A1: |
Answer: B. A cipher-text attack requires the attacker to obtain several encrypted messages that have been encrypted using the same encryption algorithm. Answer A is incorrect because a known plain-text attack requires the attacker to have the plain text and cipher text of one or more messages. Answer C is incorrect because there would be no reason to perform an attack if the information was already in clear text. Answer D is incorrect because a reply attack occurs when the attacker can intercept session keys and reuse them at a later date. |
A2: |
Answer: B. Cryptanalysis is the act of obtaining plain text from cipher text without a key. Cryptanalysis is the study of breaking encryption systems. Although it can mean obtaining the plain text from the cipher text without a key, it can also mean that the cryptosystem was cracked because someone found a weakness in the cryptosytem's implementation. Such was the case with wired equivalent privacy (WEP). Answer A is incorrect because although the cryptanalyst can use frequency analysis to aid in cracking, it is not a valid answer. Answer C is incorrect because encryption is the act of unencrypting data. Answer D is incorrect because cracking is a term used to describe criminal hackers and the art of illegally accessing source code. |
A3: |
Answer: D. A reply attack occurs when the attacker can intercept session keys and reuse them at a later date. Answer A is incorrect because a known plain-text attack requires the attacker to have the plain text and cipher text of one or more messages. Answer B is incorrect because a cipher-text attack requires the attacker to obtain several encrypted messages that have been encrypted using the same encryption algorithm. Answer C is incorrect because a man-in-the middle attack is carried out when the attacker places himself between two users. |
A4: |
Answer: C. Key management is a primary disadvantage of symmetric encryption. Answers A, B, and D are incorrect because encryption speed, key size, and key strength are not disadvantages of symmetric encryption. |
A5: |
Answer: D. RSA is an asymmetric algorithm. Answers A, B, and C are incorrect because DES, RC5, and AES are examples of symmetric algorithms. |
A6: |
Answer: B. Electronic Code Book is susceptible to known plain-text attacks because the same clear text always produces the same cipher text. Answers A, C, and D are incorrect. Because CBC, CFB, and OFB all use some form of feedback, they do not suffer from this deficiency and are considered more secure. |
A7: |
Answer: A. Each 64-bit plain-text block is separated into two 32-bit blocks and then processed by the 56-bit key. Total key size is 64 bits, but 8 bits are used for parity, thereby making 64, 96, and 128 bits incorrect. |
A8: |
Answer: C. DES-EEE2 performs the first and third encryption passes using the same key. Answers A, B, and D are incorrect: DES-EEE3 uses three different keys for encryption. HAVAL is used for hashing; it is not used by DES. DES-X is a variant of DES, with only a 56-bit key size. |
A9: |
Answer: C. Diffie-Hellman is used for key distribution, not encryption or digital signatures. Answer A is incorrect because El Gamal is used for digital signatures, data encryption, and key exchange. Answer B is incorrect because HAVAL is used for hashing. Answer D is incorrect because ECC is used for digital signatures, data encryption, and key exchange. |
A10: |
Answer: C. SHA-1 produces a 160-bit message digest. Answers A, B, and D are incorrect because MD2 and MD4 both create a 128-bit message digest, and El Gamal is not a hashing algorithm. |
The CISSP Cram Sheet
A Note from Series Editor Ed Tittel
About the Author
Acknowledgments
We Want to Hear from You!
Introduction
Self-Assessment
The CISSP Certification Exam
Physical Security
Security-Management Practices
Access-Control Systems and Methodology
System Architecture and Models
Telecommunications and Network Security
Applications and Systems-Development Security
Operations Security
Business Continuity Planning
Law, Investigations, and Ethics
Cryptography
Practice Exam 1
Answers to Practice Exam 1
Practice Exam 2
Answers to Practice Exam 2