Flashcards in Exam SET B Deck (199)
For fault-tolerance to operate, a system must be:
A. Capable of a cold start.
B. Capable of terminating operations in a safe mode.
C. Capable of detecting and correcting the fault.
D. Capable of only detecting the fault.
Explanation: The correct answer is "Capable of detecting and correcting the fault". The two conditions required for a faulttolerant system. Answer "Capable of only detecting the fault" is a distracter. Answer "Capable of terminating operations in a safe mode" is the definition of fail safe and answer "Capable of a cold start" refers to starting after a system shutdown.
The classic Caesar cipher is a:
A. Code group.
B. Transposition cipher.
C. Monoalphabetic cipher.
D. Polyalphabetic cipher.
Explanation: The correct answer is Monoalphabetic cipher. It uses one alphabet shifted three places. Answers Polyalphabetic cipher and Transposition cipher are incorrect because in answer a, multiple alphabets are used and in answer Transposition cipher, the letters of the message are transposed.
Answer Code group is incorrect because code groups deal with words and phrases and ciphers deal with bits or letters.
Apolyalphabetic cipher is also known as:
A. One-time pad.
C. Vernam cipher.
D. VigenËre cipher.
Explanation: The correct answer is VigenËre cipher.
* Answer "One-time pad" is incorrect because a one-time pad uses a random key with length equal to the plaintext message and is used only once. * Answer "Steganography" is the process of sending a message with no indication that a message even exists. *Answer "Vernam cipher" is incorrect because it applies to stream ciphers that are XORed with a random key string.
Superscalar computer architecture is characterized by a:
A. Computer using instructions that are simpler and require less clock cycles to execute.
B. Computer using instructions that perform many operations per instruction.
C. Processor that executes one instruction at a time.
D. Processor that enables concurrent execution of multiple instructions in the same pipeline stage.
Explanation: * Answer "Computer using instructions that perform many operations per instruction" is the definition of a complex instruction set computer. * Answer "Computer using instructions that are simpler and require less clock cycles to execute" is the definition of a reduced instruction set computer. * Answer "Processor that executes one instruction at a time" is the definition of a scalar processor.
Which of the following is NOT a characteristic of the ElGamal public
A. It is based on the discrete logarithm problem.
B. It can be used to generate digital signatures.
C. It can perform encryption, but not digital signatures.
D. It can perform encryption.
Explanation: The ElGamal public key cryptosystem can perform both encryption and digital signatures based on the discrete logarithm problem. These three characteristics are shown in the examples that follow. To generate a key pair in the ElGamal system: A. Choose a prime number, p. B. Choose two random numbers, g and x (g and x must both be less than p). C. Calculate y = g x mod p. D. The private key is x and the public key is y, g, and p. To encrypt a message, M, in the ElGamal system: A. Select a random number, j, such that j is relatively prime to p-1. Recall that two numbers are relatively prime if they have no common factors other than 1. B. Generate w = g j mod p and z = y j M mod p. C. w and z comprise the ciphertext. To decrypt the message, M, in the ElGamal system, calculate M = z/w xmod p. This can be shown by substituting the values of z and w in the equation as follows: M = y j M mod p/ g jx mod p Since y j = g xj mod p M = (g xj M / g jx ) mod p To sign a message, M, in the ElGamal system: A. Select a random number, j, such that j is relatively prime to p-1. The value of j must not be disclosed. Generate w = g j mod p. B. Solve for z in the equation M = (xw + jz) mod (p-1). The solution to this equation is beyond the scope of this coverage. Suffice to say that an algorithm exists to solve for the variable z. C. w and z comprise the signature. D. Verification of the signature is accomplished if g M mod p = y w w z mod p.
Which is NOT true about Covert Channel Analysis?
A. It is required for B2 class systems in order to protect against covert storage channels.
B. It is an operational assurance requirement that is specified in the Orange Book.
C. It is required for B3 class systems to protect against both covert storage and covert timing channels.
D. It is required for B2 class systems to protect against covert timing channels.
Explanation: The correct answer is "It is required for B2 class systems to protect against covert timing channels". Orange Book B2 class systems do not need to be protected from covert timing channels. Covert channel analysis must be performed for B2-level class systems to protect against covert storage channels only. B3 class systems need to be protected against both covert storage channels and covert timing channels.
In public key cryptography,
A. The public key is used to encrypt and decrypt.
B. Only the private key can encrypt and only the public key can decrypt.
C. If the public key encrypts, then only the private key can decrypt.
D. Only the public key can encrypt and only the private key can decrypt.
Explanation: The correct answer is "If the public key encrypts, then only the private key can decrypt".
Answers "Only the private key can encrypt and only the public key can decrypt" and "Only the public key can encrypt and only the private key can decrypt" are incorrect because if one key encrypts, the other can decrypt.
Answer "The public key is used to encrypt and decrypt"is incorrect because if the public key encrypts, it cannot decrypt.
When two different keys encrypt a plaintext message into the same ciphertext, this situation is known as:
B. Public key cryptography.
D. Key clustering.
Explanation: The correct answer is "Key clustering" Answer "Public key cryptography" describes a type of cryptographic system using a public and a private key; answer Cryptanalysis is the art/science of breaking ciphers; answer Hashing is the conversion of a message of variable length into a fixed-length message digest.
Which attack type below does NOT exploit TCP vulnerabilities?
A. Sequence Number attack
B. Ping of Death
C. SYN attack
D. land.c attack
Explanation: The Ping of Death exploits the fragmentation vulnerability of large ICMP ECHO request packets by sending an illegal packet with more than 65K of data, creating a buffer overflow. * a TCP sequence number attack, which exploits the nonrandom predictable pattern of TCP connection sequence numbers to spoof a session. * a TCP SYN attack, is a DoS attack that exploits the TCP threeway handshake. The attacker rapidly generates randomly sourced SYN packets filling the target's connection queue before the connection can timeout. * land.c attack, is also a DoS attack that exploits TCP SYN packets. The attacker sends a packet that gives both the source and destination as the target's address, and uses the same source and destination port. Sources: Designing Network Security by Merike Kaeo (Cisco Press, 1999) and Mastering Network Security by Chris Brenton (Sybex, 1999).
The Biba model addresses:
A. Unauthorized modification of data.
B. Transformation procedures.
C. Constrained data items.
D. Data disclosure.
Explanation: The correct answer is "Unauthorized modification of data". The Biba model is an integrity model. Answer "Data disclosure" is associated with confidentiality. Answers "Transformation procedures" and "Constrained data items" are specific to the ClarkWilson model.
A block cipher:
A. Converts a variable-length of plaintext into a fixed length ciphertext.
B. Is an asymmetric key algorithm.
C. Encrypts by operating on a continuous data stream.
D. Breaks a message into fixed length units for encryption.
Explanation: The correct answer is "Breaks a message into fixed length units for encryption". Answer "Encrypts by operating on a continuous data stream" describes a stream cipher. Answer "Is an asymmetric key algorithm" is incorrect because a block cipher applies to symmetric key algorithms; and answer "Converts a variable-length of plaintext into a fixed length ciphertext" describes a hashing operation.
What do the message digest algorithms MD2, MD4 and MD5 have in common?
A. They are all used in the Secure Hash Algorithm (SHA).
B. They all take a message of arbitrary length and produce a message digest of 128-bits.
C. They all take a message of arbitrary length and produce a message digest of 160-bits.
D. They are all optimized for 32-bit machines.
Explanation: * Answer "They all take a message of arbitrary length and produce a message digest of 160-bits" is obviously, then, incorrect. * Answer "They are all optimized for 32-bit machines" is incorrect since MD2 (B.S. Kaliski, The MD2 Message Digest Algorithm, RFC 1319, April 1992) is targeted for 8-bit machines. It is used in Privacy Enhanced Mail (PEM). MD4 (R.L. Rivest, The MD4 Message Digest Algorithm, RFC 1186, Oct 1990) and MD5 (R.L. Rivest, The MD5 Message Digest Algorithm, RFC 1321, April 1992) are designed for 32-bit machines. MD5 is considered more secure than MD4, and MD5 is also used in PEM. Answer d is incorrect since the SHAis a separate algorithm from MD2, MD4, and MD5, but is modeled after MD4. SHA produces a 160-bit message digest.
The addressing mode in which an instruction accesses a memory location whose contents are the address of the desired data is called:
A. Implied addressing.
B. Direct addressing.
C. Indirect addressing.
D. Indexed addressing.
Which of the following would NOT be an example of compensating controls being implemented?
A. Modifying the timing of a system resource in some measurable way to covertly transmit information
B. Sensitive information requiring two authorized signatures to release
C. Asafety deposit box needing two keys to open
D. Signing in or out of a traffic log and using a magnetic card to access to an operations center
Explanation: The correct answer is "Modifying the timing of a system resource in some measurable way to covertly transmit information". This is the definition for a covert timing channel. The other three are examples of compensating controls, which are a combination of technical, administrative, or physical controls to enhance security.
Which of the following is an example of a symmetric key algorithm?
Explanation: The correct answer is Rijndael. The other answers are examples of asymmetric key systems.
Elliptic curves, which are applied to public key cryptography, employ modular exponentiation that characterizes the:
A. Knapsack problem.
B. Elliptic curve modular addition.
C. Elliptic curve discrete logarithm problem.
D. Prime factors of very large numbers.
Explanation: The correct answer is "Elliptic curve discrete logarithm problem". Modular exponentiation in elliptic curves is the analog of the modular discreet logarithm problem.
* Answer "Prime factors of very large numbers" is incorrect because prime factors are involved with RSA public key systems; answer c is incorrect because modular addition in elliptic curves is the analog of modular multiplication; and answer "Knapsack problem" is incorrect because the knapsack problem is not an elliptic curve problem.
Which of the following items BEST describes the standards addressed by Title II, Administrative Simplification, of the Health Insurance Portability and Accountability Act (US Kennedy-Kassebaum Health
Insurance and Portability Accountability Act -HIPAA-Public Law 104-19)?
A. Transaction Standards, to include Code Sets; Security and Electronic Signatures and Privacy
B. Security and Electronic Signatures and Privacy
C. Transaction Standards, to include Code Sets; Unique Health Identifiers; Security and Electronic Signatures and Privacy
D. Unique Health Identifiers; Security and Electronic Signatures and Privacy
Explanation: HIPAA was designed to provide for greater access to personal health care information, enable portability of health care insurance, establish strong penalties for health care fraud, and streamline the health care claims process through administrative simplification. To accomplish the latter, Title II of the HIPAA law, Administrative Simplification, requires standardizing the formats for the electronic transmission of health care information. The transactions and code sets portion includes standards for submitting claims, enrollment information, premium payments, and others as adopted by HHS. The standard for transactions is the ANSI ASC X12N version 4010 EDI Standard. Standard code sets are required for diagnoses and inpatient services, professional services, dental services (replaces D' codes), and drugs (instead of J' codes). Also, local codes are not to be used. Unique health identifiers are required to identify health care providers, health plans, employers, and individuals. Security and electronic signatures are specified to protect health care information. Pri- vacy protections are required to ensure that there is no unauthorized disclosure of individually identifiable health care information. The other answers are incorrect since they do not include all four major standards. Additional information can be found at http:// aspe.hhs.gov/adminsimp.
Which protocol is used to resolve a known IP address to an unknown MAC address?
Explanation: The Address Resolution Protocol (ARP) sends a broadcast asking for the host with a specified IP address to reply with its MAC, or hardware address. This information is kept in the ARP Cache. * the Reverse Address Resolution Protocol (RARP) is commonly used on diskless machines, when the MAC is known, but not the IP address. It asks a RARP server to provide a valid IP address, which is somewhat the reverse of ARP. * the Internet Control Message Protocol (ICMP) is a management protocol for IP. * the Trivial File Transfer Protocol (TFTP), is a stripped-down version of the File Transfer Protocol (FTP).
Source: CCNA Study Guide by Todd Lammle, Donald Porter, and James Chellis (Sybex, 1999).
Which of the following BEST describes a block cipher?
A. An asymmetric key algorithm that operates on a variable-length block of plaintext and transforms it into a fixed-length block of ciphertext
B. A symmetric key algorithm that operates on a fixed-length block of plaintext and transforms it into a fixed-length block of ciphertext
C. An asymmetric key algorithm that operates on a fixed-length block of plaintext and transforms it into a fixed-length block of ciphertext
D. A symmetric key algorithm that operates on a variable-length block of plaintext and transforms it into a fixed-length block of ciphertext
Explanation: A block cipher breaks the plaintext into fixed-length blocks, commonly 64-bits, and encrypts the blocks into fixed-length blocks of ciphertext. Another characteristic of the block cipher is that, if the same key is used, a particular plaintext block will be transformed into the same ciphertext block. Examples of block ciphers are DES, Skipjack, IDEA, RC5 and AES. An example of a block cipher in a symmetric key cryptosystem is the Electronic Code Book (ECB) mode of operation. In the ECB mode, a plaintext block is transformed into a ciphertext block as shown in Figure. If the same key is used for each transformation, then a Code Book can be compiled for each plaintext block and corresponding ciphertext block. Answer a is incorrect since it refers to a variable-length block of plaintext being transformed into a fixed-length block of ciphertext. Recall that this operation has some similarity to a hash function, which takes a message of arbitrary length and converts it into a fixedlength message digest.
* Answers "An asymmetric key algorithm that operates on a variable-length block of plaintext and transforms it into a fixed-length block of ciphertext" and "An asymmetric key algorithm that operates on a fixed-length block of plaintext and transforms it into a fixed-length block of ciphertext"are incorrect because they involve asymmetric key algorithms, and the block cipher is used with symmetric key algorithms In other cryptographic modes of operation, such as Cipher Block Chaining (CBC), the result of the encryption of the plaintext block, Pn, is fed into the encryption process of plaintext block Pn+1. Thus, the result of the encryption of one block affects the result of the encryption of the next block in the sequence
In the discretionary portion of the Bell-LaPadula mode that is based on the access matrix, how the access rights are defined and evaluated is called:
Explanation: The correct answer is Authorization, since authorization is concerned with how access rights are defined and how they are evaluated.
Which of the following processes establish the minimum national standards for certifying and accrediting national security systems?
D. Defense audit
Explanation: The NIACAP provides a standard set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the information assurance and security posture of a system or site. The NIACAP is designed to certify that the information system meets documented accreditation requirements and will continue to maintain the accredited security posture throughout the system life cycle. * Answer CIAP is being developed for the evaluation of critical commercial systems and uses the NIACAP methodology. * DITSCAP establishes for the defense entities a standard process, set of activities, general task descriptions, and a management structure to certify and accredit IT systems that will maintain the required security posture. The process is designed to certify that the IT system meets the accreditation requirements and that the system will maintain the accredited security posture throughout the system life cycle. The four phases to the DITSCAP are Definition, Verification, Validation, and Post Accreditation. * Answer "Defense audit" is a distracter.
The primary goal of the TLS Protocol is to provide:
A. Privacy and data integrity between two communicating applications
B. Authentication and data integrity between two communicating applications
C. Privacy and authentication between two communicating applications
D. Privacy, authentication and data integrity between two communicating applications
Explanation: The TLS Protocol is comprised of the TLS Record and Handshake Protocols. The TLS Record Protocol is layered on top of a transport protocol such as TCP and provides privacy and reliability to the communications. The privacy is implemented by encryption using symmetric key cryptography such as DES or RC4. The secret key is generated anew for each connection; however, the Record Protocol
ISC CISSP Exam
"Pass Any Exam. Any Time." - www.actualtests.com 832
can be used without encryption. Integrity is provided through the use of a keyed Message Authentication Code (MAC) using hash algorithms such as SHA or MD5. The TLS Record Protocol is also used to encapsulate a higher-level protocol such as the TLS Handshake Protocol. This Handshake Protocol is used by the server and client to authenticate each other. The authentication can be accomplished using asymmetric key cryptography such as RSA or DSS. The Handshake Protocol also sets up the encryption algorithm and cryptographic keys to enable the application protocol to transmit and receive information.
The Rijndael cipher employs a round transformation that is itself comprised of three layers of transformations. Which of the following is NOT one of these layers?
A. Non-linear mixing layer
B. Non-linear layer
C. Key addition layer
D. Linear mixing layer
Explanation: The correct answer is Non-linear mixing layer, a distracter.
Context-dependent control uses which of the following to make decisions?
A. Subject or object attributes or environmental characteristics
C. Formal models
D. Operating system characteristics
Explanation: The correct answer is Subject or object attributes or environmental characteristics. Answer Data refers to content-dependent characteristics, and answers Formal models and "Operating system characteristics" are distracters.
The Number Field Sieve (NFS) is a:
A. General purpose factoring algorithm that can be used to factor large numbers
B. General purpose algorithm used for brute force attacks on secret key cryptosystems
C. General purpose hash algorithm
D. General purpose algorithm to calculate discreet logarithms
Explanation: The NFS has been successful in efficiently factoring numbers larger than 115 digits and a version of NFS has successfully factored a 155-digit number. Clearly, factoring is an attack that can be used against the RSA cryptosystem in which the public and private keys are calculated based on the product of two large prime numbers. The other answers are distracters.
The following compilation represents what facet of cryptanalysis?
A. Frequency analysis
B. Cilly analysis
C. Cartouche analysis
D. Period analysis
Explanation: The compilation is from a study by h. Becker and f. Piper that was originally published in Cipher Systems: The Protection of Communication. The listing shows the relative frequency in percent of the appearance of the letters of the English alphabet in large numbers of passages taken from newspapers and novels. Thus, in a substitution cipher, an analysis of the frequency of appearance of certain letters may give clues to the actual letter before transformation. Note that the letters E, A, and T have relatively high percentages of appearance in English text. *Answer "Period analysis" refers to a cryptanalysis that is looking for sequences that repeat themselves and for the spacing between repetitions. This approach is used to break the VigenËre cipher. * Answer "Cilly analysis" is a reference to a cilly, which was a three-character message key used in the German Enigma machine. * In answer "Cartouche analysis", a cartouche is a set of hieroglyphs surrounded by a loop. A cartouche referring to King Ptolemy was found on the Rosetta Stone.
In Part 3 of the Common Criteria, Security Assurance Requirements, seven predefined Packages of assurance components that make up the CC scale for rating confidence in the security of IT products and systems are called:
A. Protection Assurance Levels (PALs).
B. Security Target Assurance Levels (STALs).
C. Assurance Levels (ALs).
D. Evaluation Assurance Levels (EALs).
Explanation: The correct answer is "Evaluation Assurance Levels (EALs)". The other answers are distracters.
The principles of Notice, Choice, Access, Security, and Enforcement refer to which of the following?
Explanation: These items are privacy principles. Notice refers to the collection, use, and disclosure of personally identifiable information (PII). Choice is the choice to opt out or opt in regarding the disclosure of PII to third parties; Access is access by consumers to their PII to permit review and correction of information. Security is the obligation to protect PII from unauthorized disclosure. Enforcement is the enforcement of applicable privacy policies and obligations. The other answers are distracters
Which statement below is correct regarding VLANs?
A. A closed VLAN configuration is the least secure VLAN configuration.
B. A VLAN is less secure when implemented in conjunction with private port switching.
C. A VLAN is a network segmented physically, not logically.
D. A VLAN restricts flooding to only those ports included in the VLAN.
Explanation: A virtual local area network (VLAN) allows ports on the same or different switches to be grouped so that traffic is confined to members of that group only, and restricts broadcast, unicast, and multicast traffic. Answer "A VLAN is a network segmented physically, not logically" is incorrect, because a VLAN is segmented logically, rather than physically. Answer "A VLAN is less secure when implemented in conjunction with private port switching" is incorrect. When a VLAN is implemented with private port, or single-user, switching, it provides fairly stringent security because broadcast vulnerabilities are minimized. Answer "A closed VLAN configuration is the least secure VLAN configuration" is incorrect, as a closed VLAN authenticates a user to an access control list on a central authentication server, where they are assigned authorization parameters to determine their level of network access. Sources: Catalyst 5000 Series Installation Guide (Cisco Systems) and Virtual LANs by Mariana Smith (McGraw-Hill, 1998)