CISSP Practice полностью

The other three choices are incorrect. Key list is a printed series of key settings for a specific cryptonet. Key lists may be produced in list, pad, or printed tape format. Key loader is a self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module. Key exchange is the process of exchanging public keys and other information in order to establish secure communications.

3. Transaction privacy controls do not include which of the following?

a. Secure sockets layer (SSL)

b. Mandatory access controls (MAC)

c. Transmission layer security (TLS)

d. Secure shell (SSH)

3. b. Transaction privacy controls include secure sockets layer (SSL), transport layer security (TLS), and secure shell (SSH) to protect against loss of privacy for transactions performed by an individual. Mandatory access controls (MAC) define access control security policy.

4. A cryptographic key has been compromised due to usage and age. The next step is to use which of the following?

a. DNSSEC-aware resolver

b. Key rollover

c. Zone signing key

d. Key signing key

4. b. Key rollover is the process of generating and using a new key (symmetric or asymmetric key pair) to replace one already in use. Rollover is done because a key has been compromised as a result of usage and age.

The DNSSEC-aware resolver is incorrect because it is an entity that sends DNS queries, receives DNS responses, and understands the DNSSEC specification, even if it is incapable of performing validation. A zone-signing key is incorrect because it is an authentication key that corresponds to a private key used to sign a zone. A key signing key is incorrect because it is an authentication key that corresponds to a private key used to sign one or more other authentication keys for a given zone.

5. Which of the following protocols is used to encrypt individual messages?

a. Secure sockets layer (SSL)

b. Transport layer security (TLS)

c. Secure hypertext transfer protocol (S-HTTP)

d. Hypertext transfer protocol (HTTP)

5. c. Secure hypertext transfer protocol (S-HTTP) is used for encrypting data flowing over the Internet, but it is limited to individual messages. Secure sockets layer (SSL) and transport layer security (TLS) are designed to establish a secure connection between two computers. Hypertext transfer protocol (HTTP) cannot do encryption and is not as secure as S-HTTP.

6. For cryptography, which of the following refers to the worst-case measure of uncertainty for a random variable with the greatest lower bound?

a. Max-entropy

b. Min-entropy

c. Guessing entropy

d. Min-Max entropy

6. b. Entropy is the uncertainty of a random variable, which is stated in bits. Min-entropy is the worst-case measure of uncertainty for a random variable with the greatest lower bound. Min-entropy is a measure of the difficulty that an attacker has to guess the most commonly chosen password used in a system. Guessing entropy is a measure of the difficulty that an attacker has to guess the value of a secret (e.g., a password). Guessing entropy refers to an attacker that knows the actual password frequency distribution. Max-entropy and min-max entropy are not usually used in the context of entropy.

7. Countermeasures against brute force attacks on cryptographic keys include which of the following?

1. Change keys

2. Increase key length

3. Change protocol

4. Change algorithm

a. 1 and 2

b. 2 and 3

c. 3 and 4

d. 1 and 3

7. a. Changing cryptographic keys frequently and increasing the key length can fight against the brute force attacks on keys. Changing protocols and algorithms cannot fight against the brute force attacks because the changed protocols and algorithms could be subjected to the same attacks or different attacks.

8. For cryptography, what is nonce?

a. Timestamp plus sequence number

b. Checksum plus check digit

c. Payload plus protocol

d. Public key plus private key