Choosing the Right Path for Your SSCP Exam Preparation
Welcome to PassExamHub's comprehensive study guide for the Systems Security Certified Practitioner exam. Our SSCP dumps is designed to equip you with the knowledge and resources you need to confidently prepare for and succeed in the SSCP certification exam.
What Our ISC2 SSCP Study Material Offers
PassExamHub's SSCP dumps PDF is carefully crafted to provide you with a comprehensive and effective learning experience. Our study material includes:
In-depth Content: Our study guide covers all the key concepts, topics, and skills you need to master for the SSCP exam. Each topic is explained in a clear and concise manner, making it easy to understand even the most complex concepts.
Online Test Engine: Test your knowledge and build your confidence with a wide range of practice questions that simulate the actual exam format. Our test engine cover every exam objective and provide detailed explanations for both correct and incorrect answers.
Exam Strategies: Get valuable insights into exam-taking strategies, time management, and how to approach different types of questions.
Real-world Scenarios: Gain practical insights into applying your knowledge in real-world scenarios, ensuring you're well-prepared to tackle challenges in your professional career.
Why Choose PassExamHub?
Expertise: Our SSCP exam questions answers are developed by experienced ISC2 certified professionals who have a deep understanding of the exam objectives and industry best practices.
Comprehensive Coverage: We leave no stone unturned in covering every topic and skill that could appear on the SSCP exam, ensuring you're fully prepared.
Engaging Learning: Our content is presented in a user-friendly and engaging format, making your study sessions enjoyable and effective.
Proven Success: Countless students have used our study materials to achieve their SSCP certifications and advance their careers.
Start Your Journey Today!
Embark on your journey to Systems Security Certified Practitioner success with PassExamHub. Our study material is your trusted companion in preparing for the SSCP exam and unlocking exciting career opportunities.
Related Exams
ISC2 SSCP Sample Question Answers
Question # 1
Which of the following statements is most accurate regarding a digital signature?
A. It is a method used to encrypt confidential data. B. It is the art of transferring handwritten signature to electronic media. C. It allows the recipient of data to prove the source and integrity of data. D. It can be used as a signature system and a cryptosystem.
Answer: C
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 2
Which of the following standards concerns digital certificates?
A. X.400 B. X.25 C. X.509 D. X.75
Answer: C
Explanation:
X.509 is used in digital certificates. X.400 is used in e-mail as a message handling protocol. X.25
is a standard for the network and data link levels of a communication network and X.75 is a
standard defining ways of connecting two X.25 networks.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 164).
Question # 3
Which of the following offers confidentiality to an e-mail message?
A. The sender encrypting it with its private key. B. The sender encrypting it with its public key. C. The sender encrypting it with the receiver's public key. D. The sender encrypting it with the receiver's private key.
Answer: C
Explanation:
An e-mail message's confidentiality is protected when encrypted with the receiver's public key,
because he is the only one able to decrypt the message. The sender is not supposed to have the
receiver's private key. By encrypting a message with its private key, anybody possessing the
corresponding public key would be able to read the message. By encrypting the message with its
public key, not even the receiver would be able to read the message.
Which of the following is NOT a property of the Rijndael block cipher algorithm?
A. The key sizes must be a multiple of 32 bits B. Maximum block size is 256 bits C. Maximum key size is 512 bits D. The key size does not have to match the block size
Answer: C
Explanation:
The above statement is NOT true and thus the correct answer. The maximum key size on Rijndael
is 256 bits.
There are some differences between Rijndael and the official FIPS-197 specification for AES.
Rijndael specification per se is specified with block and key sizes that must be a multiple of 32
bits, both with a minimum of 128 and a maximum of 256 bits. Namely, Rijndael allows for both key
and block sizes to be chosen independently from the set of { 128, 160, 192, 224, 256 } bits. (And
the key size does not in fact have to match the block size).
However, FIPS-197 specifies that the block size must always be 128 bits in AES, and that the key
size may be either 128, 192, or 256 bits. Therefore AES-128, AES-192, and AES-256 are actually:
Key Size (bits) Block Size (bits)
AES-128 128 128
AES-192 192 128
AES-256 256 128
So in short:
Rijndael and AES differ only in the range of supported values for the block length and cipher key
length.
For Rijndael, the block length and the key length can be independently specified to any multiple of
32 bits, with a minimum of 128 bits, and a maximum of 256 bits.
AES fixes the block length to 128 bits, and supports key lengths of 128, 192 or 256 bits only.
What principle focuses on the uniqueness of separate objects that must be joined together toperform a task? It is sometimes referred to as “what each must bring” and joined together whengetting access or decrypting a file. Each of which does not reveal the other?
A. Dual control B. Separation of duties C. Split knowledge D. Need to know
Answer: C
Explanation:
Split knowledge involves encryption keys being separated into two components, each of which
does not reveal the other. Split knowledge is the other complementary access control principle to
dual control.
In cryptographic terms, one could say dual control and split knowledge are properly implemented if
no one person has access to or knowledge of the content of the complete cryptographic key being
protected by the two rocesses.
The sound implementation of dual control and split knowledge in a cryptographic environment
necessarily means that the quickest way to break the key would be through the best attack known
for the algorithm of that key. The principles of dual control and split knowledge primarily apply to
access to plaintext keys.
Access to cryptographic keys used for encrypting and decrypting data or access to keys that are
encrypted under a master key (which may or may not be maintained under dual control and split
knowledge) do not require dual control and split knowledge. Dual control and split knowledge can
be summed up as the determination of any part of a key being protected must require the collusion
between two or more persons with each supplying unique cryptographic materials that must be
joined together to access the protected key.
Any feasible method to violate the axiom means that the principles of dual control and split
knowledge are not being upheld.
Split knowledge is the unique “what each must bring” and joined together when implementing dual
control. To illustrate, a box containing petty cash is secured by one combination lock and one
keyed lock. One employee is given the combination to the combo lock and another employee has
possession of the correct key to the keyed lock.
In order to get the cash out of the box both employees must be present at the cash box at the
same time. One cannot open the box without the other. This is the aspect of dual control.
On the other hand, split knowledge is exemplified here by the different objects (the combination to
the combo lock and the correct physical key), both of which are unique and necessary, that each
brings to the meeting. Split knowledge focuses on the uniqueness of separate objects that must be
joined together.
Dual control has to do with forcing the collusion of at least two or more persons to combine their
split knowledge to gain access to an asset. Both split knowledge and dual control complement
each other and are necessary functions that implement the segregation of duties in high integrity
cryptographic environments.
The following are incorrect answers:
Dual control is a procedure that uses two or more entities (usually persons) operating in concert to
protect a system resource, such that no single entity acting alone can access that resource. Dual
control is implemented as a security procedure that requires two or more persons to come
together and collude to complete a process. In a cryptographic system the two (or more) persons
would each supply a unique key, that when taken together, performs a cryptographic process.
Split knowledge is the other complementary access control principle to dual control.
Separation of duties - The practice of dividing the steps in a system function among different
individuals, so as to keep a single individual from subverting the process.
The need-to-know principle requires a user having necessity for access to, knowledge of, or
possession of specific information required to perform official tasks or services.
Reference(s) used for this question:
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Shon Harris, CISSP All In One (AIO), 6th Edition , page 126
Question # 13
Which of the following is a symmetric encryption algorithm?
A. RSA B. Elliptic Curve C. RC5 D. El Gamal
Answer: C
Explanation:
RC5 is a symmetric encryption algorithm. It is a block cipher of variable block length, encrypts
through integer addition, the application of a bitwise Exclusive OR (XOR), and variable rotations.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 153).
Question # 14
What level of assurance for a digital certificate verifies a user's name, address, social securitynumber, and other information against a credit bureau database?
A. Level 1/Class 1 B. Level 2/Class 2 C. Level 3/Class 3 D. Level 4/Class 4
Answer: B
Explanation:
Users can obtain certificates with various levels of assurance. Here is a list that describe each of
them:
- Class 1/Level 1 for individuals, intended for email, no proof of identity
For example, level 1 certificates verify electronic mail addresses. This is done through the use of a
personal information number that a user would supply when asked to register. This level of
certificate may also provide a name as well as an electronic mail address; however, it may or may
not be a genuine name (i.e., it could be an alias). This proves that a human being will reply back if
you send an email to that name or email address.
- Class 2/Level 2 is for organizations and companies for which proof of identity is required
Level 2 certificates verify a user's name, address, social security number, and other information
against a credit bureau database.
- Class 3/Level 3 is for servers and software signing, for which independent verification and
checking of identity and authority is done by the issuing certificate authority
Level 3 certificates are available to companies. This level of certificate provides photo identification
to accompany the other items of information provided by a level 2 certificate.
- Class 4 for online business transactions between companies
- Class 5 for private organizations or governmental security
What algorithm has been selected as the AES algorithm, replacing the DES algorithm?
A. RC6 B. Twofish C. Rijndael D. Blowfish
Answer: C
Explanation:
On October 2, 2000, NIST announced the selection of the Rijndael Block Cipher, developed by the
Belgian cryptographers Dr. Joan Daemen and Dr. Vincent Rijmen, as the proposed AES
algorithm. Twofish and RC6 were also candidates. Blowfish is also a symmetric algorithm but
wasn't a finalist for a replacement for DES.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 152).
Question # 16
Which of the following statements pertaining to block ciphers is incorrect?
A. It operates on fixed-size blocks of plaintext. B. It is more suitable for software than hardware implementations. C. Plain text is encrypted with a public key and decrypted with a private key. D. Some Block ciphers can operate internally as a stream.
Answer: C
Explanation:
Block ciphers do not use public cryptography (private and public keys).
Block ciphers is a type of symmetric-key encryption algorithm that transforms a fixed-size block of
plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length.
They are appropriate for software implementations and can operate internally as a stream. See
more info below about DES in Output Feedback Mode (OFB), which makes use internally of a
stream cipher.
The output feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It
generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext.
Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the
plaintext at the same location. This property allows many error correcting codes to function
What can be defined as secret communications where the very existence of the message is hidden?
A. Clustering B. Steganography C. Cryptology D. Vernam cipher
Answer: B
Explanation:
Steganography is a secret communication where the very existence of the message is hidden. For
example, in a digital image, the least significant bit of each word can be used to comprise a
message without causing any significant change in the image. Key clustering is a situation in
which a plaintext message generates identical ciphertext messages using the same transformation
algorithm but with different keys. Cryptology encompasses cryptography and cryptanalysis. The
Vernam Cipher, also called a one-time pad, is an encryption scheme using a random key of the
same size as the message and is used only once. It is said to be unbreakable, even with infinite
resources.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 134).
Question # 18
Which of the following BEST describes a function relying on a shared secret key that is used alongwith a hashing algorithm to verify the integrity of the communication content as well as the sender?
A. Message Authentication Code - MAC B. PAM - Pluggable Authentication Module C. NAM - Negative Acknowledgement Message D. Digital Signature Certificate
Answer: A
Explanation:
The purpose of a message authentication code - MAC is to verify both the source and message
integrity without the need for additional processes.
A MAC algorithm, sometimes called a keyed (cryptographic) hash function (however,
cryptographic hash function is only one of the possible ways to generate MACs), accepts as input
a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes
known as a tag). The MAC value protects both a message's data integrity as well as its
authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the
message content.
MACs differ from digital signatures as MAC values are both generated and verified using the same
secret key. This implies that the sender and receiver of a message must agree on the same key
before initiating communications, as is the case with symmetric encryption. For the same reason,
MACs do not provide the property of non-repudiation offered by signatures specifically in the case
of a network-wide shared secret key: any user who can verify a MAC is also capable of generating
MACs for other messages.
In contrast, a digital signature is generated using the private key of a key pair, which is asymmetric
encryption. Since this private key is only accessible to its holder, a digital signature proves that a
document was signed by none other than that holder. Thus, digital signatures do offer nonrepudiation.
The following answers are incorrect:
PAM - Pluggable Authentication Module: This isn't the right answer. There is no known message
authentication function called a PAM. However, a pluggable authentication module (PAM) is a
mechanism to integrate multiple low-level authentication schemes and commonly used within the
Linux Operating System.
NAM - Negative Acknowledgement Message: This isn't the right answer. There is no known
message authentication function called a NAM. The proper term for a negative acknowledgement
is NAK, it is a signal used in digital communications to ensure that data is received with a
minimum of errors.
Digital Signature Certificate: This isn't right. As it is explained and contrasted in the explanations
provided above.
The following reference(s) was used to create this question:
The CCCure Computer Based Tutorial for Security+, you can subscribe at http://www.cccure.tv
Which of the following is true about link encryption?
A. Each entity has a common key with the destination node. B. Encrypted messages are only decrypted by the final node. C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. D. Only secure nodes are used in this type of transmission.
Answer: C
Explanation:
In link encryption, each entity has keys in common with its two neighboring nodes in the
transmission chain.
Thus, a node receives the encrypted message from its predecessor, decrypts it, and then re773
encrypts it with a new key, common to the successor node. Obviously, this mode does not provide
protection if anyone of the nodes along the transmission path is compromised.
Encryption can be performed at different communication levels, each with different types of
protection and implications. Two general modes of encryption implementation are link encryption
and end-to-end encryption.
Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3
line, or telephone circuit. Not only is the user information encrypted, but the header, trailers,
addresses, and routing data that are part of the packets are also encrypted. The only traffic not
encrypted in this technology is the data link control messaging information, which includes
instructions and parameters that the different link devices use to synchronize communication
methods. Link encryption provides protection against packet sniffers and eavesdroppers.
In end-to-end encryption, the headers, addresses, routing, and trailer information are not
encrypted, enabling attackers to learn more about a captured packet and where it is headed.
Which of the following answers is described as a random value used in cryptographic algorithmsto ensure that patterns are not created during the encryption process?
A. IV - Initialization Vector B. Stream Cipher C. OTP - One Time Pad D. Ciphertext
Answer: A
Explanation:
The basic power in cryptography is randomness. This uncertainty is why encrypted data is
unusable to someone without the key to decrypt.
Initialization Vectors are a used with encryption keys to add an extra layer of randomness to
encrypted data. If no IV is used the attacker can possibly break the keyspace because of patterns
resulting in the encryption process. Implementation such as DES in Code Book Mode (CBC)
would allow frequency analysis attack to take place.
In cryptography, an initialization vector (IV) or starting variable (SV)is a fixed-size input to a
cryptographic primitive that is typically required to be random or pseudorandom. Randomization is
crucial for encryption schemes to achieve semantic security, a property whereby repeated usage
of the scheme under the same key does not allow an attacker to infer relationships between
segments of the encrypted message. For block ciphers, the use of an IV is described by so-called
modes of operation. Randomization is also required for other primitives, such as universal hash
functions and message authentication codes based thereon.
It is define by TechTarget as:
An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data
encryption. This number, also called a nonce, is employed only one time in any session.
The use of an IV prevents repetition in data encryption, making it more difficult for a hacker using a
dictionary attack to find patterns and break a cipher. For example, a sequence might appear twice
or more within the body of a message. If there are repeated sequences in encrypted data, an
attacker could assume that the corresponding sequences in the message were also identical. The
IV prevents the appearance of corresponding duplicate character sequences in the ciphertext.
The following answers are incorrect:
- Stream Cipher: This isn't correct. A stream cipher is a symmetric key cipher where plaintext digits
are combined with pseudorandom key stream to product cipher text.
- OTP - One Time Pad: This isn't correct but OTP is made up of random values used as key
material. (Encryption key) It is considered by most to be unbreakable but must be changed with a
new key after it is used which makes it impractical for common use.
- Ciphertext: Sorry, incorrect answer. Ciphertext is basically text that has been encrypted with key
material (Encryption key)
The following reference(s) was used to create this question:
For more details on this TOPIC and other QUESTION NO: s of the Security+ CBK, subscribe to
Which type of encryption is considered to be unbreakable if the stream is truly random and is aslarge as the plaintext and never reused in whole or part?
A. One Time Pad (OTP) B. One time Cryptopad (OTC) C. Cryptanalysis D. Pretty Good Privacy (PGP)
Answer: A
Explanation:
OTP or One Time Pad is considered unbreakable if the key is truly random and is as large as the
plaintext and never reused in whole or part AND kept secret.
In cryptography, a one-time pad is a system in which a key generated randomly is used only once
to encrypt a message that is then decrypted by the receiver using the matching one-time pad and
key. Messages encrypted with keys based on randomness have the advantage that there is
theoretically no way to "break the code" by analyzing a succession of messages. Each encryption
is unique and bears no relation to the next encryption so that some pattern can be detected.
With a one-time pad, however, the decrypting party must have access to the same key used to
encrypt the message and this raises the problem of how to get the key to the decrypting party
safely or how to keep both keys secure. One-time pads have sometimes been used when the both
parties started out at the same physical location and then separated, each with knowledge of the
keys in the one-time pad. The key used in a one-time pad is called a secret key because if it is
revealed, the messages encrypted with it can easily be deciphered.
One-time pads figured prominently in secret message transmission and espionage before and
during World War II and in the Cold War era. On the Internet, the difficulty of securely controlling
secret keys led to the invention of public key cryptography.
The biggest challenge with OTP was to get the pad security to the person or entity you wanted to
communicate with. It had to be done in person or using a trusted courrier or custodian. It certainly
did not scale up very well and it would not be usable for large quantity of data that needs to be
encrypted as we often time have today.
The following answers are incorrect:
- One time Cryptopad: Almost but this isn't correct. Cryptopad isn't a valid term in cryptography.
- Cryptanalysis: Sorry, incorrect. Cryptanalysis is the process of analyzing information in an effort
to breach the cryptographic security systems.
- PGP - Pretty Good Privacy: PGP, written by Phil Zimmermann is a data encryption and
decryption program that provides cryptographic privacy and authentication for data. Still isn't the
right answer though. Read more here about PGP.
The following reference(s) was used to create this question:
To get more info on this QUESTION NO: s or any QUESTION NO: s of Security+, subscribe to the
Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credi card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?
A. SSH ( Secure Shell) B. S/MIME (Secure MIME) C. SET (Secure Electronic Transaction) D. SSL (Secure Sockets Layer)
Answer: C
Explanation:
As protocol was introduced by Visa and Mastercard to allow for more credit card transaction
possibilities. It is comprised of three different pieces of software, running on the customer's PC (an
electronic wallet), on the merchant's Web server and on the payment server of the merchant's
bank. The credit card information is sent by the customer to the merchant's Web server, but it
does not open it and instead digitally signs it and sends it to its bank's payment server for
processing.
The following answers are incorrect because :
SSH (Secure Shell) is incorrect as it functions as a type of tunneling mechanism that provides
terminal like access to remote computers.
S/MIME is incorrect as it is a standard for encrypting and digitally signing electronic mail and for
providing secure data transmissions.
SSL is incorrect as it uses public key encryption and provides data encryption, server
authentication, message integrity, and optional client authentication.
When we encrypt or decrypt data there is a basic operation involving ones and zeros where theyare compared in a process that looks something like this:0101 0001 Plain text0111 0011 Key stream0010 0010 OutputWhat is this cryptographic operation called?
A. Exclusive-OR B. Bit Swapping C. Logical-NOR D. Decryption
Answer: A
Explanation:
When we encrypt data we are basically taking the plaintext information and applying some key
material or keystream and conducting something called an XOR or Exclusive-OR operation.
The symbol used for XOR is the following: This is a type of cipher known as a stream cipher.
The operation looks like this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output (ciphertext)
As you can see, it's not simple addition and the XOR Operation uses something called a truth
table that explains why 0+1=1 and 1+1=0.
The rules are simples, if both bits are the same the result is zero, if both bits are not the same the
result is one.
The following answers are incorrect:
- Bit Swapping: Incorrect. This isn't a known cryptographic operations.
- Logical NOR: Sorry, this isn't correct but is where only 0+0=1. All other combinations of 1+1, 1+0
equals 0. More on NOR here.
- Decryption: Sorry, this is the opposite of the process of encryption or, the process of applying the
keystream to the plaintext to get the resulting encrypted text.
The following reference(s) was used to create this question:
For more details on XOR and all other QUESTION NO: s of cryptography. Subscribe to our holistic
The Diffie-Hellman algorithm is primarily used to provide which of the following?
A. Confidentiality B. Key Agreement C. Integrity D. Non-repudiation
Answer: B
Explanation:
Diffie and Hellman describe a means for two parties to agree upon a shared secret in such a way
that the secret will be unavailable to eavesdroppers. This secret may then be converted into
cryptographic keying material for other (symmetric) algorithms. A large number of minor variants of
this process exist. See RFC 2631 Diffie-Hellman Key Agreement Method for more details.
In 1976, Diffie and Hellman were the first to introduce the notion of public key cryptography,
requiring a system allowing the exchange of secret keys over non-secure channels. The DiffieHellman algorithm is used for key exchange between two parties communicating with each other,
it cannot be used for encrypting and decrypting messages, or digital signature.
Diffie and Hellman sought to address the issue of having to exchange keys via courier and other
unsecure means. Their efforts were the FIRST asymmetric key agreement algorithm. Since the
Diffie-Hellman algorithm cannot be used for encrypting and decrypting it cannot provide
confidentiality nor integrity. This algorithm also does not provide for digital signature functionality
and thus non-repudiation is not a choice.
NOTE: The DH algorithm is susceptible to man-in-the-middle attacks.
KEY AGREEMENT VERSUS KEY EXCHANGE
A key exchange can be done multiple way. It can be done in person, I can generate a key and
then encrypt the key to get it securely to you by encrypting it with your public key. A Key
Agreement protocol is done over a public medium such as the internet using a mathematical
formula to come out with a common value on both sides of the communication link, without the
ennemy being able to know what the common agreement is.
The following answers were incorrect:
All of the other choices were not correct choices
Reference(s) used for this question:
Shon Harris, CISSP All In One (AIO), 6th edition . Chapter 7, Cryptography, Page 812.
You work in a police department forensics lab where you examine computers for evidence ofcrimes. Your work is vital to the success of the prosecution of criminals.One day you receive a laptop and are part of a two man team responsible for examining ittogether. However, it is lunch time and after receiving the laptop you leave it on your desk and youboth head out to lunch.What critical step in forensic evidence have you forgotten?
A. Chain of custody B. Locking the laptop in your desk C. Making a disk image for examination D. Cracking the admin password with chntpw
Answer: A
Explanation:
When evidence from a crime is to be used in the prosecution of a criminal it is critical that you
follow the law when handling that evidence. Part of that process is called chain of custody and is
when you maintain proactive and documented control over ALL evidence involved in a crime.
Failure to do this can lead to the dismissal of charges against a criminal because if the evidence is
compromised because you failed to maintain of chain of custody.
A chain of custody is chronological documentation for evidence in a particular case, and is
especially important with electronic evidence due to the possibility of fraudulent data alteration,
deletion, or creation. A fully detailed chain of custody report is necessary to prove the physical
custody of a piece of evidence and show all parties that had access to said evidence at any given
time.
Evidence must be protected from the time it is collected until the time it is presented in court.
The following answers are incorrect:
- Locking the laptop in your desk: Even this wouldn't assure that the defense team would try to
challenge chain of custody handling. It's usually easy to break into a desk drawer and evidence
should be stored in approved safes or other storage facility.
- Making a disk image for examination: This is a key part of system forensics where we make a
disk image of the evidence system and study that as opposed to studying the real disk drive. That
could lead to loss of evidence. However if the original evidence is not secured than the chain of
custoday has not been maintained properly.
- Cracking the admin password with chntpw: This isn't correct. Your first mistake was to
compromise the chain of custody of the laptop. The chntpw program is a Linux utility to (re)set the
password of any user that has a valid (local) account on a Windows system, by modifying the
crypted password in the registry's SAM file. You do not need to know the old password to set a
new one. It works offline which means you must have physical access (i.e., you have to shutdown
your computer and boot off a linux floppy disk). The bootdisk includes stuff to access NTFS
partitions and scripts to glue the whole thing together. This utility works with SYSKEY and includes
the option to turn it off. A bootdisk image is provided on their website at
What is NOT true about a one-way hashing function?
A. It provides authentication of the message B. A hash cannot be reverse to get the message used to create the hash C. The results of a one-way hash is a message digest D. It provides integrity of the message
Answer: A
Explanation:
A one way hashing function can only be use for the integrity of a message and not for
authentication or confidentiality. Because the hash creates just a fingerprint of the message which
cannot be reversed and it is also very difficult to create a second message with the same hash.
A hash by itself does not provide Authentication. It only provides a weak form or integrity. It would
be possible for an attacker to perform a Man-In-The-Middle attack where both the hash and the
digest could be changed without the receiver knowing it.
A hash combined with your session key will produce a Message Authentication Code (MAC) which
will provide you with both authentication of the source and integrity. It is sometimes referred to as
a Keyed Hash.
A hash encrypted with the sender private key produce a Digital Signature which provide
authentication, but not the hash by itself.
Hashing functions by themselves such as MD5, SHA1, SHA2, SHA-3 does not provide
This type of attack is generally most applicable to public-key cryptosystems, what type of attackam I ?
A. Chosen-Ciphertext attack B. Ciphertext-only attack C. Plaintext Only Attack D. Adaptive-Chosen-Plaintext attack
Answer: A
Explanation:
A chosen-ciphertext attack is one in which cryptanalyst may choose a piece of ciphertext and
attempt to obtain the corresponding decrypted plaintext. This type of attack is generally most
applicable to public-key cryptosystems.
A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst
gathers information, at least in part, by choosing a ciphertext and obtaining its decryption under an
unknown key. In the attack, an adversary has a chance to enter one or more known ciphertexts
into the system and obtain the resulting plaintexts. From these pieces of information the adversary
can attempt to recover the hidden secret key used for decryption.
A number of otherwise secure schemes can be defeated under chosen-ciphertext attack. For
example, the El Gamal cryptosystem is semantically secure under chosen-plaintext attack, but this
semantic security can be trivially defeated under a chosen-ciphertext attack. Early versions of RSA
padding used in the SSL protocol were vulnerable to a sophisticated adaptive chosen-ciphertext
attack which revealed SSL session keys. Chosen-ciphertext attacks have implications for some
self-synchronizing stream ciphers as well. Designers of tamper-resistant cryptographic smart
cards must be particularly cognizant of these attacks, as these devices may be completely under
the control of an adversary, who can issue a large number of chosen-ciphertexts in an attempt to
recover the hidden secret key.
According to RSA:
Cryptanalytic attacks are generally classified into six categories that distinguish the kind of
information the cryptanalyst has available to mount an attack. The categories of attack are listed
here roughly in increasing order of the quality of information available to the cryptanalyst, or,
equivalently, in decreasing order of the level of difficulty to the cryptanalyst. The objective of the
cryptanalyst in all cases is to be able to decrypt new pieces of ciphertext without additional
information. The ideal for a cryptanalyst is to extract the secret key.
A ciphertext-only attack is one in which the cryptanalyst obtains a sample of ciphertext, without the
plaintext associated with it. This data is relatively easy to obtain in many scenarios, but a
successful ciphertext-only attack is generally difficult, and requires a very large ciphertext sample.
Such attack was possible on cipher using Code Book Mode where frequency analysis was being
used and even thou only the ciphertext was available, it was still possible to eventually collect
enough data and decipher it without having the key.
A known-plaintext attack is one in which the cryptanalyst obtains a sample of ciphertext and the
corresponding plaintext as well. The known-plaintext attack (KPA) or crib is an attack model for
cryptanalysis where the attacker has samples of both the plaintext and its encrypted version
(ciphertext), and is at liberty to make use of them to reveal further secret information such as
secret keys and code books.
A chosen-plaintext attack is one in which the cryptanalyst is able to choose a quantity of plaintext
and then obtain the corresponding encrypted ciphertext. A chosen-plaintext attack (CPA) is an
attack model for cryptanalysis which presumes that the attacker has the capability to choose
arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. The goal of the
attack is to gain some further information which reduces the security of the encryption scheme. In
the worst case, a chosen-plaintext attack could reveal the scheme's secret key.
This appears, at first glance, to be an unrealistic model; it would certainly be unlikely that an
attacker could persuade a human cryptographer to encrypt large amounts of plaintexts of the
attacker's choosing. Modern cryptography, on the other hand, is implemented in software or
hardware and is used for a diverse range of applications; for many cases, a chosen-plaintext
attack is often very feasible. Chosen-plaintext attacks become extremely important in the context
of public key cryptography, where the encryption key is public and attackers can encrypt any
plaintext they choose.
Any cipher that can prevent chosen-plaintext attacks is then also guaranteed to be secure against
known-plaintext and ciphertext-only attacks; this is a conservative approach to security.
Two forms of chosen-plaintext attack can be distinguished:
Batch chosen-plaintext attack, where the cryptanalyst chooses all plaintexts before any of them
are encrypted. This is often the meaning of an unqualified use of "chosen-plaintext attack".
Adaptive chosen-plaintext attack, is a special case of chosen-plaintext attack in which the
cryptanalyst is able to choose plaintext samples dynamically, and alter his or her choices based on
the results of previous encryptions. The cryptanalyst makes a series of interactive queries,
choosing subsequent plaintexts based on the information from the previous encryptions.
Non-randomized (deterministic) public key encryption algorithms are vulnerable to simple
"dictionary"-type attacks, where the attacker builds a table of likely messages and their
corresponding ciphertexts. To find the decryption of some observed ciphertext, the attacker simply
looks the ciphertext up in the table. As a result, public-key definitions of security under chosenplaintext attack require probabilistic encryption (i.e., randomized encryption). Conventional
symmetric ciphers, in which the same key is used to encrypt and decrypt a text, may also be
vulnerable to other forms of chosen-plaintext attack, for example, differential cryptanalysis of block
ciphers.
An adaptive-chosen-ciphertext is the adaptive version of the above attack. A cryptanalyst can
mount an attack of this type in a scenario in which he has free use of a piece of decryption
hardware, but is unable to extract the decryption key from it.
An adaptive chosen-ciphertext attack (abbreviated as CCA2) is an interactive form of chosenciphertext attack in which an attacker sends a number of ciphertexts to be decrypted, then uses
the results of these decryptions to select subsequent ciphertexts. It is to be distinguished from an
indifferent chosen-ciphertext attack (CCA1).
The goal of this attack is to gradually reveal information about an encrypted message, or about the
decryption key itself. For public-key systems, adaptive-chosen-ciphertexts are generally applicable
only when they have the property of ciphertext malleability — that is, a ciphertext can be modified
in specific ways that will have a predictable effect on the decryption of that message.
A Plaintext Only Attack is simply a bogus detractor. If you have the plaintext only then there is no
need to perform any attack.
References:
RSA Laboratories FAQs about today's cryptography: What are some of the basic types of
Which of the following concerning the Rijndael block cipher algorithm is false?
A. The design of Rijndael was strongly influenced by the design of the block cipher Square. B. A total of 25 combinations of key length and block length are possible C. Both block size and key length can be extended to multiples of 64 bits. D. The cipher has a variable block length and key length.
Answer: C
Explanation:
The answer above is the correct answer because it is FALSE. Rijndael does not support multiples
of 64 bits but multiples of 32 bits in the range of 128 bits to 256 bits. Key length could be 128, 160,
192, 224, and 256.
Both block length and key length can be extended very easily to multiples of 32 bits. For a total
combination of 25 different block and key size that are possible.
The Rijndael Cipher
Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen as a candidate
algorithm for the Advanced Encryption Standard (AES) in the United States of America. The cipher
has a variable block length and key length.
Rijndael can be implemented very efficiently on a wide range of processors and in hardware.
The design of Rijndael was strongly influenced by the design of the block cipher Square.
The Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) keys are defined to be either 128, 192, or 256 bits in
accordance with the requirements of the AES.
The number of rounds, or iterations of the main algorithm, can vary from 10 to 14 within the
Advanced Encryption Standard (AES) and is dependent on the block size and key length. 128 bits
keys uses 10 rounds or encryptions, 192 bits keys uses 12 rounds of encryption, and 256 bits keys
uses 14 rounds of encryption.
The low number of rounds has been one of the main criticisms of Rijndael, but if this ever
becomes a problem the number of rounds can easily be increased at little extra cost performance
wise by increasing the block size and key length.
Range of key and block lengths in Rijndael and AES
Rijndael and AES differ only in the range of supported values for the block length and cipher key
length.
For Rijndael, the block length and the key length can be independently specified to any multiple of
32 bits, with a minimum of 128 bits, and a maximum of 256 bits. The support for block and key
lengths 160 and 224 bits was introduced in Joan Daemen and Vincent Rijmen, AES submission
document on Rijndael, Version 2, September 1999 available at
FIPS PUB 197, Advanced Encryption Standard (AES), National Institute of Standards and
Technology, U.S. Department of Commerce, November 2001.
Question # 41
What is the name of a one way transformation of a string of characters into a usually shorter fixedlength value or key that represents the original string? Such a transformation cannot be reversed?
A. One-way hash B. DES C. Transposition D. Substitution
Answer: A
Explanation:
A cryptographic hash function is a transformation that takes an input (or 'message') and returns a
fixed-size string, which is called the hash value (sometimes termed a message digest, a digital
fingerprint, a digest or a checksum).
The ideal hash function has three main properties - it is extremely easy to calculate a hash for any
given data, it is extremely difficult or almost impossible in a practical sense to calculate a text that
has a given hash, and it is extremely unlikely that two different messages, however close, will
have the same hash.
Functions with these properties are used as hash functions for a variety of purposes, both within
and outside cryptography. Practical applications include message integrity checks, digital
signatures, authentication, and various information security applications. A hash can also act as a
concise representation of the message or document from which it was computed, and allows easy
indexing of duplicate or unique data files.
In various standards and applications, the two most commonly used hash functions are MD5 and
SHA-1. In 2005, security flaws were identified in both of these, namely that a possible
mathematical weakness might exist, indicating that a stronger hash function would be desirable. In
2007 the National Institute of Standards and Technology announced a contest to design a hash
function which will be given the name SHA-3 and be the subject of a FIPS standard.
A hash function takes a string of any length as input and produces a fixed length string which acts
as a kind of "signature" for the data provided. In this way, a person knowing the hash is unable to
work out the original message, but someone knowing the original message can prove the hash is
created from that message, and none other. A cryptographic hash function should behave as
much as possible like a random function while still being deterministic and efficiently computable.
A cryptographic hash function is considered "insecure" from a cryptographic point of view, if either
of the following is computationally feasible:
finding a (previously unseen) message that matches a given digest
finding "collisions", wherein two different messages have the same message digest.
An attacker who can do either of these things might, for example, use them to substitute an
authorized message with an unauthorized one.
Ideally, it should not even be feasible to find two messages whose digests are substantially
similar; nor would one want an attacker to be able to learn anything useful about a message given
only its digest. Of course the attacker learns at least one piece of information, the digest itself,
which for instance gives the attacker the ability to recognise the same message should it occur
again.
REFERENCES:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, 2001, John Wiley & Sons, Pages 40-41.
What kind of Encryption technology does SSL utilize?
A. Secret or Symmetric key B. Hybrid (both Symmetric and Asymmetric) C. Public Key D. Private key
Answer: B
Explanation:
SSL use public-key cryptography to secure session key, while the session key (secret key) is used
to secure the whole session taking place between both parties communicating with each other.
The SSL protocol was originally developed by Netscape. Version 1.0 was never publicly released;
version 2.0 was released in February 1995 but "contained a number of security flaws which
ultimately led to the design of SSL version 3.0." SSL version 3.0, released in 1996, was a
complete redesign of the protocol produced by Paul Kocher working with Netscape engineers Phil
Karlton and Alan Freier.
All of the other answers are incorrect
Question # 43
The computations involved in selecting keys and in enciphering data are complex, and are notpractical for manual use. However, using mathematical properties of modular arithmetic and amethod known as "_________________," RSA is quite feasible for computer use.
A. computing in Galois fields B. computing in Gladden fields C. computing in Gallipoli fields D. computing in Galbraith fields
Answer: A
Explanation:
The computations involved in selecting keys and in enciphering data are complex, and are not
practical for manual use. However, using mathematical properties of modular arithmetic and a
method known as computing in Galois fields, RSA is quite feasible for computer use.
Source: FITES, Philip E., KRATZ, Martin P., Information Systems Security: A Practitioner's
Reference, 1993, Van Nostrand Reinhold, page 44.
Question # 44
Which of the following is true about digital certificate?
A. It is the same as digital signature proving Integrity and Authenticity of the data B. Electronic credential proving that the person the certificate was issued to is who they claim to be C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user. D. Can't contain geography data such as country for example.
Answer: B
Explanation:
Digital certificate helps others verify that the public keys presented by users are genuine and valid.
It is a form of Electronic credential proving that the person the certificate was issued to is who they
claim to be.
The certificate is used to identify the certificate holder when conducting electronic transactions.
It is issued by a certification authority (CA). It contains the name of an organization or individual,
the business address, a serial number, expiration dates, a copy of the certificate holder's public
key (used for encrypting messages), and the digital signature of the certificate-issuing authority so
that a recipient can verify that the certificate is real. Some digital certificates conform to a
standard, X.509. Digital certificates can be kept in registries so that authenticating users can look
up other users' public keys.
Digital certificates are key to the PKI process. The digital certificate serves two roles. First, it
ensures the integrity of the public key and makes sure that the key remains unchanged and in a
valid state. Second, it validates that the public key is tied to the stated owner and that all
associated information is true and correct. The information needed to accomplish these goals is
added into the digital certificate.
A Certificate Authority (CA) is an entity trusted by one or more users as an authority in a network
that issues, revokes, and manages digital certificates.
A Registration Authority (RA) performs certificate registration services on behalf of a CA. The RA,
a single purpose server, is responsible for the accuracy of the information contained in a certificate
request. The RA is also expected to perform user validation before issuing a certificate request.
A Digital Certificate is not like same as a digital signature, they are two different things, a digital
Signature is created by using your Private key to encrypt a message digest and a Digital
Certificate is issued by a trusted third party who vouch for your identity.
There are many other third parties which are providing Digital Certifictes and not just Verisign,
RSA.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
Which of the following statements is most accurate regarding a digital signature?
A. It is a method used to encrypt confidential data. B. It is the art of transferring handwritten signature to electronic media. C. It allows the recipient of data to prove the source and integrity of data. D. It can be used as a signature system and a cryptosystem.
Answer: C
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 46
The Data Encryption Algorithm performs how many rounds of substitution and permutation?
A. 4 B. 16 C. 54 D. 64
Answer: B
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 47
Which of the following is NOT a property of a one-way hash function?
A. It converts a message of a fixed length into a message digest of arbitrary length. B. It is computationally infeasible to construct two different messages with the same digest. C. It converts a message of arbitrary length into a message digest of a fixed length. D. Given a digest value, it is computationally infeasible to find the corresponding message.
Answer: A
Explanation:
An algorithm that turns messages or text into a fixed string of digits, usually for security or data
management purposes. The "one way" means that it's nearly impossible to derive the original text
from the string.
A one-way hash function is used to create digital signatures, which in turn identify and
authenticate the sender and message of a digitally distributed message.
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and
returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional
change to the data will change the hash value. The data to be encoded is often called the
"message," and the hash value is sometimes called the message digest or simply digest.
The ideal cryptographic hash function has four main or significant properties:
it is easy (but not necessarily quick) to compute the hash value for any given message
it is infeasible to generate a message that has a given hash
it is infeasible to modify a message without changing the hash
it is infeasible to find two different messages with the same hash
Cryptographic hash functions have many information security applications, notably in digital
signatures, message authentication codes (MACs), and other forms of authentication. They can
also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect
duplicate data or uniquely identify files, and as checksums to detect accidental data corruption.
Indeed, in information security contexts, cryptographic hash values are sometimes called (digital)
fingerprints, checksums, or just hash values, even though all these terms stand for functions with
rather different properties and purposes.
Source:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Which of the following can best be defined as a cryptanalysis technique in which the analyst triesto determine the key from knowledge of some plaintext-ciphertext pairs?
A. A known-plaintext attack B. A known-algorithm attack C. A chosen-ciphertext attack D. A chosen-plaintext attack
Answer: A
Explanation:
RFC2828 (Internet Security Glossary) defines a known-plaintext attack as a cryptanalysis
technique in which the analyst tries to determine the key from knowledge of some plaintextciphertext pairs (although the analyst may also have other clues, such as the knowing the
cryptographic algorithm). A chosen-ciphertext attack is defined as a cryptanalysis technique in
which the analyst tries to determine the key from knowledge of plaintext that corresponds to
ciphertext selected (i.e., dictated) by the analyst. A chosen-plaintext attack is a cryptanalysis
technique in which the analyst tries to determine the key from knowledge of ciphertext that
corresponds to plaintext selected (i.e., dictated) by the analyst. The other choice is a distracter.
The following are incorrect answers:
A chosen-plaintext attacks
The attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to
see the corresponding ciphertext. This gives her more power and possibly a deeper understanding
of the way the encryption process works so she can gather more information about the key being
used. Once the key is discovered, other messages encrypted with that key can be decrypted.
A chosen-ciphertext attack
In chosen-ciphertext attacks, the attacker can choose the ciphertext to be decrypted and has
access to the resulting decrypted plaintext. Again, the goal is to figure out the key. This is a harder
attack to carry out compared to the previously mentioned attacks, and the attacker may need to
have control of the system that contains the cryptosystem.
A known-algorithm attack
Knowing the algorithm does not give you much advantage without knowing the key. This is a
bogus detractor. The algorithm should be public, which is the Kerckhoffs's Principle . The only
secret should be the key.
Reference(s) used for this question:
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Which of the following can best be defined as a key distribution protocol that uses hybridencryption to convey session keys. This protocol establishes a long-term key once, and thenrequires no prior communication in order to establish or exchange keys on a session-by-sessionbasis?
A. Internet Security Association and Key Management Protocol (ISAKMP) B. Simple Key-management for Internet Protocols (SKIP) C. Diffie-Hellman Key Distribution Protocol D. IPsec Key exchange (IKE)
Answer: B
Explanation:
RFC 2828 (Internet Security Glossary) defines Simple Key Management for Internet Protocols
(SKIP) as:
A key distribution protocol that uses hybrid encryption to convey session keys that are used to
encrypt data in IP packets.
SKIP is an hybrid Key distribution protocol similar to SSL, except that it establishes a long-term
key once, and then requires no prior communication in order to establish or exchange keys on a
session-by-session basis. Therefore, no connection setup overhead exists and new keys values
are not continually generated. SKIP uses the knowledge of its own secret key or private
component and the destination's public component to calculate a unique key that can only be used
between them.
IKE stand for Internet Key Exchange, it makes use of ISAKMP and OAKLEY internally.
Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in
the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509
certificates for authentication and a Diffie–Hellman key exchange to set up a shared session
secret from which cryptographic keys are derived.
The following are incorrect answers:
ISAKMP is an Internet IPsec protocol to negotiate, establish, modify, and delete security
associations, and to exchange key generation and authentication data, independent of the details
of any specific key generation technique, key establishment protocol, encryption algorithm, or
authentication mechanism.
IKE is an Internet, IPsec, key-establishment protocol (partly based on OAKLEY) that is intended
for putting in place authenticated keying material for use with ISAKMP and for other security
associations, such as in AH and ESP.
IPsec Key exchange (IKE) is only a detracto.
Reference(s) used for this question:
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Which of the following can best define the "revocation request grace period"?
A. The period of time allotted within which the user must make a revocation request upon a revocation reason B. Minimum response time for performing a revocation by the CA C. Maximum response time for performing a revocation by the CA D. Time period between the arrival of a revocation request and the publication of the revocation information
Answer: D
Explanation:
The length of time between the Issuer’s receipt of a revocation request and the time the Issuer is
required to revoke the certificate should bear a reasonable relationship to the amount of risk the
participants are willing to assume that someone may rely on a certificate for which a proper
evocation request has been given but has not yet been acted upon.
How quickly revocation requests need to be processed (and CRLs or certificate status databases
need to be updated) depends upon the specific application for which the Policy Authority is rafting
the Certificate Policy.
A Policy Authority should recognize that there may be risk and lost tradeoffs with respect to grace
periods for revocation notices.
If the Policy Authority determines that its PKI participants are willing to accept a grace period of a
few hours in exchange for a lower implementation cost, the Certificate Policy may reflect that
decision.
Question # 52
Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based onOAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMPand for other security associations?
A. Internet Key exchange (IKE) B. Security Association Authentication Protocol (SAAP) C. Simple Key-management for Internet Protocols (SKIP) D. Key Exchange Algorithm (KEA)
Answer: A
Explanation:
RFC 2828 (Internet Security Glossary) defines IKE as an Internet, IPsec, key-establishment
protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying
material for use with ISAKMP and for other security associations, such as in AH and ESP.
The following are incorrect answers:
SKIP is a key distribution protocol that uses hybrid encryption to convey session keys that are
used to encrypt data in IP packets.
The Key Exchange Algorithm (KEA) is defined as a key agreement algorithm that is similar to the
Diffie-Hellman algorithm, uses 1024-bit asymmetric keys, and was developed and formerly
classified at the secret level by the NSA.
Security Association Authentication Protocol (SAAP) is a distracter.
Reference(s) used for this question:
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 53
Which of the following is defined as a key establishment protocol based on the Diffie-Hellmanalgorithm proposed for IPsec but superseded by IKE?
A. Diffie-Hellman Key Exchange Protocol B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY
Answer: D
Explanation:
RFC 2828 (Internet Security Glossary) defines OAKLEY as a key establishment protocol
(proposed for IPsec but superseded by IKE) based on the Diffie-Hellman algorithm and designed
to be a compatible component of ISAKMP.
ISAKMP is an Internet IPsec protocol to negotiate, establish, modify, and delete security
associations, and to exchange key generation and authentication data, independent of the details
of any specific key generation technique, key establishment protocol, encryption algorithm, or
authentication mechanism.
SKIP is a key distribution protocol that uses hybrid encryption to convey session keys that are
used to encrypt data in IP packets.
ISAKMP provides a framework for authentication and key exchange but does not define them.
ISAKMP is designed to be key exchange independant; that is, it is designed to support many
different key exchanges.
Oakley and SKEME each define a method to establish an authenticated key exchange. This
includes payloads construction, the information payloads carry, the order in which they are
processed and how they are used.
Oakley describes a series of key exchanges-- called modes and details the services provided by
each (e.g. perfect forward secrecy for keys, identity protection, and authentication).
SKEME describes a versatile key exchange technique which provides anonymity, repudiability,
and quick key refreshment.
RFC 2049 describes the IKE protocol using part of Oakley and part of SKEME in conjunction with
ISAKMP to obtain authenticated keying material for use with ISAKMP, and for other security
associations such as AH and ESP for the IETF IPsec DOI.
While Oakley defines "modes", ISAKMP defines "phases". The relationship between the two is
very straightforward and IKE presents different exchanges as modes which operate in one of two
phases.
Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to
communicate. This is called the ISAKMP Security Association (SA). "Main Mode" and "Aggressive
Mode" each accomplish a phase 1 exchange. "Main Mode" and "Aggressive Mode" MUST ONLY
be used in phase 1.
Phase 2 is where Security Associations are negotiated on behalf of services such as IPsec or any
other service which needs key material and/or parameter negotiation. "Quick Mode" accomplishes
a phase 2 exchange. "Quick Mode" MUST ONLY be used in phase 2.
References:
CISSP: Certified Information Systems Security Professional Study Guide By James Michael
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
The All-in-one CISSP Exam Guide, 3rd Edition, by Shon Harris, page 674
The CISSP and CAP Prep Guide, Platinum Edition, by Krutz and Vines
Question # 54
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and deletesecurity associations, and to exchange key generation and authentication data, independent of thedetails of any specific key generation technique, key establishment protocol, encryption algorithm,or authentication mechanism?
A. OAKLEY B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. IPsec Key exchange (IKE)
Answer: B
Explanation:
RFC 2828 (Internet Security Glossary) defines the Internet Security Association and Key
Management Protocol (ISAKMP) as an Internet IPsec protocol to negotiate, establish, modify, and
delete security associations, and to exchange key generation and authentication data,
independent of the details of any specific key generation technique, key establishment protocol,
encryption algorithm, or authentication mechanism.
Let's clear up some confusion here first. Internet Key Exchange (IKE) is a hybrid protocol, it
consists of 3 "protocols"
ISAKMP: It's not a key exchange protocol per se, it's a framework on which key exchange
protocols operate. ISAKMP is part of IKE. IKE establishs the shared security policy and
authenticated keys. ISAKMP is the protocol that specifies the mechanics of the key exchange.
Oakley: Describes the "modes" of key exchange (e.g. perfect forward secrecy for keys, identity
protection, and authentication). Oakley describes a series of key exchanges and services.
SKEME: Provides support for public-key-based key exchange, key distribution centres, and
manual installation, it also outlines methods of secure and fast key refreshment.
So yes, IPSec does use IKE, but ISAKMP is part of IKE.
The questions did not ask for the actual key negotiation being done but only for the "exchange of
key generation and authentication data" being done. Under Oakly it would be Diffie Hellman (DH)
that would be used for the actual key nogotiation.
The following are incorrect answers:
Simple Key-management for Internet Protocols (SKIP) is a key distribution protocol that uses
hybrid encryption to convey session keys that are used to encrypt data in IP packets.
OAKLEY is a key establishment protocol (proposed for IPsec but superseded by IKE) based on
the Diffie-Hellman algorithm and designed to be a compatible component of ISAKMP.
IPsec Key Exchange (IKE) is an Internet, IPsec, key-establishment protocol [R2409] (partly based
on OAKLEY) that is intended for putting in place authenticated keying material for use with
ISAKMP and for other security associations, such as in AH and ESP.
Reference used for this question:
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 55
Which of the following can be best defined as computing techniques for inseparably embeddingunobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?
A. Steganography B. Digital watermarking C. Digital enveloping D. Digital signature
Answer: B
Explanation:
RFC 2828 (Internet Security Glossary) defines digital watermarking as computing techniques for
inseparably embedding unobtrusive marks or labels as bits in digital data-text, graphics, images,
video, or audio#and for detecting or extracting the marks later. The set of embedded bits (the
digital watermark) is sometimes hidden, usually imperceptible, and always intended to be
unobtrusive. It is used as a measure to protect intellectual property rights. Steganography involves
hiding the very existence of a message. A digital signature is a value computed with a
cryptographic algorithm and appended to a data object in such a way that any recipient of the data
can use the signature to verify the data's origin and integrity. A digital envelope is a combination of
encrypted data and its encryption key in an encrypted form that has been prepared for use of the
recipient.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 56
What can be defined as a value computed with a cryptographic algorithm and appended to a dataobject in such a way that any recipient of the data can use the signature to verify the data's originand integrity?
A. A digital envelope B. A cryptographic hash C. A Message Authentication Code D. A digital signature
Answer: D
Explanation:
RFC 2828 (Internet Security Glossary) defines a digital signature as a value computed with a
cryptographic algorithm and appended to a data object in such a way that any recipient of the data
can use the signature to verify the data's origin and integrity.
The steps to create a Digital Signature are very simple:
1. You create a Message Digest of the message you wish to send
2. You encrypt the message digest using your Private Key which is the action of Signing
3. You send the Message along with the Digital Signature to the recipient
To validate the Digital Signature the recipient will make use of the sender Public Key. Here are the
steps:
1. The receiver will decrypt the Digital Signature using the sender Publick Key producing a clear
text message digest.
2. The receiver will produce his own message digest of the message received.
3. At this point the receiver will compare the two message digest (the one sent and the one
produce by the receiver), if the two matches, it proves the authenticity of the message and it
confirms that the message was not modified in transit validating the integrity as well. Digital
Signatures provides for Authenticity and Integrity only. There is no confidentiality in place, if you
wish to get confidentiality it would be needed for the sender to encrypt everything with the receiver
public key as a last step before sending the message.
A Digital Envelope is a combination of encrypted data and its encryption key in an encrypted form
that has been prepared for use of the recipient. In simple term it is a type of security that uses two
layers of encryption to protect a message. First, the message itself is encoded using symmetric
encryption, and then the key to decode the message is encrypted using public-key encryption.
This technique overcomes one of the problems of public-key encryption, which is that it is slower
than symmetric encryption. Because only the key is protected with public-key encryption, there is
very little overhead.
A cryptographic hash is the result of a cryptographic hash function such as MD5, SHA-1, or SHA2. A hash value also called a Message Digest is like a fingerprint of a message. It is used to
proves integrity and ensure the message was not changed either in transit or in storage.
A Message Authentication Code (MAC) refers to an ANSI standard for a checksum that is
computed with a keyed hash that is based on DES or it can also be produced without using DES
by concataning the Secret Key at the end of the message (simply adding it at the end of the
message) being sent and then producing a Message digest of the Message+Secret Key together.
The MAC is then attached and sent along with the message but the Secret Key is NEVER sent in
clear text over the network.
In cryptography, HMAC (Hash-based Message Authentication Code), is a specific construction for
calculating a message authentication code (MAC) involving a cryptographic hash function in
combination with a secret key. As with any MAC, it may be used to simultaneously verify both the
data integrity and the authenticity of a message. Any cryptographic hash function, such as MD5 or
SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMACMD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the
cryptographic strength of the underlying hash function, the size of its hash output length in bits and
on the size and quality of the cryptographic key.
There is more than one type of MAC: Meet CBC-MAC
In cryptography, a Cipher Block Chaining Message Authentication Code, abbreviated CBC-MAC,
is a technique for constructing a message authentication code from a block cipher. The message
is encrypted with some block cipher algorithm in CBC mode to create a chain of blocks such that
each block depends on the proper encryption of the previous block. This interdependence ensures
that a change to any of the plaintext bits will cause the final encrypted block to change in a way
that cannot be predicted or counteracted without knowing the key to the block cipher.
References:
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Which of the following would best define a digital envelope?
A. A message that is encrypted and signed with a digital certificate. B. A message that is signed with a secret key and encrypted with the sender's private key. C. A message encrypted with a secret key attached with the message. The secret key is encryptedwith the public key of the receiver. D. A message that is encrypted with the recipient's public key and signed with the sender's privatekey.
Answer: C
Explanation:
A digital envelope for a recipient is a combination of encrypted data and its encryption key in an
encrypted form that has been prepared for use of the recipient.
It consists of a hybrid encryption scheme in sealing a message, by encrypting the data and
sending both it and a protected form of the key to the intended recipient, so that one else can open
the message.
In PKCS #7, it means first encrypting the data using a symmetric encryption algorithm and a
secret key, and then encrypting the secret key using an asymmetric encryption algorithm and the
public key of the intended recipient.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 58
A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the following?
A. encrypting messages B. signing messages C. verifying signed messages D. decrypt encrypted messages
Answer: C
Explanation:
References: RFC 2459 : Internet X.509 Public Key Infrastructure Certificate and CRL Profile;
GUTMANN, P., X.509 style guide.
Question # 59
What enables users to validate each other's certificate when they are certified under differentcertification hierarchies?
A. Cross-certification B. Multiple certificates C. Redundant certification authorities D. Root certification authorities
Answer: A
Explanation:
Cross-certification is the act or process by which two CAs each certifiy a public key of the other,
issuing a public-key certificate to that other CA, enabling users that are certified under different
certification hierarchies to validate each other's certificate.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 60
What does the directive of the European Union on Electronic Signatures deal with?
A. Encryption of classified data B. Encryption of secret data C. Non repudiation D. Authentication of web servers
Answer: C
Reference: FORD, Warwick & BAUM, Michael S., Secure Electronic Commerce: Building the
Infrastructure for Digital Signatures and Encryption (2nd Edition), 2000, Prentice Hall PTR, Page
589; Directive 1999/93/EC of 13 December 1999 on a Community framework for electronic
signatures.
Question # 61
What is the name of the third party authority that vouches for the binding between the data itemsin a digital certificate?
A. Registration authority B. Certification authority C. Issuing authority D. Vouching authority
Answer: B
Explanation:
A certification authority (CA) is a third party entity that issues digital certificates (especially X.509
certificates) and vouches for the binding between the data items in a certificate. An issuing
authority could be considered a correct answer, but not the best answer, since it is too generic.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 62
What kind of certificate is used to validate a user identity?
A. Public key certificate B. Attribute certificate C. Root certificate D. Code signing certificate
Answer: A
Explanation:
In cryptography, a public key certificate (or identity certificate) is an electronic document which
incorporates a digital signature to bind together a public key with an identity — information such as
the name of a person or an organization, their address, and so forth. The certificate can be used to
verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority
(CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other
users ("endorsements"). In either case, the signatures on a certificate are attestations by the
certificate signer that the identity information and the public key belong together.
In computer security, an authorization certificate (also known as an attribute certificate) is a digital
document that describes a written permission from the issuer to use a service or a resource that
the issuer controls or has access to use. The permission can be delegated.
Some people constantly confuse PKCs and ACs. An analogy may make the distinction clear. A
PKC can be considered to be like a passport: it identifies the holder, tends to last for a long time,
and should not be trivial to obtain. An AC is more like an entry visa: it is typically issued by a
different authority and does not last for as long a time. As acquiring an entry visa typically requires
presenting a passport, getting a visa can be a simpler process.
A real life example of this can be found in the mobile software deployments by large service
providers and are typically applied to platforms such as Microsoft Smartphone (and related),
Symbian OS, J2ME, and others.
In each of these systems a mobile communications service provider may customize the mobile
terminal client distribution (ie. the mobile phone operating system or application environment) to
include one or more root certificates each associated with a set of capabilities or permissions such
as "update firmware", "access address book", "use radio interface", and the most basic one,
"install and execute". When a developer wishes to enable distribution and execution in one of
these controlled environments they must acquire a certificate from an appropriate CA, typically a
large commercial CA, and in the process they usually have their identity verified using out-of-band
mechanisms such as a combination of phone call, validation of their legal entity through
government and commercial databases, etc., similar to the high assurance SSL certificate vetting
process, though often there are additional specific requirements imposed on would-be
developers/publishers.
Once the identity has been validated they are issued an identity certificate they can use to sign
their software; generally the software signed by the developer or publisher's identity certificate is
not distributed but rather it is submitted to processor to possibly test or profile the content before
generating an authorization certificate which is unique to the particular software release. That
certificate is then used with an ephemeral asymmetric key-pair to sign the software as the last step
of preparation for distribution. There are many advantages to separating the identity and
authorization certificates especially relating to risk mitigation of new content being accepted into
the system and key management as well as recovery from errant software which can be used as
What can be defined as a data structure that enumerates digital certificates that were issued toCAs but have been invalidated by their issuer prior to when they were scheduled to expire?
A. Certificate revocation list B. Certificate revocation tree C. Authority revocation list D. Untrusted certificate list
Answer: C
Explanation:
The Internet Security Glossary (RFC2828) defines the Authority Revocation List (ARL) as a data
structure that enumerates digital certificates that were issued to CAs but have been invalidated by
their issuer prior to when they were scheduled to expire.
Do not to confuse with an ARL with a Certificate Revocation List (CRL). A certificate revocation list
is a mechanism for distributing notices of certificate revocations. The question specifically
mentions "issued to CAs" which makes ARL a better answer than CRL.
(I) A data structure that enumerates digital certificates that were issued to CAs but have been
invalidated by their issuer prior to when they were scheduled to expire. (See: certificate expiration,
X.509 authority revocation list.)
In a few words: We use CRL's for end-user cert revocation and ARL's for CA cert revocation - both
can be placed in distribution points.
Question # 64
What is the primary role of smartcards in a PKI?
A. Transparent renewal of user keys B. Easy distribution of the certificates between the users C. Fast hardware encryption of the raw data D. Tamper resistant, mobile storage and application of private keys of the users.
Tamper-resistant microprocessors are used to store and process private or sensitive information,
such as private keys or electronic money credit. To prevent an attacker from retrieving or
modifying the information, the chips are designed so that the information is not accessible through
external means and can be accessed only by the embedded software, which should contain the
appropriate security measures.
Examples of tamper-resistant chips include all secure cryptoprocessors, such as the IBM 4758
and chips used in smartcards, as well as the Clipper chip.
It has been argued that it is very difficult to make simple electronic devices secure against
tampering, because numerous attacks are possible, including:
physical attack of various forms (microprobing, drills, files, solvents, etc.)
freezing the device
applying out-of-spec voltages or power surges
applying unusual clock signals
inducing software errors using radiation
measuring the precise time and power requirements of certain operations (see power analysis)
Tamper-resistant chips may be designed to zeroise their sensitive data (especially cryptographic
keys) if they detect penetration of their security encapsulation or out-of-specification environmental
parameters. A chip may even be rated for "cold zeroisation", the ability to zeroise itself even after
its power supply has been crippled.
Nevertheless, the fact that an attacker may have the device in his possession for as long as he
likes, and perhaps obtain numerous other samples for testing and practice, means that it is
practically impossible to totally eliminate tampering by a sufficiently motivated opponent. Because
of this, one of the most important elements in protecting a system is overall system design. In
particular, tamper-resistant systems should "fail gracefully" by ensuring that compromise of one
device does not compromise the entire system. In this manner, the attacker can be practically
restricted to attacks that cost less than the expected return from compromising a single device
(plus, perhaps, a little more for kudos). Since the most sophisticated attacks have been estimated
to cost several hundred thousand dollars to carry out, carefully designed systems may be
invulnerable in practice
Question # 65
What can be defined as a digital certificate that binds a set of descriptive data items, other than apublic key, either directly to a subject name or to the identifier of another certificate that is a publickey certificate?
A. A public-key certificate B. An attribute certificate C. A digital certificate D. A descriptive certificate
Answer: B
Explanation:
The Internet Security Glossary (RFC2828) defines an attribute certificate as a digital certificate
that binds a set of descriptive data items, other than a public key, either directly to a subject name
or to the identifier of another certificate that is a public-key certificate. A public-key certificate binds
a subject name to a public key value, along with information needed to perform certain
cryptographic functions. Other attributes of a subject, such as a security clearance, may be
certified in a separate kind of digital certificate, called an attribute certificate. A subject may have
multiple attribute certificates associated with its name or with each of its public-key certificates.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 66
Which of the following binds a subject name to a public key value?
A. A public-key certificate B. A public key infrastructure C. A secret key infrastructure D. A private key certificate
Answer: A
Explanation:
Remember the term Public-Key Certificate is synonymous with Digital Certificate or Identity
certificate.
The certificate itself provides the binding but it is the certificate authority who will go through the
Certificate Practice Statements (CPS) actually validating the bindings and vouch for the identity of
the owner of the key within the certificate.
As explained in Wikipedia:
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is
an electronic document which uses a digital signature to bind together a public key with an identity
— information such as the name of a person or an organization, their address, and so forth. The
certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority
(CA). In a web of trust scheme such as PGP or GPG, the signature is of either the user (a selfsigned certificate) or other users ("endorsements") by getting people to sign each other keys. In
either case, the signatures on a certificate are attestations by the certificate signer that the identity
information and the public key belong together.
RFC 2828 defines the certification authority (CA) as:
An entity that issues digital certificates (especially X.509 certificates) and vouches for the binding
between the data items in a certificate.
An authority trusted by one or more users to create and assign certificates. Optionally, the
certification authority may create the user's keys.
X509 Certificate users depend on the validity of information provided by a certificate. Thus, a CA
should be someone that certificate users trust, and usually holds an official position created and
granted power by a government, a corporation, or some other organization. A CA is responsible
for managing the life cycle of certificates and, depending on the type of certificate and the CPS
that applies, may be responsible for the life cycle of key pairs associated with the certificates
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
What attribute is included in a X.509-certificate?
A. Distinguished name of the subject B. Telephone number of the department C. secret key of the issuing CA D. the key pair of the certificate holder
Answer: A
Explanation:
RFC 2459 : Internet X.509 Public Key Infrastructure Certificate and CRL Profile; GUTMANN, P.,
X.509 style guide; SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
Question # 68
What is the name of the protocol use to set up and manage Security Associations (SA) for IPSecurity (IPSec)?
A. Internet Key Exchange (IKE) B. Secure Key Exchange Mechanism C. Oakley D. Internet Security Association and Key Management Protocol
Answer: A
Explanation:
The Key management for IPSec is called the Internet Key Exchange (IKE)
Note: IKE underwent a series of improvements establishing IKEv2 with RFC 4306. The basis of
this answer is IKEv2.
The IKE protocol is a hybrid of three other protocols: ISAKMP (Internet Security Association and
Key Management Protocol), Oakley and SKEME. ISAKMP provides a framework for
authentication and key exchange, but does not define them (neither authentication nor key
exchange). The Oakley protocol describes a series of modes for key exchange and the SKEME
protocol defines key exchange techniques.
IKE—Internet Key Exchange. A hybrid protocol that implements Oakley and Skeme key
exchanges inside the ISAKMP framework. IKE can be used with other protocols, but its initial
implementation is with the IPSec protocol. IKE provides authentication of the IPSec peers,
negotiates IPSec keys, and negotiates IPSec security associations.
IKE is implemented in accordance with RFC 2409, The Internet Key Exchange.
The Internet Key Exchange (IKE) security protocol is a key management protocol standard that is
used in conjunction with the IPSec standard. IPSec can be configured without IKE, but IKE
enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec
standard.
IKE is a hybrid protocol that implements the Oakley key exchange and the SKEME key exchange
inside the Internet Security Association and Key Management Protocol (ISAKMP) framework.
(ISAKMP, Oakley, and SKEME are security protocols implemented by IKE.)
IKE automatically negotiates IPSec security associations (SAs) and enables IPSec secure
communications without costly manual preconfiguration. Specifically, IKE provides these benefits:
•Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at
both peers.
833
•Allows you to specify a lifetime for the IPSec security association.
•Allows encryption keys to change during IPSec sessions.
•Allows IPSec to provide anti-replay services.
•Permits certification authority (CA) support for a manageable, scalable IPSec implementation.
•Allows dynamic authentication of peers.
About ISAKMP
The Internet Security Association and Key Management Protocol (ISAKMP) is a framework that
defines the phases for establishing a secure relationship and support for negotiation of security
attributes, it does not establish sessions keys by itself, it is used along with the Oakley session key
establishment protocol. The Secure Key Exchange Mechanism (SKEME) describes a secure
exchange mechanism and Oakley defines the modes of operation needed to establish a secure
connection.
ISAKMP provides a framework for Internet key management and provides the specific protocol
support for negotiation of security attributes. Alone, it does not establish session keys. However it
can be used with various session key establishment protocols, such as Oakley, to provide a
complete solution to Internet key management.
About Oakley
The Oakley protocol uses a hybrid Diffie-Hellman technique to establish session keys on Internet
hosts and routers. Oakley provides the important security property of Perfect Forward Secrecy
(PFS) and is based on cryptographic techniques that have survived substantial public scrutiny.
Oakley can be used by itself, if no attribute negotiation is needed, or Oakley can be used in
conjunction with ISAKMP. When ISAKMP is used with Oakley, key escrow is not feasible.
The ISAKMP and Oakley protocols have been combined into a hybrid protocol. The resolution of
ISAKMP with Oakley uses the framework of ISAKMP to support a subset of Oakley key exchange
modes. This new key exchange protocol provides optional PFS, full security association attribute
negotiation, and authentication methods that provide both repudiation and non-repudiation.
Implementations of this protocol can be used to establish VPNs and also allow for users from
remote sites (who may have a dynamically allocated IP address) access to a secure network.
About IPSec
The IETF's IPSec Working Group develops standards for IP-layer security mechanisms for both
IPv4 and IPv6. The group also is developing generic key management protocols for use on the
Internet. For more information, refer to the IP Security and Encryption Overview.
IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF)
that provides security for transmission of sensitive information over unprotected networks such as
the Internet. It acts at the network level and implements the following standards:
IPSec
Internet Key Exchange (IKE)
Data Encryption Standard (DES)
MD5 (HMAC variant)
SHA (HMAC variant)
Authentication Header (AH)
Encapsulating Security Payload (ESP)
IPSec services provide a robust security solution that is standards-based. IPSec also provides
data authentication and anti-replay services in addition to data confidentiality services.
For more information regarding IPSec, refer to the chapter "Configuring IPSec Network Security."
About SKEME
SKEME constitutes a compact protocol that supports a variety of realistic scenarios and security
models over Internet. It provides clear tradeoffs between security and performance as required by
the different scenarios without incurring in unnecessary system complexity. The protocol supports
key exchange based on public key, key distribution centers, or manual installation, and provides
for fast and secure key refreshment. In addition, SKEME selectively provides perfect forward
secrecy, allows for replaceability and negotiation of the underlying cryptographic primitives, and
addresses privacy issues as anonymity and repudiatability
SKEME's basic mode is based on the use of public keys and a Diffie-Hellman shared secret
generation.
However, SKEME is not restricted to the use of public keys, but also allows the use of a preshared key. This key can be obtained by manual distribution or by the intermediary of a key
distribution center (KDC) such as Kerberos.
In short, SKEME contains four distinct modes:
Basic mode, which provides a key exchange based on public keys and ensures PFS thanks to
Diffie-Hellman.
A key exchange based on the use of public keys, but without Diffie-Hellman.
A key exchange based on the use of a pre-shared key and on Diffie-Hellman.
A mechanism of fast rekeying based only on symmetrical algorithms.
In addition, SKEME is composed of three phases: SHARE, EXCH and AUTH.
During the SHARE phase, the peers exchange half-keys, encrypted with their respective public
keys. These two half-keys are used to compute a secret key K. If anonymity is wanted, the
identities of the two peers are also encrypted. If a shared secret already exists, this phase is
skipped.
The exchange phase (EXCH) is used, depending on the selected mode, to exchange either DiffieHellman public values or nonces. The Diffie-Hellman shared secret will only be computed after the
end of the exchanges.
The public values or nonces are authenticated during the authentication phase (AUTH), using the
secret key established during the SHARE phase.
The messages from these three phases do not necessarily follow the order described above; in
actual practice they are combined to minimize the number of exchanged messages.
References used for this question:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 172).
Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:
A. Not possible B. Only possible with key recovery scheme of all user keys C. It is possible only if X509 Version 3 certificates are used D. It is possible only by "brute force" decryption
Answer: A
Explanation:
Content security measures presumes that the content is available in cleartext on the central mail
server.
Encrypted emails have to be decrypted before it can be filtered (e.g. to detect viruses), so you
need the decryption key on the central "crypto mail server".
There are several ways for such key management, e.g. by message or key recovery methods.
However, that would certainly require further processing in order to achieve such goal.
Question # 70
What is the main problem of the renewal of a root CA certificate?
A. It requires key recovery of all end user keys B. It requires the authentic distribution of the new root CA certificate to all PKI participants C. It requires the collection of the old root CA certificates from all the users D. It requires issuance of the new root CA certificate
Answer: B
Explanation:
The main task here is the authentic distribution of the new root CA certificate as new trust anchor
to all the PKI participants (e.g. the users).
In some of the rollover-scenarios there is no automatic way, often explicit assignment of trust from
each user is needed, which could be very costly.
Other methods make use of the old root CA certificate for automatic trust establishment (see
PKIX-reference), but these solutions works only well for scenarios with currently valid root CA
certificates (and not for emergency cases e.g. compromise of the current root CA certificate).
The rollover of the root CA certificate is a specific and delicate problem and therefore are often
ignored during PKI deployment.
Reference: Camphausen, I.; Petersen, H.; Stark, C.: Konzepte zum Root CA Zertifikatswechsel,
conference Enterprise Security 2002, March 26-27, 2002, Paderborn; RFC 2459 : Internet X.509
Public Key Infrastructure Certificate and CRL Profile.
Question # 71
Which of the following statements pertaining to Secure Sockets Layer (SSL) is false?
A. The SSL protocol was developed by Netscape to secure Internet client-server transactions. B. The SSL protocol's primary use is to authenticate the client to the server using public keycryptography and digital certificates. C. Web pages using the SSL protocol start with HTTPS D. SSL can be used with applications such as Telnet, FTP and email protocols.
Answer: B
Explanation:
All of these statements pertaining to SSL are true except that it is primary use is to authenticate
the client to the server using public key cryptography and digital certificates. It is the opposite, Its
primary use is to authenticate the server to the client.
The following reference(s) were used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
Question # 73
Which of the following was developed in order to protect against fraud in electronic fund transfers(EFT) by ensuring the message comes from its claimed originator and that it has not been alteredin transmission?
A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundancy Check (CRC) D. Secure Hash Standard (SHS)
Answer: B
Explanation:
In order to protect against fraud in electronic fund transfers (EFT), the Message Authentication
Code (MAC), ANSI X9.9, was developed. The MAC is a check value, which is derived from the
contents of the message itself, that is sensitive to the bit changes in a message. It is similar to a
Cyclic Redundancy Check (CRC).
The aim of message authentication in computer and communication systems is to verify that he
message comes from its claimed originator and that it has not been altered in transmission. It is
particularly needed for EFT Electronic Funds Transfer). The protection mechanism is generation of
a Message Authentication Code (MAC), attached to the message, which can be recalculated by
the receiver and will reveal any alteration in transit. One standard method is described in (ANSI,
X9.9). Message authentication mechanisms an also be used to achieve non-repudiation of
messages.
The Secure Electronic Transaction (SET) was developed by a consortium including MasterCard
and VISA as a means of preventing fraud from occurring during electronic payment.
The Secure Hash Standard (SHS), NIST FIPS 180, available at
A. Creating trust between different PKIs B. Build an overall PKI hierarchy C. set up direct trust to a second root CA D. Prevent the nullification of user certificates by CA certificate revocation
Answer: A
Explanation:
More and more organizations are setting up their own internal PKIs. When these independent
PKIs need to interconnect to allow for secure communication to take place (either between
departments or different companies), there must be a way for the two root CAs to trust each other.
These two CAs do not have a CA above them they can both trust, so they must carry out cross
certification. A cross certification is the process undertaken by CAs to establish a trust relationship
in which they rely upon each other's digital certificates and public keys as if they had issued them
themselves.
When this is set up, a CA for one company can validate digital certificates from the other company
and vice versa.
Reference(s) used for this question:
For more information and illustration on Cross certification:
Shon Harris, CISSP All in one book, 4th Edition, Page 727
and
RFC 2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile; FORD, Warwick &
BAUM, Michael S., Secure Electronic Commerce: Building the Infrastructure for Digital Signatures
and Encryption (2nd Edition), 2000, Prentice Hall PTR, Page 254.
Question # 75
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?
A. Timestamping B. Repository C. Certificate revocation D. Internet Key Exchange (IKE)
Answer: D
Explanation:
Other elements are included in a PKI.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 165).
Question # 76
In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term?
A. Subordinate CA B. Top Level CA C. Big CA D. Master CA
Answer: B
Reference: Arsenault, Turner, Internet X.509 Public Key Infrastructure: Roadmap, Chapter
"Terminology".
Also note that sometimes other terms such as Certification Authority Anchor (CAA) might be used
within some government organization, Top level CA is another common term to indicate the top
level CA, Top Level Anchor could also be used.
Question # 77
Which type of attack is based on the probability of two different messages using the same hashfunction producing a common message digest?
A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack
Answer: C
Explanation:
A Birthday attack is usually applied to the probability of two different messages using the same
hash function producing a common message digest.
The term "birthday" comes from the fact that in a room with 23 people, the probability of two of
more people having the same birthday is greater than 50%.
Linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to
the action of a cipher. Attacks have been developed for block ciphers and stream ciphers. Linear
cryptanalysis is one of the two most widely used attacks on block ciphers; the other being
differential cryptanalysis.
Differential Cryptanalysis is a potent cryptanalytic technique introduced by Biham and Shamir.
Differential cryptanalysis is designed for the study and attack of DES-like cryptosystems. A DESlike cryptosystem is an iterated cryptosystem which relies on conventional cryptographic
techniques such as substitution and diffusion.
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers,
but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study
of how differences in an input can affect the resultant difference at the output. In the case of a
block cipher, it refers to a set of techniques for tracing differences through the network of
transformations, discovering where the cipher exhibits non-random behaviour, and exploiting such
properties to recover the secret key.
Source:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Which of the following statements pertaining to message digests is incorrect?
A. The original file cannot be created from the message digest. B. Two different files should not have the same message digest. C. The message digest should be calculated using at least 128 bytes of the file. D. Messages digests are usually of fixed size.
Answer: C
Explanation:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 160).
Question # 79
Which of the following encryption algorithms does not deal with discrete logarithms?
A. El Gamal B. Diffie-Hellman C. RSA D. Elliptic Curve
Answer: C
Explanation:
The security of the RSA system is based on the assumption that factoring the product into two
original large prime numbers is difficult
Source:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Shon Harris, CISSP All-in-One Examine Guide, Third Edition, McGraw-Hill Companies, August
2005, Chapter 8: Cryptography, Page 636 - 639
Question # 80
What is NOT true with pre shared key authentication within IKE / IPsec protocol?
A. Pre shared key authentication is normally based on simple passwords B. Needs a Public Key Infrastructure (PKI) to work C. IKE is used to setup Security Associations D. IKE builds upon the Oakley protocol and the ISAKMP protocol.
Answer: B
Explanation:
Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in
the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509
certificates for authentication which are either pre-shared or distributed using DNS (preferably with
DNSSEC) and a Diffie–Hellman key exchange to set up a shared session secret from which
cryptographic keys are derived.
Internet Key Exchange (IKE) Internet key exchange allows communicating partners to prove their
identity to each other and establish a secure communication channel, and is applied as an
authentication component of IPSec.
IKE uses two phases:
Phase 1: In this phase, the partners authenticate with each other, using one of the following:
Shared Secret: A key that is exchanged by humans via telephone, fax, encrypted e-mail, etc.
Public Key Encryption: Digital certificates are exchanged.
Revised mode of Public Key Encryption: To reduce the overhead of public key encryption, a nonce
(a Cryptographic function that refers to a number or bit string used only once, in security
engineering) is encrypted with the communicating partner’s public key, and the peer’s identity is
encrypted with symmetric encryption using the nonce as the key. Next, IKE establishes a
temporary security association and secure tunnel to protect the rest of the key exchange. Phase 2:
The peers’ security associations are established, using the secure tunnel and temporary SA
created at the end of phase 1.
The following reference(s) were used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
Cryptography does not concern itself with which of the following choices?
A. Availability B. Integrity C. Confidentiality D. Validation
Answer: D
Explanation:
The cryptography domain addresses the principles, means, and methods of disguising information
to ensure its integrity, confidentiality, and authenticity. Unlike the other domains, cryptography
does not completely support the standard of availability.
Availability
Cryptography supports all three of the core principles of information security. Many access control
systems use cryptography to limit access to systems through the use of passwords. Many tokenbased authentication systems use cryptographic-based hash algorithms to compute one-time
passwords. Denying unauthorized access prevents an attacker from entering and damaging the
system or network, thereby denying access to authorized users if they damage or currupt the data.
Confidentiality
Cryptography provides confidentiality through altering or hiding a message so that ideally it cannot
be understood by anyone except the intended recipient.
Integrity
Cryptographic tools provide integrity checks that allow a recipient to verify that a message has not
been altered. Cryptographic tools cannot prevent a message from being altered, but they are
effective to detect either intentional or accidental modification of the message.
Additional Features of Cryptographic Systems In addition to the three core principles of
information security listed above, cryptographic tools provide several more benefits.
Nonrepudiation
In a trusted environment, the authentication of the origin can be provided through the simple
control of the keys. The receiver has a level of assurance that the message was encrypted by the
sender, and the sender has trust that the message was not altered once it was received. However,
in a more stringent, less trustworthy environment, it may be necessary to provide assurance via a
third party of who sent a message and that the message was indeed delivered to the right
recipient. This is accomplished through the use of digital signatures and public key encryption. The
use of these tools provides a level of nonrepudiation of origin that can be verified by a third party.
Once a message has been received, what is to prevent the recipient from changing the message
and contesting that the altered message was the one sent by the sender? The nonrepudiation of
delivery prevents a recipient from changing the message and falsely claiming that the message is
in its original state. This is also accomplished through the use of public key cryptography and
digital signatures and is verifiable by a trusted third party.
Authentication
Authentication is the ability to determine if someone or something is what it declares to be. This is
primarily done through the control of the keys, because only those with access to the key are able
to encrypt a message. This is not as strong as the nonrepudiation of origin, which will be reviewed
shortly Cryptographic functions use several methods to ensure that a message has not been
changed or altered. These include hash functions, digital signatures, and message authentication
codes (MACs). The main concept is that the recipient is able to detect any change that has been
made to a message, whether accidentally or intentionally.
Access Control
Through the use of cryptographic tools, many forms of access control are supported—from log-ins
via passwords and passphrases to the prevention of access to confidential files or messages. In
all cases, access would only be possible for those individuals that had access to the correct
cryptographic keys.
NOTE FROM CLEMENT:
As you have seen this question was very recently updated with the latest content of the Official
ISC2 Guide (OIG) to the CISSP CBK, Version 3.
Myself, I agree with most of you that cryptography does not help on the availability side and it is
even the contrary sometimes if you loose the key for example. In such case you would loose
access to the data and negatively impact availability. But the ISC2 is not about what I think or what
you think, they have their own view of the world where they claim and state clearly that
cryptography does address availability even thou it does not fully address it.
They look at crypto as the ever emcompassing tool it has become today. Where it can be use for
authentication purpose for example where it would help to avoid corruption of the data through
illegal access by an unauthorized user.
The question is worded this way in purpose, it is VERY specific to the CISSP exam context where
ISC2 preaches that cryptography address availability even thou they state it does not fully address
it. This is something new in the last edition of their book and something you must be aware of.
Best regards
Clement
The following terms are from the Software Development Security domain:
Validation: The assurance that a product, service, or system meets the needs of the customer and
other identified stakeholders. It often involves acceptance and suitability with external customers.
Contrast with verification below."
Verification: The evaluation of whether or not a product, service, or system complies with a
regulation, requirement, specification, or imposed condition. It is often an internal process.
Contrast with validation."
The terms above are from the Software Development Security Domain.
Reference(s) used for this question:
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Which of the following statements pertaining to link encryption is false?
A. It encrypts all the data along a specific communication path. B. It provides protection against packet sniffers and eavesdroppers. C. Information stays encrypted from one end of its journey to the other. D. User information, header, trailers, addresses and routing data that are part of the packets areencrypted.
Answer: C
Explanation:
When using link encryption, packets have to be decrypted at each hop and encrypted again.
Information staying encrypted from one end of its journey to the other is a characteristic of end-toend encryption, not link encryption.
Link Encryption vs. End-to-End Encryption
Link encryption encrypts the entire packet, including headers and trailers, and has to be decrypted
at each hop.
End-to-end encryption does not encrypt the IP Protocol headers, and therefore does not need to
be decrypted at each hop.
Reference: All in one, Page 735 & Glossary
and
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 6).
Question # 84
Which of the following statements pertaining to key management is incorrect?
A. The more a key is used, the shorter its lifetime should be. B. When not using the full keyspace, the key should be extremely random. C. Keys should be backed up or escrowed in case of emergencies. D. A key's lifetime should correspond with the sensitivity of the data it is protecting.
Answer: B
Explanation:
A key should always be using the full spectrum of the keyspace and be extremely random. Other
statements are correct.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 6).
Question # 85
Which of the following is not a one-way hashing algorithm?
A. MD2 B. RC4 C. SHA-1 D. HAVAL
Answer: B
Explanation:
RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed "Rivest
Cipher 4", the RC acronym is alternatively understood to stand for "Ron's Code" (see also RC2,
RC5 and RC6).
RC4 was initially a trade secret, but in September 1994 a description of it was anonymously
posted to the Cypherpunks mailing list. It was soon posted on the sci.crypt newsgroup, and from
there to many sites on the Internet. The leaked code was confirmed to be genuine as its output
was found to match that of proprietary software using licensed RC4. Because the algorithm is
known, it is no longer a trade secret. The name RC4 is trademarked, so RC4 is often referred to
as ARCFOUR or ARC4 (meaning alleged RC4) to avoid trademark problems. RSA Security has
never officially released the algorithm; Rivest has, however, linked to the English Wikipedia article
on RC4 in his own course notes. RC4 has become part of some commonly used encryption
protocols and standards, including WEP and WPA for wireless cards and TLS.
The main factors in RC4's success over such a wide range of applications are its speed and
simplicity: efficient implementations in both software and hardware are very easy to develop.
The following answer were not correct choices:
SHA-1 is a one-way hashing algorithms. SHA-1 is a cryptographic hash function designed by the
United States National Security Agency and published by the United States NIST as a U.S.
Federal Information Processing Standard. SHA stands for "secure hash algorithm".
The three SHA algorithms are structured differently and are distinguished as SHA-0, SHA-1, and
SHA-2. SHA-1 is very similar to SHA-0, but corrects an error in the original SHA hash specification
that led to significant weaknesses. The SHA-0 algorithm was not adopted by many applications.
SHA-2 on the other hand significantly differs from the SHA-1 hash function.
SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several
widely used security applications and protocols. In 2005, security flaws were identified in SHA-1,
namely that a mathematical weakness might exist, indicating that a stronger hash function would
be desirable. Although no successful attacks have yet been reported on the SHA-2 variants, they
are algorithmically similar to SHA-1 and so efforts are underway to develop improved alternatives.
A new hash standard, SHA-3, is currently under development — an ongoing NIST hash function
competition is scheduled to end with the selection of a winning function in 2012.
SHA-1 produces a 160-bit message digest based on principles similar to those used by Ronald L.
Rivest of MIT in the design of the MD4 and MD5 message digest algorithms, but has a more
conservative design.
MD2 is a one-way hashing algorithms. The MD2 Message-Digest Algorithm is a cryptographic
hash function developed by Ronald Rivest in 1989. The algorithm is optimized for 8-bit computers.
MD2 is specified in RFC 1319. Although MD2 is no longer considered secure, even as of 2010 it
remains in use in public key infrastructures as part of certificates generated with MD2 and RSA.
Haval is a one-way hashing algorithms. HAVAL is a cryptographic hash function. Unlike MD5, but
like most modern cryptographic hash functions, HAVAL can produce hashes of different lengths.
HAVAL can produce hashes in lengths of 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits.
HAVAL also allows users to specify the number of rounds (3, 4, or 5) to be used to generate the
hash.
The following reference(s) were used for this question:
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
A. Confidentiality B. Availability C. Integrity D. Authentication
Answer: C
Explanation:
A one-way hash is a function that takes a variable-length string a message, and compresses and
transforms it into a fixed length value referred to as a hash value. It provides integrity, but no
confidentiality, availability or authentication.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 5).
Question # 88
PGP uses which of the following to encrypt data?
A. An asymmetric encryption algorithm B. A symmetric encryption algorithm C. A symmetric key distribution system D. An X.509 digital certificate
Answer: B
Explanation:
Notice that the question specifically asks what PGP uses to encrypt For this, PGP uses an
symmetric key algorithm. PGP then uses an asymmetric key algorithm to encrypt the session key
and then send it securely to the receiver. It is an hybrid system where both types of ciphers are
being used for different purposes.
Whenever a question talks about the bulk of the data to be sent, Symmetric is always best to
choice to use because of the inherent speed within Symmetric Ciphers. Asymmetric ciphers are
100 to 1000 times slower than Symmetric Ciphers.
The other answers are not correct because:
"An asymmetric encryption algorithm" is incorrect because PGP uses a symmetric algorithm to
encrypt data.
"A symmetric key distribution system" is incorrect because PGP uses an asymmetric algorithm for
the distribution of the session keys used for the bulk of the data.
"An X.509 digital certificate" is incorrect because PGP does not use X.509 digital certificates to
encrypt the data, it uses a session key to encrypt the data.
References:
Official ISC2 Guide page: 275
All in One Third Edition page: 664 - 665
Question # 89
The Diffie-Hellman algorithm is used for:
A. Encryption B. Digital signature C. Key agreement D. Non-repudiation
Answer: C
Explanation:
The Diffie-Hellman algorithm is used for Key agreement (key distribution) and cannot be used to
encrypt and decrypt messages.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 4).
Note: key agreement, is different from key exchange, the functionality used by the other
asymmetric algorithms.
References:
AIO, third edition Cryptography (Page 632)
AIO, fourth edition Cryptography (Page 709)
Question # 90
The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?
A. 64 bits of data input results in 56 bits of encrypted output B. 128 bit key with 8 bits used for parity C. 64 bit blocks with a 64 bit total key length D. 56 bits of data input results in 56 bits of encrypted output
Answer: C
Explanation:
DES works with 64 bit blocks of text using a 64 bit key (with 8 bits used for parity, so the effective
key length is 56 bits)c
Some people are getting the Key Size and the Block Size mixed up. The block size is usually a
specific length. For example DES uses block size of 64 bits which results in 64 bits of encrypted
data for each block. AES uses a block size of 128 bits, the block size on AES can only be 128 as
per the published standard FIPS-197.
A DES key consists of 64 binary digits ("0"s or "1"s) of which 56 bits are randomly generated and
used directly by the algorithm. The other 8 bits, which are not used by the algorithm, may be used
for error detection. The 8 error detecting bits are set to make the parity of each 8-bit byte of the
key odd, i.e., there is an odd number of "1"s in each 8-bit byte1. Authorized users of encrypted
computer data must have the key that was used to encipher the data in order to decrypt it.
IN CONTRAST WITH AES
The input and output for the AES algorithm each consist of sequences of 128 bits (digits with
values of 0 or 1). These sequences will sometimes be referred to as blocks and the number of bits
they contain will be referred to as their length. The Cipher Key for the AES algorithm is a
sequence of 128, 192 or 256 bits. Other input, output and Cipher Key lengths are not permitted by
this standard.
The Advanced Encryption Standard (AES) specifies the Rijndael algorithm, a symmetric block
cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and
256 bits. Rijndael was designed to handle additional block sizes and key lengths, however they
are not adopted in the AES standard.
The AES algorithm may be used with the three different key lengths indicated above, and
therefore these different “flavors” may be referred to as “AES-128”, “AES-192”, and “AES-256”.
The other answers are not correct because:
"64 bits of data input results in 56 bits of encrypted output" is incorrect because while DES does
work with 64 bit block input, it results in 64 bit blocks of encrypted output.
"128 bit key with 8 bits used for parity" is incorrect because DES does not ever use a 128 bit key.
"56 bits of data input results in 56 bits of encrypted output" is incorrect because DES always works
with 64 bit blocks of input/output, not 56 bits.
Reference(s) used for this question:
Official ISC2 Guide to the CISSP CBK, Second Edition, page: 336-343
Which of the following is not an example of a block cipher?
A. Skipjack B. IDEA C. Blowfish D. RC4
Answer: D
Explanation:
RC4 is a proprietary, variable-key-length stream cipher invented by Ron Rivest for RSA Data
Security, Inc. Skipjack, IDEA and Blowfish are examples of block ciphers.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 92
What is the key size of the International Data Encryption Algorithm (IDEA)?
A. 64 bits B. 128 bits C. 160 bits D. 192 bits
Answer: B
Explanation:
The International Data Encryption Algorithm (IDEA) is a block cipher that operates on 64 bit blocks
of data with a 128-bit key. The data blocks are divided into 16 smaller blocks and each has eight
rounds of mathematical functions performed on it. It is used in the PGP encryption software.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 3).
Question # 93
Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?
A. The use of good key generators. B. The use of session keys. C. Nothing can defend you against a brute force crypto key attack. D. Algorithms that are immune to brute force key attacks.
Answer: B
Explanation:
If we assume a crytpo-system with a large key (and therefore a large key space) a brute force
attack will likely take a good deal of time - anywhere from several hours to several years
depending on a number of variables. If you use a session key for each message you encrypt, then
the brute force attack provides the attacker with only the key for that one message. So, if you are
encrypting 10 messages a day, each with a different session key, but it takes me a month to break
each session key then I am fighting a loosing battle.
The other answers are not correct because:
"The use of good key generators" is not correct because a brute force key attack will eventually
run through all possible combinations of key. Therefore, any key will eventually be broken in this
manner given enough time.
"Nothing can defend you against a brute force crypto key attack" is incorrect, and not the best
answer listed. While it is technically true that any key will eventually be broken by a brute force
attack, the question remains "how long will it take?". In other words, if you encrypt something
today but I can't read it for 10,000 years, will you still care? If the key is changed every session
does it matter if it can be broken after the session has ended? Of the answers listed here, session
keys are "often considered a good protection against the brute force cryptography attack" as the
question asks.
"Algorithms that are immune to brute force key attacks" is incorrect because there currently are no
such algorithms.
References:
Official ISC2 Guide page: 259
All in One Third Edition page: 623
Question # 94
How many rounds are used by DES?
A. 16 B. 32 C. 64 D. 48
Answer: A
Explanation:
DES is a block encryption algorithm using 56-bit keys and 64-bit blocks that are divided in half and
each character is encrypted one at a time. The characters are put through 16 rounds of
transposition and substitution functions. Triple DES uses 48 rounds.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 3).
Question # 95
Which of the following issues is not addressed by digital signatures?
A. nonrepudiation B. authentication C. data integrity D. denial-of-service
Answer: D
Explanation:
A digital signature directly addresses both confidentiality and integrity of the CIA triad. It does not
directly address availability, which is what denial-of-service attacks.
The other answers are not correct because:
"nonrepudiation" is not correct because a digital signature can provide for nonrepudiation.
"authentication" is not correct because a digital signature can be used as an authentication
mechanism
"data integrity" is not correct because a digital signature does verify data integrity (as part of
nonrepudiation)
References:
Official ISC2 Guide page: 227 & 265
All in One Third Edition page: 648
Question # 96
Which of the following is more suitable for a hardware implementation?
A. Stream ciphers B. Block ciphers C. Cipher block chaining D. Electronic code book
Answer: A
Explanation:
A stream cipher treats the message as a stream of bits or bytes and performs mathematical
functions on them individually. The key is a random value input into the stream cipher, which it
uses to ensure the randomness of the keystream data. They are more suitable for hardware
implementations, because they encrypt and decrypt one bit at a time. They are intensive because
each bit must be manipulated, which works better at the silicon level. Block ciphers operate a the
block level, dividing the message into blocks of bits. Cipher Block chaining (CBC) and Electronic
Code Book (ECB) are operation modes of DES, a block encryption algorithm.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 2).
Question # 97
The primary purpose for using one-way hashing of user passwords within a password file is which of the following?
A. It prevents an unauthorized person from trying multiple passwords in one logon attempt. B. It prevents an unauthorized person from reading the password. C. It minimizes the amount of storage required for user passwords. D. It minimizes the amount of processing time used for encrypting passwords.
Answer: B
Explanation:
The whole idea behind a one-way hash is that it should be just that - one-way. In other words, an
attacker should not be able to figure out your password from the hashed version of that password
in any mathematically feasible way (or within any reasonable length of time).
Password Hashing and Encryption
In most situations , if an attacker sniffs your password from the network wire, she still has some
work to do before she actually knows your password value because most systems hash the
password with a hashing algorithm, commonly MD4 or MD5, to ensure passwords are not sent in
cleartext.
Although some people think the world is run by Microsoft, other types of operating systems are out
there, such as Unix and Linux. These systems do not use registries and SAM databases, but
contain their user passwords in a file cleverly called “shadow.” Now, this shadow file does not
contain passwords in cleartext; instead, your password is run through a hashing algorithm, and the
resulting value is stored in this file.
Unixtype systems zest things up by using salts in this process. Salts are random values added to
the encryption process to add more complexity and randomness. The more randomness entered
into the encryption process, the harder it is for the bad guy to decrypt and uncover your password.
The use of a salt means that the same password can be encrypted into several thousand different
formats. This makes it much more difficult for an attacker to uncover the right format for your
system.
Password Cracking tools
Note that the use of one-way hashes for passwords does not prevent password crackers from
guessing passwords. A password cracker runs a plain-text string through the same one-way hash
algorithm used by the system to generate a hash, then compares that generated has with the one
stored on the system. If they match, the password cracker has guessed your password.
This is very much the same process used to authenticate you to a system via a password. When
you type your username and password, the system hashes the password you typed and compares
that generated hash against the one stored on the system - if they match, you are authenticated.
Pre-Computed password tables exists today and they allow you to crack passwords on Lan
Manager (LM) within a VERY short period of time through the use of Rainbow Tables. A Rainbow
Table is a precomputed table for reversing cryptographic hash functions, usually for cracking
password hashes. Tables are usually used in recovering a plaintext password up to a certain
length consisting of a limited set of characters. It is a practical example of a space/time trade-off
also called a Time-Memory trade off, using more computer processing time at the cost of less
storage when calculating a hash on every attempt, or less processing time and more storage when
compared to a simple lookup table with one entry per hash. Use of a key derivation function that
employs a salt makes this attack unfeasible.
You may want to review "Rainbow Tables" at the links:
This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite, both very wellknown suites at that time, but now deprecated. There also existed a now very old oclHashcat GPU
cracker that was replaced w/ plus and lite, which - as said - were then merged into oclHashcat
1.00 again.
This cracker can crack Hashes of NTLM Version 2 up to 8 characters in less than a few hours. It is
definitively a game changer. It can try hundreds of billions of tries per seconds on a very large
cluster of GPU's. It supports up to 128 Video Cards at once.
I am stuck using Password what can I do to better protect myself?
You could look at safer alternative such as Bcrypt, PBKDF2, and Scrypt.
bcrypt is a key derivation function for passwords designed by Niels Provos and David Mazières,
based on the Blowfish cipher, and presented at USENIX in 1999. Besides incorporating a salt to
protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count
can be increased to make it slower, so it remains resistant to brute-force search attacks even with
increasing computation power.
In cryptography, scrypt is a password-based key derivation function created by Colin Percival,
originally for the Tarsnap online backup service. The algorithm was specifically designed to make
it costly to perform large-scale custom hardware attacks by requiring large amounts of memory. In
2012, the scrypt algorithm was published by the IETF as an Internet Draft, intended to become an
informational RFC, which has since expired. A simplified version of scrypt is used as a proof-ofwork scheme by a number of cryptocurrencies, such as Litecoin and Dogecoin.
PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function that is part of
Which of the following is not a disadvantage of symmetric cryptography when compared withAsymmetric Ciphers?
A. Provides Limited security services B. Has no built in Key distribution C. Speed D. Large number of keys are needed
Answer: C
Explanation:
Symmetric cryptography ciphers are generally fast and hard to break. So speed is one of the key
advantage of Symmetric ciphers and NOT a disadvantage. Symmetric Ciphers uses simple
encryption steps such as XOR, substitution, permutation, shifting columns, shifting rows, etc...
Such steps does not required a large amount of processing power compare to the complex
mathematical problem used within Asymmetric Ciphers.
Some of the weaknesses of Symmetric Ciphers are:
The lack of automated key distribution. Usually an Asymmetric cipher would be use to protect the
symmetric key if it needs to be communicated to another entity securely over a public network. In
the good old day this was done manually where it was distributed using the Floppy Net sometimes
called the Sneaker Net (you run to someone's office to give them the key).
As far as the total number of keys are required to communicate securely between a large group of
users, it does not scale very well. 10 users would require 45 keys for them to communicate
securely with each other. If you have 1000 users then you would need almost half a million key to
communicate secure. On Asymmetric ciphers there is only 2000 keys required for 1000 users. The
formula to calculate the total number of keys required for a group of users who wishes to
communicate securely with each others using Symmetric encryption is Total Number of Users (N)
* Total Number of users minus one Divided by 2 or N (N-1)/2
Symmetric Ciphers are limited when it comes to security services, they cannot provide all of the
security services provided by Asymmetric ciphers. Symmetric ciphers provides mostly
confidentiality but can also provide integrity and authentication if a Message Authentication Code
(MAC) is used and could also provide user authentication if Kerberos is used for example.
Symmetric Ciphers cannot provide Digital Signature and Non-Repudiation.
Reference used for theis question:
WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 2).
Question # 99
Which of the following is best provided by symmetric cryptography?
A. Confidentiality B. Integrity C. Availability D. Non-repudiation
Answer: A
Explanation:
When using symmetric cryptography, both parties will be using the same key for encryption and
decryption. Symmetric cryptography is generally fast and can be hard to break, but it offers limited
overall security in the fact that it can only provide confidentiality.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 2).
Question # 100
How many bits is the effective length of the key of the Data Encryption Standard algorithm?
A. 168 B. 128 C. 56 D. 64
Answer: C
Explanation:
The correct answer is "56". This is actually a bit of a trick question, since the actual key length is
64 bits. However, every eighth bit is ignored because it is used for parity. This makes the "effective
length of the key" that the question actually asks for 56 bits.
The other answers are not correct because:
168 - This is the number of effective bits in Triple DES (56 times 3).
128 - Many encryption algorithms use 128 bit key, but not DES. Note that you may see 128 bit
encryption referred to as "military strength encryption" because many military systems use key of
this length.
64 - This is the actual length of a DES encryption key, but not the "effective length" of the DES
key.
Reference:
Official ISC2 Guide page: 238
All in One Third Edition page: 622
Question # 101
Which of the following would best describe a Concealment cipher?
A. Permutation is used, meaning that letters are scrambled. B. Every X number of words within a text, is a part of the real message. C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks. D. Hiding data in another message so that the very existence of the data is concealed.
Answer: B
Explanation:
When a concealment cipher is used, every X number of words within a text, is a part of the real
message. The message is within another message.
A concealment cipher is a message within a message. If my other super-secret spy buddy and I
decide our key value is every third word, then when I get a message from him, I will pick out every
third word and write it down. Suppose he sends me a message that reads, “The saying, ‘The time
is right’ is not cow language, so is now a dead subject.” Because my key is every third word, I
come up with “The right cow is dead.” This again means nothing to me, and I am now turning in
my decoder ring.
Concealment ciphers include the plaintext within the ciphertext. It is up to the recipient to know
which letters or symbols to exclude from the ciphertext in order to yield the plaintext. Here is an
example of a concealment cipher:
i2l32i5321k34e1245ch456oc12ol234at567e
Remove all the numbers, and you'll have i like chocolate. How about this one?
Larry even appears very excited. No one worries.
The first letter from each word reveals the message leave now. Both are easy, indeed, but many
people have crafted more ingenious ways of concealing the messages. By the way, this type of
cipher doesn't even need ciphertext, such as that in the above examples.
Consider the invisible drying ink that kids use to send secret messages. In a more extreme
example, a man named Histiaeus, during 5th century B.C., shaved the head of a trusted slave,
then tattooed the message onto his bald head. When the slave's hair grew back, Histiaeus sent
the slave to the message's intended recipient, Aristagoros, who shaved the slave's head and read
the message instructing him to revolt.
The following answers are incorrect:
A transposition cipher uses permutations.
A substitution cipher replaces bits, characters, or blocks of characters with different bits,
characters or blocks.
Steganography refers to hiding the very existence of the message.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 1).
