Cccure 03. Security Architecture and Engineering Cissp Practice Test With Answer and Explanation

Question 1
The Bell-LaPadula access control model is focused on which of the following security properties?
 It is primarily concerned with confidentiality.

 It is primarily concerned with integrity.
 It is primarily concerned with covert channels.
 It allows the users of objects to determine who may access those objects.
Correct Answer is: It is primarily concerned with confidentiality.
Details:
The correct answer is: It is primarily concerned with confidentiality
The Bell-LaPadula model focuses on data confidentiality and access to classified information
From Wikipedia:
The Bell-LaPadula model focuses on data confidentiality and access to classified information, in contrast
to the Biba Integrity Model which describes rules for the protection of data integrity.
In this formal model, the entities in an information system are divided into subjects and objects. The
notion of a "secure state " is defined, and it is proven that each state transition preserves security by
moving from secure state to secure state, thereby inductively proving that the system satisfies the
security objectives of the model. The Bell-LaPadula model is built on the concept of a state machine with
a set of allowable states in a system. The transition from one state to another state is defined by
transition functions.
A system state is defined to be "secure " if the only permitted access modes of subjects to objects are in
accordance with a security policy. To determine whether a specific access mode is allowed, the
clearance of a subject is compared to the classification of the object (more precisely, to the combination
of classification and set of compartments, making up the security level) to determine if the subject is
authorized for the specific access mode. The clearance/classification scheme is expressed in terms of a
lattice. The model defines two mandatory access control(MAC) rules and one discretionary access
control (DAC) rule with three security properties:
1. The Simple Security Property states that a subject at a given security level may not read an
object at a higher security level (no read-up).
2. The *-property (read star-property) states that a subject at a given security level must not write
to any object at a lower security level (no write-down).
3. The Discretionary Security Property uses an access matrix to specify the discretionary access
control.
The transfer of information from a high-sensitivity paragraph to a lower-sensitivity document may

happen in the Bell-LaPadula model via the concept of trusted subjects. Trusted Subjects are not
restricted by the *-property. Untrusted subjects are. Trusted Subjects must be shown to be trustworthy
with regard to the security policy.
This security model is directed toward access control and is characterized by the phrase: no read up, no
write down. Compare the Biba model, the Clark-Wilson model and the Chinese Wall.
With Bell-LaPadula, users can only create content at or above their own security level (Secret
researchers can create Secret or Top-Secret files but may not create Public files): no write-down.
Conversely, users can only view content at or below their own security level (Secret researchers can
view Public or Secret files, but may not view Top-Secret files): no read-up.
The Bell-LaPadula model explicitly defined its scope. It did not treat the following extensively:
• Covert channels. Passing information via pre-arranged actions was described briefly.
• Networks of systems. Later modeling work did address this topic.
• Policies outside multilevel security. Work in the early 1990s showed that MLS is one version of
boolean policies, as are all other published policies.
Strong * Property
The Strong * Property is an alternative to the *-property in which subjects may only write to objects
with a matching security level. Thus, the write up operation permitted in the usual *-property is not
present, only a write to same operation. The Strong * Property is usually discussed in the context of
multilevel database management systems and is motivated by integrity concerns.
This Strong * Property was anticipated in the Biba model where it was shown that strong integrity in
combination with the Bell-La Padula model resulted in reading and writing at a single level. This strong
version has proven to be of limited practical utility.
The following answers are incorrect:
It is primarily concerned with integrity. The Bell-LaPadula model focuses on data confidentiality and
access to classified information, in contrast to the Biba Integrity Model which describes rules for the
protection of data integrity.
It is primarily concerned with covert channels. The Bell-LaPadula model is explicitly defined as a
confidentiality model dealing with user clearance and object classificaton. Although there is a implicit
concern about the possibility of covert channel activity this model does not focus as extensively on
covert channels as it does with confidentiality.
It allows the users of objects to determine who may access those objects. In DAC environments, it is the
data or object owners that are permitted to specify the access and privileges other users will have, not
the users themselves.
The following reference(s) were used to create this question:

CISSP (ISC)2 Certified Information Systems Security Professional OFFICIAL study guide, Seventh Edition
Page 282 or Kindle Location 8087
Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ((ISC)2 Press) Kindle location 7981
Shon Harris, CISSP All In One (AIO), 6th Edition , pp 369-372.
Wikipedia - http://en.wikipedia.org/wiki/Bell-LaPadula_model
NOTE: This model, affectionately referred to as TCSEC - "the Orange Book ", has been re-introduced into
the DOD library as one of the 5200 series of documents. (DoD 5200.28-STD - DEPARTMENT OF DEFENSE
TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA -- Supersedes CSC-STD-00l-83, dated l5 Aug 83)
Question 2
The Orange Book describes four hierarchical levels to categorize security systems. Which of the
following levels below require mandatory protection?
• A and B.
• B and C.
• A, B, and C.
• B and D.
Correct Answer is: A and B.
Details:
The correct answer is: A and B.
Level B is the first to require Mandatory Protection. Because the higher levels also inherit the
requirements of all lower levels, level A also requires Mandatory Protection.
B and C. Is incorrect because Mandatory Protection is not required until level B, Level C is a lower level.
A, B, and C. Is incorrect because Mandatory Protection is not required until level B, Level C is a lower
level.
B and D. Is incorrect because Mandatory Protection is not required until level B, Level D is a lower level.
One of the first accpted evaluation standards was the Trusted Computer Security Evaluation Criteria or
TCSEC.
The Orange Book was part of this standard that defines four security divisions consisting of seven
different classes for security ratings.
The lowest class offering the least protection is D - Minimal protection.
The highest classification would be A1 offering the most secure environment.
As you go to the next division and class you inherit the requirements of the lower levels. So, for example
C2 would also incorporate the requirements for C1 and D.
The divisions and classes are:
D Minimal protection
C Discretionary protection
C1 Discretionary Security Protection
C2 Controlled Access Protection
B Mandatory Protection
B1 Labeled Security
B2 Structured Protection
B3 Security Domains
A Verified Protection
A1 Verified Design
Wikipedia: "TCSEC was replaced with the development of the Common Criteria international standard
originally published in 2005. "
The following reference(s) was used to create this question:
CISSP (ISC)2 Certified Information Systems Security Professional OFFICIAL study guide, Seventh Edition
Page 291 or Kindle Location 24952
Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ((ISC)2 Press) Kindle location 8253 or Page 357-361.
Wikipedia - http://en.wikipedia.org/wiki/TCSEC#Divisions_and_Classes
Question 3
Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What
does this mean?
 System functions are layered, and none of the functions in a given layer can access data outside that
layer.
 Auditing processes and their memory addresses cannot be accessed by user processes.
 Only security processes are allowed to write to ring zero memory.
 It is a form of strong encryption cipher.
Correct Answer is: System functions are layered, and none of the functions in a given layer can access
data outside that layer.
Details:
The correct answer is: System functions are layered, and none of the functions in a given layer can
access data outside that layer.
Data Hiding is protecting data so that it is only available to higher levels this is done and is also
performed by layering, when the software in each layer maintains its own global data and does not
directly reference data outside its layers.
In Level B3 it states that:
The TCB shall be designed and structured to use a complete, conceptually simple protection mechanism
with precisely defined semantics. This mechanism shall play a central role in enforcing the internal
structuring of the TCB and the system.
The TCB shall incorporate significant use of layering, abstraction and data hiding.
Significant system engineering shall be directed toward minimizing the complexity of the TCB and
excluding from the TCB modules that are not protection-critical.
This would also be a requirement for Level A1.
Auditing processes and their memory addresses cannot be accessed by user processes. Is incorrect
because this does not offer data hiding.
Only security processes are allowed to write to ring zero memory. This is incorrect, the security kernel
would be responsible for this.
It is a form of strong encryption cipher. Is incorrect because this does not conform to the definition of
data hiding. To be more precise encrypting data is not the concept of data hiding within layers in the
TCSEC B3 model.
The following reference(s) were used for this question:
SYBEX CISSP (ISC)2 Certified Information Systems Security Professional OFFICIAL study guide, Seventh
Edition Page 366 or Kindle Location 10265
NIST http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt
Question 4
Which Orange Book evaluation level is described as "Verified Design"?
• A1.
• B3.
• B2.
• B1.
Correct Answer is: A1.
Details:
The correct answer is: A1.
Level A1 is described as Verified Design.
B3. This is incorrect because level B3 is described as Security Domains.
B2. This is incorrect because level B2 is described as Structured Protection.
B1. This is incorrect because level B1 is described as Labeled Security.

Question contributed by: Sarang Chalikwar
Email or CCCure Nickname of question author:
Question reviewed by: Clement Dupuis
Question comments submitted by:
One of the first accpted evaluation standards was the Trusted Computer Security Evaluation Criteria or
TCSEC. TheOrange Book was part of this standard that defines four security divisions consisting of seven
different classes for security ratings. The lowest class offering the least protection is D - Minimal
protection. The highest classification would be A1 offering the most secure environment. As you go to
the next division and class you inherit the requirements of the lower levels. So, for example C2 would
also incorporate the requirements for C1 and D.
The divisions and classes are:
D Minimal protection
C Discretionary protection
C1 Discretionary Security Protection
C2 Controlled Access Protection
B Mandatory Protection
B1 Labeled Security
B2 Structured Protection
B3 Security Domains
A Verified Protection
A1 Verified Design
References:
AIOv3 Security Models and Architecture (pages 302 - 306)
NIST http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt
Question 5
The DES algorithm is an example of what type of cryptography?
• Secret Key
• Two-key
• Asymmetric Key
• Public Key
Correct Answer is: Secret Key
Details:
The correct answer is: Secret Key.
DES is also known as a Symmetric Key or Secret Key algorithm.
DES is a Symmetric Key algorithm, meaning the same key is used for encryption and decryption.
For the exam remember that:
DES key Sequence is 8 Bytes or 64 bits (8 x 8 = 64 bits)
DES has an Effective key length of only 56 Bits. 8 of the Bits are used for parity purpose only.
DES has a total key length of 64 Bits.
Two-key This is incorrect because DES uses the same key for encryption and decryption.
Asymmetric Key This is incorrect because DES is a Symmetric Key algorithm using the same key for
encryption and decryption and an Asymmetric Key algorithm uses both a Public Key and a Private Key.
Public Key. This is incorrect because Public Key or algorithm Asymmetric Key does not use the same key
is used for encryption and decryption.
http://en.wikipedia.org/wiki/Data_Encryption_Standard
Question 6
Which of the following encryption methods is known to be unbreakable?
• Symmetric ciphers.
• DES codebooks.
• One-time pads.
• Elliptic Curve Cryptography.
Correct Answer is: One-time pads.
Details:
The correct answer is: One-time pads.
A One-Time Pad uses a keystream string of bits that is generated completely at random that is used only
once. Because it is used only once it is considered unbreakable.
Symmetric ciphers. This is incorrect because a Symmetric Cipher is created by substitution and
transposition. They can and have been broken
DES codebooks. This is incorrect because Data Encryption Standard (DES) has been broken, it was
replaced by Advanced Encryption Standard (AES).
Elliptic Curve Cryptography. This is incorrect because Elliptic Curve Cryptography or ECC is typically used
on wireless devices such as cellular phones that have small processors. Because of the lack of processing
power the keys used at often small. The smaller the key, the easier it is considered to be breakable. Also,
the technology has not been around long enough or tested thourough enough to be considered truly
unbreakable.
Edition Page 205 or Kindle Location 6171.
AIOv3 Cryptography (pages 599; 622; 638)
Question 4
The RSA algorithm is an example of what type of cryptography?
• Private Key.
• Asymmetric Key.
• Secret Key.
• Symmetric Key.
Correct Answer is: Asymmetric Key.
Details:
The correct answer is: Asymmetric Key.
An Asymmetric Key is another name for Public Key, RSA is a Public Key cryptographic system.
The following answers are incorrect.
Symmetric Key. Is incorrect because RSA is a Public Key or a Asymmetric Key cryptographic system and
not a Symmetric Key or a Secret Key cryptographic system.
Secret Key. Is incorrect because RSA is a Public Key or a Asymmetric Key cryptographic system and not a
Secret Key or a Symmetric Key cryptographic system.
Private Key. Is incorrect because Private Key is just one part if an Asymmetric Key cryptographic system,
a Private Key used alone is also called a Symmetric Key cryptographic system.
OIG CBK Cryptography (pages 254 - 258)
AIOv3 Cryptography (pages 634 - 638)
RSA is a public key cryptographic system that may be used for encryption and authentication. With this
type of cryptographic system each user has a public key and a private key.
Question 6
Which of the following encryption methods is known to be unbreakable?
• Elliptic Curve Cryptography.
• DES codebooks.
• Symmetric ciphers.
• One-time pads.
Correct Answer is: One-time pads.
Details:
The correct answer is: One-time pads.
A One-Time Pad uses a keystream string of bits that is generated completely at random that is used only
once. Because it is used only once it is considered unbreakable.
Symmetric ciphers. This is incorrect because a Symmetric Cipher is created by substitution and
transposition. They can and have been broken
DES codebooks. This is incorrect because Data Encryption Standard (DES) has been broken, it was
replaced by Advanced Encryption Standard (AES).
Elliptic Curve Cryptography. This is incorrect because Elliptic Curve Cryptography or ECC is typically used
on wireless devices such as cellular phones that have small processors. Because of the lack of processing
power the keys used at often small. The smaller the key, the easier it is considered to be breakable. Also,
the technology has not been around long enough or tested thourough enough to be considered truly
unbreakable.
AIOv3 Cryptography (pages 599; 622; 638)

Question 7
What algorithm was DES derived from?
• Twofish.
• Brooks-Aldeman.
• Lucifer.
• Skipjack.
Correct Answer is: Lucifer.
Details:
The correct answer is: Lucifer.
NSA took the 128-bit algorithm Lucifer that IBM developed, reduced the key size to 64 bits and with that
developed DES.
Twofish. This is incorrect because Twofish is related to Blowfish as a possible replacement for DES.
Skipjack. This is incorrect, Skipjack was developed after DES by the NSA .
Brooks-Aldeman. This is incorrect because this is a distractor, no algorithm exists with this name.

DES is a Symmetric Key algorithm, meaning the same key is used for encryption and decryption.
In 1974, IBM’s 128- bit algorithm, named Lucifer, was submitted and accepted. The NSA modified this
algorithm to use a key size of 64 bits (8 bits used for parity, resulting in an effective key length of 56 bits)
instead of the original 128 bits, and named it the Data Encryption Algorithm (DEA). DEA is the algorithm
DES uses.
References:
AIOv3 Cryptography (page 622)
Wikipedia: http://en.wikipedia.org/wiki/Skipjack_%28cipher%29 ; http://en.wikipedia.org/wiki/Twofish
Question 8
What is a characteristic of using the Electronic Code Book mode of DES encryption?
• Individual characters are encoded by combining output from earlier encryption routines with
plaintext.
• The previous DES output is used as input.
• A given block of plaintext and a given key will always produce the same ciphertext.
• Repetitive encryption obscures any repeated patterns that may have been present in the
plaintext.
Correct Answer is: A given block of plaintext and a given key will always produce the same ciphertext.
Details:
The correct answer is: A given block of plaintext and a given key will always produce the same
ciphertext.
A given message and key always produce the same ciphertext.

When DES is used to encrypt a message that contains more than 64 bits of data it would start at the
beginning of the plaintext file, processing 64 bits at a time until the end of the file was reached. Padding
may be used to complete the last block. This is the same process for encrypting or decrypting the file.
Each block processed uses the same key, a given 64 bit block of plaintext always produces the same
ciphertext and a given message and key always produce the same ciphertext when DES is used in Code
Book Mode.
Repetitive encryption obscures any repeated patterns that may have been present in the plaintext. Is
incorrect because with Electronic Code Book a given 64 bit block of plaintext always produces the same
ciphertext
Individual characters are encoded by combining output from earlier encryption routines with
plaintext.This is incorrect because with Electronic Code Book processing 64 bits at a time until the end of
the file was reached. This is a characteristic of Cipher Feedback. Cipher Feedback the ciphertext is run
through a key-generating device to create the key for the next block of plaintext.
The previous DES output is used as input. Is incorrect because This is incorrect because with Electronic
Code Book processing 64 bits at a time until the end of the file was reached . This is a characteristic of
Cipher Block Chaining. Cipher Block Chaining uses the output from the previous block to encrypt the
next block.
CISSP Official Study Book, Seventh edition - Location 6464 to location 6496
Question 9
Where parties do not have a shared secret and large quantities of sensitive information must be passed,
the most efficient means of transferring information is to use Hybrid Encryption Methods. What does
this mean?
• Use of the recipient's public key for encryption and decryption based on the recipient's private
key.
• Use of elliptic curve encryption.
• Use of software encryption assisted by a hardware encryption accelerator.
• Use of public key encryption to secure a secret key, and message encryption using the secret
key.
Correct Answer is: Use of public key encryption to secure a secret key, and message encryption using the
secret key.
Details:
The correct answer is: Use of public key encryption to secure a secret key, and message encryption using
the secret key.
A Public Key is also known as an asymmetric algorithm and the use of a secret key would be a symmetric
algorithm.
Use of the recipient's public key for encryption and decryption based on the recipient's private key. Is
incorrect this would be known as an asymmetric algorithm.
Use of software encryption assisted by a hardware encryption accelerator. This is incorrect, it is a

distractor.
Use of Elliptic Curve Encryption. Is incorrect this would use an asymmetric algorithm.
Hybrid Encryption Methods are when Asymmetric and Symmetric Algorithms used together. In the
hybrid approach, the two technologies are used in a complementary manner, with each performing a
different function. A symmetricalgorithm creates keys that are used for encrypting bulk data, and an
asymmetric algorithm creates keys that are used for automated key distribution.
References:
AIOv3 Cryptography (Pages 617, 638)
Question 10
Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts
information using the intended recipient's "public " key in order to get confidentiality of the data being
sent. The recipients use their own "private " key to decrypt the information. The "Infrastructure " of
this methodology ensures that:
• The sender and recipient have reached a mutual agreement on the encryption key exchange
that they will use.
• The sender of the message is the only other person with access to the recipient's private key.
• Only the recipient with the proper matching key will get access to decrypt the message
• The channels through which the information flows are secure.
Correct Answer is: Only the recipient with the proper matching key will get access to decrypt the
message
Details:
The correct answer is: Only the recipient with the proper matching key will get access to decrypt the
message.
The recipient's identity can be positively verified by the sender because only the recipient with the
proper matching key will be able to decrypt the message and get access.
Through the use of Public Key Infrastructure (PKI) the recipient's identity can be positively verified by the
sender.
The sender of the message knows he's using a Public Key that belongs to a specific user. He can validate
through the Certification Authority (CA) that a public key is in fact the valid public key of the receiver and
the receiver is really who he claims to be. By using the public key of the recipient, only the recipient
using the matching private key will be able to decrypt the message. When you wish to achieve
confidentiality, you encrypt the message with the recipient public key.
If the sender would wish to prove to the recipient that he is really who he claims to be then the sender
would apply a digital signature on the message before encrypting it with the public key of the receiver.
This would provide Confidentiality and Authenticity of the message.
A PKI (Public Key Infrastructure) enables users of an insecure public network, such as the Internet, to
securely and privately exchange data through the use of public key-pairs that are obtained and shared
through a trusted authority, usually referred to as a Certificate Authority.
The PKI provides for digital certificates that can vouch for the identity of individuals or organizations,
and for directory services that can store, and when necessary, revoke those digital certificates. A PKI is
the underlying technology that addresses the issue of trust in a normally untrusted environment.
The sender and recipient have reached a mutual agreement on the encryption key exchange that they
will use. Is incorrect because through the use of Public Key Infrastructure (PKI), the parties do not have
to have a mutual agreement. They have a trusted 3rd party Certificate Authority to perform the
verification of the sender.
The channels through which the information flows are secure. Is incorrect because the use of Public Key
Infrastructure (PKI) does nothing to secure the channels.
The sender of the message is the only other person with access to the recipient's private key. Is incorrect
because the sender does not have access to the recipient's private key though Public Key Infrastructure
(PKI).

Edition Page 242 & 243 or Kindle Location 7137.
Question 11
Which of the following would assist the most in Host Based intrusion detection?
• security clearances.
• host-based authentication.
• audit trails.
• access control lists.
Correct Answer is: audit trails.
Details:
The correct answer is: audit trails.
To assist in Intrusion Detection you would review audit logs for access violations.
access control lists. This is incorrect because access control lists determine who has access to what but
do notdetect intrusions.
security clearances. This is incorrect because security clearances determine who has access to what but
do notdetect intrusions.
host-based authentication. This is incorrect because host-based authentication determine who have
been authenticated to the system but do not dectect intrusions.

Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ((ISC)2 Press) Kindle location 8540 and 21737
Intrusion Detection attempts to identify and isolate computer and network attacks by observing network
logs or other audit data.
Audit trails maintain a record of system activity both by system and application processes and by user
activity of systems and applications. In conjunction with appropriate tools and procedures, audit trails
can assist in detecting security violations, performance problems, and flaws in applications.
Intrusion detection refers to the process of identifying attempts to penetrate a system and gain
unauthorized access. If audit trails have been designed and implemented to record appropriate
information, they can assist in intrusion detection. Although normally thought of as a real-time effort,
intrusions can be detected in real time, by examining audit records as they are created (or through the
use of other kinds of warning flags/notices), or after the fact (e.g., by examining audit records in a batch
process).
Real-time intrusion detection is primarily aimed at outsiders attempting to gain unauthorized access to
the system. It may also be used to detect changes in the system's performance indicative of, for
example, a virus or worm attack (forms of malicious code). There may be difficulties in implementing
real-time auditing, including unacceptable system performance.
After-the-fact identification may indicate that unauthorized access was attempted (or was successful).
Attention can then be given to damage assessment or reviewing controls that were attacked.
Source: NIST ITL Security Bulletin: March 1997: audit trails.
References:
OIG CBK Access Control (pages 120 - 121 ; 207)
Question 12
The major objective of system configuration management is which of the following?
• system tracking.
• system operations.
• system stability.
• system maintenance.
Correct Answer is: system stability.
Details:
The correct answer is: system stability.
A major objective with Configuration Management is stability. The changes to the system are controlled
so that they don't lead to weaknesses or faults in th system.
system maintenance. Is incorrect because it is not the best answer. Configuration Management does
control the changes to the system but it is not as important as the overall stability of the system.
system operations. Is incorrect because it is not the best answer, the overall stability of the system is
much moreimportant.
system tracking. Is incorrect because while tracking changes is important, it is not the best answer. The
overall stability of the system is much more important.

The OIG defines Configuration Management as: The use of procedures appropriate for controlling
changes to a system s hardware, software, or firmware structure to ensure that such changes will not
lead to a weakness or fault in the system.
Question 13
Who developed one of the first mathematical models of a multilevel-security computer system?
• Gasser and Lipner.
• Diffie and Hellman.
• Clark and Wilson.
• Bell and LaPadula.
Correct Answer is: Bell and LaPadula.
Details:
The correct answer is: Bell and LaPadula.
In 1973 Bell and LaPadula created the first mathematical model of a multi-level security system.
Diffie and Hellman. This is incorrect because Diffie and Hellman was involved with cryptography.
Clark and Wilson. This is incorrect because Bell and LaPadula was the first model. The Clark-Wilson
model came later, 1987.
Gasser and Lipner. This is incorrect, it is a distractor. Bell and LaPadula was the first model.
Question 14
An architecture where there are more than two execution domains or privilege levels is called:
• Security Models
• Network Environment.
• Ring Architecture.
• Ring Layering
Correct Answer is: Ring Architecture.
Details:
The correct answer is: Ring Architecture.

In computer science, hierarchical protection domains, often called protection rings, are a mechanism to
protect data and functionality from faults (fault tolerance) and malicious behavior (computer security).
This approach is diametrically opposite to that of capability-based security.
Computer operating systems provide different levels of access to resources. A protection ring is one of
two or more hierarchical levels or layers of privilege within the architecture of a computer system. This
is generally hardware-enforced by some CPU architectures that provide different CPU modes at the
hardware or microcode level. Rings are arranged in a hierarchy from most privileged (most trusted,
usually numbered zero) to least privileged (least trusted, usually with the highest ring number). On most
operating systems, Ring 0 is the level with the most privileges and interacts most directly with the
physical hardware such as the CPU and memory.
Special gates between rings are provided to allow an outer ring to access an inner ring's resources in a
predefined manner, as opposed to allowing arbitrary usage. Correctly gating access between rings can
improve security by preventing programs from one ring or privilege level from misusing resources
intended for programs in another. For example, spyware running as a user program in Ring 3 should be
prevented from turning on a web camera without informing the user, since hardware access should be a
Ring 1 function reserved for device drivers. Programs such as web browsers running in higher numbered
rings must request access to the network, a resource restricted to a lower numbered ring.
All of the other answers are incorrect because they are detractors.
Edition Page 319 & 320 or Kindle Location 8991 &9021.
https://en.wikipedia.org/wiki/Ring_%28computer_security%29
Question 15
Which of the following statements is true about data encryption as a method of protecting data?
• It should sometimes be used for password files
• It requires careful key management
• It makes few demands on system resources
• It is usually easily administered

Correct Answer is: It requires careful key management
Details:
The correct answer is: "It requires careful key management. "
In cryptography, you always assume the "bad guy " has the encryption algorithm (indeed, many
algorithms such as DES, Triple DES, AES, etc. are public domain). What the bad guy lacks is the key used
to complete that algorithm and encrypt/decrypt information. Therefore, protection of the key,
controlled distribution, scheduled key change, timely destruction, and several other factors require
careful consideration. All of these factors are covered under the umbrella term of "key management ".
Another significant consideration is the case of "data encryption as a method of protecting data " as the
question states. If that data is to be stored over a long period of time (such as on backup), you must
ensure that your key management scheme stores old keys for as long as they will be needed to decrypt
the information they encrypted.
The other answers are not correct because:
"It should sometimes be used for password files. " - Encryption is often used to encrypt passwords
stored withinpassword files, but it is not typically effective for the password file itself. On most systems,
if a user cannot access the contents of a password file, they cannot authenticate. Encrypting the entire
file prevents that access.
"It is usually easily administered. " - Developments over the last several years have made cryptography
significantly easier to manage and administer. But it remains a significant challenge. This is not a good
answer.
"It makes few demands on system resources. " - Cryptography is, essentially, a large complex
mathematical algorithm. In order to encrypt and decrypt information, the system must perform this
algorithm hundreds, thousands, or even millions/billions/trillions of times. This becomes system
resource intensive, making this a very bad answer.
Edition Page 246 & 247 or Kindle Location 7228 & 7257.
Question 16
Which type of algorithm is considered to have the highest strength per bit of key length of any of the
asymmetric algorithms?
• El Gamal
• Rivest, Shamir, Adleman (RSA)
• Elliptic Curve Cryptography (ECC)
• Advanced Encryption Standard (AES)
Correct Answer is: Elliptic Curve Cryptography (ECC)
Details:
The correct answer is: "Elliptic Curve Cryptography (ECC) ".
This type of cryptography is based on the complex mathematics of elliptic curves.
This algorithm is advantageous for it's speed and strength.
"Rivest, Shamir, Adleman (RSA) " is incorrect because RSA is a "traditional " asymmetric algorithm. While
it is reasonably strong, it is not considered to be as strong as ECC based systems.
"El Gamal " is incorrect because it is also a "traditional " asymmetric algorithm and not considered as
strong as ECC based systems.
"Advanced Encryption Standard (AES) " is incorrect because the question asks specifically about
asymmetric algorithms and AES is a symmetric algorithm.

Question 17
How many bits is the effective length of the key of the Data Encryption Standard algorithm?
• 64
• 128
• 56
• 168
Correct Answer is: 56
Details:
The correct answer is "56 ". This is actually a bit of a trick question, since the actual key length is 64 bits.
However, every eighth bit is ignored because it is used for parity. This makes the "effective length of the
key " that the question actually asks for 56 bits.
168 - This is the number of effective bits in Triple DES (56 times 3).
128 - Many encryption algorithms use 128 bit key, but not DES. Note that you may see 128 bit
encryption referred to as "military strength encryption " because many military systems use key of this
length.
64 - This is the actual length of a DES encryption key, but not the "effective length " of the DES key.
Question 18
The primary purpose for using one-way hashing of user passwords within a password file is which of the
following?
• It minimizes the amount of storage required for user passwords.
• It minimizes the amount of processing time used for encrypting passwords.
• It prevents an unauthorized person from trying multiple passwords in one logon attempt.
• It prevents an unauthorized person from reading the password.
Correct Answer is: It prevents an unauthorized person from reading the password.
Details:
The correct answer is: It prevents an unauthorized person from reading the password
The whole idea behind a one-way hash is that it should be just that - one-way. In other words, an
attacker should not be able to figure out your password from the hashed version of that password in any
mathematically feasible way (or within any reasonable length of time).
Password Hashing and Encryption
In most situations , if an attacker sniffs your password from the network wire, she still has some work to
do before she actually knows your password value because most systems hash the password with a
hashing algorithm, commonly MD4 or MD5, to ensure passwords are not sent in cleartext.
Although some people think the world is run by Microsoft, other types of operating systems are out
there, such as Unix and Linux. These systems do not use registries and SAM databases, but contain their
user passwords in a file cleverly called shadow. Now, this shadow file does not contain passwords in
cleartext; instead, your password is run through a hashing algorithm, and the resulting value is stored in
this file.
Unixtype systems zest things up by using salts in this process. Salts are random values added to the
encryption process to add more complexity and randomness. The more randomness entered into the
encryption process, the harder it is for the bad guy to decrypt and uncover your password. The use of a
salt means that the same password can be encrypted into several thousand different formats. This
makes it much more difficult for an attacker to uncover the right format for your system.
Password Cracking tools
Note that the use of one-way hashes for passwords does not prevent password crackers from guessing
passwords. A password cracker runs a plain-text string through the same one-way hash algorithm used
by the system to generate a hash, then compares that generated has with the one stored on the system.
If they match, the password cracker has guessed your password.
This is very much the same process used to authenticate you to a system via a password. When you type
your username and password, the system hashes the password you typed and compares that generated
hash against the one stored on the system - if they match, you are authenticated.
Pre-Computed password tables exists today and they allow you to crack passwords on Lan Manager
(LM) within a VERY short period of time through the use of Rainbow Tables. A Rainbow Table is a
precomputed table for reversing cryptographic hash functions, usually for cracking password hashes.
Tables are usually used in recovering a plaintextpassword up to a certain length consisting of a limited
set of characters. It is a practical example of a space/time trade-off also called a Time-Memory trade off,
using more computer processing time at the cost of less storage when calculating a hash on every
attempt, or less processing time and more storage when compared to a simple lookup table with one
entry per hash. Use of a key derivation function that employs a salt makes this attack unfeasible.
You may want to review "Rainbow Tables " at the links:
http://en.wikipedia.org/wiki/Rainbow_table
http://www.antsight.com/zsl/rainbowcrack/
Today's password crackers:
Meet oclHashcat. They are GPGPU-based multi-hash cracker using a brute-force attack (implemented as
mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.
This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite, both very well-known
suites at that time, but now deprecated. There also existed a now very old oclHashcat GPU cracker that
was replaced w/ plus and lite, which - as said - were then merged into oclHashcat 1.00 again.
This cracker can crack Hashes of NTLM Version 2 up to 8 characters in less than a few hours. It is
definitively a game changer. It can try hundreds of billions of tries per seconds on a very large cluster of
GPU's. It supports up to 128 Video Cards at once.
I am stuck using Password what can I do to better protect myself?
You could look at safer alternative such as Bcrypt, PBKDF2, and Scrypt.
bcrypt is a key derivation function for passwords designed by Niels Provos and David Mazi res, based on
the Blowfishcipher, and presented at USENIX in 1999. Besides incorporating a salt to protect against
rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to
make it slower, so it remains resistant to brute-force search attacks even with increasing computation
power.
In cryptography, scrypt is a password-based key derivation function created by Colin Percival, originally
for the Tarsnap online backup service. The algorithm was specifically designed to make it costly to
perform large-scale custom hardware attacks by requiring large amounts of memory. In 2012, the scrypt
algorithm was published by the IETF as an Internet Draft, intended to become an informational RFC,
which has since expired. A simplified version of scrypt is used as a proof-of-work scheme by a number of
cryptocurrencies, such as Litecoin and Dogecoin.
PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function that is part of RSA
Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0, also published
as Internet Engineering Task Force's RFC 2898. It replaces an earlier standard, PBKDF1, which could only
produce derived keys up to 160 bits long.
PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input
password or passphrase along with a salt value and repeats the process many times to produce a
derived key, which can then be used as a cryptographic key in subsequent operations. The added
computational work makes password crackingmuch more difficult, and is known as key stretching. When
the standard was written in 2000, the recommended minimum number of iterations was 1000, but the
parameter is intended to be increased over time as CPU speeds increase. Having a salt added to the
password reduces the ability to use precomputed hashes (rainbow tables) for attacks, and means that
multiple passwords have to be tested individually, not all at once. The standard recommends a salt
length of at least 64 bits.
The other answers are incorrect:
"It prevents an unauthorized person from trying multiple passwords in one logon attempt. " is incorrect
because the fact that a password has been hashed does not prevent this type of brute force password
guessing attempt.
"It minimizes the amount of storage required for user passwords " is incorrect because hash algorithms
always generate the same number of bits, regardless of the length of the input. Therefore, even short
passwords will still result in a longer hash and not minimize storage requirements.
"It minimizes the amount of processing time used for encrypting passwords " is incorrect because the
processing time to encrypt a password would be basically the same required to produce a one-way has
of the same password.

Question 19
Which of the following issues is not addressed by digital signatures?
• denial-of-service
• authentication
• data integrity
• nonrepudiation
Correct Answer is: denial-of-service
Details:
The correct answer is: Denial-of-service
A digital signature directly addresses both authentication and integrity of the CIA triad. It does not
directly address availability, which is what denial-of-service attacks would affect.
"nonrepudiation " is not correct because a digital signature does provide for nonrepudiation.
"authentication " is not correct because a digital signature can be used as an authentication mechanism
"data integrity " is not correct because a digital signature does verify data integrity (as part of
nonrepudiation)
Question 20
Brute force attacks against encryption keys have increased in potency because of increased computing
power. Which of the following is often considered a good protection against the brute force
cryptography attack where it would make such attack a lot less affective?
• The use of good key generators.
• The use of session keys.
• Nothing can defend you against a brute force crypto key attack.
• Algorithms that are immune to brute force key attacks.
Correct Answer is: The use of session keys.
Details:
The correct answer is "The use of session keys ".
If we assume a crytpo-system with a large key (and therefore a large key space) a brute force attack will
likely take a good deal of time - anywhere from several hours to several years depending on a number of
variables. If you use a session key for each message you encrypt, then the brute force attack provides
the attacker with only the key for that one message. So, if you are encrypting 10 messages a day, each
with a different session key, but it takes me a month to break each session key then I am fighting a
loosing battle.
"The use of good key generators " is not correct because a brute force key attack will eventually run
through all possible combinations of key. Therefore, any key will eventually be broken in this manner
given enough time.
"Nothing can defend you against a brute force crypto key attack " is incorrect, and not the best answer
listed. While it is technically true that any key will eventually be broken by a brute force attack, the
question remains "how long will it take? ". In other words, if you encrypt something today but I can't
read it for 10,000 years, will you still care? If the key is changed every session does it matter if it can be
broken after the session has ended? Of the answers listed here, session keys are "often considered a
good protection against the brute force cryptography attack " as the question asks.
"Algorithms that are immune to brute force key attacks " is incorrect because there currently are no
such algorithms.
Official ISC2 Guide page: 259
All in One Third Edition page: 623
Question 21
The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?
• 56 bits of data input results in 56 bits of encrypted output
• 64 bit blocks with a 64 bit total key length
• 64 bits of data input results in 56 bits of encrypted output
• 128 bit key with 8 bits used for parity
Correct Answer is: 64 bit blocks with a 64 bit total key length
Details:
The correct answer is: "64 bit blocks with a 64 bit total key length ".
DES works with 64 bit blocks of text using a 64 bit key (with 8 bits used for parity, so the effective key
length is 56 bits).
Some people are getting the Key Size and the Block Size mixed up. The block size is usually a specific
length. For example DES uses block size of 64 bits which results in 64 bits of encrypted data for each
block. AES uses a block size of 128 bits, the block size on AES can only be 128 as per the published
standard FIPS-197.
A DES key consists of 64 binary digits ( "0 "s or "1 "s) of which 56 bits are randomly generated and used
directly by the algorithm. The other 8 bits, which are not used by the algorithm, may be used for error
detection. The 8 error detecting bits are set to make the parity of each 8-bit byte of the key odd, i.e.,
there is an odd number of "1 "s in each 8-bit byte1. Authorized users of encrypted computer data must
have the key that was used to encipher the data in order to decrypt it.
IN CONTRAST WITH AES
The input and output for the AES algorithm each consist of sequences of 128 bits (digits with values of 0
or 1). These sequences will sometimes be referred to as blocks and the number of bits they contain will
be referred to as their length. The Cipher Key for the AES algorithm is a sequence of 128, 192 or 256 bits.
Other input, output and Cipher Key lengths are not permitted by this standard.
The Advanced Encryption Standard (AES) specifies the Rijndael algorithm, a symmetric block cipher that
can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. Rijndael
was designed to handle additional block sizes and key lengths, however they are not adopted in the AES
standard.
The AES algorithm may be used with the three different key lengths indicated above, and therefore
these different flavors may be referred to as AES-128 , AES-192 , and AES-256 .
"64 bits of data input results in 56 bits of encrypted output " is incorrect because while DES does work
with 64 bit block input, it results in 64 bit blocks of encrypted output.
"128 bit key with 8 bits used for parity " is incorrect because DES does not ever use a 128 bit key.
"56 bits of data input results in 56 bits of encrypted output " is incorrect because DES always works with
64 bit blocks of input/output, not 56 bits.
Question 22
PGP uses which of the following to encrypt data?

• An asymmetric encryption algorithm
• An X.509 digital certificate
• A symmetric encryption algorithm
• A symmetric key distribution system
Correct Answer is: A symmetric encryption algorithm
Details:
The correct answer is: "A symmetric encryption algorithm ".
Notice that the question specifically asks what PGP uses to encrypt. For this, PGP uses a symmetric key
algorithm. PGP then uses an asymmetric key algorithm to encrypt the session key and then sends it
securely to the receiver. It is a hybrid system where both types of ciphers are being used for different
purposes.
Whenever a question talks about the bulk of the data to be sent, Symmetric is always best to choice to
use because of the inherent speed within Symmetric Ciphers. Asymmetric ciphers are 100 to 1000 times
slower than Symmetric Ciphers.
"An asymmetric encryption algorithm " is incorrect because PGP uses a symmetric algorithm to encrypt
data.
"A symmetric key distribution system " is incorrect because PGP uses an asymmetric algorithm for the
distribution of the session keys used for the bulk of the data.
"An X.509 digital certificate " is incorrect because PGP does not use X.509 digital certificates to encrypt
the data, it uses a session key to encrypt the data.
Question 23
A public key algorithm that does both encryption and digital signature is which of the following?
• Diffie-Hellman
• DES
• RSA
• IDEA
Correct Answer is: RSA
Details:
The correct answer is: RSA
RSA can be used for encryption, key exchange, and digital signatures.
What is the difference between Key Exchange versus key Agreement
KEY EXCHANGE
Key exchange (also known as "key establishment ") is any method in cryptography by which
cryptographic keys are exchanged between users, allowing use of a cryptographic algorithm.
If sender and receiver wish to exchange encrypted messages, each must be equipped to encrypt
messages to be sent and decrypt messages received. The nature of the equipping they require depends
on the encryption technique they might use. If they use a code, both will require a copy of the same
codebook. If they use a cipher, they will need appropriate keys. If the cipher is a symmetric key cipher,
both will need a copy of the same key. If an asymmetric key cipher with the public/private key property,
both will need the other's public key.
KEY AGREEMENT
Diffie-Hellman is a key agreement algorithm used by two parties to agree on a shared secret. The Diffie
Hellman (DH) key agreement algorithm describes a means for two parties to agree upon a shared secret
over a public network in such a way that the secret will be unavailable to eavesdroppers. The DH
algorithm converts the shared secret into an arbitrary amount of keying material. The resulting keying
material is used as a symmetric encryption key.
DES and IDEA are both symmetric algorithms.
Diffie-Hellman is a common asymmetric algorithm, but is used only for key agreement. It is not typically
used for data encryption and does not have digital signature capability.
Question 24
Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A
extinguisher?
• When the fire involves electrical equipment
• When the fire involves paper products
• When the fire is in an enclosed area
• When the fire is caused by flammable products
Correct Answer is: When the fire involves electrical equipment
Details:
The correct answer is: When the fire involves electrical equipment
A Class C fire extinguisher is preferable when a fire involves electrical equipment including wiriing.
Common Class C suppression includes: gas (i.e. Halon, FM-200, Carbon Dioxide, etc) or soda acid.
To aid in memorization of Fire Class write on a paper the classes A through D, simply think of my
firstname which is CLEMENT then put the word CLEM vertically as shown below:
Class A -> C = Combustible
Class B -> L = Liquid
Class C -> E = Electrical
Class D -> M = Metals
Below you will find a more detailed model.
Class A = Combustible
Type of Fire: Common Combustibles
Elements of Fire: wood products, paper, and laminates
Suppression Method: water, foam
Class B = Liquid
Type of Fire: Liquid
Elements of Fire: Petroleum products and coolants
Suppression Method: Gas, CO2, foam, dry powders.
Class C = Electrical
Type of Fire: Electrical
Elements of Fire: Electrical equipment and wires
Suppression Method: Gas, CO2, dry powders.
Class D = Metals
Type of Fire: Combustible Metals
Elements of Fire: Magnesium, sodium, potassium
Suppression Method: Dry powder.

When the fire involves paper products Class A fires involve paper products and would not require a Class
C extinguisher.
When the fire is caused by flammable products This is a distractor
When the fire is in an enclosed area This is not the best answer, because a paper product fire could still
be extinguished by a Class A extinguisher, even in an enclosed area.
Thanks to Luciano Lima for providing more details for the explantions.
TIPS FOR THE EXAM:
The exam has a USA flavor in it. The class of fire being used are the North American classes. If you are
from Europe or Australia you must be careful as they are not exactly the same. See the Wikipedia article
in reference to see how they match.
Question 25
Which of the following is true about a "dry pipe" sprinkler system?
• It reduces the likelihood of the sprinkler system pipes freezing.
• It maximizes chances of accidental discharge of water.
• It uses less water than "wet pipe" systems.
• It is a substitute for carbon dioxide systems.
Correct Answer is: It reduces the likelihood of the sprinkler system pipes freezing.
Details:
The correct answer is: It reduces the likelihood of the sprinkler system pipes freezing.
A dry pipe system is used in areas where the water in the pipes is subject to freezing, and to minimize
the chances of accidental discharge of water if the pipes would freeze in the winter time, and It
minimizes chances of accidental discharge of water as well by not releasing the water until the pressure
in the pipe would drop due to one of the sprinkler head being opened.
A Dry Pipe system has the water being held back from charging the sprinkler pipe system by a special
kind of check valve called a "dry pipe valve " or "clapper valve ". A dry pipe system is also a system which
the pipes are filled with pressurized air or nitrogen rather than water. The air uses a mechanical
advantage which holds back a device known as a dry pipe valve or clapper valve that prevent the water
from getting into the pipe when it is pressurized. A small amount of water, called priming water, is also
inside the dry pipe system, which is filled with either air or nitrogen under pressure.
The sprinkler pipe system is filled with pressurized air or nitrogen, which keeps the dry pipe valve closed
using mechanical advantage. When any of the sprinkler valves open, the pressurized air or nitrogen is
released, and the dropping pressure permits the dry pipe valve to open. It's primary use is to protect the
sprinkler pipes from freezing.
A Wet Pipe system has the pipes always charged with water, and the thermal-fusible link in each
sprinkler head is holding back the water. If any sprinkler head is exposed to enough heat, for long
enough, the link will break/melt and water will be discharged. A wet pipe system is generally used when
there is no danger of the water in the pipes freezing or when there are no special conditions that require
a special purpose sprinkler system.
A Preaction Pipe system is used where accidental activation is undesired. It is similar to a Dry Pipe
system, except one or more other interlocks, such as fire/heat sensors, are used in addition to sprinkler
head opening and relieving the air pressure, which then permits the water to charge the sprinkler pipe
system and flow through the open sprinkler head. This system has the added value of requiring a series
of events before the water is actually permitted to flow, which can enable personnel to handle a small
fire or incident without the flow of water.
All of the other answers were NOT true so they were wrong choices
Question 26
Which of the following identifies the encryption algorithm selected by NIST for the new Advanced
Encryption Standard?
• Twofish
• Rijndael
• RC6
• Serpent
Correct Answer is: Rijndael
Details:
The correct answer is: Rijndael. Rijndael is the new approved method of encrypting sensitive but
unclassified information for the U.S. government. It has been accepted by and is also widely used in the
public arena as well. It has low memory requirements and has been constructed to easily defend against
timing attacks.
The following answers are incorrect: Twofish. Twofish was among the final candidates chosen for AES,
but was not selected.
Serpent. Serpent was among the final candidates chosen for AES, but was not selected.
RC6. RC6 was among the final candidates chosen for AES, but was not selected.
Question 27
What are the three most important functions that digital signatures perform?
• Integrity, Confidentiality and Authorization
• Authorization, Detection and Accountability
• Integrity, Authentication and Nonrepudiation
• Authorization, Authentication and Nonrepudiation
Correct Answer is: Integrity, Authentication and Nonrepudiation
Details:
The correct answer is: Integrity, Authentication and Nonrepudiation.
This question is focusing on the functional value that digital signatures perform when used. First what is
a digital signature? When you receive a message it s digital signature is intended to solve the problem of
detecting tampering and impersonation in digital communications. Digital signatures can provide the
added assurances of evidence to origin, identity and status of an electronic document, transaction or
message, as well as acknowledging informed consent by the signer.
An electronic message such as an email is composed of 2 parts; the message digest or content and it s
digitally signed-signature. Both the digest and signature use asymmetric cryptography but in different
ways.
In Asymmetric cryptography such as ECC RSA Diffe Helman where the process is:
encrypt/sign/decrypt/verify a digital signature.
Send encrypted signature > senders Private Key
Send encrypted message > Receiver s Public Key
Receive-decrypt signature > Sender s Public Key
Or verify certificate
Receive-decrypt msg > Receiver s Private Key
Separate from the digital signature is the message digest which uses the process of encrypting the
message digest using a matching public key of sender to decrypt. BTW- this scheme uses a small number
of keys for large number of users which makes it easily scalable.
Asymmetric cryptography provides - PAIN = Privacy Authentication Integrity Non-repudiation
A message can be encrypted, which provides confidentiality.
A message can be hashed, which provides integrity.
A message can be digitally signed (asymmetric), which provides authentication, nonrepudiation, and
integrity.
sender's private key is used to encrypt the message digest of the message
A message can be encrypted and digitally signed , which provides confidentiality, authentication,
nonrepudiation, and integrity
receiver will use the matching public key of the sender to decrypt the Digital Signature using the
sender's public key
Ref 225-1 Nonrepudiation is the assurance that someone cannot deny something. Typically,
nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny
the authenticity of their signature on a document or the sending of a message that they originated.
Valid digital signature ensures to the recipient that the message was created by the sender - An
authentication that can be asserted to be genuine with high assurance.made possible through
identification, authentication, authorization, accountability, and auditing.
Ref 225-2 - Symmetric key cryptography does not implement nonrepudiation - requires public-key
cryptosystem using digital certificates, session identifiers, transaction logs, and numerous other
transactional and access control mechanisms.
Incorrect answers and why they are incorrect:
Integrity, Confidentiality and Authorization Integrity and Confidentiality-refer to above table.

Authorization see below
Authorization, Authentication and Nonrepudiation - Authorization see below, Authentication-see below,

Nonrepudiation-see table above
Authorization, Detection and Accountability- Authorization see below, Detection and Accountability-see
below
Authorization Ref-225-4 - When no subject can gain access to any object without authorization
US Patriot Act- Ref 225-3 2001 Uniting and Strengthening America by Providing Appropriate Tools
Required to Intercept and Obstruct Terrorism broadens the powers of law enforcement when
monitoring electronic communications blanket authorization for all comm regardless of number of
channels
Authentication - State after identity proofing - granting access to a network or building
Accountability Example: Jake is in the process of running a bulk data update. However, the process
writes incorrect data throughout the database. Someone (or something) needs to be held accountable
for this problem, but accountability isn t necessarily something that can be compromised in the way that
the other three concepts of the CIA triad can be.
Ref 225-5 - Users and other subjects can be held accountable for their actions when auditing is
implemented. Auditing tracks subjects and records when they access objects, creating an audit trail in
one or more audit logs
Detection a state of become aware for instance a NIDS detects intrusions, fire detectors detect fire,
CSMA/CD detects collisions
Note: An example is RADIUS which is an AAA-Authentication Authorization & Accounting Server
Edition.
Ref 225-1 - 1536, p11
Ref 225-2 - 6368, p210
Ref-225-3 - 4669, p143
Ref-225-5 - 15060, p562
Ref-225-4 - Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ((ISC)2 Press) page 304
Email or CCCure Nickname of question author: updated by Tom Keck
Thanks to Doug Rike for providing feedback to improve this question.

For further study:
In many countries, including the United States, digital signatures have the same legal significance as the
more traditional forms of signed documents. The United States Government Printing Office publishes
electronic versions of the budget, public and private laws, and congressional bills with digital signatures.
Question 28
Which of the following is the preferred way to suppress an electrical fire in a data center?
• ABC Rated Dry Chemical
• water or soda acid
• CO2, soda acid, or Halon
• CO2
Correct Answer is: CO2
Details:
The correct answer is: CO2:
It must be noted that Halon is now banned in most countries or cities.
The reason CO2 is preferred in an information center is the agent is considered a clean agent, as well as
non-conductive. The agent evaporates and does not leave a residue on the equipment. CO2 can be
hazardous to people so special care must be taken when implemented.
Water may be a sound solution for large physical areas such as warehouses, but it is entirely
inappropriate for computer equipment. A water spray can irreparably damage hardware more quickly
than encroaching smoke or heat. Gas suppression systems operate to starve the fire of oxygen. In the
past, Halon was the choice for gas suppression systems; however, Halon leaves residue, depletes the
ozone layer, and can injure nearby personnel.
Image Source - CISSP All In One Exam Guide by Shon Harris
NOTE FROM CLEMENT:

For the purpose of the exam do not go outside of the 4 choices presented. YES, it is true that there are
many other choices that would be more adequate for a Data Centre. An agent such as IG-55 from Ardent
would probably be a better choice than CO2, however it is NOT in the list of choices.
You will also notice that Shon Harris and Krutz and Vines disagree on which one is the best. This is why
you must do your own research to supplement the books, sometimes books could be opiniated as well.
When in doubt refer to the official book and look at what is ISC2 view of the topic and which one ISC2
considers to be the best for the exam.
ISC2 recommends also the following:
Aero-K - uses an aerosol of microscopic potassium compounds in a carrier gas released from small
canisters mounted on walls near the ceiling. The Aero-K generators are not pressurized until fire is
detected. The Aero-K system uses multiple fire detectors and will not release until a fire is confirmed by
two or more detectors (limiting accidental discharge). The gas is non-corrosive, so it does not damage
metals or other materials. It does not harm electronic devices or media such as tape or discs. More
important, Aero-K is nontoxic and does not injure personnel.
FM-200 - is a colorless, liquefied compressed gas. It is stored as a liquid and dispensed into the hazard as
a colorless, electrically non-conductive vapor that is clear and does not obscure vision. It leaves no
residue and has acceptable toxicity for use in occupied spaces at design concentration. FM-200 does not
displace oxygen and, therefore, is safe for use in occupied spaces without fear of oxygen deprivation.
The following are incorrect choices:
Water or Soda/Acid & Halon: (old water extinguishers) will damage sensitive equipment as well as
conduct electricity which could endanger the life of the person using such a fire extinghisher. Halon has
been banned due to the Montreal Protocol.
ABC rated Dry chemical extinguishers: They are suitable for electrically energized fires, but they are not
acceptable on sensitive equipment. It is like throwing a couple kilograms of flour in around in a room. It
is extremely hard to clean off of equipment and some of the chemicals are corrosive in nature.
Thanks to Glen Chandler for providing feedback to improve this question.
Thanks to Mark Heckman for providing input to improve this question.
Thanks to Kurt I. Love for providing feedback to improve this question.
NOTE FROM CLEMENT:
See some information about IG-55 is presented below:
The Agent
• IG55 is a mixture of two naturally occurring atmospheric gases, Nitrogen and Argon.
• IG55 is stored compressed and uncondensed and is totally dry.
• When deployed, there is no condensation that can cause harm to moisture sensitive equipment.
• IG 55 does not form harmful by products when used in a fire and the gas is totally non corrosive.
• The gas is stored and used at room temperature, thus avoiding any risk of damage due to
exposure to low temperatures.
• IG55 does not affect the ozone layer and has a very short atmospheric lifetime. IG55 has no
global warming potential.
• IG55 is colour- and odour-less.
• IG 55 is non conductive.
• IG55 has approximately the same density as air.
• IG55 is a mixture of Nitrogen and Argon that extinguishes fire by oxygen depletion.
Because the reduced oxygen atmosphere required to put out the fire still is breathable to humans, IG55
is ideal to use in normally occupied areas.
IG55 is clean and pure and leaves no residues that have to be taken care of after discharge. The gas is
non corrosive and non conductive and can be used directly on electrical installations.
IG55 is used in closed areas IG55 extinguishes the fire by depleting the oxygen level down to where no
combustion can occur. Normal air contains 20.9% of oxygen. In order to put out a fire that level must be
reduced down to 14% or less.
At a concentration of 50% IG55 in a room, a typical oxygen level of 12.5% is achieved.
IG55 is suitable for putting out Class B fires such as liquid fire.
IG55 is also suitable for putting out class A surface fires in wood, cloth and paper.
Personal Safety
In order to put out a fire the oxygen level must be reduced down to 14% or less. A normal system is
dimensioned to reduce the oxygen level down to 12-13.8% depending on the type of hazard. This is a
level that is considered safe for normally occupied areas, and the system may be used without
restrictions like time delays and pre alarms.
Question 29
Which of the following is NOT a system-sensing wireless proximity card?
• magnetically striped card
• transponder
• field-powered device
• passive device
Correct Answer is: magnetically striped card
Details:
The correct answer is: Magnetically striped cards are digitally encoded cards.
For your exam you should know the information below:

Card Types
Magnetic stripe (mag stripe) cards consist of a magnetically sensitive strip fused onto the surface of a
PVC material, like a credit card. A magnetic stripe card is read by swiping it through a reader or by
inserting it into a position in a slot.
This style of card is old technology; it may be physically damaged by misuse, and its data can be affected
by magnetic fields. Magnetic stripe cards are easily duplicated. Proximity cards (prox cards) use
embedded antenna wires connected to a chip within the card. The chip is encoded with the unique card
identification. Distances at which proximity cards can be read vary by the manufacturer and installation.
Readers can require the card to be placed within a fraction of an inch from the reader to six inches
away. This will then authenticate the card and will release the magnetic lock on the door. Smart cards
are credential cards with a microchip embedded in them. Smart cards can store data such as access
transactions, licenses held by individuals, qualifications, safety training, security access levels, and
biometric templates. This card can double as an access card for doors and be used as an authenticator
for a computer.
The U.S. federal government has mandated smart cards to provide personal identity verification (PIV) to
verify the identity of every employee and contractor in order to improve data and facility security. The
card will be used for identification, as well as for facility and data access. Additional security measures
can be employed using keypads with PIN Codes or biometric readers. Coded devices use a series of
assigned numbers commonly referred to as a PIN. This series of numbers is entered into a keypad and is
matched to the numbers stored in the ACS. This provides additional security because if a badge is lost or
stolen, it will not activate a control area without the proper PIN number, similar to an ATM bank card.
Biometrics provides the same support because even if the card is stolen, the reader must match a
biometric to the biometric on the card to be successful.
Question 30
Which of the following is currently the most recommended water system for a computer room?
• dry pipe
• wet pipe
• preaction
• deluge
Correct Answer is: preaction
Details:
The correct answer is: Preaction combines both the dry and wet pipe systems and allows manual
intervention before a full discharge of water on the equipment occurs.
Question 31
Which of the following ensures that a Trusted Computing Base (TCB) is designed, developed, and
maintained with formally controlled standards that enforces protection at each stage in the system's life
cycle?
• covert timing assurance

• covert storage assurance
• life cycle assurance
• operational assurance
Correct Answer is: life cycle assurance
Details:
The correct answer is: life cycle assurance
Life-cycle Assurance - Requirements specified in the Orange Book are:
security testing,
design specification and testing,
configuration management, and
trusted distribution.
Operational Assurance - Concentrates on the product's architecture, embedded features, and

functionality that enable a customer to continually obtain the necessary level of protection when using
the product.
WHAT IS THE TCB?
The TCB is the collection of all of the hardware, software, and firmware within a computer system that
contains all elements of the system responsible for supporting the security policy and the isolation of
objects. When the TCB is enabled, the system is considered to have a trusted path along with a trusted
shell. The trusted path is a communication channel between the user or program and the TCB. The TCB
is responsible for providing the protection mechanisms necessary to ensure that the trusted path cannot
be compromised in any way. The trusted shell implies that any activity taking place within the shell, or
communication channel, is isolated to that channel and cannot be interacted with either from inside or
outside by an untrusted party or entity.
EditionPage 841 or Kindle Location 21983 also see page 1025.
Question 32
Which of the following is the lowest TCSEC class wherein the systems must support separate operator
and system administrator roles?
• B1
• B2
• A2
• A1
Correct Answer is: B2
Details:
The correct answer is: B2
For the purpose of the exam you must know what is being introduced at each of the TCSEC rating. There
is a fantastic one page guide we have created that shows clearly what is being introduced at each of the
layers.
Boxes marked in grey in the table above indicates requirements at each of the class of TCSEC.
You can download a copy of the guide at: https://www.freepracticetests.org/documents/tcsec.pdf
Question 33
In which of the following model are Subjects and Objects identified and the permissions applied to each
subject/object combination are specified. Such a model can be used to quickly summarize what
permissions a subject has for various system objects.
• Access Control Matrix model
• Take-Grant model
• Bell-LaPadula model
• Biba model
Correct Answer is: Access Control Matrix model
Details:
The correct answer is: Access Control Matrix Model
An access control matrix is a table of subjects and objects indicating what actions individual subjects can
take upon individual objects. Matrices are data structures that programmers implement as table lookups
that will be used and enforced by the operating system.
This type of access control is usually an attribute of DAC models. The access rights can be assigned
directly to the subjects (capabilities) or to the objects (ACLs).
Capability Table
A capability table specifies the access rights a certain subject possesses pertaining to specific objects. A
capability table is different from an ACL because the subject is bound to the capability table, whereas
the object is bound to the ACL.
Access control lists (ACLs)
ACLs are used in several operating systems, applications, and router configurations. They are lists of
subjects that are authorized to access a specific object, and they define what level of authorization is
granted. Authorization can be specific to an individual, group, or role. ACLs map values from the access
control matrix to the object.
Whereas a capability corresponds to a row in the access control matrix, the ACL corresponds to a
column of the matrix.
NOTE: Ensure you are familiar with the terms Capability and ACLs for the purpose of the exam.
The dichotomy between governmental and commercial needs led to the development of two distinct
access control mechanisms: Mandatory Access Control (MAC) and Discretionary Access Control (DAC).
MAC focuses on controlling disclosure of information by assigning security levels to objects and subjects,
limiting access across security levels, and the consolidation of all classification and access controls into
the system.
Conversely DAC focuses on fine-grained access control of objects through Access Control Matrices and
object level permission modes.
Question 34
Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and
the corresponding ciphertext?
• known plaintext
• brute force
• ciphertext only
• chosen plaintext
Correct Answer is: known plaintext

Details:
The correct answer is: Known-Plaintext attack
The goal to this type of attack is to find the cryptographic key that was used to encrypt the message.
Once the key has been found, the attacker would then be able to decrypt all messages that had been
encrypted using that key.
The known-plaintext attack (KPA) or crib is an attack model for cryptanalysis where the attacker has
samples of both the plaintext and its encrypted version (ciphertext), and is at liberty to make use of
them to reveal further secret information such as secret keys and code books. The term "crib "
originated at Bletchley Park, the British World War II decryption operation
In cryptography, a brute force attack or exhaustive key search is a strategy that can in theory be used
against any encrypted data by an attacker who is unable to take advantage of any weakness in an
encryption system that would otherwise make his task easier. It involves systematically checking all
possible keys until the correct key is found. In the worst case, this would involve traversing the entire
key space, also called search space.
In cryptography, a ciphertext-only attack (COA) or known ciphertext attack is an attack model for
cryptanalysis where the attacker is assumed to have access only to a set of ciphertexts.
The attack is completely successful if the corresponding plaintexts can be deduced, or even better, the
key. The ability to obtain any information at all about the underlying plaintext is still considered a
success. For example, if an adversary is sending ciphertext continuously to maintain traffic-flow security,
it would be very useful to be able to distinguish real messages from nulls. Even making an informed
guess of the existence of real messages would facilitate traffic analysis.
In the history of cryptography, early ciphers, implemented using pen-and-paper, were routinely broken
using ciphertexts alone. Cryptographers developed statistical techniques for attacking ciphertext, such
as frequency analysis. Mechanical encryption devices such as Enigma made these attacks much more
difficult (although, historically, Polish cryptographers were able to mount a successful ciphertext-only
cryptanalysis of the Enigma by exploiting an insecure protocol for indicating the message settings).
Every modern cipher attempts to provide protection against ciphertext-only attacks. The vetting process
for a new cipher design standard usually takes many years and includes exhaustive testing of large
quantities of ciphertext for any statistical departure from random noise. See: Advanced Encryption
Standard process. Also, the field of steganography evolved, in part, to develop methods like mimic
functions that allow one piece of data to adopt the statistical profile of another. Nonetheless poor
cipher usage or reliance on home-grown proprietary algorithms that have not been subject to thorough
scrutiny has resulted in many computer-age encryption systems that are still subject to ciphertext-only
attack. Examples include:
• Early versions of Microsoft's PPTP virtual private network software used the same RC4 key for
the sender and the receiver (later versions had other problems). In any case where a stream cipher like
RC4 is used twice with the same key it is open to ciphertext-only attack. See: stream cipher attack
• Wired Equivalent Privacy (WEP), the first security protocol for Wi-Fi, proved vulnerable to
several attacks, most of them ciphertext-only.
A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker
has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding
ciphertexts. The goal of the attack is to gain some further information which reduces the security of the
encryption scheme. In the worst case, a chosen-plaintext attack could reveal the scheme's secret key.
This appears, at first glance, to be an unrealistic model; it would certainly be unlikely that an attacker
could persuade a human cryptographer to encrypt large amounts of plaintexts of the attacker's
choosing. Modern cryptography, on the other hand, is implemented in software or hardware and is used
for a diverse range of applications; for many cases, a chosen-plaintext attack is often very feasible.
Chosen-plaintext attacks become extremely important in the context of public key cryptography, where
the encryption key is public and attackers can encrypt any plaintext they choose.
Any cipher that can prevent chosen-plaintext attacks is then also guaranteed to be secure against
known-plaintextand ciphertext-only attacks; this is a conservative approach to security.
Two forms of chosen-plaintext attack can be distinguished:
• Batch chosen-plaintext attack, where the cryptanalyst chooses all plaintexts before any of them
are encrypted. This is often the meaning of an unqualified use of "chosen-plaintext attack ".
• Adaptive chosen-plaintext attack, where the cryptanalyst makes a series of interactive queries,
choosing subsequent plaintexts based on the information from the previous encryptions.
Edited by Mike Young, CISSP
Question 35
Which of the following algorithm enables two systems to generate a symmetric key securely without
requiring a previous relationship or prior arrangements?
• Diffie_Hellmann
• RSA
• 3DES
• PKI
Correct Answer is: Diffie_Hellmann
Details:
The correct answer is: Diffie-Hellman
The Diffie-Hellman key agreement protocol (also called exponential key agreement) was developed by
Diffie and Hellman [DH76] in 1976 and published in the ground-breaking paper "New Directions in
Cryptography. " The protocol allows two users to exchange a secret key over an insecure medium
without any prior secrets.
To understand how Diffie-Hellman works, consider an example. Let s say that Tanya and Erika would like
to communicate over an encrypted channel by using Diffie-Hellman. They would both generate a private
and public key pair and exchange public keys.
Tanya s software would take her private key (which is just a numeric value) and Erika s public key
(another numeric value) and put them through the Diffie-Hellman algorithm. Erika s software would take
her private key and Tanya s public key and insert them into the Diffie-Hellman algorithm on her
computer. Through this process, Tanya and Erika derive the same shared value, which is used to create
instances of symmetric keys. So, Tanya and Erika exchanged information that did not need to be
protected (their public keys) over an untrusted network, and in turn generated the exact same
symmetric
key on each system. They both can now use these symmetric keys to encrypt, transmit, and decrypt
information as they communicate with each other.
The Diffie-Hellman algorithm enables two systems to generate a symmetric key securely without
requiring a previous relationship or prior arrangements. The algorithm allows for key distribution, but
does not provide encryption or digital signature functionality. The algorithm is based on the difficulty of
calculating discrete logarithms
in a finite field.
The original Diffie-Hellman algorithm is vulnerable to a man-in-the-middle attack, because no
authentication occurs before public keys are exchanged. In our example,when Tanya sends her public
key to Erika, how does Erika really know it is Tanya s publickey? What if Lance spoofed his identity, told
Erika he was Tanya, and sent over his key? Erika would accept this key, thinking it came from Tanya. Let
s walk through the steps of how this type of attack would take place, as illustrated in Figure 7-20:
1. Tanya sends her public key to Erika, but Lance grabs the key during transmission so it never makes it
to Erika.
2. Lance spoofs Tanya s identity and sends over his public key to Erika. Erika now thinks she has Tanya s
public key.
3. Erika sends her public key to Tanya, but Lance grabs the key during transmission so it never makes it
to Tanya.
4. Lance spoofs Erika s identity and sends over his public key to Tanya. Tanya now thinks she has Erika s
public key.
5. Tanya combines her private key and Lance s public key and creates symmetric key S1.
6. Lance combines his private key and Tanya s public key and creates symmetric key S1.
7. Erika combines her private key and Lance s public key and creates symmetric key S2.
8. Lance combines his private key and Erika s public key and creates symmetric key S2.
9. Now Tanya and Lance share a symmetric key (S1) and Erika and Lance share a different symmetric key
(S2). Tanya and Erika think they are sharing a key between themselves and do not realize Lance is
involved.
10. Tanya writes a message to Erika, uses her symmetric key (S1) to encrypt the message, and sends it.
11. Lance grabs the message and decrypts it with symmetric key S1, reads or modifies the message and
re-encrypts it with symmetric key S2, and then sends it to Erika.
12. Erika takes symmetric key S2 and uses it to decrypt and read the message.
Question 36
In a known plaintext attack, the cryptanalyst has knowledge of which of the following?
• the ciphertext and the key
• the plaintext and the secret key
• both the plaintext and the associated ciphertext of several messages
• the plaintext and the algorithm
Correct Answer is: both the plaintext and the associated ciphertext of several messages
Details:
The correct answer is: both the plaintext and the associated ciphertext of several messages.
In a known plaintext attack, the attacker has the plaintext and ciphertext of one or more messages. The
goal is to discover the key used to encrypt the messages so that other messages can be deciphered and
read.
Question 37
What is the length of an MD5 message digest?
• varies depending upon the message size.
• 256 bits
• 128 bits
• 160 bits
Correct Answer is: 128 bits
Details:
The correct answer is: 128 Bits
A hash algorithm (alternatively, hash "function ") takes binary data, called the message, and produces a
condensed representation, called the message digest. A cryptographic hash algorithm is a hash
algorithm that is designed to achieve certain security properties. The Federal Information Processing
Standard 180-3, Secure Hash Standard, specifies five cryptographic hash algorithms - SHA-1, SHA-224,
SHA-256, SHA-384, and SHA-512 for federal use in the US; the standard was also widely adopted by the
information technology industry and commercial companies.
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-
bit (16-byte) hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security
applications, and is also commonly used to check data integrity. MD5 was designed by Ron Rivest in
1991 to replace an earlier hash function, MD4. An MD5 hash is typically expressed as a 32-digit
hexadecimal number.
However, it has since been shown that MD5 is not collision resistant; as such, MD5 is not suitable for
applications like SSL certificates or digital signatures that rely on this property. In 1996, a flaw was found
with the design of MD5, and while it was not a clearly fatal weakness, cryptographers began
recommending the use of other algorithms, such as SHA-1 - which has since been found also to be
vulnerable. In 2004, more serious flaws were discovered in MD5, making further use of the algorithm for
security purposes questionable - specifically, a group of researchers described how to create a pair of
files that share the same MD5 checksum. Further advances were made in breaking MD5 in 2005, 2006,
and 2007. In December 2008, a group of researchers used this technique to fake SSL certificate validity,
and US-CERT now says that MD5 "should be considered cryptographically broken and unsuitable for
further use. " and most U.S. government applications now require the SHA-2 family of hash functions.
NIST CRYPTOGRAPHIC HASH PROJECT
NIST announced a public competition in a Federal Register Notice on November 2, 2007 to develop a
new cryptographic hash algorithm, called SHA-3, for standardization. The competition was NIST s
response to advances made in the cryptanalysis of hash algorithms.
NIST received sixty-four entries from cryptographers around the world by October 31, 2008, and
selected fifty-one first-round candidates in December 2008, fourteen second-round candidates in July
2009, and five finalists BLAKE, Gr stl, JH, Keccak and Skein, in December 2010 to advance to the third
and final round of the competition.
Throughout the competition, the cryptographic community has provided an enormous amount of
feedback. Most of the comments were sent to NIST and a public hash forum; in addition, many of the
cryptanalysis and performance studies were published as papers in major cryptographic conferences or
leading cryptographic journals. NIST also hosted a SHA-3 candidate conference in each round to obtain
public feedback. Based on the public comments and internal review of the candidates, NIST announced
Keccak as the winner of the SHA-3 Cryptographic Hash Algorithm Competition on October 2, 2012, and
ended the five-year competition.
Question 38
The RSA Algorithm uses which mathematical concept as the basis of its encryption?
• Two large prime numbers
• PI (3.14159...)
• 16-round ciphers
• Geometry
Correct Answer is: Two large prime numbers
Details:
The correct answer is: two large prime numbers.
The RSA cryptosystem is a public-key cryptosystem that offers both encryption and digital signatures
(authentication). Ronald Rivest, Adi Shamir, and Leonard Adleman developed the RSA system in 1977
[RSA78]; RSA stands for the first letter in each of its inventors' last names.
The RSA algorithm works as follows: take two large primes, p and q, and compute their product n = pq; n
is called the modulus. Choose a number, e, less than n and relatively prime to (p-1)(q-1), which means e
and (p-1)(q-1) have no common factors except 1. Find another number d such that (ed - 1) is divisible by
(p-1)(q-1). The values e and dare called the public and private exponents, respectively. The public key is
the pair (n, e); the private key is (n, d). The factors p and q may be destroyed or kept with the private
key.
It is currently difficult to obtain the private key d from the public key (n, e). However if one could factor
n into p and q, then one could obtain the private key d. Thus the security of the RSA system is based on
the assumption that factoring is difficult. The discovery of an easy method of factoring would "break "
RSA (see Question 3.1.3 and Question 2.3.3).
Here is how the RSA system can be used for encryption and digital signatures (in practice, the actual use
is slightly different; see Questions 3.1.7 and 3.1.8):
Encryption
Suppose Alice wants to send a message m to Bob. Alice creates the ciphertext c by exponentiating: c =
me mod n, where e and n are Bob's public key. She sends c to Bob. To decrypt, Bob also exponentiates:
m = cd mod n; the relationship between e and d ensures that Bob correctly recovers m. Since only Bob
knows d, only Bob can decrypt this message.
Digital Signature
Suppose Alice wants to send a message m to Bob in such a way that Bob is assured the message is both
authentic, has not been tampered with, and from Alice. Alice creates a digital signature s by
exponentiating: s = md mod n, where d and n are Alice's private key. She sends m and s to Bob. To verify
the signature, Bob exponentiates and checks that the message m is recovered: m = se mod n, where e
and n are Alice's public key.
Thus encryption and authentication take place without any sharing of private keys: each person uses
only another's public key or their own private key. Anyone can send an encrypted message or verify a
signed message, but only someone in possession of the correct private key can decrypt or sign a
message.
Question 39
What is the role of IKE within the IPsec protocol?
• peer authentication and key exchange
• data signature
• enforcing quality of service
• data encryption
Correct Answer is: peer authentication and key exchange
Details:
The correct answer is: peer authentication and key exchange.
: RFC 2409: The Internet Key Exchange (IKE); DORASWAMY, Naganand & HARKINS, Dan, Ipsec: The New
Security Standard for the Internet, Intranets, and Virtual Private Networks, 1999, Prentice Hall PTR;
SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
Question 40
What is NOT an authentication method within IKE and IPsec?
• Public key authentication
• Pre shared key
• certificate based authentication
• CHAP
Correct Answer is: CHAP
Details:
The correct answer is: CHAP
CHAP is not used within IPSEC or IKE. CHAP is an authentication scheme used by Point to Point Protocol
(PPP)servers to validate the identity of remote clients. CHAP periodically verifies the identity of the
client by using a three-way handshake. This happens at the time of establishing the initial link (LCP), and
may happen again at any time afterwards. The verification is based on a shared secret (such as the client
user's password).
1. After the completion of the link establishment phase, the authenticator sends a "challenge "
message to the peer.
2. The peer responds with a value calculated using a cryptography, a pre-shared key or PSK is a
shared secret which was previously shared between the two parties using some secure channel before it
needs to be used. To build a key from shared secret, the key derivation function should be used. Such
systems almost always use symmetric key cryptographic algorithms. The term PSK is used in WiFi
encryption such as WEP or WPA, where both the wireless access points (AP)and all clients share the
same key.
The characteristics of this secret or key are determined by the system which uses it; some system
designs require that such keys be in a particular format. It can be a password like 'bret13i', a passphrase
like 'Idaho hung gear id gene', or a hexadecimal string like '65E4 E556 8622 EEE1'. The secret is used by
all systems involved in the cryptographic processes used to secure the traffic between the systems.
Certificat Based Authentication
The most common form of trusted authentication between parties in the wide world of Web commerce
is the exchange of certificates. A certificate is a digital document that at a minimum includes a
Distinguished Name (DN) and an associated public key.
The certificate is digitally signed by a trusted third party known as the Certificate Authority (CA). The CA
vouches for the authenticity of the certificate holder. Each principal in the transaction presents
certificate as its credentials. The recipient then validates the certificate s signature against its cache of
known and trusted CA certificates. A personal
certificate identifies an end user in a transaction; a server certificate identifies the service provider.
Generally, certificate formats follow the X.509 Version 3 standard. X.509 is part of the Open Systems
Interconnect
(OSI) X.500 specification.
Public Key Authentication
Public key authentication is an alternative means of identifying yourself to a login server, instead of
typing a password. It is more secure and more flexible, but more difficult to set up.
In conventional password authentication, you prove you are who you claim to be by proving that you
know the correct password. The only way to prove you know the password is to tell the server what you
think the password is. This means that if the server has been hacked, or spoofed an attacker can learn
your password.
Public key authentication solves this problem. You generate a key pair, consisting of a public key (which
everybody is allowed to know) and a private key (which you keep secret and do not give to anybody).
The private key is able to generate signatures. A signature created using your private key cannot be
forged by anybody who does not have a copy of that private key; but anybody who has your public key
can verify that a particular signature is genuine.
So you generate a key pair on your own computer, and you copy the public key to the server. Then,
when the server asks you to prove who you are, you can generate a signature using your private key.
The server can verify that signature (since it has your public key) and allow you to log in. Now if the
server is hacked or spoofed, the attacker does not gain your private key or password; they only gain one
signature. And signatures cannot be re-used, so they have gained nothing.
There is a problem with this: if your private key is stored unprotected on your own computer, then
anybody who gains access to your computer will be able to generate signatures as if they were you. So
they will be able to log in to your server under your account. For this reason, your private key is usually
encrypted when it is stored on your local machine, using a passphrase of your choice. In order to
generate a signature, you must decrypt the key, so you have to type your passphrase.
Question 41
What is the primary role of cross certification?
• Creating trust between different PKIs
• Prevent the nullification of user certificates by CA certificate revocation
• Build an overall PKI hierarchy
• set up direct trust to a second root CA
Correct Answer is: Creating trust between different PKIs

Details:
The correct answer is: Creating trust between different PKIs
More and more organizations are setting up their own internal PKIs. When these independent PKIs need
to interconnect to allow for secure communication to take place (either between departments or
different companies), there must be a way for the two root CAs to trust each other.
These two CAs do not have a CA above them they can both trust, so they must carry out cross
certification. A cross certification is the process undertaken by CAs to establish a trust relationship in
which they rely upon each other's digital certificates and public keys as if they had issued them
themselves.
When this is set up, a CA for one company can validate digital certificates from the other company and
vice versa.
For more information and illustration on Cross certification: http://windowsitpro.com/security/ca-trust-

relationships-windows-server-2003-pki
http://www.entrust.com/resources/pdf/cross_certification.pdf;
RFC 2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile; and
FORD, Warwick & BAUM, Michael S., Secure Electronic Commerce: Building the Infrastructure for Digital
Signatures and Encryption (2nd Edition), 2000, Prentice Hall PTR, Page 254.
Question 42
What kind of encryption is realized in the S/MIME-standard?
• Elliptic curve based encryption
• Public key based, hybrid encryption scheme
• Password based encryption scheme
• Asymmetric encryption scheme
Correct Answer is: Public key based, hybrid encryption scheme
Details:
The correct answer is: Public key based, hybrid encryption scheme
S/MIME (for Secure MIME, or Secure Multipurpose Mail Extension) is a security process used for e-mail
exchanges that makes it possible to guarantee the confidentiality and non-repudiation of electronic
messages.
S/MIME is based on the MIME standard, the goal of which is to let users attach files other than ASCII
text files to electronic messages. The MIME standard therefore makes it possible to attach all types of
files to e-mails.
S/MIME was originally developed by the company RSA Data Security. Ratified in July 1999 by the IETF,
S/MIME has become a standard, whose specifications are contained in RFCs 2630 to 2633.
How S/MIME works
The S/MIME standard is based on the principle of public-key encryption. S/MIME therefore makes it
possible to encrypt the content of messages but does not encrypt the communication.
The various sections of an electronic message, encoded according to the MIME standard, are each
encrypted using a session key.
The session key is inserted in each section's header, and is encrypted using the recipient's public key.
Only the recipient can open the message's body, using his private key, which guarantees the
confidentiality and integrity of the received message.
In addition, the message's signature is encrypted with the sender's private key. Anyone intercepting the
communication can read the content of the message's signature, but this ensures the recipient of the
sender's identity, since only the sender is capable of encrypting a message (with his private key) that can
be decrypted with his public key.

Question 43
What attribute is included in a X.509-certificate?
• Telephone number of the department
• secret key of the issuing CA
• the key pair of the certificate holder
• Distinguished name of the subject
Correct Answer is: Distinguished name of the subject
Details:
The correct answer is: distinguished name of the subject.
Question 44
What is the primary role of smartcards in a PKI?

• Transparent renewal of user keys
• Easy distribution of the certificates between the users
• Fast hardware encryption of the raw data
• Tamper resistant, mobile storage and application of private keys of the users
Correct Answer is: Tamper resistant, mobile storage and application of private keys of the users
Details:
The correct answer is: tamper resistant, mobile storage and application of private keys of the users.
Security
Tamper-resistant microprocessors are used to store and process private or sensitive information, such
as private keysor electronic money credit. To prevent an attacker from retrieving or modifying the
information, the chips are designed so that the information is not accessible through external means
and can be accessed only by the embedded software, which should contain the appropriate security
measures.
Examples of tamper-resistant chips include all secure cryptoprocessors, such as the IBM 4758 and chips
used in smartcards, as well as the Clipper chip.
It has been argued that it is very difficult to make simple electronic devices secure against tampering,
because numerous attacks are possible, including:
• physical attack of various forms (microprobing, drills, files, solvents, etc.)
• freezing the device
• applying out-of-spec voltages or power surges
• applying unusual clock signals
• inducing software errors using radiation
• measuring the precise time and power requirements of certain operations (see power analysis)
Tamper-resistant chips may be designed to zeroise their sensitive data (especially cryptographic keys) if
they detect penetration of their security encapsulation or out-of-specification environmental
parameters. A chip may even be rated for "cold zeroisation ", the ability to zeroise itself even after its
power supply has been crippled.
Nevertheless, the fact that an attacker may have the device in his possession for as long as he likes, and
perhaps obtain numerous other samples for testing and practice, means that it is practically impossible
to totally eliminate tampering by a sufficiently motivated opponent. Because of this, one of the most
important elements in protecting a system is overall system design. In particular, tamper-resistant
systems should "fail gracefully " by ensuring that compromise of one device does not compromise the
entire system. In this manner, the attacker can be practically restricted to attacks that cost less than the
expected return from compromising a single device (plus, perhaps, a little more for kudos). Since the
most sophisticated attacks have been estimated to cost several hundred thousand dollars to carry out,
carefully designed systems may be invulnerable in practice.
Edition Page 566 & 567 or Kindle Location 15169 & 15200.
Question 45
What kind of certificate is used to validate a user identity?
• Root certificate
• Attribute certificate
• Code signing certificate
• Public key certificate
Correct Answer is: Public key certificate
Details:
The correct answer is: public key certificate.
In cryptography, a public key certificate (or identity certificate) is an electronic document which
incorporates a digital signature to bind together a public key with an identity information such as the
name of a person or an organization, their address, and so forth. The certificate can be used to verify
that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In
a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users
( "endorsements "). In either case, the signatures on a certificate are attestations by the certificate
signer that the identity information and the public key belong together.
In computer security, an authorization certificate (also known as an attribute certificate) is a digital

document that describes a written permission from the issuer to use a service or a resource that the
issuer controls or has access to use. The permission can be delegated.
Some people constantly confuse PKCs and ACs. An analogy may make the distinction clear. A PKC can be
considered to be like a passport: it identifies the holder, tends to last for a long time, and should not be
trivial to obtain. An AC is more like an entry visa: it is typically issued by a different authority and does
not last for as long a time. As acquiring an entry visa typically requires presenting a passport, getting a
visa can be a simpler process.
A real life example of this can be found in the mobile software deployments by large service providers
and are typically applied to platforms such as Microsoft Smartphone (and related), Symbian OS, J2ME,
and others.
In each of these systems a mobile communications service provider may customize the mobile terminal
client distribution (ie. the mobile phone operating system or application environment) to include one or
more root certificates each associated with a set of capabilities or permissions such as "update firmware
", "access address book ", "use radio interface ", and the most basic one, "install and execute ". When a
developer wishes to enable distribution and execution in one of these controlled environments they
must acquire a certificate from an appropriate CA, typically a large commercial CA, and in the process
they usually have their identity verified using out-of-band mechanisms such as a combination of phone
call, validation of their legal entity through government and commercial databases, etc., similar to the
high assurance SSL certificate vetting process, though often there are additional specific requirements
imposed on would-be developers/publishers.
Once the identity has been validated they are issued an identity certificate they can use to sign their
software; generally the software signed by the developer or publisher's identity certificate is not
distributed but rather it is submitted to processor to possibly test or profile the content before
generating an authorization certificate which is unique to the particular software release. That certificate
is then used with an ephemeral asymmetric key-pair to sign the software as the last step of preparation
for distribution. There are many advantages to separating the identity and authorization certificates
especially relating to risk mitigation of new content being accepted into the system and key
management as well as recovery from errant software which can be used as attack vectors.
Question 46
What does the directive of the European Union on Electronic Signatures deal with?
• Encryption of classified data
• Authentication of web servers
• Encryption of secret data
• Non repudiation
Correct Answer is: Non repudiation
Details:
The correct answer is: non repudiation.
FORD, Warwick & BAUM, Michael S., Secure Electronic Commerce: Building the Infrastructure for Digital
Signatures and Encryption (2nd Edition), 2000, Prentice Hall PTR, Page 589; Directive 1999/93/EC of 13
December 1999 on a Community framework for electronic signatures.
Question 47
Which of the following would best describe certificate path validation?
• Verification of the revocation status of the concerned certificate
• Verification of the integrity of the concerned private key
• Verification of the integrity of the associated root certificate
• Verification of the validity of all certificates of the certificate chain to the root certificate
Correct Answer is: Verification of the validity of all certificates of the certificate chain to the root
certificate
Details:
The correct answer is: Verification of the validity of all certificates of the certificate chain to the root
certificate
With the advent of public key cryptography (PKI), it is now possible to communicate securely with
untrusted parties over the Internet without prior arrangement. One of the necessities arising from such
communication is the ability to accurately verify someone's identity (i.e. whether the person you are
communicating with is indeed the person who he/she claims to be). In order to be able to perform
identity check for a given entity, there should be a fool-proof method of binding the entity's public key
to its unique domain name (DN).
A X.509 digital certificate issued by a well known certificate authority (CA), like Verisign, Entrust, Thawte,
etc., provides a way of positively identifying the entity by placing trust on the CA to have performed the
necessary verifications. A X.509 certificate is a cryptographically sealed data object that contains the
entity's unique DN, public key, serial number, validity period, and possibly other extensions.
The Windows Operating System offers a Certificate Viewer utility which allows you to double-click on
any certificate and review its attributes in a human-readable format. For instance, the "General " tab in
the Certificate Viewer Window (see below) shows who the certificate was issued to as well as the
certificate's issuer, validation period and usage functions.
The Certification Path tab contains the hierarchy for the chain of certificates. It allows you to select the
certificate issuer or a subordinate certificate and then click on View Certificate to open the certificate in
the Certificate Viewer.
Each end-user certificate is signed by its issuer, a trusted CA, by taking a hash value (MD5 or SHA-1) of
ASN.1 DER (Distinguished Encoding Rule) encoded object and then encrypting the resulting hash with
the issuer s private key (CA's Private Key) which is a digital signature. The encrypted data is stored in the
signatureValue attribute of the entity s (CA) public certificate.
Once the certificate is signed by the issuer, a party who wishes to communicate with this entity can then
take the entity s public certificate and find out who the issuer of the certificate is. Once the issuer s of
the certificate (CA) is identified, it would be possible to decrypt the value of the signatureValue attribute
in the entity's certificate using the issuer s public key to retrieve the hash value. This hash value will be
compared with the independently calculated hash on the entity's certificate. If the two hash values
match, then the information contained within the certificate must not have been altered and, therefore,
one must trust that the CA has done enough background check to ensure that all details in the entity s
certificate are accurate.
The process of cryptographically checking the signatures of all certificates in the certificate chain is
called key chaining . An additional check that is essential to key chaining is verifying that the value of the
"subjectKeyIdentifier extension in one certificate matches the same in the subsequent certificate.
Similarly, the process of comparing the subject field of the issuer certificate to the issuer field of the
subordinate certificate is called name chaining . In this process, these values must match for each pair of
adjacent certificates in the certification path in order to guarantee that the path represents unbroken
chain of entities relating directly to one another and that it has no missing links.
The two steps above are the steps to validate the Certification Path by ensuring the validity of all
certificates of the certificate chain to the root certificate as described in the two paragraphs above.
Question 48
Which of the following can best define the "revocation request grace period"?
• The period of time allotted within which the user must make a revocation request upon a
revocation reason
• Time period between the arrival of a revocation request and the publication of the revocation
information
• Maximum response time for performing a revocation by the CA
• Minimum response time for performing a revocation by the CA
Correct Answer is: Time period between the arrival of a revocation request and the publication of the
revocation information
Details:
The correct answer is: Time period between the arrival of a revocation request and the publication of
the revocation information.
The length of time between the Issuer s receipt of a revocation request and the time the Issuer is
required to revoke the certificate should bear a reasonable relationship to the amount of risk the
participants are willing to assume that someone may rely on a certificate for which a proper evocation
request has been given but has not yet been acted upon.
How quickly revocation requests need to be processed (and CRLs or certificate status databases need to
be updated) depends upon the specific application for which the Policy Authority is rafting the
Certificate Policy.
A Policy Authority should recognize that there may be risk and lost tradeoffs with respect to grace
periods for revocation notices.
If the Policy Authority determines that its PKI participants are willing to accept a grace period of a few
hours in exchange for a lower implementation cost, the Certificate Policy may reflect that decision.
Question 49
Which of the following is NOT an EPA-approved replacement for Halon?
• FM-200
• Bromine
• Innergen
• FE-13
Correct Answer is: Bromine
Details:
The correct answer is: Bromine
Halon is a compound consisting of bromine, fluorine, and carbon. Halons are used as fire extinguishing
agents, both in built-in systems and in handheld portable fire extinguishers. Halon production in the U.S.
ended on December 31, 1993, because they contribute to ozone depletion. Bromine being part of Halon
is not a safe replacement for Halon.
The following are some of the EPA-approved replacements for halon:
Several substitutes have been approved by the SNAP program that may be considered as potential
candidates for specific use conditions as cited in 40 CFR 82 Appendix A to Subpart G, Substitutes Subject
to Use Restrictions and Unacceptable Substitutes. It should be noted that the following substitutions are
merely comments on usage and not conditions. For example, the Army has considered the use of HFC-
125 in the crew compartments of its ground combat vehicles. Also, the Army has installed IG-541 in
normally occupied areas. The following substitutes are listed:
Total Flooding Agents Acceptable Substitutes
• Water Mist Systems using Potable or Natural Sea Water
• [Foam] A (formerly identified as Water Mist Surfactant Blend A) This agent is not a clean agent,
but is a low-density, short duration foam.
• Carbon Dioxide (Must meet NFPA 12 and OSHA 1910.162(b)5 requirements
• Water Sprinklers
Total Flooding Agents Substitutes Acceptable Subject To Use Conditions
Normally Occupied Areas
• C4F10 (PFC-410 or CEA-410)
• C3F8 (PFC-218 or CEA-308)
• HCFC Blend A (NAF S-III)
• HFC-23 (FE 13)
• HFC-227ea (FM 200)
• IG-01 (Argon)
• IG-55 (Aragonite)
• HFC-125
• HFC-134a
Normally Unoccupied Areas
• Powdered Aerosol C
• CF3I
• HCFC-22
• HCFC-124
• HFC-125
• HFC-134a
• Gelled Halocarbon/Dry Chem. Suspension (PGA)
• Inert Gas/Powdered Aerosol Blend (FS 0140)
• IG-541 (Inergen)
Unacceptable Substitutes
• HFC-32
The following were incorrect answers:
The following are all safe replacement for Halon:
FE-13 is an Halon replacement (Halon 1301) in total flooding and inerting applications where its low
toxicity provides for improved safety margins, the protected spaces are large, the cylinder storage area
is remote from the protected space, or where the temperatures are likely to go below 0 C (32 F). Of the
clean agents available, DuPont FE-13 has the lowest toxicity and is the safest for protecting areas where
people are present. DuPont FE-13 provides the ultimate in human safety while protecting high-value
assets and business continuity with a clean agent.
DuPont FE-13 is:
• safe for people
• a clean agent that does not leave a residue
• electrically nonconductive and noncorrosive
• an environmentally preferred alternative to Halon with zero ozone depletion potential (ODP)
FM-200 is a colorless, liquefied compressed gas. It is stored as a liquid and dispensed into the hazard as
INERGEN is a blend of inert atmospheric gases that contains 52% nitrogen, 40% argon, 8% carbon
dioxide, used for fire suppression system agent. It is considered a clean agent for use in gaseous fire
suppression applications. Inergen does not contain halocarbons, and has no ozone depletion potential. It
is non-toxic. Inergen is used at design concentrations of 35-50% to lower the concentration of oxygen to
a point that cannot support combustion, but still safe for humans.
Question 50
Crime Prevention Through Environmental Design (CPTED) is a discipline that:
• Outlines how the proper design of the administrative control environment can reduce crime by
directly affecting human behavior.
• Outlines how the proper design of the detective control environment can reduce crime by
• Outlines how the proper design of a physical environment can reduce crime by directly
affecting human behavior.
• Outlines how the proper design of the logical environment can reduce crime by directly
affecting human behavior.
Correct Answer is: Outlines how the proper design of a physical environment can reduce crime by
Details:
The correct answer is: Outlines how the proper design of a physical environment can reduce crime by
Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper
design of a physical environment can reduce crime by directly affecting human behavior. It provides
guidance about lost and crime prevention through proper facility contruction and environmental
components and procedures.
CPTED concepts were developed in the 1960s. They have been expanded upon and have matured as our
environments and crime types have evolved. CPTED has been used not just to develop corporate
physical security programs, but also for large-scale activities such as development of neighborhoods,
towns, and cities. It addresses landscaping, entrances, facility and neighborhood layouts, lighting, road
placement, and traffic circulation patterns. It looks at microenvironments, such as offices and rest-
rooms, and macroenvironments, like campuses and cities.
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 435). McGraw-Hill. Kindle
Edition.
and
CPTED Guide Book
http://www.victoria.ca/common/pdfs/planning_cepted.pdf
http://www.cptedtraining.net/
http://en.wikipedia.org/wiki/Crime_prevention_through_environmental_design
Question 51
While referring to Physical Security, what does Positive pressurization mean?
• The pressure inside your sprinkler system is greater than zero.
• A series of measures that increase pressure on employees in order to make them more
productive.
• Causes the sprinkler system to go off.
• The air goes out of a room when a door is opened and outside air does not go into the room.
Correct Answer is: The air goes out of a room when a door is opened and outside air does not go into
the room.
Details:
The correct answer is: The air goes out of a room when a door is opened and outside air does not go into
the room.
Positive pressurization means that when an employee opens a door, the air goes out and outside air
does not come in.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 3rd. Edition McGraw-Hill/Osborne, 2005, page
373.
Thanks to Chris Munoz for providing feedback to improve this question.
If a facility was on fire, you want the smoke to go out the doors instead of being pushed back in when
people are fleeing.
Question 52
Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a
separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes
referred to as HVAC) and typically provided in the space between the structural ceiling and a drop-down
ceiling. This area is referred to as the:
• Plenum area
• Intergen area
• smoke boundry area
• fire detection area
Correct Answer is: Plenum area
Details:
The correct answer is: plenum area.
In building construction, a plenum (pronounced PLEH-nuhm, from Latin meaning full) is a separate
space provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as
HVAC) and typically provided in the space between the structural ceiling and a drop-down ceiling. A
plenum may also be under a raised floor. In buildings with computer installations, the plenum space is
often used to house connecting communication cables. Because ordinary cable introduces a toxic hazard
in the event of fire, special plenum cabling is required in plenum areas.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 3rd Edition, McGraw-Hill/Osborne, 2005, page
377.
http://searchdatacenter.techtarget.com/sDefinition/0,,sid80_gci213716,00.html
Question 53
Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and testing.
Which of the following assure the Target of Evaluation (or TOE) is methodically designed, tested and
reviewed?
• EAL 6
• EAL 5
• EAL 3
• EAL 4
Correct Answer is: EAL 4
Details:
The correct answer is: EAL 4.
EAL 1 : functionally tested
EAL 2 : structurally tested
EAL 3 : methodically tested and checked
EAL 4 : methodically designed, tested and reviewed
EAL 5 : semiformally designed and tested
EAL 6 : semiformally verified design and tested
EAL 7 : formally verified design and tested.
Question 54
Which of the following is true about digital certificate?
• It is the same as digital signature proving Integrity and Authenticity of the data
• Electronic credential proving that the person the certificate was issued to is who they claim to
be
• You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a
specific user.
• Can't contain geography data such as country for example.
Correct Answer is: Electronic credential proving that the person the certificate was issued to is who they
claim to be
Details:
The correct answer is: Electronic credential proving that the certificate holder is who they claim to be.
Digital certificate helps others verify that the public keys presented by users are genuine and valid. It is a
form of Electronic credential proving that the person the certificate was issued to is who they claim to
be.
The certificate is used to identify the certificate holder when conducting electronic transactions.
It is issued by a certification authority (CA). It contains the name of an organization or individual, the
business address, a serial number, expiration dates, a copy of the certificate holder's public key (used for
encrypting messages), and the digital signature of the certificate-issuing authority so that a recipient can
verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital
certificates can be kept in registries so that authenticating users can look up other users' public keys.
Digital certificates are key to the PKI process. The digital certificate serves two roles. First, it ensures the
integrity of the public key and makes sure that the key remains unchanged and in a valid state. Second,
it validates that the public key is tied to the stated owner and that all associated information is true and
correct. The information needed to accomplish these goals is added into the digital certificate.
A Certificate Authority (CA) is an entity trusted by one or more users as an authority in a network that
issues, revokes, and manages digital certificates.
A Registration Authority (RA) performs certificate registration services on behalf of a CA. The RA, a single
purpose server, is responsible for the accuracy of the information contained in a certificate request. The
RA is also expected to perform user validation before issuing a certificate request.
A Digital Certificate is not like same as a digital signature, they are two different things, a digital
Signature is created by using your Private key to encrypt a message digest and a Digital Certificate is
issued by a trusted third party who vouch for your identity.
There are many other third parties which are providing Digital Certifictes and not just Verisign, RSA.

Question 55
What kind of Encryption technology does SSL utilize?
• Secret or Symmetric key
• Private key
• Public Key
• Hybrid (both Symmetric and Asymmetric)
Correct Answer is: Hybrid (both Symmetric and Asymmetric)
Details:
The correct answer is: Hybrid (both symmetric and asymmetric)
SSL use public-key cryptography to secure session key, while the session key (secret key) is used to
secure the whole session taking place between both parties communicating with each other.
The SSL protocol was originally developed by Netscape. Version 1.0 was never publicly released; version
2.0 was released in February 1995 but "contained a number of security flaws which ultimately led to the
design of SSL version 3.0. " SSL version 3.0, released in 1996, was a complete redesign of the protocol
produced by Paul Kocher working with Netscape engineers Phil Karlton and Alan Freier.
Question 56
Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model?
• Prevention of the modification of information by authorized users.
• Prevention of the unauthorized or unintentional modification of information by authorized

users.
• Preservation of the internal and external consistency.
• Prevention of the modification of information by unauthorized users.
Correct Answer is: Prevention of the modification of information by authorized users.
Details:
The correct answer is: Prevention of the modification of information by authorized users.
There is no need to prevent modification from authorized users. They are authorized and allowed to
make the changes. On top of this, it is also NOT one of the goal of Integrity within Clark-Wilson.
As it turns out, the Biba model addresses only the first of the three integrity goals which is Prevention of
the modification of information by unauthorized users. Clark-Wilson addresses all three goals of
integrity.
The Clark Wilson model improves on Biba by focusing on integrity at the transaction level and
addressing three major goals of integrity in a commercial environment. In addition to preventing
changes by unauthorized subjects, Clark and Wilson realized that high-integrity systems would also have
to prevent undesirable changes by authorized subjects and to ensure that the system continued to
behave consistently. It also recognized that it would need to ensure that there is constant mediation
between every subject and every object if such integrity was going to be maintained.
Integrity is addressed through the following three goals:
1. Prevention of the modification of information by unauthorized users.
2. Prevention of the unauthorized or unintentional modification of information by authorized users.
3. Preservation of the internal and external consistency.

Question 57
What is called the type of access control where there are pairs of elements that have the least upper
bound of values and greatest lower bound of values?
• Rule model
• Lattice model
• Discretionary model
• Rule Based model
Correct Answer is: Lattice model
Details:
The correct answer is: lattice model.
In a lattice model, there are pairs of elements that have the least upper bound of values and greatest
lower bound of values.

Question 58
What is the name of the transformation of a string of characters into a usually shorter fixed-length value
or key that represents the original string? Such a transformation cannot be reversed?
• One-way hash
• DES
• Transposition
• Substitution
Correct Answer is: One-way hash
Details:
The correct answer is: One-Way hash
A cryptographic hash function is a transformation that takes an input (or 'message') and returns a fixed-
size string, which is called the hash value (sometimes termed a message digest, a digital fingerprint, a
digest or a checksum).
The ideal hash function has three main properties - it is extremely easy to calculate a hash for any given
data, it is extremely difficult or almost impossible in a practical sense to calculate a text that has a given
hash, and it is extremely unlikely that two different messages, however close, will have the same hash.
Functions with these properties are used as hash functions for a variety of purposes, both within and
outside cryptography. Practical applications include message integrity checks, digital signatures,
authentication, and various information security applications. A hash can also act as a concise
representation of the message or document from which it was computed, and allows easy indexing of
duplicate or unique data files.
In various standards and applications, the two most commonly used hash functions are MD5 and SHA-1.
In 2005, security flaws were identified in both of these, namely that a possible mathematical weakness
might exist, indicating that a stronger hash function would be desirable. In 2007 the National Institute of
Standards and Technologyannounced a contest to design a hash function which will be given the name
SHA-3 and be the subject of a FIPSstandard.
A hash function takes a string of any length as input and produces a fixed length string which acts as a
kind of "signature " for the data provided. In this way, a person knowing the hash is unable to work out
the original message, but someone knowing the original message can prove the hash is created from
that message, and none other. A cryptographic hash function should behave as much as possible like a
random function while still being deterministic and efficiently computable.
A cryptographic hash function is considered "insecure " from a cryptographic point of view, if either of
the following is computationally feasible:
• finding a (previously unseen) message that matches a given digest
• finding "collisions ", wherein two different messages have the same message digest.
An attacker who can do either of these things might, for example, use them to substitute an authorized
message with an unauthorized one.
Ideally, it should not even be feasible to find two messages whose digests are substantially similar; nor
would one want an attacker to be able to learn anything useful about a message given only its digest. Of
course the attacker learns at least one piece of information, the digest itself, which for instance gives the
attacker the ability to recognise the same message should it occur again.
Question 59
Which of the following is NOT a symmetric key algorithm?
• RC5
• Blowfish
• Triple DES (3DES)
• Digital Signature Standard (DSS)
Correct Answer is: Digital Signature Standard (DSS)

Details:
The correct answer is: Digital Signature Standard (DSS)
Digital Signature Standard (DSS) specifies a Digital Signature Algorithm (DSA) appropriate for
applications requiring a digital signature, providing the capability to generate signatures (with the use of
a private key) and verify them (with the use of the corresponding public key).
Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ((ISC)2 Press) kindle location 9632
Correct Answer:
Digital Signature Standard (DSS). The Digital Signature Standard is an asymmetric algorithm used for
digitally signing data.
Incorrect answers:
RC5, Blowfish and 3DES are all symmetric algorithms which use shared keys to encrypt information.
References:
ISC official study book (3rd ed) pg 265

Question 60
Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card
information to merchant's Web server, which digitally signs it and sends it on to its processing bank?
• SSH ( Secure Shell)
• SET (Secure Electronic Transaction)
• SSL (Secure Sockets Layer)
• S/MIME (Secure MIME)
Correct Answer is: SET (Secure Electronic Transaction)
Details:
The correct answer is: SET ( Secure Electronic Transaction)
As protocol was introduced by Visa and Mastercard to allow for more credit card transaction
possibilities. It is comprised of three different pieces of software, running on the customer's PC (an
electronic wallet), on the merchant's Web server and on the payment server of the merchant's bank.
The credit card information is sent by the customer to the merchant's Web server, but it does not open
it and instead digitally signs it and sends it to its bank's payment server for processing.
SET is an application-oriented protocol that uses trusted third parties encryption and digital signature
processes, via a PKI infrastructure of trusted third party institutions, to address confidentiality of
information,integrity of data, cardholder authentication, merchant authentication and interoperability.
The following answers are incorrect :
SSH (Secure Shell) is incorrect as it functions as a type of tunneling mechanism that provides terminal
like access to remote computers.
S/MIME is incorrect as it is a standard for encrypting and digitally signing electronic mail and for
providing secure data transmissions.
SSL is incorrect as it uses public key encryption and provides data encryption, server authentication,
message integrity, and optional client authentication.
Question 61
Which of the following algorithms does NOT provide hashing?
• SHA-1
• RC4
• MD2
• MD5
Correct Answer is: RC4
Details:
The correct answer is: RC4
As it is an algorithm used for encryption and does not provide hashing functions, it is also commonly
implemented a 'Stream Cipher'.
A one-way hash is a function that takes a variable-length string, a message, and produces a fixed-length
value called a hash value. For example, if Kevin wants to send a message to Maureen and wants to
ensure that the message does not get altered in an unauthorized fashion while it is being transmitted,
he would calculate a hash value for the message and append it to the message itself. When Maureen
receives the message, she performs the same hashing function that Kevin used and compares her result
with the hash value that was sent with the message. If the two values are the same, Maureen can be
sure that the message was not altered during transmission. If the two values are different, Maureen
knows that the message was altered, either intentionally or unintentionally, and she discards the
message.
MD5 was also created by Ron Rivest and is the newer version of MD4. It still produces a 128-bit hash,
but the algorithm is more complex, which makes it harder to break.MD5 added a fourth round of
operations to be performed during the hashing functions and makes several of its mathematical
operations carry out more steps or more complexity to provide a higher level of security.
SHA was designed by NIST and NSA to be used with the Digital Signature Standard (DSS). SHA was
designed to be used in digital signatures and was developed when a more secure hashing algorithm was
required for U.S. government applications.SHA produces a 160-bit hash value, or message digest. This is
then inputted into an asymmetric algorithm, which computes the signature for a message.SHA is similar
to MD4. It has some extra mathematical functions and produces a 160-bit hash instead of a 128-bit
hash, which makes it more resistant to brute force attacks, including birthday attacks.SHA was improved
upon and renamed SHA-1. Recently, newer versions of this algorithm have been developed and
released: SHA-256, SHA-384, and SHA-512.
MD2 is a one-way hash function designed by Ron Rivest that creates a 128-bit message digest value. It is
not necessarily any weaker than the other algorithms in the "MD " family, but it is much slower.
• SHA-1 was designed by NIST and NSA to be used with the Digital Signature Standard (DSS). SHA
was designed to be used in digital signatures and was developed when a more secure hashing algorithm
was required for U.S. government applications.
• MD2 is a one-way hash function designed by Ron Rivest that creates a 128-bit message digest
value. It is not necessarily any weaker than the other algorithms in the "MD " family, but it is much
slower.
• MD5 was also created by Ron Rivest and is the newer version of MD4. It still produces a 128-bit
hash, but the algorithm is more complex, which makes it harder to break.
Question 62
In what type of attack does an attacker try, from several encrypted messages, to figure out the key used
in the encryption process?
• Known-plaintext attack
• Plaintext-only attack
• Chosen-Ciphertext attack
• Ciphertext-only attack
Correct Answer is: Ciphertext-only attack
Details:
The correct answer is: Ciphertext-only attack
In a ciphertext-only attack, the attacker has the ciphertext of several messages encrypted with the same
encryption algorithm. Its goal is to discover the plaintext of the messages by figuring out the key used in
the encryption process. In a known-plaintext attack, the attacker has the plaintext and the ciphertext of
one or more messages. In a chosen-ciphertext attack, the attacker can chose the ciphertext to be
decrypted and has access to the resulting plaintext.
Question 63
Which asymmetric key encryption algorithm is BEST suited for communication with handheld wireless
devices?
• RC4
• RSA
• ECC (Elliptic Curve Cryptosystem)
• SHA
Correct Answer is: ECC (Elliptic Curve Cryptosystem)
Details:
The correct answer is: ECC (Elliptic Curve Cryptosystem)
As it provides much of the same functionality that RSA provides: digital signatures, secure key
distribution,and encryption. One differing factor is ECC s efficiency. ECC is more efficient that RSA and
any other asymmetric algorithm.
Elliptic curves are rich mathematical structures that have shown usefulness in many different types of
applications. An elliptic curve cryptosystem (ECC) provides much of the same functionality RSA provides:
digital signatures, secure key distribution, and encryption. One differing factor is ECC s efficiency. ECC is
more efficient than RSA and any other asymmetric algorithm.
In this field of mathematics, points on the curves compose a structure called a group. These points are
the values used in mathematical formulas for ECC s encryption and decryption processes. The algorithm
computes discrete logarithms of elliptic curves, which is different from calculating discrete logarithms in
a finite field (which is what Diffie-Hellman and El Gamal use).
Some devices have limited processing capacity, storage, power supply, and bandwidth, such as wireless
devices and cellular telephones. With these types of devices, efficiency of resource use is very
important. ECC provides encryption functionality, requiring a smaller percentage of the resources
compared to RSA and other algorithms, so it is used in these types of devices.
In most cases, the longer the key, the more protection that is provided, but ECC can provide the same
level of protection with a key size that is shorter than what RSA requires. Because longer keys require
more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of
the device.
• RSA is incorrect as it is less efficient than ECC to be used in handheld devices.
• SHA is also incorrect as it is a hashing algorithm.
• RC4 is also incorrect as it is a symmetric algorithm.
Question 64
What is the RESULT of a hash algorithm being applied to a message ?
• A digital signature
• A plaintext
• A message digest
• A ciphertext
Correct Answer is: A message digest
Details:
The correct answer is: A Message Digest
As when a hash algorithm is applied on a message , it produces a message digest.
The other answers are incorrect because :
A digital signature is a hash value that has been encrypted with a sender's private key.
A ciphertext is a message that appears to be unreadable.
A plaintext is a readable data.
Encryption is a method of transforming readable data, called plaintext, into a form that appears to be
random and unreadable, which is called ciphertext. Plaintext is in a form that can be understood either
by a person (a document) or by a computer (executable code). Once it is transformed into ciphertext,
neither human nor machine can properly process it until it is decrypted. This enables the transmission of
confidential information over insecure channels without unauthorized disclosure. When data is stored
on a computer, it is usually protected by logical and physical access controls.When this same sensitive
information is sent over a network, it can no longer take these controls for granted, and the information
is in a much more vulnerable state.
Question 65
Why does a digital signature CONTAIN a message digest?
• To detect any alteration of the message
• To confirm the identity of the receiver
• To indicate the encryption algorithm
• To enable transmission in a digital format
Correct Answer is: To detect any alteration of the message
Details:
The correct answer is: To detect any alteration of the message
As the message digest is calculated and included in a digital signature to prove that the message has not
been altered since the time it was created by the sender.
The digital signature is used to achieve integrity, authenticity and non-repudiation. In a digital signature,
the sender's private key is used to encrypt the message digest of the message. Encrypting the message
digest is the act of Signing the message. The receiver will use the matching public key of the sender to
decrypt the Digital Signature using the sender's public key.
A digital signature (not to be confused with a digital certificate) is an electronic signature that can be
used to authenticate the identity of the sender of a message or the signer of a document, and possibly
to ensure that the original content of the message or document that has been sent is unchanged. Digital
signatures cannot be forged by someone else who does not possess the private key, it can also be
automatically time-stamped. The ability to ensure that the original signed message arrived means that
the sender cannot easily repudiate it later.
A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that
the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate
contains the digital signature of the certificate-issuing authority so that anyone can verify that the
certificate is real and has not been modified since the day it was issued.
How Digital Signature Works

Assume you were going to send the draft of a contract to your lawyer in another town. You want to give
your lawyer the assurance that it was unchanged from what you sent and that it is really from you.
1. You copy-and-paste the contract (it's a short one!) into an e-mail note.
2. Using special software, you obtain a message hash (mathematical summary) of the contract.
3. You then use a private key that you have previously obtained from a public-private key authority
to encrypt the hash.
4. The encrypted hash becomes your digital signature of the message. (Note that it will be different
each time you send a message.)
At the other end, your lawyer receives the message.
1. To make sure it's intact and from you, your lawyer makes a hash of the received message.
2. Your lawyer then uses your public key to decrypt the message hash or summary.
3. If the hashes match, the received message is valid.
Below are some common reasons for applying a digital signature to communications:
Authentication
Although messages may often include information about the entity sending a message, that information
may not be accurate. Digital signatures can be used to authenticate the source of messages. The
importance of high assurance in the sender authenticity is especially obvious in a financial context. For
example, suppose a bank's branch office sends instructions to the central office requesting a change in
the balance of an account. If the central office is not convinced that such a message is truly sent from an
authorized source, acting on such a request could be a serious mistake.
Integrity
In many scenarios, the sender and receiver of a message may have a need for confidence that the
message has not been altered during transmission. Although encryption hides the contents of a
message, it may be possible to change an encrypted message without understanding it. (Some
encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if a
message is digitally signed, any change in the message after the signature has been applied would
invalidates the signature. Furthermore, there is no efficient way to modify a message and its signature
to produce a new message with a valid signature, because this is still considered to be computationally
infeasible by most cryptographic hash functions (see collision resistance).
Non-repudiation
Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of digital

signatures. By this property, an entity that has signed some information cannot at a later time deny
having signed it. Similarly, access to the public key only does not enable a fraudulent party to fake a
valid signature.
Note that authentication, non-repudiation, and other properties rely on the secret key not having been
revoked prior to its usage. Public revocation of a key-pair is a required ability, else leaked secret keys
would continue to implicate the claimed owner of the key-pair. Checking revocation status requires an
"online " check, e.g. checking a "Certificate Revocation List " or via the "Online Certificate Status
Protocol ". This is analogous to a vendor who receives credit-cards first checking online with the credit-
card issuer to find if a given card has been reported lost or stolen.
Tip for the exam
Digital Signature does not provide confidentiality. It provides only authenticity and integrity. The
sender's private key is used to encrypt the message digest to calculate the digital signature
Encryption provides only confidentiality. The receiver's public key or symmetric key is used for
encryption
• To indicate the encryption algorithm is incorrect as message digest is a hashing function and not
an encryption algorithm.
• To confirm the identity of the receiver is also incorrect as it does NOT confirm the identity of the
receiver.
• To enable transmission in a digital format is also incorrect as this is also not the reason why
digital signature contains message digests.

Edition Page 236-237 or Kindle Location 6953.
A digital signature is a hash value that has been encrypted with the sender s private key. The act of
signing means encrypting the message s hash value with a private key.
The hashing function ensures the integrity of the message, and the signing of the hash value provides
authentication and nonrepudiation. The act of signing just means that the value was encrypted with a
private key.
A message can be digitally signed, which provides authentication,nonrepudiation, and integrity.
A message can be encrypted and digitally signed, which provides confidentiality, authentication,
nonrepudiation, and integrity.
Question 66
Electronic signatures can PREVENT messages from being:
• Forwarded
• Repudiated
• Disclosed
• Erased
Correct Answer is: Repudiated
Details:
The correct answer is: Repudiated
As electronic signatures provide a receipt of the transaction in order to ensure that the entities that
participated in the transaction can not repudiate their commitments.

Authentication
Integrity
Non-repudiation

valid signature.
Protocol ". This is analogous to a vendor who receives credit-cards first checking online with the credit-
Tip for the exam
Digital Signature does not provide confidentiality. It provides only authenticity and integrity and non-
repudiation. The sender's private key is used to encrypt the message digest to calculate the digital
signature
encryption
• Erased is incorrect as electronic signatures does not prevent messages to be erased.
• Disclosed is incorrect as electronic signatures does not prevent messages to be disclosed.
• Forwarded is incorrect as electronic signatures does not prevent messages to be forwarded.
Question 67
Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming that
the Strong Star property is not being used) ?
• A subject is not allowed to read down.
• It is restricted to confidentiality.
• A subject is not allowed to read up.
• The *- property restriction can be escaped by temporarily downgrading a high level subject.
Correct Answer is: A subject is not allowed to read down.
Details:
The correct answer is: A subject is not allowed to read down
It is not a property of Bell LaPadula model.
Bell-LaPadula Model
In the 1970s, the U.S. military used time-sharing mainframe systems and was concerned about the
security of these systems and leakage of classified information. The Bell-LaPadula model was developed
to address these concerns. It was the first mathematical model of a multilevel security policy used to
define the concept of a secure state machine and modes of access, and outlined rules of access. Its
development was funded by the U.S. government to provide a framework for computer systems that
would be used to store and process sensitive information. The model s main goal was to prevent secret
information from being accessed in an unauthorized manner.
A system that employs the Bell-LaPadula model is called a multilevel security system because users with
different clearances use the system, and the system processes data at different classification levels. The
level at which information is classified determines the handling procedures that should be used. The
Bell-LaPadula model is a state machine model that enforces the confidentiality aspects of access control.
A matrix and security levels are used to determine if subjects can access different objects. The subject s
clearance is compared to the object s classification and then specific rules are applied to control how
subject-to-object interactions can take place. This model uses subjects, objects, access operations (read,
write, and read/write), and security levels. Subjects and objects can reside at different security levels
and will have relationships and rules dictating the acceptable activities between them. This
model, when properly implemented and enforced, has been mathematically proven to provide a very
secure and effective operating system. It is also considered to be an information-flow security model,
which means that information does not flow in an insecure manner.
The Bell-LaPadula model is a subject-to-object model. An example would be how you (subject) could
read a data element (object) from a specific database and write data into that database. The Bell-
LaPadula model focuses on ensuring that subjects are properly authenticated by having the necessary
security clearance, need to know, and formal access approval before accessing an object.
Rules to Know
The main rules of the Bell-LaPadula model are:
• Simple security rule - A subject cannot read data within an object that resides at a higher
security level (the no read up rule).
• *- property rule - A subject cannot write to an object at a lower security level (the no write
down rule).
• Strong star property rule - For a subject to be able to read and write to an object, the subject s
clearance and the object s classification must be equal.
• A subject is not allowed to read up is a property of the 'simple security rule' of Bell LaPadula
model.
• The *- property restriction can be escaped by temporarily downgrading a high level subject can
be escaped by temporarily downgrading a high level subject or by identifying a set of trusted objects
which are permitted to violate the *-property as long as it is not in the middle of an operation.
• It is restricted to confidentiality as it is a state machine model that enforces the confidentiality

aspects of access control.

Question comment submited by:
Thanks to Anees Ghosh for providing feedback to improve the quality of this question.
Thanks to Seetharaman Jeganathan for sending feedback to improve this question.
The main rules of the Bell-LaPadula model that you need to understand are
Simple security rule: A subject cannot read data within an object that resides at a higher security level
( "No read up " rule).
*- property rule: A subject cannot write to an object at a lower security level ( "No write down " rule).
Strong star property rule: For a subject to be able to read and write to an object, the subject s clearance
and the object s classification must be equal. While the Strong Star property is being used the subject
can only read and write at one layer. The subject cannot go above or below.
Strong Tranquility Principle: It is not possible to change security labels in the middle of an operation.
Weak Tranquility Principle: It is not possible to change security labels in the middle of an operation if
such a change would violate the no "read up " or no "write down " rules.
Question 68
Which of the following statements relating to the Biba security model is FALSE?
• Programs serve as an intermediate layer between subjects and objects.
• Integrity levels are assigned to subjects and objects.
• A subject is not allowed to write up.
• It is a state machine model.
Correct Answer is: Programs serve as an intermediate layer between subjects and objects.
Details:
The correct answer is: Programs serve as an intermediate layer between subjects and objects.
The Biba model was developed after the Bell-LaPadula model. It is a state machine model and is very
similar to the Bell-LaPadula model but the rules are 100% the opposite of Bell-LaPadula.
Biba addresses the integrity of data within applications. The Bell-LaPadula model uses a lattice of
security levels (top secret, secret, sensitive, and so on). These security levels were developed mainly to
ensure that sensitive data was only available to authorized individuals. The Biba model is not concerned
with security levels and confidentiality, so it does not base access decisions upon this type of lattice. The
Biba model uses a lattice of integrity levels instead of a lattice of confidentiality levels like Bel-LaPadula.
If implemented and enforced properly, the Biba model prevents data from any integrity level from
flowing to a higher integrity level. Biba has two main rules to provide this type of protection:
*-integrity axiom A subject cannot write data to an object at a higher integrity level (referred to as "no
write up ").
Simple integrity axiom A subject cannot read data from a lower integrity level (referred to as "no read
down ").
Extra Information on clark-wilson model to understand the concepts:
The Clark-Wilson model was developed after Biba and takes some different approaches to protecting
the integrity of information. This model uses the following elements:
Users Active agents
Transformation procedures (TPs) Programmed abstract operations, such as read, write, and modify
Constrained data items (CDIs) Can be manipulated only by TPs
Unconstrained data items (UDIs) Can be manipulated by users via primitive read and write operations
Integrity verification procedures (IVPs) Run periodically to check the consistency of CDIs with external
reality
The other answers are incorrect:
It is a state machine model: Biba model is a state machine model and addresses the integrity of data
within applications.
A subject is not allowed to write up is a part of integrity axiom in the Biba model.
Integrity levels are assigned to subjects and objects is also a characteristic of Biba model as it addresses
integrity.
Question 69
Which of the following BEST provides e-mail message authenticity and confidentiality?
• Signing the message using the sender's public key and encrypting the message using the
receiver's private key
• Signing the message using the receiver's public key and encrypting the message using the
sender's private key
• Signing the message using the receiver's private key and encrypting the message using the
sender's public key
• Signing the message using the sender's private key and encrypting the message using the
receiver's public key
Correct Answer is: Signing the message using the sender's private key and encrypting the message using
the receiver's public key
Details:
The correct answer is: Signing the message using the sender's private key and encrypting the message
using the receiver's public key
By encrypting the message with the receiver's public key, only the receiver can decrypt the message
using his/her own private key, only the receiver has a copy of the matching private key, thus ensuring
confidentiality.
By signing the message encrypting the message digest using the sender private key, the receiver can
verify its authenticity and integrity using the sender's public key.
The receiver's private key is confidential and must be protected by the receiver, therefore unknown to
the sender.
Messages encrypted using the sender's private key can be read by anyone (with the sender's public key)
to prove the authenticity only.
A digital signature is used to achieve integrity, authenticity and non-repudiation. In a digital signature
the sender's private key is used to encrypt a message digest of the message and receiver need to
validate the same using sender's public key.
signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-
stamped. The ability to ensure that the original signed message arrived means that the sender cannot
easily repudiate it later.
certificate is real.
How It Works
3. You then use a private key that you have previously obtained from a public-private key authority to
encrypt the hash.
4. The encrypted hash becomes your digital signature of the message. (Note that it will be different each
time you send a message.)
Authentication
may not be accurate. Digital signatures can be used to authenticate the source of messages. When
ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the
message was sent by that user. The importance of high confidence in sender authenticity is especially
obvious in a financial context. For example, suppose a bank's branch office sends instructions to the
central office requesting a change in the balance of an account. If the central office is not convinced that
such a message is truly sent from an authorized source, acting on such a request could be a grave
mistake.
Integrity
message is digitally signed, any change in the message after signature invalidates the signature.
Furthermore, there is no efficient way to modify a message and its signature to produce a new message
with a valid signature, because this is still considered to be computationally infeasible by most
cryptographic hash functions (see collision resistance).
Non-repudiation

valid signature.
Note that these authentication, non-repudiation etc. properties rely on the secret key not having been
Protocol ". Very roughly this is analogous to a vendor who receives credit-cards first checking online
with the credit-card issuer to find if a given card has been reported lost or stolen. Of course, with stolen
key pairs, the theft is often discovered only after the secret key's use, e.g., to sign a bogus certificate for
espionage purposes.
The other options presented are not valid.
Question 70
Which access control model provides upper and lower bounds of access capabilities for a subject?
• Role-based access control

• Lattice-based access control
• Biba access control
• Content-dependent access control
Correct Answer is: Lattice-based access control
Details:
The correct answer is: Lattice-based access control
In the lattice model, users are assigned security clearences and the data is classified. Access decisions
are made based on the clearence of the user and the classification of the object. Lattice-based access
control is an essential ingredient of formal security models such as Bell-LaPadula, Biba, Chinese Wall,
etc.
The bounds concept comes from the formal definition of a lattice as a "partially ordered set for which
every pair of elements has a greatest lower bound and a least upper bound. " To see the application,
consider a file classified as "SECRET " and a user Joe with a security clearence of "TOP SECRET. " Under
Bell-LaPadula, Joe's "least upper bound " access to the file is "READ " and his least lower bound is "NO
WRITE " (star property).
Role-based access control is incorrect. Under RBAC, the access is controlled by the permissions assigned
to a role and the specific role assigned to the user.
Biba access control is incorrect. The Biba integrity model is based on a lattice structure but the context
of the question disqualiifes it as the best answer.
Content-dependent access control is incorrect. In content dependent access control, the actual content
of the information determines access as enforced by the arbiter.

THis sounds a lot more confusing than it is -- the confusion comes from the fact that we're talking about
a mathematical structure in words as opposed to the formal symbols that would allow us to manipulate
it, derive formal properties and do proofs. If you're interested in the formal details, a book such as
"Computer Security: Art and Science " by Matt Bishop will provide a good introduction but this is beyond
what you will need to know for the CISSP exam.
Question 71
Which of the following choices describe a condition when RAM and Secondary storage are used
together?
• Virtual storage
• Real storage
• Secondary storage
• Primary storage
Correct Answer is: Virtual storage
Details:
The correct answer is: Virtual Storage
Virtual storage a service provided by the operating system where it uses a combination of RAM and disk
storage to simulate a much larger address space than is actually present. Infrequently used portions of
memory are paged out by being written to secondary storage and paged back in when required by a
running program.
Most OS s have the ability to simulate having more main memory than is physically available in the
system. This is done by storing part of the data on secondary storage, such as a disk. This can be
considered a virtual page. If the data requested by the system is not currently in main memory, a page
fault is taken. This condition triggers the OS handler. If the virtual address is a valid one, the OS will
locate the physical page, put the right information in that page, update the translation table, and then
try the request again. Some other page might be swapped out to make room. Each process may have its
own separate virtual address space along with its own mappings and protections.
The following are incorrect answers:
Primary storage is incorrect. Primary storage refers to the combination of RAM, cache and the processor
registers. Primary Storage The data waits for processing by the processors, it sits in a staging area called
primary storage. Whether implemented as memory, cache, or registers (part of the CPU), and regardless
of its location, primary storage stores data that has a high probability of being requested by the CPU, so
it is usually faster than long-term, secondary storage. The location where data is stored is denoted by its
physical memory address. This memory register identifier remains constant and is independent of the
value stored there. Some examples of primary storage devices include random-access memory (RAM),
synchronous dynamic random-access memory (SDRAM), and read-only memory (ROM). RAM is volatile,
that is, when the system shuts down, it flushes the data in RAM although recent research has shown
that data may still be retrievable. Contrast this
Secondary storage is incorrect. Secondary storage holds data not currently being used by the CPU and is
used when data must be stored for an extended period of time using high-capacity, nonvolatile storage.
Secondary storage includes disk, floppies, CD's, tape, etc. While secondary storage includes basically
anything different from primary storage, virtual memory's use of secondary storage is usually confined
to high-speed disk storage.
Real storage is incorrect. Real storage is another word for primary storage and distinguishes physical
memory from virtual memory.
Edition Page 869 or Kindle Location 22656 & 22686.
Question 72
Which of the following statements pertaining to protection rings is false?
• They support the CIA triad requirements of multitasking operating systems.
• They provide strict boundaries and definitions on what the processes that work within each
ring can access.
• They provide users with a direct access to peripherals

• Programs operating in inner rings are usually referred to as existing in a privileged mode.
Correct Answer is: They provide users with a direct access to peripherals
Details:
The correct answer is: They provide users with a direct access to peripherals
In computer science, hierarchical protection domains, often called protection rings, are mechanisms to
protect data and functionality from faults (fault tolerance) and malicious behaviour (computer security).
This approach is diametrically opposite to that of capability-based security.
Computer operating systems provide different levels of access to resources. A protection ring is one of
two or more hierarchical levels or layers of privilege within the architecture of a computer system. This
is generally hardware-enforced by some CPU architectures that provide different CPU modes at the
hardware or microcode level.
Rings are arranged in a hierarchy from most privileged (most trusted, usually numbered zero) to least
privileged (least trusted, usually with the highest ring number). On most operating systems, Ring 0 is the
level with the most privileges and interacts most directly with the physical hardware such as the CPU
and memory.
Special gates between rings are provided to allow an outer ring to access an inner ring's resources in a
predefined manner, as opposed to allowing arbitrary usage. Correctly gating access between rings can
improve security by preventing programs from one ring or privilege level from misusing resources
intended for programs in another. For example, spyware running as a user program in Ring 3 should be
prevented from turning on a web camera without informing the user, since hardware access should be a
Ring 1 function reserved for device drivers. Programs such as web browsers running in higher numbered
rings must request access to the network, a resource restricted to a lower numbered ring.
"They provide strict boundaries and definitions on what the processes that work within each ring can
access" is incorrect. This is in fact one of the characteristics of a ring protection system.
"Programs operating in inner rings are usually referred to as existing in a privileged mode" is incorrect.
This is in fact one of the characteristics of a ring protection system.
"They support the CIA triad requirements of multitasking operating systems" is incorrect. This is in fact
one of the characteristics of a ring protection system.

CBK, pp. 310-311
AIO3, pp. 253-256
AIOv4 Security Architecture and Design (pages 308 - 310)
Question 73
What is it called when a computer uses more than one CPU in parallel to execute instructions?
• Multiprocessing
• Multithreading
• Multitasking
• Parallel running
Correct Answer is: Multiprocessing
Details:
The correct answer is: Multiprocessing
A system with multiple processors is called a multiprocessing system.
Multitasking is incorrect. Multitasking involves sharing the processor amoung all ready processes.
Though it appears to the user that multiple processes are executing at the same time, only one process
is running at any point in time.
Multithreading is incorrect. The developer can structure a program as a collection of independent

threads to achieve better concurrency. For example, one thread of a program might be performing a
calculation while another is waiting for additional input from the user.
"Parallel running" is incorrect. This is not a real term and is just a distraction.
CBK, pp. 315-316
AIO3, pp. 234 - 239
Question 74
Which of the following statements pertaining to the trusted computing base (TCB) is false?
• It includes hardware, firmware and software.
• A higher TCB rating will require that details of their testing procedures and documentation be
reviewed with more granularity.
• It is defined in the Orange Book.
• Its enforcement of security policy is independent of parameters supplied by system

administrators.
Correct Answer is: Its enforcement of security policy is independent of parameters supplied by system
administrators.
Details:
The correct answer is: Its enforcement of security policy is independent of parameters supplied by
system administrators
The ability of a TCB to correctly enforce a security policy depends solely on the mechanisms within it and
the correct input by system administrative personnel of parameters related to security policy. For
example, if Jane only has a "CONFIDENTIAL" clearence, a system administrator could foil the correct
operation of a TCB by providing input to the system that gave her a "SECRET" clearence.
"It is defined in the Orange Book" is an incorrect choice. The TCB is defined in the Orange Book (TCSEC
or Trusted Computer System Evaluation Criteria).
"It includes hardware, firmware and software" is incorrect. The TCB does includes the combination of all
hardware, firmware and software responsible for enforcing the security policy.
"A higher TCB rating will require that details of their testing procedures and documentation be reviewed
with more granularity" is incorrect. As the level of trust increases (D through A), the level of scrutiny
required during evaluation increases as well.

CBK, pp. 323 - 324, 329 - 330
AIO3, pp. 269 - 272,
Question 75
What can be defined as an abstract machine that mediates all access to objects by subjects to ensure
that subjects have the necessary access rights and to protect objects from unauthorized access?
• The Security Kernel
• The Security Domain
• The Reference Monitor
• The Trusted Computing Base
Correct Answer is: The Reference Monitor
Details:
The correct answer is: The Reference Monitor
The reference monitor refers to abstract machine that mediates all access to objects by subjects.
This question is asking for the concept that governs access by subjects to objects, thus the reference
monitor is the best answer. While the security kernel is similar in nature, it is what actually enforces the
concepts outlined in the reference monitor.
In operating systems architecture a reference monitor concept defines a set of design requirements on a
reference validation mechanism, which enforces an access control policy over subjects' (e.g., processes
and users) ability to perform operations (e.g., read and write) on objects (e.g., files and sockets) on a
system. The properties of a reference monitor are:
• The reference validation mechanism must always be invoked (complete mediation). Without
this property, it is possible for an attacker to bypass the mechanism and violate the security policy.
• The reference validation mechanism must be tamperproof (tamperproof). Without this

property, an attacker can undermine the mechanism itself so that the security policy is not correctly
enforced.
• The reference validation mechanism must be small enough to be subject to analysis and tests,
the completeness of which can be assured (verifiable). Without this property, the mechanism might be
flawed in such a way that the policy is not enforced.
For example, Windows 3.x and 9x operating systems were not built with a reference monitor, whereas
the Windows NT line, which also includes Windows 2000 and Windows XP, was designed to contain a
reference monitor, although it is not clear that its properties (tamperproof, etc.) have ever been
independently verified, or what level of computer security it was intended to provide.
The claim is that a reference validation mechanism that satisfies the reference monitor concept will
correctly enforce a system's access control policy, as it must be invoked to mediate all security-sensitive
operations, must not be tampered, and has undergone complete analysis and testing to verify
correctness. The abstract model of a reference monitor has been widely applied to any type of system
that needs to enforce access control, and is considered to express the necessary and sufficient
properties for any system making this security claim.
According to Ross Anderson, the reference monitor concept was introduced by James Anderson in an
influential 1972 paper.
Systems evaluated at B3 and above by the Trusted Computer System Evaluation Criteria (TCSEC) must
enforce the reference monitor concept.
The reference monitor, as defined in AIO V5 (Harris) is: "an access control concept that refers to an
abstract machine that mediates all access to objects by subjects."
The security kernel, as defined in AIO V5 (Harris) is: "the hardware, firmware, and software elements of
a trusted computing based (TCB) that implement the reference monitor concept. The kernel must
mediate all access between subjects and objects, be protected from modification, and be verifiable as
correct."
The trusted computing based (TCB), as defined in AIO V5 (Harris) is: "all of the protection mechanisms
within a computer system (software, hardware, and firmware) that are responsible for enforcing a
security policy."
The security domain, "builds upon the definition of domain (a set of resources available to a subject) by
adding the fact that resources withing this logical structure (domain) are working under the same
security policy and managed by the same group."
"The security kernel" is incorrect. One of the places a reference monitor could be implemented is in the
security kernel but this is not the best answer.
"The trusted computing base" is incorrect. The reference monitor is an important concept in the TCB
but this is not the best answer.
"The security domain is incorrect." The reference monitor is an important concept in the security
domain but this is not the best answer.
Official ISC2 Guide to the CBK, page 324
AIO Version 3, pp. 272 - 274
Wikipedia article at https://en.wikipedia.org/wiki/Reference_monitor
Question 76
What is the main focus of the Bell-LaPadula security model?
• Confidentiality
• Accountability
• Availability
• Integrity
Correct Answer is: Confidentiality
Details:
The correct answer is: Confidentiality
The Bell-LaPadula model is a formal model dealing with confidentiality.

The Bell–LaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control
in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula,
subsequent to strong guidance from Roger R. Schell to formalize the U.S. Department of Defense (DoD)
multilevel security (MLS) policy. The model is a formal state transition model of computer security
policy that describes a set of access control rules which use security labels on objects and clearances for
subjects. Security labels range from the most sensitive (e.g."Top Secret"), down to the least sensitive
(e.g., "Unclassified" or "Public").
The Bell–LaPadula model focuses on data confidentiality and controlled access to classified information,
in contrast to the Biba Integrity Model which describes rules for the protection of data integrity. In this
formal model, the entities in an information system are divided into subjects and objects.
The notion of a "secure state" is defined, and it is proven that each state transition preserves security by
security objectives of the model. The Bell–LaPadula model is built on the concept of a state machine
with a set of allowable states in a computer network system. The transition from one state to another
state is defined by transition functions.
A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in
authorized for the specific access mode.
The clearance/classification scheme is expressed in terms of a lattice. The model defines two mandatory
access control (MAC) rules and one discretionary access control (DAC) rule with three security
properties:
1. The Simple Security Property - a subject at a given security level may not read an object at a
higher security level (no read-up).
2. The ★-property (read "star"-property) - a subject at a given security level must not write to any
object at a lower security level (no write-down). The ★-property is also known as the Confinement
property.
3. The Discretionary Security Property - use of an access matrix to specify the discretionary access
control.
Accountability is incorrect. Accountability requires that actions be traceable to the user that performed
them and is not addressed by the Bell-LaPadula model.
Integrity is incorrect. Integrity is addressed in the Biba model rather than Bell-Lapadula.
Availability is incorrect. Availability is concerned with assuring that data/services are available to
authorized users as specified in service level objectives and is not addressed by the Bell-Lapadula model.
CBK, pp. 325-326
AIO3, pp. 279 - 284
Wikipedia at https://en.wikipedia.org/wiki/Bell-La_Padula_model
Question 77
Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of
the strong star property?
• It allows "read up."
• It allows "write up."
• It addresses management of access controls.
• It addresses covert channels.
Correct Answer is: It allows "write up."
Details:
The correct answer is: It allow "write up" (this is true)

Bell–LaPadula Confidentiality Model. The Bell–LaPadula model is perhaps the most well-known and
significant security model, in addition to being one of the oldest models used in the creation of modern
secure computing systems. Like the Trusted Computer System Evaluation Criteria (or TCSEC), it was
inspired by early U.S. Department of Defense security policies and the need to prove that confidentiality
could be maintained. In other words, its primary goal is to prevent disclosure as the model system
moves from one state (one point in time) to another.
When the strong star property is not being used it means that both the * property and the Simple
Security Property rules would be applied.
The Star (*) property rule of the Bell-LaPadula model says that subjects cannot write down, this would
compromise the confidentiality of the information if someone at the secret layer would write the object
down to a confidential container for example.
The Simple Security Property rule states that the subject cannot read up which means that a subject at
the secret layer would not be able to access objects at Top Secret for example.
You must remember: The model tells you about are NOT allowed to do. Anything else would be
allowed. For example within the Bell LaPadula model you would be allowed to write up as it does not
compromise the security of the information. In fact it would upgrade it to the point that you could lock
yourself out of your own information if you have only a secret security clearance.
The following are incorrect answers because they are all FALSE:
"It allows read up" is incorrect. The "simple security" property forbids read up. You cannot read above
your security clearance.
"It addresses covert channels" is incorrect. Covert channels are not addressed by the Bell-LaPadula
model. BLP is focused mostly on Confidentiality.
"It addresses management of access controls" is incorrect. Management of access controls are beyond
the scope of the Bell-LaPadula model.
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press)
(Kindle Locations 17595-17600). Auerbach Publications. Kindle Edition.
Question 78
Which security model introduces access to objects only through programs?
• The Clark-Wilson model
• The information flow model
• The Bell-LaPadula model
• The Biba model
Correct Answer is: The Clark-Wilson model
Details:
The correct answer is: The Clark-Wilson model
In the Clark-Wilson model, the subject no longer has direct access to objects but instead must access
them through programs (well -formed transactions).
The Clark–Wilson integrity model provides a foundation for specifying and analyzing an integrity policy
for a computing system.
The model is primarily concerned with formalizing the notion of information integrity. Information
integrity is maintained by preventing corruption of data items in a system due to either error or
malicious intent. An integrity policy describes how the data items in the system should be kept valid
from one state of the system to the next and specifies the capabilities of various principals in the
system. The model defines enforcement rules and certification rules.
Clark–Wilson is more clearly applicable to business and industry processes in which the integrity of the
information content is paramount at any level of classification.
Integrity goals of Clark–Wilson model:
• Prevent unauthorized users from making modification (Only this one is addressed by the Biba
model).
• Separation of duties prevents authorized users from making improper modifications.
• Well formed transactions: maintain internal and external consistency i.e. it is a series of
operations that are carried out to transfer the data from one consistent state to the other.
The Biba model is incorrect. The Biba model is concerned with integrity and controls access to objects
based on a comparison of the security level of the subject to that of the object.
The Bell-LaPdaula model is incorrect. The Bell-LaPaula model is concerned with confidentiality and
controls access to objects based on a comparison of the clearence level of the subject to the
classification level of the object.
The information flow model is incorrect. The information flow model uses a lattice where objects are
labelled with security classes and information can flow either upward or at the same level. It is similar in
framework to the Bell-LaPadula model.
ISC2 Official Study Guide, Pages 325 - 327
AIO3, pp. 284 - 287
Wikipedia at: https://en.wikipedia.org/wiki/Clark-Wilson_model
Thanks to Benedict Pasaribu for providing updated link for this question.
EXAM TIP:
The formal security models can be quite confusing if one tries to become too detailed with them as they
are mathematical models and their details are far beyond the subject matter of the CISSP exam.
Concentrate on the basic details of the models and their differences at the managerial level.
If you are interested in the formal details of the models, a text such as "Computer Security Art and
Science" by Matt Bishop will be an excellent starting point.
Question 79
What is called the formal acceptance of the adequacy of a system's overall security by the
management?
• Certification
• Evaluation
• Accreditation
• Acceptance
Correct Answer is: Accreditation
Details:
The correct answer is: Accreditation
Accreditation is the authorization by management to implement software or systems in a production

environment. This authorization may be either provisional or full.
Certification is incorrect. Certification is the process of evaluating the security stance of the software or
system against a selected set of standards or policies. Certification is the technical evaluation of a
product. This may precede accreditation but is not a required precursor.
Acceptance is incorrect. This term is sometimes used as the recognition that a piece of software or
system has met a set of functional or service level criteria (the new payroll system has passed its
acceptance test). Certification is the better tem in this context.
Evaluation is incorrect. Evaluation is certainly a part of the certification process but it is not the best
answer to the question.
The Official Study Guide to the CBK from ISC2, pages 559-560
AIO3, pp. 314 - 317

Question 80
A server farm consisting of multiple similar servers seen as a single IP address from users interacting
with the group of servers is an example of which of the following?
• Server clustering
• Server fault tolerance
• Multiple servers
• Redundant servers
Correct Answer is: Server clustering
Details:
The correct answer is: Server clustering
A "server farm" consistant of may servers providing a similar service is an implementation of server
clustering, where a group of independent servers are managed as a single system and provides higher
availability, easier manageability and greater scalability.
It is similar to redundant servers, commonly known as server fault tolerance, except that all the servers
are on-line simultaneously and take part in processing requests.
If any server in the cluster crashes, the load is balanced among remaining servers. It does involve
multiple servers, but its particularity is that it balances a load among all servers.
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 67).
Question 81
What can be defined as an instance of two different keys generating the same ciphertext from the same
plaintext?
• Key collision
• Ciphertext collision
• Hashing
• Key clustering
Correct Answer is: Key clustering
Details:
The correct answer is: Key clustering
Key clustering happens when a plaintext message generates identical ciphertext messages using the
same transformation algorithm, but with different keys.
Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 130).
Question 82
Which of the following is true about link encryption?
• Each entity has a common key with the destination node.
• Only secure nodes are used in this type of transmission.
• Encrypted messages are only decrypted by the final node.

• This mode does not provide protection if any of the nodes along the transmission path is
compromised.
Correct Answer is: This mode does not provide protection if any of the nodes along the transmission
path is compromised.
Details:
The correct answer is: This mode does not provide protection if anyone of the nodes along the
transmission path is compromised.
In link encryption, each entity has keys in common with its two neighboring nodes in the transmission
chain.
Thus, a node receives the encrypted message from its predecessor, decrypts it, and then re-encrypts it
with a new key, common to the successor node. Obviously, this mode does not provide protection if
anyone of the nodes along the transmission path is compromised.
Encryption can be performed at different communication levels, each with different types of protection
and implications. Two general modes of encryption implementation are link encryption and end-to-end
encryption.
Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3 line, or
telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and
routing data that are part of the packets are also encrypted. The only traffic not encrypted in this
technology is the data link control messaging information, which includes instructions and parameters
that the different link devices use to synchronize communication methods. Link encryption provides
protection against packet sniffers and eavesdroppers.
In end-to-end encryption, the headers, addresses, routing, and trailer information are not encrypted,
enabling attackers to learn more about a captured packet and where it is headed.
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (pp. 845-846). McGraw-Hill.
And:
Question 83
What can be defined as secret communications where the very existence of the message is hidden?
• Clustering
• Vernam cipher
• Cryptology
• Steganography
Correct Answer is: Steganography
Details:
The correct answer is: Steganography
Steganography is a secret communication where the very existence of the message is hidden. For
example, in a digital image, the least significant bit of each word can be used to comprise a message
without causing any significant change in the image. Key clustering is a situation in which a plaintext
message generates identical ciphertext messages using the same transformation algorithm but with
different keys. Cryptology encompasses cryptography and cryptanalysis. The Vernam Cipher, also called
a one-time pad, is an encryption scheme using a random key of the same size as the message and is
used only once. It is said to be unbreakable, even with infinite resources.
Question 84
What is the maximum number of different keys that can be used when encrypting with Triple DES?
• 4
• 3
• 1
• 2
Details:
The correct answer is: 3
Triple DES encrypts a message three times. This encryption can be accomplished in several ways. The
most secure form of triple DES is when the three encryptions are performed with three different keys.
Question 85
Which of the following is a symmetric encryption algorithm?
• RSA
• El Gamal
• RC5
• Elliptic Curve

Details:
RC5 is a symmetric encryption algorithm. It is a block cipher of variable block length, encrypts through
integer addition, the application of a bitwise Exclusive OR (XOR), and variable rotations.
Question 86
Which of the following is NOT a property of the Rijndael block cipher algorithm?
• Maximum key size is 512 bits
• Maximum block size is 128 bits
• The key sizes must be a multiple of 32 bits
• The key size does not have to match the block size
Correct Answer is: Maximum key size is 512 bits
Details:
The correct answer is: Maximum key size is 512 bits
The above statement is NOT true and thus the correct answer. The maximum key size on Rijndael is 256
bits.
There are some differences between Rijndael and the official FIPS-197 specification for AES.
Rijndael specification per se is specified with block and key sizes that must be a multiple of 32 bits, both
with a minimum of 128 and a maximum of 256 bits. Namely, Rijndael allows for both key and block sizes
to be chosen independently from the set of { 128, 160, 192, 224, 256 } bits. (And the key size does not in
fact have to match the block size).
However, FIPS-197 specifies that the block size must always be 128 bits in AES, and that the key size may
be either 128, 192, or 256 bits. Therefore AES-128, AES-192, and AES-256 are actually:
Key Size (bits) Block Size (bits)
AES-128 128 128
AES-192 192 128
AES-256 256 128
So in short:
Rijndael and AES differ only in the range of supported values for the block length and cipher key length.
For Rijndael, the block length and the key length can be independently specified to any multiple of 32
bits, with a minimum of 128 bits, and a maximum of 256 bits.
AES fixes the block length to 128 bits, and supports key lengths of 128, 192 or 256 bits only.
http://blogs.msdn.com/b/shawnfa/archive/2006/10/09/the-differences-between-rijndael-and-aes.aspx
and
http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf
Question 87
What is the name for a substitution cipher that shifts the alphabet by 13 places?
• Polyalphabetic cipher
• Transposition cipher
• ROT13 cipher
• Caesar cipher
Correct Answer is: ROT13 cipher
Details:
The correct answer is: ROT13 cipher
An extremely simple example of conventional cryptography is a substitution cipher.
A substitution cipher substitutes one piece of information for another. This is most frequently done by
offsetting letters of the alphabet. Two examples are Captain Midnight's Secret Decoder Ring, which you
may have owned when you were a kid, and Julius Caesar's cipher. In both cases, the algorithm is to
offset the alphabet and the key is the number of characters to offset it. So the offset could be one, two,
or any number you wish. ROT-13 is an example where it is shifted 13 spaces. The Ceaser Cipher is
another example where it is shifted 3 letters to the left.
ROT13 ("rotate by 13 places", sometimes hyphenated ROT-13) is a simple letter substitution cipher that
replaces a letter with the letter 13 letters after it in the alphabet. ROT13 is an example of the Caesar
cipher, developed in ancient Rome.
In the basic Latin alphabet, ROT13 is its own inverse; that is, to undo ROT13, the same algorithm is
applied, so the same action can be used for encoding and decoding. The algorithm provides virtually no
cryptographic security, and is often cited as a canonical example of weak encryption.
ROT13 is used in online forums as a means of hiding spoilers, puzzle solutions, and offensive materials
from the casual glance. ROT13 has been described as the "Usenet equivalent of a magazine printing the
answer to a quiz upside down". ROT13 has inspired a variety of letter and word games on-line, and is
frequently mentioned in newsgroup conversations. See diagram Below:
The following are incorrect:

The Caesar cipher is a simple substitution cipher that involves shifting the alphabet three positions to
the right. In cryptography, a Caesar cipher, also known as Caesar's cipher, the shift cipher, Caesar's code
or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type of
substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of
positions down the alphabet. For example, with a left shift of 3, D would be replaced by A, E would
become B, and so on. The method is named after Julius Caesar, who used it in his private
correspondence.
Polyalphabetic cipher refers to using multiple alphabets at a time. A polyalphabetic cipher is any cipher
based on substitution, using multiple substitution alphabets. The Vigenère cipher is probably the best-
known example of a polyalphabetic cipher, though it is a simplified special case.
Transposition cipher is a different type of cipher. In cryptography, a transposition cipher is a method of

encryption by which the positions held by units of plaintext (which are commonly characters or groups
of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation
of the plaintext. That is, the order of the units is changed. See the reference below for multiple
examples of Transpositio Ciphers.
An exemple of Transposition cipher could be columnar transposition, the message is written out in rows
of a fixed length, and then read out again column by column, and the columns are chosen in some
scrambled order. Both the width of the rows and the permutation of the columns are usually defined by
a keyword. For example, the word ZEBRAS is of length 6 (so the rows are of length 6), and the
permutation is defined by the alphabetical order of the letters in the keyword. In this case, the order
would be "6 3 2 4 1 5".
In a regular columnar transposition cipher, any spare spaces are filled with nulls; in an irregular
columnar transposition cipher, the spaces are left blank. Finally, the message is read off in columns, in
the order specified by the keyword. For example, suppose we use the keyword ZEBRAS and the message
WE ARE DISCOVERED. FLEE AT ONCE. In a regular columnar transposition, we write this into the grid as
Follows:
Providing five nulls (QKJEU) at the end. The ciphertext is then read off as:
EVLNE ACDTK ESEAQ ROFOJ DEECU WIREE
http://en.wikipedia.org/wiki/ROT13
http://en.wikipedia.org/wiki/Caesar_cipher
http://en.wikipedia.org/wiki/Polyalphabetic_cipher
http://en.wikipedia.org/wiki/Transposition_cipher
Question 88
Which of the following standards concerns digital certificates?
• X.400
• X.509
• X.75
• X.25
Correct Answer is: X.509
Details:
The correct answer is: X.509
X.509 is used in digital certificates. X.400 is used in e-mail as a message handling protocol. X.25 is a
standard for the network and data link levels of a communication network and X.75 is a standard
defining ways of connecting two X.25 networks.
Question 89
What is the effective key size of DES?
• 1024 bits
• 64 bits
• 128 bits
• 56 bits
Details:
The correct answer is: 56 bits
Data Encryption Standard (DES) is a symmetric key algorithm. Originally developed by IBM, under
project name Lucifer, this 128-bit algorithm was accepted by the NIST in 1974, but the total key size was
reduced to 64 bits, 56 of which make up the effective key, plus and extra 8 bits for parity. It somehow
became a national cryptographic standard in 1977, and an American National Standard Institute (ANSI)
standard in 1978. DES was later replaced by the Advanced Encryption Standard (AES) by the NIST.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 8:
Cryptography (page 525).
Question 90
Which of the following adds confidentiality to an e-mail message while allowing the intended recipient
to decrypt and read the message but nobody else?
• The sender encrypting it with its private key.
• The sender encrypting it with its public key.
• The sender encrypting it with the receiver's public key.
• The sender encrypting it with the receiver's private key.
Correct Answer is: The sender encrypting it with the receiver's public key.
Details:
The correct answer is: The sender encrypting it with the receiver's public key.
An e-mail message's confidentiality is protected when encrypted with the receiver's public key, because
the receiver is the only one able to decrypt the message using the matching private key.
The sender is not supposed to have the receiver's private key. You never ever give away your private
key or get someone else private key.
By encrypting a message with the sender private key, you only get authentication of the source,
anybody possessing the corresponding public key would be able to read the message.
By encrypting the message with the sender public key, not even the receiver would be able to read the
message.
(2015-03-20). Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ((ISC)2 Press) (Kindle Location 9909).
CRC Press. Kindle Edition.
and
Question 91
What does the simple security (ss) property mean in the Bell-LaPadula model?
• No write up
• No read up
• No read down
• No write down
Correct Answer is: No read up
Details:
The correct answer is: No read up
The ss (simple security) property of the Bell-LaPadula access control model states that reading of
information by a subject at a lower sensitivity level from an object at a higher sensitivity level is not
permitted (no read up).
Security, John Wiley & Sons, 2001, Chapter 5: Security Architectures and Models (page 202).
Question 92
What does the * (star) property mean in the Bell-LaPadula model?
• No read down
• No read up
• No write down
• No write up
Correct Answer is: No write down
Details:
The correct answer is: No write down
The *- (star) property of the Bell-LaPadula access control model states that writing of information by a
subject at a higher level of sensitivity to an object at a lower level of sensitivity is not permitted (no write
down).
HERE ARE A FEW TIPS TO MAKE SENSE OF THE SECURITY MODELS:
If the model has the letter "i" in the name it is integrity related.
The only model without an "i" is Bell Lapadula which is concerned only with confidentiality.
Only two models have rules attached to them:
Biba has two rules
Bell Lapadula has three rules
The rules that belongs to Biba have the word INTEGRITY into each of them.
When you see the word SIMPLE within a rule, it means it is a rule related to READING. Some people
remember this by saying IT IS SIMPLE TO READ
When you see the word STAR or the * symbol within a rule, it means it is a rule related to WRITING.
Some people remember by thinking about the moment you write your password on a system, all you
see is ***** on the screen.
Question 93
What does the * (star) integrity axiom mean in the Biba model?
• No read up
• No read down
• No write up
• No write down
Correct Answer is: No write up
Details:
The correct answer is: No write up
The *- (star) integrity axiom of the Biba access control model states that an object at one level of
integrity is not permitted to modify an object of a higher level of integrity (no write up).

Question 94
What does the simple integrity axiom mean in the Biba model?
• No read up
• No read down
• No write up
• No write down
Correct Answer is: No read down
Details:
The correct answer is: No read down
The simple integrity axiom of the Biba access control model states that a subject at one level of integrity
is not permitted to observe an object of a lower integrity (no read down).
Question 95
What is the Biba security model concerned with?

• Integrity
• Availability
• Confidentiality
• Reliability
Correct Answer is: Integrity
Details:
The correct answer is: Integrity
The Biba security model addresses the integrity of data being threatened when subjects at lower
security levels are able to write to objects at higher security levels and when subjects can read data at
lower levels.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 5:
Security Models and Architecture (Page 244).
Question 96
Which type of fire extinguisher is most appropriate for a digital information processing facility?
• Type B
• Type C
• Type D
• Type A
Correct Answer is: Type C

Details:
The correct answer is: Type C
Type C fire extinguishers deal with electrical fires. They are most likely to be found around a digital
information processing facility or data center.
Type A is for common combustibles
Type B is for liquids (petroleum products and coolants)
Type D is used specifically for fighting flammable metal fires (eg: magnesium). Additionally
Class K fires are caused by cooking oils and fats. They typically burn much hotter than Class B fires and
are extinguished using wet chemical (alkali) fire extinguishers.
To remember the 4 classes of fire and what they are you can think about my first name which is
CLEMENT. See an example of this below:
Class Type
A Common combustible
B Liquid
C Electrical Fire
D Metal Burning
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter
6: Physical security (page 312).
Underwriters Laboratory's Rating and Testing of Fire Extinguishers (UL 711).
National Fire Protection Association's glossary.
http://en.wikipedia.org/wiki/Fire_classes http://en.wikipedia.org/wiki/Fire_extinguisher
http://en.wikipedia.org/wiki/Fire_retardant_foam
Question 97
What can best be described as a domain of trust that shares a single security policy and single
management?
• The reference monitor
• The security perimeter
• A security domain
• The security kernel
Correct Answer is: A security domain
Details:
The correct answer is: A security domain
A security domain is a domain of trust that shares a single security policy and single management.
The term security domain just builds upon the definition of domain by adding the fact that resources
within this logical structure (domain) are working under the same security policy and managed by the
same group.
So, a network administrator may put all of the accounting personnel, computers, and network resources
in Domain 1 and all of the management personnel, computers, and network resources in Domain 2.
These items fall into these individual containers because they not only carry out similar types of business
functions, but also, and more importantly, have the same type of trust level. It is this common trust level
that allows entities to be managed by one single security policy.
The different domains are separated by logical boundaries, such as firewalls with ACLs, directory services
making access decisions, and objects that have their own ACLs indicating which individuals and groups
can carry out operations on them.
All of these security mechanisms are examples of components that enforce the security policy for each
domain. Domains can be architected in a hierarchical manner that dictates the relationship between the
different domains and the ways in which subjects within the different domains can communicate.
Subjects can access resources in domains of equal or lower trust levels.

The reference monitor is an abstract machine which must mediate all access to subjects to objects, be
protected from modification, be verifiable as correct, and is always invoked. Concept that defines a set
of design requirements of a reference validation mechanism (security kernel), which enforces an access
control policy over subjects’ (processes, users) ability to perform operations (read, write, execute) on
objects (files, resources) on a system. The reference monitor components must be small enough to test
properly and be tamperproof.
The security kernel is the hardware, firmware and software elements of a trusted computing base that
implement the reference monitor concept.
The security perimeter includes the security kernel as well as other security-related system functions
that are within the boundary of the trusted computing base. System elements that are outside of the
security perimeter need not be trusted. not every process and resource falls within the TCB, so some of
these components fall outside of an imaginary boundary referred to as the security perimeter. A security
perimeter is a boundary that divides the trusted from the untrusted. For the system to stay in a secure
and trusted state, precise communication standards must be developed to ensure that when a
component within the TCB needs to communicate with a component outside the TCB, the
communication cannot expose the system to unexpected security compromises. This type of
communication is handled and controlled through interfaces.
Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ((ISC)2 Press)
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 28548-28550).
McGraw-Hill. Kindle Edition.
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition , Access Control, Page 214-217
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Security
Architecture and Design (Kindle Locations 1280-1283). . Kindle Edition.
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org.
AIO 6th edition chapter 3 access control page 214-217 defines Security domains. Reference monitor,
Security Kernel, and Security Parameter are defined in Chapter 4, Security Architecture and Design.
Question 98
What size is an MD5 message digest (hash)?
• 160 bits
• 128 bytes
• 256 bits
• 128 bits
Details:
MD5 is a one-way hash function producing a 128-bit message digest from the input message, through 4
rounds of transformation. MD5 is specified as an Internet Standard (RFC1312).
Question 99
Which of the following service is not provided by a public key infrastructure (PKI)?
• Reliability
• Authentication
• Integrity
• Access control
Correct Answer is: Reliability
Details:
The correct answer is: Reliability
A Public Key Infrastructure (PKI) provides confidentiality, access control, integrity, authentication and
non-repudiation.
It does not provide reliability services.
Question 100
In a Public Key Infrastructure, how are public keys published?
• They are sent by owners.
• They are not published.
• Through digital certificates.
• They are sent via e-mail.
Correct Answer is: Through digital certificates.
Details:
The correct answer is: Through digital certificates.
Public keys are published through digital certificates, signed by certification authority (CA), binding the
certificate to the identity of its bearer.
A bit more details:
Although “Digital Certificates” is the best (or least wrong!) in the list of answers presented, for the past
decade public keys have been published (ie: made known to the World) by the means of a LDAP server
or a key distribution server (ex.: http://pgp.mit.edu/). An indirect publishing method is through OCSP
servers (to validate digital signatures’ CRL)
and
http://technet.microsoft.com/en-us/library/dd361898.aspx
Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)?
• It has been mathematically proved to be less secure.
• It is believed to require shorter keys for equivalent security.
• It has been mathematically proved to be more secure.
• It is believed to require longer key for equivalent security.
Correct Answer is: It is believed to require shorter keys for equivalent security.
Details:
The correct answer is: It is believed to require shorter keys for equivalent security. Some experts believe
that ECC with key length 160 bits is equivalent to RSA with key length 1024 bits.
The following answers are incorrect: It has been mathematically proved to be less secure. ECC has not
been proved to be more or less secure than RSA. Since ECC is newer than RSA, it is considered riskier by
some, but that is just a general assessment, not based on mathematical arguments.
It has been mathematically proved to be more secure. ECC has not been proved to be more or less
secure than RSA. Since ECC is newer than RSA, it is considered riskier by some, but that is just a general
assessment, not based on mathematical arguments.
It is believed to require longer key for equivalent security. On the contrary, it is believed to require
shorter keys for equivalent security of RSA.
Shon Harris, AIO v5 pg719 states:
"In most cases, the longer the key, the more protection that is provided, but ECC can provide the same
level of protection with a key size that is shorter that what RSA requires "
Question 25
Which of the following is fuel for a class A fire?
• common combustibles
• Halon
• electrical
• liquid
Correct Answer is: common combustibles

Details:
The correct answer is: common combustible.
One of my student shared a tip with me on how to remember the classes of fire. He said that he thinks
about my first name to do so. More specifically the first four letters of my first name which is CLEMent
and a "K " too:
C stands for Common Combustible (CLASS A)
L stands for Liquid Fire (CLASS B)
E stands for Electrical Fire (CLASS C)
M stands for Metals that are burning (CLASS D)
Class, fuels & suppressent:
Class K black hexagon K for kitchen - cooking oil = use CO2
Class A green triangle - common combustibles, ordinary wood fires = use water, soda, dry powder
Class B red square liquid gas butane/propane = use CO2, soda or halon - B for Butane,
Class C blue circle - think copper = use CO2 or halon for electrical fires
Class D yellow decagon metal fires titanium, lithium, magnesium = use dry powder
Note; Halon is now banned via The Montreal Protocol - from being produce or manufacture in most
country or cities - suppresses combustion by disrupting a chemical reaction
Incorrect answers and why they are incorrect:
Liquid Class B see above
Electrical Class C see above
Halon- not a fuel - banned fire suppressent

Edition
Page 402 or Kindle Location 11159, Section titled: Fire Prevention, Detection, and Suppression
Question 26
Which of the following is the preferred way to suppress an electrical fire in a data center?
• CO2, soda acid, or Halon
• water or soda acid
• ABC Rated Dry Chemical
• CO2
Correct Answer is: CO2
Details:
The correct answer is: CO2:
It must be noted that Halon is now banned in most countries or cities.
The reason CO2 is preferred in an information center is the agent is considered a clean agent, as well as
non-conductive. The agent evaporates and does not leave a residue on the equipment. CO2 can be
hazardous to people so special care must be taken when implemented.
Water may be a sound solution for large physical areas such as warehouses, but it is entirely
inappropriate for computer equipment. A water spray can irreparably damage hardware more quickly
than encroaching smoke or heat. Gas suppression systems operate to starve the fire of oxygen. In the
past, Halon was the choice for gas suppression systems; however, Halon leaves residue, depletes the
ozone layer, and can injure nearby personnel.
Image Source - CISSP All In One Exam Guide by Shon Harris

NOTE FROM CLEMENT:
For the purpose of the exam do not go outside of the 4 choices presented. YES, it is true that there are
many other choices that would be more adequate for a Data Centre. An agent such as IG-55 from Ardent
would probably be a better choice than CO2, however it is NOT in the list of choices.
You will also notice that Shon Harris and Krutz and Vines disagree on which one is the best. This is why
you must do your own research to supplement the books, sometimes books could be opiniated as well.
When in doubt refer to the official book and look at what is ISC2 view of the topic and which one ISC2
considers to be the best for the exam.
ISC2 recommends also the following:
Aero-K - uses an aerosol of microscopic potassium compounds in a carrier gas released from small
canisters mounted on walls near the ceiling. The Aero-K generators are not pressurized until fire is
detected. The Aero-K system uses multiple fire detectors and will not release until a fire is confirmed by
two or more detectors (limiting accidental discharge). The gas is non-corrosive, so it does not damage
metals or other materials. It does not harm electronic devices or media such as tape or discs. More
important, Aero-K is nontoxic and does not injure personnel.
FM-200 - is a colorless, liquefied compressed gas. It is stored as a liquid and dispensed into the hazard as
The following are incorrect choices:
Water or Soda/Acid & Halon: (old water extinguishers) will damage sensitive equipment as well as
conduct electricity which could endanger the life of the person using such a fire extinghisher. Halon has
been banned due to the Montreal Protocol.
ABC rated Dry chemical extinguishers: They are suitable for electrically energized fires, but they are not
acceptable on sensitive equipment. It is like throwing a couple kilograms of flour in around in a room. It
is extremely hard to clean off of equipment and some of the chemicals are corrosive in nature.
Thanks to Glen Chandler for providing feedback to improve this question.
Thanks to Mark Heckman for providing input to improve this question.
Thanks to Kurt I. Love for providing feedback to improve this question.
NOTE FROM CLEMENT:
See some information about IG-55 is presented below:
The Agent
• IG55 is a mixture of two naturally occurring atmospheric gases, Nitrogen and Argon.
• IG55 is stored compressed and uncondensed and is totally dry.
• When deployed, there is no condensation that can cause harm to moisture sensitive equipment.
• IG 55 does not form harmful by products when used in a fire and the gas is totally non corrosive.
• The gas is stored and used at room temperature, thus avoiding any risk of damage due to
exposure to low temperatures.
• IG55 does not affect the ozone layer and has a very short atmospheric lifetime. IG55 has no
global warming potential.
• IG55 is colour- and odour-less.
• IG 55 is non conductive.
• IG55 has approximately the same density as air.
• IG55 is a mixture of Nitrogen and Argon that extinguishes fire by oxygen depletion.
Because the reduced oxygen atmosphere required to put out the fire still is breathable to humans, IG55
is ideal to use in normally occupied areas.
IG55 is clean and pure and leaves no residues that have to be taken care of after discharge. The gas is
non corrosive and non conductive and can be used directly on electrical installations.
IG55 is used in closed areas IG55 extinguishes the fire by depleting the oxygen level down to where no
combustion can occur. Normal air contains 20.9% of oxygen. In order to put out a fire that level must be
reduced down to 14% or less.
At a concentration of 50% IG55 in a room, a typical oxygen level of 12.5% is achieved.
IG55 is suitable for putting out Class B fires such as liquid fire.
IG55 is also suitable for putting out class A surface fires in wood, cloth and paper.
Personal Safety
In order to put out a fire the oxygen level must be reduced down to 14% or less. A normal system is
dimensioned to reduce the oxygen level down to 12-13.8% depending on the type of hazard. This is a
level that is considered safe for normally occupied areas, and the system may be used without
restrictions like time delays and pre alarms.
Question 27
What are the four basic elements of fire?
• Heat, Fuel, CO2, and Chain Reaction
• Flame, Fuel, Oxygen, and Chain Reaction
• Heat, Fuel, Oxygen, and Chain Reaction
• Heat, Wood, Oxygen, and Chain Reaction
Correct Answer is: Heat, Fuel, Oxygen, and Chain Reaction
Details:
The correct answer is: Heat, Fuel, Oxygen, and Chain Reaction
Four elements must be presentin order for fire to exist. These elements are HEAT, FUEL, OXYGENand
CHAIN REACTION.
While not everything is known about the combustion process, it is generally accepted that fire is a
chemical reaction. This reaction is dependent upon a material rapidly oxidizing, or uniting with oxygen
so rapidly that it produces heat and flame.
Until the advent of newer fire extinguishing agents, fire was thought of as a triangle with the three sides
represented by heat, fuel, and oxygen. If any one of the three sides were to be taken away, the fire
would cease to exist.
Studies of modern fire extinguishing agents have revealed a fourth element - a self propagating chain
reaction in the combustion process. As a result, the basic elements of fire are represented by the fire
tetrahedron - HEAT, FUEL, OXYGEN and CHAIN REACTION.
The theory of fire extinguishment is based on removing any one or more of the four elements in the fire
tetrahedron to suppress the fire.
REMOVING THE HEAT
In order to remove the heat, something must be applied to the fire to absorb the heat or act as a heat
exchanger. Water is not the only agent used to accomplish this, but it is the most common.
REMOVING THE FUEL
Under many circumstances, it is not practical to attempt to remove the fuel from the fire. When dealing
with flammable liquid fires, valves can be shut off and storage vessels pumped to safe areas to help
eliminate the supply of fuel to the fire. Flammable gas fires are completely extinguished by shutting off
the fuel supply.
REMOVE THE OXYGEN
Oxygen as it exists in our atmosphere (21%) is sufficient to support combustion in most fire situations.
Removal of the air or oxygen can be accomplished by separating it from the fuel source or by displacing
it with an inert gas. Examples of separation would be foam on a flammable liquid fire, a wet blanket on a
trash fire, or a tight fitting lid on a skillet fire. Agents such as CO2, nitrogen, and steam are used to
displace the oxygen.
INTERRUPT THE CHAIN REACTION

Modern extinguishing agents, such as dry chemical and halons, have proven to be effective on various
fires even though these agents do not remove heat, fuel, or oxygen. Dry chemical and halogenated
agents are thought to suspend or bond with free radicals that are created in the combustion process and
thus prevent them from continuing the chain reaction.
It must be noted that Halon is now banned in most country or cities. The agreement banning Halon
Production is called The Montreal Protocol.
Click on the following link to see a nice video on fire fighting and extinguishing agents, it cover key
information you need to know for the exam.
Resume of the class of Fires:
All of the other answers are incorrect:
Question 28
Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the
fire?
• CO2
• water
• soda acid
• Halon
Correct Answer is: Halon
Details:
The correct answer is: Halon
It must be noted that Halon is now banned from being produce or manufacture in most country or
cities.
Multiple countries have agreed to and signed The Montreal Protocol which disallow production of
Halon.
Data Centers that still have Halon loaded within their cylinders will replace it with a safe replacement
such as FM200 or Innergen if they ever make use of it.
Halon is a "Clean Agent. " The National Fire Protection Association defines, a "Clean Agent " as "an
electrically non-conducting, volatile, or gaseous fire extinguishant that does not leave a residue upon
evaporation. "
Halon is a liquefied, compressed gas that stops the spread of fire by chemically disrupting combustion.
Halon 1211 (a liquid streaming agent) and Halon 1301 (a gaseous flooding agent) leave no residue and
are remarkably safe for human exposure. Halon is rated for class "B " (flammable liquids) and "C "
(electrical fires), but it is also effective on class "A " (common combustibles) fires. Halon 1211 and Halon
1301 are low-toxicity, chemically stable compounds that, as long as they remain contained in cylinders,
are easily recyclable.
Halon is an extraordinarily effective fire extinguishing agent, even at low concentrations. According to
the Halon Alternative Research Corporation: "Three things must come together at the same time to start
a fire. The first ingredient is fuel (anything that can burn), the second is oxygen (normal breathing air is
ample) and the last is an ignition source (high heat can cause a fire even without a spark or open flame).
Traditionally, to stop a fire you need to remove one side of the triangle - the ignition, the fuel or the
oxygen. Halon adds a fourth dimension to fire fighting - breaking the chain reaction. It stops the fuel, the
ignition and the oxygen from dancing together by chemically reacting with them. "
A key benefit of Halon, as a clean agent, is its ability to extinguish fire without the production of residues
that could damage the assets being protected. Halon has been used for fire and explosion protection
throughout the 20th century, and remains an integral part of the safety plans in many of today's
manufacturing, electronic and aviation companies. Halon protects computer and communication rooms
throughout the electronics industry; it has numerous military applications on ships, aircraft and tanks
and helps ensure safety on all commercial aircraft.
Because Halon is a CFC, production of new Halon ceased in 1994. There is no cost effective means of
safely and effectively disposing of the Halon. Therefore, recycling and reusing the existing supply
intelligently and responsibly to protect lives and property is the wisest solution.

Question 31
Which of the following are the two commonly defined types of covert channels:
• Software and Timing
• Storage and Kernel
• Kernel and Timing
• Storage and Timing
Correct Answer is: Storage and Timing
Details:
The correct answer is: Storage and Timing
A covert storage channel involves direct or indirect reading of a storage location by another process. A
covert timing channel depends upon being able to influence the rate that some other process is able to
acquire resources, such as the CPU.
A covert storage channel is a covert channel that involves the direct or indirect writing of a storage
location by one process and the direct or indirect reading of the storage location by another process.
Covert storage channels typically involve a finite resource (e.g. sectors on a disk) that is shared by two
subjects at different security levels.
A covert timing channel is a covert channel in which one process signals information to another by
modulating its own use of system resources (e.g. CPU time) in such a way that this manipulation affects
the real response time observed by the second process

Question 36
Which of the following is NOT a true statement regarding the implementaton of the 3DES modes?
• DES-EEE1 uses one key
• DES-EEE3 uses three keys
• DES-EDE2 uses two keys
• DES-EEE2 uses two keys
Correct Answer is: DES-EEE1 uses one key
Details:
The correct answer is: DES-EEE1 uses one key
There is no DES mode call DES-EEE1. It does not exist.
The following are the correct modes for triple-DES (3DES):
DES-EEE3 uses three keys for encryption and the data is encrypted, encrypted, encrypted;
DES-EDE3 uses three keys and encrypts, decrypts and encrypts data.
DES-EEE2 and DES-EDE2 are the same as the previous modes, but the first and third operations use the
same key.
Question 40
The Secure Hash Algorithm (SHA-1) creates:
• a fixed length message digest from a fixed length input message
• a variable length message digest from a fixed length input message
• a variable length message digest from a variable length input message
• a fixed length message digest from a variable length input message
Correct Answer is: a fixed length message digest from a variable length input message
Details:
The correct answer is: a fixed length message direct from a variable length input message.
According to The CISSP Prep Guide, "The Secure Hash Algorithm (SHA-1) computes a fixed length
message digest from a variable length input message. "

Thanks to Mazhar Mohammad for pointing out an error with the comments bit digest were incorrect.
SHA-1 produces a 160 bit message digest or hash value. From the nist.gov document referenced above:
This standard specifies four secure hash algorithms, SHA-1, SHA-256, SHA-384, and SHA- 512. All four of
the algorithms are iterative, one-way hash functions that can process a messageto produce a condensed
representation called a message digest. These algorithms enable the determination of a message s
integrity: any change to the message will, with a very high probability, result in a different message
digest. This property is useful in the generation and verification of digital signatures and message
authentication codes, and in the generation of random numbers (bits).
Each algorithm can be described in two stages: preprocessing and hash computation. Preprocessing
involves padding a message, parsing the padded message into m-bit blocks, and setting initialization
values to be used in the hash computation. The hash computation generates a message schedule from
the padded message and uses that schedule, along with functions, constants, and word operations to
iteratively generate a series of hash values. The final hash vlue generated by the hash computation is
used to determine the message digest.
The four algorithms differ most significantly in the number of bits of security that are provided or the
data being hashed this is directly related to the message digest length. When a secure hash algorithm is
used in conjunction with another algorithm, there may be requirements specified elsewhere that
require the use of a secure hash algorithm with a certain number of bits of security. For example, if a
message is being signed with a digital signature algorithm that provides 128 bits of security, then that
signature algorithm may require the use of a secure hash algorithm that also provides 128 bits of
security (e.g., SHA-256).
Additionally, the four algorithms differ in terms of the size of the blocks and words of data that are used
during hashing.
SHA-1 = 160 bit digest
Question 44
In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the
following term?
• Subordinate CA
• Big CA
• Master CA
• Top CA
Correct Answer is: Top CA
Details:
The correct answer is: Top CA
Also note that sometimes other terms such as Certification Authority Anchor (CAA) might be used within
some government organization, Top level CA is another common term to indicate the top level CA, Top
Level Anchor could also be used.
Arsenault, Turner, Internet X.509 Public Key Infrastructure: Roadmap, Chapter "Terminology ".
Question 47
Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA?
• PKCS#11
• PKCS #17799
• PKCS#1
• PKCS-RSA
Correct Answer is: PKCS#1
Details:
The correct answer is: PKCS #1: RSA Cryptography Standard
This document provides recommendations for the implementation of public-key cryptography based on
the RSA algorithm, covering the following aspects: cryptographic primitives; encryption schemes;
signature schemes with appendix; ASN.1 syntax for representing keys and for identifying the schemes.
RSA Laboratories at http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-rsa-

cryptography-standard.htm
Question 49
A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of
the following?
• encrypting messages
• decrypt encrypted messages
• verifying signed messages
• signing messages
Correct Answer is: verifying signed messages
Details:
The correct answer is: verifying signed messages.
Question 51
FIPS-140 is a standard for the security of which of the following?
• Hardware and software cryptographic modules
• Smartcards
• Hardware security modules
• Cryptographic service providers
Correct Answer is: Hardware and software cryptographic modules
Details:
The correct answer is: Hardware and software cryptographic modules
The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer
security standards that specify requirements for cryptography modules. As of December 2006, the
current version of the standard is FIPS 140-2, issued on 25 May 2001.
The other answers are all incorrect
Question 53
Which is NOT a suitable method for distributing certificate revocation information?
• CA revocation mailing list

• Delta CRL
• Distribution point CRL
• OCSP (online certificate status protocol)
Correct Answer is: CA revocation mailing list
Details:
The correct answer is: CA revocation mailing list because it would not provide adequate information for
certificate revocation.
The following are incorrect answers because they are all suitable methods.
A Delta CRL is a CRL that only provides information about certificates whose statuses have changed since
the issuance of a specific, previously issued CRL.
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation
status of an X.509 digital certificate.
A Distribution point CRL or CRL Distribution Point, a location specified in the CRL Distribution Point (CRL
DP) X.509, version 3, certificate extension when the certificate is issued.
Question 63
External consistency ensures that the data stored in the database is:
• consistent with the real world.
• consistent with the logical world.
• remains consistant when sent from one system to another.

• in-consistent with the real world.
Correct Answer is: consistent with the real world.
Details:
The correct answer is: consistent with the real world.
External consistency ensures that the data stored in the database is consistent with the real world.
Question 65
The Diffie-Hellman algorithm is primarily used to provide which of the following?
• Integrity
• Non-repudiation
• Key Agreement
• Confidentiality
Correct Answer is: Key Agreement
Details:
The correct answer is: Key Agreement

Diffie and Hellman describe a means for two parties to agree upon a shared secret in such a way that the
secret will be unavailable to eavesdroppers. This secret may then be converted into cryptographic
keying material for other (symmetric) algorithms. A large number of minor variants of this process exist.
See RFC 2631 Diffie-Hellman Key Agreement Method for more details.
In 1976, Diffie and Hellman were the first to introduce the notion of public key cryptography, requiring a
system allowing the exchange of secret keys over non-secure channels. The Diffie-Hellman algorithm is
used for key exchange between two parties communicating with each other, it cannot be used for
encrypting and decrypting messages, or digital signature.
Diffie and Hellman sought to address the issue of having to exchange keys via courier and other
unsecure means. Their efforts were the FIRST asymmetric key agreement algorithm. Since the Diffie-
Hellman algorithm cannot be used for encrypting and decrypting it cannot provide confidentiality nor
integrity. This algorithm also does not provide for digital signature functionality and thus non-
repudiation is not a choice.
NOTE: The DH algorithm is susceptible to man-in-the-middle attacks.
KEY AGREEMENT VERSUS KEY EXCHANGE
A key exchange can be done multiple way. It can be done in person, I can generate a key and then
encrypt the key to get it securely to you by encrypting it with your public key. A Key Agreement protocol
is done over a public medium such as the internet using a mathematical formula to come out with a
common value on both sides of the communication link, without the ennemy being able to know what
the common agreement is.
The following answers were incorrect:
All of the other choices were not correct choices
Question 68
Which of the following keys has the SHORTEST lifespan?
• Private key
• Session key
• Public key
• Secret key
Correct Answer is: Session key
Details:
The correct answer is: Session Key
As session key is a symmetric key that is used to encrypt messages between two users. A session key is
only good for one communication session between users.
For example , If Tanya has a symmetric key that she uses to encrypt messages between Lance and
herself all the time , then this symmetric key would not be regenerated or changed. They would use the
same key every time they communicated using encryption. However , using the same key repeatedly
increases the chances of the key being captured and the secure communication being compromised. If ,
on the other hand , a new symmetric key were generated each time Lance and Tanya wanted to
communicate , it would be used only during their dialog and then destroyed. if they wanted to
communicate and hour later , a new session key would be created and shared.
The other answers are not correct because :
Public Key can be known to anyone.
Private Key must be known and used only by the owner.
Secret Keys are also called as Symmetric Keys, because this type of encryption relies on each user to
keep the key a secret and properly protected.
SHON HARRIS , ALL IN ONE THIRD EDITION : Chapter 8 : Cryptography , Page : 619-620
Question 70
Which of the following is NOT related to a Public key infrastructure (PKI)?
• A Certificate authority
• A X.509 certificate
• A Ticket Granting Service
• A Registration authority
Correct Answer is: A Ticket Granting Service
Details:
The correct answer is: A Ticket Granting Service
The NOT keyword is used in the question. You need to find out the option which is NOT part of PKI.A
Ticket Granting Service is a part of kerberos and not PKI.
A PKI (public key infrastructure) enables users of a basically unsecure public network such as the
Internet to securely and privately exchange data and money through the use of a public and a private
cryptographic key pair that is obtained and shared through a trusted authority. The public key
infrastructure provides for a digital certificate that can identify an individual or an organization and
directory services that can store and, when necessary, revoke the certificates. Although the components
of a PKI are generally understood, a number of different vendor approaches and services are emerging.
Meanwhile, an Internet standard for PKI is being worked on.
The public key infrastructure assumes the use of public key cryptography, which is the most common
method on the Internet for authenticating a message sender or encrypting a message. Traditional
cryptography has usually involved the creation and sharing of a secret key for the encryption and
decryption of messages. This secret or private key system has the significant flaw that if the key is
discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public
key cryptography and the public key infrastructure is the preferred approach on the Internet. (The
private key system is sometimes known as symmetric cryptography and the public key system as
asymmetric cryptography.)
A public key infrastructure consists of:

• A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the
public key or information about the public key
• A registration authority (RA) that acts as the verifier for the certificate authority before a digital
certificate is issued to a requester
• A Subscriber is the end user who wish to get digital certificate from certificate authority.
• A Certificate authority is incorrect as it is a part of PKI in which the certificate is created and
signed by a trusted 3rd party.
• A Registration authority is incorrect as it performs the certification registration duties in PKI.
• A X.509 certificate is incorrect as a certificate is the mechanism used to associate a public key
with a collection of components in a manner that is sufficient to uniquely identify the claimed owner.
Edition Page 242-244 or Kindle Location 7131.
Public key infrastructure (PKI) consists of programs, data formats, procedures, communication
protocols, security policies, and public key cryptographic mechanisms working in a comprehensive
manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion.
In other words, a PKI establishes a level of trust within an environment. PKI is an ISO authentication
framework that uses public key cryptography and the X.509 standard. The framework was set up to
enable authentication to happen across different networks and the Internet. Particular protocols and
algorithms are not specified, which is why PKI is called a framework and not a specific technology.
PKI provides authentication, confidentiality, nonrepudiation, and integrity of the messages exchanged.
PKI is a hybrid system of symmetric and asymmetric key algorithms and methods.
PKI is made up of many different parts: certificate authorities, registration authorities, certificates, keys,
and users.
Each person who wants to participate in a PKI requires a digital certificate, which is a credential that
contains the public key for that individual along with other identifying information. The certificate is
created and signed (digital signature) by a trusted third party, which is a certificate authority (CA). When
the CA signs the certificate, it binds the individual s identity to the public key, and the CA takes liability
for the authenticity of that individual. It is this trusted third party (the CA) that allows people who have
never met to authenticate to each other and communicate in a secure method. If Kevin has never met
David, but would like to communicate securely with him, and they both trust the same CA, then Kevin
could retrieve David s digital certificate and start the process.
Question 84
Which of the following services is NOT provided by the digital signature standard (DSS)?
• Authentication
• Digital signature
• Integrity
• Encryption
Correct Answer is: Encryption
Details:
The correct answer is: Encryption
DSS provides Integrity, digital signature and Authentication, but does not provide Encryption.

Question 87
What uses a key of the same length as the message where each bit or character from the plaintext is
encrypted by an exclusive or (XOR) operation?
• One-time pad
• Cipher block chaining
• Running key cipher
• Steganography
Correct Answer is: One-time pad
Details:
The correct answer is: One-time pad
In cryptography, the one-time pad (OTP) is a type of encryption that is impossible to crack if used
correctly.
Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a
secret random key (or pad) of the same length as the plaintext, resulting in a ciphertext. If the key is
truly random, at least as long as the plaintext, never reused in whole or part, and kept secret, the
ciphertext will be impossible to decrypt or break without knowing the key. It has also been proven that
any cipher with the perfect secrecy property must use keys with effectively the same requirements as
OTP keys. However, practical problems have prevented one-time pads from being widely used.
First described by Frank Miller in 1882, the one-time pad was re-invented in 1917 and patented a couple
of years later. It is derived from the Vernam cipher, named after Gilbert Vernam, one of its inventors.
Vernam's system was a cipher that combined a message with a key read from a punched tape. In its
original form, Vernam's system was vulnerable because the key tape was a loop, which was reused
whenever the loop made a full cycle. One-time use came a little later when Joseph Mauborgne
recognized that if the key tape were totally random, cryptanalysis would be impossible.
The "pad " part of the name comes from early implementations where the key material was distributed
as a pad of paper, so the top sheet could be easily torn off and destroyed after use. For easy
concealment, the pad was sometimes reduced to such a small size that a powerful magnifying glass was
required to use it. Photos show captured KGB pads that fit in the palm of one's hand, or in a walnut
shell. To increase security, one-time pads were sometimes printed onto sheets of highly flammable
nitrocellulose so they could be quickly burned.
A running key cipher uses articles in the physical world rather than an electronic algorithm. In classical
cryptography, the running key cipher is a type of polyalphabetic substitution cipher in which a text,
typically from a book, is used to provide a very long keystream. Usually, the book to be used would be
agreed ahead of time, while the passage to use would be chosen randomly for each message and
secretly indicated somewhere in the message.
The Running Key cipher has the same internal workings as the Vigenere cipher. The difference lies in
how the key is chosen; the Vigenere cipher uses a short key that repeats, whereas the running key
cipher uses a long key such as an excerpt from a book. This means the key does not repeat, making
cryptanalysis more difficult. The cipher can still be broken though, as there are statistical patterns in
both the key and the plaintext which can be exploited.
Steganography is a method where the very existence of the message is concealed. It is the art and
science of encoding hidden messages in such a way that no one, apart from the sender and intended
recipient, suspects the existence of the message. it is sometimes referred to as Hiding in Plain Sight.
Cipher block chaining is a DES operating mode. IBM invented the cipher-block chaining (CBC) mode of
operation in 1976. In CBC mode, each block of plaintext is XORed with the previous ciphertext block
before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to
that point. To make each message unique, an initialization vector must be used in the first block.
and
http://en.wikipedia.org/wiki/One-time_pad
http://en.wikipedia.org/wiki/Running_key_cipher
http://en.wikipedia.org/wiki/Cipher_block_chaining#Cipher-block_chaining_.28CBC.29
Question 91
What is the maximum allowable key size of the Rijndael encryption algorithm?
• 128 bits
• 512 bits
• 192 bits
• 256 bits
Details:
The correct answer is: 256 Bits
The Rijndael algorithm, chosen as the Advanced Encryption Standard (AES) to replace DES, can be
categorized as an iterated block cipher with a variable block length and key length that can be
independently chosen as 128, 192 or 256 bits.
Below you have a summary of the differences between AES and Rijndael.
AES is the advanced encryption standard defined by FIPS 197. It is implemented differently than
Rijndael:
FIPS-197 specifies that the block size must always be 128 bits in AES, and that the key size may be either
128, 192, or 256 bits. Therefore AES-128, AES-192, and AES-256 are actually:
Key Size (bits) Number of rounds Block Size (bits)
AES-128 128 10 Rounds 128
AES-192 192 12 Rounds 128
AES-256 256 14 Rounds 128

Some book will say "up to 9 rounds will be done with a 128 bits keys". Really it is 10 rounds because
you must include round zero which is the first round.
By contrast, the Rijndael specification per se is specified with block and key sizes that may be any
multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.
and
FIPS 197
and
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Question 102
Which of the following describes a technique in which a number of processor units are employed in a
single computer system to increase the performance of the system in its application environment above
the performance of a single processor of the same kind?
• Multitasking
• Multiprocessing
• Pipelining
• Multiprogramming
Correct Answer is: Multiprocessing
Details:
The correct answer is: Multiprocessing
Multiprocessing is an organizational technique in which a number of processor units are employed in a

single computer system to increase the performance of the system in its application environment above
the performance of a single processor of the same kind. In order to cooperate on a single application or
class of applications, the processors share a common resource. Usually this resource is primary memory,
and the multiprocessor is called a primary memory multiprocessor. A system in which each processor
has a private (local) main memory and shares secondary (global) memory with the others is a secondary
memory multiprocessor, sometimes called a multicomputer system because of the looser coupling
between processors. The more common multiprocessor systems incorporate only processors of the
same type and performance and thus are called homogeneousmultiprocessors; however,
heterogeneous multiprocessors are also employed. A special case is the attached processor, in which a
second processor module is attached to a first processor in a closely coupled fashion so that the first can
perform input/output and operating system functions, enabling the attached processor to concentrate
on the application workload.
Multiprogramming: The interleaved execution of two or more programs by a computer, in which the
central processing unit executes a few instructions from each program in succession.
Multitasking: The concurrent operation by one central processing unit of two or more processes.
Pipelining: A procedure for processing instructions in a computer program more rapidly, in which each
instruction is divided into numerous small stages, and a population of instructions are in various stages
at any given time. One instruction does not have to wait for the previous one to complete all of the
stages before it gets into the pipeline. It would be similiar to an assembly chain in the real world.
http://www.answers.com/topic/multiprocessing?cat=technology
http://www.answers.com/multitasking?cat=biz-fin
http://www.answers.com/pipelining?cat=technology
Question 103
What can best be described as an abstract machine which must mediate all access to subjects to
objects?
• The security perimeter
• The security kernel
• A security domain
Correct Answer is: The reference monitor
Details:
The correct answer is: The reference monitor
The reference monitor is an abstract machine which must mediate all access to subjects to objects, be
protected from modification, be verifiable as correct, and is always invoked. The security kernel is the
hardware, firmware and software elements of a trusted computing base that implement the reference
monitor concept. The security perimeter includes the security kernel as well as other security-related
system functions that are within the boundary of the trusted computing base. System elements that are
outside of the security perimeter need not be trusted. A security domain is a domain of trust that shares
a single security policy and single management.
Question 104
Which TCSEC class specifies discretionary protection?
• C2
• B2
• B1
• C1
Correct Answer is: C1
Details:
The correct answer is: C1
C1 involves discretionary protection, C2 involves controlled access protection, B1 involves labeled

security protection and B2 involves structured protection.
Question 105
Who is responsible for implementing user clearances in computer-based information systems at the B3
level of the TCSEC rating ?
• Data custodians
• Data owners
• Security administrators
• Operators
Correct Answer is: Security administrators
Details:
The correct answer is: Security administrators
Security administrator functions include user-oriented activities such as setting user clearances, setting
initial password, setting other security characteristics for new users or changing security profiles for
existing users. Data owners have the ultimate responsibility for protecting data, thus determining proper
user access rights to data.
Question 106
Which access control model achieves data integrity through well-formed transactions and separation of
duties?
• Non-interference model
• Sutherland model
• Biba model
• Clark-Wilson model
Correct Answer is: Clark-Wilson model
Details:
The correct answer is: Clark-Wilson model
The Clark-Wilson model differs from other models that are subject- and object- oriented by introducing
a third access element programs resulting in what is called an access triple, which prevents unauthorized
users from modifying data or programs. The Biba model uses objects and subjects and addresses
integrity based on a hierarchical lattice of integrity levels. The non-interference model is related to the
information flow model with restrictions on the information flow. The Sutherland model approaches
integrity by focusing on the problem of inference.

ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology
(page 12).
And: KRAUSE, Micki & TIPTON, Harold F., Handbook of Information Security Management, CRC Press,
1997, Domain 1: Access Control.
Question 107
Which of the following fire extinguishing systems incorporating a detection system is currently the most
recommended water system for a computer room?
• Dry pipe
• Deluge
• Preaction
• Wet pipe
Correct Answer is: Preaction
Details:
The correct answer is: Preaction
The preaction system combines both the dry and wet pipe systems, by first releasing the water into the
pipes when heat is detected (dry pipe), then releasing the water flow when the link in the nozzle melts
(wet pipe).
This allows manual intervention before a full discharge of water on the equipment occurs. This is
currently the most recommended water system for a computer room.
According to the ISC2 Official Study Guide:
All buildings should be equipped with an effective fire suppression system, providing the building with
around the clock protection. Traditionally, fire suppression systems employed arrays of water sprinklers
that would douse a fire and surrounding areas.
Sprinkler systems are classified into four different groups: wet, dry, preaction, and deluge.
■ Wet systems have a constant supply of water in them at all times; these sprinklers once activated will
not shut off until the water source is shut off.
■ Dry systems do not have water in them. The valve will not release until the electric valve is stimulated
by excess heat.
■ Pre-action systems incorporate a detection system, which can eliminate concerns of water damage
due to false activations. Water is held back until detectors in the area are activated.
■ Deluge systems operate in the same function as the pre-action system except all sprinkler heads are in
the open position. Water may be a sound solution for large physical areas such as warehouses, but it is
entirely inappropriate for computer equipment. A water spray can irreparably damage hardware more
quickly than encroaching smoke or heat. Gas suppression systems operate to starve the fire of oxygen.
In the past, Halon was the choice for gas suppression systems; however, Halon leaves residue, depletes
the ozone layer, and can injure nearby personnel.
Shon Harris in her latest study guide says:
Four main types of water sprinkler systems are available: wet pipe, dry pipe, preaction, and deluge.
• Wet pipe Wet pipe systems always contain water in the pipes and are usually discharged by
temperature control-level sensors. One disadvantage of wet pipe systems is that the water in the pipes
may freeze in colder climates. Also, if there is a nozzle or pipe break, it can cause extensive water
damage. These types of systems are also called closed head systems.
• Dry pipe In dry pipe systems, the water is not actually held in the pipes. The water is contained in a
“holding tank” until it is released. The pipes hold pressurized air, which is reduced when a fire or smoke
alarm is activated, allowing the water valve to be opened by the water pressure. Water is not allowed
into the pipes that feed the sprinklers until an actual fire is detected. First, a heat or smoke sensor is
activated; then, the water fills the pipes leading to the sprinkler heads, the fire alarm sounds, the
electric power supply is disconnected, and finally water is allowed to flow from the sprinklers. These
pipes are best used in colder climates because the pipes will not freeze.
• Preaction Preaction systems are similar to dry pipe systems in that the water is not held in the pipes,
but is released when the pressurized air within the pipes is reduced. Once this happens, the pipes are
filled with water, but it is not released right away. A thermal-fusible link on the sprinkler head has to
melt before the water is released. The purpose of combining these two techniques is to give people
more time to respond to false alarms or to small fires that can be handled by other means. Putting out a
small fire with a handheld extinguisher is better than losing a lot of electrical equipment to water
damage. These systems are usually used only in data processing environments rather than the whole
building, because of the higher cost of these types of systems.
• Deluge A deluge system has its sprinkler heads wide open to allow a larger volume of water to be
released in a shorter period. Because the water being released is in such large volumes, these systems
are usually not used in data processing environments.
Security, John Wiley & Sons, 2001, Chapter 10: Physical security (page 336).
and
Corporate; (Isc)² (2010-04-20). Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press)
(Kindle Locations 14379-14391). Taylor & Francis. Kindle Edition.
and
and
Question 108
Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady
power is required to maintain the proper personnel environment as well as to sustain data operations.
Which of the following is not an element that can threaten power systems?
• UPS
• Faulty Ground
• Brownouts
• Transient Noise
Correct Answer is: UPS
Details:
The correct answer is: UPS
An uninterruptible power supply, also uninterruptible power source, UPS or battery/flywheel backup, is
an electrical apparatus that provides emergency power to a load when the input power source, typically
mains power, fails. A UPS differs from an auxiliary or emergency power system or standby generator in
that it will provide near-instantaneous protection from input power interruptions, by supplying energy
stored in batteries or a flywheel. The on-battery runtime of most uninterruptible power sources is
relatively short (only a few minutes) but sufficient to start a standby power source or properly shut
down the protected equipment.
A UPS is typically used to protect computers, data centers, telecommunication equipment or other
electrical equipment where an unexpected power disruption could cause injuries, fatalities, serious
business disruption or data loss.
The primary role of any UPS is to provide short-term power when the input power source fails. However,
most UPS units are also capable in varying degrees of correcting common utility power problems:
1. Voltage spike or sustained Overvoltage
2. Momentary or sustained reduction in input voltage.
3. Noise, defined as a high frequency transient or oscillation, usually injected into the line by
nearby equipment.
4. Instability of the mains frequency.
5. Harmonic distortion: defined as a departure from the ideal sinusoidal waveform expected on
the line.
NOTE:
Some organization are constantly running off the UPS. Of course in such case if the online UPS would
fail and you did not think about redundancy, it could contribute to failure instead of helping to avoid
power failure. It was reported by a few quiz takers that standby UPS could create issues as well. I
totally agree but this is more the exception than the norm. Any countermeasures, safeguards, or
controls not deployed or maintained properly could introduce risks instead of minimizing their effect or
preventing them. Once again, the question is not attempting to look at ALL possible issues and
situations, you must remain within the context of the question, you look at the four choice and see
which one is the best according to the question presented. Looking at the 4 choices presented along
with this question, UPS is definitively the least likely to cause power issues.
http://en.wikipedia.org/wiki/Uninterruptible_power_supply
Question 109
The ideal operating humidity range is defined as 40 percent to 60 percent. High humidity (greater than
60 percent) can produce what type of problem on computer parts?
• Corrosion
• Energy-plating
• Element-plating
• Static electricity
Correct Answer is: Corrosion
Details:
Security, 2001, John Wiley & Sons, Page 333.
Question 110
In a dry pipe system, there is no water standing in the pipe - it is being held back by what type of valve?
• Clapper valve
• Emergency valve
• Relief valve
• Release valve
Correct Answer is: Clapper valve

Details:
The correct answer is: Clapper Valve
Dry pipe sprinkler systems commonly are used where he ambient temperature of the space they are
protecting is expected to be less than 40 °F (4.4 °C). The sprinkler pipe is filled with compressed air or
nitrogen that is released
when a sprinkler opens and allows the dry pipe valve to open, filling the overhead pipes with water.
This prevent the pipes from freezing in unattended facilities such as warehouses.
What keeps water from entering the sprinkler pipes prematurely?
The dry pipe valve is designed so that the pressure from the compressed air or nitrogen keeps the valve
closed until it is needed.
Look at the interior of the valve assembly in the photograph above. The waterway at the bottom is
smaller than the air chamber above the clapper valve. This design enables it to enjoy the mechanical
advantage of the “differential principle.” The larger surface area under relatively low air pressure is able
to hold back the water pressure from the smaller orifice.
In most dry pipe valves, this differential principle operates on a ratio of about 1:6; one unit of air
pressure will resist six units of water pressure. If, for example, the incoming water pressure were 60 psi
(4.1 bar), the differential principle created by the larger surface area would allow as little as 10 psi (0.7
bar) air pressure to keep the valve closed. Some “low-differential” dry pipe valves operate with an air to
water ressure ratio of 1:1.2.
While the minimum air pressure will keep the dry pipe valve closed during normal conditions, most
sprinkler fitters will put an additional 20 psi (1.4 bar) air pressure on the system to prevent inadvertent
valve operation in the event of a small air leak.
The National Fire Protection Association (NFPA) 13, Standard for the installation of Automatic Sprinkler
Systems, provides guidance on minimum air pressure that must be maintained. Another important
feature of this dry pipe valve is the latching device pictured in the upper left hand corner. This
attachment is designed to hold the heavy dry pipe valve in the open position once it operates so that it
does not interfere with water flowing to control a fire.
For additional information, refer to NFPA 13, Standard for the Installation of Automatic Sprinkler
Systems.
All of the other choices presented within the question were only detractors and not good responses for
this specific question.
And
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: GOLD EDITION, John Wiley & Sons, 2002,
page 471.
and
The United State Fire Administration at

http://www.usfa.dhs.gov/downloads/pdf/coffee-break/cb_fp_2010_20.pdf
CISA review manual 2014 Page number 373 and 374
Question 111
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection
states that critical areas should be illuminated up to?
• Illuminated at nine feet high with at least three foot-candles
• Illuminated at nine feet high with at least two foot-candles
• Illuminated at eight feet high with at least two foot-candles

• Illuminated at eight feet high with at least three foot-candles
Correct Answer is: Illuminated at eight feet high with at least two foot-candles
Details:
The correct answer is: Illimunated at eight feet high with at least two foot-candles
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection
states that critical areas should be illuminated eight feet high with at least two foot-candles.
It can also be referred to as illuminating to a height of eight feet, with a BRIGHTNESS of two foot-
candles.
One footcandle ≈ 10.764 lux. The footcandle (or lumen per square foot) is a non-SI unit of illuminance.
Like the BTU, it is obsolete but it is still in fairly common use in the United States, particularly in
construction-related engineering and in building codes. Because lux and footcandles are different units
of the same quantity, it is perfectly valid to convert footcandles to lux and vice versa.
The name "footcandle" conveys "the illuminance cast on a surface by a one-candela source one foot
away." As natural as this sounds, this style of name is now frowned upon, because the dimensional
formula for the unit is not foot • candela, but lumens per square foot.
Some sources do however note that the "lux" can be thought of as a "metre-candle" (i.e. the illuminance
cast on a surface by a one-candela source one meter away). A source that is farther away casts less
illumination than one that is close, so one lux is less illuminance than one footcandle. Since illuminance
follows the inverse-square law, and since one foot = 0.3048 m, one lux = 0.30482 footcandle ≈ 1/10.764
footcandle.
TIPS FROM CLEMENT:
Illuminance (light level) – The amount of light, measured in foot-candles (US unit), that falls n a surface,
either horizontal or vertical.
Parking lots lighting needs to be an average of 2 foot candles; uniformity of not more than 3:1, no area
less than 1 fc.
All illuminance measurements are to be made on the horizontal plane with a certified light meter
calibrated to NIST standards using traceable light sources.
The CISSP Exam Cram 2 from Michael Gregg says:
Lighting is a commonly used form of perimeter protection.

Some studies have found that up to 80% of criminal acts at businesses and shopping centers happen in
adjacent parking lots. Therefore, it's easy to see why lighting can be such an important concern.
Outside lighting discourages prowlers and thieves.
The National Institute of Standards and Technologies (NIST) states that, for effective perimeter control,
buildings should be illuminated 8 feet high, with 2-foot candle power.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 325.
and
Shon's AIO v5 pg 459
and
http://en.wikipedia.org/wiki/Foot-candle
Question 112
Another type of access control is lattice-based access control. In this type of control a lattice model is
applied. How is this type of access control concept applied?
• The pair of elements is the subject and object, and the subject has an upper bound equal or
higher than the upper bound of the object being accessed.
• The pair of elements is the subject and object, and the subject has no access rights in relation
to an object.
• The pair of elements is the subject and object, and the subject has no special upper or lower
bound needed within the lattice.
• The pair of elements is the subject and object, and the subject has an upper bound lower than
the upper bound of the object being accessed.
Correct Answer is: The pair of elements is the subject and object, and the subject has an upper bound
equal or higher than the upper bound of the object being accessed.
Details:
The correct answer is: The pair of elements is the subject and object, and the subject has an upper
bound equal or higher than the upper bound of the object being accessed.
In this type of control, a lattice model is applied.
To apply this concept to access control, the pair of elements is the subject and object, and the subject
has to have an upper bound equal or higher than the object being accessed.
WIKIPEDIA has a great explanation as well:
In computer security, lattice-based access control (LBAC) is a complex access control based on the
interaction between any combination of objects (such as resources, computers, and applications) and
subjects (such as individuals, groups or organizations).
In this type of label-based mandatory access control model, a lattice is used to define the levels of
security that an object may have and that a subject may have access to. The subject is only allowed to
access an object if the security level of the subject is greater than or equal to that of the object.
and
http://en.wikipedia.org/wiki/Lattice-based_access_control
Question 113
Which of the following is not a valid certification rule, ensuring integrity monitoring in the Clark-Wilson
access control model?
• Duties are separated.
• Transformational procedures (programs) operate only on unconstrained data items.
• Constrained data items are consistent.
• Accesses are logged.
Correct Answer is: Transformational procedures (programs) operate only on unconstrained data items.
Details:
The correct answer is: Transformational procedures (programs) operate only on unconstrained data
items.
This is NOT true which makes it the correct answer. Clark-Wilson will operate on both contrained and
unconstrained data item. The Data that transformational procedures or programs modifies are called
constrained data itemsbecause they are constrained in the sense that only transformational procedures
may modify them and that integrity verification procedures exercise constraints on them to ensure that
they have certain properties, of which consistency and conformance to the real world are two of the
most significant. Unconstrained data items are all other data, chiefly the keyed input to
transformational procedures.
All formal access control models released prior to the Clark-Wilson model treat an ordered
subject/object pair — that is, a user and an item or collection of data, with respect to a fixed relationship
(e.g., read or write) between the two.
The Clark-Wilson integrity model provides a foundation for specifying and analyzing an integrity policy
for a computing system. The model is primarily concerned with formalizing the notion of information
integrity. Information integrity is maintained by preventing corruption of data items in a system due to
either error or malicious intent. An integrity policy describes how the data items in the system should
be kept valid from one state of the system to the next and specifies the capabilities of various principals
in the system. The model defines enforcement rules and certification rules.
Accordingly, they treat an ordered subject/program/object triple. They use the term “transformational
procedure” for program to make it clear that the program has integrity-relevance because it modifies or
transforms data according to a rule or procedure.
Once subjects have been constrained so that they can gain access to objects only through specified
transformational procedures, the transformational procedures can be embedded with whatever logic is
needed to effect limitation of privilege and separation of duties. The transformational procedures can
themselves control access of subjects to objects at a level of granularity finer than that available to the
system. What is more, they can exercise finer controls (e.g., reasonableness and consistency checks on
unconstrained data items) for such purposes as double-entry bookkeeping, thus making sure that
whatever is subtracted from one account is added to another so that assets are conserved in
transactions.
Basic principles
The model’s enforcement and certification rules define data items and processes that provide the basis
for an integrity policy. The core of the model is based on the notion of a transaction.
• A well-formed transaction is a series of operations that transition a system from one consistent
state to another consistent state.
• In this model the integrity policy addresses the integrity of the transactions.
• The principle of separation of duty requires that the certifier of a transaction and the
implementer be different entities.
The model contains a number of basic constructs that represent both data items and processes that
operate on those data items. The key data type in the Clark-Wilson model is a Constrained Data Item
(CDI). An Integrity Verification Procedure (IVP) ensures that all CDIs in the system are valid at a certain
state. Transactions that enforce the integrity policy are represented by Transformation Procedures
(TPs). A TP takes as input a CDI or Unconstrained Data Item (UDI) and produces a CDI. A TP must
transition the system from one valid state to another valid state. UDIs represent system input (such as
that provided by a user or adversary). A TP must guarantee (via certification) that it transforms all
possible values of a UDI to a “safe” CDI.
Rules
To ensure that integrity is attained and preserved, Clark and Wilson assert, certain integrity-monitoring
and integrity-preserving rules are needed. Integrity-monitoring rules are called certification rules, and
integrity-preserving rules are called enforcement rules.
These certification rules address the following notions:
• Constrained data items are consistent.
• Transformational procedures (programs) act validly.
• Duties are separated.
• Accesses are logged.
• Unconstrained data (input) items are validated.
The enforcement rules specify how the integrity of constrained data items and triples must be
maintained and require that subjects’ identities be authenticated, that triples be carefully managed, and
that transformational procedures be executed serially and not in parallel.
DUPUIS, Clement, Access Control Systems and Methodology CISSP Open Study Guide, version 1.0, march
2002 (page 40). Available at http://www.cccure.org.
and
https://secure.wikimedia.org/wikipedia/en/wiki/Clark-Wilson_model
and
http://www.cccure.org/Documents/HISM/087-089.html
http://www.cccure.org/Documents/HISM/089-092.html
Question 114
What principle focuses on the uniqueness of separate objects that must be joined together to perform a
task? It is sometimes referred to as “what each must bring” and joined together when getting access or
decrypting a file. Each of which does NOT reveal the other?
• Dual control
• Split knowledge
• Separation of duties
• Need to know
Correct Answer is: Split knowledge
Details:
The correct answer is: Split Knowledge
Split knowledge involves encryption keys being separated into two components, each of which does not
reveal the other. Split knowledge is the other complementary access control principle to dual control.
In cryptographic terms, one could say dual control and split knowledge are properly implemented if no
one person has access to or knowledge of the content of the complete cryptographic key being
protected by the two processes.
The sound implementation of dual control and split knowledge in a cryptographic environment
necessarily means that the quickest way to break the key would be through the best attack known for
the algorithm of that key. The principles of dual control and split knowledge primarily apply to access to
plaintext keys.
Access to cryptographic keys used for encrypting and decrypting data or access to keys that are
encrypted under a master key (which may or may not be maintained under dual control and split
knowledge) do not require dual control and split knowledge. Dual control and split knowledge can be
summed up as the determination of any part of a key being protected must require the collusion
between two or more persons with each supplying unique cryptographic materials that must be joined
together to access the protected key.
Any feasible method to violate the axiom means that the principles of dual control and split knowledge
are not being upheld.
Split knowledge is the unique “what each must bring” and joined together when implementing dual
control. To illustrate, a box containing petty cash is secured by one combination lock and one keyed lock.
One employee is given the combination to the combo lock and another employee has possession of the
correct key to the keyed lock.
In order to get the cash out of the box both employees must be present at the cash box at the same
time. One cannot open the box without the other. This is the aspect of dual control.
On the other hand, split knowledge is exemplified here by the different objects (the combination to the
combo lock and the correct physical key), both of which are unique and necessary, that each brings to
the meeting. Split knowledge focuses on the uniqueness of separate objects that must be joined
together.
Dual control has to do with forcing the collusion of at least two or more persons to combine their split
knowledge to gain access to an asset. Both split knowledge and dual control complement each other
and are necessary functions that implement the segregation of duties in high integrity cryptographic
environments.
Dual control is a procedure that uses two or more entities (usually persons) operating in concert to
protect a system resource, such that no single entity acting alone can access that resource. Dual control
is implemented as a security procedure that requires two or more persons to come together and collude
to complete a process. In a cryptographic system the two (or more) persons would each supply a unique
key, that when taken together, performs a cryptographic process. Split knowledge is the other
complementary access control principle to dual control.
Separation of duties - The practice of dividing the steps in a system function among different individuals,
so as to keep a single individual from subverting the process.
The need-to-know principle requires a user having necessity for access to, knowledge of, or possession
of specific information required to perform official tasks or services.
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Cryptography
(Kindle Locations 1621-1635). . Kindle Edition.
and
and
Shon Harris, CISSP All In One (AIO), 6th Edition , page 126
Question 115
Which TCSEC level is labeled Controlled Access Protection?
• C3
• B1
• C2
• C1
Details:
C2 is labeled Controlled Access Protection.
The TCSEC defines four divisions: D, C, B and A where division A has the highest security.
Each division represents a significant difference in the trust an individual or organization can place on
the evaluated system. Additionally divisions C, B and A are broken into a series of hierarchical
subdivisions called classes: C1, C2, B1, B2, B3 and A1.
Each division and class expands or modifies as indicated the requirements of the immediately prior
division or class.
D — Minimal protection
• Reserved for those systems that have been evaluated but that fail to meet the requirements for
a higher division
C — Discretionary protection
• C1 — Discretionary Security Protection
o Identification and authentication
o Separation of users and data
o Discretionary Access Control (DAC) capable of enforcing access limitations on an individual basis
o Required System Documentation and user manuals
• C2 — Controlled Access Protection
o More finely grained DAC
o Individual accountability through login procedures
o Audit trails
o Object reuse
o Resource isolation
B — Mandatory protection
• B1 — Labeled Security Protection
o Informal statement of the security policy model
o Data sensitivity labels
o Mandatory Access Control (MAC) over selected subjects and objects
o Label exportation capabilities
o All discovered flaws must be removed or otherwise mitigated
o Design specifications and verification
• B2 — Structured Protection
o Security policy model clearly defined and formally documented
o DAC and MAC enforcement extended to all subjects and objects
o Covert storage channels are analyzed for occurrence and bandwidth
o Carefully structured into protection-critical and non-protection-critical elements
o Design and implementation enable more comprehensive testing and review
o Authentication mechanisms are strengthened
o Trusted facility management is provided with administrator and operator segregation
o Strict configuration management controls are imposed

• B3 — Security Domains
o Satisfies reference monitor requirements
o Structured to exclude code not essential to security policy enforcement
o Significant system engineering directed toward minimizing complexity
o Security administrator role defined
o Audit security-relevant events
o Automated imminent intrusion detection, notification, and response
o Trusted system recovery procedures
o Covert timing channels are analyzed for occurrence and bandwidth
o An example of such a system is the XTS-300, a precursor to the XTS-400
A — Verified protection
• A1 — Verified Design
o Functionally identical to B3
o Formal design and verification techniques including a formal top-level specification
o Formal management and distribution procedures
o An example of such a system is Honeywell's Secure Communications Processor SCOMP, a

precursor to the XTS-400
• Beyond A1
o System Architecture demonstrates that the requirements of self-protection and completeness

for reference monitors have been implemented in the Trusted Computing Base (TCB).
o Security Testing automatically generates test-case from the formal top-level specification or
formal lower-level specifications.
o Formal Specification and Verification is where the TCB is verified down to the source code level,
using formal verification methods where feasible.
o Trusted Design Environment is where the TCB is designed in a trusted facility with only trusted
(cleared) personnel.
C1 is Discretionary security
C3 does not exists, it is only a detractor
B1 is called Labeled Security Protection.

HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999. Available
at http://www.cccure.org.
and
Question 116
Which of the following statements pertaining to block ciphers is incorrect?
• Plain text is encrypted with a public key and decrypted with a private key.
• It is more suitable for software than hardware implementations.
• Some Block ciphers can operate internally as a stream.
• It operates on fixed-size blocks of plaintext.
Correct Answer is: Plain text is encrypted with a public key and decrypted with a private key.
Details:
The correct answer is: Plain text is encrypted with a public key and decrypted with a private key.
Block ciphers do not use public cryptography (private and public keys).
Block ciphers is a type of symmetric-key encryption algorithm that transforms a fixed-size block of
plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length.
They are appropriate for software implementations and can operate internally as a stream. See more
info below about DES in Output Feedback Mode (OFB), which makes use internally of a stream cipher.
The output feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates
keystreamblocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with
other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same
location. This property allows many error correcting codes to function normally even when applied
before encryption.
Wikipedia on Block Cipher mode at: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
and
http://www.itl.nist.gov/fipspubs/fip81.htm
Question 117
Cryptography does NOT help in:
• Detecting fraudulent insertion.
• Detecting fraudulent deletion.
• Detecting fraudulent modification.
• Detecting fraudulent disclosure.
Correct Answer is: Detecting fraudulent disclosure.
Details:
The correct answer is: Detecting fraudulent disclosure.
Cryptography is a detective control in the fact that it allows the detection of fraudulent insertion,
deletion or modification. It also is a preventive control is the fact that it prevents disclosure, but it
usually does not offers any means of detecting disclosure.
DUPUIS, Clement, CISSP Open Study Guide on domain 5, cryptography, April 1999. Available at
http://www.cccure.org.
Question 118
Which of the following is best at defeating frequency analysis?
• Ceasar Cipher
• Polyalphabetic cipher
• Replacement cipher
• Substitution cipher
Correct Answer is: Polyalphabetic cipher
Details:
The correct answer is: Polyalphabetic cipher
Out of list presented, it is the Polyalphabetic cipher that would provide the best protection against
simple frequency analysis attacks. Polyalphabetic ciphers use different alphabets and a keyword to
defeat frequency analysis.
Simple substitution ciphers are vulnerable to attacks that perform frequency analysis.
In every language, there are words and patterns that are used more than others.
Some patterns common to a language can actually help attackers figure out the transformation between
plaintext and ciphertext, which enables them to figure out the key that was used to perform the
transformation.
The ceasar cipher is a very simple substitution cipher that can be easily defeated and it does show
repeating letters.
There is no such thing as a replacement cipher.

A Sustitution cipher is the category the Ceasar Cipher belong to. Substitution cipher are vulnerable to
frequency analysis attacks.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 8:
And : DUPUIS, Clement, CISSP Open Study Guide on domain 5, cryptography, April 1999. Available at
Question 119
What is the maximum key size for the RC5 algorithm?
• 128 bits
• 2040 bits
• 256 bits
• 1024 bits
Details:
RC5 is a fast block cipher created by Ron Rivest and analyzed by RSA Data Security, Inc.
It is a parameterized algorithm with a variable block size, a variable key size, and a variable number of
rounds.
Allowable choices for the block size are 32 bits (for experimentation and evaluation purposes only), 64
bits (for use a drop-in replacement for DES), and 128 bits.
The number of rounds can range from 0 to 255, while the key can range from 0 bits to 2040 bits in size.
Please note that some sources such as the latest Shon Harris book mentions that RC5 maximum key size
is of 2048, not 2040 bits. I would definitively use RSA as the authoritative source which specifies a key of
2040 bits. It is an error in Shon's book.
The OIG book says:
RC5 was developed by Ron Rivest of RSA and is deployed in many of RSA’s products. It is a very
adaptable product useful for many applications, ranging from software to hardware implementations.
The key for RC5 can vary from 0 to 2040 bits, the number of rounds it executes can be adjusted from 0
to 255, and the length of the input words can also be chosen from 16-, 32-, and 64-bit lengths.
The following answers were incorrect choices:
All of the other answers were wrong.
http://www.rsa.com/rsalabs/node.asp?id=2251, What are RC5 and RC6, RSA The Security Division of
EMC.
From Rivest himself, see http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf
Also see the draft IETF IPSEC standard which clearly mention that it is in fact 2040 bits as a MAXIMUM
key size:
http://www.tools.ietf.org/html/draft-ietf-ipsec-esp-rc5-cbc-00
http://en.wikipedia.org/wiki/RC5, Mention a maximum key size of 2040 as well.
Thanks to Anton Khitrenovich for providing the proper URL to the RSA web site
Thanks to Neil Schworm for sending feedback to improve this question.
TIP:
Whenever you have conflicting information within books or papers always attempt to go to the most
authoritative source. The letter R within RC5 is the same as the letter R within RSA. It is related to the
name of the person who created the algorithm. In this case it is Rivest such as Rivest Cipher 5 (RC5). If
Rivest says the key is 2040 I would tend to believe him :-)
Question 120
What prevents a process from accessing another process' data?
• Data hiding
• Memory segmentation
• Process isolation
Correct Answer is: Process isolation
Details:
The correct answer is: Process isolation
Process isolation is where each process has its own distinct address space for its application code and
data. In this way, it is possible to prevent each process from accessing another process' data. This
prevents data leakage, or modification to the data while it is in memory. Memory segmentation is a
virtual memory management mechanism. The reference monitor is an abstract machine that mediates
all accesses to objects by subjects. Data hiding, also known as information hiding, is a mechanism that
makes information available at one processing level is not available at another level.
HARE, Chris, Security Architecture and Models, Area 6 CISSP Open Study Guide, January 2002. Available
Question 121
What can best be defined as the sum of protection mechanisms inside the computer, including
hardware, firmware and software?
• Trusted computing base
• Security perimeter
• Trusted system
• Security kernel
Correct Answer is: Trusted computing base
Details:
The correct answer is: Trusted computing base
The Trusted Computing Base (TCB) is defined as the total combination of protection mechanisms within
a computer system. The TCB includes hardware, software, and firmware. These are part of the TCB
because the system is sure that these components will enforce the security policy and not violate it.
The security kernel implements and enforces the reference monitor concept.
AIOv4 Security Models and Architecture pgs 268, 273

Thanks to Tim Cline for providing feedback to improve this question.
Question 122
Which security model is based on the military classification of data and people with clearances?
• Brewer-Nash model
• Clark-Wilson model
• Bell-LaPadula model
• Biba model
Correct Answer is: Bell-LaPadula model
Details:
The correct answer is: Bell-LaPadula model
The Bell-LaPadula model is a confidentiality model for information security based on the military
classification of data, on people with clearances and data with a classification or sensitivity model. The
Biba, Clark-Wilson and Brewer-Nash models are concerned with integrity.
Question 123
What can be BEST defined as the detailed examination and testing of the security features of an IT
system or product to ensure that they work correctly and effectively as per the evaluation criteria?
• Certification
• Accreditation
• Evaluation
• Acceptance testing
Correct Answer is: Evaluation
Details:
The correct answer is: Evaluation
Evaluation as a general term is described as the process of independently assessing a system against a
standard of comparison, such as evaluation criteria. Evaluation criterias are defined as a benchmark,
standard, or yardstick against which accomplishment, conformance, performance, and suitability of an
individual, hardware, software, product, or plan, as well as of risk-reward ratio is measured.
What is computer security evaluation?
Computer security evaluation is the detailed examination and testing of the security features of an IT
system or product to ensure that they work correctly and effectively and do not show any logical
vulnerabilities. The Security Target determines the scope of the evaluation. It includes a claimed level of
Assurance that determines how rigorous the evaluation is.
Criteria
Criteria are the "standards" against which security evaluation is carried out. They define several degrees
of rigour for the testing and the levels of assurance that each confers. They also define the formal
requirements needed for a product (or system) to meet each Assurance level.
TCSEC
The US Department of Defense published the first criteria in 1983 as the Trusted Computer Security
Evaluation Criteria (TCSEC), more popularly known as the "Orange Book". The current issue is dated
1985. The US Federal Criteria were drafted in the early 1990s as a possible replacement but were never
formally adopted.
ITSEC
During the 1980s, the United Kingdom, Germany, France and the Netherlands produced versions of their
own national criteria. These were harmonised and published as the Information Technology Security
Evaluation Criteria (ITSEC). The current issue, Version 1.2, was published by the European Commission in
June 1991. In September 1993, it was followed by the IT Security Evaluation Manual (ITSEM) which
specifies the methodology to be followed when carrying out ITSEC evaluations.
Common Criteria
The Common Criteria represents the outcome of international efforts to align and develop the existing
European and North American criteria. The Common Criteria project harmonises ITSEC, CTCPEC
(Canadian Criteria) and US Federal Criteria (FC) into the Common Criteria for Information Technology
Security Evaluation (CC) for use in evaluating products and systems and for stating security requirements
in a standardised way. Increasingly it is replacing national and regional criteria with a worldwide set
accepted by the International Standards Organisation (ISO15408).
Certification is the process of performing a comprehensive analysis of the security features and
safeguards of a system to establish the extent to which the security requirements are satisfied. Shon
Harris states in her book that Certification is the comprehensive technical evaluation of the security
components and their compliance for the purpose of accreditation.
Wikipedia describes it as: Certification is a comprehensive evaluation of the technical and non-technical
security controls (safeguards) of an information system to support the accreditation process that
establishes the extent to which a particular design and implementation meets a set of specified security
requirements
Accreditation is the official management decision to operate a system. Accreditation is the formal
declaration by a senior agency official (Designated Accrediting Authority (DAA) or Principal Accrediting
Authority (PAA)) that an information system is approved to operate at an acceptable level of risk, based
on the implementation of an approved set of technical, managerial, and procedural security controls
(safeguards).
Acceptance testing refers to user testing of a system before accepting delivery.
and
https://en.wikipedia.org/wiki/Certification_and_Accreditation
and
http://www.businessdictionary.com/definition/evaluation-criteria.html
and
http://www.cesg.gov.uk/products_services/iacs/cc_and_itsec/secevalcriteria.shtml
Question 124
Which TCSEC level first addresses object reuse?
• B2
• B3
• C2
• B1
Details:
Magnetic media must not have any remanence of previous data in order to be reused. This also applies
to buffers, cache and other memory allocation and is required at TCSEC C2 levels.
Security Models and Architecture (page 253).
Question 125
System reliability is increased by:

• A higher MTBF and a lower MTTR.
• A lower MTBF and a higher MTTR.
• A higher MTBF and a higher MTTR.
• A lower MTBF and a lower MTTR.
Correct Answer is: A higher MTBF and a lower MTTR.
Details:
The correct answer is: A higher MTBF and a lower MTTR.
In general, reliability (systemic def.) is the ability of a person or system to perform and maintain its
functions in routine circumstances, as well as hostile or unexpected circumstances.
Mean-time-between failure (MTBF) is the average length of time the hardware is functional without
failure.
Mean-time-to-repair is the amount of time it takes to repair and resume normal operation after a failure
has occurred.
Having a higher MTBF and a lower MTTR will increase the reliability of a piece of equipment, thus the
system's overall reliability.
VALLABHANENI, S. Rao, CISSP Examination Textbooks, Volume 2: Practice, SRV Professional Publications,
2002, Chapter 8, Business Continuity Planning & Disaster Recovery Planning (page 496).
also see:
http://en.wikipedia.org/wiki/Reliability
Thanks to Andrew Codrington for providing feedback to improve this question.
Question 126
Which fire class can water be most appropriate for?
• Class A fires
• Class D fires
• Class C fires
• Class B fires
Correct Answer is: Class A fires
Details:
The correct answer is: Class A fires
Water is appropriate for class A (common combustibles) fires. Class B fires (liquid) are best handled by
CO2, soda acid or Halon. Class C fires (electrical) are best handled by CO2 and Halon. Fire class D is used
for combustible metals like magnesium.
WALLHOFF, John, CBK#10 Physical Security (CISSP Study Guide), April 2002 (page 3). Available at
Question 127
Which of the following was not designed to be a proprietary encryption algorithm?
• Skipjack
• Blowfish
• RC2
• RC4
Correct Answer is: Blowfish

Details:
Blowfish is a symmetric block cipher with variable-length key (32 to 448 bits) designed in 1993 by Bruce
Schneier as an unpatented, license-free, royalty-free replacement for DES or IDEA. See attributes below:
• Block cipher: 64-bit block
• Variable key length: 32 bits to 448 bits
• Designed by Bruce Schneier
• Much faster than DES and IDEA
• Unpatented and royalty-free
• No license required
• Free source code available
Rivest Cipher #2 (RC2) is a proprietary, variable-key-length block cipher invented by Ron Rivest for RSA
Data Security, Inc.
Rivest Cipher #4 (RC4) is a proprietary, variable-key-length stream cipher invented by Ron Rivest for RSA
Data Security, Inc.
The Skipjack algorithm is a Type II block cipher [NIST] with a block size of 64 bits and a key size of 80 bits
that was developed by NSA and formerly classified at the U.S. Department of Defense "Secret" level. The
NSA announced on June 23, 1998, that Skipjack had been declassified.
RSA Laboratories http://www.rsa.com/rsalabs/node.asp?id=2250 RFC 2828 - Internet Security Glossary

http://www.faqs.org/rfcs/rfc2828.html
Question 128
Which of the following is not an encryption algorithm?
• SHA-1
• Twofish
• DEA
• Skipjack
Correct Answer is: SHA-1
Details:
The correct answer is: SHA-1
The SHA-1 is a hashing algorithm producing a 160-bit hash result from any data. It does not perform
encryption.
In cryptography, SHA-1 is a cryptographic hash function designed by the United States National Security
Agency and published by the United States NIST as a U.S. Federal Information Processing Standard.
SHA stands for "secure hash algorithm". The four SHA algorithms are structured differently and are
distinguished as SHA-0, SHA-1, SHA-2, and SHA-3. SHA-1 is very similar to SHA-0, but corrects an error in
the original SHA hash specification that led to significant weaknesses. The SHA-0 algorithm was not
adopted by many applications. SHA-2 on the other hand significantly differs from the SHA-1 hash
function.
SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several widely used
applications and protocols.
In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough
for ongoing use. NIST required many applications in federal agencies to move to SHA-2 after 2010
because of the weakness. Although no successful attacks have yet been reported on SHA-2, they are
algorithmically similar to SHA-1.
In 2012, following a long-running competition, NIST selected an additional algorithm, Keccak, for
standardization as SHA-3
NOTE:
A Cryptographic Hash Function is not the same as an Encryption Algorithm even thou both are
Algorithms. An algorithm is defined as a step-by-step procedure for calculations. Hashing Algorithm do
not encrypt the data. People sometimes will say they encrypted a password with SHA-1 but really they
simply created a Message Digest of the password using SHA-1, putting the input through a series of
steps to come out with the message digest or hash value.
A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of
data and returns a fixed-size bit string, the (cryptographic) hash value, such that any (accidental or
intentional) change to the data will (with very high probability) change the hash value. The data to be
encoded are often called the "message," and the hash value is sometimes called the message digest or
simply digest.
Encryption Algorithms are reversible but Hashing Algorithms are not meant to be reversible if the input
is large enough.
The Skipjack algorithm is a Type II block cipher with a block size of 64 bits and a key size of 80 bits that
was developed by NSA and formerly classified at the U.S. Department of Defense "Secret" level.
Twofish is a freely available 128-bit block cipher designed by Counterpane Systems (Bruce Schneier et
al.).
DEA is a symmetric block cipher, defined as part of the U.S. Government's Data Encryption Standard
(DES). DEA uses a 64-bit key, of which 56 bits are independently chosen and 8 are parity bits, and maps a
64-bit block into another 64-bit block.
http://en.wikipedia.org/wiki/SHA-1
and
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
and
Counterpane Labs, at http://www.counterpane.com/twofish.html.
Question 129
Which of the following is provided by symmetric cryptography?
• Availability
• Non-repudiation
• Integrity
• Confidentiality
Details:
The Correct answer is: Confidentiality
When using symmetric cryptography, both parties will be using the same key for encryption and
decryption. Symmetric cryptography is generally fast and can be hard to break, but it offers limited
overall security in the fact that it can only provide confidentiality.
WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 2). Available at
Question 130
Which of the following is more suitable for a hardware implementation?
• Stream ciphers
• Cipher block chaining
• Electronic code book
• Block ciphers
Correct Answer is: Stream ciphers
Details:
A stream cipher treats the message as a stream of bits or bytes and performs mathematical functions on
them individually. The key is a random value input into the stream cipher, which it uses to ensure the
randomness of the keystream data. They are more suitable for hardware implementations, because
they encrypt and decrypt one bit at a time. They are intensive because each bit must be manipulated,
which works better at the silicon level. Block ciphers operate a the block level, dividing the message into
blocks of bits. Cipher Block chaining (CBC) and Electronic Code Book (ECB) are operation modes of DES, a
block encryption algorithm.
Question 131
How many rounds of substitution are used by DES?
• 64
• 48
• 16
• 32
Details:
The Correct Answer is : 16
DES is a block encryption algorithm using 56-bit keys and 64-bit blocks that are divided in half and each
character is encrypted one at a time. The characters are put through 16 rounds of transposition and
substitution functions. Triple DES uses 48 rounds.
Data Encryption Standard

Data Encryption Standard (DES) has had a long and rich history within the computer community. The
National Institute of Standards and Technology (NIST) researched the need for the protection of
sensitive but unclassified data during the 1960s and initiated a cryptography program in the early 1970s.
NIST invited vendors to submit data encryption algorithms to be used as a cryptographic standard. IBM
had already been developing encryption algorithms to protect financial transactions. In 1974, IBM’s
128-bit algorithm, named Lucifer, was submitted and accepted. The NSA modified this algorithm
to use a key size of 64 bits (with 8 bits used for parity, resulting in an effective key length of 56 bits)
instead of the original 128 bits, and named it the Data Encryption Algorithm (DEA). Controversy arose
about whether the NSA weakened Lucifer on purpose to enable it to decrypt messages not intended for
it, but in the end the modified Lucifer became a national cryptographic standard in 1977 and an
American National Standards Institute (ANSI) standard in 1978.
How Does DES Work?
DES is a symmetric block encryption algorithm. When 64-bit blocks of plaintext go in, 64-bit blocks of
ciphertext come out. It is also a symmetric algorithm, meaning the same key is used for encryption and
decryption. It uses a 64-bit key: 56 bits make up the true key, and 8 bits are used for parity. When the
DES algorithm is applied to data, it divides the message into blocks and operates on them one at a time.
The blocks are put through 16 rounds of transposition and substitution functions. The order and type of
transposition and substitution functions depend on the value of the key used with the algorithm. The
result is 64-bit blocks of ciphertext.
CISA Review Manual 2014 Page Number 350
CISSP All In one Exam Guide 6th Edition Page Number 801
Question 132
Which of the following is not an example of a block cipher?
• RC4
• IDEA
• Blowfish
• Skipjack
Details:
RC4 is a proprietary, variable-key-length stream cipher invented by Ron Rivest for RSA Data Security, Inc.
Skipjack, IDEA and Blowfish are examples of block ciphers.
Question 133
A one-way hash provides MOST OFTEN which of the following?
• Authentication
• Availability
• Confidentiality
• Integrity
Correct Answer is: Integrity
Details:
The correct answer is: Integrity

A one-way hash is a function that takes a variable-length string a message, and compresses and
transforms it into a fixed length value referred to as a hash value or message disgest. By itself It
provides integrity, but no confidentiality, availability or authentication.
Some applications, tools, and operating systems will make use of hashing to store passwords. In such
case we could claim that hashes are used for confidentiality. However, this is not the MOST common
usage of hashing.
All of the other choices are incorrect answers.
Question 134
Which of the following is not a one-way hashing algorithm?
• MD2
• HAVAL
• SHA-1
• RC4

Details:
RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed "Rivest Cipher 4",
the RC acronym is alternatively understood to stand for "Ron's Code" (see also RC2, RC5 and RC6).
RC4 was initially a trade secret, but in September 1994 a description of it was anonymously posted to
the Cypherpunks mailing list. It was soon posted on the sci.crypt newsgroup, and from there to many
sites on the Internet. The leaked code was confirmed to be genuine as its output was found to match
that of proprietary software using licensed RC4. Because the algorithm is known, it is no longer a trade
secret. The name RC4 is trademarked, so RC4 is often referred to as ARCFOUR or ARC4 (meaning
alleged RC4) to avoid trademark problems. RSA Security has never officially released the algorithm;
Rivest has, however, linked to the English Wikipedia article on RC4 in his own course notes. RC4 has
become part of some commonly used encryption protocols and standards, including WEP and WPA for
wireless cards and TLS.
The main factors in RC4's success over such a wide range of applications are its speed and simplicity:
efficient implementations in both software and hardware are very easy to develop.
The following answer were not correct choices:
SHA-1 is a one-way hashing algorithms. SHA-1 is a cryptographic hash function designed by the United
States National Security Agency and published by the United States NIST as a U.S. Federal Information
Processing Standard. SHA stands for "secure hash algorithm".
The three SHA algorithms are structured differently and are distinguished as SHA-0, SHA-1, and SHA-2.
SHA-1 is very similar to SHA-0, but corrects an error in the original SHA hash specification that led to
significant weaknesses. The SHA-0 algorithm was not adopted by many applications. SHA-2 on the other
hand significantly differs from the SHA-1 hash function.
SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several widely used
security applications and protocols. In 2005, security flaws were identified in SHA-1, namely that a
mathematical weakness might exist, indicating that a stronger hash function would be desirable.
Although no successful attacks have yet been reported on the SHA-2 variants, they are algorithmically
similar to SHA-1 and so efforts are underway to develop improved alternatives.
A new hash standard, SHA-3, has just been released by NIST. There was a NIST hash function
competition that took place with the selection of a winning function in 2012.
SHA-1 produces a 160-bit message digest based on principles similar to those used by Ronald L. Rivest of
MIT in the design of the MD4 and MD5 message digest algorithms, but has a more conservative design.
MD2 is a one-way hashing algorithms. The MD2 Message-Digest Algorithm is a cryptographic hash
functiondeveloped by Ronald Rivest in 1989. The algorithm is optimized for 8-bit computers. MD2 is
specified in RFC 1319. Although MD2 is no longer considered secure, even as of 2010 it remains in use in
public key infrastructures as part of certificates generated with MD2 and RSA.
Haval is a one-way hashing algorithms. HAVAL is a cryptographic hash function. Unlike MD5, but like
most modern cryptographic hash functions, HAVAL can produce hashes of different lengths. HAVAL can
produce hashes in lengths of 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits. HAVAL also allows users
to specify the number of rounds (3, 4, or 5) to be used to generate the hash.
and
https://en.wikipedia.org/wiki/HAVAL
and
https://en.wikipedia.org/wiki/MD2_%28cryptography%29
and
https://en.wikipedia.org/wiki/SHA-1
Question 135
Which of the following does NOT concern itself with key management?
• Cryptology (CRYPTO)
• Diffie-Hellman (DH)
• Key Exchange Algorithm (KEA)
• Internet Security Association Key Management Protocol (ISAKMP)
Correct Answer is: Cryptology (CRYPTO)
Details:
The correct answer is: Cryptology (CRYPTO)

Cryptology is the science that includes both cryptography and cryptanalysis and is not directly concerned
with key management. Cryptology is the mathematics, such as number theory, and the application of
formulas and algorithms, that underpin cryptography and cryptanalysis.
The following are all concerned with Key Management which makes them the wrong choices:
Internet Security Association Key Management Protocol (ISAKMP) is a key management protocol used
by IPSec. ISAKMP (Internet Security Association and Key Management Protocol) is a protocol defined by
RFC 2408for establishing Security Associations (SA) and cryptographic keys in an Internet environment.
ISAKMP only provides a framework for authentication and key exchange. The actual key exchange is
done by the Oakley Key Determination Protocol which is a key-agreement protocol that allows
authenticated parties to exchange keying material across an insecure connection using the Diffie-
Hellman key exchange algorithm.
Diffie-Hellman and one variation of the Diffie-Hellman algorithm called the Key Exchange Algorithm
(KEA) are also key exchange protocols. Key exchange (also known as "key establishment") is any
method in cryptographyby which cryptographic keys are exchanged between users, allowing use of a
cryptographic algorithm. Diffie–Hellman key exchange (D–H) is a specific method of exchanging keys. It
is one of the earliest practical examples of key exchange implemented within the field of cryptography.
The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other
to jointly establish a shared secret key over an insecure communications channel. This key can then be
used to encrypt subsequent communications using a symmetric keycipher.
Mike Meyers CISSP Certification Passport, by Shon Harris and Mike Meyers, page 228.
It is highlighted as an EXAM TIP. Which tells you that it is a must know for the purpose of the exam.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, Fifth Edition, Chapter 8:
Cryptography (page 713-715).
and
https://en.wikipedia.org/wiki/ISAKMP
and
http://searchsecurity.techtarget.com/definition/cryptology
Question 136
Which of the following encryption algorithms does not deal with discrete logarithms?
• El Gamal
• Elliptic Curve
• RSA
• Diffie-Hellman
Correct Answer is: RSA
Details:
The security of the RSA system is based on the assumption that factoring the product into two original
large prime numbers is difficult
Shon Harris, CISSP All-in-One Examine Guide, Third Edition, McGraw-Hill Companies, August 2005,
Chapter 8: Cryptography, Page 636 - 639
Question 137
Which type of attack is based on the probability of two different messages using the same hash function
producing a common message digest?
• Differential cryptanalysis
• Birthday attack
• Differential linear cryptanalysis
• Statistical attack
Correct Answer is: Birthday attack

Details:
The correct answer is: Birthday attack
A Birthday attack is usually applied to the probability of two different messages using the same hash
function producing a common message digest.
The term "birthday" comes from the fact that in a room with 23 people, the probability of two of more
people having the same birthday is greater than 50%.
Linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the
action of a cipher. Attacks have been developed for block ciphers and stream ciphers. Linear
cryptanalysis is one of the two most widely used attacks on block ciphers; the other being differential
cryptanalysis.
Differential Cryptanalysis is a potent cryptanalytic technique introduced by Biham and Shamir.

Differential cryptanalysis is designed for the study and attack of DES-like cryptosystems. A DES-like
cryptosystem is an iterated cryptosystem which relies on conventional cryptographic techniques such as
substitution and diffusion.
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also
to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how
differences in an input can affect the resultant difference at the output. In the case of a block cipher, it
refers to a set of techniques for tracing differences through the network of transformations, discovering
where the cipher exhibits non-random behaviour, and exploiting such properties to recover the secret
key.
and
http://en.wikipedia.org/wiki/Differential_cryptanalysis
Question 138
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?
• Certificate revocation
• Repository
• Timestamping
• Internet Key Exchange (IKE)
Correct Answer is: Internet Key Exchange (IKE)
Details:
Internet Key Exchange is a component of IPSec, not of a PKI.
Other elements are included in a PKI.
Question 139
Which of the following standard was developed in order to protect against fraud in electronic fund
transfers (EFT) by ensuring the packets are coming from its claimed originator and that it has not been
altered in transmission?
• Secure Hash Standard (SHS)
• Cyclic Redundancy Check (CRC)
• Message Authentication Code (MAC)
• Secure Electronic Transaction (SET)
Correct Answer is: Message Authentication Code (MAC)
Details:
The correct answer is: Message Authentication Code (MAC)
In order to protect against fraud in electronic fund transfers (EFT), the Message Authentication Code
(MAC), ANSI X9.9, was developed. The MAC is a check value, which is derived from the contents of the
message itself, that is sensitive to the bit changes in a message. It is similar to a Cyclic Redundancy Check
(CRC).
The aim of message authentication in computer and communication systems is to verify that he
message comes from its claimed originator and that it has not been altered in transmission. It is
particularly needed for EFT Electronic Funds Transfer). The protection mechanism is generation of a
Message Authentication Code (MAC), attached to the message, which can be recalculated by the
receiver and will reveal any alteration in transit. One standard method is described in (ANSI, X9.9).
Message authentication mechanisms an also be used to achieve non-repudiation of messages.
The Secure Electronic Transaction (SET) was developed by a consortium including MasterCard and VISA
as a means of preventing fraud from occurring during electronic payment.
The Secure Hash Standard (SHS), NIST FIPS 180, available at http://www.itl.nist.gov/fipspubs/fip180-
1.htm, specifies the Secure Hash Algorithm (SHA-1).
• Secure Electronic Transaction (SET) -Secure Electronic Transaction (SET) was a communications
protocol standard for securing credit card transactions over insecure networks, specifically, the Internet.
SET was not itself a payment system, but rather a set of security protocols and formats that enabled
users to employ the existing credit card payment infrastructure on an open network in a secure fashion
• Secure Hash Standard (SHS) - The Secure Hash Standard (SHS) is a set of cryptographically secure
hash algorithms specified by the National Institute of Standards and Technology (NIST).The current
version of the SHS standard is the document NIST FIPS 180-4, which specifies seven Secure Hash
Algorithms: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256.
• Cyclic Redundancy Check (CRC) - A cyclic redundancy check (CRC) is an error-detecting code
commonly used in digital networks and storage devices to detect accidental changes to raw data. Blocks
of data entering these systems get a short check value attached, based on the remainder of a
polynomial division of their contents.
CISSP All in one Exam Guide by Shon Harris 6th Edition Page number 821
Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 170)
also see:
http://luizfirmino.blogspot.com/2011/04/message-authentication-code-mac.html
and
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.22.2312&rep=rep1&type=pdf
Question 140
Which integrity model defines a constrained data item, an integrity verification procedure and a
transformation procedure?
• The Take-Grant model
• The Bell-LaPadula integrity model
• The Clark Wilson integrity model
• The Biba integrity model
Correct Answer is: The Clark Wilson integrity model
Details:
The correct answer is: The Clark Wilson integrity model
The Clark Wilson integrity model addresses the three following integrity goals: 1) data is protected from
modification by unauthorized users; 2) data is protected from unauthorized modification by authorized
users; and 3) data is internally and externally consistent. It also defines a Constrained Data Item (CDI), an
Integrity Verification Procedure (IVP), a Transformation Procedure (TP) and an Unconstrained Data item.
The Bell-LaPadula and Take-Grant models are not integrity models.
Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 205).
Question 141
What is defined as the hardware, firmware and software elements of a trusted computing base that
implement the reference monitor concept?
• Protection rings
• A security kernel
• A protection domain
Correct Answer is: A security kernel
Details:
The correct answer is: A security kernel
A security kernel is defined as the hardware, firmware and software elements of a trusted computing
base that implement the reference monitor concept. A reference monitor is a system component that
enforces access controls on an object. A protection domain consists of the execution and memory space
assigned to each process. The use of protection rings is a scheme that supports multiple protection
domains.
Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 194).
Question 142
Which of the following statements pertaining to fire suppression systems is TRUE?

• Water Based extinguisher are NOT an effective fire suppression method for class C (electrical)
fires.
• Halon is today the most common choice as far as agent are concern because it is highly
effective in the way that it interferes with the chemical reaction of the elements within a fire.
• Gas masks provide an effective protection against use of CO2 systems. They are recommended
for the protection of the employees within data centers.
• CO2 systems are NOT effective because they suppress the oxygen supply required to sustain
the fire.
Correct Answer is: Water Based extinguisher are NOT an effective fire suppression method for class C
(electrical) fires.
Details:
Water Based fire extinguishers should never be used on Electrical Fire. If you do so, it will probably the
the last time you use such an extinguisher to put out an electrical fire as you will be electrocuted. Any
liquid based agent should be avoided for Electrical Fire.
CO2 systems are effective because they suppress the oxygen supply required to sustain the fire. Since
oxygen is removed, it can be potentially lethal to people and gas masks do not provide protection
against CO2. These systems are more appropriate for unattended facilities.
The Montreal Protocol of 1987 states that Halon has been designated an ozone-depleting substance and
due to the risk to the environment production was stopped January 1st, 1994. Companies that still have
Halon systems have been asked to replace them with nontoxic extinguishers. The name of the
agreement is called The Montreal Protocol.
Soda acid is an effective fire suppression method for common combustibles and liquids, but not for
electrical fires.
TIP:
Do remember the name of the agreement that was signed in Montreal where countries have agreed to
stop production of Halon, it is called: The Montreal Protocol
A student of mine told me that he thinks about me when he wish to remember the classes of fire, that
scared me off a bit but his explanations made a lot of sense, here how he is using my first name to
remember the classes of fire. My name is CLEMENT but he is using only the CLEM portion:
C = Common Combustible
L = Liquid Fire
E = Electrical Fire
M = Metals that are flammable
HERE IS ANOTHER WAY TO REMEMBER THEM FROM HARRISON:
A - Ash (common combustible)
B - Bubble/Boil (Liquid)
C - Circuit (Electrical)
D - Metal. (Just remember it :)
Physical Security (page 313).
Question 143
Which of the following statements pertaining to air conditioning for an information processing facility is
correct?
• The AC units must be controllable from outside the area.
• The AC units must be dedicated to the information processing facility.
• The AC units must be on the same power source as the equipment in the room to allow for
easier shutdown.
• The AC units must keep negative pressure in the room so that smoke and other gases are
forced out of the room.
Correct Answer is: The AC units must be dedicated to the information processing facility.
Details:
The AC units used in a information processing facility (computer room) must be dedicated and
controllable from within the area. They must be on an independent power source from the rest of the
room and have a dedicated Emergency Power Off switch. It is positive, not negative pressure that forces
smoke and other gases out of the room.
Chris Hare's CISSP Study Notes on Physical Security, based on ISC2 CBK document. Available at
http://www.ccure.org.
Question 144
In the Bell-LaPadula model, the Star-property is also called:
• The tranquility property
• The confinement property
• The simple security property
• The confidentiality property
Correct Answer is: The confinement property
Details:
The correct answer is: Confinement Property
In this formal model, the entities in an information system are divided into subjects and objects.
The notion of a "secure state" is defined, and it is proven that each state transition preserves security by
moving from secure state to secure state, thereby proving that the system satisfies the security
objectives of the model.
The Bell-LaPadula model is built on the concept of a state machine with a set of allowable states in a
system. The transition from one state to another state is defined by transition functions.
accordance with a security policy.
To determine whether a specific access mode is allowed, the clearance of a subject is compared to the
classification of the object (more precisely, to the combination of classification and set of
compartments, making up the security level) to determine if the subject is authorized for the specific
access mode.
The clearance/classification scheme is expressed in terms of a lattice. The model defines two mandatory
access control (MAC) rules and one discretionary access control (DAC) rule with three security
properties:
2. The *-property (read "star"-property) - a subject at a given security level must not write to any
object at a lower security level (no write-down). The *-property is also known as the Confinement
property.
3. The Discretionary Security Property - use an access control matrix to specify the discretionary
access control.
The transfer of information from a high-sensitivity document to a lower-sensitivity document may

restricted by the *-property. Untrusted subjects are.
Trusted Subjects must be shown to be trustworthy with regard to the security policy. This security
model is directed toward access control and is characterized by the phrase: "no read up, no write
down." Compare the Biba model, the Clark-Wilson model and the Chinese Wall.
With Bell-LaPadula, users can create content only at or above their own security level (i.e. secret
researchers can create secret or top-secret files but may not create public files; no write-down).
Conversely, users can view content only at or below their own security level (i.e. secret researchers can
view public or secret files, but may not view top-secret files; no read-up).
Strong * Property
The Strong * Property is an alternative to the *-Property in which subjects may write to objects with
only a matching security level. Thus, the write-up operation permitted in the usual *-Property is not
present, only a write-to-same level operation. The Strong * Property is usually discussed in the context
of multilevel database management systems and is motivated by integrity concerns.
Tranquility principle
The tranquility principle of the Bell-LaPadula model states that the classification of a subject or object
does not change while it is being referenced. There are two forms to the tranquility principle: the
"principle of strong tranquility" states that security levels do not change during the normal operation of
the system and the "principle of weak tranquility" states that security levels do not change in a way that
violates the rules of a given security policy.
Another interpretation of the tranquility principles is that they both apply only to the period of time
during which an operation involving an object or subject is occurring. That is, the strong tranquility
principle means that an object's security level/label will not change during an operation (such as read or
write); the weak tranquility principle means that an object's security level/label may change in a way
that does not violate the security policy during an operation.
http://en.wikipedia.org/wiki/Biba_Model
http://en.wikipedia.org/wiki/Mandatory_access_control
http://en.wikipedia.org/wiki/Discretionary_access_control
http://en.wikipedia.org/wiki/Clark-Wilson_model
http://en.wikipedia.org/wiki/Brewer_and_Nash_model
Question 145
Which of the following is best defined as a circumstance in which a collection of information items is
required to be classified at a higher security level than any of the individual items that comprise it?
• Clustering
• Collision
• Inference
• Aggregation
Correct Answer is: Aggregation

Details:
The Internet Security Glossary (RFC2828) defines aggregation as a circumstance in which a collection of
information items is required to be classified at a higher security level than any of the individual items
that comprise it.
Question 146
Which of the following binds a subject name to a public key value?
• A private key certificate
• A secret key certificate
• A public-key certificate
• A Symmetric key infrastructure
Correct Answer is: A public-key certificate
Details:
The correct answer is: A public-key certificate binds a subject name to a public key value
Remember the term Public-Key Certificate is synonymous with Digital Certificate or Identity certificate.
The certificate itself provides the binding but it is the certificate authority who will go through the
Certificate Practice Statements (CPS) actually validating the bindings and vouch for the identity of the
owner of the key within the certificate.
As explained in Wikipedia:
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an
electronic document which uses a digital signature to bind together a public key with an identity —
information such as the name of a person or an organization, their address, and so forth. The certificate
can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In
a web of trust scheme such as PGP or GPG, the signature is of either the user (a self-signed certificate) or
other users ("endorsements") by getting people to sign each other keys. In either case, the signatures
on a certificate are attestations by the certificate signer that the identity information and the public key
belong together.
RFC 2828 defines the certification authority (CA) as:
An entity that issues digital certificates (especially X.509 certificates) and vouches for the binding
between the data items in a certificate.
An authority trusted by one or more users to create and assign certificates. Optionally, the certification
authority may create the user's keys.
X509 Certificate users depend on the validity of information provided by a certificate. Thus, a CA should
be someone that certificate users trust, and usually holds an official position created and granted power
by a government, a corporation, or some other organization. A CA is responsible for managing the life
cycle of certificates and, depending on the type of certificate and the CPS that applies, may be
responsible for the life cycle of key pairs associated with the certificates
The other options specified does not bin public key with subject.
CISA review manual 2014 Page number 348
CISSP All in one exam guide 6th edition Page number 834
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
and
http://en.wikipedia.org/wiki/Public_key_certificate
Question 147
What can be defined as a digital certificate that binds a set of descriptive data items, other than a public
key, either directly to a subject name or to the identifier of another certificate that is a public-key
certificate?
• A descriptive certificate
• A digital certificate
• An attribute certificate
• A public-key certificate
Correct Answer is: An attribute certificate
Details:
The Internet Security Glossary (RFC2828) defines an attribute certificate as a digital certificate that binds
a set of descriptive data items, other than a public key, either directly to a subject name or to the
identifier of another certificate that is a public-key certificate. A public-key certificate binds a subject
name to a public key value, along with information needed to perform certain cryptographic functions.
Other attributes of a subject, such as a security clearance, may be certified in a separate kind of digital
certificate, called an attribute certificate. A subject may have multiple attribute certificates associated
with its name or with each of its public-key certificates.
Question 148
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but
have been invalidated by their issuer prior to when they were scheduled to expire?
• Certificate revocation tree
• Authority revocation list
• Untrusted certificate list
• Certificate revocation list
Correct Answer is: Authority revocation list
Details:
The Internet Security Glossary (RFC2828) defines the Authority Revocation List (ARL) as a data structure
that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer
prior to when they were scheduled to expire.
Do not to confuse with an ARL with a Certificate Revocation List (CRL). A certificate revocation list is a
mechanism for distributing notices of certificate revocations. The question specifically mentions "issued
to CAs" which makes ARL a better answer than CRL.
http://rfclibrary.hosting.com/rfc/rfc2828/rfc2828-29.asp
$ certificate revocation list (CRL)
(I) A data structure that enumerates digital certificates that have been invalidated by their issuer
prior to when they were
scheduled to expire. (See: certificate expiration, X.509 certificate revocation list.)
http://rfclibrary.hosting.com/rfc/rfc2828/rfc2828-17.asp
$ authority revocation list (ARL)
(I) A data structure that enumerates digital certificates that were issued to CAs but have been
invalidated by their issuer prior to when they were scheduled to expire. (See: certificate expiration,
X.509 authority revocation list.)
In a few words: We use CRL's for end-user cert revocation and ARL's for CA cert revocation - both can
be placed in distribution points.
Question 149
What is the name of the third party authority that vouches for the binding between the data items in a
digital certificate?
• Registration authority
• Issuing authority
• Vouching authority
• Certification authority
Correct Answer is: Certification authority
Details:
The correct answer is: Certification Authority
A certification authority (CA) is a third party entity that issues digital certificates (especially X.509
certificates) and vouches for the binding between the data items in a certificate. An issuing authority
could be considered a correct answer, but not the best answer, since it is too generic.
Question 150
What enables users to validate each other's certificate when they are certified under different
certification hierarchies?
• Root certification authorities
• Redundant certification authorities
• Cross-certification
• Multiple certificates
Correct Answer is: Cross-certification
Details:
Cross-certification is the act or process by which two CAs each certify a public key of the other, issuing a
public-key certificate to that other CA, enabling users that are certified under different certification
hierarchies to validate each other's certificate.
Question 151
Which of the following would best define a digital envelope?
• A message that is encrypted and signed with a digital certificate.
• A message that is signed with a secret key and encrypted with the sender's private key.
• A message that is encrypted with the recipient's public key and signed with the sender's private
key.
• A message encrypted with a secret key attached with the message. The secret key is encrypted
with the public key of the receiver.
Correct Answer is: A message encrypted with a secret key attached with the message. The secret key is
encrypted with the public key of the receiver.
Details:
A digital envelope for a recipient is a combination of encrypted data and its encryption key in an
encrypted form that has been prepared for use of the recipient.
It consists of a hybrid encryption scheme in sealing a message, by encrypting the data and sending both
it and a protected form of the key to the intended recipient, so that one else can open the message.
In PKCS #7, it means first encrypting the data using a symmetric encryption algorithm and a secret key,
and then encrypting the secret key using an asymmetric encryption algorithm and the public key of the
intended recipient.
Question 152
What can be defined as a value computed with a cryptographic algorithm and appended to a data object
in such a way that any recipient of the data can use the signature to verify the data's origin and
integrity?
• A digital envelope
• A digital signature
• A Message Authentication Code
• A cryptographic hash
Correct Answer is: A digital signature
Details:
The correct answer is: Digital Signature

RFC 2828 (Internet Security Glossary) defines a digital signature as a value computed with a
cryptographic algorithm and appended to a data object in such a way that any recipient of the data can
use the signature to verify the data's origin and integrity.
the sender's private key is used to encrypt the message digest (signing) of the message and receiver
need to decrypt the same using sender's public key to validate the signature.
How It Works
• You copy-and-paste the contract (it's a short one!) into an e-mail note.
• Using special software, you obtain a message hash (mathematical summary) of the contract.
• You then use a private key that you have previously obtained from a public-private key authority
• The encrypted hash becomes your digital signature of the message. (Note that it will be different
At the other end, your lawyer receives the message:
• To make sure it's intact and from you, your lawyer makes a hash of the received message.
• Your lawyer then uses your public key to decrypt the message hash or summary.
• If the hashes match, the received message is valid.
Image Source - http://cryptome.org/jya/fips186-1.htm
The steps to create a Digital Signature are very simple:
1. You create a Message Digest of the message you wish to send
2. You encrypt the message digest using your Private Key which is the action of Signing
3. You send the Message along with the Digital Signature to the recipient
To validate the Digital Signature the recipient will make use of the sender Public Key. Here are the steps:
1. The receiver will decrypt the Digital Signature using the sender Public Key producing a clear text
message digest.
2. The receiver will produce his own message digest of the message received.
3. At this point the receiver will compare the two message digest (the one sent and the one produce by
the receiver), if the two matches, it proves the authenticity of the message and it confirms that the
message was not modified in transit validating the integrity as well. Digital Signatures provides for
Authenticity and Integrity only. There is no confidentiality in place, if you wish to get confidentiality it
would be needed for the sender to encrypt everything with the receiver public key as a last step before
sending the message.
Authentication
mistake.
Integrity
Non-repudiation

valid signature.
Protocol ". Very roughly this is analogous to a vendor who receives credit-cards first checking online
with the credit-card issuer to find if a given card has been reported lost or stolen. Of course, with stolen
key pairs, the theft is often discovered only after the secret key's use, e.g., to sign a bogus certificate for
espionage purposes.
Tip for the exam:
Digital Signature does not provide confidentiality. The sender's private key is used for calulating digital
signature
encryption

• Digital Envelop - A Digital Envelope is a combination of encrypted data and its encryption key in
an encrypted form that has been prepared for use of the recipient. In simple term it is a type of security
that uses two layers of encryptionto protect a message. First, the message itself is encoded using
symmetric encryption, and then the key to decode the message is encrypted using public-key
encryption.
• Message Authentication Code - A Message Authentication Code (MAC) refers to an ANSI

standard for a checksum that is computed with a keyed hash that is based on DES or it can also be
produced without using DES by concataning the Secret Key at the end of the message (simply adding it
at the end of the message) being sent and then producing a Message digest of the Message+Secret Key
together.
• Cryptographic Hash - A cryptographic hash is the result of a cryptographic hash function such as
MD5, SHA-1, or SHA-2. A hash value also called a Message Digest is like a fingerprint of a message. It is
used to proves integrity and ensure the message was not changed either in transit or in storage.
http://upload.wikimedia.org/wikipedia/commons/2/2b/Digital_Signature_diagram.svg
http://en.wikipedia.org/wiki/Digital_signature
and
http://www.webopedia.com/TERM/D/digital_envelope.html
and
http://en.wikipedia.org/wiki/CBC-MAC
Question 153
Which of the following can be best defined as computing techniques for inseparably embedding
unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?
• Digital signature
• Digital watermarking
• Digital enveloping
• Steganography
Correct Answer is: Digital watermarking
Details:
The correct answer is: Digital watermarking
RFC 2828 (Internet Security Glossary) defines digital watermarking as computing techniques for
inseparably embedding unobtrusive marks or labels as bits in digital data-text, graphics, images, video,
or audio and for detecting or extracting the marks later.
The set of embedded bits (the digital watermark) is sometimes hidden, usually imperceptible, and
always intended to be unobtrusive. It is used as a measure to protect intellectual property rights.
Steganography involves hiding the very existence of a message.
A digital signature is a value computed with a cryptographic algorithm and appended to a data object in
such a way that any recipient of the data can use the signature to verify the data's origin and integrity.
A digital envelope is a combination of encrypted data and its encryption key in an encrypted form that
has been prepared for use of the recipient.

SHIREY, Robert W., RFC2828: Internet Security Glossary, May 2000.
Question 154
Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to
determine the key from knowledge of some plaintext-ciphertext pairs?
• A chosen-plaintext attack
• A chosen-ciphertext attack
• A known-algorithm attack
• A known-plaintext attack
Correct Answer is: A known-plaintext attack
Details:
The correct answer is: A known-plaintext attack
RFC2828 (Internet Security Glossary) defines a known-plaintext attack as a cryptanalysis technique in

which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs
(although the analyst may also have other clues, such as knowing the cryptographic algorithm). A
chosen-ciphertext attack is defined as a cryptanalysis technique in which the analyst tries to determine
the key from knowledge of plaintext that corresponds to ciphertext selected (i.e., dictated) by the
analyst. A chosen-plaintext attack is a cryptanalysis technique in which the analyst tries to determine the
key from knowledge of ciphertext that corresponds to plaintext selected (i.e., dictated) by the analyst.
The other choice is a distracter.
For your exam you should know below information about cryptography attacks
Ciphertext-Only Attacks
In this type of attack, the attacker has the ciphertext of several messages. Each of the messages has
been encrypted using the same encryption algorithm. The attacker’s goal is to discover the key used in
the encryption process. Once the attacker figures out the key, she can decrypt all other messages
encrypted with the same key. A ciphertext-only attack is the most common type of active attack because
it is very easy to get ciphertext by sniffing someone’s traffic, but it is the hardest attack to actually be
successful at because the attacker has so little information about the encryption process.
Known-Plaintext Attacks
In known-plaintext attacks, the attacker has the plaintext and corresponding ciphertext of one or more
messages. Again, the goal is to discover the key used to encrypt the messages so other messages can be
deciphered and read. Messages usually start with the same type of beginning and close with the same
type of ending. An attacker might know that each message a general sends out to his commanders
always starts with certain greetings and ends with specific salutations and the general’s name and
contact information. In this instance, the attacker has some of the plaintext (the data that are the same
on each message) and can capture an encrypted message, and therefore capture the ciphertext. Once a
few pieces of the puzzle are discovered, the rest is accomplished by reverse-engineering, frequency
analysis, and brute force attempts. Known-plaintext attacks were used by the United States against the
Germans and the Japanese during World War II.
Chosen-Plaintext Attacks
In chosen-plaintext attacks, the attacker has the plaintext and ciphertext, but can choose the plaintext
that gets encrypted to see the corresponding ciphertext. This gives her more power and possibly a
deeper understanding of the way the encryption process works so she can gather more information
about the key being used. Once the key is discovered, other messages encrypted with that key can be
decrypted. How would this be carried out? I can e-mail a message to you that I think you not only will
believe, but that you will also panic about, encrypt, and send to someone else. Suppose I send you an e-
mail that states, “The meaning of life is 42.” You may think you have received an important piece of
information that should be concealed from others, everyone except your friend Bob, of course. So you
encrypt my message and send it to Bob. Meanwhile I am sniffing your traffic and now have a copy of the
plaintext of the message, because I wrote it, and a copy of the ciphertext.
Chosen-Ciphertext Attacks
In chosen-ciphertext attacks, the attacker can choose the ciphertext to be decrypted and has access to
the resulting decrypted plaintext. Again, the goal is to figure out the key. This is a harder attack to carry
out compared to the previously mentioned attacks, and the attacker may need to have control of the
system that contains the cryptosystem.
• A chosen-plaintext attacks - The attacker has the plaintext and ciphertext, but can choose the
plaintext that gets encrypted to see the corresponding ciphertext. This gives her more power and
possibly a deeper understanding of the way the encryption process works so she can gather more
information about the key being used. Once the key is discovered, other messages encrypted with that
key can be decrypted.
• A chosen-ciphertext attack - In chosen-ciphertext attacks, the attacker can choose the ciphertext
to be decrypted and has access to the resulting decrypted plaintext. Again, the goal is to figure out the
key. This is a harder attack to carry out compared to the previously mentioned attacks, and the attacker
may need to have control of the system that contains the cryptosystem.
• A known-algorithm attack - Knowing the algorithm does not give you much advantage without
knowing the key. This is a bogus detractor. The algorithm should be public, which is the Kerckhoffs's
Principle . The only secret should be the key.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
and
Edition.
and
Kerckhoffs's Principle
Question 155
Under what conditions would the use of a "Class C" hand-held fire extinguisher be preferable over a
"Class A" hand-held fire extinguisher?
• When the fire is caused by flammable products.
• When the fire involves electrical equipment.
• When the fire is located in an enclosed area.
• When the fire is in its incipient stage.
Correct Answer is: When the fire involves electrical equipment.
Details:
Question 156
In relation to the Montreal Protocol, which of the following options would be the most environmentally
friendly if you need to refill a Halon flooding system in the event that Halon is fully discharged in the
computer room?
• Order a Non-Hydrochlorofluorocarbon compound from the manufacturer.
• Order an immediate refill with Halon 1201 from the manufacturer.
• Contact a Halon recycling bank to make arrangements for a refill.
• Order an immediate refill with Halon 1301 from the manufacturer.
Correct Answer is: Order a Non-Hydrochlorofluorocarbon compound from the manufacturer.
Details:
The correc answer is: Order a non-Hydrochlorofluorocarbon compound from the manufacturer
The best choice is to find or replace the systems with a Non-Hydrochlorofluorocarbon compound. A safe
replacement such as Innergen, FM-200, or other non ozone depleting agent would be used.
The goal of the Montreal Protocol is the cessation of production of ozone depleting agents.
The Montreal Protocol on Substances That Deplete the Ozone Layer is a landmark international
agreement designed to protect the stratospheric ozone layer. The treaty was originally signed in 1987
and substantially amended in 1990 and 1992. The Montreal Protocol stipulates that the production and
consumption of compounds that deplete ozone in the stratosphere--chlorofluorocarbons (CFCs), halons,
carbon tetrachloride, and methyl chloroform--are to be phased out by 2000 (2005 for methyl
chloroform).
Scientific theory and evidence suggest that, once emitted to the atmosphere, these compounds could
significantly deplete the stratospheric ozone layer that shields the planet from damaging UV-B radiation.
The United Nations Environment Programme (UNEP) has prepared a Montreal Protocol Handbook that
provides additional detail and explanation of the provisions.
NOTE:
Many of my students have asked me if Halon is still legal?
Because Halon is a CFC, the production of Halon ceased on January 1, 1994, under the Clean Air Act.
There is no cost-effective means of safely and effectively disposing of the Halon that has already been
produced, therefore recycling and reusing the existing supply intelligently and responsibly to protect
lives and property is the best solution.
The EPA recognizes that that Halon remains the most effective "clean " extinguishing agent available,
despite its ozone depleting potential, and there are no federal or state regulations prohibiting the
buying, selling or use of Halon extinguishers. All Halon available now is recycled so it is an
environmentally responsible choice.
How long will the supply of Halon last?
While the production of Halon ceased on January 1, 1994, under the Clean Air Act, it is still legal to
purchase and use recycled Halon and Halon fire extinguishers. In fact, the FAA continues to recommend
Halon fire extinguishers for aircraft. This is why you see a lot of Halon Recycling banks who offers to buy
your Halon supply if you still have it.
CISSP Study Guide Sybex 7th Edition Kindle Location 11259
http://www.h3rcleanagents.com/support_faq_2.htm
http://ozone.unep.org/Publications/MP_Handbook/MP-Handbook-2009.pdf
http://www.unep.org/ozone/pdfs/Montreal-Protocol2000.pdf
Thanks to Hilal Ahmed Bhat for providing feedback to improve this question.
Thanks to Scruff McGruff for providing feedback to improve this question.
Thanks to Shweta Kshirsagar for sending feedback to improve this question.
TIP FROM CLEMENT:
The Montreal Protocol controls on the production of ozone-depleting substances such as HALON and
restricts its production and usage. You might want to remember the name of the protocol as it might
come handy in the near future :-)
Question 157
The Reference Validation Mechanism that ensures the authorized access relationships between subjects
and objects is implementing which of the following concept:
• The reference monitor.
• Discretionary Access Control.
• The Security Kernel.
• Mandatory Access Control.
Correct Answer is: The reference monitor.
Details:
The correct answer is: The Reference Monitor

The reference monitor concept is an abstract machine that ensures that all subjects have the necessary
access rights before accessing objects. Therefore, the kernel will mediates all accesses to objects by
subjects and will do so by validating through the reference monitor concept.
The kernel does not decide whether or not the access will be granted, it will be the Reference Monitor
which is a subset of the kernel that will say YES or NO.
All access requests will be intercepted by the Kernel, validated through the reference monitor, and then
access will either be denied or granted according to the request and the subject privileges within the
system.
1. The reference monitor must be small enough to be full tested and valided
2. The Kernel must MEDIATE all access request from subjects to objects
3. The processes implementing the reference monitor must be protected
4. The reference monitor must be tamperproof
The security kernel is the mechanism that actually enforces the rules of the reference monitor concept.
The other answers are distractors.
Shon Harris, All In One, 5th Edition, Security Architecture and Design, Page 330
also see
http://en.wikipedia.org/wiki/Reference_monitor
Thanks to Craig Goodrich who provided feedback to help improve the quality of this question.
05/01/2009
NOTE FROM CLEMENT:
When in doubt attempt to go to the source. There is a great document you will find on the net from the
inventor of the Reference Monitor concept. Here is an extract from the document:
The Reference Monitor concept was introduced in the Computer Security Technology Planning Study
(Oct, 1972) by James Anderson & Co. The reference monitor is covered on page 25 of this document.
Mr. Anderson states very clearly:
We have called the implementation of the Reference Monitor concept the Reference Validation
Mechanism (RVM) - A combination of Hardware and Software that implements the Reference Monitor
Concept.
So if the inventor of the concept calls the implementation a Mechanism, I think the stem of the question
is correct :-)
The same document specifies that the reference monitor concept must meet three principals:
The reference validation mechanism must be tamper proof
The reference validation mechanism must always be invoked
The reference validation mechanism must be small enough to be subject to analysis and tests to assure
that it is correct
Question 158
What is the name of the first mathematical model of a multi-level security policy used to define the
concept of a secure state, the modes of access, and rules for granting access?
• Rivest and Shamir Model
• Bell-LaPadula Model
• Clark and Wilson Model
• Harrison-Ruzzo-Ullman Model
Correct Answer is: Bell-LaPadula Model

Details:
Question 159
Which of the following models does NOT include data integrity or conflict of interest?
• Bell-LaPadula
• Clark-Wilson
• Brewer-Nash
• Biba
Correct Answer is: Bell-LaPadula
Details:
The correct answer is: Bell-LaPadula
The Bell-LaPadula model focuses on data confidentiality and access to classified information
From Wikipedia:
In this formal model, the entities in an information system are divided into subjects and objects. The
notion of a "secure state " is defined, and it is proven that each state transition preserves security by
security objectives of the model. The Bell-LaPadula model is built on the concept of a state machine with
a set of allowable states in a system. The transition from one state to another state is defined by
A system state is defined to be "secure " if the only permitted access modes of subjects to objects are in
1. The Simple Security Property states that a subject at a given security level may not read an
object at a higher security level (no read-up).
2. The *-property (read star-property) states that a subject at a given security level must not write
to any object at a lower security level (no write-down).
3. The Discretionary Security Property uses an access matrix to specify the discretionary access
control.
The transfer of information from a high-sensitivity paragraph to a lower-sensitivity document may

restricted by the *-property. Untrusted subjects are. Trusted Subjects must be shown to be trustworthy
with regard to the security policy.
This security model is directed toward access control and is characterized by the phrase: no read up, no
write down. Compare the Biba model, the Clark-Wilson model and the Chinese Wall.
With Bell-LaPadula, users can only create content at or above their own security level (Secret
researchers can create Secret or Top-Secret files but may not create Public files): no write-down.
Conversely, users can only view content at or below their own security level (Secret researchers can
view Public or Secret files, but may not view Top-Secret files): no read-up.
The Bell-LaPadula model explicitly defined its scope. It did not treat the following extensively:
Strong * Property
The Strong * Property is an alternative to the *-property in which subjects may only write to objects
with a matching security level. Thus, the write up operation permitted in the usual *-property is not
present, only a write to same operation. The Strong * Property is usually discussed in the context of
multilevel database management systems and is motivated by integrity concerns.
This Strong * Property was anticipated in the Biba model where it was shown that strong integrity in
combination with the Bell-La Padula model resulted in reading and writing at a single level. This strong
version has proven to be of limited practical utility.
• Brewer-Nash - Addresses Conflict of Interest.
• Biba - Addresses Integrity model
• Clark-Wilson - Addrersses Integrity Model
Also check:
Proceedings of the IFIP TC11 12th International Conference on Information Security, Samos (Greece),
May 1996, On Security Models.
Question 160
Which of the following is NOT a property of a one-way hash function?
• It converts a message of a fixed length into a message digest of arbitrary length.
• Given a digest value, it is computationally infeasible to find the corresponding message.
• It is computationally infeasible to construct two different messages with the same digest.
• It converts a message of arbitrary length into a message digest of a fixed length.
Correct Answer is: It converts a message of a fixed length into a message digest of arbitrary length.
Details:
The correct answer is: It converts a message of a fixed length into a message digest of arbitrary length.
An algorithm that turns messages or text into a fixed string of digits, usually for security or data
management purposes. The "one way" means that it's nearly impossible to derive the original text from
the string.
A one-way hash function is used to create digital signatures, which in turn identify and authenticate the
sender and message of a digitally distributed message.
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and
returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional
change to the data will change the hash value. The data to be encoded is often called the "message,"
and the hash value is sometimes called the message digest or simply digest.
The ideal cryptographic hash function has four main or significant properties:
• it is easy (but not necessarily quick) to compute the hash value for any given message
• it is infeasible to generate a message that has a given hash
• it is infeasible to modify a message without changing the hash
• it is infeasible to find two different messages with the same hash
Cryptographic hash functions have many information security applications, notably in digital signatures,
message authentication codes (MACs), and other forms of authentication. They can also be used as
ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or
uniquely identify files, and as checksums to detect accidental data corruption. Indeed, in information
security contexts, cryptographic hash values are sometimes called (digital) fingerprints, checksums, or
just hash values, even though all these terms stand for functions with rather different properties and
purposes.
and
http://en.wikipedia.org/wiki/Cryptographic_hash_function
Question 161
How many rounds of substitution and permutations are performed by Data Encryption Standard (DES)
Algorithm?
• 64
• 16
• 54
• 4
Details:
The Data Encryption Standard (DES) is a secret key encryption scheme adopted as standard in the USA in
1977. It uses a 56-bit key for encryption, but has a total key size of 64 bits. 8 bits are used for parity
purpose only. Such a key length today is considered by many to be insufficient as it can with moderate
effort be cracked by brute force. A variant called Triple-DES (TDES or 3DES) uses a longer key and is more
secure. The Advanced Encryption Standard (AES) has superseded DES and 3DES as the standard
encryption algorithm.
Encryption of a block of the message takes place in 16 stages or rounds. From the input key, sixteen 48
bit keys are generated, one for each round. In each round, eight so-called S-boxes are used. These S-
boxes are fixed in the specification of the standard.
http://www.iusmentis.com/technology/encryption/des/
CISA Review Manual 2014
CISM Review Manual 2014
Question 162
Which of the following statements is MOST accurate regarding a digital signature?
• It can be used as a signature system and a cryptosystem.
• It allows the recipient of data to verify the source and integrity of data.
• It is a method used to encrypt confidential data.
• It is the art of transferring handwritten signature to electronic media.
Correct Answer is: It allows the recipient of data to verify the source and integrity of data.
Details:
The Correct Answer is: It allows the recipient of data to verify the source and integrity of data.
Authentication
Integrity
Non-repudiation

valid signature.
"online" check, e.g. checking a "Certificate Revocation List" or via the "Online Certificate Status
Protocol". This is analogous to a vendor who receives credit-cards first checking online with the credit-
Tip for the exam
encryption
Other options are not valid related to digital Signature.
CISA Review Manual 2014 Page Number 331
CISM Review Manual 2015

Question 163
The computations involved in selecting keys and in enciphering data are complex, and are not practical
for manual use. However, using mathematical properties of modular arithmetic and a method known as
"_________________," RSA is quite feasible for computer use.
• computing in Gladden fields
• computing in Galbraith fields
• computing in Gallipoli fields
• computing in Galois fields
Correct Answer is: computing in Galois fields
Details:
The computations involved in selecting keys and in enciphering data are complex, and are not practical
for manual use. However, using mathematical properties of modular arithmetic and a method known as
computing in Galois fields, RSA is quite feasible for computer use.
FITES, Philip E., KRATZ, Martin P., Information Systems Security: A Practitioner's Reference, 1993, Van
Nostrand Reinhold, page 44.
Question 164
Which of the following concerning the Rijndael block cipher algorithm is FALSE?
• The cipher has a variable block length and key length.
• A total of 25 combinations of key length and block length are possible
• Both block size and key length can be extended to multiples of 64 bits.
• The design of Rijndael was strongly influenced by the design of the block cipher Square.
Correct Answer is: Both block size and key length can be extended to multiples of 64 bits.
Details:
The correct answer is: Both block size and key length can be extended to multiples of 64 bits.
The answer above is the correct answer because it is FALSE. Rijndael does not support multiples of 64
bits but multiples of 32 bits in the range of 128 bits to 256 bits. Key length could be 128, 160, 192, 224,
and 256.
Both block length and key length can be extended very easily to multiples of 32 bits. For a total
combination of 25 different block and key size that are possible.
The Rijndael Cipher
Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen as a candidate algorithm for the
Advanced Encryption Standard (AES) in the United States of America. The cipher has a variable block
length and key length.
Rijndael can be implemented very efficiently on a wide range of processors and in hardware.
The design of Rijndael was strongly influenced by the design of the block cipher Square.
The Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) keys are defined to be either 128, 192, or 256 bits in
accordance with the requirements of the AES.
The number of rounds, or iterations of the main algorithm, can vary from 10 to 14 within the Advanced
Encryption Standard (AES) and is dependent on the block size and key length. 128 bits keys uses 10
rounds or encryptions, 192 bits keys uses 12 rounds of encryption, and 256 bits keys uses 14 rounds of
encryption.
The low number of rounds has been one of the main criticisms of Rijndael, but if this ever becomes a
problem the number of rounds can easily be increased at little extra cost performance wise by
increasing the block size and key length.
Range of key and block lengths in Rijndael and AES

Rijndael and AES differ only in the range of supported values for the block length and cipher key length.
For Rijndael, the block length and the key length can be independently specified to any multiple of 32
bits, with a minimum of 128 bits, and a maximum of 256 bits. The support for block and key lengths 160
and 224 bits was introduced in Joan Daemen and Vincent Rijmen, AES submission document on Rijndael,
Version 2, September 1999 available at http://csrc.nist.gov/archive/aes/rijndael/Rijndael-
ammended.pdf
AES fixes the block length to 128 bits, and supports key lengths of 128, 192 or 256 bits only.
The Rijndael Page
and
http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf
and
FIPS PUB 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S.
Department of Commerce, November 2001.
Thanks to Abdus S Khan for sending feedback to improve this question.
Thanks to Stefan Beck for sending feedback to improve this questions.
NOTE FROM CLEMENT:
The answer that was false is Both block and key length can be extended to multiples of 64 bits. In fact it
is increment are of 32 bits. The key size published through the U.S. Advanced Encryption Standard are
not sequential. There could have been a lot more key size but it was chosen that three key size of low
(128), medium (192) , and high strength (256) was adequate for today's threat. It MUST be noted that
the key size above are mandatory within the AES standard, you cannot use arbitrary key size. The open
source version of Rijndael does make use of different key size and block size in some implementations.
When I refer to low, medium, and high in the paragraph above you have to realize that all things are
relative. A low level key of 128 bits would still take you thousands of years to be cracked with todays
processing power.
Question 165
What is NOT true about a one-way hashing function?
• It provides authentication of the message
• It provides integrity of the message
• The results of a one-way hash is a message digest
• A hash cannot be reversed to get the message used to create the hash
Correct Answer is: It provides authentication of the message
Details:
The correct answer is: It provides authentication of the message
A one way hashing function can only be use for the integrity of a message and not for authentication or
confidentiality. Because the hash creates just a fingerprint of the message which cannot be reversed and
it is also very difficult to create a second message with the same hash.
A hash by itself does not provide Authentication. It only provides a weak form or integrity. It would be
possible for an attacker to perform a Man-In-The-Middle attack where both the hash and the digest
could be changed without the receiver knowing it.
A hash combined with your session key will produce a Message Authentication Code (MAC) which will
provide you with both authentication of the source and integrity. It is sometimes referred to as a Keyed
Hash.
A hash encrypted with the sender private key produce a Digital Signature which provide authentication,
but not the hash by itself.
Hashing functions by themselves such as MD5, SHA1, SHA2, SHA-3 does not provide authentication.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 548
Question 166
In access control terms, the word "dominate" refers to which of the following?
• Higher or equal to access class
• Rights are superceded
• Valid need-to-know with read privileges
• A higher clearance level than other users
Correct Answer is: Higher or equal to access class
Details:
The correct answer is:
Higher or equal to access class. The reason is the term dominates refers to a subject being authorized to
perform an operation if the access class of the subject is higher or dominates the access class of the
object requested. This is the best answer for the term "dominates" in access control.
If a subject wishes to access an object, his security clearance must be equal or higher than the object
he's accessing.
Rights are superceded is incorrect as it is not actually a valid condition.
Valid need-to-know with read privileges is too specific to be dominates, and is usually what a user's label
indicates.
A higher clearance level than others. Although having a higher clearance level might be important to
obtain access to the higher levels of data, it is not what the definition of "dominates" refers to in access
control.
The following reference(s) were/was used to create this question:
Shon Harris latest "All in One CISSP Exam Prep" page 280.
Question 167
Within Crime Prevention Through Environmental Design (CPTED) the concept of territoriality is best
described as:
• Ownership
• Compromise of the perimeter
• Protecting specific areas with different measures
• Localized emissions
Correct Answer is: Ownership
Details:
The correct answer is: Ownership.
Crime prevention through Environmental Design (CPTED) is a concept that encourages individuals to feel
ownership and respect for the territory they consider occupy. By encouraging the use of physical
attributes that express ownership, the individual is more apt to protect and be aware in that
environment
The three main components of CPTED are:
1) natural access control - the guidance of people entering and leaving a space by the placement of
doors, fences, lighting, and even landscaping
2) natural surveillance - the goal is make criminals feel uncomfortable by providing many ways observers
could potentially see them
3) natural territorial reinforcement - creates physical designs that emphasize or extend the company's
physical sphere of influence so users feel a sense of ownership of that space.
Localized emissions is incorrect because it was a made up answer.
Compromise of the perimeter is incorrect because territoriality is meant to protect the perimeter and
the territory, not compromise it.
Protecting specific areas with different measures is incorrect. Compartmentalized Areas would require
specific protection to prevent intrusion. Territoriality deals with the protection of the entire facility and a
sense of ownership, not the protection of a specific area only.
ISC2 Official Guide to the CiSSP exam, p455, Shon Harris, All in One Exam Guide, p344-346
and
AIO Version 5 (Shon Harris) page 411-412
Question 168
For competitive reasons, the customers of a large shipping company called the "Integrated International
Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship.
IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this
information private. Different information in this database is classified at different levels. For example,
the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos
will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep
different shippers from viewing each other's cargos. An unscrupulous fruit shipper, the "Association of
Private Fruit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good
Corporation" (FIGCO), is shipping pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply
read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker,
however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping
pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the
insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is
shipping pineapples on the S.S. CP. What is the name of the access control model property that
prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that
could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO
was shipping pineapples?
• Simple Security Property and Polyinstantiation

• Simple Security Property and Polymorphism
• *-Property and Polymorphism
• Strong *-Property and Polyinstantiation
Correct Answer is: Simple Security Property and Polyinstantiation
Details:
The correct answer is: Simple Security Property and Polyinstantiation
The Simple Security Property states that a subject at a given clearance may not read an object at a
higher classification, so unclassified APFEL could not read FIGCO's top secret cargo information.
Polyinstantiation permits a database to have two records that are identical except for their
classifications (i.e., the primary key includes the classification). Thus, APFEL's new unclassified record did
not collide with the real, top secret record, so APFEL was not able to learn about FIGs pineapples.
*-Property and Polymorphism
The *-property states that a subject at a given clearance must not write to any object at a lower
classification, which is irrelevant here because APFEL was trying to read data with a higher classification.
Polymorphism is a term that can refer to, among other things, viruses that can change their code to
better hide from anti-virus programs or to objects of different types in an object-oriented program that
are related by a common superclass and can, therefore, respond to a common set of methods in
different ways. That's also irrelevant to this question.
Strong *-Property and Polyinstantiation
Half-right. The strong *-property limits a subject of a given clearance to writing only to objects with a
matching classification. APFEL's attempt to insert an unclassified record was consistent with this
property, but that has nothing to do with preventing APFEL from reading top secret information.
Simple Security Property and Polymorphism
Also half-right. See above for why Polymorphism is wrong.

HARRIS, Shon, CISSP All-in-one Exam Guide, Third Edition, McGraw-Hill/Osborne, 2005
Chapter 5: Security Models and Architecture (page 280)
Chapter 11: Application and System Development (page 828)
Question contributed by: Mark Heckman
Email or CCCure Nickname of question author: mrheckman
Thanks to Doug Rike for providing feedback to improve this question.
Thanks to Glenn Kesselman for providing feedback to improve this question.
You could see wordy scenario questions like this on the CISSP exam. They require reasoning, application
of general security concepts to a specific situation, and the ability to filter out extraneous information.
The keys to this question are as follows:
1) That Bell-LaPadula is the access control model and that a low-clearance subject could not read a high-
classification object. That leaves only Simple Security Property as an option.
2) That an insertion of a low-classification record in a database did not conflict with a record at a high
classification. The only concept that describes this situation is Polyinstantiation.
Question 169
The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1977, is a formal state transition
system of computer security policy that describes a set of access control rules designed to ensure data
integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that
subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a
lower level than the subject. Which of the following is the integrity goal addressed by the Biba Model?
• Maintain internal and external consistency
• Prevent data modification by unauthorized parties
• Prevent interception of message content by unauthorized parties
• Prevent unauthorized data modification by authorized parties
Correct Answer is: Prevent data modification by unauthorized parties
Details:
The correct answer is: Prevent data modification by unauthorized parties
This is the only integrity goal addressed by the Biba Integrity model. Clark-Wilson addresses all three
goals of integrity but the Biba model addresses only the first goal of integrity.
Below you have the description of the Clark-Wilson model which addresses all three goals of integrity:
• Prevent data modification by unauthorized parties (Biba address only this one)
• Maintain internal and external consistency (i.e. data reflects the real world)
Security models like Biba and Clark-Wilson are directed toward data integrity (rather than
confidentiality) and is characterized by the phrase: "no write up, no read down". This is in contrast to
the Bell-LaPadula model which is characterized by the phrase "no write down, no read up".
In the Biba model, users can only create content at or below their own integrity level (a monk may write
a prayer book that can be read by commoners, but not one to be read by a high priest). Conversely,
users can only view content at or above their own integrity level (a monk may read a book written by
the high priest, but may not read a pamphlet written by a lowly commoner).
Within system this refers to the way data will flow within the system. For example a Windows user at
Untrusted should not be able to interact and send command to a process running with System level
integrity privilege.
The Biba model defines a set of security rules similar to the Bell-LaPadula model. These rules are the
reverse of the Bell-LaPadula rules:
1. The Simple Integrity Axiom states that a subject at a given level of integrity may not read an
object at a lower integrity level (no read down).
2. The * (star) Integrity Axiom states that a subject at a given level of integrity must not write to
any object at a higher level of integrity (no write up).
Prevent interception of message content by unauthorized parties. Unless you have confidentiality
mechanisms in place such as SSL, TLS, IPSEC, or VPN, it would be possible to intercept clear text traffic
content.
Prevent unauthorized data modification by authorized parties. This is addressed only by the Clark-
Wilson model.
Maintain internal and external consistency (i.e. data reflects the real world). This is addressed only by
the Clark-Wilson Model.
Stewart , James M.; Chapple, Mike; Gibson, Darril (2015-09-11). CISSP (ISC)2 Certified Information
Systems Security Professional Official Study Guide (Kindle Locations 8166-8167). Wiley. Kindle Edition.
http://en.wikipedia.org/wiki/Biba_Model
Question 170
The Common Criteria for Information Technology Security Evaluation(abbreviated as Common Criteria
or CC) is an international standard (ISO/IEC 15408) for computer security.
Common Criteria is based upon a framework in which computer system users can specify their security
requirements, vendors can then implementand/or make claims about the security attributes of their
products, and testing laboratories can evaluate the products to determine if they actually meet the
claims. In other words, Common Criteria provides assurance that the process of specification,
implementation and evaluation of a computer security product has been conducted in a rigorous and
standard manner.
The Common Criteria came with it's own jargon and terms that you should be familiar with for the
purpose of the exam. Under the CC which of the following is the term used to describe the Product,
System, or software being evaluated?
• Evaluation Assurance Levels (EAL)
• Protection Profile (PP)
• Target of Evaluation (TOE)
• Security Target (ST)
Correct Answer is: Target of Evaluation (TOE)
Details:
The correct answer is: Target of Evaluation (TOE)
The TOE is the product or system that is the subject of the evaluation. The evaluation serves to validate
claims made about the target. To be of practical use, the evaluation must verify the target's security
features.
Protection Profile (PP)
It is a document, typically created by a user or user community, which identifies security requirements
relevant to that user for a particular purpose. A PP effectively defines a class of security devices (for
example, smart cards used to provide digital signatures, or network firewalls).
Product vendors can choose to implement products that comply with one or more PPs, and have their
products evaluated against those PPs. In such a case, a PP may serve as a template for the product's ST
(Security Target, as defined below), or the authors of the ST will at least ensure that all requirements in
relevant PPs also appear in the target's ST document. Customers looking for particular types of products
can focus on those certified against the PP that meets their requirements.
Security Target (ST)
The document that identifies the security properties of the target of evaluation. Each target is evaluated
against the SFRs established in its ST, no more and no less. This allows vendors to tailor the evaluation to
accurately match the intended capabilities of their product. This means that a network firewall does not
have to meet the same functional requirements as a database management system, and that different
firewalls may in fact be evaluated against completely different lists of requirements. The ST is usually
published so that potential customers may determine the specific security features that have been
certified by the evaluation.
Evaluation Assurance Level (EAL)
This is the numerical rating describing the depth and rigor of an evaluation. Each EAL corresponds to a
package of security assurance requirements (SARs, see above) which covers the complete development
of a product, with a given level of strictness.
Common Criteria lists seven levels, with EAL 1 being the most basic (and therefore cheapest to
implement and evaluate) and EAL 7 being the most stringent (and most expensive).
Normally, an ST or PP author will not select assurance requirements individually but choose one of these
packages, possibly 'augmenting' requirements in a few areas with requirements from a higher level.
Higher EALs do notnecessarily imply "better security", they only mean that the claimed security
assurance of the TOE has been more extensively validated.
So far, most PPs and most evaluated STs/certified products have been for IT components (e.g., firewalls,
operating systems, smart cards).
The evaluation process also tries to establish the level of confidence that may be placed in the product's
security features through quality assurance processes:
Security Functional Requirements (SFRs)
It specify individual security functions which may be provided by a product. The Common Criteria
presents a standard catalogue of such functions. For example, an SFR may state how a user acting a
particular role might be authenticated. The list of SFRs can vary from one evaluation to the next, even if
two targets are the same type of product. Although Common Criteria does not prescribe any SFRs to be
included in an ST, it identifies dependencies where the correct operation of one function (such as the
ability to limit access according to roles) is dependent on another (such as the ability to identify
individual roles).
Security Assurance Requirements (SARs)
It is the descriptions of the measures taken during development and evaluation of the product to assure
compliance with the claimed security functionality. For example, an evaluation may require that all
source code is kept in a change management system, or that full functional testing is performed. The
Common Criteria provides a catalogue of these, and the requirements may vary from one evaluation to
the next. The requirements for particular targets or types of products are documented in the ST and PP,
respectively.
Common Criteria certification is sometimes specified for IT procurement. Other standards containing,
e.g, interoperation, system management, user training, supplement CC and other product standards.
Examples include the ISO 17799 (Or more properly BS 7799-2, which is now ISO/IEC 27002) or the
German IT-Grundschutzhandbuch.

http://en.wikipedia.org/wiki/Common_Criteria
and
The official CEH courseware Version 6 Module 1
Question 171
Which security model uses an access control triple and also require separation of duty ?
• DAC
• Clark-Wilson
• Bell-LaPadula
• Lattice
Correct Answer is: Clark-Wilson
Details:
The correct answer is: Clark-Wilson
Separation of duty is necessarily determined by conditions external to the computer system.
The Clark-Wilson scheme includes as a requirement maintenance of separation of duty as expressed in

the access control triples.
Enforcement is on a per-user basis, using the user ID from the access control triple.
For your exam you should know information below:
Clark-Wilson model
The Clark-Wilson model was developed after Biba and takes some different approaches to protecting
the integrity of information.
As it turns out, Biba only addresses one of three key integrity goals. The Clark– Wilson model improves
on Biba by focusing on integrity at the transaction level and addressing three major goals of integrity in a
commercial environment. In addition to preventing changes by unauthorized subjects, Clark and Wilson
realized that high-integrity systems would also have to prevent undesirable changes by authorized
subjects and to ensure that the system continued to behave consistently. It also recognized that it would
need to ensure that there is constant mediation between every subject and every object if such integrity
was going to be maintained. To address the second goal of integrity, Clark and Wilson realized that they
needed a way to prevent authorized subjects from making changes that were not desirable. This
required that transactions by authorized subjects be evaluated by another party before they were
committed on the model system. This provided separation of duties where the powers of the authorized
subject were limited by another subject given the power to evaluate and complete the transaction. This
also had the effect of ensuring external consistency (or consistency between the model system and the
real world) because the evaluating subject would have the power to ensure that the transaction
matched what was expected in reality. To address internal consistency (or consistency within the model
system itself), Clark and Wilson recommended a strict definition of well-formed transactions. In other
words, the set of steps within any transaction would need to be carefully designed and enforced. Any
deviation from that expected path would result in a failure of the transaction to ensure that the model
system’s integrity was not compromised. To control all subject and object interactions, Clark– Wilson
establishes a system of subject– subject– program– object bindings such that the subject no longer has
direct access to the object. Instead, this is done through a program with access to the object. This
program arbitrates all access and ensures that every interaction between subject and object follows a
defined set of rules. The program provides for subject authentication and identification and limits all
access to objects under its control.
This model uses the following elements:
• Users Active agents
• Transformation procedures (TPs) Programmed abstract operations, such as read, write, and modify
• Constrained data items (CDIs) Can be manipulated only by TPs
• Unconstrained data items (UDIs) Can be manipulated by users via primitive read and write operations
• Integrity verification procedures (IVPs) Check the consistency of CDIs with external reality
Image - Subject Can not modify CDI without using TP
Image Source - CISSP All In one exam guide by Shon Harris

DAC - Discretionary Access Control (DAC) model – restricts access to resources according to users
identity -- owner of a resource identifies and controls (is in charge) grants or denies permissions to
resources for users using ACLs Lattice - math model used in a MAC-Mandatory access model
Bell LaPadula - Does not use triples
Question 172
One of your clients is interested in implementing security re-engineering. The client is reviewing several
information security models. The client operates in a highly secure environment where data with high
classifications cannot be leaked to subjects at lower classifications. The client is especially concerned
with identifying covert channels. Which model would you recommend to the client?
• Lattice Model
• Biba
• Bell Lapadula
• Information Flow Model combined with Bell Lapadula
Correct Answer is: Information Flow Model combined with Bell Lapadula
Details:
The correct answer is: Information Flow Model combined with Bell Lapadula
Securing the data manipulated by computing systems has been a challenge in the past years. Several
methods to limit the information disclosure exist today, such as access control lists, firewalls, and
cryptography. However, although these methods do impose limits on the information that is released by
a system, they provide no guarantees about information propagation. For example, access control lists
of file systems prevent unauthorized file access, but they do not control how the data is used
afterwards. Similarly, cryptography provides a means to exchange information privately across a non-
secure channel, but no guarantees about the confidentiality of the data are given once it is decrypted.
In low level information flow analysis, each variable is usually assigned a security level. The basic model
comprises two distinct levels: low and high, meaning, respectively, publicly observable information, and
secret information. To ensure confidentiality, flowing information from high to low variables should not
be allowed. On the other hand, to ensure integrity, flows to high variables should be restricted.
More generally, the security levels can be viewed as a lattice with information flowing only upwards in
the lattice.
Noninterference Models
This could have been another good answer as it would help in minimizing the damage from covert
channels.
The goal of a noninterference model is to help ensure that high-level actions (inputs) do not determine
what low-level user s can see (outputs ) . Most of the security models presented are secured by
permitting restricted ﬂows between high- and low-level users. The noninterference model maintains
activities at different security levels to separate these levels from each other. In this way, it minimizes
leakages that may happen through covert channels, because there is complete separation
(noninterference) between security levels. Because a user at a higher security level has no way to
interfere with the activities at a lower level, the lower-level user cannot get any information from the
higher leve.
Bell Lapadula
The Bell-LaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in
government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula,
subsequent to strong guidance from Roger R. Schell to formalize the U.S. Department of Defense (DoD)
multilevel security (MLS) policy. The model is a formal state transition model of computer security
policy that describes a set of access control rules which use security labels on objects and clearances for
subjects. Security labels range from the most sensitive (e.g."Top Secret"), down to the least sensitive
(e.g., "Unclassified" or "Public").
The Bell–LaPadula model focuses on data confidentiality and controlled access to classified information,
in contrast to the Biba Integrity Model which describes rules for the protection of data integrity. In this
formal model, the entities in an information system are divided into subjects and objects. The notion of
a "secure state" is defined, and it is proven that each state transition preserves security by moving from
secure state to secure state, thereby inductively proving that the system satisfies the security objectives
of the model. The Bell–LaPadula model is built on the concept of a state machine with a set of allowable
states in a computer network system. The transition from one state to another state is defined by
2. The ★-property (read "star"-property) - a subject at a given security level must not write to any
object at a lower security level (no write-down). The ★-property is also known as the Confinement
property.
3. The Discretionary Security Property - use of an access matrix to specify the discretionary access
control.
The transfer of information from a high-sensitivity document to a lower-sensitivity document may

happen in the Bell–LaPadula model via the concept of trusted subjects. Trusted Subjects are not
restricted by the ★-property. Untrusted subjects are. Trusted Subjects must be shown to be trustworthy
with regard to the security policy. This security model is directed toward access control and is
characterized by the phrase: "no read up, no write down."
With Bell-LaPadula, users can create content only at or above their own security level (i.e. secret
researchers can create secret or top-secret files but may not create public files; no write-down).
Conversely, users can view content only at or below their own security level (i.e. secret researchers can
view public or secret files, but may not view top-secret files; no read-up).
The Bell–LaPadula model explicitly defined its scope. It did not treat the following extensively:
Biba
The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1977, is a formal state transition
systemof computer security policy that describes a set of access control rules designed to ensure data
integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that
subjects may not corrupt objects in a level ranked higher than the subject, or be corrupted by objects
from a lower level than the subject.
In general the model was developed to circumvent a weakness in the Bell–LaPadula model which only
addresses data confidentiality.
In general, preservation of data integrity has three goals:

• Prevent data modification by unauthorized parties
• Maintain internal and external consistency (i.e. data reflects the real world)
Note: Biba address only the first goal of integrity while Clark-Wilson addresses all three
This security model is directed toward data integrity (rather than confidentiality) and is characterized by
the phrase: "no read down, no write up". This is in contrast to the Bell-LaPadula model which is
characterized by the phrase "no write down, no read up".
In the Biba model, users can only create content at or below their own integrity level (a monk may write
a prayer book that can be read by commoners, but not one to be read by a high priest). Conversely,
users can only view content at or above their own integrity level (a monk may read a book written by
the high priest, but may not read a pamphlet written by a lowly commoner). Another analogy to
consider is that of the military chain of command. A General may write orders to a Colonel, who can
issue these orders to a Major. In this fashion, the General's original orders are kept intact and the
mission of the military is protected (thus, "no read down" integrity). Conversely, a Private can never
issue orders to his Sergeant, who may never issue orders to a Lieutenant, also protecting the integrity of
the mission ("no write up").
The Biba model defines a set of security rules similar to the Bell-LaPadula model. These rules are the
reverse of the Bell-LaPadula rules:
1. The Simple Integrity Axiom states that a subject at a given level of integrity must not read an
object at a lower integrity level (no read down).
2. The * (star) Integrity Axiom states that a subject at a given level of integrity must not write to
any object at a higher level of integrity (no write up).
Lattice Model
In computer security, lattice-based access control (LBAC) is a complex access control model based on the
interaction between any combination of objects (such as resources, computers, and applications) and
subjects(such as individuals, groups or organizations).
In this type of label-based mandatory access control model, a lattice is used to define the levels of
security that an object may have and that a subject may have access to. The subject is only allowed to
access an object if the security level of the subject is greater than or equal to that of the object.
Mathematically, the security level access may also be expressed in terms of the lattice (a partial order
set) where each object and subject have a greatest lower bound (meet) and least upper bound (join) of
access rights. For example, if two subjects A and B need access to an object, the security level is defined
as the meet of the levels of Aand B. In another example, if two objects X and Y are combined, they form
another object Z, which is assigned the security level formed by the join of the levels of X and Y.

ISC2 Review Seminar Student Manual V8.00 page 255.
Dorothy Denning developed the information flow model to address convert channels .
and
The ISC2 Official Study Guide, Second Edition, on page 683-685
and
https://secure.wikimedia.org/wikipedia/en/wiki/Biba_security_model
and
https://secure.wikimedia.org/wikipedia/en/wiki/Bell%E2%80%93LaPadula_model
and
https://secure.wikimedia.org/wikipedia/en/wiki/Lattice-based_access_control
Question 173
This term best describes the ability to ensure that a person in a contract or a communication cannot
deny the authenticity
of their signature on a document.
• Authorization
• Availability
• Authenticity
• Non-Repudiation
Correct Answer is: Non-Repudiation
Details:
The correct answer is: Non-Repudiation
Non-Repudiation refers to how a user cannot deny signing a document or email when it was digitally
signed by their signature certificate.
Authenticity is wrong because it refers to data which has not been altered or corrupted
Availability is wrong because this refers to systems which deliver data are accessible when required by
users.
Authorization is wrong because this refers to a users ability to access data based upon a set of
credentials.
2011. EC-Council Official Curriculum, Ethical Hacking and Countermeasures, Volume 1, Page. 10, 11.
Question 174
Against which of the following would you use Rainbow Tables to attack?
• Antivirus Software
• Intrusion Detection Engines
• Firewall Rulesets
• Passwords
Correct Answer is: Passwords
Details:
The correct answer is: Passwords
When an attacker (Or Ethical Hacker carrying out a security review) wants to crack a password he might
throw random usernames and passwords against the target hoping for a match. It's very loud and easily
detected and is also time consuming, let alone that account lockouts would stop the attack after the first
5 tries.
If the attacker has a password file with a long list of password hashes Rainbow Tables can more quickly
crack passwords using a precomputed tables of password hashes. The password hash in the password
file is simply compared to the Rainbow Table password hash database for a quick and easy hash match.
Next to the appropriate password hash in the rainbow table is the clear text password the attack can use
to gain access.
Mitigation: Rainbow tables effectiveness can be mitigated using Cryptopgraphic Salt A large salt value
prevents precomputation attacks, including rainbow tables, by ensuring that each user's password is
hashed uniquely. (Wikipedia quote from Cryptopgraphic Salt)
Firewall Rulesets: This is incorrect. Rainbow Attacks aren't ordinarily carried out against Firewalls
although a good firewall can recognize floods of packets and block them.
Intrusion Detection Engines: Incorrect. A properly configured IDS can detect password attacks over a
network but rainbow tables password cracking is not an attack against an IDS itself traditionally.
Antivirus Software: This is incorrect. Antivirus and Rainbow tables have nothing to do with each other.
2011. EC-COUNCIL Official Curriculum, Ethical Hacking and Countermeasures, v7.1, Module 3, Page 174.
Cryptopgraphic Salt
Rainbow Table
Question 175
Rainbow Attacks uses what pre-computed values to attack a target?
• Pre-Computed Password Hashes
• IPSec Hashes
• NTLM Credentials
• Administrator Account Password
Correct Answer is: Pre-Computed Password Hashes
Details:
The correct answer is: Pre-Computed Password Hashes
Rainbow attacks involve using pre-computed hashes of their password equivalents.
Imagine a text file (Rainbow Table) containing millions of combinations of:
Clear Pass - Hash equivalent
password - a4d030djgvH3dJHex30dFG03d
Basically we take a rainbow table; a list of passwords and hash value equivalents and just compare the
hashes we see on the wire (Or file elsewhere like in the SAM file or in the process lsass.exe memory
space) to the list of pre-computed cleartext password equivalents in the rainbow table for instant
cleartext passwords.
Mitigation: Password salting involves adding random characters to the password hash making the attack
infeasible. There are millions of possible salt values which means you would need one 67 GB database
for each of the possible.
NTLM Credentials: This is incorrect. NTLM Credentials are usually in hash format and include both
username and password hash or password.
IPSec Hashes: This is incorrect. IPSec is not involved in rainbow attacks but IPSec can be effective in
mitigating the sniffing of NTLM password hashes from the network.
Administrator Account Password: This is incorrect but the administrator account is usually the target of
password attacks.
2011. EC-COUNCIL Official Curriculum, Ethical Hacking and Countermeasures, v7.1, Module 3, Page 174
Rainbow Table
Question 176
Which of the following answers is BEST described as "Applying cryptographic signatures to operating
system files then routinely re-scanning them to detect malicious or otherwise unauthorized changes."
Trustworthy Computing
• File Integrity Checking
• Host-Based Intrusion Detection
• Antivirus Scanning
Correct Answer is: File Integrity Checking
Details:
The correct answer is: File Integrity Checking
When a computer operating system is built, files are written to a disk and are considered trusted. The
files are as they were distributed by the vendor. If one were to execute an MD5 checksum against a file,
were that file to change the checksum would be different.
Tripwire is an open-source file integrity checking utility tool that is used to scan all files on the system.
Re-scans are scheduled to occur periodically and changes are reported to the administrator.
If a change is detected but not expected it can be investigated by the administrator to see if the
discrepancy involved malicious change to critical files.
Antivirus Scanning: This is incorrect. Antivirus Scanning is vital but usually only looks for threats, NOT file
changes.
Host-Based Intrusion Detection: HIDS or Host-Based IDS isn't the intended answer. HIDS are a common
defense and are also known as HBSS - Host-Based Security System.
Trustworthy Computing: This is not the intended answer. Trustworthy Computing is nothing new but a
2002 Microsoft initiative

2011. EC-COUNCIL Official Curriculum, Ethical Hacking and Countermeasures, v7.1, Module 7, Page 338
Trustworthy Computing
Tripwire
MD5 checksum
Question 177
Which of the following is a NOT a guideline necessary to enhance security in the critical Heating
Ventilation Air Conditioning (HVAC) aspect of facility operations?
• Maintain access rosters of maintenance personnel who are not authorized to work on the
system
• Escort all contractors with access to the system while on site
• Ensure that all air intake points are adequately secured with locking devices
• Restrict access to main air intake points to persons who have a work-related reason to be there
Correct Answer is: Maintain access rosters of maintenance personnel who are not authorized to work on
the system
Details:
The correct answer is: Maintain access rosters of maintenance personnel who are not authorized to
work on the system
This is a DETAIL oriented question. While you may not know the answer to such questions, look for
things that just do not seem logical. As far as the exam is concerned, there will be negative questions,
most people will trip and miss the NOT keyword because they are reading too fast.
In this case, by changing just a few key words, a correct answer becomes a wrong one. The book has
"Maintain access rosters of pre-approved maintenance personnel authorized to work on the system"
While you can theoretically keep rosters of people you don't want to work on the system, this not not
really practical. A much better approach is to keep a list of those who ARE approved.
HVAC is commonly overlooked from a physical security standpoint. From the ISC2 guide
"Over the past several years there has been an increasing awareness dealing with anthrax and airborne
attacks. Harmful agents introduced into the HVAC systems can rapidly spread throughout the structure
and infect all persons exposed to the circulated air."
On a practical real world note; for those who work in smaller shops without a dedicated maintenance
team, where you have to outsource. It would be wise to make sure that NO ONE has access other than
when you call them for service. If a maintenance technician shows up on your doorstep wanting access
so they can service the equipment, CALL your vendors MAIN line using the number that YOU have and
verify that they sent someone out. Don't take the technicians word for it, or you may just become a
victim of social engineering.
HVAC
HVAC stands for heating, ventilation, and air-conditioning. Heat can cause extensive damage to
computer equipment by causing processors to slow down and stop execution or even cause solder
connections to loosen and fail. Excessive heat degrades network performance and causes downtime.
Data centers and server rooms need an uninterrupted cooling system.
Generally, there are two types of cooling: latent and sensible. Latent cooling is the ability of the air-
conditioning system to remove moisture. This is important in typical comfort-cooling applications, such
as office buildings, retail stores, and other facilities with high human occupancy and use. The focus of
latent cooling is to maintain a comfortable balance of temperature and humidity for people working in
and visiting such a facility. These facilities often have doors leading directly to the outside and a
considerable amount of entrance and exit by occupants. Sensible cooling is the ability of the air-
conditioning system to remove heat that can be measured by a thermometer. Data centers generate
much higher heat per square foot than typical comfort-cooling building environments, and are typically
not occupied by large numbers
of people. In most cases, they have limited access and no direct means of egress to the outside of the
building except for seldom used emergency exits. Data centers have a minimal need for latent cooling
and require minimal moisture removal.
Sensible cooling systems are engineered with a focus on heat removal rather than moistureremoval and
have a higher sensible heat ratio; they are the most useful and appropriate choice for the data center.
Cooling systems are dove tailed into the power supply overhead. If there is a power interruption, this
will affect the cooling system. For the computers to continue operation, they need to be cooled.
Portable air-conditioning units can be used as a backup in case of HVAC failure but good design should
ensure cooling systems are accounted for as backup devices.
• Restrict access to main air intake points to persons who have a work-related reason to be there
• Escort all contractors with access to the system while on site

• Ensure that all air intake points are adequately secured with locking devices
Tipton, Harold F. (2010-04-20). Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press),
Chapter 8, Physical and Enviromental Security "Enviromental Controls, HVAC"
Question 178
Pervasive computing and mobile computing devices have to sacrifice certain functions. Which statement
concerning those devices is false.
• In many cases, security services has been enhanced due to the lack of services available.
• These devices share common security concerns with other resource-constrained devices.
• In many cases, security services have been sacrificed to provide richer user interaction when
processing power is very limited.
• Their mobility has made them a prime vector for data loss since they can be used to transmit
and store information in ways that may be difficult to control.
Correct Answer is: In many cases, security services has been enhanced due to the lack of services
available.
Details:
The correct answer is: In most cases, security services has been enhanced due to the lack of services
available.
This is a detailed oriented question to test if you are paying attention to both the question and answer.
While the answer sounds legitimate, it is not truly the case in these types of devices. Just remember,
even if you have one service running, that does not mean you are secure if the service itself has not
been secured.
From the official guide:

"The number of small mobile devices has grown considerably in the past four or five years. Products vary
from sophisticated mobile phones, such as third-generation (3G) handsets, to full-featured “netbooks”
and personal digital assistants (PDAs).
These devices share common security concerns with other resource-constrained devices. In many cases,
security services have been sacrificed to provide richer user interaction when processing power is very
limited. Also, their mobility has made them a prime vector for data loss since they can be used to
transmit and store information in ways that may be difficult to control."
- These devices share common security concerns with other resource-constrained devices.
- In many cases, security services have been sacrificed to provide richer user interaction when
processing power is very limited.
- Their mobility has made them a prime vector for data loss since they can be used to transmit and store
information in ways that may be difficult to control.
Chapter 9, Security Architecture and Design
Question 179
Which International Organization for Standardization standard is commonly referred to as the Common
Criteria?
• 22002
• 27001
• 14000
• 15408
Details:
From the official guide:
"The publication of the Common Criteria as the ISO/IEC 15408 standard provided the first truly
international product evaluation criteria. It has largely superseded all other criteria, although there
continue to be products in general use that were certified under TCSEC, ITSEC and other criteria. It takes
a very similar approach to ITSEC by providing a flexible set of functional and assurance requirements,
and like ITSEC, it is not very proscriptive as TCSEC had been. Instead, it is focused on standardizing the
general approach to product evaluation and providing mutual recognition of such evaluations all over
the world."
- 27001 ISO/IEC 27000 is part of a growing family of ISO/IEC Information Security Management Systems
(ISMS) standards, the 'ISO/IEC 27000 series'. ISO/IEC 27000 is an international standard entitled:
Information technology — Security techniques — Information security management systems —
Overview and vocabulary.
- 14000
ISO 14000 is a family of standards related to environmental management that exists to help
organizations (a) minimize how their operations (processes etc.) negatively affect the environment (i.e.
cause adverse changes to air, water, or land); (b) comply with applicable laws, regulations, and other
environmentally oriented requirements, and (c) continually improve in the above.
ISO 14000 is similar to ISO 9000 quality management in that both pertain to the process of how a
product is produced, rather than to the product itself. As with ISO 9000, certification is performed by
third-party organizations rather than being awarded by ISO directly. The ISO 19011 audit standard
applies when auditing for both 9000 and 14000 compliance at once.
The requirements of ISO 14000 are an integral part of the European Union‘s environmental
management scheme EMAS. EMAS‘s structure and material requirements are more demanding,
foremost concerning performance improvement, legal compliance and reporting duties.
- 22002 ISO/TS 22002- Prerequisite programmes on food safety—Part 1: Food manufacturing
Chapter 9, Security Architecture and Design
and
https://en.wikipedia.org/wiki/ISO_14000
and
https://en.wikipedia.org/wiki/ISO/IEC_27000
and
https://en.wikipedia.org/wiki/ISO_22000
Question 180
What Cloud Deployment model consist of a cloud infrastructure provisioned for exclusive use by a single
organization comprising multiple consumers (e.g., business units)? Such deployment model may be
owned, managed, and operated by the organization, a third party, or some combination of them, and it
may exist on or off premises.
• Private Cloud
• Community Cloud
• Hybrid Cloud
• Public Cloud
Correct Answer is: Private Cloud
Details:
The correct answer is: Private Cloud
A Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization
comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the
organization, a third party, or some combination of them, and it may exist on or off premises.
Other Cloud Deployment Models are:
Community cloud.
The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from
organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance
considerations). It may be owned, managed, and operated by one or more of the organizations in the
community, a third party, or some combination of them, and it may exist on or off premises.
Public cloud.
The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed,
and operated by a business, academic, or government organization, or some combination of them. It
exists on the premises of the cloud provider.
Hybrid cloud.
The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private,
community, or public) that remain unique entities, but are bound together by standardized or
proprietary technology that enables data and application portability (e.g., cloud bursting for load
balancing between clouds).
The following reference(s) was/were used to create this question:
NIST Special Publication 800-145 The NIST definition of Cloud Computing
and also see
NIST Special Publication 800-146 The Cloud Computing Synopsis and Recommendations
Question contributed by: Clement Dupuis
Email or CCCure Nickname of question author: boss
Question reviewed by: Nathalie Lambert
NOTE:
I strongly recommend you read both of the documents from NIST listed in reference. They are really
great at explaining what cloud computing is and the different between each of the deployment models.
Question 181
When referring to the cloud computing service models. What would you call a service model where the
consumer does not manage or control the underlying cloud infrastructure including networks, servers,
operating systems, or storage, but has control over the deployed applications and possibly configuration
settings for the application-hosting environment. Such a model typically provide a set of software
building blocks and a set of development tools such as programming languages and supporting run-time
environments that facilitate the construction of high-quality, scalable applications.?
• Infrastructure as a Service (IaaS)
• Code as a Service (CaaS)
• Software as a Service (SaaS)
• Platform as a Service (PaaS)
Correct Answer is: Platform as a Service (PaaS)
Details:
The correct answer is: Platform as a Service (PaaS)
The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or
acquired applications created using programming languages, libraries, services, and tools supported by
the provider. The consumer does not manage or control the underlying cloud infrastructure including
networks, servers, operating systems, or storage, but has control over the deployed applications and
possibly configuration settings for the application-hosting environment.
Platform-as-a-Service (PaaS) is a model of service delivery whereby the computing platform is provided
as an on-demand service upon which applications can be developed and deployed. Its main purpose is
to reduce the cost and omplexity of buying, housing, and managing the underlying hardware and
software components of the platform, including any needed program and database development tools.
The development environment is typically special purpose, determined by the cloud provider and
tailored to the design and architecture of its platform. The cloud consumer has control over applications
and application environment settings of the platform. Security provisions are split between the cloud
provider and the cloud consumer.
A Platform-as-a-Service (PaaS) cloud provides a toolkit for conveniently developing, deploying, and
administering application software that is structured to support large numbers of subscribers, process
very large quantities of data, and potentially be accessed from any point in the Internet. PaaS clouds will
typically provide a set of software building blocks and a set of development tools such as programming
languages and supporting run-time environments that facilitate the construction of high-quality, scalable
applications. Additionally, PaaS clouds will typically provide tools that assist with the deployment of new
applications. In some cases, deploying a new software application in a PaaS cloud is not much more
difficult than uploading a file to a Web server. PaaS clouds will also generally provide and maintain the
computing resources (e.g., processing, storage, and networking) that subscriber applications need to
operate. In short, PaaS clouds are similar to any traditional computing system (i.e., platform) in that
software applications can be developed for them and run on them.
Software-as-a-Service. Software-as-a-Service (SaaS) is a model of service delivery whereby one or more

applications and the computational resources to run them are provided for use on demand as a turnkey
service. Its main purpose is to reduce the total cost of hardware and software development,
maintenance, and operations. Security
provisions are carried out mainly by the cloud provider. The cloud consumer does not manage or control
the underlying cloud infrastructure or individual applications, except for preference selections and
limited administrative application settings.
Infrastructure-as-a-Service. Infrastructure-as-a-Service (IaaS) is a model of service delivery whereby the

basic computing infrastructure of servers, software, and network equipment is provided as an on-
demand service upon which a platform to develop and execute applications can be established. Its main
purpose is to avoid purchasing, housing, and managing the basic hardware and software infrastructure
components, and instead obtain those resources as virtualized objects controllable via a service
interface. The cloud consumer generally has broad freedom to choose the operating system and
development environment to be hosted. Security provisions beyond the basic infrastructure are carried
out mainly by the cloud consumer
Code as a Service (CaaS) CaaS does not exist and is only a detractor. This is no such service model.
The following references were used for this question:
Guidelines on Security and Privacy in Public Cloud Computing
NIST Special Publication 800-145 The NIST definition of Cloud Computing

Question 182
Which of the following protocols would BEST mitigate threats of sniffing attacks on web application
traffic?
• SSL or TLS
• 802.1X
• ARP Cache Security
• SSH - Secure Shell
Correct Answer is: SSL or TLS
Details:
The correct answer is: SSL or TLS
While it traverses the network, without some sort of encryption of web application data is vulnerable to
sniffing and interception by attackers on the network. If we observe sniffer traffic on an unencrypted
network we can clearly see the contents of user interaction with the web server and its applications.
SSL - Secure Sockets Layer or TLS - Transport Layer Security
There are similarities between these two protocols but TLS 3.1 supersedes SSL 2.0 but they are not
interoperable. Today both protocols are commonly used on many web server. In either case SSL/TLS
encrypts network traffic as it traverses the wire and protects it from sniffing attacks.
802.1X: This wouldn't secure data in transit but it would help prevent unauthorized devices from
connecting to your network and sniffing data. Also Known As "Dot 1 X" or "The Extensible
Authentication Protocol (EAP)" it provides infrastructure protection by requiring certificates to connect.
ARP Cache Security: This wouldn't mitigate the threat of network sniffing of web app data.
SSH - Secure Shell: Incorrect. SSH is a TELNET replacement for that encrypts traffic to mitigate the threat
of network sniffers on SSH connections.
2011. EC-COUNCIL Official Curriculum, Ethical Hacking and Countermeasures, v7.1, Module 13, Page
569.
Question 183
Which web application attack sends unexpected database commands to the application in an attempt to
divulge otherwise protected information?
Out of Band Signaling Attack
• SQL Injection Attack
Directory Traversal Attack
Unvalidated Input Attack
Correct Answer is: SQL Injection Attack
Details:
The correct answer is: SQL Injection Attack
SQL Injection attacks occur when attackers include portions of a SQL statement in a data entry field to
pass unauthorized database commands to the back end server.
While technically a Code Injection, SQL Injection attacks occur because user-generated data input is not
checked for unauthorized content which could be allowed to carry out commands against supporting
servers.
Mitigation: If you're a coder, always control and check user input data. If you're not a coder be sure you
only purchase or use web applications which perform user input validation to prevent the conditions
which allow SQL Injection or other sorts of attacks resulting from unvalidated user input.
Unvalidated Input Attack: This is a good answer but incorrect because unvalidated input can lead to SQL
Injection attacks because unchecked data is being sent to the web application.
Out of Band Signaling Attack: This isn't correct and isn't directly related to a SQL Injection attack. Out-of-
band signaling is generally where data is transmitted via normal means only where extra data is sent in
unusual parts of a protocol to bypass security measures.
Directory Traversal Attack: This is incorrect because a directory traversal attack isn't related to a
database attack.
557.
Question 184
Which of the following BEST describes what a SQL Injection is?

•
It is a Man-in-the-Middle attack between your SQL Server and Web App Server
It is an attack that disconnects the SQL server from its internal network
• It is an attack involving insecure database encryption
It is an attack used to gain unauthorized access to a database.
Correct Answer is:
It is an attack used to gain unauthorized access to a database.
Details:
The correct answer is: It is an attack used to gain unauthorized access to a database.
A SQL Injection attack (SQLi) is the injection of user-supplied data into SQL queries on the web
application server. This action changes the intended purpose of the query into what could be a malicious
attempt to alter, retrieve or destroy data on the SQL server. In other words, it's an attempt to get the
web application to pass a rogue SQL query to the database for malicious intent.
As reported by MadUnix:
SQLi Web application attacks facilitates unauthorized access to a database, or the ability to retrieve
information directly. SQL injection is a coding issue, fixing SQL injection problems is a matter of going
through EVERY SINGLE LINE in your code that talks to SQL, and making sure that it's not passing in
strings from the URL. SQL injection is potentially quick dangerous. But you almost certainly don't need
to check for SQL injection attacks in your code, if you use a library that knows how to remove dangerous
characters from SQL queries. Indeed, if you never pass user inputs directly to SQL queries, you should be
just fine. But if you do pass user inputs directly to your SQL queries, you're in for a rude surprise one of
these days!
SQL injection and Injection attacks in general are considered one of the top ten web application
vulnerabilities. (Reference)
This code illustrates the vulnerability:
statement = "SELECT * FROM users WHERE name = '" + userName + "';"
The threat stems from non-validated user input. All user-supplied input MUST be validated before
processing on the web application and supporting database otherwise there is a risk for this exploit to
be successful.
Mitigation: Ensure all your web applications control and validate data which is submitted by the users.
- It is an attack involving insecure database encryption: This isn't correct because the web application
already has access to the database even if it is encrypted.
- It is an attack that disconnects the SQL server from its internal network: This isn't correct. SQL Injection
attacks don't involve disconnecting servers from their networks.
- It is a Man-in-the-Middle attack between your SQL Server and Web App Server: This isn't correct
because SQL Injection attacks are not generally MITM attacks.
629.
Question 186
In a PKI infrastructure where are list of revoked certificates stored?
• Certificate Revocation List (CRL)
• Key escrow
• Recovery Agent
• Registration Authority (RA)
Correct Answer is: Certificate Revocation List (CRL)
Details:
The correct answer is: Certificate Revocation List (CRL)
Certificate revocation is the process of revoking a certificate before it expires.
A certificate may need to be revoked because it was stolen, an employee moved to a new company, or
someone has had their access revoked. A certificate revocation is handled either through a Certificate
Revocation List (CRL) or by using the Online Certificate Status Protocol (OCSP).
A repository is simply a database or database server where the certificates are stored. The process of
revoking a certificate begins when the CA is notified that a particular certificate needs to be revoked.
This must be done whenever the private key becomes known/compromised.
The owner of a certificate can request it be revoked at any time, or the request can be made by the
administrator. The CA marks the certificate as revoked. This information is published in the CRL. The
revocation process is usually very quick; time is based on the publication interval for the CRL.
Disseminating the revocation information to users may take longer. Once the certificate has been
revoked, it can never be used—or trusted—again. The CA publishes the CRL on a regular basis, usually
either hourly or daily. The CA sends or publishes this list to organizations that have chosen to receive it;
the publishing process occurs automatically in the case of PKI. The time between when the CRL is issued
and when it reaches users may be too long for some applications. This time gap is referred to as latency.
OCSP solves the latency problem: If the recipient or relaying party uses OCSP for verification, the answer
is available immediately.
Registration Authority (RA) A registration authority (RA) is an authority in a network that verifies user
requests for a digital certificate and tells the certificate authority (CA) to issue it. RAs are part of a public
key infrastructure (PKI), a networked system that enables companies and users to exchange information
and money safely and securely. The digital certificate contains a public key that is used to encrypt and
decrypt messages and digital signatures.
Recovery agent Sometimes it is necessary to recover a lost key. One of the problems that often arises
regarding PKI is the fear that documents will become lost forever—irrecoverable because someone loses
or forgets his private key. Let’s say that employees use Smart Cards to hold their private keys. If a user
was to leave his Smart Card in his or her wallet that was left in the pants that he or she accidentally
threw into the washing machine, then that user might be without his private key and therefore
incapable of accessing any documents or e-mails that used his existing private key.
Many corporate environments implement a key recovery server solely for the purpose of backing up and
recovering keys. Within an organization, there typically is at least one key recovery agent. A key
recovery agent has the authority and capability to restore a user’s lost private key. Some key recovery
servers require that two key recovery agents retrieve private user keys together for added security. This
is similar to certain bank accounts, which require two signatures on a check for added security. Some
key recovery servers also have the ability to function as a key escrow server, thereby adding the ability
to split the keys onto two separate recovery servers, further increasing security.
Key escrow (also known as a “fair” cryptosystem) is an arrangement in which the keys needed to decrypt
encrypted data are held in escrow so that, under certain circumstances, an authorized third party may
gain access to those keys. These third parties may include businesses, who may want access to
employees' private communications, or governments, who may wish to be able to view the contents of
encrypted communications.
Dulaney, Emmett (2011-06-03). CompTIA Security+ Study Guide: Exam SY0-301 (pp. 347-348). John
Wiley and Sons. Kindle Edition.
and
http://en.wikipedia.org/wiki/Key_escrow
and
http://my.safaribooksonline.com/book/certification/securityplus/9781597494267/public-key-
infrastructure/ch12lev1sec5
and
http://searchsecurity.techtarget.com/definition/registration-authority
Question 187
Common Criteria 15408 generally outlines assurance and functional requirements through a security
evaluation process concept of ______________, ____________, __________ for Evaluated Assurance
Levels (EALs) to certify a product or system.
• SFR, Security Target, Target of Evaluation
• Protection Profile, Target of Evaluation, Security Target
• SFR, Protection Profile, Security Target
• EAL, Security Target, Target of Evaluation
Correct Answer is: Protection Profile, Target of Evaluation, Security Target
Details:
The correct answer is: Protection Profile, Target of Evaluation, Security Target.
Common Criteria 15408 generally outlines assurance and functional requirements through a security
evaluation process concept of Protection Profile (PP), Target of Evaluation (TOE), and Security Target
(ST) for Evaluated Assurance Levels (EALs) to certify a product or system.
This lists the correct sequential order of these applied concepts to formally conducts tests that evaluate
a product or system for the certification for federal global information systems.
Common Criteria evaluations are performed on computer security products and systems. There are
many terms related to Common Criteria and you must be familiar with them.
• Target Of Evaluation (TOE) – the product or system that is the subject of the evaluation.
The evaluation serves to validate claims made about the target. To be of practical use, the evaluation
must verify the target's security features. This is done through the following:
• Protection Profile (PP) – a document, typically created by a user or user community, which
identifies security requirements for a class of security devices (for example, smart cards used to provide
digital signatures, or network firewalls) relevant to that user for a particular purpose. Product vendors
can choose to implement products that comply with one or more PPs, and have their products
evaluated against those PPs. In such a case, a PP may serve as a template for the product's ST (Security
Target, as defined below), or the authors of the ST will at least ensure that all requirements in relevant
PPs also appear in the target's ST document. Customers looking for particular types of products can
focus on those certified against the PP that meets their requirements.
• Security Target (ST) – the document that identifies the security properties of the target of
evaluation. It is what the vendor claim the product can do. It may refer to one or more PPs. The TOE is
evaluated against the SFRs (see below) established in its ST, no more and no less. This allows vendors to
tailor the evaluation to accurately match the intended capabilities of their product. This means that a
network firewall does not have to meet the same functional requirements as a database management
system, and that different firewalls may in fact be evaluated against completely different lists of
requirements. The ST is usually published so that potential customers may determine the specific
security features that have been certified by the evaluation
The evaluation process also tries to establish the level of confidence that may be placed in the product's
security features through quality assurance processes:
• Security Assurance Requirements (SARs) – descriptions of the measures taken during

development and evaluation of the product to assure compliance with the claimed security
functionality. For example, an evaluation may require that all source code is kept in a change
management system, or that full functional testing is performed. The Common Criteria provides a
catalogue of these, and the requirements may vary from one evaluation to the next. The requirements
for particular targets or types of products are documented in the ST and PP, respectively.
• Evaluation Assurance Level (EAL) – the numerical rating describing the depth and rigor of an
evaluation. Each EAL corresponds to a package of security assurance requirements (SARs, see above)
which covers the complete development of a product, with a given level of strictness. Common Criteria
lists seven levels, with EAL 1 being the most basic (and therefore cheapest to implement and evaluate)
and EAL 7 being the most stringent (and most expensive). Normally, an ST or PP author will not select
assurance requirements individually but choose one of these packages, possibly 'augmenting'
requirements in a few areas with requirements from a higher level. Higher EALs do not necessarily imply
"better security", they only mean that the claimed security assurance of the TOE has been more
extensively verified.
• Security Functional Requirements (SFRs) – specify individual security functions which may be
provided by a product. The Common Criteria presents a standard catalogue of such functions. For
example, a SFR may state how a user acting a particular role might be authenticated. The list of SFRs can
vary from one evaluation to the next, even if two targets are the same type of product. Although
Common Criteria does not prescribe any SFRs to be included in an ST, it identifies dependencies where
the correct operation of one function (such as the ability to limit access according to roles) is dependent
on another (such as the ability to identify individual roles).
So far, most PPs and most evaluated STs/certified products have been for IT components (e.g., firewalls,
operating systems, smart cards). Common Criteria certification is sometimes specified for IT
procurement. Other standards containing, e.g., interoperation, system management, user training,
supplement CC and other product standards. Examples include the ISO/IEC 17799 (Or more properly BS
7799-1, which is now ISO/IEC 27002) or the German IT-Grundschutzhandbuch.
Details of cryptographic implementation within the TOE are outside the scope of the CC. Instead,
national standards, like FIPS 140-2 give the specifications for cryptographic modules, and various
standards specify the cryptographic algorithms in use.
More recently, PP authors are including cryptographic requirements for CC evaluations that would
typically be covered by FIPS 140-2 evaluations, broadening the bounds of the CC through scheme-
specific interpretations.
The other options specified in the question are not valid choices.
Official (ISC)2 Guide to the CISSP CBK, Seventh Edition ((ISC)2 Press) kindle location 8446
CISSP All In One Exam Guide 6th Edition by Shon Harris Page number 401-405
ISO/IEC 15408 Common Criteria for IT Security Evaluations
and
http://en.wikipedia.org/wiki/Common_Criteria
Question 188
Which of the following was the first mathematical model of a multilevel security policy used to define
the concepts of a security state and mode of access, and to outline rules of access?
• Biba
• State machine
• Bell-LaPadula
• Clark-Wilson
Correct Answer is: Bell-LaPadula
Details:
The correct answer is: Bell-LaPadula
This is a formal definition of the Bell-LaPadula model, which was created and implemented to protect
confidential government and military information.
In the 1970s, the U.S. military used time-sharing mainframe systems and was concerned about the
security of these systems and leakage of classified information. The Bell-LaPadula model was developed
to address these concerns.
It was the first mathematical model of a multilevel security policy used to define the concept of a secure
state machine and modes of access, and outlined rules of access. Its development was funded by the
U.S. government to provide a framework for computer systems that would be used to store and process
sensitive information.
The model’s main goal was to prevent secret information from being accessed in an unauthorized
manner. A system that employs the Bell-LaPadula model is called a multilevel security system because
users with different clearances use the system , and the system processes data at different classification
levels.
The level at which information is classified determines the handling procedures that should be used. The
Bell-LaPadula model is a state machine model that enforces the confidentiality aspects of access control.
A matrix and security levels are used to determine if subjects can access different objects. The subject’s
clearance is compared to the object’s classification and then specific rules are applied to control how
subject-to-object interactions can take place.
Biba - The Biba model was developed after the Bell -LaPadula model. It is a state machine model similar
to the Bell-LaPadula model. Biba addresses the integrity of data within applications. The Bell-LaPadula
model uses a lattice of security levels (top secret, secret, sensitive, and so on). These security levels were
developed mainly to ensure that sensitive data were only available to authorized individuals. The Biba
model is not concerned with security levels and confidentiality, so it does not base access decisions
upon this type of lattice. Instead, the Biba model uses a lattice of integrity levels.
Clark-Wilson - When an application uses the Clark -Wilson model, it separates data into one subset that
needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset
that does not require a high level of protection, which is called an unconstrained data item (UDI). Users
cannot modify critical data (CDI) directly. Instead, the subject (user) must be authenticated to a piece of
software, and the software procedures (TPs) will carry out the operations on behalf of the user. For
example, when Kathy needs to update information held within her company’s database, she will not be
allowed to do so without a piece of software controlling these activities. First, Kathy must authenticate
to a program, which is acting as a front end for the database, and then the program will control what
Kathy can and cannot do to the information in the database. This is referred to as access triple: subject
(user), program (TP), and object (CDI). A user cannot modify CDI without using a TP.
State machine - In state machine models, to verify the security of a system, the state is used , which
means that all current permissions and all current instances of subjects accessing objects must be
captured. Maintaining the state of a system deals with each subject’s association with objects. If the
subjects can access objects only by means that are concurrent with the security policy, the system is
secure. A state of a system is a snapshot of a system at one moment of time. Many activities can alter
this state, which are referred to as state transitions. The developers of an operating system that will
implement the state machine model need to look at all the different state transitions that are possible
and assess whether a system that starts up in a secure state can be put into an insecure state by any of
these events. If all of the activities that are allowed to happen in the system do not compromise the
system and put it into an insecure state, then the system executes a secure state machine model.
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 369, 372-374, 367). McGraw-
Hill . Kindle Edition.
Question 189
Which of the following is a true statement pertaining to memory addressing?
• The CPU uses absolute addresses. Applications use logical addresses. Absolute addresses are
based on a known address and an offset value.
• The CPU uses absolute addresses. Applications use relative addresses. Logical addresses are
• The CPU uses logical addresses. Applications use absolute addresses. Relative addresses are
• The CPU uses absolute addresses. Applications use logical addresses. Relative addresses are
Correct Answer is: The CPU uses absolute addresses. Applications use logical addresses. Relative
addresses are based on a known address and an offset value.
Details:
The correct answer is: The CPU uses absolute addresses. Applications use logical addresses. Relative
addresses are based on a known address and an offset value.
The physical memory addresses that the CPU uses are called absolute addresses. The indexed memory
addresses that software uses are referred to as logical addresses. A relative address is a logical address
which incorporates the
correct offset value.
The CPU uses logical addresses. Applications use absolute addresses. Relative addresses are based on a
known address and an offset value.
The CPU uses absolute addresses. Applications use relative addresses. Logical addresses are based on a
The CPU uses absolute addresses. Applications use logical addresses. Absolute addresses are based on a
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 330). McGraw-Hill . Kindle
Edition.
Question 190
The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N)
to communicate securely with each other is given by which of the following?
• K(N + 1)/ 2
• N(N – 1)/ 2
• K(N – 1)/ 2
• N(K – 1)/ 2
Correct Answer is: N(N – 1)/ 2
Details:
The correct answer is: N(N – 1)/ 2

The formula is: Total number of users multiplied by total number of users minus 1, the results are then
divided by 2)
When using symmetric algorithms, the sender and receiver use the same key for encryption and
decryption functions. Each pair of users who want to exchange data using symmetric key encryption
must have two instances of the same key. This means that if Dan and Iqqi want to communicate, both
need to obtain a copy of the same key. If Dan also wants to communicate using symmetric encryption
with Norm and Dave, he needs to have three separate keys, one for each friend. This might not sound
like a big deal until Dan realizes that he may communicate with hundreds of people over a period of
several months, and keeping track and using the correct key that corresponds to each specific receiver
can become a daunting task.
If ten people needed to communicate securely with each other using symmetric keys, then 45 keys
would need to be kept track of. If 100 people were going to communicate, then 4,950 keys would be
involved.
The equation used to calculate the number of symmetric keys needed is N(N – 1)/ 2 = number of keys
K(N – 1)/ 2
N(K – 1)/ 2
K(N + 1)/ 2
Edition.
Question 191
Which of the following is a hashing algorithm?
• SHA
• RSA
• Diffie-Hellman (DH)
Correct Answer is: SHA
Details:
The correct answer is: SHA - The Secure Hashing Algorithm
SHA was designed by NSA and published by NIST to be used with the Digital Signature Standard (DSS).
SHA was designed to be used in digital signatures and was developed when a more secure hashing
algorithm was required for U.S. government applications.
SHA produces a 160-bit hash value, or message digest.
This is then inputted into an asymmetric algorithm, which computes the signature for a message. SHA is
similar to MD4. It has some extra mathematical functions and produces a 160-bit hash instead of a 128-
bit hash like MD5, which makes it more resistant to brute force attacks, including birthday attacks.
SHA was improved upon and renamed SHA-1. Recently, newer versions of this algorithm have been
developed and released such as SHA2 which has the following hash length: SHA-256, SHA-384, and SHA-
512.
NOTE: Very recently, SHA-3 has also been released but it is too new to be in the CBK.
RSA
Diffie Hellman
Elliptic Curve Cryptography(ECC)
All of the choices above are examples of an Asymmetric algorithm

Edition.
Question 192
Which of the following examples is NOT an asymmetric key algorithm?
• Elliptic curve cryptosystem(ECC)
• Diffie-Hellman
• Merkle-Hellman Knapsack
• Advanced Encryption Standard(AES)
Correct Answer is: Advanced Encryption Standard(AES)
Details:
The correct answer is: Advanced Encryption Standard(AES)
AES is an example of Symmetric Key algorithm. After DES was used as an encryption standard for over
20 years and it was cracked in a relatively short time once the necessary technology was available, NIST
decided a new standard, the Advanced Encryption Standard (AES), needed to be put into place .
In January 1997 , NIST announced its request for AES candidates and outlined the requirements in FIPS
PUB 197. AES was to be a symmetric block cipher supporting key sizes of 128, 192, and 256 bits.
The following five algorithms were the finalists:
• MARS Developed by the IBM team that created Lucifer
• RC6 Developed by RSA Laboratories
• Serpent Developed by Ross Anderson, Eli Biham, and Lars Knudsen
• Twofish Developed by Counterpane Systems
• Rijndael Developed by Joan Daemen and Vincent Rijmen
Out of these contestants, Rijndael was chosen.
The block sizes that Rijndael supports are 128, 192 , and 256 bits.
The number of rounds depends upon the size of the block and the key length:
• If both the key and block size are 128 bits, there are 10 rounds.
When preparing for my CISSP exam, i came across this post by Laurel Marotta at the URL below:
http://cissp-study.3965.n7.nabble.com/CCCure-CISSP-Study-Plan-to-crack-CISSP-clarification-
td401.html
This tips was originally contributed by Doug Landoll
Here is an easy way to remember the types of crypto cipher:
The sentence to remember is: DEER MRS H CARBIDS
Asymmetric: encrypt with 1 key, decrypt with other Key exchange. A key pair: Public and Private.
Services: Confidentiality, Nonrepudiation, Integrity, Digital Signature
D - Diffie-Hellman
E - El Gamal: DH +nonrepudiation
E - ECC
R - RSA
Hash- one-way algorithm, no key
M - MD5
R - RIPEMD (160)
S - SHA (3)
H - Haval (v)
Symmetric: Encryption, one key

C - CAST
A - AES: 128k, 10r; 192k, 12 r; 256k, 14r
R - RC4, RC5, RC6
B - BLOWFISH:23-448k, 64bit block
I - IDEA : 128k, 64bit block
D - DES-64-bit block, 16r
S - SERPENT
The following answers are all incorrect because they are all Asymmetric Crypto ciphers:
Elliptic curve cryptosystem(ECC)
Diffie-Hellman
Merkle-Hellman Knapsack
Edition.
Question 193
A message can be encrypted and digitally signed, which provides _______________
• Confidentiality and Integrity.
• Confidentiality and Non-repudiation
• Confidentiality and Authentication
• Confidentiality, Authentication, Non-repudiation, and Integrity.
Correct Answer is: Confidentiality, Authentication, Non-repudiation, and Integrity.
Details:
The correct answer is: Confidentiality, Authentication, Non-repudiation, and Integrity.
For the purpose of the exam, one needs to be very clear on all the available choices within cryptography,
because different steps and algorithms provide different types of security services:
A message can be digitally signed, which provides authentication, nonrepudiation, and integrity.
A message can be encrypted and digitally signed, which provides confidentiality, authentication,
nonrepudiation, and integrity.
Confidentiality and Authentication
Confidentiality and Non-repudiation
Confidentiality and Integrity

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (pp. 829-830). McGraw-Hill . Kindle
Edition.
Question 194
Public Key Infrastructure (PKI) consists of programs, data formats, procedures, communication
protocols, security policies, and public key cryptographic mechanisms working in a comprehensive
manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion.
This infrastructure is based upon which of the following standard?
• X.509
• X.25
• X.400
• X.500
Details:
X.509 was initially issued on July 3, 1988 and was begun in association with the X.500 standard.
It assumes a strict hierarchical system of certificate authorities (CAs) for issuing the certificates. This
contrasts with web of trust models, like PGP, where anyone (not just special CAs) may sign and thus
attest to the validity of others' key certificates.
PKI establishes a level of trust within an environment.
PKI is an ISO authentication framework that uses public key cryptography and the X.509 standard.
The framework was set up to enable authentication to happen across different networks and the
Internet.
Particular protocols and algorithms are not specified, which is why PKI is called a framework and not a
specific technology.
In cryptography, X.509 is an ITU-T standard for a public key infrastructure (PKI) and Privilege
Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public
key certificates, certificate revocation lists, attribute certificates, and a certification path validation
algorithm.
The standard for how the CA creates the certificate is X.509, which dictates the different fields used in
the certificate and the valid values that can populate those fields.
The most commonly used version is v3 of this standard, which is often denoted as X.509v3.
Many cryptographic protocols use this type of certificate, including SSL.
The certificate includes the serial number, version number, identity information, algorithm information,
lifetime dates, and the signature of the issuing authority
X.500 is a Directory Access Protocol(LDAP)
X.400 is for Electronic Messaging (EMAILs)
X.25 is Frame Relay
Edition.
Question 195
Which of the following answers can use RC4 for encryption?
• CHAP and 3DES
• SSL and CHAP
• SSL and WEP
• WEP and AES
Correct Answer is: SSL and WEP

Details:
The correct answer is: SSL and WEP
SSL can use a wide variety of key algorithms including RC4, RC2, DES, 3DES, Idea, Fortezza, AES and
others.
WEP uses the RC4 encryption algorithm.
- SSL and CHAP: The SSL part is correct but not the CHAP. CHAP is an authentication protocol but not an
encryption algorithm.
- CHAP and 3DES: Sorry, not correct.
- WEP and AES: This isn't the intended answer.
2013. Official Security+ Curriculum. Copyright CCCure.org.
Question 196
Suppose that you are the COMSEC - Communications Security custodian for a large, multinational
corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID
Card that she uses to digitally sign and encrypt emails in the PKI.
What happens to the certificates contained on the smart card after the security officer takes appropriate
action?
• They are added to the CRL
• They are reissued to the user
• New certificates are issued to the user
• The user may no longer have certificates
Correct Answer is: They are added to the CRL
Details:
The correct answer is: They are added to the CRL
Smart ID Cards can contain digital certifications user for establishing identity and for digitally encrypting
and decrypting messages.
Commonly, there are three types of certificates on an ID Card: Identity certificate, private certificate and
public certificate:
- Identity Certificate: This is the cert used to guarantee your identity, as when you swipe to enter a
facility or when logging onto a computer
- Public Certificate: This is freely shared with the public. All who have it can use it to decrypt messages
that you encrypt with your private key.
- Private Certificate: This is the key that you use to encrypt messages. It is a complimentary key to your
public key. Only your public key can decrypt messages encrypted with the private key.
Otherwise known as PKI - Public Key Infrastructure, this is how the keys are used on your card.
Ordinarily, there is software on the computer that can, given the appropriate PIN number, log on,
digitally sign, encrypt and decrypt messages.
If you should lose your card the only certificate that is vital to be kept secret is your private key because
that can decrypt messages encrypt with your public key.
If this happens, the private key is added to the CRL - Certificate Revocation List. It is published by the
Certificate Authority or CA server and must periodically be downloaded so that the system knows which
certificates to trust and which not to trust.
Notably, revocation lists can become quite large and slow to download, especially over slower or tactical
military networks. Also, certificates can be in one of two states on the CRL: Revoked or Hold. A hold can
be reversed but once in revoked status, it is gone forever
ABOUT OCSP
Another way of validating if a certificate is valid is using OCSP.
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation
status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. It
was created as an alternative to certificate revocation lists (CRL), specifically addressing certain
problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via
OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature
of these messages leads to OCSP servers being termed OCSP responders.
- They are reissued to the user: This isn't correct because once a private certificate is lost, it may never
again be trusted because it has been out of control of the user.
- New certificates are issued to the user: This is actually correct but not what happens first. Ordinarily
the previous certificates for the users are added to the CRL and THEN the new certificates are issued to
the user. This way there is no chance a double set of certs are out there for a single user.
- The user may no longer have certificates: This isn't correct, unless the user is fired or quits. Users must
have certificates to operate in a PKI environment. (Public Key Infrastructure)
Question 197
As an IT Manager, you are responsible for the Compliance with standard operating procedures and
operational security.
Part of those duties includes ensuring that the operating environment prepares adequately for potential
disasters like fires, floods, tornados, earthquakes or civil disturbance.
Which of the following answers reflects the MOST important thing to plan for when implementing fire
suppression systems?
• Ensuring sprinklers don't damage equipment
• Always use water sprinkler
• A good support contract from the vendor
• The best price for the suppression system
Correct Answer is: Ensuring sprinklers don't damage equipment
Details:
The correct answer is: Ensuring sprinklers don't damage equipment

Disaster preparedness is a key role of an IT Manager. Part of disaster planning is fire suppression. Part of
fire suppression is planning the placement of sprinklers in your datacenter in places where they would
suppress the fire but not then damage the systems they are there to protect.
Accordingly, it is important that you place sprinklers where they will suppress the fires but not spray
directly onto electrical systems, especially servers or network infrastructure systems like switches and
routers.
- A good support contract from the vendor: This could be important but isn't the most important thing
to plan for in fire suppression. Electrical systems don't react well to water so it is best to place sprinklers
where they would extinguish fires but not have them spray into server cabinets.
- The best price for the suppression system: This isn't correct. While maintaining control on costs, the
survivability of the equipment is the primary concern.
- Always use water sprinkler : You can not always use water sprinkler ex. computer server
Question 198
Which of the following answers is true of symmetric key cryptography?
• With pre-shared keys, each user key is different
• A private key is used to decrypt something encrypted with the public key
• Public keys and private keys are the same
• With secret keys, the key is the same for the sender and receiver.
Correct Answer is: With secret keys, the key is the same for the sender and receiver.
Details:
The correct answer is: With secret keys, the key is the same for the sender and receiver.
A synonym for Symmetric crypto is Secret key cryptography. Symmetric key crypto system depends on
having the same crypto key on each end so traffic can be encrypted with the sender key and the receiver
will decrypt the data using the exact same key and the sender. A key must be agreed between the two
parties communicating with each other before symmetric crypto can be use.
- With pre-shared keys, each user key is different: This isn't correct. If each key were different nobody
would be able to read anybody's traffic.
- A private key is used to decrypt something encrypted with the public key: Technically this is correct but
the question asks about symmetric key and public/private keys are not symmetric, they are asymmetric.
(Because they're different.)
- Public keys and private keys are the same: This really isn't the right answer. Sorry but if public and
private keys were the same there would be no point in using such a cryptographic sequence. The public
and private key are mathematically related but they cannot be derived from one another quickly.
To learn more about this topic and all others related to this exam CBK, subscribe to The CCCure
Security+ 2014 CBT tutorial at http://www.cccure.tv/lms/ The CBT covers the Cryptography domain in
great details and will give you a clear picture and get you ready for your exam.
and
http://en.wikipedia.org/wiki/Symmetric-key_algorithm
Question 199
You are an information systems security officer at a mid-sized business and are called upon to
investigate a threat conveyed in an email from one employee to another.
You gather the evidence from both the email server transaction logs and from the computers of the two
individuals involved in the incident and prepare an executive summary.
You find that a threat was sent from one user to the other in a digitally signed email. The sender of the
threat says he didn't send the email in question.
What concept of PKI - Public Key Infrastructure will implicate the sender?
• Integrity
• Authentication
• The digital signature of the recipient
• Non-repudiation
Correct Answer is: Non-repudiation
Details:
The correct answer is: Non-repudiation
PKI - Public Key Infrastructure is an infrastructure of hardware, software, people, policies and
procedures that makes use of the technology to provide some sort of confidentiality, integrity and
authenticity as well as non-repudiation in our daily digital lives.
In the case of the email threat, the fact that the email was digitally signed by the sender proves that he
is guilty of conveying the threat. Non-repudiation is the aspect of PKI that proves that nobody else could
have digitally signed the email using his private key that exists only on his identity card.
In the Digital World:
Regarding digital security, the cryptological meaning and application of non-repudiation shifts to mean:
• A service that provides proof of the integrity and origin of data.
• An authentication that can be asserted to be genuine with high assurance .
Proof of data integrity is typically the easiest of these requirements to accomplish. A data hash, such as
SHA2, is usually sufficient to establish that the likelihood of data being undetectably changed is
extremely low. Even with this safeguard, it is still possible to tamper with data in transit, either through
a man-in-the-middle attack or phishing. Due to this flaw, data integrity is best asserted when the
recipient already possesses the necessary verification information.
The most common method of asserting the digital origin of data is through digital certificates, a form of
public key infrastructure, to which digital signatures belong. They can also be used for encryption. The
digital origin only means that the certified/signed data can be, with reasonable certainty, trusted to be
from somebody who possesses the private key corresponding to the signing certificate. If the key is not
properly safeguarded by the original owner, digital forgery can become a major concern.
- The digital signature of the recipient: No, this isn't right. The recipient's signature won't indict the
sender of the threat. The sender's digital signature will prove his involvement.
- Authentication: This is incorrect. Authentication is the process of proving one's identity.
- Integrity: Sorry, this isn't the right answer either. Integrity in PKI only verifies that messages and
content aren't altered in transit.
To learn more about this topic and all others, subscribe to The CCCure Security+ 2014 CBT at
http://www.cccure.tv/lms/
and
http://en.wikipedia.org/wiki/Non-repudiation
Question 200
When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are
compared in a process that looks something like this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output
What is this cryptographic operation called?
• Decryption
• Exclusive-OR
• Logical-NOR
• Bit Swapping
Correct Answer is: Exclusive-OR
Details:
The correct answer is: Exclusive-OR Operation or sometimes referred to as XOR
When we encrypt data we are basically taking the plaintext information and applying some key material
or keystream and conducting something called an XOR or Exclusive-OR operation.
The symbol used for XOR is the following: ⊕ This is a type of cipher known as a stream cipher.
The operation looks like this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output (ciphertext)
As you can see, it's not simple addition and the XOR Operation uses something called a truth table that
explains why 0+1=1 and 1+1=0.
The rules are simples, if both bits are the same the result is zero, if both bits are not the same the result
is one.
- Bit Swapping: Incorrect. This isn't a known cryptographic operations.
- Logical NOR: Sorry, this isn't correct but is where only 0+0=1. All other combinations of 1+1, 1+0 equals
0. More on NOR here.
- Decryption: Sorry, this is the opposite of the process of encryption or, the process of applying the
keystream to the plaintext to get the resulting encrypted text.
For more details on XOR and all other topics of cryptography. Subscribe to our holistic Security+ CBT
tutorial at:
http://cccure.training
and
http://en.wikipedia.org/wiki/Exclusive-or
and
http://en.wikipedia.org/wiki/Stream_cipher
Question 201
Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as
the plaintext and never reused in whole or part?
• One time Cryptopad (OTC)
• Pretty Good Privacy (PGP)
• One Time Pad (OTP)
• Cryptanalysis
Correct Answer is: One Time Pad (OTP)
Details:
The correct answer is: OTP or also known as One Time Pad
The only cipher system asserted as unbreakable, that is as long as it is implemented properly, is the one-
time pad. These are often referred to as Vernam ciphers after the work of Gilbert Vernam, who
proposed the use of a key that could only be used once and that must be as long as the plaintext but
never repeats. The one-time pad uses the principles of the running key cipher, using the numerical
values of the letters and adding those to the value of the key; however, the key is a string of random
values the same length as the plaintext. It never repeats, compared to the running key that may repeat
several times. This means that a one-time pad is not breakable by frequency analysis or any other
cryptographic attacks.
OTP or One Time Pad is considered unbreakable if the key is truly random and is as large as the plaintext
and never reused in whole or part AND kept secret.
In cryptography, a one-time pad is a system in which a key generated randomly is used only once to
encrypt a message that is then decrypted by the receiver using the matching one-time pad and key.
Messages encrypted with keys based on randomness have the advantage that there is theoretically no
way to "break the code" by analyzing a succession of messages. Each encryption is unique and bears no
relation to the next encryption so that some pattern can be detected.
With a one-time pad, however, the decrypting party must have access to the same key used to encrypt
the message and this raises the problem of how to get the key to the decrypting party safely or how to
keep both keys secure. One-time pads have sometimes been used when the both parties started out at
the same physical location and then separated, each with knowledge of the keys in the one-time pad.
The key used in a one-time pad is called a secret key because if it is revealed, the messages encrypted
with it can easily be deciphered.
One-time pads figured prominently in secret message transmission and espionage before and during
World War II and in the Cold War era. On the Internet, the difficulty of securely controlling secret keys
led to the invention of public keycryptography.
The biggest challenge with OTP was to get the pad security to the person or entity you wanted to
communicate with. It had to be done in person or using a trusted courrier or custodian. It certainly did
not scale up very well and it would not be usable for large quantity of data that needs to be encrypted
as we often time have today.
- One time Cryptopad: Almost but this isn't correct. Cryptopad isn't a valid term in cryptography.
- Cryptanalysis: Sorry, incorrect. Cryptanalysis is the process of analyzing information in an effort to

breach the cryptographic security systems.
- PGP - Pretty Good Privacy: PGP, written by Phil Zimmermann is a data encryption and decryption
program that provides cryptographic privacy and authentication for data. Still isn't the right answer
though. Read more here about PGP.
(2015-03-20). Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ((ISC)2 Press) (Kindle Locations 9624-
9629). CRC Press. Kindle Edition.
and
http://users.telenet.be/d.rijmenants/en/otp.htm
and
http://en.wikipedia.org/wiki/One-time_pad
and
http://searchsecurity.techtarget.com/definition/one-time-pad
Question 202
Which of the following answers is described as a random value used in cryptographic algorithms to
ensure that patterns are not created during the encryption process?
• Stream Cipher
• Ciphertext
• OTP - One Time Pad
• IV - Initialization Vector
Correct Answer is: IV - Initialization Vector
Details:
The correct answer is: IV - Initialization Vector
The basic power in cryptography is randomness. This uncertainty is why encrypted data is unusable to
someone without the key to decrypt.
Initialization Vectors are a used with encryption keys to add an extra layer of randomness to encrypted
data. If no IV is used the attacker can possibly break the keyspace because of patterns resulting in the
encryption process. Implementation such as DES in Code Book Mode (CBC) would allow frequency
analysis attack to take place.
In cryptography, an initialization vector (IV) or starting variable (SV)is a fixed-size input to a

cryptographic primitive that is typically required to be random or pseudorandom. Randomization is
crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the
scheme under the same key does not allow an attacker to infer relationships between segments of the
encrypted message. For block ciphers, the use of an IV is described by so-called modes of operation.
Randomization is also required for other primitives, such as universal hash functions and message
authentication codes based thereon.
It is define by TechTarget as:
An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data
encryption. This number, also called a nonce, is employed only one time in any session.
The use of an IV prevents repetition in data encryption, making it more difficult for a hacker using a
dictionary attackto find patterns and break a cipher. For example, a sequence might appear twice or
more within the body of a message. If there are repeated sequences in encrypted data, an attacker
could assume that the corresponding sequences in the message were also identical. The IV prevents the
appearance of corresponding duplicate character sequences in the ciphertext.

- Stream Cipher: This isn't correct. A stream cipher is a symmetric key cipher where plaintext digits are
combined with pseudorandom key stream to product cipher text.
- OTP - One Time Pad: This isn't correct but OTP is made up of random values used as key material.
(Encryption key) It is considered by most to be unbreakable but must be changed with a new key after it
is used which makes it impractical for common use.
- Ciphertext: Sorry, incorrect answer. Ciphertext is basically text that has been encrypted with key
material (Encryption key)
For more details on this topic and other topics of the Security+ CBK, subscribe to our Holistic Computer
Based Tutorial (CBT) at http://www.cccure.tv
and
whatis.techtarget.com/definition/initialization-vector-IV
and
en.wikipedia.org/wiki/Initialization_vector
Question 203
Which of the following type of cryptography is used when both parties use the same key to
communicate securely with each other?
• PKI - Public Key Infrastructure

• Diffie-Hellman
• Symmetric Key Cryptography
• DSS - Digital Signature Standard
Correct Answer is: Symmetric Key Cryptography
Details:
The correct answer is: Symmetric Cryptography
Symmetric-key algorithms are a class of algorithms for cryptography that use the same cryptographic
keys for both encryption of plaintext (sender) and decryption of ciphertext (receiver). The keys may be
identical, in practice, they represent a shared secret between two or more parties that can be used to
maintain a private information link.
This requirement that both parties have access to the secret key is one of the main drawbacks of
symmetric key encryption, in comparison to public-key encryption. This is also known as secret key
encryption. In symmetric key cryptography, each end of the conversation must have the same key or
they cannot decrypt the message sent to them by the other party.
Symmetric key crypto is very fast but more difficult to manage due to the need to distribute the key in a
secure means to all parts needing to decrypt the data. There is no key management built within
Symmetric crypto.
PKI provides CIA - Confidentiality (Through encryption) Integrity (By guaranteeing that the message
hasn't change in transit) and Authentication (Non-repudiation). Symmetric key crypto provides mostly
Confidentiality.
- PKI - Public Key Infrastructure: This is the opposite of symmetric key crypto. Each side in PKI has their
own private key and public key. What one key encrypt the other one can decrypt. You make use of the
receiver public key to communicate securely with a remote user. The receiver will use their matching
private key to decrypt the data.
- Diffie-Hellman: Sorry, this is an asymmetric key technique. It is used for key agreement over an
insecure network such as the Internet. It allows two parties who has never met to negotiate a secret
key over an insecure network while preventing Man-In-The-Middle (MITM) attacks.
- DSS - Digital Signature Standard: Sorry, this is an asymmetric key technique.
To learn more about this topics and 100% of the Security+ CBK, subscribe to our Holistic Computer
Based Tutorial (CBT) on our Learning Management System at: http://www.cccure.tv
and
http://en.wikipedia.org/wiki/Symmetric-key_algorithm
Question 204
Which of the following definitions BEST describes a cipher that divides a message to be sent into fixed
length pieces and then encrypts each of those pieces one by one into ciphertext?
• Block Cipher
• Stream Cipher
• PKI - Public Key Integrity
• Black Cipher
Correct Answer is: Block Cipher
Details:
The correct answer is: Block Cipher
Block Cipher is a deterministic algorithm that operates on a chunk of data called blocks.
A block cipher is a method of encrypting data (to produce ciphertext) in which a cryptographic key and
algorithm are applied to a block of data (for example, 64 contiguous bits in the case of the DES standard)
at once as a group rather than to one bit at a time.
So that identical blocks of text do not get encrypted the same way in a message (which might make it
easier to decipher the ciphertext by doing a frequency analysis attack), it is common to apply the
ciphertext from the previous encrypted block to the next block in a sequence. So that identical
messages encrypted on the same day do not produce identical ciphertext, an initialization vector
derived from a random number generator is combined with the text in the first block and the key. This
ensures that all subsequent blocks result in ciphertext that doesn't match that of the first encrypting,
the ciphertext will vary everytime the same data is being encrypted with the same key.
The main alternative method, used much less frequently, is called the stream cipher.
- Stream Cipher: This is not right because a stream cipher is not the same as block cipher. Steam Ciphers
encrypt data bit-by-bit and not in blocks of data.
- Black Cipher: This is not a valid cryptography term.
- PKI - Public Key Integrity: This isn't right because PKI doesn't stand for Public Key Infrastructure AND
PKI isn't the correct answer. Sorry.
The CCCure Holistic Security+ Tutorial at: https://cccure.training Subcribe to our computer based
tutorial to learn about 100% of the objectives of the CBK.
and
http://searchsecurity.techtarget.com/definition/block-cipher
and
https://www.princeton.edu/~achaney/tmve/wiki100k/docs/Block_cipher.html
Question 205
Which of the following BEST describes a function relying on a shared secret key that is used along with a
hashing algorithm to verify the integrity of the communication content as well as the sender?
• Message Authentication Code - MAC
• PAM - Pluggable Authentication Module
• NAM - Negative Acknowledgement Message
• Digital Signature Certificate
Correct Answer is: Message Authentication Code - MAC
Details:
The correct answer is: Message Authentication Code - MAC
The purpose of a message authentication code - MAC is to verify both the source and message integrity
without the need for additional processes.
A MAC algorithm, sometimes called a keyed (cryptographic) hash function (however, cryptographic hash
function is only one of the possible ways to generate MACs), accepts as input a secret key and an
arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC
value protects both a message's data integrityas well as its authenticity, by allowing verifiers (who also
possess the secret key) to detect any changes to the message content.
MACs differ from digital signatures as MAC values are both generated and verified using the same secret
key. This implies that the sender and receiver of a message must agree on the same key before initiating
communications, as is the case with symmetric encryption. For the same reason, MACs do not provide
the property of non-repudiation offered by signatures specifically in the case of a network-wide shared
secret key: any user who can verify a MAC is also capable of generating MACs for other messages.
In contrast, a digital signature is generated using the private key of a key pair, which is asymmetric
encryption. Since this private key is only accessible to its holder, a digital signature proves that a
document was signed by none other than that holder. Thus, digital signatures do offer non-repudiation.
- PAM - Pluggable Authentication Module: This isn't the right answer. There is no known message
authentication function called a PAM. However, a pluggable authentication module (PAM) is a
mechanism to integrate multiple low-level authentication schemes and commonly used within the Linux
Operating System.
- NAM - Negative Acknowledgement Message: This isn't the right answer. There is no known message
authentication function called a NAM. The proper term for a negative acknowledgement is NAK, it is a
signal used in digital communications to ensure that data is received with a minimum of errors.
- Digital Signature Certificate: This isn't right. As it is explained and contrasted in the explanations
provided above.
Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ((ISC)2 Press) (p. 368). CRC Press. Kindle Edition.
and
The CCCure Computer Based Tutorial for Security+, you can subscribe at http://www.cccure.training
and
http://en.wikipedia.org/wiki/Message_authentication_code
Question 206
Which of the following answers is NOT a Cryptographic Attack?
• Hybrid Cryptosystem
• Brute Force Attacks
• Rainbow Table
• Frequency Analysis
Correct Answer is: Hybrid Cryptosystem
Details:
The correct answer is: Hybrid Cryptosystem
A Hybrid Cryptosystem is a not a Cryptographic Attack but a valid type of cryptosystem that combines
two or more systems of cryptography to make a system better than the individual components that
went into it.
The Enigma Machine was such a system from WWII that was used to encode messages between
German command and operational forces at sea. The Enigma machine used a combination of
substitution and transposition to make a very advanced hybrid cryptosystem for the period.
Known cryptographic attacks include Frequency Analysis, Brute Force Attacks, Dictionary Attacks,
Rainbow Table with precomputed password hash values and finally Birthday Attacks.
- Frequency Analysis: This is a cryptographic attack involving the analysis of blocks of an encrypted
message to detect common patterns.
- Brute Force Attacks: This is a crypto attack where every possible combination of characters which could
possibly be the key are tried. It's a very time-consuming process.
- Rainbow Table: This is a known type of cryptographic attack used to recover a password using a set of
known cryptographic hashes in something called a rainbow table.
Question 207
Which of the following answers BEST depicts the whole purpose of Digital Certificates?
• To decrypt messages
• To take part in PKI
• To encrypt messages
• Primary method of uniquely identifying valid users
Correct Answer is: Primary method of uniquely identifying valid users
Details:
The correct answer is: Primary method of uniquely identifying valid users and systems
The whole point behind using digital certificates is to uniquely identify not only users but also trusted
systems. Routers, switches, servers, users and their computers can all be issued digital certificates
permitting them to take part in a domain model in an enterprise.
- To encrypt messages: This is one use for digital certificates but it is not the main purpose behind the
user of certificates. Sorry.
- To decrypt messages: Certificates support the process of decrypting and encrypting messages but
these are only features of certificates.
- To take part in PKI: Sorry, incorrect answer. PKI is only the means for uniquely identifying users and
systems. It also supports digital encryption/decryption and non-repudiation.
2013. Official Security+ Curriculum. Copyright CCCure.org
Question 208
Which of the following BEST describes the role of the Certificate Authority?
• Provides non-repudiation in the PKI process
• Distributes keys and accepts registrations
• Middleman between subscribers and CA
• Issues, stores, revokes and distributes certificates
Correct Answer is: Issues, stores, revokes and distributes certificates
Details:
The correct answer is: Issues, stores, revokes and distributes certificates
Regarding digital signatures, the most important system in this architecture is the Certificate Authority.
It is responsible for issuing certificates to all entities in a network. Once a system or person has a
certificate they can be prevented from or permitted to talk on the network. Those without certificates
would not be allowed to participate in a domain model of trusted systems.
The whole concept behind the CA is trust. If the CA server issued a certificate it can reasonably be
assumed that the entity can be trusted.
The CA also authenticates that individual certificates are to be trusted when a user authenticates himself
or computer to access resources on a domain.
The duties of the RA - Registration Authority include assuming some of the duties of the CA and it is
authorized to distribute keys, accept registrations for the CA and validate identities.
However, it cannot issue certificates. That responsibility remains with the CA only.
- Middleman between subscribers and CA: Sorry, this isn't right because this is the role of the RA -
Registration Authority.
- Distributes keys and accepts registrations: Sorry, this describes the RA - Registration Authority.
- Provides non-repudiation in the PKI process: This isn't correct. The certificates that the CA - Certificate
Authority distributes provide non-repudiation in the PKI system.
Question 209
Which of the following standards do PKI Digital Signatures follow?
• IEEE 802.1x
• W3C XML Schema
• X.509
• MD2-Based
Details:
X.509 is an ITU-T standard for PKI and specifies standard formats for certificates, keys, certificate
revocation lists and other PKI standards.
- MD2-Based: This isn't correct. MD2 used to be used but they were found to be vulnerable to preimage
attacks where the attack tries to find a message that has a specific hash value.
- W3C XML Schema: Sorry, this is incorrect because it is not a standard that defines PKI.
- IEEE 802.1x: Sorry, this isn't correct because 802.1x, or "dot1x" is a network access control measure
based upon certificates.

Question 210
Which of the following option contains list of certificates serial numbers which are not be trusted any
longer?
• CKL - Compromised Key Listserve
• DNS - Domain Name Server
• CLK - Cert List Kill
• CRL
Correct Answer is: CRL
Details:
The correct answer is: CRL
The CA can revoke certificates and provide an update service to the other members of the PKI via a
certificate revocation list (CRL), which is a list of non-valid certificates that should not be accepted by
any member of the PKI.
Image - Sample CRL
Certificate revocation can be handled in several different ways. For some organizations, it may be
sufficient to set up servers so that the authentication process includes checking the directory for the
presence of the certificate being presented. When an administrator revokes a certificate, the certificate
can be automatically removed from the directory, and subsequent authentication attempts with that
certificate will fail even though the certificate remains valid in every other respect. Another approach
involves publishing a certificate revocation list (CRL) to the directory at regular intervals and checking
the list as part of the authentication process. For some organizations, it may be preferable to check
directly with the issuing CA each time a certificate is presented for authentication. This procedure is
sometimes called real time status checking. Many organizations are using the Online Certificate Status
Protocol (OCSP) as well. 32 OCSP is used for obtaining the revocation status of an X. 509 digital
certificate. It was created as an alternative to the use of certificate
revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key
infrastructure (PKI). OCSP can be vulnerable to replay attacks, where a signed, ‘good’ response is
captured by a malicious intermediary and replayed to the client at a later date after the subject
certificate may have been revoked. OCSP overcomes this by allowing a nonce to be included in the
request that must be included in the corresponding response. However, since most OCSP responders
and clients do not support or use the nonce extension and Certificate Authorities (CAs) issue responses
with a validity period of multiple days, the replay attack is still a threat to validation systems. The
security practitioner, the security professional, and the security architect all need to be aware of the risk
issue associated with the deployment of OCSP. The security architect needs to consider the risk from the
architectural and design perspectives, and he or she may decide to implement the use of the nonce in
order to effectively mitigate the risk as part of the design for the organization’s PKI system. The security
practitioner needs to consider the risk from the operational and implementation perspectives and will
need to ensure that the PKI system is built according to the security architect’s design requirements that
the nonce be supported and used with OCSP in the organization’s PKI system. In addition, the security
practitioner will also need to ensure that monitoring is implemented to validate that the nonce is being
used for all OCSP transactions through the system.
- CKL - Compromised Key Listserve: No, sorry. This looks official but there's no known server called CKL.
- DNS - Domain Name Server: This isn't right. DNS is a common server that resolves domain names like
cccure.org to 69.64.35.205. Makes it easier for humans to NOT have to maintain a list of IP Addresses
manually.
- CLK - Cert List Kill: This isn't right but it looks pretty cool though.
Question 211
In the CIA Triad, if Digital Signatures can provide Integrity, what provides Availability?
• Redundancy
• Executive Support
• Public Certificates
• Digital Signatures
Correct Answer is: Redundancy
Details:
The correct answer is: Redundancy
In the CIA Triad of Confidentiality, Integrity and Availability, Availability is provided by redundancy in the
forms of resilient and a well-developed hardware infrastructure implementation.
Some physical examples of redundancy are:
- Redundant disks in a RAID disk array
- Redundant power supplies in a server
- Backup power and fire suppression
- Backup data lines in the event the primary network goes down
- Chain of leadership in an organization in the event one or more persons become unavailable
- Remote hot, warm or cold sites to where operations can be relocated after a man-made or natural
disaster
Essentially, Redundancy is ANY method, plan, hardware or mentality that provides enhanced availability
to your data and the networks on which they reside.
- Digital Signatures: Sorry, Digital Signatures provide for Integrity in the CIA Triad.
- Public Certificates: This is an incorrect answer because public certificates are half of a PKI infrastructure
where the other half is Private Keys or Certificates.
- Executive Support: This could support availability when it comes to requesting additional funding for
hardware to enhance redundancy but it doesn't itself directly support Availability.
Question 212
Which of the following answers BEST describes the Bell-LaPadula model of storage and access control of
classified information?
• No read over and no write up
• No reading from higher classification levels
• No read up and No write down
• No write up, no read down
Correct Answer is: No read up and No write down

Details:
The correct answer is: No read up - No write down
The Bell–LaPadula model is perhaps the most well-known and significant security model, in addition to
being one of the oldest models used in the creation of modern secure computing systems. Like the
Trusted Computer System Evaluation Criteria (or TCSEC), it was inspired by early U.S. Department of
Defense security policies and the need to prove that confidentiality could be maintained. In other words,
its primary goal is to prevent disclosure as the model system moves from one state (one point in time)
to another.
In the world of Information Access Controls, there are multipl models, see some of them below:
- Bell La-Padula Model: Works to restrict users from reading data from a higher classification to protect
that data. This model is concerned with information security.
- Biba Model: This model means that a user can't write information TO a higher level
- Clark-Wilson Model: This model requires that all data access occur through controlled access programs.
- Information Flow Model: This is concerned with the properties of information flow in both directions,
not only in one direction. It requires that each piece of information has unique properties.
- Noninterference Model: This model is intended to ensure that higher-level security functions don't
interfere with lower-level operations in an attempt to isolate one from the other.
Each are different and suited for different information processing environments.
- No write up, no read down: Sorry but this is defines the Biba model of information integrity.
- No read over, no write up: This is an incorrect answer.
- No Reading from higher classification levels: This is incorrect but it is half correct in that data may not
be written DOWN to a lower level of classification because it would create something called a spillage
where data is leaked out of a more secure area into a less secure one.
2013. Official Security+ Curriculum.
and
Question 213
What is the danger if you go to your bank's website and the web browser pops up a security alert about
the website address not matching the URL on the certificate?
• The certificate issue is not a trusted one
• This means that the certificate has expired
• Users should just click through those without worry
• It could be a fake website trying to steal your credentials
Correct Answer is: It could be a fake website trying to steal your credentials
Details:
The correct answer is: It could be a fake site trying to steal your credentials.
When we go to a trusted site like an https:// (SSL) we are given a certificate from that website attesting
to the authenticity of that web site. Certificates both verify identity of the server and encrypt network
traffic to and from the server.
If the URL of the web server does not match that of the one claimed on the certificate, an error message
will pop up from the browser alerting users to this.
Two other common certificate error messages are:
- Expired certificates
- Certificate was issued by an untrusted authority. (One your browser doesn't trust.)
Remember that certificates are very similar to a person's ID Card. If I print an ID Card at home and try to
use it at a bank or retailer they will not recognize it as coming from a trusted authority like a state or
federal issuer.
This is no different from the set of trusted certificate authorities which come by default with your web
browser.
- Users can just click through those without worry: This is commonly what many people do but it is the
worst answer. When users click through warnings from the browser, dangerous things can happen like
lost credentials, infected computers or whatever else the website wants to do to your computer.
- This means the certificate has expired: This would be right if the error message matched this answer.
The pop ups for bad certificates are pretty clear about what the problem is, in this case the error
message said that the certificate URL doesn't match the actual URL of the server.
- The certificate issue is not a trusted one: This is a common certificate error message because many
websites are deployed with certificates issued by untrusted certificate authorities.
If you selected the second two answers it may have been because you failed to read the questions
carefully. Read the questions 2-3 times to avoid these mistakes in the future.
Question 214
Which information access control method prevents information from leaking DOWN to a lower level of
security while preventing users from accessing information at a higher level area than their own
clearance?
• Bell La-Padula Model
• Biba Model
• Clark-Wilson Model
• Information Flow Model
Correct Answer is: Bell La-Padula Model
Details:
The correct answer is: Bell La-Padula Model
Imagine a secure network where data must be segregated from one security to another.
Specifically, you have two networks, one is unclassified and the other is secret. Data leaking down from
secret to unclassified is forbidden while users on the unclassified network may not read UP to the secret
network because they do not have a security clearance for secret material.
This is a typical model in military networks and is similar to the Bell La-Padula model and it prevents
secret data from leaking to unclassified networks.
Access Control Overview:
- Bell La-Padula = No write down, no read up
- Biba Model = No write up, no read down
- Clark-Wilson = Applications control access to the data with pre-defined permissions
- Information Flow Model = Controls flow of data using properties on the information

Biba Model: Sorry. This model is no write up, no read down
Clark-Wilson: This model involves applications controlling access to the data with pre-defined
permissions assigned to the data's properties.
Information Flow Model: Controls flow of data using properties on the information
Question 215
There are basic goals of cryptography. Which of the following most benefits from the process of
encryption?
• Non-Repudiation
• Integrity
• Authentication
• Confidentiality
Details:
The correct answer is: Confidentiality

Encryption would be one of your last layer within Defense in Depth. When we encrypt files, for the most
part they are useless to anyone (they can't get access to the plaintext) except the person possessing the
encryption key to decrypt the files.
With strong encryption we can assume that they are safe so long as the encryption key is secured.
This process provides confidentiality that the data has not been divulged, even if captured (Sniffed) or
otherwise stolen while in transit or in storage.
Consider this mnemonic to help you remember the basic cryptographic goals:
P: Privacy (or confidentiality)
A: Authentication
I: Integrity
N: Non-repudiation
Authentication: Authentication isn't insured by encryption alone. Incorrect.
Integrity: Encryption doesn't insure integrity. Hashing algorithms would be used instead. Sorry.
Incorrect answer.
Non-repudiation: Sorry, encryption alone doesn't insure non-repudiation. You would need to have a
valid Public Key Infrastructure (PKI) in place along with the proper processes.
Gregg, Michael; Haines, Billy (2012-02-16). CASP: CompTIA Advanced Security Practitioner Study Guide
Authorized Courseware: Exam CAS-001 (p. 3). Wiley. Kindle Edition.
Question 216
One goal of Cryptography is Integrity. Which answer BEST reflects the benefit of data Integrity?
• Data remains unaltered
• Non-Repudiation
• Privacy
• Data remains available to all
Correct Answer is: Data remains unaltered
Details:
The correct answer is: Data remains unaltered
Integrity is how data should remain unaltered where it is created, used and when it is transmitted
between parties.
Integrity is another cryptographic goal. Integrity is important while data is in transmission and in
storage. Integrity means that information remains unaltered.
Through the use of integrity mechanisms such as Hashing Algorithms, Message Authentication Code
(MAC) and Digital Signatures, we can ensure that data is unaltered for those who depend upon it.
Data remains available to all: This would more closely reflect a quality of Availability but is not a
characteristic of data Integrity. Also, integrity doesn't mean ALL can access it, rather just the intended
owner.
Non-Repudiation: Sorry, Integrity isn't related to non-repudiation. Incorrect answer.
Privacy: AKA Confidentiality, Privacy is provided more directly by encryption which is also part of the
Cryptographic process.
Question 217
You receive an email, apparently from your boss saying that you are fired. You haven't had any events or
altercations at work which would cause such measure to be taken against you, so you're skeptical of the
email. You see that it wasn't digitally signed with your boss' usual Digital Signature.
Which benefit of Cryptography in play here would reassure you that you aren't fired and that your boss
can effectively claim he never sent the email?
• Availability
• Repudiation
• Integrity
• Confidentiality
Correct Answer is: Repudiation
Details:
The correct answer is: Repudiation
Repudiation is the ability to deny that you have sent an email. If the email is not signed with a Digital
Signature, it may have been created by anyone. It is possible to spoof 100% of an email.
Non-Repudiation is the ability of PKI - Public Key Infrastructure to verify the identity of the sender and
authenticity that it came from a unique individual. The individual cannot proclaim it was not from them
if the message was signed properly using their private key. Only the owner has a copy of the Private Key.
(Your boss, in this case.)
The internet can be a faceless place at times and PKI gives us the ability to trust that the message we're
reading came for certain from the actual person.
Non-repudiation is assurance that an entity to a communication cannot deny authenticity. It is proof of

the veracity of a claim. Non-repudiation means that a sender of data receives proof of delivery and the
recipient is assured of the sender s identity. Neither party should be able to deny having sent or received
the data at a later date.
Availability: Sorry but non-repudiation doesn't have anything to do with availability, which simply means
it's available to users when they need it.
Integrity: This is a good answer but not the BEST answer because the chance that an email to you was
altered in transit is very unlikely.
Confidentiality: This isn't correct because in the question you are questioning the source of the message,
not whether or not it was encrypted.
Question 218
Suppose you are an IT Manager and you decide to use a third party Certificate issuer to provide
certificates for your domain and subdomains. Cost is an issue and you are aware of a type of certificate
that you can use on all your subdomains.
What is the name of this type of certificate?
• Wildcard Certificate
• Wildcat Certificate
• Subdomain Certificates
• 2LDC - 2nd Level Domain Certificate
Correct Answer is: Wildcard Certificate
Details:
The correct answer is: Wildcard Certificate

Purchasing a single certificate for each of your domains and subdomains can be an expensive proposal
but you can purchase a type of certificate called a Wildcard Certificate.
Examples of a wildcard certificate for a sample *.company.com:
legal.company.com
finance.company.com
personnel.company.com
Wildcard Certificates only cover one domain below the main domain so further subdomains like
manager.personnel.company.com wouldn't be valid.
You can use a wildcard certificate on each subdomain but if any one gets stolen or otherwise
compromised you must replace ALL certificates on all subdomain systems. That's the risk of using
wildcard certificates.
- Wildcat Certificates: Almost, it's not Wildcat Certificate. If you clicked this by accident and missed the
question, us it as a learning experience to choose your answers very carefully to eliminate such
mistakes.
- Subdomain Certificates: Well, this isn't a bad answer but it isn't correct either.
- 2LDC - 2nd Level Domain Certificate: Sorry, this isn't a real term.
Question 219
The act of issuing certificates to end users, systems or applications is known as Issuance to ____?
• Entities
• Enterprise Activities
• Users, Systems or Applications
• Non-Persona Identities
Correct Answer is: Entities
Details:
The correct answer is: Entities
Issuance to Entities identifies to whom the CA issues the certificates. The certificate might be given to a
user, system or an application.
The purpose of issuing certificates to enterprise systems and people is to verify identity of systems or
people on the network.
You wouldn't want unauthorized systems talking on your network because they could be a malicious
attacker or a system compromised with malware that could threaten your other systems.
- Non-Persona Identities: This isn't correct but the term non-persona is common when describing items
in the enterprise.
- Users, Systems or Applications: This answer is incorrect but defines what Entities are.
- Enterprise Activities: This isn't a valid answer but it could be use do describe the process of Issuance to
Entities
Question 220
In this Block Cipher method of encryption, a single bit change in the plain text results in multiple changes
permutated throughout the rest of the encryption cycles so in the end, the ciphertext has completely
changed.
• Substitution
• Transposition
• Confusion
• Diffusion
Correct Answer is: Diffusion
Details:
The correct answer is: Diffusion

In Block Cipher, there are various encryption methods of encryption including, substitution,
transposition, Exclusive OR. Such steps creates confusion and diffusion.
In this case, a change in the plain text as small as a single bit results in multiple changes permutated
throughout the encryption cycle so in the end, the ciphertext has completely changed.
- Confusion: This isn't correct because confusion method uses a relationship between plaintext and the
key that is so complex the attacker can't alter the plaintext, examine the cipher text to determine the
key.
- Transposition: This is wrong because transposition method of block cipher scrambles the message by
reordering the plaintext.
- Substitution: Sorry, this is incorrect because substitution means to replace one letter of the alphabet by
another value. It is sometimes accomplish by shifting the alphabet x number of places.
Question 221
Block ciphers uses diffusion and confusion in their methods. Which of the following statements related
to Confusion and Diffusion is NOT TRUE?
• Confusion is commonly carried out through Transposition
• Diffusion,means that a single plaintext bit has influence over several of the ciphertext bits Block
ciphers use diffusion and confusion in their methods.
• Confusion is commonly carried out through substitution
• Diffusion is carried out by using transposition
Correct Answer is: Confusion is commonly carried out through Transposition
Details:
The correct answer is: Confusion is commonly carried out through Transposition
NOT Keyword is used in the question. You need to find out a statement which is NOT valid. Confusion is
commonly carried out through substitution and NOT transposition.
Block Cipher
When a block cipher is used for encryption and decryption purposes, the message is divided into blocks
of bits. These blocks are then put through mathematical functions,one block at a time. Suppose you
need to encrypt a message you are sending to your mother and you are using a block cipher that uses 64
bits. Your message of 640 bits is chopped up into 10 individual blocks of 64 bits. Each block is put
through a succession of mathematical formulas, and what you end up with is 10 blocks of encrypted
text. You send this encrypted message to your mother. She has to have the same block cipher
and key, and those 10 ciphertext blocks go back through the algorithm in the reverse sequence and end
up in your plaintext message.
Image Source - http://www.jasonslater.com/2008/11/10/block-cipher/
A strong cipher contains the right level of two main attributes: confusion and diffusion. Confusion is
commonly carried out through substitution, while diffusion is carried out by using transposition. For a
cipher to be considered strong, it must contain both of these attributes to ensure that reverse-
engineering is basically impossible. The randomness of the key values and the complexity of the
mathematical functions dictate the level of confusion and diffusion involved.
Confusion pertains to making the relationship between the key and resulting ciphertext as complex as
possible so the key cannot be uncovered from the ciphertext. Each ciphertext value should depend upon
several parts of the key, but this mapping between the key values and the ciphertext values should seem
completely random to the observer. Diffusion, on the other hand, means that a single plaintext bit has
influence over several of the ciphertext bits. Changing a plaintext value should change many ciphertext
values, not just one. In fact, in a strong block cipher, if one plaintext bit is changed, it will change every
ciphertext bit with the probability of 50 percent. This means that if one plaintext bit changes, then about
half of the ciphertext bits will change.
A very similar concept of diffusion is the avalanche effect. If an algorithm follows a strict avalanche
effect criteria, this means that if the input to an algorithm is slightly modified then the output of the
algorithm is changed significantly. So a small change to the key or the plaintext should cause drastic
changes to the resulting ciphertext. The ideas of diffusion and avalanche effect are basically the same—
they were just derived from different people. Horst Feistel came up with the avalanche term, while
Claude Shannon came up with the diffusion term. If an algorithm does not exhibit the necessary
degree of the avalanche effect, then the algorithm is using poor randomization. This can make it easier
for an attacker to break the algorithm.
Block ciphers use diffusion and confusion in their methods.
All of the other options are not valid.

Question 222
In this Block Cipher method of encoding, the user simply encodes the message by reordering the
plaintext in some way or the user scrambles the message by reordering the plaintext. What is this
method called?
• Confusion Cipher
• Diffusion Cipher
• Transposition Cipher
• Substitution Cipher
Correct Answer is: Transposition Cipher
Details:
The correct answer is: Transposition
With the transposition method of block cipher, the user simply encodes the message by reordering the
plaintext in some way. In cryptography, a transposition cipher is a method of encryption by which the
positions held by units of plaintext (which are commonly characters or groups of characters) are shifted
according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. That is,
the order of the units is changed. Mathematically a bijective function is used on the characters' positions
to encrypt and an inverse function to decrypt.
A sample of a Route Cipher of Transposition is how this message might be encoded. Note the message is
clear if you read top down, left to right:
We are discovered. Flee at once
WRIORFEOE
EESVELANJ
ADCEDETCX
- Diffusion Cipher: Diffusion means that changing a single character of the input will change many
characters of the output. Done well, every part of the input affects every part of the output, making
analysis much harder. No confusion process is perfect: it always lets through some patterns. Good
diffusion scatters those patterns widely through the output, and and if there are several patterns making
it through they scramble each other. This makes patterns vastly harder to spot, and vastly increases the
amount of data to analyze to break the cipher.
- Substitution: Sorry, this is incorrect because substitution means to change places of letters in the
plaintext. In cryptography, a substitution cipher is a method of encoding by which units of plaintext are
replaced with ciphertext, according to a fixed system; the "units" may be single letters (the most
common), pairs of letters, triplets of letters, mixtures of the above, and so forth.
- Confusion Cipher: This isn't correct because confusion method uses a relationship between plaintext
and the key that is so complex the attacker can't alter the plaintext, examine the cipher text to
determine the key. Confusion means that the process drastically changes data from the input to the
output. For example, by translating the data through a non-linear table created from the key. We have
lots of ways to reverse linear calculations (starting with high school algebra), so the more non-linear it is,
the more analysis tools it breaks.
and
https://news.ycombinator.com/item?id=2900174
and
For a lot more details on Transposition Ciphers see: http://en.wikipedia.org/wiki/Transposition_cipher
Question 223
One of your users reports that they're getting a certificate error on a critical web server for a enterprise
operation. What is likely the problem here?
• The DNS Server A Record has changed
• Web Server is offline
• Web Server doesn't support SSL
• Expired Digital Certificate
Correct Answer is: Expired Digital Certificate
Details:
The correct answer is: The digital signature on the server's certificate is expired or invalid.
Recall that digital signatures for web servers are a way for clients to verify the identity of a web server.
The point being is that they must be able to trust that they're on the web server they believe they are
on, like a bank website.
Digital Certificates are used to verify identity on the internet. Digital Certificates guarantee that a user
isn't conducting business on a fraud web server that looks like the trusted server.

- Web server is offline: If the web server were offline they wouldn't get a certificate error. The web
browser would likely tell you "Server no found" or similar error messages.
- Web server doesn't support SSL: Sorry, incorrect answer. The web server must support SSL if you are to
expect to use digital certificates.
- The DNS server A Record has changed: This likely isn't the case because if the A Record changed then
they wouldn't reach the server at all.
Question 224
You and your small software company write software programs for the automotive industry but they
warned you that they are tightening security on their desktop computers to allow only trusted code.
Either provide assurance of your code validity or they must stop buying your software.
How can you meet their demands?
• Code Signing
• Code Hashing
• Code Certificates
• Code Encryption
Correct Answer is: Code Signing
Details:
The correct answer is: Code Signing
Code Signing is the process of digitally signing executables and scripts to confirm that the code is
authentic and has not changed since you digitally signed it.
Code Signing is common in all major software vendors and is important to maintaining a trusted
computing platform.
- Code Hashing: This isn't right because hashing isn't the correct term for guaranteeing the authenticity
of your computer code.
- Code Certificates: This isn't a common term used in cryptology.
- Code Encryption: This isn't correct. If you encrypted your computer code they couldn't run the
applications.
Question 225
You are trying a new product out that can encrypt files which can then be mounted and appears as a
disk drive on your computer when it's unlocked.
As you install the product you are prompted to randomly run your mouse around to generate some
random data for the application to use?
What is this randomness called in the crypto world?
• Cryptographic Randomness
• Entropy
• Block Cipher
• Random Cipher
Correct Answer is: Entropy
Details:
The correct answer is: Entropy
In cryptology, randomness is vital to cryptographers and people who use the products because
randomness means unpredictability which means more security against crypto attacks. Computers
aren't good at being random and whatever randomness we make them generate is considered
pseudorandom or as random as a computer can be programmed to make.
One way to assist with creating the randomness for crypto products is to have users twiddle their fingers
on random keys or have the user scribble their mouse randomly to generate some randomness or
entropy with these actions.
Although key size is important, the randomness of the key is also critical. You may have been asked to
create a random key before and not have realized what you were actually doing. For example, many
security products begin the process of generating a pseudorandom key by having the user tap random
keys on a keyboard or randomly moving the mouse. Such activity is known as entropy.
Entropy is a measure of the randomness of data collected by an application or an operating system and
used to create a cryptography key. While having a random key is a good start, the key must also remain

- Block Cipher: This is a valid term in crypto but not in this question. Sorry about that.
- Random Cipher: This isn't a valid term in cryptography. Sorry.
- Cryptographic Randomness: Sorry but this merely describes the randomness we're looking for in
cryptography.
Question 226
What is a malware threat associated with virtualization?
• Alcatraz Escape
• Virus Escape
• Worm Escape
• VM Escape
Correct Answer is: VM Escape
Details:
The correct answer is: VM Escape

When you host multiple logical servers on a physical host you run the risk of some disadvantages. One of
which is malware escaping one virtual machine to infect another VM on the same host.
VM Escape is when malware leaps from VM to VM which can be a nightmare for a busy server with
multiple VMs on it.
Securing virtual servers requires the same defense in depth strategy common to non-virtualized
systems. Be sure to take threats to servers the same when their both virtual and physical.
- Worm Escape: This is also not a common virtualization term but it does create a funny mental picture.
- Virus Escape: This isn't a common term associated with virtualization and malware.
- Alcatraz Escape: This isn't a threat to VM but the movie was great.
Question 227
Which answer best describes the condition in software programs where computer memory isn't
properly deallocated after it is used and no longer needed?
• Race Conditions
• Integer Overflows
• Memory Buffer Overflows
• Memory Leaks
Correct Answer is: Memory Leaks
Details:
The correct answer is: Memory Leaks
When programs execute on a system, they request chunks of memory from the operating system in
order to do so. If the memory isn't properly released by the software code the system can run out of
memory and crash.
Memory leaks can be found in programming language code like C/C++. Both have the ability to
allocate/deallocate memory and since humans often make coding errors, Memory Leaks are possible in
these languages.
Whatis.com defines a memory leaks as:
A memory leak is the gradual loss of available computer memory when a program (an application or part
of the operating system) repeatedly fails to return memory that it has obtained for temporary use. As a
result, the available memory for that application or that part of the operating system becomes
exhausted and the program can no longer function. For a program that is frequently opened or called or
that runs continuously, even a very small memory leak can eventually cause the program or the system
to terminate. A memory leak is the result of a program bug.
- Memory Buffer Overflows: A buffer overflow isn't the right answer because this term describes
malicious software which manipulates code execution on the CPU and memory in a way that causes the
attack payload (code) to be executed. Memory leaks aren't necessarily attacks but are programming
errors.
- Integer Overflows: Integer overflows occur when applications try to store a number into a variable that
is too big for the amount allocated. Example: On the original PacMan game, if a player completed more
than 255 levels the game would crash because the highest addressable number of an 8-bit system is
256.
- Race Conditions: This isn't a correct answer because race conditions aren't a problem of memory but of
timing attacks also called asynchronous attacks. It's an application problem that arises when attackers
take advantage of differences or delays in timing in security systems.
Question 228
An IS auditor needs to consider many factors while evaluating an encryption system. Which of the
following is LEAST important factor to be considered while evaluating an encryption system?
• Encryption keys
• Key length
• Implementation language
• Encryption algorithm
Correct Answer is: Implementation language
Details:
The correct answer is: Implementation language
Implementation language is LEAST important as compare to other options. Encryption algorithm,

encryption keys and key length are key elements of an Encryption system.
It is important to read carefully the question. The word "LEAST" was the key word. You had to find
which one was LEAST important.
Other options mentioned are key elements of an Encryption system
• Encryption Algorithm – A mathematically based function or calculation that encrypts/decrypts

data
• Encryption keys – A piece of information that is used within an encryption algorithm
(calculation) to make encryption or decryption process unique. Similar to passwords, a user needs to use
the correct key to access or decipher the message into an unreadable form.
• Key length – A predetermined length for the key. The longer the key, the more difficult it is to
compromise in brute-force attack where all possible key combinations are tried.
Question 229
Which of the following statements correctly describes the difference between symmetric key encryption
and asymmetric key encryption?
• In symmetric key encryption the same key is used for encryption and decryption where as
asymmetric key uses private key for encryption and decryption
• In symmetric key encryption the same key is used for encryption and decryption where as in
asymmetric key encryption when the public key is used for encryption, the matching private key is used
for decryption.
• In symmetric key encryption the public key is used for encryption and the symmetric key for
decryption. Where as in asymmetric key encryption the public key is used for encryption and private key
is used for decryption
• Both uses private key for encryption and the decryption process can be done using public key
Correct Answer is: In symmetric key encryption the same key is used for encryption and decryption
where as in asymmetric key encryption when the public key is used for encryption, the matching private
key is used for decryption.
Details:
The correct answer is: In symmetric key encryption the same key is used for encryption and decryption
where as in asymmetric key encryption when the public key is used for encryption, the matching private
key is used for decryption.
There are two basic techniques for encrypting information: symmetric encryption (also called secret key
encryption) and asymmetric encryption (also called public key encryption.)
Symmetric Encryption
Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a
word, or just a string of random letters, is applied to the text of a message to change the content in a
particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As
long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that
use this key.
Few examples of symmetric key algorithms are DES, AES, Blowfish, etc.
Image Source - https://msdn.microsoft.com/en-us/library/ff650720.aspx
Asymmetric Encryption
The problem with secret keys is exchanging them over the Internet or a large network while preventing
them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message.
One answer is the usage of asymmetric encryption, in which there are two related keys, usually called a
key pair. The public key is made freely available to anyone who might want to send you a message.
The second key, called the private key is kept secret, so that only you know it.
Any message (text, binary files, or documents) that are encrypted using the public key can only be
decrypted by the matching private key. Any message that is encrypted by using the private key can only
be decrypted by using the matching public key.
This means that you do not have to worry about passing public keys over the Internet (the keys are
supposed to be public). A problem with asymmetric encryption, however, is that it is slower than
symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of
the message.
Few examples of asymmetric key algorithms are RSA, Elliptic key Cryptography (ECC), El Gamal, Diffie-
Hellman, etc
Image Source - https://msdn.microsoft.com/en-us/library/ff650720.aspx
The other options doesn't describes correctly the difference between symmetric key and asymmetric
key encryption.
http://support.microsoft.com/kb/246071
http://www.engineersgarage.com/articles/what-is-cryptography-encryption?page=3
Question 230
The goal of an information system is to achieve integrity, authenticity and non-repudiation of
information sent across the network. Which of the following statement CORRECTLY describe the steps
to address all three?
• Encrypt message digest using sender's private key and then send the encrypted digest to the
receiver along with original message. Receiver can decrypt the same using sender's public key.
• Encrypt the message digest using symmetric key and then send the encrypted digest to
receiver along with original message.
• Encrypt the message digest using receiver's public key and then send the encrypted digest to
receiver along with original message. The receiver can decrypt the message digest using his own private
key.
• Encrypt the message digest using sender's public key and then send the encrypted digest to the
receiver along with original message. The receiver can decrypt using his own private key.
Correct Answer is: Encrypt message digest using sender's private key and then send the encrypted digest
to the receiver along with original message. Receiver can decrypt the same using sender's public key.
Details:
The correct answer is: Encrypt message digest using sender's private key and then send the encrypted
digest to the receiver along with original message. Receiver can decrypt the same using sender's public
key.
Authentication
Integrity
Non-repudiation

valid signature.
Protocol". This is analogous to a vendor who receives credit-cards first checking online with the credit-
Tip for the exam
encryption

• Encrypt the message digest using symmetric key and then send the encrypted digest to receiver
along with original message - Symmetric key encryption does not provide non-repudiation as symmetric
key is shared between users
• Encrypt the message digest using receiver's public key and then send the encrypted digest to
receiver along with original message. The receiver can decrypt the message digest using his own private
key - Receiver's public key is known to everyone. This will not address non-repudiation
• Encrypt the message digest using sender's public key and then send the encrypted digest to the
receiver along with original message. The receiver can decrypt using his own private key - The sender
public key is known to everyone. If sender's key is used for encryption then sender's private key is
required to decrypt data. The receiver will not be able to decrypt the digest as recever will not have
sender's private key.
CISSP All In One Exam Guide by Shon Harris Page Number 129
http://searchsecurity.techtarget.com/definition/digital-signature
Question 231
Which of the following is an advantage of asymmetric crypto system over symmetric key crypto system?
• Number of keys grows very quickly

• Adequate for Bulk encryption
• Performance and Speed
• Key Management is built in
Correct Answer is: Key Management is built in
Details:
The correct answer is: Key Management
Symmetric Encryption - One key is used, this key can be called secret key encryption, sometimes private
key, single key, and shared key. When a symmetric key is selected randomly for one session it is referred
to as as session key.
Symmetric Ciphers are the best option for sending large amounts of data. It is a lot faster than
asymmetric encryption.
AES, DES, RC4, and 3DES Blowfish are also symmetric encryption algorithms.
AS FAR AS KEY MANAGEMENT:
Key management is better in asymmetric key encryption as compare to symmetric key encryption. In
fact, there is no key management built within Symmetric Crypto systems. You must use the sneaker net
or a trusted courrier to exchange the key securely with the person you wish to communicate with.
Key management is the major issue and a challenge when using symmetric key encryption.
In symmetric key encryption, a symmetric key is shared between two users who wish to communicate
together. As the number of users grows, the number of keys required also increases very rapidly.
For example, if a user wants to communicate with 5 different users then total number of different keys
required by the user are 10. The formula for calculating total number of key required is n*(n-1)/2 Or
total number of users times total of users minus one divided by 2.
Where n is number of users communicating with each others securely.

In an asymmetric key encryption system, every user will have only two keys, also referred to as a Key
Pair:
Private Key Only known to the user who initially generated the key pair
Public key Known to everyone, can be distributed at large
Performance Symmetric key encryption performance is better than asymmetric key encryption
Bulk encryption As symmetric key encryption gives better performance, symmetric key should be used
for bulk data encryption
Number of keys grows very quickly - The number of keys under asymmetric grows very nicely. 1000
users would need a total of only 2000 keys, or a private and a public key for each user. Under symmetric
encryption, one thousand users would need 495,500 keys to communicate securely with each others.
Systems Security Professional Official Study Guide (Kindle Locations 6465-6466) and (Kindle Location
6629). Wiley. Kindle Edition.
Question 232
Which key is used by the sender of a message to create a digital signature for the message being sent?
• Receiver's private key

• Receiver's public key
• Sender's public key
• Sender's private key
Correct Answer is: Sender's private key
Details:
The correct answer is: Sender's private key
The sender private key is used to calculate the digital singaure
The digital signature is used to archieve integrity, authenticity and non-repudiation. In a digital
signature, the sender's private key is used to encrypt the message disgest (signing) of the message and
receiver need to decrypt the same using sender's public key to validate the signature.
How It Works
• You copy-and-paste the contract (it's a short one!) into an e-mail note.
• Using special software, you obtain a message hash (mathematical summary) of the contract.
• You then use a private key that you have previously obtained from a public-private key authority
• The encrypted hash becomes your digital signature of the message. (Note that it will be different
At the other end, your lawyer receives the message:
• To make sure it's intact and from you, your lawyer makes a hash of the received message.
• Your lawyer then uses your public key to decrypt the message hash or summary.
• If the hashes match, the received message is valid.
Image Source - http://cryptome.org/jya/fips186-1.htm
Authentication
mistake.
Integrity
Non-repudiation

valid signature.
Protocol". Very roughly this is analogous to a vendor who receives credit-cards first checking online with
the credit-card issuer to find if a given card has been reported lost or stolen. Of course, with stolen key
pairs, the theft is often discovered only after the secret key's use, e.g., to sign a bogus certificate for
espionage purposes.
Tip for the exam:
Digital Signature does not provide confidentiality. The sender's private key is used for calulating digital
signature
encryption

Sender's Public key – This is incorrect as receiver will require sender's private key to verify digital
signature.
Receiver's Public Key – The digital signature provides non-repudation. The receiver's public key is known
to every one. So it can not be used for digital-signature. Receiver's public key can be used for encryption.
Receiver's Private Key – The sender do not know the receiver's private key. So this option is incorrect.
http://searchsecurity.techtarget.com/definition/digital-signature
Question 233
Which of the following cryptography is based on practical application of the characteristics of the
smallest “grains” of light, the photon, the physical laws governing their generation and propagation and
detection?
• Asymmetric Key Cryptography
• Symmetric Key Cryptography
• Quantum Cryptography
• Elliptical Curve Cryptography (ECC)
Correct Answer is: Quantum Cryptography

Details:
The correct answer is: Quantum Cryptography
Quantum cryptography is based on a practical application of the characteristics of the smallest “grain” of
light, photons and on physical laws governing their generation, propagation and detection.
Quantum cryptography is the next generation of cryptography that may solve some of the existing
problem associated with current cryptographic systems, specifically the random generation and secure
distribution of symmetric cryptographic keys. Initial commercial usage has already started now that the
laboratory research phase has been completed.
Quantum cryptography is based on a practical application of the characteristics of the smallest “grain” of
light, photons and on physical laws governing their generation, propagation and detection.
Quantum cryptography is the next generation of cryptography that may solve some of the existing
problem associated with current cryptographic systems, specifically the random generation and secure
distribution of symmetric cryptographic keys. Initial commercial usage has already started now that the
laboratory research phase has been completed.
The following were incorrect answers: Elliptic Key Cryptography(ECC) - A variant and more efficient form
of a public key cryptography (how to manage more security out of minimum resources) gaining
prominence is the ECC. ECC works well on a network computer requires strong cryptography but have
some limitation such as bandwidth and processing power. This is even more important with devices
such as smart cards, wireless phones and other mobile devices. It is believed that ECC demands less
computational power and, therefore offers more security per bit. For example, an ECC with a 160 bit
key offer the same security as an RSA based system with a 1024 bit key.
Symmetric Encryption - Symmetric encryption is the oldest and best-known technique. A secret key,
which can be a number, a word, or just a string of random letters, is applied to the text of a message to
change the content in a particular way. This might be as simple as shifting each letter by a number of
places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and
decrypt all messages that use this key.
The problem with secret keys is exchanging them over the Internet or a large network while preventing
them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message.
Asymmetric encryption - In which there are two related keys--a key pair. A public key is made freely
available to anyone who might want to send you a message. A second, private key is kept secret, so that
only you know it.
Any message (text, binary files, or documents) that are encrypted by using the public key can only be
decrypted by applying the same algorithm, but by using the matching private key. Any message that is
encrypted by using the private key can only be decrypted by using the matching public key.
This means that you do not have to worry about passing public keys over the Internet (the keys are
supposed to be public). A problem with asymmetric encryption, however, is that it is slower than
symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of
the message.
Question 234
Which of the following cryptography demands less computational power and offers more security per
bit?
• Quantum cryptography
• Asymmetric Key Cryptography
• RSA
Correct Answer is: Elliptic Curve Cryptography (ECC)
Details:
The correct answer is: Elliptical Curve Cryptography (ECC)
ECC demands less computational power and, therefore offers more security per bit. For example, an ECC
with a 160 bit key offer the same security as an RSA based system with a 1024 bit key.
ECC is a variant and more efficient form of a public key cryptography (how tom manage more security
out of minimum resources) gaining prominence is the ECC. ECC works well on a network computer
requires strong cryptography but have some limitation such as bandwidth and processing power. This is
even more important with devices such as smart cards, wireless phones and other mobile devices.
Quantum Cryptography - Quantum cryptography is based on a practical application of the characteristics

of the smallest “grain” of light, photons and on physical laws governing their generation, propagation
and detection. Quantum cryptography is the next generation of cryptography that may solve some of
the existing problem associated with current cryptographic systems, specifically the random generation
and secure distribution of symmetric cryptographic keys. Initial commercial usage has already started
now that the laboratory research phase has been completed.
RSA - Asymmetrc key algorith. Provide less security as compare to ECC provided keysize are same.
Asymmetric Encryption - The problem with secret keys is exchanging them over the Internet or a large
network while preventing them from falling into the wrong hands. Anyone who knows the secret key
can decrypt the message. One answer is asymmetric encryption, in which there are two related keys--a
key pair. A public key is made freely available to anyone who might want to send you a message. A
second, private key is kept secret, so that only you know it. Any message (text, binary files, or
documents) that are encrypted by using the public key can only be decrypted by applying the same
algorithm, but by using the matching private key. Any message that is encrypted by using the private key
can only be decrypted by using the matching public key. This means that you do not have to worry about
passing public keys over the Internet (the keys are supposed to be public). A problem with asymmetric
encryption, however, is that it is slower than symmetric encryption. It requires far more processing
power to both encrypt and decrypt the content of the message.
Question 235
Which of the following is a form of Hybrid Cryptography where the sender encrypts the bulk of the data
using Symmetric Key cryptography and then communicates securely a copy of the session key to the
receiver?
• Digital Envelope
• Symmetric key encryption
• Asymmetric
• Digital Signature
Correct Answer is: Digital Envelope
Details:
The correct answer is: Digital Envelope
A Digital Envelope is used to send encrypted information using symmetric keys, and the relevant session
key along with it. It is a secure method to send electronic document without compromising the data
integrity, authentication and non-repudiation, which were obtained with the use of symmetric keys.
A Digital envelope mechanism works as follows:
• The symmetric key, which is used to encrypt the bulk of the date or message can be referred to
as session key. It is simply a symetric key picked randomly in the keyspace.
• In order for the receiver to have the ability to decrypt the message, the session key must be sent
to the receiver.
• This session key cannot be sent in clear text to the receiver, it must be protected while in transit,
else anyone who have access to the network could have access to the key and confidentiality can easily
be compromised.
• Therefore it is critical to encrypt and protect the session key before sending it to the receiver.
The session key is encrypted using receiver's public key. Thus providing confidentiality of the key.
• The encrypted message and the encrypted session key are bundled together and then sent to
the receiver who, in turn opens the session key with the receiver matching private key.
• The session key is then applied to the message to get it in plain text.
The process of encrypting bulk data using symmetric key cryptography and encrypting the session key
with a public key algorithm is referred as a digital envelope. Sometimes people refer to it as Hybrid
Cryptography as well.
Digital-signature – A digital signature is an electronic identification of a person or entity created by using

public key algorithm and intended to verify to recipient the integrity of the data and the identity of the
sender. Applying a digital signature consist of two simple steps, first you create a message digest, then
you encrypt the message digest with the sender's private key. Encrypting the message digest with the
private key is the act of signing the message.
Symmetric Key Encryption - Symmetric encryption is the oldest and best-known technique. A secret key,
which can be a number, a word, or just a string of random letters, is applied to the text of a message to
change the content in a particular way. This might be as simple as shifting each letter by a number of
places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and
decrypt all messages that use this key.
Asymmetric Key Encryption - The term "asymmetric" stems from the use of different keys to perform
these opposite functions, each the inverse of the other – as contrasted with conventional ("symmetric")
cryptography which relies on the same key to perform both. Public-key algorithms are based on
mathematical problems which currently admit no efficient solution that are inherent in certain integer
factorization, discrete logarithm, and elliptic curve relationships. It is computationally easy for a user to
generate their own public and private key-pair and to use them for encryption and decryption. The
strength lies in the fact that it is "impossible" (computationally unfeasible) for a properly generated
private key to be determined from its corresponding public key. Thus the public key may be published
without compromising security, whereas the private key must not be revealed to anyone not authorized
to read messages or perform digital signatures. Public key algorithms, unlike symmetric key algorithms,
do not require a secure initial exchange of one (or more) secret keys between the parties.

http://en.wikipedia.org/wiki/Public-key_cryptography
Question 236
How does the digital envelop work? What are the correct steps to follow?
• You encrypt the data using the session key and then you encrypt the session key using the
receiver's public key
• You encrypt the data using the session key and then you encrypt the session key using sender's
public key
• You encrypt the data using the session key and then you encrypt the session key using the
receiver's private key
• You encrypt the data using a session key and then encrypt session key using private key of a
sender
Correct Answer is: You encrypt the data using the session key and then you encrypt the session key
Details:
The correct answer is: You encrypt the data using the session key and then you encrypt the session key
The process of encrypting bulk data using symmetric key cryptography and then encrypting the session
key using a public key algorithm is referred as a digital envelope.
A Digital Envelope is used to send encrypted information using symmetric crypto cipher and then key
session along with it. It is secure method to send electronic document without compromising the data
integrity, authentication and non-repudiation, which were obtained with the use of symmetric keys.
A Digital envelope mechanism works as follows:
1. The symmetric key used to encrypt the message can be referred to as session key. The bulk of
the message would take advantage of the high speed provided by Symmetric Cipher.
2. The session key must then be communicated to the receiver in a secure way to allow the
receiver to decrypt the message.
3. If the session key is sent to receiver in the plain text, it could be captured in clear text over the
network and anyone could access the session key which would lead to confidentiality being
compromised.
4. Therefore it is critical to encrypt the session key with the receiver public key before sending it to
the receiver. The receiver's will use their matching private key to decrypt the session key which then
allow them to decrypt the message using the session key.
The encrypted message and the encrypted session key are sent to the receiver who, in turn decrypts the
session key with the receiver's private key. The session key is then applied to the message ciphertext to
get the plain text.
You encrypt the data using a session key and then encrypt session key using private key of a sender - If
the session key is encrypted using sender's private key, it can be decrypted only using sender's public
key. The sender's public key is know to everyone so anyone can decrypt session key and message.
You encrypt the data using the session key and then you encrypt the session key using sender's public
key - If the session key is encrypted by using sender's public key then only sender can decrypt the
session key using his/her own private key and receiver will not be able to decrypt the same.
You encrypt the data using the session key and then you encrypt the session key using the receiver's
private key - Sender should not have access to receiver's private key. This is not a valid option.

Question 237
Which of the following is NOT a true statement about public key infrastructure (PKI)?
• The Registration authority (RA) acts as a verifier for Certificate Authority (CA)
• The Certificate authority role is to issue digital certificates to end users
Root certificate authority's certificate is always self signed
• The Registration authority role is to validate and issue of digital certificates to end users
Correct Answer is: The Registration authority role is to validate and issue of digital certificates to end
users
Details:
The correct answer is: The Registration authority role is to validate and issue digital certificates to end
users
The word NOT is the keyword used in the question. We need to find out the invalid statement from the
options.
A PKI (public key infrastructure) enables users of a basically unsecure public network such as the
Internet to securely and privately exchange data and money through the use of a public and a private
cryptographic key pair that is obtained and shared through a trusted authority.
The public key infrastructure provides for a digital certificate that can identify an individual or an
organization and directory services that can store and, when necessary, revoke the certificates. Although
the components of a PKI are generally understood, a number of different vendor approaches and
services are emerging. Meanwhile, an Internet standard for PKI is being worked on.
The public key infrastructure assumes the use of public key cryptography, which is the most common
method on the Internet for authenticating a message sender or encrypting a message. Traditional
cryptography has usually involved the creation and sharing of a secret key for the encryption and
decryption of messages. This secret or private key system has the significant flaw that if the key is
discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public
key cryptography and the public key infrastructure is the preferred approach on the Internet. (The
private key system is sometimes known as symmetric cryptography and the public key system as
asymmetric cryptography.)
A public key infrastructure consists of:
• A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the
public key or information about the public key
• A registration authority (RA) that acts as the verifier for the certificate authority before a digital
certificate is issued to a requester
• A Subscriber is the end user who wish to get digital certificate from certificate authority.
The following being correct were all incorrect answers:
The Certificate authority role is to issue digital certificates to end users - This is a valid statement as the
job of a certificate authority is to issue a digital certificate to end user.
The Registration authority (RA) acts as a verifier for Certificate Authority (CA) - This is a valid statement
as registration authority acts as a verifier for certificate authority
Root certificate authority's certificate is always self signed - This is a valid statement as the root
certificate authority's certificate is always self signed.
http://searchsecurity.techtarget.com/definition/PKI
Question 238
Which of the following functionality is NOT supported by SSL protocol?
• Integrity
• Authentication
• Availability
• Confidentiality
Correct Answer is: Availability
Details:
The correct answer is: Availability
The NOT is a keyword used in this question. You need to find out the functionality which is NOT
provided by SSL protocol. The SSL protocol provides:
• Confidentiality
• Integrity
• Authentication, e.g. between client and server
• Non-repudiation
For CISA exam you should know the information below about Secure Socket Layer (SSL) and Transport
Layer Security (TLS)
These are cryptographic protocols which provide secure communication on Internet. There are only
slight difference between SSL 3.0 and TLS 1.0. For general concept both are called SSL.
SSL is session-connection layer protocol widely used on Internet for communication between browser
and web servers, where any amount of data is securely transmitted while a session is established. SSL
provides end point authentication and communication privacy over the Internet using cryptography. In
typical use, only the server is authenticated while client remains unauthenticated. Mutual
authentication requires PKI development to clients. The protocol allows application to communicate in a
way designed to prevent eavesdropping, tampering and message forging.
• SSL involves a number of basic phases
• Peer negotiation for algorithm support
• Public-key, encryption based key exchange and certificate based authentication
• Symmetric cipher based traffic encryption.

SSL runs on a layer beneath application protocol such as HTTP, SMTP and Network News Transport
Protocol (NNTP) and above the TCP transport protocol, which forms part of TCP/IP suite.
SSL uses a hybrid hashed, private and public key cryptographic processes to secure transmission over
the INTERNET through a PKI.
The SSL handshake protocol is based on the application layer but provides for the security of the
communication session too. It negotiate the security parameter for each communication section.
Multiple session can belong to one SSL session and the participating in one session can take part in
multiple simultaneous sessions.
Confidentiality - It is supported by the SSL Protocol
Integrity - It is supported by the SSL Protocol
Authentication - It is supported by the SSL protocol
Question 239
Which of the following type of lock uses a numeric keypad or dial to gain entry?
• Biometric door lock
• Electronic door lock

• Cipher lock
• Bolting door locks
Correct Answer is: Cipher lock
Details:
The correct answer is: Cipher lock
The combination door lock or cipher lock uses a numeric key pad, push button, or dial to gain entry, it is
often seen at airport gate entry doors and smaller server rooms. The combination should be changed at
regular interval or whenever an employee with access is transferred, fired or subject to disciplinary
action. This reduces risk of the combination being known by unauthorized people.
A cipher lock, is controlled by a mechanical key pad, typically 5 to 10 digits that when pushed in the right
combination the lock will releases and allows entry. The drawback is someone looking over a shoulder
can see the combination. However, an electric version of the cipher lock is in production in which a
display screen will automatically move the numbers around, so if someone is trying to watch the
movement on the screen they will not be able to identify the number indicated unless they are standing
directly behind the victim.
Remember locking devices are only as good as the wall or door that they are mounted in and if the
frame of the door or the door itself can be easily destroyed then the lock will not be effective. A lock will
eventually be defeated and its primary purpose is to delay the attacker.
For your exam you should know below types of lock
• Bolting door lock – These locks required the traditional metal key to gain entry. The key should
be stamped “do not duplicate” and should be stored and issued under strict management control.
• Biometric door lock – An individual's unique physical attribute such as voice, retina, fingerprint,
hand geometry or signature, activate these locks. This system is used in instances when sensitive
facilities must be protected such as in the military.
• Electronic door lock – This system uses a magnetic or embedded chip based plastic card key or
token entered into a sensor reader to gain access. A special code internally stored in the card or token is
read by sensor device that then activates the door locking mechanism.

• Biometric door lock – An individual's unique body features such as voice, retina, fingerprint,,
hand geometry or signature, activate these locks. This system is used in instances when extremely
sensitive facilities must be protected such as in the military.
and
Question 240
Which of the following type of lock uses a magnetic or embedded chip based plastic card key or token
entered into a sensor/reader to gain access?
• Bolting door locks
• Biometric door lock
• Electronic door lock
• Combination door lock
Correct Answer is: Electronic door lock
Details:
The correct answer is: Electronic door lock
Electronic door lock uses a magnetic or embedded chip based plastic card key or token entered into a
sensor reader to gain access. A special code internally stored in the card or token is read by sensor
device that then activates the door locking mechanism.
For your exam you should know below types of lock
• The Combination door lock or cipher lock uses a numeric key pad or dial to gain entry, and is
• The Combination door lock or cipher lock uses a numeric key pad or dial to gain entry, and is
Question 241
ISO 9126 is a standard to assist in evaluating the quality of a product. Which of the following is defined
as a set of attributes that bear on the existence of a set of functions and their specified properties?
• Maintainability
• Functionality
• Usability
• Reliability
Correct Answer is: Functionality
Details:
The correct answer is: Functionality
Functionality - A set of attributes that bear on the existence of a set of functions and their specified
properties.
The functions are those that satisfy stated or implied needs.
Suitability
Accuracy
Interoperability
Security
Functionality Compliance
For your exam you should know below information below:
ISO/IEC 9126 Software engineering — Product quality was an international standard for the evaluation
of software quality. It has been replaced by ISO/IEC 25010:2011.[1] The fundamental objective of the
ISO/IEC 9126 standard is to address some of the well known human biases that can adversely affect the
delivery and perception of a software development project. These biases include changing priorities
after the start of a project or not having any clear definitions of "success." By clarifying, then agreeing on
the project priorities and subsequently converting abstract priorities (compliance) to measurable values
(output data can be validated against schema X with zero intervention), ISO/IEC 9126 tries to develop a
common understanding of the project's objectives and goals.
Image above from: http://www.cse.dcu.ie/essiscope/sm2/9126ref1.gif
The standard is divided into four parts:
1. Quality model
2. External metrics
3. Internal metrics
4. Quality in use metrics.
Quality Model
The quality model presented in the first part of the standard, ISO/IEC 9126-1,[2] classifies software
quality in a structured set of characteristics and sub-characteristics as follows:
Functionality - A set of attributes that bear on the existence of a set of functions and their specified
properties. The functions are those that satisfy stated or implied needs.
Suitability
Accuracy
Interoperability
Security
Functionality Compliance
Reliability - A set of attributes that bear on the capability of software to maintain its level of
performance under stated conditions for a stated period of time.
Maturity
Fault Tolerance
Recoverability
Reliability Compliance
Usability - A set of attributes that bear on the effort needed for use, and on the individual assessment of
such use, by a stated or implied set of users.
Understandability
Learnability
Operability
Attractiveness
Usability Compliance
Efficiency - A set of attributes that bear on the relationship between the level of performance of the
software and the amount of resources used, under stated conditions.
Time Behaviour
Resource Utilization
Efficiency Compliance
Maintainability - A set of attributes that bear on the effort needed to make specified modifications.
Analyzability
Changeability
Stability
Testability
Maintainability Compliance
Portability - A set of attributes that bear on the ability of software to be transferred from one
environment to another.
Adaptability
Installability
Co-Existence
Replaceability
Portability Compliance
Each quality sub-characteristic (e.g. adaptability) is further divided into attributes. An attribute is an
entity which can be verified or measured in the software product. Attributes are not defined in the
standard, as they vary between different software products.
Software product is defined in a broad sense: it encompasses executables, source code, architecture
descriptions, and so on. As a result, the notion of user extends to operators as well as to programmers,
which are users of components such as software libraries.
The standard provides a framework for organizations to define a quality model for a software product.
On doing so, however, it leaves up to each organization the task of specifying precisely its own model.
This may be done, for example, by specifying target values for quality metrics which evaluates the
degree of presence of quality attributes.
Internal Metrics
Internal metrics are those which do not rely on software execution (static measure)
External Metrics
External metrics are applicable to running software.
Quality in Use Metrics
Quality in use metrics are only available when the final product is used in real conditions.
Ideally, the internal quality determines the external quality and external quality determines quality in
use.
This standard stems from the GE model for describing software quality, presented in 1977 by McCall et
al., which is organized around three types of Quality Characteristics:
Factors (To specify): They describe the external view of the software, as viewed by the users.
Criteria (To build): They describe the internal view of the software, as seen by the developer.
Metrics (To control): They are defined and used to provide a scale and method for measurement.
ISO/IEC 9126 distinguishes between a defect and a nonconformity, a defect being The nonfulfilment of
intended usage requirements, whereas a nonconformity is The nonfulfilment of specified requirements.
A similar distinction is made between validation and verification, known as V&V in the testing trade.
• Reliability - A set of attributes that bear on the capability of software to maintain its level of
performance under stated conditions for a stated period of time.
• Usability - A set of attributes that bear on the effort needed for use, and on the individual
assessment of such use, by a stated or implied set of users.
• Maintainability - A set of attributes that bear on the effort needed to make specified
modifications.
Question 242
Which of the following is NOT a characteristic of hashing?
• Fixed length input results in a fixed length output.
• It cannot be un-hashed.
• Variable length input results in a fixed length output.
• It is collision resistant.
Correct Answer is: Fixed length input results in a fixed length output.
Details:
The correct answer is: Fixed length input results in a fixed length output.
A fixed length input that results in a fixed length output is more closely related to basic encryption,
which is susceptible to frequency attacks. With hashing algorithms, any length of input will always result
in the same length of message digest.
The question is asked in the negative, so the answer is seeking a characteristic that is NOT true of
Hashing.
Here is an extract from the Denim Group website where a great article on the subject of Hash
Characteristics is found:
NOTE: The article below is more detailed that what you need to know, do not worry too much about
the math behind it but do concentrate on the concepts illustrated.
Properties of Secure Hash Functions
By Erhan Kartaltepe
Recent discussions on NIST's secure hash function contest reminded me of the cryptography lectures I
gave at UTSA. One of the hardest concepts my students had grasping was in defining properties of a
secure cryptographic function, mostly because of the number theory, but also in realizing the
differences between three properties of a secure hash function: preimage resistance, collision
resistance, and second preimage resistance.
Primer on Secure Cryptographic Hash Function Properties
In dealing with cryptography, it helps to remember that a message to a cryptographic function is a

number. For example, "hi" in ASCII is represented as the bit string 00000110 00000111. Evaluated as a
16 bit number, "hi" is equal to 210 +29 + 22+21+20, or 26729. Thus, hash("hi") is better thought as
hash(26729). Also, in cryptography, "hard" is defined as it taking a reasonable adversary super
polynomial time to complete the task. In hash functions, the ideal case is, for a hash function with a
range of size 2k, it should take the adversary 2k/2 or 2k-1 attempts before he or she finds the solution.
Preimage Resistance:
A hash function is preimage resistant if, given a hash value h, it is hard to find any message m such that h
= hash(k, m), where k is the hash key.
This is the most usual property developers think of when they think of a cryptographic hash function.
Unlike an encryption, there should be no "dehash" function. A good preimage resistant function should
be "hard" to invert. An example of a hash function that is not preimage resistant is h = hash(k, m) = m
mod 2k, since it is very easy to invert the function, after guaranteeing that for any value of h, a message
of size m can be found (basically, every message of the form h + x 2k, where x is an integer.
Collision Resistance
A hash function is collision resistant if, given two messages m1 and m2, it is hard to find a hash h such
that h = hash(k, m1) = hash(k, m2), where k is the hash key.
What this says is that given complete control over picking any messages you want, it should be "hard" to
find two of them such that have the same hash value the same hash. An example of a hash function that
is not collision resistant is hash(k, m) = 4, since all hashes result in 4, making it 100% likely that two
messages will have the same hash. Since hash functions have an infinite domain space (that is, a hash
function should take any message of any size), but a finite range space (for example, the SHA-256
algorithm has a range space of 256 bits), a good collision resistant hash function should have each hash
value be about as evenly distributed as possible. For example, given a hash function with a range space
of 2128 and a message m, any number between 0 and 2128 - 1 should have the same chance (1 out of
2128) of being hash(k, m). One last sub-property would be there would be no "hints" given in the hash
function. Thus, even a change of one bit in the message should have large changes in the output (ideally,
about half the bits).
Second Preimage Resistance
A hash function is second preimage resistant if given a message m1, it is hard to find a different message
m2such that hash(k, m1) = hash(k, m2), where k is the hash key.
This is the toughest of the three for students in cryptography to get their head around. On the surface
this seems to be an easier version of collision resistance, because it seems that we have extra
information to use. We only need one more message rather than two. In actuality, this is actually the
birthday paradox in action. Second preimage resistance is a much harder standard for a hash function to
achieve than collision resistance.
Birthday Paradox
The birthday paradox basically asks two questions. "How many people does it take before the odds of
having two people with the same birthday are 50% or better?" and "How many people does it take
before the odds of having another person with the same birthday as you are 50% or better?" The first is
asking for two random people (think m1 and m2), while the second is asking for one given one already
(think m2 given m1).
How many randomly chosen people would it take before the odds that any two of them have the same
birthday is greater than 50%? This is a hard problem to solve, but it turns out it is very easy to solve its
opposite. For example, for a group of one person the odds that two of them do not have the same
birthday is 100%, but for a group of two, the odds are 1*(1 - 1/365), or roughly 99.8%. From this, we can
see that the odds of them sharing a birthday are 100% - 99.8%, or 0.2%. For three, the odds are 1 - (1*(1
- 1/365)* (1 - 2/365)), or 0.9%, and so on. This formula is 1 - product(1 - n/365, 1, n) After 23 people, the
odds go over 50%. This is collision resistance.
However, given a particular birthday (for example, March 4), the number of people needed to get better
than even odds is different. This is known as the "Same Birthday as You" question. The formula is more
straightforward, 1 - 364n/365. For two people, the odds are the same, but it drops off rather quickly. For
n=23, for example, the odds are only 6.1%, as opposed to 50.7%. It turns out that a group of roughly 253
people are necessary to have the same birthday, much larger than before. Figure 1 shows the graph of
the two problems. The solution to the "Same Birthday as You" question is exemplifies second preimage
resistance.
Figure 1. "Birthday Problem" (p) vs. "Same Birthday as You" (q) as the Population Increases(1)
Differences Between the Three Properties
The birthday paradox expresses succinctly the counterintuitive nature of second preimage resistance.
Although you are given both a hash function and one message and asked to find another, this is actually
a harder problem to solve than given just the hash function and finding two messages that satisfy these
properties.
Of course, then, it is possible for a collision resistant function to not be second preimage resistant, but
not vice versa. It is also possible for a preimage resistant function to not be second preimage resistant,
and vice versa.
This turns out to be easy to prove. Let's take a simple hash function H1: {0,1}8 → {0,1}8 | H1(m) = 0. This
says that a hash function H has a domain of one byte (a string of eight bits), a range of one byte, and
that H1 always returns 0. Thus, H1(0) = 0, H1(1) = 0,..., H1(255) = 0. This is clearly preimage resistant
because given the hash function H and its output, it is impossible to know what m is (since every m
hashes to zero). However, it is easy to find two values m1 and m2 that hash to the same value, since
again, they all hash to zero. This property means H1is not second-preimage resistant.
Taking the other extreme, let's take a hash function H2: {0,1}8 → {0,1}8 | H2(m) = m. Thus, H2(0) = 0,
H2(1) = 1,..., H2(255) = 255. This is certainly second-preimage resistant because given m1, it is
impossible to find m2 such that H2(m1) = H2(m2), because each input maps to a unique hash-there are
no collisions. However, it is easy to find an m given H2(m), since H2(m) = m. Thus, H2 is not preimage
resistant.
Conclusion
Of course, it's important to realize that hashes are "digests", and not "encryption". Encryption is a two-
way operation. That is, given a message m, an encryption algorithm enc and its corresponding
decryption algorithm dec, dec(enc(m)) = m. Hash functions are different-there is (ideally) no way to
"decrypt" a hashed message, per preimage resistance. Because of this, it is common to say that hash
functions are one-way operations.
Resources
http://en.wikipedia.org/wiki/Cryptographic_hash_function
Introduction to cryptographic hash functions.
http://www.csrc.nist.gov/groups/ST/hash/sha-3/index.html
The official NIST SHA-3 algorithm competition.
http://www.damninteresting.com/?p=402
A great article on the birthday paradox and its complexity.
Works Cited
1. Wikipedia. Birthday Problem. Wikipedia. [Online] 11 26, 2007. [Cited: 11 26, 2007.]
http://en.wikipedia.org/wiki/Birthday_problem.
A, B, D - These are all characteristics of hashing.
CCFP All-in-One exam book by Chuck Easttom - First edition - page 167
Question 243
Joe wants to communicate a secret message by hiding the message in a photograph. This technique is
known as:
• Stegphotograpy
• Polymorphism
• Rotography
• Steganography
Correct Answer is: Steganography
Details:
The correct answer is: Steganography
Rotography - this is a fabricated name.
Stegphotography is also a fabricated name.
Polymorphism is discussed in relation to software development, not data hiding
https://en.wikipedia.org/wiki/Steganography;
CISSP All-in-One exam book by Shon Harris;
CCFP All-in-One exam book by Chuck Easttom - First edition - page 170
Question contributed by: Bob Covello
Thanks to Jiri Gogela for providing feedback to improve this question.

Thanks to Tom Mead for providing feedback to improve this question.
TIP FROM BOB:
On all these exams, read each answer slowly. Answers with similar names are often used to trip up the
test-taker.
Question 244
Within which cloud service model would you find and control applications settings only?
• PaaS
• HaaS
• SaaS
• IaaS
Correct Answer is: SaaS
Details:
The correct answer is: SaaS or Software as a Service.
Software as a Service is where applications reside. Remember that raw data and volumes are at the
lowest level (IaaS) and files and Application Programming Interfaces (APIs) reside in the platform area
(PaaS).
Understanding the relationships and dependencies between cloud computing models is critical to
understanding cloud computing security risks.
IaaS is the foundation of all cloud services, with PaaS building upon IaaS, and SaaS in turn building upon
PaaS as described in the Cloud Reference Model diagram. In this way, just as capabilities are inherited,
so are information security issues and risk. It is important to note that commercial cloud providers may
not neatly fit into the layered service models.
Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider s
applications running on a cloud infrastructure. The applications are accessible from various client
devices through a thin client interface such as a web browser (e.g ., web-based email). The consumer
does not manage or control the underlying cloud infrastructure including network, servers, operating
systems, storage, or even individual application capabilities with the possible exception of limited user
specific application configuration settings.
NOTE: With SaaS you DO NOT control what applications are being installed but you still have access to
the configuration menus within the applications. This is what they mean by Control Applications
Settings.
IaaS Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision
processing, storage, networks, and other fundamental computing resources where the consumer is able
to deploy and run arbitrary software, which could include operating systems and applications. The
consumer does not manage or control the underlying cloud infrastructure but has control over
operating systems, storage, deployed applications, and possibly limited control of select networking
components (e.g., host firewalls).
PaaS Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the
cloud infrastructure consumer created or acquired applications created using programming languages
and tools supported by the provider. The consumer does not manage or control the underlying cloud
infrastructure including network, servers, operating systems, or storage, but has control over the
deployed applications and possibly application hosting environment configurations.
HaaS This one is only a bogus detractor and not related to Cloud Delivery models.
The Official ISC2 Guide to the CCSP Certification. Page 49-53

https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf Page 26
Systems Security Professional Official Study Guide, 7th Edition, (Kindle Location 9772). Wiley.
NIST SP 800-145 The NIST definition of Cloud Computing, Page 2 and 3
Question 245
Which cloud deployment model is best described as an infrastructure shared by organizations that have
similar mission, security requirements, concerns, and compliance considerations?
• Public
• Community
• Hybrid
• Private
Correct Answer is: Community
Details:
The correct answer is: Community
The cloud deployment model you choose also affects the breakdown of responsibilities of the cloud-
based assets. The cloud infrastructure is shared by several organizations and supports a specific
community that has shared concerns (e.g., mission, security requirements, policy, or compliance
considerations). It may be managed by the organizations or by a third party and may be located on
premise or off premise.
The three cloud models available are public, private, community, and hybrid (a mix of two of the three
cloud models used at the same time).
A community cloud deployment model provides cloud-based assets to two or more organizations.
Maintenance responsibilities are shared based on who is hosting the assets and the service models.
TIP:
You must be familiar with each of the cloud deployment model and who is managing it, who is the
owner, where is it located, and who has access. See graphic below from the Cloud Security Alliance
guide Version 3.0.
A public cloud model includes assets available for any consumers to rent or lease and is hosted by an
external CSP. Service level agreements can be effective at ensuring the CSP provides the cloud-based
services at a level acceptable to the organization. The cloud infrastructure is made available to the
general public or a large industry group and is owned by an organization selling cloud services.
The private cloud deployment model includes cloud-based assets for a single organization. Organizations
can create and host private clouds using their own resources. If so, the organization is responsible for all
maintenance. However, an organization can also rent resources from a third party and split maintenance
requirements based on the service model (SaaS, PaaS, or IaaS). The cloud infrastructure is operated
solely for a single organization. It may be managed by theorganization or by a third party and may be
located on premise or off premise.
Hybrid models include a combination of two or more clouds. Similar to a community cloud model,
maintenance responsibilities are shared based on who is hosting the assets and the service models in
use. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that
remain unique entities but are bound together by standardized or proprietary technology that enables
data and application portability (e.g., cloud bursting for load balancing between clouds).

Systems Security Professional Official Study Guide (Kindle Locations ). Wiley. Kindle Edition.
The Official ISC2 Guide to the CCSP Certification. Page 26
https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf Page 19 and Page 25
Systems Security Professional Official Study Guide, 7th Edition, (Kindle Location 17783-17792). Wiley.
NIST SP 800-145 The NIST definition of Cloud Computing, Page 3
Question 246
How is security best accomplished at the SaaS level?
• Through collaboration.
• Security must be provided by the cloud consumer.
• Security is provided through traditional firewalls.
• Security is negotiated as part of the Service Level Agreement.
Correct Answer is: Security is negotiated as part of the Service Level Agreement.
Details:
The correct answer is: Security is negotiated as part of the Service Level Agreement.
When working with an external service, be sure to review any SLA (service-level agreements) to ensure
security is a prescribed component of the contracted services. This could include customization of
service-level requirements for your specific needs.
Service levels, security, governance, compliance, and liability expectations of the service and provider
are contractually stipulated, managed to, and enforced, when a service level agreement (SLA s), is
offered to the consumer.
There are two types of SLA s, negotiable and non negotiable.
In the absence of an SLA, the consumer administers all aspects of the cloud under its control.
When a non negotiable SLA is offered, the provider administers those portions stipulated in the
agreement.
In the case of PaaS or IaaS, it is usually the responsibility of the consumer 's system administrators to
effectively manage the residual services specified in the SLA, with some offset expected by the provider
for securing the underlying platform and infrastructure components to ensure basic service availability
and security.
NIST Draft Publication SP 800-146 says:
A subscriber s terms of service for a cloud are determined by a legally binding agreement between the
two parties often contained in two parts: (1) a service agreement, and (2) a Service Level Agreement
(SLA). Generally, the service agreement is a legal document specifying the rules of the legal contract
between a subscriber and provider, and the SLA is a shorter document stating the technical performance
promises made by a provider including remedies for performance failures. For simplicity, this NIST
publication and most publications refers to the combination of these two documents as an SLA.
The self-service aspect of clouds implies that a subscriber either (1) accepts a provider s pricing and SLA,
or (2) finds a provider with more acceptable terms, potential subscribers anticipating heavy use of cloud
resources may be able to negotiate more favorable terms. For the typical subscriber, however, a cloud s
pricing policy and SLA are nonnegotiable.
Published SLAs between subscribers and providers can typically be terminated at any time by either
party, either for cause such as a subscriber s violation of a cloud s acceptable use policies, or for failure
of a subscriber to pay in a timely manner.
Further, an agreement can be terminated for no reason at all. Subscribers should analyze provider
termination and data retention policies.
Provider promises, including explicit statements regarding limitations, are codified in their SLAs. A
provider s SLA has three basic parts:
(1) a collection of promises made to subscribers,
(2) a collection of promises explicitly not made to subscribers, i.e., limitations, and
(3) a set of obligations that subscribers must accept.
Negotiated SLA
If the terms of the default SLA do not address all subscriber needs, the subscriber should discuss
modifications of the SLA with the provider prior to use.
TIP: It should be clear in all cases that one can assign/transfer responsibility but not necessarily
accountability.
Through collaboration. Collaboration is great but it is non-binding. Only a signed agreement would have
any legal binding.
Security is provided through traditional firewalls. There is nothing traditional with the cloud. It is a new
paradigm, you no longer control all aspects of the cloud deployment. Your vendor would need to be
involved.
Security must be provided by the cloud consumer.

NIST Draft Publication SP 800-146, Cloud Computing Synopsis and Recommendations, Page 3-1
Question 247
Which of the following is true of a private cloud?
• It must be external to an organization.
• It must be internal to an organization.
• It may be internal or external to an organization.
• It is always managed by a broker.
Correct Answer is: It may be internal or external to an organization.
Details:
The correct answer is: It may be internal or external to an organization.
The cloud infrastructure is operated solely for an organization. It may be managed by the organization
or a third party and may exist on premise or off premise.
The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple
consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third
party, or some combination of them, and it may exist on or off premises.
The private cloud deployment model includes cloud-based assets for a single organization. Organizations
can create and host private clouds using their own resources. If so, the organization is responsible for all
maintenance. However, an organization can also rent resources from a third party and split maintenance
requirements based on the service model (SaaS, PaaS, or IaaS).
The following answers are all incorrect:
Must be internal to an organization.
It must be external to an organization.
It is always managed by a broker.
NIST SP 800-145 The NIST definition of Cloud Computing, Page 3
Question 248
Which of the following is a valid combination that would be used within an hybrid cloud deployment
model?
• Public and Community.
• Public and Private.
• All of the other choices presented are valid choices.
• Private and Community.
Correct Answer is: All of the other choices presented are valid choices.
Details:
The correct answer is: All of the other choices presented are valid choices.
Remember that Hybrid clouds are combinations of any two or all three of the other cloud forms.
As odd as a Public/Private pairing sounds, it is important to remember that a public cloud indicates the
ownership of the cloud, not only the access to the service.
The cloud infrastructure is a composition of two or more clouds (private, community, or public) that
remain unique entities but are bound together by standardized or proprietary technology that enables
data and application portability (e.g., cloud bursting for load balancing between clouds).
This is a tricky question. When you have more than one answer that is valid it makes your life easy as a
test taker, it means it is not any of those answers. In such case you must look for the one that would
include the other ones. In this case the BEST choice is the answer that says all other choices are valid.
All of the other choices are incorrect because they are all valid hybrid cloud deployment models.
Private and Community.
Public and Community.

Public and Private.
The Official ISC2 Guide to the CCSP Certification. Page 25
Systems Security Professional Official Study Guide, 7th Edition, (Kindle Location 24368). Wiley.
NIST SP 800-145 The NIST definition of Cloud Computing, Page 2 and 3
Question 249
Which Cloud Service model is sometimes referred to as "On-demand software " allowing consumers to
use the provider's applications running on cloud infrastructure?
• IaaS
• PaaS
• CaaS
• SaaS
Correct Answer is: SaaS
Details:
The correct answer is: SaaS
Discussion: Also known as Software as a Service but sometimes referred to as "On-demand software ", it
allows consumers to use the provider's applications running on cloud infrastructure.
Software-as-a-Service (SaaS) is a derivative of PaaS. SaaS provides on-demand online access to specific
software applications or suites without the need for local installation. In many cases, there are few local
hardware and OS limitations. SaaS can be implemented as a subscription service (for example, Microsoft
Office 365), a pay-as-you-go service, or a free service (for example, Google Docs).
With SaaS, the consumer doesn't manage the cloud infrastructure like network devices, servers,
operating systems or storage and usually have little user-specific application configuration settings.
They simply use it as a platform to conduct generic business functions.
- IaaS: Infrastructure as a Service allows a customer to provision processing, storage, networks and other
resources. This model allows customers to run whatever software or operating systems they want
without regard to the underlying hardware.
- PaaS: Known as Platform as a Service, this is the delivery of a computing platform and solution stack as
a service allowing customers to ignore underlying cloud infrastructure but have control over deployed
applications. This isn't the same as IaaS so this isn't correct.
- CaaS: Cloud as a Service isn't actually a model of Cloud Service so this isn't correct.
Official (ISC)2 Guide to the CCFP CBK ((ISC)2 Press) (p. 258). CRC Press. Kindle Edition.
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, Kindle Locations
9775-9778.
Question 250
Which statement about a Security Assertion Markup Language (SAML) Token is NOT true?
• A SAML token is issued by the user's Identity Provider (IDP)
• SAML token is issued by the user's Service Provider
• A SAML token is signed with an SSL certificate so applications and organizations know to trust it
• A SAML Token is an XML structure that lists the claims about the user account.
Correct Answer is: SAML token is issued by the user's Service Provider
Details:
The correct answer is: SAML token is issued by the user 's SP
Security Assertion Markup Language (SAML 2.0) is by far the most commonly accepted standard used in
the industry today. According to Oasis, SAML 2.0 is an XML-based framework for communicating user
authentication, entitlement, and attribute information. As its name suggests, SAML allows business
entities to make assertions regarding the identity, attributes, and entitlements of a subject (an entity
that is often a human user) to other entities, such as a partner company or another enterprise
application.
SAML tokens carry statements that are sets of claims made by one entity about another entity. For
example, in federated security scenarios, the statements are made by a security token service about a
user in the system. The security token service signs the SAML token to indicate the veracity of the
statements contained in the token. In addition, the SAML token is associated with cryptographic key
material that the user of the SAML token proves knowledge of. This proof satisfies the relying party that
the SAML token was, in fact, issued to that user. For example, in a typical scenario:
1. A client requests a SAML token from a security token service, authenticating to that security
token service by using Windows credentials.
2. The security token service issues a SAML token to the client. The SAML token is signed with a
certificate associated with the security token service and contains a proof key encrypted for the target
service.
3. The client also receives a copy of the proof key. The client then presents the SAML token to the
application service (the relying party) and signs the message with that proof key.
4. The signature over the SAML token tells the relying party that the security token service issued
the token. The message signature created with the proof key tells the relying party that the token was
issued to the client.
SAML is an XML-based convention for the organization and exchange of communication authentication
and authorization details between security domains, often over web protocols. SAML is often used to
provide a web-based SSO (single sign-on) solution. If an attacker can falsify SAML communications or
steal a visitor s access token, they may be able to bypass authentication and gain unauthorized access to
a site.
A bit of Jargon:
An Identity Provider (IdP), also known as Identity Assertion Provider, is responsible for:
(a) providing identifiers for users looking to interact with a system,
(b) asserting to such a system that such an identifier presented by a user is known to the provider, and
(c) possibly providing other information about the user that is known to the provider.
This may be achieved via an authentication module which verifies a security token that can be accepted
as an alternative to repeatedly explicitly authenticating a user within a security realm. An example of
this could be where a website, application or service allows users to log in with the credentials from a
social networking service like Facebook or Twitter; these services will act as Identity providers. The social
networking service verifies that the user is an authorized user and returns information to the website -
e.g. username and email address (specific details might vary). This authentication system is called Social
login.
The following choices were all valid statements about SAML thus not the right answer as we were
looking for the choice that was NOT a valid statement about SAML.
A SAML Token is an XML structure that lists the claims about the user account.
A SAML token is issued by the user 's IDP
A SAML token is signed with an SSL certificate so applications and organizations know to trust it

Gordon, Adam. The Official (ISC)2 Guide to the CCSP CBK (Kindle Locations 5556-5560). Wiley. Kindle
Edition.
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide (Kindle Locations
9843-9846).
https://en.wikipedia.org/wiki/Identity_provider
http://owulff.blogspot.com/2012/02/saml-tokens-and-ws-trust-security-token.html?
_sm_au_=ikVHFrNKtn2SM0vJ
https://msdn.microsoft.com/en-us/library/ms733083(v=vs.110).aspx

Cccure 03. Security Architecture and Engineering Cissp Practice Test With Answer and Explanation

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cccure 03. Security Architecture and Engineering Cissp Practice Test With Answer and Explanation

Uploaded by

Copyright:

Available Formats

Question 1

 It is primarily concerned with confidentiality.

Correct Answer is: It is primarily concerned with confidentiality.

The correct answer is: It is primarily concerned with confidentiality

The transfer of information from a high-sensitivity paragraph to a lower-sensitivity document may

• Networks of systems. Later modeling work did address this topic.

The following answers are incorrect:

The following reference(s) were used to create this question:

Shon Harris, CISSP All In One (AIO), 6th Edition , pp 369-372.

Correct Answer is: A and B.

The correct answer is: A and B.

The following answers are incorrect:

The lowest class offering the least protection is D - Minimal protection.

The highest classification would be A1 offering the most secure environment.

The divisions and classes are:

C1 Discretionary Security Protection

C2 Controlled Access Protection

The following reference(s) was used to create this question:

In Level B3 it states that:

This would also be a requirement for Level A1.

The following answers are incorrect:

The following reference(s) were used for this question:

Which Orange Book evaluation level is described as "Verified Design"?

Correct Answer is: A1.

The correct answer is: A1.

Level A1 is described as Verified Design.

The following answers are incorrect:

B3. This is incorrect because level B3 is described as Security Domains.

B2. This is incorrect because level B2 is described as Structured Protection.

B1. This is incorrect because level B1 is described as Labeled Security.

Question contributed by: Sarang Chalikwar

Email or CCCure Nickname of question author:

Question reviewed by: Clement Dupuis

Question comments submitted by:

The divisions and classes are:

C1 Discretionary Security Protection

C2 Controlled Access Protection

AIOv3 Security Models and Architecture (pages 302 - 306)

The DES algorithm is an example of what type of cryptography?

Correct Answer is: Secret Key

The correct answer is: Secret Key.

DES is also known as a Symmetric Key or Secret Key algorithm.

For the exam remember that:

DES key Sequence is 8 Bytes or 64 bits (8 x 8 = 64 bits)

DES has a total key length of 64 Bits.

The following answers are incorrect:

The following reference(s) were used to create this question:

Which of the following encryption methods is known to be unbreakable?

• Elliptic Curve Cryptography.

Correct Answer is: One-time pads.

The correct answer is: One-time pads.

The following answers are incorrect:

The following reference(s) were used to create this question:

AIOv3 Cryptography (pages 599; 622; 638)

The RSA algorithm is an example of what type of cryptography?

Correct Answer is: Asymmetric Key.

The correct answer is: Asymmetric Key.

The following reference(s) were used to create this question:

OIG CBK Cryptography (pages 254 - 258)

AIOv3 Cryptography (pages 634 - 638)

Question contributed by: Sarang Chalikwar

Email or CCCure Nickname of question author:

Question reviewed by: Clement Dupuis

Question comments submitted by: