Читаем CISSP Practice полностью

151. c. Internet Protocol security (IPsec) is a protocol that operates within the Internet protocol (IP). The IP transmits and routes messages, breaks large messages into smaller sizes on one end, and reassembles them into the original message on the other end. IP accomplishes these tasks using the IP header, which is inserted at the beginning of each packet. Point-to-point tunneling protocol (PPTP) hides information in IP packets. Hypertext transfer protocol (HTTP) is a connection-oriented protocol that uses transmission control protocol (TCP) to carry Web traffic between a computer’s Web browser and the Web server being accessed. Point-to-point protocol (PPP) is used in router-to-router traffic and home user-to-ISP traffic.

152. Which one of the following encryption keys is slow?

a. Symmetric

b. Asymmetric

c. Semi-symmetric

d. Semi-asymmetric

152. b. Asymmetric keys (public keys) by definition are slow and suitable for encrypting and distributing keys and for providing authentication. On the other hand, symmetric (private keys) are faster and suitable for encrypting files and communication channels.

153. Most cryptographic attacks focus on which of the following?

a. Cryptographic keys

b. Cryptographic passwords

c. Cryptographic parameters

d. Cryptographic PINs

153. c. A cryptographic module’s critical security parameters (CSPs) contain keys, passwords, personal identification numbers (PINs), and other information. CSPs are vulnerable to attacks.

154. Which of the following symmetric key block cipher algorithms provide authentication services?

a. ECB

b. CBC

c. CBC-MAC

d. CFB

154. c. In the Advanced Encryption Standard (AES), there are five modes that can provide data confidentiality and one mode that can provide data authentication. The confidentiality modes are the Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR) modes. The authentication mode is the Cipher Block Chaining-Message Authentication Code (CBC-MAC) mode.

155. Hash-based message authentication code (HMAC) is heavily used in which of the following?

a. PPP operations

b. SET operations

c. IPsec operations

d. PPTP operations

155. c. Hash-based message authentication code (HMAC) provides message integrity and is fast and therefore heavily used in IPsec operations because of little or no overhead. It requires limited system resources to operate. HMAC uses a key in combination with the hash function to produce a message digest. It can be used with a hash function in combination with a secret key. The other three choices are not relevant here.

156. Which of the following statements is true about truncation of a message digest in cryptographic applications?

a. Smaller message digest length is applied to the data to be hashed, and the resulting digest is truncated at the rightmost bits.

b. Larger message digest length is applied to the data to be hashed, and the resulting digest is truncated at the leftmost bits.

c. Smaller message digest length is applied to the data to be hashed, and the resulting digest is truncated at the leftmost bits.

d. Larger message digest length is applied to the data to be hashed, and the resulting digest is truncated at the rightmost bits.

156. b. Some cryptographic applications may require a hash function with a message digest length different than those allowed in standards. In such cases, a truncated message digest may be used, whereby a hash function with a larger message digest length is applied to the data to be hashed, and the resulting message digest is truncated by selecting an appropriate number of the leftmost bits. The least significant bit is the rightmost bit of a bit string. The leftmost bit is the most significant bit.

157. Secure hash algorithms enable the determination of which of the following?

a. Message confidentiality

b. Message integrity

c. Message availability

d. Message identity

157. b. Secure hash algorithms (for example, SHA-224, 256,384, and 512) are used to hash a message. These algorithms enable the determination of a message’s integrity; meaning any change to the message results in a different message digest. SHA and SHA-1 should not be used because they are not secure. Message identity is a field (for example a sequence number) that may be used to identify a message.

158. Which of the following is not usually seen on a digital certificate?