8. Which of the following storage methods for file encryption system (FES) is less secure?
a. Public key cryptography standard
b. Key encryption key
c. Hardware token
d. Asymmetric user owned private key
8. a. The public key cryptography standard (PKCS) is less secure because the security is dependent only on the strength of the password used. Key encryption key is relatively a new technology where keys are stored on the same computer as the file. It utilizes per-file encryption keys, which are stored on the hard disk, encrypted by a key encryption key. The asymmetric user owned private key utilizes per-file encryption keys, which are encrypted under the file owner’s asymmetric private key. It requires either a user password or a user token.
9. Which of the following storage methods for file encryption system (FES) is more expensive?
a. Public key cryptography standard
b. Key encryption key
c. Hardware token
d. Asymmetric user owned private key
9. c. The file encryption system (FES) uses per-file encryption keys that are split into two components that will be an Exclusive-Or operation (XORed) to re-create the key, with one key component stored on hardware token and the other key component derived from a password using the public key cryptography standard (PKCS) to derive the key. Because of the key split, hardware tokens are more expensive.
The public key cryptography standard (PKCS) generates a single key from a user’s password. Key encryption key is relatively a new technology where keys are stored on the same computer as the file. It utilizes per-file encryption keys, which are stored on the hard disk, encrypted by a key encryption key. The asymmetric user owned private key utilizes per-file encryption keys, which are encrypted under the file owner’s asymmetric private key. It requires either a user password or a user token.
10. Which of the following storage methods for file encryption system (FES) is highly secure?
a. Public key cryptography standard
b. Key encryption key
c. Hardware token
d. Asymmetric user owned private key
10. c. Because of the key split, hardware tokens are highly secure if implemented correctly. The other three choices are not highly secure. The public key cryptography standard (PKCS) generates a single key from a user’s password. Key encryption key is relatively a new technology where keys are stored on the same computer as the file. It utilizes per-file encryption keys, which are stored on the hard disk, encrypted by a key encryption key. The asymmetric user owned private key utilizes per-file encryption keys, which are encrypted under the file owner’s asymmetric private key. It requires either a user password or a user token.
11. Which of the following can limit the number of network access points to an information system that enables monitoring of inbound and outbound network traffic?
a. Trusted path
b. Trusted computer system
c. Trusted computing base
d. Trusted Internet connection
11. d. The trusted Internet connection (TIC) initiative is an example of limiting the number of managed network access points. The other three choices do not limit the number of network access points.
12. The IT architecture and system security design should focus first on which of the following?
a. Information availability
b. Hardware availability
c. Software availability
d. System availability
12. d. System availability, which includes hardware availability and software availability, should be the first focus, and information availability should be the next focus because a system contains information, not the other way around.
13. Regarding cryptographic modules, which of the following refers to verifying the design between a formal model and functional specifications?
a. Proof-of-wholeness
b. Proof-of-origin
c. Proof-of-correspondence
d. Proof-of-correctness
