CISSP Practice полностью

The other two items cannot control traffic analysis attacks. Traffic flow signal control is used to conduct traffic flow analysis. Traffic encryption key is used to encrypt plaintext or to super-encrypt previously encrypted text and/or to decrypt ciphertext.

98. Which of the following refers to a communications network architecture in which user data traversing a global Internet Protocol (IP) network is end-to-end encrypted at the IP layer?

a. RED

b. BLACK

c. Black core

d. Striped core

98. c. Black core refers to a communications network architecture in which user data traversing a core (global) Internet Protocol (IP) network is end-to-end encrypted at the IP layer.

RED refers to data/information or messages that contain sensitive or classified information that is not encrypted whereas BLACK refers to information that is encrypted. Striped core is a communications network architecture in which user data traversing a core (global) IP network is decrypted, filtered, and re-encrypted one or more times. The process of decryption filtering, and re-encryption is performed within a “red gateway”; consequently, the core is “striped” because the data path is alternatively black, red, and black.

99. Digital signature generation should provide security strength of which of the following?

a. Less than 80 bits

b. Equal to or greater than 80 bits

c. Equal to or greater than 112 bits

d. Between 80 and 112 bits

99. c. Digital signature generation should provide security strength of 112 bits or more. Digital signature verification should provide security strength of 80 bits or more. Less than 80 bits or a range between 80 and 112 bits are not acceptable for the digital signature generation.

100. Which of the following is not true about a digital signature?

a. It is an encrypted digest of the text that is sent along with a message.

b. It authenticates the identity of the sender of a message.

c. It guarantees that no one has altered the sent document.

d. Electronic signatures and digital signatures are the same.

100. d. A digital signature is an electronic analogue of a handwritten signature in that it can be used to prove to the recipient, or a third party, that the originator in fact signed the message. It is an encrypted digest of the text that is sent along with a message, usually a text message, but possibly one that contains other types of information, such as pictures. A digital signature authenticates the identity of the sender of the message and also guarantees that no one has altered the document.

On the other hand, an electronic signature is a cryptographic mechanism that performs a similar function to a handwritten signature. It is used to verify the origin and contents of a message (for example, an e-mail message). It is a method of signing an electronic message that (i) identifies and authenticates a particular person as the source of the electronic message and (ii) indicates such person’s approval of the information contained in the electronic message. Electronic signatures can use either secret key or public key cryptography. Hence, electronic signatures and digital signatures are not the same.

101. Traffic flow confidentiality uses which of the following security controls?

a. Traffic padding and address hiding

b. Testwords and traffic padding

c. Traffic padding and seals/signatures

d. Address hiding and seals/signatures

101. a. Traffic flow confidentiality protects against sensitive information being disclosed by observing network traffic flows. It uses traffic (message) padding and address hiding controls. In traffic padding, “dummy” traffic is generated to confuse the intruder. Address hiding requires that protocol header information be protected from unauthorized attack via cryptographic means.

Testword is incorrect because a string of characters is appended to a transaction by the sending party and verified by the receiving party. A testword is an early technology realization of a seal or signature used in financial transactions. A seal or signature involves cryptographically generating a value that is appended to a plain text data item. Both testwords and seals are used to increase the data integrity of financial transactions.