Читаем CISSP Practice полностью

143. c. Both message digests 4 and 5 (MD4 and MD5) are examples of hashing algorithms. They are effective when they work with SHA-1 algorithms. Cryptographic hash functions such as MD5 and SHA-1 execute much faster and use less system resources than typical encryption algorithms. The other three choices are not relevant here.

144. Which of the following statement is true about hash functions?

a. They produce a larger message digest than the original message.

b. They produce a much smaller message digest than the original message.

c. They produce the same size message digest as the original message.

d. They produce a much larger message digest than the original message.

144. b. Hash functions produce a much smaller message digest than the original message. Encrypting them saves time and effort and improves performance.

145. Which of the following is the best technique to detect duplicate transactions?

a. ECDSA and SHA

b. ECDSA and SHA-1

c. ECDSA and MID

d. ECDSA and MD5

145. c. When the elliptic curve digital signature algorithm (ECDSA) is used with a message identifier (MID), it provides the capability of detecting duplicate transactions. The MID operates on checking the sequence number of transactions.

146. Countermeasures against replay attacks do not include which of the following?

a. Time-stamps

b. Protocols

c. Nonces

d. Kerberos

146. b. The term “protocols” is too generic to be of any use. A replay attack refers to the recording and retransmission of message packets in the network. Nonces are random numbers that are unique and fresh each time of use. Kerberos and timestamps go hand-in-hand.

147. A cryptographic module is undergoing testing. Which of the following provides the highest level of testing?

a. Algorithm level

b. Module level

c. Application level

d. Product level

147. c. The highest level of testing occurs at the application or system level. This level is also called certification testing. Algorithm level and module level are incorrect because they provide low-level testing. Product level is incorrect because it is the next higher level above algorithm and module level testing.

148. For message digests to be effectively used in digital certificates, what must they be?

a. Access-resistant

b. Authorization-resistant

c. Collision-resistant

d. Attack-resistant

148. c. Message digests are used in cryptography to verify digital signatures and to ensure data integrity. A unique user ID is determined by constructing the hash of the client’s certificate using a trusted algorithm. For the user ID to be unique, you must have reasonable certainty that another client’s certificate will not hash to the same value. This requirement is satisfied as long as the hash function is sufficiently collision-resistant.

149. A hash function is which of the following?

a. One-to-one function

b. One-to-many function

c. Many-to-one function

d. Many-to-many function

149. c. A hash function is a many-to-one function that takes an arbitrary-length-input message and constructs a fixed-length output digest.

150. Which of the following is implemented in the Version 3 of X.509 protocol?

a. SSL

b. Regular MIME

c. SHA

d. S/MIME

150. d. Secure Multipurpose Internet Mail Extensions (S/MIME) is an open standard where e-mail messages can be digitally signed. Validating the signature on the e-mail can help the recipient know with confidence who sent it and that it was not altered during transmission (i.e., nonrepudiation). Previous versions are implemented in the regular MIME. Both SSL and SHA are not relevant here.

151. Which of the following is used to encrypt the Internet Protocol (IP) packets?

a. PPTP

b. HTTP

c. IPsec

d. PPP