CISSP Cram Test Questions: Domain 7 -
Security Engineering
The RSA algorithm is an example of what type of cryptography? - ANS-Asymmetric Key.
Kerberos depends upon what encryption method? - ANS-Secret Key cryptography.
The DES algorithm is an example of what type of cryptography? - ANS-Secret Key
Which of the following encryption methods is known to be unbreakable? -
ANS-One-time pads.
What algorithm was DES derived from? - ANS-Lucifer.
What is a characteristic of using the Electronic Code Book mode of DES encryption? -
ANS-A given block of plaintext and a given key will always produce the same ciphertext.
Where parties do not have a shared secret and large quantities of sensitive information
must be passed, the
most efficient means of transferring information is to use Hybrid Encryption Methods.
What does this mean? - ANS-Use of public key encryption to secure a secret key, and
message encryption using the secret key.
Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The
originator encrypts
information using the intended recipient's "public" key in order to get confidentiality of
the data being sent. The
recipients use their own "private" key to decrypt the information. The "Infrastructure" of
this methodology
ensures that: - ANS-The recipient's identity can be positively verified by the sender.
Which of the following DoD Model layer provides non-repudiation services? -
ANS-application layer.
Which of the following statements is true about data encryption as a method of
protecting data? - ANS-It requires careful key management
,Which type of algorithm is considered to have the highest strength per bit of key length
of any of the
asymmetric algorithms? - ANS-Elliptic Curve Cryptography (ECC)
How many bits is the effective length of the key of the Data Encryption Standard
algorithm? - ANS-56
The primary purpose for using one-way hashing of user passwords within a password
file is which of the
following? - ANS-It prevents an unauthorized person from reading the password.
Which of the following issues is not addressed by digital signatures? -
ANS-denial-of-service
Brute force attacks against encryption keys have increased in potency because of
increased computing power.
Which of the following is often considered a good protection against the brute force
cryptography attack? - ANS-The use of session keys.
The Data Encryption Standard (DES) encryption algorithm has which of the following
characteristics? - ANS-64 bit blocks with a 64 bit total key length
PGP uses which of the following to encrypt data? - ANS-A symmetric encryption
algorithm
A public key algorithm that does both encryption and digital signature is which of the
following? - ANS-RSA
Which of the following is NOT true of Secure Sockets Layer (SSL)? - ANS-By
convention it uses 's-http://' instead of 'http://'.
There are parallels between the trust models in Kerberos and Public Key Infrastructure
(PKI). When we
compare them side by side, Kerberos tickets correspond most closely to which of the
following? - ANS-public-key certificates
Which of the following identifies the encryption algorithm selected by NIST for the new
Advanced Encryption
Standard? - ANS-Rijndael
, Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)? -
ANS-It is believed to require shorter keys for equivalent security.
What are the three most important functions that Digital Signatures perform? -
ANS-Integrity, Authentication and Nonrepudiation
Which of the following protocols that provide integrity and authentication for IPSec, can
also provide nonrepudiation
in IPSec? - ANS-Authentication Header (AH)
Which of the following is a cryptographic protocol and infrastructure developed to send
encrypted credit card
numbers over the Internet? - ANS-Secure Electronic Transaction (SET)
Which of the following cryptographic attacks describes when the attacker has a copy of
the plaintext and the
corresponding ciphertext? - ANS-known plaintext
Which of the following is NOT a true statement regarding the implementaton of the
3DES modes? - ANS-DES-EEE1 uses one key
Which one of the following is a key agreement protocol used to enable two entities to
agree and generate a
session key (secret key used for one session) over an insecure medium without any
prior secrets or
communications between the entities? The negotiated key will subsequently be used for
message encryption
using Symmetric Cryptography. - ANS-Diffie_Hellmann
Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher
was based on? - ANS-Caesar
In a known plaintext attack, the cryptanalyst has knowledge of which of the following? -
ANS-both the plaintext and the associated ciphertext of several messages
What is the length of an MD5 message digest? - ANS-128 bits
The Secure Hash Algorithm (SHA-1) creates: - ANS-a fixed length message digest from
a variable length input message
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller EXAMQA. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.