Читаем CISSP Practice полностью

102. Cryptographic methods work effectively as a security measure for information and communication systems. To achieve that goal, cryptographic methods must meet all the following except:

a. Interoperable

b. Scalable

c. Mobile

d. Portable

102. b. Scalability means the system can be made to have more or less computational power by configuring it with a larger or smaller number of processors, amount of memory, interconnection bandwidth, number of total connections, input/output bandwidth, and amount of mass storage. Scalability is a technology or organizational issue, not a cryptography issue.

Interoperability is incorrect because it is needed in cryptography where two or more systems can interact with one another and exchange data according to a prescribed method to achieve predictable results. Mobility is incorrect because it is needed in cryptography to authenticate between local and remote systems. Portability is incorrect because it is needed in cryptography between operating systems and application systems. The other three choices are cryptography issues to deal with.

103. Which of the following provides less security?

a. SHA-1

b. SHA-224

c. SHA-256

d. SHA-384

103. a. Secure hash algorithm -1 (SHA-1), which is 160 bits, provides less security than SHA-224, SHA-256, and SHA-384. Cryptographic hash functions that compute a fixed size message digest (MD) from arbitrary size messages are widely used for many purposes in cryptography, including digital signatures. A hash function produces a short representation of a longer message. A good hash function is a one-way function: It is easy to compute the hash value from a particular input; however, backing up the process from the hash value back to the input is extremely difficult. With a good hash function, it is also extremely difficult to find two specific inputs that produce the same hash value. Because of these characteristics, hash functions are often used to determine whether data has changed.

Researchers discovered a way to “break” a number of hash algorithms, including MD4, MD5, HAVAL-128, RIPEMD, and SHA-0. New attacks on SHA-1 have indicated that SHA-1 provides less security than originally thought. Therefore, the use of SHA-1 is not recommended for generating digital signatures in new systems. New systems should use one of the larger and better hash functions, such as SHA-224, SHA-256, SHA-384, and SHA-512.

104. In symmetric cryptography, if there are four entities using encryption, how many keys are required for each relationship?

a. 4

b. 6

c. 8

d. 12

104. b. In symmetric cryptography, the same key is used for both encryption and decryption. If there are four entities such as A, B, C, and D, there are six possible relationships such as A-B, A-C, A-D, B-C, B-D, and C-D. Therefore, six keys are required. It uses the formula (n)(n–1)/2 where “n” equals the number of entities.

105. Which of the following key combinations is highly recommended to use in the triple data encryption algorithm (TDEA)?

a. Independent key 1, Independent key 2, Independent key 3

b. Independent key 1, Independent key 2, Independent key 1

c. Independent key 1, Independent key 2, Independent key 2

d. Independent key 2, Independent key 3, Independent key 3

105. a. Triple data encryption algorithm (TDEA) encrypts data in blocks of 64 bits, using three keys that define a key bundle. The use of three distinctly different (i.e., mathematically independent) keys is highly recommended because this provides the most security from TDEA; this is commonly known as three-key TDEA (3TDEA or 3TDES). The use of two-key TDEA (2TDEA or 2TDES), in which the first and third keys are identical and the second key is distinctly different, is highly discouraged. Other configurations of keys in the key bundle shall not be used.

106. For a cryptographic module, which of the following presents the correct relationships for sensitive security parameters?

a. Port security parameters plus private security parameters

b. Critical security parameters plus public security parameters

c. Data security parameters plus critical security parameters

d. Public security parameters plus program security parameters