Читаем CISSP Practice полностью

173. a. Message authentication is a process for detecting unauthorized changes made to data transmitted between users or machines or to data retrieved from storage. Message authentication keys should receive greater protection. It is the message header not the footer that identifies the receiving party of the message. There will be some delay for the messages to be transmitted and received, especially to remote, foreign destinations. Undelivered message reports may be produced at specific time intervals, not immediately.

174. What is the control technique that best achieves confidentiality of data in transfer?

a. Line encryption

b. One-time password

c. File encryption

d. End-to-end encryption

174. a. Here, the communication link from a user site to a CPU computer is encrypted to provide confidentiality. Line encryption protects data in a transfer.

One-time password is incorrect because it ensures that a particular password is used only once, in connection with a specific transaction. It is similar to the one-time key used in the encryption process. The one-time password protects data in process.

File encryption is incorrect because it protects only the file in storage, not the entire communication line where the data transfer is taking place. File encryption protects data in storage.

The end-to-end encryption is incorrect because it is applied to messages on the communication line twice, once by hardware and once by software techniques.

175. Which of the following provides both integrity and confidentiality services for data and messages?

a. Digital signatures

b. Encryption

c. Cryptographic checksums

d. Granular access control

175. b. An encryption security mechanism provides security services such as integrity, confidentiality, and authentication. The data and message integrity service helps to protect data and software on workstations, file servers, and other local-area network (LAN) components from unauthorized modification, which can be intentional or accidental.

The use of cryptographic checksums and granular access control and privilege mechanisms can provide this service. The more granular the access control or privilege mechanism, the less likely an unauthorized or accidental modification can occur.

The data and message integrity service also helps to ensure that a message is not altered, deleted, or added to in any manner during transmission. A message authentication code, which is a type of cryptographic checksum, can protect against both accidental and intentional but not against unauthorized data modification. The use of digital signatures can also be used to detect the modification of data or messages. It uses either public key or private key cryptography. A digital signature provides two distinct services: nonrepudiation and message integrity. The message authentication code can also be used to provide a digital signature capability. Nonrepudiation helps ensure that the parties or entities in a communication cannot deny having participated in all or part of the communication.

176. Which of the following independent statements is not true about security?

a. The security of the cryptography can never be greater than the security of the people using it.

b. The security of any electronic-mail program cannot be greater than the security of the machine where the encryption is performed.

c. The security of an encryption algorithm is no more or less than the security of the key.

d. The security of each electronic-mail message is encrypted with a standard, nonrandom key.

176. d. Each electronic-mail message is encrypted with its own unique key. The security program generates a random key and uses it to encrypt the message. It is true that the (i) security of the cryptography can never be greater than the security of the people using it because it is the people who make the security a success, (ii) security of any electronic-mail program cannot be greater than the security of the machine where the encryption is performed because security is an extension of the machine, and (iii) security of an encryption algorithm is no more or less than the security of the key because it assumes that the algorithm used is a good one.

177. Which of the following statements about encryption is not true?

a. Software encryption degrades system performance.

b. Hardware encryption is faster.

c. Encryption is a desirable option in a local-area network.

d. Key management is an administrative burden.