CISSP认证考试（密码学）模拟试卷1 - 众享搜题网

登录　| 注册　| 充值

首页 > 计算机 > CISSP认证 > CISSP认证考试（密码学）模拟试卷1

There are several components involved with steganography. Which of the following refers to a file that has hidden information in it? Stego-medium Concealment cipher Carrier Payload

Which of the following correctly describes the relationship between SSL and TLS? TLS is the open-community version of SSL. SSL can be modified by developers to expand the protocol’s capabilities. TLS is a proprietary protocol, while SSL is an open-community protocol. SSL is more extensible and backward compatible with TLS.

Which of the following incorrectly describes steganography? It is a type of security through obscurity. Modifying the most significant bit is the most common method used. Steganography does not draw attention to itself like encryption does. Media files are ideal for steganographic transmission because of their large size.

Which of the following correctly describes a drawback of symmetric key systems? Computationally less intensive than asymmetric systems Work much more slowly than asymmetric systems Carry out mathematically intensive tasks Key must be delivered via secure courier

Which of the following occurs in a PK.I environment? The RA creates the certificate, and the CA signs it. The CA signs the certificate. The RA signs the certificate. The user signs the certificate.

Encryption can happen at different layers of an operating system and network stack. Where does PPTP encryption take place? Data link layer Within applications Transport layer Data link and physical layers

Which of the following correctly describes the difference between public key cryptography and public key infrastructure? Public key cryptography is the use of an asymmetric algorithm, while public key infrastructure is the use of a symmetric algorithm. Public key cryptography is used to create public/private key pairs, and public key infrastructure is used to perform key exchange and agreement. Public key cryptography provides authentication and nonrepudiation, while public key infrastructure provides confidentiality and integrity. Public key cryptography is another name for asymmetric cryptography, while public key infrastructure consists of public key cryptographic mechanisms.

Which of the following best describes Key Derivation Functions (KDFs)? Keys are generated from a master key. Session keys are generated from each other. Asymmetric cryptography is used to encrypt symmetric keys. A master key is generated from a session key.

An elliptic curve cryptosystem is an asymmetric algorithm. What sets it apart from other asymmetric algorithms? It provides digital signatures, secure key distribution, and encryption. It computes discrete logarithms in a finite field. It uses a larger percentage of resources to carry out encryption. It is more efficient.

If implemented properly, a one-time pad is a perfect encryption scheme. Which of the following incorrectly describes a requirement for implementation? The pad must be securely distributed and protected at its destination. The pad must be made up of truly random values. The pad must always be the same length. The pad must be used only one time.

Sally is responsible for key management within her organization. Which of the following incorrectly describes a principle of secure key management? Keys should be backed up or escrowed in case of emergencies. The more a key is used, the shorter its lifetime should be. Less secure data allows for a shorter key lifetime. Keys should be stored and transmitted by secure means.

Mandy needs to calculate how many keys must be generated for the 260 employees using the company’s PKI asymmetric algorithm. How many keys are required? 33,670 520 67340 260

Which of the following works similarly to stream ciphers? One-time pad AES Block RSA

There are two main types of symmetric ciphers: stream and block. Which of the following is not an attribute of a good stream cipher? Statistically unbiased keystream Statistically predictable Long periods of no repeating patterns Keystream not linearly related to key

Which of the following best describes how a digital signature is created? The sender encrypts a message digest with his private key. The sender encrypts a message digest with his public key. The receiver encrypts a message digest with his private key. The receiver encrypts a message digest with his public key.

In cryptography, different steps and algorithms provide different types of security services. Which of the following provides only authentication, nonrepudiation, and integrity? Encryption algorithm Hash algorithm Digital signature Encryption paired with a digital signature

Advanced Encryption Standard is an algorithm used for which of the following? Data integrity Bulk data encryption Key recovery Distribution of symmetric keys

SSL is a de facto protocol used for securing transactions that occur over untrusted networks. Which of the following best describes what takes place during an SSL connection setup process? The server creates a session key and encrypts it with a public key. The server creates a session key and encrypts it with a private key. The client creates a session key and encrypts it with a private key. The client creates a session key and encrypts it with a public key.

The CA is responsible for revoking certificates when necessary. Which of the following correctly describes a CRL and OSCP? The CRL was developed as a more streamlined approach to OCSP. OCSP is a protocol that submits revoked certificates to the CRL. OCSP is a protocol developed specifically to check the CRL during a certificate validation process. CRL carries out real-time validation of a certificate and reports to the OCSP.

End-to-end encryption is used by users, and link encryption is used by service providers. Which of the following correctly describes these technologies? Link encryption does not encrypt headers and trailers. Link encryption encrypts everything but data link messaging. End-io-end encryption requires headers to be decrypted at each hop. End-to-end encryption encrypts all headers and trailers.

相关试卷

CISSP认证考试模拟试卷4
CISSP认证考试模拟试卷3
CISSP认证考试模拟试卷2
CISSP认证考试模拟试卷1
CISSP认证考试（软件开发安全）模拟试卷1
CISSP认证考试（访问控制）模拟试卷1
CISSP认证考试（信息安全治理与风险管理）模拟试卷1
CISSP认证考试（通信安全与网络安全）模拟试卷1
CISSP认证考试（安全体系结构和设计）模拟试卷1
CISSP认证考试（密码学）模拟试卷1
CISSP认证考试（物理安全与环境安全）模拟试卷1
CISSP认证考试（法律、法规、调查与合规）模拟试卷1
CISSP认证考试（业务连续性和灾难恢复）模拟试卷1
CISSP认证考试（安全运营）模拟试卷1