177. c. Encryption is a desirable option in mainframe but not in a local-area network (LAN) environment due to performance problems. Although hardware-based encryption is faster, it degrades system performance as found in software-based encryption. In addition, keys used in the encryption require management’s attention in terms of key distribution and disposition. Therefore, encryption is not a desirable option for LANs. As the capacity of CPU processors increase, it could become a desirable option for LANs for mitigating insider risks.
178. Which of the following encryption schemes is more secure?
a. Encrypting once with the same key
b. Encrypting twice with the same key
c. Encrypting twice with two keys
d. Multiple encryptions with different keys
178. d. Any encryption scheme can be made more secure through multiple encryptions with different keys. Similarly, a triple encryption is stronger than a double or single encryption. However, costs and overhead increase as the number of encryptions increase. Also, system performance degrades as the number of encryptions increase.
For example, 2DES encryption with two keys is no more secure than a 1DES encryption due to the possibility of the meet-in-the middle attack. Therefore, 3DES (triple DES) should be considered.
179. Which of the following technologies are required to ensure reliable and secure telecommunications networks?
a. Cryptography and trusted encryption keys
b. Advanced identification and authentication techniques and cryptography
c. Firewalls, cryptography, and trusted encryption keys
d. Cryptography, advanced identification and authentication techniques, firewalls, and trusted encryption keys
179. d. Secure and reliable telecommunications networks must have effective ways for authenticating information and assuring the confidentiality of information. There is no single technology or technique that can produce the needed security and reliability of networks. A range of technologies, including cryptography, improved identification and authentication technologies, and firewalls will be required, along with trusted encryption keys and security management infrastructures.
180. Which of the following should not be subject to review during a periodic review of a cryptographic system?
a. Parameters
b. Operations
c. Keys
d. Controls
180. c. A cryptographic system should be monitored and periodically reviewed to ensure that it is satisfying its security objectives. All parameters associated with correct operation of the cryptographic system should be reviewed, and operation of the system itself should be periodically tested and the results evaluated. Certain information, such as secret keys or private keys in public key systems, should not be subject to review. However, nonsecret or nonprivate keys could be used in a simulated review procedure. Physical protection of a cryptographic module is required to prevent physical replacement or modification of the cryptographic system.
181. Which of the following threats is not addressed by digital signatures and random number challenges?
a. Masquerade
b. Replay attacks
c. Password compromise
d. Denial-of-service
181. d. Denial-of-service (DoS) is any action or series of actions that prevent any part of a system from functioning in accordance with its intended purpose. This includes any action that causes the unauthorized destruction, modification, or delay of service.
By using a private key to generate digital signatures for authentication, it becomes computationally infeasible for an attacker to masquerade as another entity. Using random number challenges (tokens) and digital signatures eliminates the need for transmitting passwords for authentication, thus reducing the threat of their compromise. The use of random number challenges also prevents an intruder from copying an authentication token signed by another user and replaying it successfully at a later time. However, a new random number challenge should be generated for each authentication exchange.
182. Electronic signatures and handwritten signatures are useful in their own ways. Which of the following statements is not true about these two types of signatures?
a. Both signatures have the same legal status.
b. Both signatures are subject to forgery with equal difficulty.
c. Both signatures link a document with a particular person.
d. Both signatures are subject to trickery or coercion.
