Читаем CISSP Practice полностью

85. Which of the following statements is true about message padding?

a. It is the same as traffic padding.

b. It is similar to a data checksum.

c. It is adding additional bits to a message.

d. It is the same as one-time pad.

85. c. Message padding adds bits to a message to make it a desired length—for instance, an integral number of bytes. Traffic padding involves adding bogus traffic into the channel to prevent traffic analysis, which is a passive attack. Data checksums are digits or bits summed according to arbitrary rules and used to verify the integrity of data. The one-time pad contains a random number for each character in the original message. The pad is destroyed after its initial use.

86. What is a public key cryptographic algorithm that does both encryption and digital signature?

a. Rivest, Shamir, and Adelman (RSA)

b. Data encryption standard (DES)

c. International data encryption algorithm (IDEA)

d. Digital signature standard (DSS)

86. a. RSA’s technique can be used for document encryption as well as creating digital signatures. DSS is a public key cryptographic system for computing digital signatures only, but not for encryption. Both RSA and DSS appear to be similar. DES is a secret key cryptographic scheme. IDEA is also a secret key cryptographic scheme gaining popularity. Both DES and IDEA use secret (private) key algorithms, whereas DSS and RSA use public key algorithms.

87. What is a digital signature?

a. A form of authenticator

b. An actual signature written on the computer

c. The same as the checksum

d. Different from analog signature

87. a. A digital signature authorizes and legitimizes the transaction by using a secret decryption key to send it to the receiver. An actual signature written on the computer is incorrect because it is not an actual signature. Instead, a digital signature is decrypted using the secret decryption key and sent to the receiver. Checksum is incorrect because it is a technique to ensure the accuracy of transmission, and it ensures the integrity of files. There is no such thing as an analog signature because a digital signature is needed.

88. What is a major drawback of digital certificates?

a. Certificate authority

b. Internet addresses

c. Message digest

d. Digital signature

88. b. A major drawback of digital certificates is that they do not identify individuals, only Internet addresses. A different person could use the same computer with bad intent and be seen as the legitimate owner of the digital certificate. The certificate authority, the message digest, and the digital signatures are the strengths of digital certificates.

89. Which of the following methods can prevent eavesdropping?

a. Authentication

b. Access controls

c. Encryption

d. Intrusion detection

89. c. Encryption can be used to prevent eavesdroppers from obtaining data traveling over unsecured networks. The items mentioned in the other three choices do not have the same features as encryption.

Authentication is the act of verifying the identity of a user and the user’s eligibility to access computerized information. Access controls determine what users can do in a computer system. Intrusion detection systems are software or hardware systems that detect unauthorized use of, or attack upon, a computer or network.

90. Which of the following is more secure?

a. Private key system

b. Public key system

c. Authentication key system

d. Encryption key system

90. b. The public key system is more secure because transmission involves the public key only; the private key is never transmitted and is kept secret by its holder. On the other hand, in a private key system, both the sender and the recipient know the secret key and thus it can be less secure. Authentication and encryption key systems are incorrect because they can be either public (more secure) or private (less secure) key systems.

91. For security protection mechanisms for cryptographic data in transit, side channel attacks are possible in which of the following cryptographic services?

a. Confidentiality

b. Availability

c. Integrity

d. Labels