CISSP - Questions with Answers
Advertisement Area

1. The Secure Hash Algorithm (SHA) is specified in the:

  1. Data Encryption Standard
  2. Digital Signature Standard
  3. Digital Encryption Standard
  4. Advanced Encryption Standard

Answer: B

Hint: The correct answer is B. Answer A refers to DES, a symmetric encryption algorithm ; answer C is a distracter - there is no such term; answer D is the Advanced Encryption Standard, Which has replaced DES and is now the Rijndael algorithm.

2. What does Secure Sockets Layer (SSL) / Transaction Security Layer (TSL) do?

  1. Implements confidentiality, authentication, and integrity above the Transport Layer
  2. Implements confidentiality, authentication, and integrity below the Transport Layer
  3. Implements only confidentiality above the transport Layer
  4. Implements only confidentiality below the Transport Layer

Answer: A

Hint: The correct answer is A by definition. Answer B is incorrect because SSL/TLS operates above the Transport Layer; answer C is incorrect because authentication and integrity are provided also, and answer D is incorrect because it cites only confidentiality and SSL/TLS operates above the Transport Layer.

3. What are MD4 and MD5?

  1. Symmetric encryption algorithms
  2. Asymmetric encryption algorithms
  3. Hashing algorithms
  4. Digital certificates

Answer: C

Hint: The correct answer is C. Answer A and B are incorrect because they are general types of encryption systems, and answer D is incorrect because hashing algorithms are not digital certificates.

4. Elliptic curves, which are applied to public key cryptography, employ modular exponentiation that characterizes the:

  1. Elliptic curve discreate logarithm problem
  2. Prime factors of very large numbers
  3. Elliptic curve modular addition
  4. Knapsack problem

Answer: A

Hint: The correct answer is A, Modular exponentiation in elliptic curves is the analog of the modular discreet logarithm problem. Answer B is incorrect because prime factors are involved with RSA public key systems: answer C is incorrect because modular addition in elliptic curves is the analog of modular multiplication; and answer D is incorrect because the knapsack problem is not an elliptic curve problem.

5. Which algorithm is used in the Clipper Chip?

  1. IDEA
  2. DES
  3. SKIPJACK
  4. 3 DES

Answer: C

Hint: The correct answer is C. Answers A, B, and D are other symmetric key algorithms

6. The hashing algorithm in the Digital Signature Standard (DSS) generates a message digest of

  1. 120 bits
  2. 160 bits
  3. 56 bits
  4. 130 bits

Answer: B

7. The protocol of the Wireless Application Protocol (WAP), which performs functions similar to SSL in the TCP/IP protocol, is called the:

  1. Wireless Application Environment (WAE)
  2. Wireless Session Protocol (WSP)
  3. Wireless Transaction Protocol (WTP)
  4. Wireless Transport Layer Security Protocol (WTLS)

Answer: D

Hint: The correct answer is D. SSL performs security functions in TCP/IP. The other answers refer to protocols in the WAP protocol stack also, but their primary functions are not security.

8. A Security Parameter Index (SPI) and the identity of the security protocol(AH or ESP) are the components of:

  1. SSL
  2. IPSec
  3. S-HTTP
  4. SSH-1

Answer: B

Hint: The correct answer is B. The SPI, AH and/or ESP and the destination IP address are components of an IPSec Security Association (SA). The other answers describe protocols other than IPSec.

9. When two different keys encrypt a plaintext message into the same ciphertext, this situation is known as:

  1. Public key cryptography
  2. Cryptanalysis
  3. Key Clustering
  4. Hashing

Answer: C

Hint: The correct answer is C. Answer A describes a type of cryptographic system using a public and a private key; answer B is the art/science of breaking ciphers; answer D is the conversion of a message of variable length into a fixed-length message digest.

10. What is the result of the Exclusive Or operation, IXOR 0?

  1. 1
  2. 0
  3. Indeterminate
  4. 10

Answer: B

Hint: The correct answer is A. An XOR operation results in a 0 if the two input bits are identical and a 1 if one of the bits is a 1 and the others is a 0.

11. A block cipher:

  1. Encrypts by operating on a continuous data stream
  2. Is an asymmetric key algorithm
  3. Converts variable-length plaintext into fixed-length ciphertext
  4. Breaks a message into fixed length units for encryption

Answer: D

Hint: The correct answer is D. Answer A describes a stream cipher; answer B is incorrect because a block cipher applies to symmetric key algorithms: and answer C describes a hashing operation.

12. In most security protocols that support confidentiality, integrity, and authentication:

  1. Public key cryptography is used to create digital signatures.
  2. Private key cryptography is used to create digital signatures.
  3. DES is used to create digital signatures.
  4. Digital signatures are not implemented.

Answer: A

Hint: The correct answer is A. Answer B is incorrect because private key cryptography does not create digital signatures: answer C is incorrect because DES is a private key system and,therefore, follows the same logic as in B; and answer D is incorrect because digital signatures are implemented to obtain authentication and integrity.

13. Which of the following is an example of a symmetric key algorithm ?

  1. Rijndael
  2. RSA
  3. Diffie-Heliman
  4. Knapsack

Answer: A

Hint: The correct answer is A. The other answers are examples of asymmetric key systems.

14. Which of the following is a problem with symmetric key encryption?

  1. It is slower than asymmetric key encryption
  2. Most algorithms are kept proprietary
  3. Work factor is not a function of the secret key
  4. It provides secure distribution of the secret hey.

Answer: B

Hint: The correct answer is D. Answer A is incorrect because the opposite is true; answer B is incorrect because most symmetric key algorithms are published; and answer C is in correct because work factor is a function of the key size, The larger the key is, the larger the work factor.

15. Which of the following is an example of an asymmetric key algorithm?

  1. IDEA
  2. DES
  3. 3 DES
  4. ELLIPTIC CURVE

Answer: D

Hint: The correct answer is D. All the other answers refer to symmetric key algorithms.

16. In public key cryptography:

  1. Only the private key can encrypt, and only the public key can decrypt.
  2. Only the public key can encrypt, and only the private key can decrypt.
  3. The public key is used to encrypt and decrypt.
  4. If the public key encrypts, only the private key can decrypt.

Answer: D

Hint: The correct answer is D. Answers A and B are incorrect because if one key encrypts, the other can decrypt. Answer C is incorrect because if the public key encrypts, it cannot decrypt.

17. In a hybrid cryptographic system, usually:

  1. Public key cryptography is used for the encryption of the message.
  2. Private key cryptography is used for the encryption of the message.
  3. Neither public key nor private key cryptography is used.
  4. Digital certificates cannot be used.

Answer: B

Hint: The correct answer is B. Answer A is incorrect because public key cryptography is usually used for the encryption and transmission of the secret session key. Answer C is incorrect because both public and private key encryption are used, and answer D is incorrect because digital certificates can be used (and normally are used).

18. What is the block length of the Rijndael Cipher?

  1. 64 bits
  2. 128 bits
  3. Variable
  4. 256 bits.

Answer: C

Hint: The correct answer is C. The other answers with fixed numbers are incorrect.

19. A polyalphabetic cipher is also known as:

  1. One-time pad.
  2. Vigenere cipher
  3. Steganography
  4. Vernam cipher

Answer: B

Hint: The correct answer is B. Answer A is incorrect because a one-time pad uses a random key with a length equal to the plaintext message and is used only once. Answer C is the process of sending a message with no indication that a message even exists. Answer D is incorrect because it applies to stream ciphers that are XORed with a random key string.

20. The classic Caesar cipher is a :

  1. Polyalphabetic cipher
  2. Monoalphabetic cipher
  3. Transposition cipher
  4. Code group

Answer: B

Hint: The correct answer is B. It uses one alphabet shifted three places. Answers A and C are incorrect because in answer A, multiple alphabets are used, and in answer C, the letters of the message are transposed. Answer D is incorrect because code groups deal with words and phrases and ciphers deal with bits or letters.

21. In steganography:

  1. Private key algorithms are used.
  2. Public key algorithms are used.
  3. Both public and private key algorithms are used.
  4. The fact that the message exists is not hnown.

Answer: D

Hint: The correct answer is D. The other answers are incorrect because neither algorithm is used.

22. What is the key length of the Rijndael Cipher?

  1. 56 or 64 bits
  2. 512 bits
  3. 128, 192, or 256 bits
  4. 512 or 1024 bits

Answer: C

23. In block cipher, diffusion:

  1. Conceals the connection between the ciphertext and plaintext
  2. Spreads the influence of a plaintext character over many ciphertext characters
  3. Is usually implemented by non-linear S-boxes
  4. Cannot be accomplished

Answer: B

Hint: The correct answer is B. Answer A defines confussion; Answer C defines how confusion is accomplished; and Answer D is incorrect because it can be accomplished.

24. The NIST Advanced Encryption Standard uses the:

  1. 3DES algorithm
  2. Rijndael algorithm
  3. DES algorithm
  4. IDEA algorithm

Answer: B

Hint: The correct answer is B. By definition , the others are incorrect.

25. The modes of DES do not include:

  1. Electronic Code Book
  2. Cipher Block Chaining
  3. Variable Block Feedback
  4. Output Feed back

Answer: C

Hint: The correct answer is C. There is no such encipherment mode.

26. Which of the following is true?

  1. The work factor of triple DES is the same as for double DES.
  2. The work factor of single DES is the same as for triple DES.
  3. The work factor of double DES is the same as for single DES.
  4. No successful attacks have been reported against double DES.

Answer: C

Hint: The correct answer is C. The Meet-in-the-Middle attack has been successfully applied to double DES, and the work factor is equivalent to that of single DES, Thus, answer D is incorrect. Answer A is false because the work factor of triple DES is greater than that for double DES. In triple DES, three levels of encryption and/or decryption are applied to the message. The work factor of double DES is equivalent to the work factor of single DES. Answer B is false because the work factor of single DES is less than for triple DES.

27. The Rijndael Cipher employs a round transformation that is comprised of three layers of distinct,invertible transformations. These transformations are also defined as uniform, which means that every bit of the State is treated the same. Which of the following is NOT one of these layers?

  1. The non-linear layer, which is the parallel application of S-boxes that have the optimum worst-case non-linearity properties
  2. The liner mixing layer, which provides a guarantee of the high diffusion of multiple rounds.
  3. The key addition layer, which is an Exclusive OR of the Round Key to the intermediate State.
  4. The key inversion layer, which nprovides confusion through the multiple rounds.

Answer: D

Hint: The correct answer is D. This answer is a distracter and does not exist.

28. The Escrowed Encryption Standard describes the:

  1. Rijndael Cipher
  2. Clipper Chip
  3. Faie Public Key Cryptosytem
  4. Digital certificates

Answer: B

29. Theoretically, quantum computing offers the posibility of factoring the products of large prime numbers and calculating discreet logarithms in polynomial time. These calculations can be accomplished in such a compressed time frame because:

  1. Information can be transformed into quantum light waves that travel through fiber-optic channels. Computations can be performed on the associated data by passing the light waves through various types of optical fiilters and solid-state materials with varying indices of refraction, thus drastically increasing the throughput over conventional computations.
  2. A quantum bit in a quantum computer is actually a liner superposition of both the one and zero states and, therefor, can theoretically represent both values in parallel. This phenomenon allows computation that usually takes exponential time to be accomplished in polynomial time because different values of the binary pattern of the solution can be calculated simultaneously.
  3. A quantum computer takes advantage of quantum tunneling in molecular scale transistors.This mode permits ultra high-speed switching to take place, thus exponentially increasing the speed of computations.
  4. A quantum computer exploits the time-space relationship that changes as particles approach the speed of light. At that interface, the resistance of conducting materials effectively is zero and exponential speed computations are possible.

Answer: B

Hint: In digital computers, a bit is in either a one or zero state. In a quantum computer, through linear superposition, a quqntum bit can be in both states, essentially simultaneously. Thus, computations consisting of trail evaluations of binary patterns can take place simultaneously in exponential time. The probability of obtaining a correct result is increased through a phenomenon called constructive interference of light, while the probability of obtaining an incorrect result is decreased through destructive interference. Answer A describes optical computing that is effective in applying Fourier and other transformations to data to perform high-speed computations. Light representing large volumes of data passing through properly shaped physical objects can be subjected to mathematical transformations and recombined to provide the appropriate results. However, this mode of computation is not defined as quantum computing. Answer C and D are diversionary answers that do not describe quantum computing.

30. Which of the following characteristics does a one-time pad have it used properly?

  1. It canbe used more than once
  2. The key does not have to be random
  3. It is unbreakable
  4. The key has to be of greater length than the message to be encrypted.

Answer: C

Hint: The correct answer is C. If the one-time-pad is used only once and its corresponding key is truly random and does not have repeating characters, it is unbreakable. Answer A is incorrect because if used properly, the one-time-pad should be used only once. Answer B is incorrect because the key should be random. Answer D is incorrect because the key has to be of the same length as the message.

31. The DES key is:

  1. 128 bits
  2. 64 bits
  3. 56 bits
  4. 512 bits

Answer: C

32. In a digitally-signed message transmission using a hash function:

  1. The message digest is encrypted in the private key of the sender.
  2. The message digest is encrypted in the public key of the sender.
  3. The message is encrypted in the private key of the sender.
  4. The message is encrypted in the public key of the sender.

Answer: A

Hint: The correct answer is A. The hash function generates a message digest. The message digest is encrypted with the private key of the sender. Thus. if the message can be opened with the sender's public key that is known to all, the message must have come from the sender. The message is not encrypted with the public key because the message is usually longer than the message digest and would take more computing resources to encrypt and decrypt. Because the message digest uniquely characterizes the message, it can be used to verify the identity of the sender. Answers B and D willnot work because a message encrypted in the public key of the sender can be read only by using the private key of the sender. Because the sender is the only one who knows this key, no one else can read the message. Answer C is incorrect because the message is not encrypted; the message digest is encrypted.

33. The strength of RSA public key encryption is based on the:

  1. Diffculty in finding logarithms in a finite field
  2. Difficulty of multiplying two large prime numbers
  3. Fact that only one key is used
  4. Difficulty in finding the prime factors of very large numbers

Answer: D

Hint: The correct answer is D. Answer a applies to public key algorithm such as Diffe-Hellman and Elliptic Curve. Answer B is incorrect because it is easy to multiply two large prime numbers. Answer C refers to symmetric key encryption

34. Elliptic curve cryptosystems:

  1. Have a higher strength per bit than an RSA
  2. Have a lower strength per bit than an RSA
  3. Cannot be used to implement digital signatures
  4. Cannot be used to implement encryption

Answer: A

Hint: The correct answer is A. It is more difficult to compute curve discreet logarithms than conventional discreet logarithms or factoring. Smaller key sizes in the elliptic curve implementation can yield higher levels of security. Therefore, answer B is incorrect. Answer C and D are incorrect because elliptic curve cryptosystems can be used for digital signatures and encryption.

35. Which of the following is NOT a fundamental component of identity-Based Encryption (IBE)?

  1. Bi-linear mapping
  2. Well Pairing
  3. Multiplication of points on elliptic curve
  4. A symmetrical session key

Answer: D

Hint: IBE is based on using an arbitrary string as an individual's public key. It is based on public key cryptography; therefore, a symmetric key is not involved in the process.

Suggested Read Articles:
Contents/Index
  1. Chapter 1 (30 Questions)
  2. Chapter 2 (30 Questions)
  3. Chapter 3 (46 Questions)
  4. Chapter 4 (35 Questions)
  5. Chapter 5 (34 Questions)
  6. Chapter 6 (30 Questions)
  7. Chapter 7 (30 Questions)
  8. Chapter 8 (32 Questions)
  9. Chapter 9 (30 Questions)
  10. Chapter 10 (30 Questions)
  11. Chapter 11 (30 Questions)
  12. Chapter 12 (30 Questions)
  13. Chapter 13 (30 Questions)
  14. Chapter 14 (30 Questions)
Advertisement Area