Flashcards in Cryptography Deck (95)
Which of the following elements is not included in a Public Key Infrastructure (PKI)?
B. Lightweight Directory Access Protocol (LDAP)
C. Certificate revocation
D. Internet Key Exchange (IKE)
In a Public Key Infrastructure (PKI) context, which of the following is a primary concern with LDAP servers?
What is NOT true with pre shared key authentication within IKE/IPsec protocol:
A. pre shared key authentication is normally based on simple passwords
B. needs a PKI to work
C. Only one preshared key for all VPN connections is needed
D. Costly key management on large user groups
What is the role of IKE within the IPsec protocol:
A. peer authentication and key exchange
B. data encryption
C. data signature
D. enforcing quality of service
Explanation: “In order to set up and manage Sas on the Internet, a standard format called the Internet Security Association and Key Management Protocol (ISAKMP) was established. ISAKMP provides for secure key exchange and data authentication. However, ISAKMP is independent of the authentication protocols, security protocols, and encryption algorithms. Strictly speaking, a combination of three protocols is used to define key management for IPSEC. These protocols are ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley. When combined and applied to IPSEC, these protocols are called the Internet Key Exchange (IKE) protocol.” Pg. 222 Krutz: The CISSP Prep Guide: Gold Edition
In a Public Key Infrastructure, how are public keys published?
A. They are sent via e-mail
B. Through digital certificates
C. They are sent by owners
D. They are not published
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?
A. Diffie-Hellman Key Exchange Protocol
B. Internet Security Association and Key Management Protocol (ISAKMP)
C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY
Which of the following defines the key exchange for Internet Protocol Security (IPSEC)?
A. Internet Security Association Key Management Protocol (ISAKMP)
B. Internet Key Exchange (IKE)
C. Security Key Exchange (SKE)
D. Internet Communication Messaging Protocol (ICMP)
Explanation: Because Ipsec is a framework, it does not dictate what hashing and encryption algorithms are to be used or how keys are to be exchanged between devices. Key management can be handled through manual process or automated a key management protocol. The Internet Security Association and Key management Protocol (ISAKMP) is an authentication and key exchange architecture that is independent of the type of keying mechanisms used. Pg 577 Shon Harris All-In-One CISSP Certification Exam Guide
A network of five nodes is using symmetrical keys to securely transmit data. How many new keys are required to re-establish secure communications to all nodes in the event there is a key compromise?
Explanation: Per Sybex CISSP Study Guide 3rd Edition (page #314)
total # of symmetrical keys needed is expressed as:
[number of participants * (number of participants-1)]/2 s/b B. 10 not A. 5
What is the effective key size of DES?
A. 56 bits
B. 64 bits
C. 128 bits
D. 1024 bits
Matches between which of the following are important because they represent references from one relation to another and establish the connection among these relations?
A. foreign key to primary key
B. foreign key to candidate key
C. candidate key to primary key
D. primary key to secondary key
Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets?
A. Internet Security Association and Key Management Protocol (ISKAMP)
B. Simple Key-Management for Internet Protocols (SKIP)
C. Diffie-Hellman Key Distribution Protocol
D. IPsec Key Exchange (IKE)
Reference: pg 117 Krutz
What is the PRIMARY advantage of secret key encryption systems as compared with public key systems?
A. Faster speed encryption
B. Longer key lengths
C. Easier key management
D. Can be implemented in software
Explanation: “The major strength of symmetric key cryptography is the great speed at which it can operate. By the nature of the mathematics involved, symmetric key cryptography also naturally lends itself to hardware implementations, creating the opportunity for even higher-speed operations.” Pg. 309 Tittel: CISSP Study Guide
In a cryptographic key distribution system, the master key is used to exchange?
A. Session keys
B. Public keys
C. Secret keys
D. Private keys
Explanation: “The Key Distribution Center (KDC) is the most import component within a Kerberos environment. The KDC holds all users’ and services’ cryptographic keys. It provides authentication services, as well as key distribution functionality. The clients and services trust the integrity of the KDC, and this trust is the foundation of Kerberos security.” Pg. 148 Shon Harris CISSP All-In-One Certification Exam Guide ‘The basic principles of Kerberos operation are as follows: 1.)The KDC knows the secret keys of all clients and servers on the network. 2.)The KDC initially exchanges information with the client and server by using these secret keys. 3.)Kerberos authenticates a client to a requested service on a server through TGS, and by using temporary symmetric session keys for communications between the client and KDC, the server and the KDC, and the client and server. 4.)Communication then takes place between the client and the server using those temporary session keys.” Pg. 40 Krutz: The CISSP Prep Guide
Which Application Layer security protocol requires two pair of asymmetric keys and two digital certificates?
Explanation: SET – Secure Electronic Transaction Page 753 of Shon Harris’ book (5th edition)
Which of the following can be defined as an attribute in one relation that has values matching the primary key in another relation?
A. foreign key
B. candidate key
C. Primary key
D. Secondary key
Reference: pg 243 Hansche: Official (ISC)2 Guide to the CISSP Exam
What key size is used by the Clipper Chip?
A. 40 bits
B. 56 bits
C. 64 bits
D. 80 bits
Explanation: “Each Clipper Chip has a unique serial number and an 80-bit unique unit or secret key. The unit key is divided into tow parts and is stored at two separate organizations with the serial number that uniquely identifies that particular Clipper Chip.” Pg 166 Krutz: The CISSP Prep Guide
What uses a key of the same length as the message?
A. Running key cipher
B. One-time pad
D. Cipher block chaining
“A one-time pad is an extremely powerful type of substitution cipher. One-time pads use a different alphabet for each letter of the plaintext message.
Normally, one-time pads are written as a very long series of numbers to be plugged into the function.
The great advantage to one-time pads is that, when used properly, they are an unbreakable encryption scheme. There is no repeating pattern of alphabetic substitution, redering cryptanalytic efforts useless. However, several requirements must be met to ensure the integrity of the algorithm:
The encryption key must be randomly generated. Using a phrase or a passage from a book would introduce the possibility of cryptanalysts breaking the code.
The one-time pad must be physically secured against disclosure. If the enemy has a copy of the pad, they can easily decrypt the enciphered messages.
Each one-time pad must be used only once. If pads are reused, cryptanalysts can compare similarities in multiple messages encrypted with the same pad and possibly determine the key values used.
The key must be at least as long as the message to be encrypted. This is because each key element is used to encode only one character of the message.
Pg. 304-305 Tittel: CISSP Study Guide
Which of the following statements related to a private key cryptosystem is FALSE?
A. The encryption key should be secure
B. Data Encryption Standard (DES) is a typical private key cryptosystem
C. The key used for decryption is known to the sender
D. Two different keys are used for the encryption and decryption
Explanation: “In symmetric key cryptography, a single secret key is used between entities, wheareas in public key systems, each entity has different keys, or asymmetric keys.” Pg 476 Shon
Harris CISSP Certification All-in-One Exam Guide
Simple Key Management for Internet Protocols (SKIP) is similar to Secure Sockets Layer (SSL), except that it requires no prior communication in order to establish or exchange keys on a:
A. Secure Private keyring basis
B. response-by-session basis
C. Remote Server basis
D. session-by-session basis
Answer: D Reference: pg 117 Krutz: CISSP Prep Guide: Gold Edition
A weak key of an encryption algorithm has which of the following properties?
A. It is too short, and thus easily crackable
B. It facilitates attacks against the algorithm
C. It has much more zeroes than ones
D. It can only be used as a public key
Security measures that protect message traffic independently on each communication path are called:
A. Link oriented
B. Procedure oriented
C. Pass-through oriented
D. End-to-end oriented
Explanation: Link encryption encrypts all the data along a specific communication path like a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data hat are part of the packets are also encrypted. This provides extra protection against packet sniffers and eavesdroppers. - Shon Harris All-in-one CISSP Certification Guide pg 560
Who is responsible for the security and privacy of data during a transmission on a public communications link?
A. The carrier
B. The sending party
C. The receiving party
D. The local service provider
Explanation: The sender of an email is responsible for encryption if security is desired. A bank that sends data across web is responsible to utilize a secure protocol.
QUESTION NO: 742
Which of the following best provides e-mail message authenticity and confidentiality?
A. Signing the message using the sender’s public key and encrypting the message using the receiver’s private key
B. Signing the message using the sender’s private key and encrypting the message using the receiver’s public key
C. Signing the message using the receiver’s private key and encrypting the message using the sender’s public key
D. Signing the message using the receiver’s public key and encrypting the message with the sender’s private key
Cryptography does not help in:
A. Detecting fraudulent insertion
B. Detecting fraudulent deletion
C. Detecting fraudulent modifications
D. Detecting fraudulent disclosure
Which of the following is NOT a property of a one-way hash function?
A. It converts a message of a fixed length into a message digest of arbitrary length
B. It is computationally infeasible to construct two different messages with the same digest
C. It converts a message of arbitrary length into a message digest of a fixed length
D. Given a digest value, it is computationally infeasible to find the corresponding message
How much more secure is 56 bit encryption opposed to 40 bit encryption?
A. 16 times
B. 256 times
C. 32768 times
D. 65,536 times
Explanation: 2 to the (56-40)th power – 2 to the 16th power = 65536 Note: 2 to the power of 40 = 1099511627776 2 to the power of 56 = 72057594037927936 72057594037927936 / 1099511627776 = 65,536
Which of the following statements is true about data encryption as a method of protecting data?
A. It should sometimes be used for password files
B. It is usually easily administered
C. It makes few demands on system resources
D. It requires careful key Management
Explanation: "Cryptography can be used as a security mechanism to provide confidentiality, integrity, and authentication, but not if the keys are compromised in any way. The keys can be captured, modified, corrupted, or disclosed to unauthorized individuals. Cryptography is based on a trust mode. Individuals trust each other to protect their own keys, they trust the administrator who is maintaining the keys, and they trust a server that holds, maintains and distributes the keys.
Many administrators know that key management causes one of the biggest headaches in cryptographic implementation. There is more to key maintenance than using them to encrypt messages. The keys have to be distributed securely to the right entities and updated continuously. The keys need to be protected as they are being transmitted and while they are being stored on each workstation and server. The keys need to be generated, destroyed, and recovered properly, Key management can be handled through manual or automatic processes.
Unfortunately, many companies use cryptographic keys, but rarely if ever change them. This is because of the hassle of key management and because the network administrator is already overtaxed with other tasks or does not realize the task actually needs to take place. The frequency
ISC CISSP Exam
"Pass Any Exam. Any Time." - www.actualtests.com 351
of use of a cryptographic key can have a direct correlation to often the key should be changed. The more a key is used, the more likely it is to be captured and compromised. If a key is used infrequently, then this risk drops dramatically. The necessary level of security and the frequency of use can dictate the frequency of the key updates.
Key management is the most challenging part of cryptography and also the most crucial. It is one thing to develop a very complicated and complex algorithm and key method, but if the keys are not securely stored and transmitted, it does not really matter how strong the algorithm is. Keeping keys secret is a challenging task." Pg 512-513 Shon Harris CISSP Certification All-In-One Exam Guide
The primary purpose for using one-way encryption of user passwords within a system is which of the following?
A. It prevents an unauthorized person from trying multiple passwords in one logon attempt
B. It prevents an unauthorized person from reading or modifying the password list
C. It minimizes the amount of storage required for user passwords
D. It minimizes the amount of processing time used for encrypting password
Which of the following is not a known type of Message Authentication Code (MAC)?
A. Hash function-based MAC
B. Block cipher-based MAC
C. Signature-based MAC
D. Stream cipher-based MAC