Читаем CISSP Practice полностью

219. An original cryptographic key is split into “n” multiple key components using split knowledge procedure. If knowledge of “k” components is required to construct the original key, knowledge of which of the following provides no information about the original key?

a. n – 1 key components

b. k – 1 key components

c. k – n key components

d. n – k key components

219. b. This is an application of split knowledge procedure. An original cryptographic key is split into “n” multiple key components, individually providing no knowledge of the original key, which can be subsequently combined to recreate the original cryptographic key. If knowledge of “k” components is required to construct the original key, then knowledge of any k–1 key components provides no information about the original key. However, it may provide information about the length of the original key. Here, “k” is less than or equal to “n.”

220. Which of the following can mitigate threats to integrity when private key cryptography is used?

a. Message authentication code

b. Message identifier

c. Message header

d. Message trailer

220. a. When private (secret) key cryptography is used, a data (message) authentication code is generated. Typically, a code is stored or transmitted with data. When data integrity is to be verified, the code is generated on the current data and compared with the previously generated code. If the two values are equal, the integrity (i.e., authenticity) of the data is verified. Message identifier is a field that may be used to identify a message, usually a sequence number. Message header and trailer contain information about the message. The other three choices do not have the code generation and verification capabilities.

221. In a public key infrastructure (PKI) environment, finding which of the following is a major challenge in the public-key certificate’s path discovery?

a. Root certificate

b. Trust anchor

c. Cross certificate

d. Intermediate certificate

221. d. All certification paths begin with a trust anchor, include zero or more intermediate certificates, and end with the certificate that contains the user’s public key. This can be an iterative process, and finding the appropriate intermediate certificates is one of PKI’s challenges in path discovery, especially when there is more than one intermediary involved. A certificate authority (CA) generally issues a self-signed certificate called a root certificate or trust anchor; this is used by applications and protocols to validate the certificates issued by a CA. Note that CAs issue cross certificates that bind another issuer’s name to that issuer’s public key.

222. Public-key cryptographic systems are not suitable for which of the following?

a. Link encryption

b. End-to-end encryption

c. Bulk encryption

d. Session encryption

222. c. Public-key cryptographic systems have low bandwidth and hence are not suitable for bulk encryption, where the latter requires a lot of bandwidth. The other three choices are applicable for specific needs.

223. Which of the following is an example of public-key cryptographic systems?

a. MAC and DAC

b. DES and 3DES

c. RSA and IDEA

d. RSA and DSS

223. d. Public-key cryptography is particularly useful when the parties wanting to communicate cannot rely upon each other or do not share a common key (for example, Rivest-Shamir-Adelman [RSA] and digital signature standard [DSS]). Mandatory access control (MAC) and discretionary access control (DAC) are examples of access control mechanisms. Data encryption standard, DES, (56-bit key), three key triple data encryption standard, 3DES, (168-bit key), and international data encryption algorithm, IDEA, (128-bit key) are examples of private-key cryptographic systems. IDEA is another block cipher, similar to DES, and is a replacement for or an improvement over DES. IDEA is used in pretty good privacy (PGP) for data encryption.

224. Which one of the following is unlike the others?

a. Social engineering attack

b. Side-channel attack

c. Phishing attack

d. Shoulder surfing attack