CISSP Practice полностью

120. c. Binding an individual’s identity to the public key corresponds to the protection afforded to the individual’s private signature key. Digital certificates are used in this process.

121. Public key technology and digital certificates do not provide which of the following security services?

a. Authentication

b. Nonrepudiation

c. Availability

d. Data integrity

121. c. Public key technology and digital certificates can be used to support authentication, encryption, nonrepudiation, and data integrity, but not availability.

122. Quantum cryptography could be a possible replacement for public key algorithms used in which of the following computing environments?

a. Utility computing

b. On-demand computing

c. Quantum computing

d. Virtual computing

122. c. Quantum cryptography is related to quantum computing technology, but viewed from a different perspective. Quantum cryptography is a possible replacement for public key algorithms that hopefully will not be susceptible to the attacks enabled by quantum computing.

Quantum computing deals with large word size quantum computers in which the security of integer factorization and discrete log-based public-key cryptographic algorithms would be threatened. This would be a major negative result for many cryptographic key management systems that rely on these algorithms for the establishment of cryptographic keys. Lattice-based public-key cryptography would be resistant to quantum computing threats.

Utility computing means allowing users to access technology-based services without much technical knowledge. On-demand computing deals with providing network access for self-services. Virtual computing uses virtual machine with software that allows a single host to run one or more guest operating systems. Utility computing, on-demand computing, and virtual computing are part of cloud computing.

123. Which of the following is good practice for organizations issuing digital certificates?

a. Develop a consulting agreement.

b. Develop an employment agreement.

c. Develop a subscriber agreement.

d. Develop a security agreement.

123. c. Prior to issuance of digital certificates, organizations should require a “subscriber agreement” in place that the subscriber manually signs. This agreement describes his obligations to protect the private signature key, and to notify appropriate authorities if it is stolen, lost, compromised, unaccounted for, or destroyed. Often the provisions of a subscriber agreement can be placed into other documents such as an employment contract or security agreement.

124. Which of the following is required to accept digital certificates from multiple vendor certification authorities?

a. The application must be PKI-enabled.

b. The application must be PKI-aware.

c. The application must use X.509 Version 3.

d. The application must use PKI-vendor plug-ins.

124. c. Using the X.509 Version 3 standard helps application programs in accepting digital certificates from multiple vendor CAs, assuming that the certificates conform to consistent Certificate Profiles. Application programs either have to be PKI-enabled, PKI-aware, or use PKI vendor plug-ins prior to the use of X.509 Version 3 standard. Version 3 is more interoperable so that an application program can accept digital certificates from multiple vendor certification authorities. Version 3 standard for digital certificates provides specific bits that can be set in a certificate to ensure that the certificate is used only for specific services such as digital signature, authentication, and encryption.

125. Which of the following is primarily required for continued functioning of a public key infrastructure (PKI)?

a. Disaster recovery plans

b. Service level plans

c. Fraud prevention plans

d. Legal liability plans