its information When developing a policy, the following should be considered: (Which of the following items would most likely NOT be listed?)
A. The approach to key management, including methods to deal with the recovery of encrypted information in the case of lost, compromised or damaged keys
B. Roles and responsibilities
C. The management approach toward the use of cryptographic controls across the organization
D. The encryption schemes to be used
Answer: D
Explanation: A policy is a general statement of management’s intent, and therefore, a policy would not specify the encryption scheme to be used. The other answers are appropriate for a cryptographic policy. The general standards document is BSI ISO/IEC 17799:2000,BS 7799- I: 2000, Information technology-Code of practice for information security management, British Standards Institution, London , UK . The standard is intended to provide a comprehensive set of controls comprising best practices in information security. ISO refers to the International Organization for Standardization and IEC is the International Electrotechnical Commission. These two entities form the system for worldwide standardization. The main chapter headings of the standard are: Security Policy Organizational Security Asset Classification and Control Personnel Security Physical and Environmental Security Communications and Operations Management Access Control Systems Development and Maintenance Business Continuity Management Compliance
The Common Criteria terminology for the degree of examination of the product to be tested is: A. Functionality (F) B. Target of Evaluation (TOE) C. Evaluation Assurance Level (EAL) D. Protection Profile (PP)
Answer: C
Explanation: The Evaluation Assurance Levels range from EA1 (functional testing) to EA7 (detailed testing and formal design verification). The Target of Evaluation (TOE), answer a, refers to the product to be tested. Answer b, Protection Profile (PP), is an implementation independent specification of the security requirements and protections of a product that could be built. A Security Target (ST) is a listing of the security claims for a particular IT security product. Also, the Common Criteria describes an intermediate grouping of security requirement components as a package. Functionality, answer c, refers to Part 2 of the Common Criteria that contains standard and well-understood functional security requirements for IT systems.
A form of digital signature where the signer is not privy to the content of the message is called a: A. Encrypted signature B. Zero knowledge proof C. Masked signature D. Blind signature
Answer: D
Explanation: A blind signature algorithm for the message M uses a blinding factor, f; a modulus m; the private key, s, of the signer and the public key, q, of the signer. The sender, who generates f and knows q, presents the message to the signer in the form: Mf q (mod m) Thus, the message is not in a form readable by the signer since the signer does not know f. The signer signs Mf q (mod m) with his/her private key, returning (Mf q)s (mod m) This factor can be reduced to fMs (mod m) since s and q are inverses of each other. The sender then divides fMs (mod m) by the blinding factor, f, to obtain Ms (mod m) Ms (mod m) is, therefore, the message, M, signed with the private key, s, of the signer.
Answer Zero knowledge proof refers to a zero knowledge proof. In general, a zero knowledge proof involves a person, A, trying to prove that he/she knows something, S, to another person, B, without revealing S or anything about S. Answers Masked signature and Encrypted signature are distracters.
The Platform for Privacy Preferences (P3P) was developed by the World
Wide Web Consortium (W3C) for what purpose?
A. To monitor users
B. To implement public key cryptography for transactions
C. To evaluate a client’s privacy practices
D. To implement privacy practices on Web sites
Answer: D
Explanation: As of this writing, the latest W3C working draft of P3P is P3P 1.0, 28 January, 2002 (www.w3.org/TR). An excerpt of the W3C P3P Specification states P3P enables Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. With P3, an organization can post its privacy policy in machinereadable form (XML) on its Web site. This policy statement includes: Who has access to collected information The type of information collected How the information is used The legal entity making the privacy statement P3P also supports user agents that allow a user to configure a P3P-enabled Web browser with the user’s privacy preferences. Then, when the user attempts to access a Web site, the user agent compares the user’s stated preferences with the privacy policy in machine-readable form at the Web site. Access will be granted if the preferences match the policy. Otherwise, either access to the Web site
will be blocked or a pop-up window will appear notifying the user that he/she must change their privacy preferences. Usually, this means that the user has to lower his/her privacy threshold. The other answers are distracters.
Configuration management control best refers to:
A. The use of privileged-entity controls for system administrator functions.
B. Implementing resource protection schemes for hardware control.
C. The concept of least control in operations.
D. Ensuring that changes to the system do not unintentionally diminish security.
Answer: D
Explanation: The correct answer is “Ensuring that changes to the system do not unintentionally diminish security”. Configuration Management Control (and Change Control) are processes to ensure that any changes to the system are managed properly and do not inordinately affect either the availability or security of the system.
The following elements comprise a portion of what services? Digital certification Certification authority Timestamping Lightweight Directory Access Protocol (LDAP) Non-repudiation support A. Public Key Infrastructure (PKI) B. Wireless Application Protocol (WAP) C. IPSec D. Transaction Layer Security (TLS)
Answer: A
Explanation: The correct answer is PKI, which describes the integration of digital certificates, digital signatures, and other services necessary to support e-commerce. The other answers are distracters
Theoretically, quantum computing offers the possibility of factoring the products of large prime numbers and calculating discreet logarithms in polynomial time. These calculations can be accomplished in such a
compressed time frame because:
A. A quantum computer takes advantage of quantum tunneling in molecular scale transistors. This mode permits ultra high-speed switching to take place, thus, exponentially increasing the speed of computations.
B. Information can be transformed into quantum light waves that travel through fiber optic channels. Computations can be performed on the associated data by passing the light waves through various types of optical filters and solid-state materials with varying indices of refraction, thus drastically increasing the throughput over conventional computations.
C. A quantum computer exploits the time-space relationship that changes as particles approach the speed of light. At that interface, the resistance of conducting materials effectively is zero and exponential speed computations are possible.
D. A quantum bit in a quantum computer is actually a linear superposition of both the one and zero states and, therefore, can theoretically represent both values in parallel. This phenomenon allows computation that usually takes exponential time to be accomplished in polynomial time since different values of the binary pattern of the solution can be calculated simultaneously.
Answer: D
Explanation: In digital computers, a bit is in either a one or zero state. In a quantum computer, through linear superposition, a quantum bit can be in both states, essentially simultaneously. Thus, computations consisting of trail evaluations of binary patterns can take place simultaneously in exponential time. The probability of obtaining a correct result is increased through a phenomenon called constructive interference of light while the probability of obtaining an incorrect result is decreased through destructive interference. Answer a describes optical computing that is effective in applying Fourier and other transformations to data to perform high-speed computations. Light representing large volumes of data passing through properly shaped physical objects can be subjected to mathematical transformations and recombined to provide the appropriate results. However, this mode of computation is not defined as quantum computing. Answers c and d are diversionary answers that do not describe quantum computing.
What is the result of the Exclusive Or operation, 1XOR 0? A. 1 B. Indeterminate C. 10 D. 0
Answer: A
Explanation: The correct answer is a. An XOR operation results in a 0 if the two input bits are identical and a 1 if one of the bits is a 1 and the other is a 0.
What information security model formalizes the US Department of Defense multi-level security policy? A. Stark-Wilson B. Clark-Wilson C. Bell-LaPadula D. Biba
Answer: C
Explanation: The correct answer is Bell-LaPadula. The Bell-LaPadula model addresses the confidentiality of classified material. Answers . Clark-Wilson and Biba are integrity models, and answer Stark-Wils is a distracter.
QUESTION NO: 1691 The graph in Figure, which depicts the equation y 2 = x3 + ax + b, denotes the: Exhibit: A. RSA Factoring problem B. Elliptic curve and the elliptic curve discrete logarithm problem C. ElGamal discrete logarithm problem D. Knapsack problem
Answer: B
Explanation: The elliptic curve is defined over a finite field comprised of real, complex or rational numbers. The points on an elliptic curve form a Group under addition. Multiplication (or multiple additions) in an elliptic curve system is equivalent to modular exponentiation; thus, defining a discreet logarithm problem.
Which one of the following is generally NOT considered a covered entity under Title II, Administrative Simplification, of the HIPAA law?
A. Employers
B. Health care providers who transmit health information electronically in connection with standard transactions
C. Health plans
D. Health care clearinghouses
Answer: A
Explanation: Employers are not specifically covered under HIPAa. HIPAA applies to health care providers that transmit health care information in electronic form, health care clearinghouses, and health plans. However, some employers may be covered under the Gramm-Leach-Bliley Act. The Gramm-Leach-Bliley (GLB) Act was enacted on November 12, 1999, to remove Depression era restrictions on banks that limited certain business activities, mergers, and affiliations. It repeals the restrictions on banks affiliating with securities firms contained in sections 20 and 32 of the Glass-Steagall Act. GLB became effective on November 13, 2001. GLB also requires health plans and insurers to protect member and subscriber data in electronic and other formats. These health plans and insurers will fall under new state laws and regulations that are being passed to implement GLB, since GLB explicitly assigns enforcement of the health plan and insurer regulations to state insurance authorities (15 USc. ß6805). Some of the privacy and security requirements of Gramm-Leach-Bliley are similar to those of HIPAA. Most states required that health plans and insurers comply with the GLB requirements by July 1, 2001, and financial institutions were required to be in full compliance with Gramm-Leach-Bliley by this date. The other answers are incorrect since they are covered by the
The hashing algorithm in the Digital Signature Standard (DSS) generates a message digest of: A. 130 bit B. 56 bits C. 120 bits D. 160 bits
Answer: D Explanation:
In the * (star) property of the Bell-LaPadula model,
A. Subjects cannot read from their same level of security.
B. Subjects cannot read from a higher level of security relative to their level of security.
C. Subjects cannot read from a lower level of security relative to their level of security.
D. Subjects cannot write to a lower level of security relative to their level of security.
Answer: D
Explanation: The correct answer by definition of the star property.
The memory hierarchy in a typical digital computer, in order, is:
A. CPU, cache, primary memory, secondary memory.
B. CPU, cache, secondary memory, primary memory.
C. CPU, secondary memory, cache, primary memory.
D. CPU, primary memory, secondary memory, cache.
Answer: A
Explanation: The correct answer is “CPU, cache, primary memory, secondary memory”. In this architecture, the CPU sees the high-speed cache, which holds the instructions and data from primary memory that have a high probability of being executed by the program. In order of speed of access, the order in the correct answer goes from the fastest to the slowest access time.
Which of the following examples is the best definition of Fail Secure?
A. The operating system is started without the security front-end loaded.
B. The system preserves a secure state during and after a system crash.
C. Access personnel have security clearance, but they do not have a need-to-know.
D. The system fails to preserve a secure state during and after a system crash.
Answer: B
Explanation: The correct answer is “The system preserves a secure state during and after a system crash”. Based on the Common Criteria, a system can be evaluated as fail secure if it preserves a secure state during and after identified failures occur.
A cryptographic algorithm is also known as: A. A key B. Cryptanalysis C. A cipher D. A cryptosystem
Answer: C
Explanation: Acipher is a cryptographic transformation that operates on characters or bits. In different words, a cipher is defined as a cryptographic algorithm or mathematical function that operates on characters or bits and implements encryption or decryption. In contrast, a code operates with words, phrases and sentences. In a code, a word may be the encipherment of a sentence or phrase. For example, the word SCARF may be the code for the term BEWARE OF DUTCH TRAITOR IN YOUR MIDST. * a cryptosystem is a set of transformations from a message space to a ciphertext space. This system includes all cryptovariables (keys), plaintexts and ciphertexts associated with the transformation algorithm. The difference between answers a and c is that answer c, the correct answer, refers to the algorithm alone and answer a refers to the algorithm and all plaintexts, ciphertexts and cryptovariables associated with this algorithm. * cryptanalysis, refers to being able to break the cipher so that the encrypted message can be read. Cryptanalysis may be accomplished by exploiting weaknesses in the cipher or, in some fashion, determining the key. This act of obtaining the plaintext or key from the ciphertext can be used to recover sensitive or classified information and, perhaps, to pass on altered or fake messages in order to deceive the original intended recipient. * the key or cryptovariable, is used with a particular algorithm to encipher or decipher the plaintext message. By using the key, the algorithm can be publicly known and evaluated for its strength against attack. The key associated with a particular transformation or algorithm can take on many values and the range of all of these possible values is called the keyspace. Ideally, an enciphered plaintext message using a specific algorithm will produce a unique ciphertext message for each different key that is used with that algorithm. The situation in which a plaintext message generates identical ciphertext messages using the same transformation algorithm, but with different cryptovariables, is called key clustering. Obviously, this is not a desirable situation, since it effectively reduces the number of keys that have to be tried by an attacker in order to recover the plaintext.
The ANSI X9.52 standard defines a variant of DES encryption with keys k1, k2, and k3 as:
C = Ek3 [Dk2 [Ek1 [M]]]
What is this DES variant?
A. Double DES with an encryption and decryption with different keys
B. Triple DES in the EEE mode
C. Triple DES in theEDE mode
D. DESX
Answer: C
Explanation: This version of triple DES performs an encryption (E) of plaintext message M with key k1, a decryption (D) with key k2 (essentially, another encryption), and a third encryption with key k3. Another implementation of DES EDE is accomplished with keys k1 and k2 being independent, but with keys k1 and k3 being identical. This implementation of triple DES is written as: C = Ek1 [Dk2 [Ek1 [M]]] Answer a is incorrect since, in DESX, input plaintext is bitwise XORed with 64 bits of additional key material before encryption with DES, and the output of DES is also bitwise XORed with another 64 bits of key material. Answer b, DES in the EEE, mode is written as: C = Ek3 [Ek2 [Ek1 [M]]] where three consecutive encryptions are performed on plaintext message, M, with three independent keys, k1, k2, k3. Answer c is incorrect since the question contains three encryptions. Implementing two DES encryptions does not provide the additional security anticipated over a single DES encryption because of the meet-in-the-middle attack. Consider a DES cipher with a key size of p. A double encryption will result in an effective key size of 2p and yield the final result R. Thus, one would anticipate that one would have to search a key space of 22p in an exhaustive search of the keys. However, it can be shown that a search of the key space on the order of 2p is all that is necessary. This search is the same size as required for a single DES encryption. This situation is illustrated as follows: The sequences shown illustrate the first DES encryption of a plaintext message M with all keys k1 through k2p yielding the intermediate encrypted results C1 through C2p. Ek1 [M] C1 Ek2 [M] C2
Ek2p [M] C2p If we have available ciphertext R where R = Ek2 [Ek1 [M]] for a pair of secret keys k1 and k2, for each key m there is only one key k such that Dm[R] = Ek[M] where D is the decipherment of R back from the second DES encipherment. In other words, there are 2p possible keys that will result in the pair [M,R] and, thus, can be found in a search of order 2p.
Primary storage is the:
A. Memory used in conjunction with real memory to present a CPU with a larger, apparent address space.
B. Memory directly addressable by the CPU, which is for the storage of instructions and data that are associated with the program being executed.
C. Memory, such as magnetic disks, that provide non-volatile storage.
D. Memory where information must be obtained by sequentially searching from the beginning of the memory space.
Answer: B
Explanation: * Answer “Memory, such as magnetic disks, that provide non-volatile storage” refers to secondary storage. * Answer “Memory used in conjunction with real memory to present a CPU with a larger, apparent address space” refers to virtual memory, and answer “Memory where information must be obtained by sequentially searching from the beginning of the memory space” refers to sequential memory.
The organization that establishes a collaborative partnership of computer incident response, security and law enforcement professionals who work together to handle computer security incidents and to provide both proactive and reactive security services for the
A. Federal CIO Council
B. FederalComputer Incident Response Center
C. CERT/CC
D. Center for Infrastructure Protection
Answer: B
Explanation: To again quote the FedCIRC charter, FedCIRC provides assistance and guidance in incident response and provides a centralized approach to incident handling across agency boundaries. Specifically, the mission of FedCIRC is to: Provide civil agencies with technical information, tools, methods, assistance, and guidance Be proactive and provide liaison activities and analytical support Encourage the development of quality products and services through collaborative relationships with Federal civil agencies, the Department of Defense, academia, and private industry Promote the highest security profile for government information technology (IT) resources Promote incident response and handling procedural awareness with the federal government * Answer CERT Coordination Center (CERT/CC), is a unit of the Carnegie Mellon University Software Engineering Institute (SEI). SEI is a Federally funded R&D Center . CERT’s mission is to alert the Internet community to vulnerabilities and attacks and to conduct research and training in the areas of computer security, including incident response. * Answer “Center for Infrastructure Protection” is a distracter and answer “Federal CIO Council”, the Federal Chief Information Officers’ Council, is the sponsor of FedCIRC.
What type of firewall architecture employs two network cards and a single screening router? A. A dual-homed host firewall B. An application-level proxy server C. A screened-subnet firewall D. A screened-host firewall
Answer: D
Explanation: Like a dual-homed host, a screened-host firewall uses two network cards to connect to the trusted and untrusted networks, but adds a screening router between the host and the untrusted network. * dual-homed host has two NICs but not necessarily a screening router. * screened-subnet firewall uses two NICs also, but has two screening routers with the host
Exhibit:
acting as a proxy server on its own network segment. One screening router controls traffic local to the network while the second monitors and controls incoming and outgoing Internet traffic, * application-level proxy, is unrelated to this question. Source: Hacker Proof by Lars Klander (Jamsa Press, 1997).
The National Computer Security Center (NCSC) is:
A. An activity within the US Department of Commerce that provides information security awareness training and develops standards for protecting sensitive but unclassified information
B. A joint enterprise between the NSA and NIST for developing cryptographic algorithms and standards
C. A division of the National Institute of Standards and Technology (NIST) that issues standards for cryptographic functions and publishes them as Federal Information Processing Standards (FIPS)
D. A branch of the National Security Agency (NSA) that initiates research and develops and publishes standards and criteria for trusted information systems
Answer: D
Explanation: The NCSC promotes information systems security awareness and technology transfer through many channels, including the annual National Information Systems Security Conference. It was founded in 1981 as the Department of Defense Computer Security Center , and its name was change in 1985 to NCSc. It developed the Trusted Computer Evaluation Program Rainbow series for evaluating commercial products against information system security criteria. All the other answers are, therefore incorrect since they refer to NIST, which is under the US Department of Commerce.
What does IPL stand for? A. Internet Police League B. Initial Program Life Cycle C. Initial Program Load D. Initial Post-Transaction Logging
Answer: C
Explanation: The correct answer is “Initial Program Load”. The IPL is a task performed by the operator to boot up the system. The other terms do not exist.
Which of the following choices describes the four phases of the National Information Assurance Certification and Accreditation Process (NIACAP)?
A. Definition, Verification, Validation, and Post Accreditation
B. Definition, Authentication, Verification, and Post Accreditation
C. Definition, Verification, Validation, and Confirmation
D. Verification, Validation, Authentication, and Post Accreditation
Answer: A
Explanation:
What is the key length of the Rijndael Block Cipher? A. 56 or 64 bits B. 128, 192, or 256 bits C. 512 or 1024 bits D. 512 bits
Answer: B
Explanation:
The Clark-Wilson model focuses on data's: A. Availability. B. Confidentiality. C. Format. D. Integrity.
Answer: D
Explanation: The correct answer is Integrity. The Clark-Wilson model is an integrity model.
Using pre-numbered forms to initiate a transaction is an example of what type of control? A. Preventative control B. Deterrent control C. Detective control D. Application control
Answer: A
Explanation: The correct answer is “Preventative control”. Pre-numbered forms are an example of preventative controls. They can also be considered a transaction control and input control.
The ANSI ASC X12 (American National Standards Institute Accredited Standards Committee X12) Standard version 4010 applies to which one of the following HIPAA categories? A. Security B. Privacy C. Transactions D. Code sets
Answer: C
Explanation: The transactions addressed by HIPAA are: Health claims or similar encounter information Health care payment and remittance advice Coordination of Benefits Health claim status Enrollment and disenrollment in a health plan Eligibility for a health plan Health plan premium payments Referral certification and authorization The HIPAA EDI transaction standards to address these HIPAA transactions include the following: Health care claims or coordination of benefits Retail drug NCPCP (National Council for Prescription Drug Programs) v. 32 Dental claim ASC X12N 837: dental Professional claim ASC X12N 837: professional Institutional claim ASC X12N 837: institutional Payment and remittance advice ASC X12N 835 Health claim status ASC X12N 276/277 Plan enrollment ASC X12 834 Plan eligibility ASC X12 270/271 Plan premium payments ASC X12 820 Referral certification ASC X12 N 278 The American National Standards Institute was founded in 1917 and is the only source of American Standards. The ANSI Accredited Standards Committee X12 was chartered in 1979 and is responsible for cross-industry standards for electronic documents. The HIPAAprivacy standards, answer a, were finalized in April, 2001, and implementation
must be accomplished by April 14, 2003. The privacy rule covers individually identifiable health care information transmitted, stored in electronic or paper form, or communicated orally. Protected health information (PHI) may not be disclosed unless disclosure is approved by the individual, permitted by the legislation, required for treatment, part of health care operations, required by law, or necessary for payment. PHI is defined as individually identifiable health information that is transmitted by electronic media, maintained in any medium described in the definition of electronic media under HIPAA, or is transmitted or maintained in any other form or medium. Answer b, code sets, refers to the codes that are used to fill in the data elements of the HIPAAtransaction standards. Examples of these codes are: ICD-9-CM (vols. 1 and 2) International Classification of Diseases, 9th Ed., Clinical Modification Diseases, injuries, impairments, other health related problems, their manifestations, and causes of injury, disease, impairment, or other health-related problems CPT (Current Procedural Terminology, 4th Ed. [CPT-4]), CDT (Code on Dental Procedures and Nomenclature, 2nd Ed. [CDT-2]) or ICD-9-CM (vol. 3) Procedures or other actions taken to prevent, diagnose, treat, or manage diseases, injuries, and impairments NDC (National Drug Codes) drugs HCPCS (Health Care Financing Administration Common Procedure Coding System) Other health-related services, other substances, equipment, supplies, or other items used in health care services The proposed HIPAA Security Rule, answer d, mandates the protection of the confidentiality, integrity, and availability of protected health information (PHI) through: Administrative procedures Physical safeguards Technical services and mechanisms The rule also addresses electronic signatures, but the final rule will depend on industry progress on reaching a standard. In addition, the proposed security rule requires the appointment of a security officer.
The strength of RSApublic key encryption is based on the:
A. Difficulty of multiplying two large prime numbers.
B. Difficulty in finding logarithms in a finite field.
C. Fact that only one key is used.
D. Difficulty in finding the prime factors of very large numbers.
Answer: D
Explanation: The correct answer is “Difficulty in finding the prime factors of very large numbers”.
Answer “Difficulty in finding the prime factors of very large numbers” applies to public key algorithms such as Diffie-Hellman and Elliptic Curve. Answer “Difficulty of multiplying two large prime numbers” is incorrect because it is easy to multiply two large prime numbers. Answer “Fact that only one key is used” refers to symmetric key encryption.
What is one of the most common drawbacks to using a dual-homed host firewall?
A. The examination of the packet at the Network layer introduces latency.
B. The examination of the packet at the Application layer introduces latency.
C. The ACLs must be manually maintained on the host. D. Internal routing may accidentally become enabled.
Answer: D
Explanation: A dual-homed host uses two NICs to attach to two separate networks, commonly a trusted network and an untrusted network. It’s important that the internal routing function of the host be disabled to create an application-layer chokepoint and filter packets. Many systems come with routing enabled by default, such as IP forwarding, which makes the firewall useless. The other answers are distracters. Source: Hacker Proof by Lars Klander (Jamsa Press, 1997).
Using a modulo 26 substitution cipher where the letters A to Z of the alphabet are given a value of 0 to 25, respectively, encrypt the message OVERLORD BEGINS. Use the key K =NEW and D =3 where D is the number of repeating letters representing the key. The encrypted message is: A. BFAEPKEH XRKFAW B. BFAEPKEH XRKEAW C. BFAERKEH XRKEAW D. BFAEQKEH XRKFAW E. BZAEPKEH XRKFAW F. BZAEPKEH XRKEAW G. BZAERKEH XRKEAW H. BZAEQKEH XRKFAW
Answer: F
Explanation: The solution is as follows: OVERLORD becomes 14 21 4 17 11 14 17 3 BEGINS becomes 1 4 6 8 13 18 The key NEW becomes 13 4 22 Adding the key repetitively to OVERLORD BEGINS modulo 26 yields 1 5 0 4 15 10 4 7 23 17 10 4 0 22, which translates to BZAEPKEH XRKEAW
More in detail:
The Wireless Transport Layer Security (WTLS) Protocol in the Wireless Application Protocol (WAP) stack is based on which Internet Security Protocol? A. TLS B. SET C. S-HTTP D. IPSEC
Answer: A
Explanation: TLS is discussed in the answer to question 5. WTLS has to incorporate functionality that is provided for in TLS by TCP in the TCP/IP Protocol suite in that WTLS can operate over UDP. WTLS supports data privacy, authentication and integrity. Because WTLS has to incorporate a large number of handshakes when security is implemented, significant delays may occur. During a WTLS handshake session, WTLS can set up the following security classes:
Class 1. No certificates
Class 2. The client does not have a certificate; the server has a certificate
Class 3. The client and server have certificates
A difference between the Information Technology Security Evaluation Criteria (ITSEC) and the Trusted Computer System Evaluation Criteria (TCSEC) is:
A. TCSEC addresses availability as well as confidentiality
B. ITSEC addresses confidentiality only
C. ITSEC addresses integrity and availability as well as confidentiality
D. TCSEC separates functionality and assurance
Answer: C
Explanation: TCSEC addresses confidentiality only and bundles functionality and assurance. Thus, the other answers are incorrect. By separating functionality and assurance as in ITSEC, one could specify fewer security functions that have a high level of assurance. This separation carried over into the Common Criteria.
Which of the following is NOT a property of a public key cryptosystem? (Let P represent the private key, Q represent the public key and M the
plaintext message.)
A. P and Q are difficult to generate from a particular key value.
B. P[Q(M)] = M
C. Q[P(M)] = M
D. It is computationally infeasible to derive P from Q.
Answer: A
Explanation: The answer refers to the initial computation wherein the private and public keys are computed. The computation in this direction is relatively straightforward. Answers “Q[P(M)] = M” and “P[Q(M)] = M” state the true property of public key cryptography which is that a plaintext message encrypted with the private key can be decrypted by the public key and vice versa. Answer “It is computationally infeasible to derive P from Q” states that it is computationally infeasible to derive the private key from the public key. Obviously, this is a critical property of public key cryptography.
In the National Information Assurance Certification and Accreditation Process (NIACAP), a type accreditation performs which one of the following functions?
A. Evaluates the applications and systems at a specific, self-contained location
B. Evaluates a major application or general support system
C. Verifies the evolving or modified system’s compliance with the information agreed on in the System Security Authorization Agreement (SSAA)
D. Evaluates an application or system that is distributed to a number of different locations
Answer: D
Explanation: * Answer “Evaluates a major application or general support system” is the NIACAP system accreditation. * Answer “Verifies the evolving or modified system’s compliance with the information agreed on in the System Security Authorization Agreement (SSAA)” is the Phase 2 or Verification phase of the Defense Information Technology Security Certification and Accreditation Process (DITSCAP). The objective is to use the SSAA to establish an evolving yet binding agreement on the level of security required before the system development begins or changes to a system are made. After accreditation, the SSAA becomes the baseline security configuration document. * Answer “Evaluates the applications and systems at a specific, self-contained location” is the NIACAP site accreditation.
Random access memory is: A. Volatile. B. Non-volatile. C. Sequentially addressable. D. Programmed by using fusible links.
Answer: A
Explanation: The correct answer is Volatile. RAM is volatile. The other answers are incorrect because RAM is volatile, randomly accessible, and not programmed by fusible links.
The model that addresses the situation wherein one group is not affected by another group using specific commands is called the: A. Information flow model B. Non-interference model C. Composition model D. Clark-Wilson model
Answer: B
Explanation: In the non-interference model, security policy assertions are defined in the abstract. The process of moving from the abstract to developing conditions that can be applied to the transition functions that operate on the objects is called unwinding. * Answer “Information flow model” refers to the information flow model in which information is categorized into classes, and rules define how information can flow between the classes. The model can be defined as [O, P, S, T] where O is the set of objects, P is the flow policy, S represents the valid states, and T repre- sents the state transitions. The flow policy is usually implemented as a lattice structure. * The composition model, answer Composition model, investigates the resultant security properties when subsystems are combined.
The modes of DES do NOT include: A. Output Feedback. B. Variable Block Feedback. C. Electronic Code Book. D. Cipher Block Chaining.
Answer: B
Explanation: The correct answer is Variable Block Feedback. There is no such encipherment mode.
A computer system that employs the necessary hardware and software assurance measures to enable it to process multiple levels of classified or sensitive information is called a: A. Trusted system. B. Open system. C. Closed system. D. Safe system.
Answer: A
Explanation: The correct answer is Trusted system, by definition of a trusted system. Answers Closed system and Open system refer to open, standard information on a product as opposed to a closed or proprietary product. Answer Safe system is a distracter.
In most security protocols that support authentication, integrity and confidentiality,
A. Public key cryptography is used to create digital signatures.
B. Private key cryptography is used to create digital signatures.
C. Digital signatures are not implemented.
D. DES is used to create digital signatures.
Answer: A
Explanation: The correct answer is “Public key cryptography is used to create digital signatures.”.
Answer “Private key cryptography is used to create digital signatures” is incorrect because private key cryptography does not create digital signatures.
Answer “DES is used to create digital signatures” is incorrect because DES is a private key system and, therefore, follows the same logic as in “Private key cryptography is used to create digital signatures”; and answer “Digital signatures are not implemented” is incorrect because digital signatures are implemented to obtain authentication and integrity.
An iterated block cipher encrypts by breaking the plaintext block into two halves and, with a subkey, applying a round transformation to one of the halves. Then, the output of this transformation is XORed with
the remaining half. The round is completed by swapping the two halves. This type of cipher is known as:
A. RC6
B. Diffie-Hellman
C. RC4
D. Feistel
Answer: D
Explanation: The question stem describes one round of a Feistel cipher. This algorithm was developed by an IBM team led by Horst Feistel. (h. Feistel, Cryptography and Computer Privacy, Scientific American, v.228, n.5, May 1973) The algorithm was called Lucifer and was the basis for the Data Encryption Standard (DES). In answer a, RC4 is a variable keysize stream cipher developed by Ronald Rivest. In this type of cipher, a sequence of bits that are the key is bit-wise XORed with the plaintext. * Diffie-Hellman describes the first public key algorithm and is based on the difficulty of calculating discrete logarithms in a finite field. (W. Diffie and M.e. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, v. IT-22, n. 6, Nov 1976). It is used for exchanging keys. RC6, in answer c, is a fast block cipher designed by Rivest, Sidney and Yin. In RC6, the block size, the key size and the number of rounds are variable. The key size can be no larger than 2040 bits. RC6 was one of the five finalists in the Advanced Encryption Standard (AES) competition.
Which one of the following statements BEST describes the operation of the Digital Signature Algorithm (DSA) (National Institute of Standards and Technology, NIST FIPS PUB 186, Digital Signature Standard,
A. A message of
Answer: C
Explanation: The correct answer describes the proper sequence of operating on the message and has the correct value of 160 bits for the SHAmessage digest. At the receiving end, the message is fed into the SHA, and the result is compared to the received message digest to verify the signature. *Answer “A message of
