1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 153
Выбрать главу

73. What is the main purpose of a message authentication code (MAC)?

a. Recovery

b. Prevention

c. Detection

d. Correction

73. c. A message authentication code (MAC) is a cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of data.

74. The major functions of a public key used in cryptography include which of the following?

1. Encrypt data

2. Decrypt data

3. Generate signatures

4. Verify signatures

a. 1 only

b. 2 only

c. 1 or 4

d. 2 or 3

74. c. The public key is the public part of an asymmetric key pair that is typically used to encrypt data or verify signatures. The private key is the secret part of an asymmetric key pair that is typically used to decrypt data and to digitally sign (i.e., generate signatures).

75. Approved hash functions must satisfy which of the following properties?

1. One-way

2. Collision resistant

3. Resistant to offline attacks

4. Resistant to online attacks

a. 1 only

b. 3 only

c. 4 only

d. 1 and 2

75. d. A hash function maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions must satisfy the following two properties: one-way and collision resistant. It is computationally infeasible to find any input that map to any prespecified output or two distinct inputs that map to the same output.

Offline attack is an attack where the attacker obtains some data through eavesdropping that he can analyze in a system of his own choosing. Online attack is an attack against an authentication protocol where the attacker either assumes the role of a claimant with a genuine verifier or actively alters the authentication channel. The goal of the attack may be to gain authenticated access or learn authentication secrets.

76. Which of the following is a measure of the amount of uncertainty that an attacker faces to determine the value of a secret?

a. Entropy

b. Random number

c. Nonce

d. Pseudonym

76. a. Entropy is a measure of the amount of uncertainty that an attacker faces to determine the value of a secret. Entropy is usually stated in bits as it relates to information theory. It is a statistical parameter.

Random number is incorrect because it can be used to generate passwords or keys. Nonce is incorrect because it is a value used in security protocols that is never repeated with the same key. Pseudonym is incorrect because it is a subscriber name that has been chosen by the subscriber that is not verified as meaningful by identity proofing.

77. Which of the following is a nonsecret value that is used in a cryptographic process?

a. Salt

b. Shared secret

c. Min-entropy

d. Guessing entropy

77. a. Salt is a nonsecret value that is used in a cryptographic process, usually to ensure that an attacker cannot reuse the results of computations for one instance.

Shared secret is incorrect because it is a secret used in authentication that is known to the claimant and the verifier. Min-entropy is incorrect because it is a measure of the difficulty that an attacker has to guess the most commonly chosen password used in a system. Guessing entropy is incorrect because it is a measure of the difficulty that an attacker has to guess the average password used in a system.

78. A technique to protect software from potential forgeries is to use:

a. Digital libraries

b. Digital signals

c. Digital watermarks

d. Digital signatures

78. c. Digital watermarks are used to prove proprietary rights. It is the process of irreversibly embedding information into a digital signal. An example is embedding copyright information about the copyright owner.

Digital libraries are storage places for data and programs. Digital signals are electronic switches in computers and are represented as binary digits called bits. Digital signatures are a security authorization method to prove that a message was not modified.

79. Which of the following specifically deals with hiding messages and obscuring senders and receivers?

a. Quantum cryptography

b. Steganography

c. Cryptology

d. Cryptography

79. b. Steganography is a part of cryptology that deals with hiding messages and obscuring who is sending or receiving them. Message traffic is padded to reduce the signals that otherwise would come from the sudden beginning of messages. Quantum cryptography is based on quantum-mechanics principles where eavesdroppers alter the quantum state of the system.

Cryptology is the science and study of writing, sending, receiving, and deciphering secret messages. It includes authentication, digital signatures, steganography, and cryptanalysis. Cryptology includes both cryptography and cryptanalysis. Cryptology is the science that deals with hidden communications. Cryptography involves the principles, means, and methods used to render information unintelligible and for restoring encrypted information to intelligible form.

80. What is an encryption algorithm that encrypts and decrypts arbitrarily sized messages called?

a. Link encryption

b. Bulk encryption

c. End-to-end encryption

d. Stream encryption

80. d. The cipher block chaining method is used to convert a block encryption scheme with a variable length key into a stream encryption of arbitrarily sized messages.

In link encryption, all information passing over the link is encrypted in its entirety. Link encryption is also called an online encryption. Simultaneous encryption of all channels of a multichannel telecommunications trunk is called a bulk encryption.

In end-to-end encryption, the information is encrypted at its origin and decrypted at its intended destination without any intermediate decryption. End-to-end encryption is also called an offline encryption. In link encryption, bulk encryption, and end-to-end encryption, the algorithm takes a fixed-length block of message (for example, 64 bits in the case of both DES and IDEA).

81. What is a message authentication code?

a. Data checksum

b. Cryptographic checksum

c. Digital signature

d. Cyclic redundancy check

81. b. A checksum is digits or bits summed according to arbitrary rules and used to verify the integrity of data. All forms of checksums have the same objective, that is, to ensure that the conveyed information has not been changed in transit from sender to recipient. The difference between these checksums is how strong the protective mechanism is for changing the information, that is, how hard it will be to attack for a knowledgeable attacker, not for a natural source. A message authentication code is a cryptographic checksum with the highest form of security against attacks. The public key is used to encrypt the message prior to transmission, and knowledge of a private (secret) key is needed to decode or decrypt the received message.

~ 153 ~