Читаем CISSP Practice полностью

DES has been replaced by advanced encryption standard (AES) where the latter is preferred as an encryption algorithm for new products. The AES is a symmetric key encryption algorithm to protect electronic data as it is fast and strong due to its Key-Block-Round combination. The strength of DES is no longer sufficient.

131. What keys are used to create digital signatures?

a. Public-key cryptography

b. Private-key cryptography

c. Hybrid-key cryptography

d. Primary-key cryptography

131. a. Public-key cryptography has been recommended for distribution of secret keys and in support of digital signatures. Private-key cryptography has been recommended for encryption of messages and can be used for message integrity check computations. Hybrid keys combine the best of both public and private keys. Primary keys are used in database design and are not relevant here.

132. Elliptic curve systems are which of the following?

1. Asymmetric algorithms

2. Symmetric algorithms

3. Public-key systems

4. Private-key systems

a. 2 and 3

b. 1 and 3

c. 2 and 4

d. 1 and 4

132. b. Elliptic curve systems are public-key (asymmetric) cryptographic algorithms. DES is private-key (symmetric) cryptographic algorithms.

133. Data encryption standard (DES) cannot provide which of the following security services?

a. Encryption

b. Access control

c. Integrity

d. Authentication

133. d. Data encryption standard (DES) provides encryption, access control, integrity, and key management standards. It cannot provide authentication services. The DES is a cryptographic algorithm designed for access to and protection of unclassified data. Because the original “single” DES is insecure, the Triple DES should be used instead.

134. The elliptic curve system uses which of the following to create digital signatures?

a. Hash algorithm

b. Prime algorithm

c. Inversion algorithm

d. Linear algorithm

134. a. The elliptic curve systems are used to create digital signatures with a hash algorithm such as SHA-1 (160-bit key). The SHA-1 is used to generate a condensed representation of a message called a message digest. SHA-1 is a technical revision of SHA. A secure hash algorithm (SHA) is used to generate a condensed message representation called a message digest. SHA is used by PGP or GNU PGP to generate digital signatures.

135. Which of the following clearly defines end-to-end encryption?

1. Encryption at origin

2. Decryption at destination

3. Visible routing information

4. No intermediate decryption

a. 1 and 2

b. 3 and 4

c. 1, 2, and 3

d. 1, 2, 3, and 4

135. d. End-to-end encryption refers to communications encryption in which data is encrypted when being passed through a network (i.e., encryption at origin and decryption at destination) but routing information remains visible without intermediate decryption. End-to-end encryption is safe as end-to-end security in that information is safeguarded from point of origin to point of destination.

136. Which one of the following provides data integrity?

a. Cyclic redundancy checks

b. Digitized signatures

c. Passwords and PINs

d. Biometrics

136. a. A cyclic redundancy check (CRC) can be used to verify the integrity of data transmitted over a communications line. Passwords, PINs, and biometrics can be used to authenticate user identity. Digitized signatures do not provide data integrity because they are simply created by scanning a handwritten signature.

137. Symmetric key algorithms are ideally suited for which of the following?

a. Authentication

b. Integrity

c. Confidentiality

d. Nonrepudiation

137. c. Symmetric key cryptography is a class of algorithms where parties share a secret key. These algorithms are primarily used to achieve confidentiality but may also be used for authentication, integrity, and limited nonrepudiation services.

138. Which of the following is the most efficient way of handling the redundancy built into the encrypted messages in detecting transmission errors?

a. Using cyclic redundancy check (CRC) polynomial code

b. Using CRC code

c. Using Hamming code

d. Using parity bit code