Cloned from: CISSP-Study Mixed-1



keywords:
Bookmark and Share



Front Back
Which one of the following is not a goal of cryptographic systems? A.Nonrepudiation B.Confidentiality C.Availability D.Integrity
C. The four goals of cryptographic systems are confidentiality, integrity, authentication, and nonrepudiation. 
John recently received an electronic mail message from Bill. What cryptographic goal would need to be met to convince John that Bill was actually the sender of the message? A.Nonrepudiation B.Confidentiality C.Availability D.Integrity
A. Nonrepudiation prevents the sender of a message from later denying that they sent it.
What is the length of the cryptographic key used in the Data Encryption Standard (DES) cryptosystem? A.56 bits B.128 bits C.192 bits D.256 bits
A. DES uses a 56-bit key. This is considered one of the major weaknesses of this cryptosystem
What type of cipher relies upon changing the location of characters within a message to achieve confidentiality? A.Stream cipher B.Transposition cipher C.Block cipher D.Substitution cipher
B. Transposition ciphers use a variety of techniques to reorder the characters within a message.
What is layer 4 of the OSI model? A.Presentation B.Network C.Data Link D.Transport
D. The Transport layer is layer 4. The Presentation layer is layer 6, the Data Link layer is layer 2, and the Network layer is layer 3.
What is Encapsulation? A.Changing the source and destination addresses of a packet B.Adding a header and footer to data as it moves down the OSI stack C.Verifying a person’s identity D.Protecting evidence until it has been properly collected
B. Encapsulation is adding a header and footer to data as it moves through the Presentation layer down the OSI stack.
Which OSI model layer manages communications in simplex, half-duplex, and full-duplex modes? A.Application B.Session C.Transport D.Physical
B. Layer 5, Session, manages simplex (one-direction), half-duplex (two-way, but only one direction can send data at a time), and full-duplex (two-way, in which data can be sent in both directions simultaneously) communications.
Which of the following is the least resistant to EMI? A.Thinnet B.10Base-T UTP C.10Base5 D.Coaxial cable
B. 10Base-T UTP is the least resistant to EMI because it is unshielded. Thinnet (10Base2) and thicknet (10Base5) are both a type of coaxial cable, which is shielded against EMI.
Which of the following cables has the most twists per inch? A.STP B.UTP C.100Base-T D.1000Base-T
D. 1000Base-T offers 1000Mbps throughput and thus must have the greatest number of twists per inch. The tighter the twist (i.e., the number of twists per inch), the more resistant the cable is to internal and external interference and crosstalk and thus the greater the capacity is for throughput (i.e., higher bandwidth).
Which of the following is not true? A.Fiber-optic cable offers very high throughput rates. B.Fiber-optic cable is difficult to install. C.Fiber-optic cable is expensive. D.Communications over fiber-optic cable can be tapped easily.
D. Fiber-optic cable is difficult to tap.
Which of the following is not one of the most common LAN technologies? A.Ethernet B.ATM C.Token Ring D.FDDI
B. Ethernet, Token Ring, and FDDI are common LAN technologies. ATM is more common in a WAN environment.
What is a TCP wrapper? A.An encapsulation protocol used by switches B.An application that can serve as a basic firewall by restricting access based on user IDs or system IDs C.A security protocol used to protect TCP/IP traffic over WAN links D.A mechanism to tunnel TCP/IP through non-IP networks
B. A TCP wrapper is an application that can serve as a basic firewall by restricting access based on user IDs or system IDs.
Which of the following protocols is connectionless? A.TCP B.UDP C.IP D.FTP
B. UDP is a connectionless protocol.
By examining source and destination address, application usage, source of origin, and the relation- ship between current packets with the previous packets of the same session, _________________ firewalls are able to grant a broader range of access for authorized users and activities and actively watch for and block unauthorized users and activities. A.Static packet-filtering B.Application-level gateway C.Stateful inspection D.Circuit-level gateway
C. Stateful inspection firewalls are able to grant a broader range of access for authorized users and activities and actively watch for and block unauthorized users and activities.
_________________ firewalls are known as third-generation firewalls. A.Application-level gateway B.Stateful inspection C.Circuit-level gateway D.Static packet-filtering
B. Stateful inspection firewalls are known as third-generation firewalls.
Which of the following is not true regarding firewalls? A.They are able to log traffic information. B.They are able to block viruses. C.They are able to issue alarms based on suspected attacks.D.They are unable to prevent internal attacks.
B. Most firewalls offer extensive logging, auditing, and monitoring capabilities as well as alarms and even basic IDS functions. Firewalls are unable to block viruses or malicious code transmitted through otherwise authorized communication channels, prevent unauthorized but accidental or intended disclosure of information by users, prevent attacks by malicious users already behind the firewall, or protect data after it passed out of or into the private network.
Which of the following is not a routing protocol? A.OSPF B.BGP C.RPC D.RIP
C. There are numerous dynamic routing protocols, including RIP, OSPF, and BGP, but RPC is not a routing protocol.
A ___________________ is an intelligent hub because it knows the addresses of the systems connected on each outbound port. Instead of repeating traffic on every outbound port, it repeats only traffic out of the port on which the destination is known to exist. A.Repeater B.Switch C.Bridge D.Router
B. A switch is an intelligent hub. It is considered to be intelligent because it knows the addresses of the systems connected on each outbound port.
___________________ is a standards-based mechanism for providing encryption for point-to-point TCP/IP traffic. A.UDP B.SSL C.IPSec D.SDLC
C. IPSec, or IP Security, is a standards-based mechanism for providing encryption for point-to- point TCP/IP traffic.
Which public-private key security system was developed independently of industry standards but has wide Internet grassroots support? A.SLIP B.PGP C.PPTP D.PAP
B. Pretty Good Privacy (PGP) is a public-private key system that uses the IDEA algorithm to encrypt files and e-mail messages. PGP is not a standard but rather an independently developed product that has wide Internet grassroots support.
What authentication protocol offers no encryption or protection for logon credentials? A.PAP B.CHAP C.SSL D.RADIUS
A. PAP, or Password Authentication Protocol, is a standardized authentication protocol for PPP. PAP transmits usernames and passwords in the clear. It offers no form of encryption. It simply provides a means to transport the logon credentials from the client to the authentication server.
___________________ is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints. A.ISDN B.Frame Relay C.SMDS D.ATM
B. Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints. The Frame Relay network is a shared medium across which virtual circuits are created to provide point-to-point communications. All virtual circuits are independent of and invisible to each other.
________________ is a digital end-to-end communications mechanism developed by telephone companies to support high-speed digital communications over the same equipment and infrastructure that is used to carry voice communications.A.ISDN B.Frame Relay C.SMDS D.ATM
A. ISDN, or Integrated Services Digital Network, is a digital end-to-end communications mechanism. ISDN was developed by telephone companies to support high-speed digital communications over the same equipment and infrastructure that is used to carry voice communications.
The Secure Hash Algorithm (SHA) is specified in the: a.Data Encryption Standard b.Digital Signature Standard c.Digital Encryption Standard d.Advanced Encryption Standard
Answer: b The correct answer is b. Answer a refers to DES, a symmetric encryption algorithm; answer c is a distracter — there is no such term; answer d is the Advanced Encryption Standard, which has replaced DES and is now the Rijndael algorithm.
What does Secure Sockets Layer (SSL)/Transaction Security Layer (TSL) do? a.Implements confidentiality, authentication, and integrity above the Transport Layer b.Implements confidentiality, authentication, and integrity below the Transport Layer c.Implements only confidentiality above the Transport Layer d.Implements only confidentiality below the Transport Layer
Answer: a The correct answer is a by definition. Answer b is incorrect because SSL/TLS operates above the Transport Layer; answer c is incorrect because authentication and integrity are provided also, and answer d is incorrect because it cites only confidentiality and SSL/TLS operates above the Transport Layer.
What are MD4 and MD5? a.Symmetric encryption algorithms b.Asymmetric encryption algorithms c.Hashing algorithms d.Digital certificates
The correct answer is c. Answers a and b are incorrect because they are general types of encryption systems, and answer d is incorrect because hashing algorithms are not digital certificates.
Elliptic curves, which are applied to public-key cryptography, employ modular exponentiation, which characterizes the: a.Elliptic curve discrete logarithm problem b.Prime factors of very large numbers c.Elliptic curve modular addition d.Knapsack problem
a The correct answer is a. Modular exponentiation in elliptic curves is the analog of the modular discrete logarithm problem. Answer b is incorrect because prime factors are involved with RSA public-key systems; answer c is incorrect because modular addition in elliptic curves is the analog of modular multiplication; and answer d is incorrect because the knapsack problem is not an elliptic curve problem.
Which algorithm is used in the Clipper Chip? a.IDEA b.DES c.Skipjack d.3 DES
Answer: c The correct answer is c. Answers a, b, and d are other symmetric-key algorithms.
The protocol of the Wireless Application Protocol (WAP), which performs functions similar to SSL in the TCP/IP protocol stack, is called the: a.Wireless Application Environment (WAE) b.Wireless Session Protocol (WSP) c.Wireless Transaction Protocol (WTP) d.Wireless Transport Layer Security Protocol (WTLS)
Answer: d The answer d is correct. SSL performs security functions in TCP/IP. The other answers refer to protocols in the WAP protocol stack also, but their primary functions are not security.
A Security Parameter Index (SPI) and the identity of the security protocol (AH or ESP) are the components of: a.SSL b.IPSec c.S-HTTP d.SSH-1
Answer: c The answer c is correct. Answer a describes a type of cryptographic system using a public and a private key; answer b is the art/science of breaking ciphers; answer d is the conversion of a message of variable length into a fixed-length message digest.
When two different keys encrypt a plaintext message into the same ciphertext, this situation is known as: a.Public-key cryptography b.Cryptanalysis c.Key clustering d.Hashing
Answer: a An XOR operation results in a 0 if the two input bits are identical and a 1 if one of the bits is a 1 and the other is a 0.
A block cipher: a.Encrypts by operating on a continuous data stream b.Is an asymmetric-key algorithm c.Converts variable-length plaintext into fixed-length ciphertext d.Breaks a message into fixed length units for encryption
Answer: d The answer d is correct. Answer a describes a stream cipher; answer b is incorrect because a block cipher applies to symmetric-key algorithms; and answer c describes a hashing operation.
In most security protocols that support confidentiality, integrity, and authentication: a.Public-key cryptography is used to create digital signatures. b.Private-key cryptography is used to create digital signatures.c.DES is used to create digital signatures. d.Digital signatures are not implemented.
The answer a is correct. Answer b is incorrect because private-key cryptography does not create digital signatures; answer c is incorrect because DES is a private-key system and, therefore, follows the same logic as in b; and answer d is incorrect because digital signatures are implemented to obtain authentication and integrity.
Which of the following is an example of a symmetric-key algorithm? a.Rijndael b.RSA c.Diffie-Hellman d.Knapsack
Answer: a The correct answer is a. The other answers are examples of asymmetric-key systems.
Which of the following is a problem with symmetric-key encryption? a.It is slower than asymmetric-key encryption. b.Most algorithms are kept proprietary. c.Work factor is not a function of the key size.d.It provides secure distribution of the secret key.
Answer: d The answer d is correct. Answer a is incorrect because the opposite is true; answer b is incorrect because most symmetric-key algorithms are published; and answer c is incorrect because work factor is a function of key size. The larger the key is, the larger the work factor.
In public-key cryptography: a.Only the private key can encrypt, and only the public key can decrypt. b.Only the public key can encrypt, and only the private key can decrypt.c.The public key is used to encrypt and decrypt. d.If the public key encrypts, only the private key can decrypt.
Answer: d The answer d is correct. Answers a and b are incorrect because if one key encrypts, the other can decrypt. Answer c is incorrect because if the public key encrypts, it cannot decrypt.
In a hybrid cryptographic system, usually: a.Public-key cryptography is used for the encryption of the message. b.Private-key cryptography is used for the encryption of the message. c.Neither public-key nor private-key cryptography is used. d.Digital certificates cannot be used.
Answer: b The answer b is correct. Answer a is incorrect because public-key cryptography is usually used for the encryption and transmission of the secret session key. Answer c is incorrect because both public- and private-key encryption are used, and answer d is incorrect because digital certificates can be used (and normally are used).
What is the block length of the Rijndael Cipher? a.64 bits b.128 bits c.Variable d.256 bits
Answer: c The correct answer is c. The other answers with fixed numbers are incorrect.
x of y cards