Читаем CISSP Practice полностью

138. c. As part of controls, all encrypted messages must contain some redundancy as part of the message but have no meaning to the message, such as cryptographic hash or a Hamming code, to do error detection or correction to make the attacker work harder. The redundancy should not be in the form of “n” zeros at the start or end of a message because they yield predictable results to the attacker. Hamming code is based on Hamming distance, which is the number of bit positions in which two codewords differ. The codeword contains both data and check bits. The goal is to keep the Hamming distance shorter.

The cyclic redundancy code (CRC) is also known as the polynomial code, which is based on treating bit strings as representations of polynomials with coefficients of 0 and 1 only. Checksums based on CRC are not effective in detecting errors because it yields undetected errors due to the lack of random bits in the checksums. The CRC uses an algorithm for generating error detection bits in a data link protocol. The receiving station performs the same calculation as done by the transmitting station. If the results differ, then one or more bits are in error. CRC is not a cryptographically secure mechanism unlike a cryptographic hash or message authentication code (MAC). Hence, CRC is least effective in verifying against malicious tampering of data.

The parity bit code is not as effective as the Hamming code because the former is used to detect single errors whereas the latter is used to detect both single and burst errors. Hence, the Hamming code is the most efficient way of detecting transmission errors.

139. For large volumes of data, asymmetric-key cryptography is not efficient to support which of the following?

a. Authentication

b. Confidentiality

c. Integrity

d. Nonrepudiation

139. b. Asymmetric key algorithms are used to achieve authentication, integrity, and nonrepudiation, and not to support confidentiality for handling large volumes of data efficiently. These algorithms are used to perform three operations such as digital signatures, key transport, and key agreement. Although the asymmetric key is not efficient to handle large volumes of data, it can be used to encrypt short messages, thus providing for confidentiality for short messages. The asymmetric key (public key) is an encryption system that uses a public-private key pair for encrypting/decrypting data and for generating/verifying digital signature.

140. The secure hash algorithm (SHA) and hash-based message authentication code (HMAC) provide the basis for which of the following?

a. Data integrity

b. Confidentiality

c. Authentication

d. Nonrepudiation

140. a. The secure hash algorithm (SHA) and hash-based message authentication code (HMAC) provide the basis for data integrity in electronic communications. They do not provide confidentiality and are a weak tool for authentication or nonrepudiation.

141. Which of the following is not part of public key infrastructure (PKI) data structures?

a. Public key certificate

b. Certificate revocation lists

c. Attribute certificate

d. Subject certificate

141. d. Two basic data structures are used in PKIs. These are the public key certificates and the certificate revocation lists (CRLs). A third data structure, the attribute certificate, may be used as an addendum. The certificate authority (CA) issues a public key certificate for each identity confirming that the identity has the appropriate credentials. CAs must also issue and process CRLs, which are lists of certificates that have been revoked. The X.509 attribute certificate binds attributes to an attribute certificate holder. This definition is being profiled for use in Internet applications. Subject certificate is meaningless here.

142. Which of the following is an example of asymmetric encryption algorithm?

a. DH

b. DES

c. 3DES

d. IDEA

142. a. The concept of public-key cryptography (asymmetric encryption algorithm) was introduced by Diffie-Hellman (DH) to solve the key management problem with symmetric algorithms. The other three choices are incorrect because they are examples of symmetric encryption algorithms.

143. Which of the following are examples of cryptographic hash functions?

a. SHA and 3DES

b. DES and CBC

c. MD5 and SHA-1

d. DAC and MAC