Читаем CISSP Practice полностью

c. Integrity

d. Nonrepudiation

42. a. Digital signatures cannot by themselves provide confidentiality service; instead, they provide authentication, integrity, and non-repudiation services. Specific algorithms used for digital signatures include DSA, RSA, PKCS, and ECDSA.

43. The transport layer security (TLS) protocol does not provide which of the following?

a. Integrity

b. Error recovery

c. Authentication

d. Encrypted payload

43. b. The transport layer security (TLS) protocol is protected by strong cryptographic integrity, an authentication mechanism, and encrypted payload. The TLS can detect any attack or noise event but cannot recover from errors. If an error is detected, the protocol run is simply terminated. Hence, the TLS needs to work with the TCP (transport control protocol) to recover from errors.

44. Which of the following statements is true about digital signatures using the digital signature algorithm?

a. The length of the digital signature is one-time the length of the key size.

b. The length of the digital signature is two-times the length of the key size.

c. The length of the digital signature is three-times the length of the key size.

d. The length of the digital signature is four-times the length of the key size.

44. b. The digital signature algorithm (DSA) produces digital signatures of 320, 448, or 512 bits using the key size of 160, 224, or 256 respectively. Hence, the length of the digital signature is two-times the length of the key size.

45. Cryptographic key establishment schemes use which of the following?

a. Key transport and key agreement

b. Key wrapping and key confirmation

c. Key usage and key distribution

d. Key splits and key bundles

45. a. Cryptographic key establishment schemes are used to set up keys to be used between communicating entities. The scheme uses key transport and key agreement. The key transport is the distribution of a key from one entity to another entity. The key agreement is the participation by both entities in the creation of shared keying material (for example, keys and initialization vectors). The key establishment scheme does not deal with the other three choices.

46. Network communication channels contain unintentional errors due to transmission media and create network congestion, leading to lost packets. Which of the following statements is incorrect about forward error-correcting codes?

a. Forward error-correcting codes are a subset of non-cryptographic checksums.

b. Forward error-correction mechanism should be applied before encryption.

c. Forward error-correcting codes can correct a limited number of errors without retransmission.

d. Forward error-correction mechanism should be applied after encryption.

46. b. Forward error-correcting codes are a subset of noncryptographic checksums (i.e., they use an algorithm without secret information in terms of a cryptographic key) that can be used to correct a limited number of errors without retransmission. If forward error-correction is applied before encryption and errors are inserted in the ciphertext during transmission, it is difficult to decrypt, thus making the errors uncorrectable. Therefore, it is preferable to apply the forward error-correction mechanism after the encryption process. This will allow the error correction by the receiving entity’s system before the ciphertext is decrypted, resulting in correct plaintext.

47. Which of the following should not exist outside the cryptographic boundary of the crypto-module?

a. Shared secrets and intermediate results

b. Domain parameters and initialization vectors

c. Random number generator seeds and nonce

d. Nonce and salt

47. a. Shared secrets are generated during a key establishment process. Intermediate results of cryptographic operations are generated using secret information. Therefore, both shared secrets and intermediate results should not exist outside the cryptographic boundary of the crypto-module due to their sensitivity and criticality. The other three choices either do not exist outside the cryptographic boundary or they are less sensitive and critical.

48. What describes the crypto-period of a symmetric key?

a. Originator usage period plus retention period

b. Retention period minus recipient usage period

c. Originator usage period plus recipient usage period