1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 164
Выбрать главу

1. SHA-1

2. MD5

3. HMAC-SHA-1

4. HMAC-MD5

a. 1 only

b. 2 only

c. 1 and 2

d. 3 and 4

168. d. Both HMAC-SHA-1 and HMAC-MD5 algorithms are stronger than SHA-1 or MD5, either alone or together, because they use hash-based message authentication codes (HMACs). Both the SHA-1 and MD5 algorithms are weaker by themselves.

169. Which of the following methods provide the highest level of security to protect data access from unauthorized people?

a. Encryption

b. Callback or dial-back systems

c. Magnetic cards with personal identification number

d. User ID and password

169. a. Encryption provides the highest level of security to protect data access from unauthorized people. It is the process of transforming data to an unintelligible form in such a way that the original data either cannot be obtained (one-way encryption) or cannot be obtained without using the inverse decryption process (two-way encryption). It is difficult to break the encryption algorithm and the keys used in that process.

Callback or dial-back systems and magnetic cards with personal identification numbers provide medium protection, whereas user identification numbers and passwords provide minimum protection. Callback systems can be negated through the use of call forwarding features in a telephone system. Magnetic cards can be lost, stolen, or counterfeited. User IDs and passwords can be shared with others or guessed by others, a control weakness.

170. To achieve effective security over transmission, what is the best area where stronger encryption can be applied the most?

a. Packet level

b. Record level

c. File level

d. Field level

170. d. Encryption can protect anything from one message field to an entire message packet in the transmission over network lines. Because the message field is the lowest level element and an important element in terms of message content and value, security is effective and enhanced. Here, encryption is focused on where it matters the most. Note that the field-level encryption is stronger than file-, record-, and packet-level encryption although encryption can be applied at each of these levels.

171. What is the least powerful method of protecting confidential data or program files?

a. Scrambling the data

b. Encoding the data before transmission

c. Decoding the data after transmission

d. Using passwords and other identification codes

171. d. Use of passwords and other identification codes is not powerful due to their sharing and guessable nature. Scrambling, encoding, and decoding are cryptographic methods used in data transmission. Encryption is used in scrambling, encoding (encrypting), and decoding (decrypting) of data. Encryption is the process of transforming data to an unintelligible form in such a way that the original data either cannot be obtained (one way encryption) or cannot be obtained without using the inverse decryption process (two-way encryption). Authorized users of encrypted computer data must have the key that was used to encrypt the data to decrypt it. The unique key chosen for use in a particular application makes the results of encrypting data using the algorithm unique. Using a different key causes different results. The cryptographic security of the data depends on the security provided for the keys used to encrypt and decrypt the data.

172. What is the best technique to thwart network masquerading?

a. Dial-back technique

b. Dial-forward technique

c. File encryption only

d. Dial-back combined with data encryption

172. d. Personal computers (PCs) are in increasing use as computer terminal devices are connected to larger host systems and when two or more PCs are connected to networks. Information transmitted over unprotected telecommunications lines can be intercepted by someone masquerading as an authorized user, thereby actively receiving sensitive information.

Encryption can be adapted as a means of remote user authorization. A user key, entered at the keyboard, authenticates the user. A second encryption key can be stored in encrypted form in the calling system firmware that authenticates the calling system as an approved communications endpoint. When dial-back is used with two-key encryption, data access can be restricted to authorized users (with the user key) with authorized systems (those whose modems have the correct second key), located at authorized locations (those with phone numbers listed in the answering system’s phone directory).

Dial-back technique alone cannot guarantee protection against masquerading because hackers can use the dial-forward technique to reroute calls and spoof the connection. File encryption only may not be adequate because an intruder may have an opportunity to intercept the key while it is in transit. Managing the encryption key is critical.

173. Which of the following describes message authentication correctly?

a. A process of guaranteeing that the message was sent as received by the party identified in the header of the message.

b. A process of guaranteeing that the message was sent as received by the party identified in the footer of the message.

c. A process of guaranteeing that the message sent was received at the same time regardless of the location.

d. A process of guaranteeing that all delivered and undelivered messages are reconciled immediately.

173. a. Message authentication is a process for detecting unauthorized changes made to data transmitted between users or machines or to data retrieved from storage. Message authentication keys should receive greater protection. It is the message header not the footer that identifies the receiving party of the message. There will be some delay for the messages to be transmitted and received, especially to remote, foreign destinations. Undelivered message reports may be produced at specific time intervals, not immediately.

174. What is the control technique that best achieves confidentiality of data in transfer?

a. Line encryption

b. One-time password

c. File encryption

d. End-to-end encryption

174. a. Here, the communication link from a user site to a CPU computer is encrypted to provide confidentiality. Line encryption protects data in a transfer.

One-time password is incorrect because it ensures that a particular password is used only once, in connection with a specific transaction. It is similar to the one-time key used in the encryption process. The one-time password protects data in process.

File encryption is incorrect because it protects only the file in storage, not the entire communication line where the data transfer is taking place. File encryption protects data in storage.

The end-to-end encryption is incorrect because it is applied to messages on the communication line twice, once by hardware and once by software techniques.

~ 164 ~