CISSP Domain 3 questions – Scenario Based

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. Question {1-4}

Question 1: If Alice wishes to send Bob an encrypted message, what key does she use to encrypt the message?
Bob’s public key
This is Correct. In an asymmetric cryptosystem, the sender of a message always encrypts the message using the recipient’s public key.
Bob’s private key
This is Incorrect.
Alice’s private key
This is Incorrect.
Alice’s public key
This is Incorrect.
Question 2: When Bob receives the encrypted message from Alice, what key does he use to decrypt the message?
Bob’s private key
This is Correct. When Bob receives the message, he uses his own private key to decrypt it. Since he is the only one with his private key, he is the only one who should be able to decrypt it, thus preserving confidentiality.
Bob’s public key
This is Incorrect.
Alice’s private key
This is Incorrect.
Alice’s public key
This is Incorrect.
Question 3: Which one of the following keys would Bob not possess in this scenario?
Alice’s private key
This is Correct.
Alice’s public key
This is Incorrect.
Bob’s private key
This is Incorrect.
Bob’s public key
This is Incorrect.
Question 4: Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature?
Alice’s private key
This is Correct. Alice creates the digital signature using her own private key. Then Bob, or any other user, can verify the digital signature using Alice’s public key.
Alice’s public key
This is Incorrect.
Bob’s private key
This is Incorrect.
Bob’s public key
This is Incorrect.
Question 5: Alison is examining a digital certificate presented to her by her bank’s website. Which one of the following requirements is not necessary for her to trust the digital certificate?
She knows that the server belongs to the bank.
This is Correct. The point of the digital certificate is to prove to Alison that the server belongs to the bank, so she does not need to have this trust in advance. To trust the certificate, she must verify the CA’s digital signature on the certificate, trust the CA, verify that the certificate is not listed on a CRL, and verify that the certificate contains the name of the bank.
She trusts the certificate authority.
This is Incorrect.
She verifies that the certificate is not listed on a CRL.
This is Incorrect.
She verifies the digital signature on the certificate.
This is Incorrect.
Question 6: During a system audit, Casey notices that the private key for her organization’s web server has been stored in a public Amazon S3 storage bucket for more than a year. What should she do?
Request a new certificate using a new key
This is Correct. The first thing Casey should do is notify her management, but after that, replacing the certificate and using proper key management practices with the new certificate’s key should be at the top of her list.
Notify all customers that their data may have been exposed
This is Incorrect.
Remove the key from the bucket
This is Incorrect.
Nothing, because the private key should be accessible for validation
This is Incorrect.
Question 7: Alex’s employer creates most of their work output as PDF files. Alex is concerned about limiting the audience for the PDF files to those individuals who have paid for them. What technology can he use to most effectively control the access to and distribution of these files?
DRM
This is Correct. Alex can use digital rights management technology to limit use of the PDFs to paying customers. While DRM is rarely a perfect solution, in this case, it may fit his organization’s needs. EDM is electronic dance music, which his customers may appreciate but which won’t solve the problem. Encryption and digital signatures can help to keep the files secure, and to prove who they came from but won’t solve the rights management issue Alex is tackling.
EDM
This is Incorrect.
Digital Signature
This is Incorrect.
Encryption
This is Incorrect.
Question 8: Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement?
RSA
This is Correct. Digital signatures are possible only when using an asymmetric encryption algorithm. Of the algorithms listed, only RSA is asymmetric and supports digital signature capabilities.
AES
This is Incorrect.
Blowfish
This is Incorrect.
DES
This is Incorrect.
Question 9: Raj is selecting an encryption algorithm for use in his organization and would like to be able to vary the strength of the encryption with the sensitivity of the information. Which one of the following algorithms allows the use of different key strengths?
Blowfish
This is Correct. Blowfish allows the user to select any key length between 32 and 448 bits.
Skipjack
This is Incorrect.
DES
This is Incorrect.
IDEA
This is Incorrect.
Question 10: Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which one of these technologies should she replace because it is no longer considered secure?
MD5
This is Correct. The MD5 hash algorithm has known collisions and, as of 2005, is no longer considered secure for use in modern environments.
3DES
This is Incorrect.
PGP
This is Incorrect.
WPA2
This is Incorrect.
Question 11: Gary intercepts a communication between two individuals and suspects that they are exchanging secret messages. The content of the communication appears to be the image shown here. What type of technique may the individuals use to hide messages inside this image?
Steganography
This is Correct. Steganography is the art of using cryptographic techniques to embed secret messages within other content. Some steganographic algorithms work by making alterations to the least significant bits of the many bits that make up image files.
Cryptographic hashing
This is Incorrect.
Transport layer security
This is Incorrect.
Visual cryptography
This is Incorrect.

CISSP Domain 3 questions – Cipher quiz

Question 1: How are a one-time pad and a stream cipher similar?
They both XOR bits for their encryption process.
This is Correct. The individual bits in the one-time pad are used to encrypt the individual bits of the message through the XOR function, and in a stream algorithm the individual bits created by the keystream generator are used to encrypt the bits of the message through XOR also.
They are both asymmetric algorithms
This is Incorrect.
They are both vulnerable to linear frequency cryptanalysis attacks
This is Incorrect.
They are both block ciphers
This is Incorrect.
Question 2: Which of the following is a requirement for a secure Vernam cipher?
The pad must be used just one time
This is Correct. A one-time pad is a perfect encryption scheme because it is considered unbreakable if implemented properly. One of these requirements is that the pad is used only one time. It was invented by Gilbert Vernam in 1917, thus sometimes referred to as the Vernam cipher.
A symmetric key must be encrypted with an asymmetric key
This is Incorrect.
The private key must be only known to the owner
This is Incorrect.
It needs to hide the existence of a message
This is Incorrect.
Question 3: What type of cryptosystem commonly makes use of a passage from a well-known book for the encryption key?
Running key cipher
This is Correct. Running key (or “book”) ciphers often use a passage from a commonly available book as the encryption key.
Vernam cipher
This is Incorrect.
Skipjack cipher
This is Incorrect.
Twofish cipher
This is Incorrect.
Question 4: Which one of the following terms accurately describes the Caesar cipher?
Shift Cipher
This is Correct. The Caesar cipher is a shift cipher that works on a stream of text and is also a substitution cipher. It is not a block cipher or a transposition cipher. It is extremely weak as a cryptographic algorithm.
Block Cipher
This is Incorrect.
Transposition Cipher
This is Incorrect.
Strong Cipher
This is Incorrect.
Question 5: Which type of cipher is the Caesar cipher?
Mono-alphabetic substitution
This is Correct. The Caesar cipher is a mono-alphabetic substitution cipher. The Vigenere substitution is a polyalphabetic substitution.
Polyalphabetic transposition
This is Incorrect.
Polyalphabetic substitution
This is Incorrect.
Mono-alphabetic transposition
This is Incorrect.
Question 6: What type of cipher relies on changing the location of characters within a message to achieve confidentiality?
Transposition cipher
This is Correct.
Block cipher
This is Incorrect.
Substitution cipher
This is Incorrect.
Stream cipher
This is Incorrect.
Question 7: Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message?
Block Cipher
This is Correct. Block ciphers operate on message “chunks” rather than on individual characters or bits. The other ciphers mentioned are all types of stream ciphers that operate on individual bits or characters of a message.
Stream Cipher
This is Incorrect.
Caesar Cipher
This is Incorrect.
ROT3 cipher
This is Incorrect.

CISSP Domain 3 questions – Asymmetric Encryption quiz

Question 1: Which of the following is a true difference between an asymmetric and symmetric algorithm?
Symmetric algorithms are faster because they use substitution and transposition
This is Correct. This is because symmetric algorithms carry out relative simplistic mathematical functions on the bits during the encryption and decryption processes. They substitute and scramble (transposition) bits, which is not overly difficult or intensive. The reason that it is hard to break this type of encryption is because they carry out this type of functionality over and over again. Asymmetric algorithms use much more complex mathematics to carry out their functions, which require more processing time, which is why they are slower than symmetric algorithms.
Asymmetric algorithms are slower because they use substitution and transposition
This is Incorrect.
Asymmetric algorithms are best implemented in hardware and symmetric in software
This is Incorrect.
Asymmetric algorithms are more vulnerable to frequency analysis attacks
This is Incorrect.
Question 2: Which one of the following encryption algorithms is now considered insecure?
Merkle-Hellman Knapsack
This is Correct. The Merkle-Hellman Knapsack algorithm, which relies on the difficulty of factoring super-increasing sets, has been broken by cryptanalysts.
Elliptic Curve Cryptography
This is Incorrect.
RSA
This is Incorrect.
El Gamal
This is Incorrect.
Question 3: Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If it wants to maintain the same cryptographic strength, what ECC key length should it use?
160 bits
This is Correct. The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that would be the same strength as encryption achieved with the RSA encryption algorithm. A 1,024-bit RSA key is cryptographically equivalent to a 160-bit elliptic curve cryptosystem key.
512 bits
This is Incorrect.
1024 bits
This is Incorrect.
20148 bits
This is Incorrect.
Question 4: If a 2,048-bit plaintext message were encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be?
4096 bits
This is Correct. The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any message it encrypts. Therefore, a 2,048-bit plain-text message would yield a 4,096-bit ciphertext message when El Gamal is used for the encryption process.
8192 bits
This is Incorrect.
2048 bits
This is Incorrect.
1024 bits
This is Incorrect.
Question 5: Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?
Diffie-Hellman
This is Correct. The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange protocol to support the encryption and decryption of messages.
RSA
This is Incorrect.
3DES
This is Incorrect.
IDEA
This is Incorrect.
Question 6: If we want to implement a type of encryption that uses discrete logarithms, which of these could we choose?
ECC
This is Correct. Computer scientists and mathematicians believe that it is extremely hard to find x, even if P and Q are already known. This difficult problem, known as the elliptic curve discrete logarithm problem, forms the basis of elliptic curve cryptography. It is widely believed that this problem is harder to solve than both the prime factorization problem that the RSA cryptosystem is based on and the standard discrete logarithm problem utilized by Diffie–Hellman and El Gamal. Refer to our post on Hash Functions
Twofish
This is Incorrect.
AES
This is Incorrect.
DES
This is Incorrect.
Question 7: We have 100 users all needing to communicate with each other. If we are using asymmetric encryption how many keys would we need?
200
This is Correct. Asymmetric encryption uses 2 keys per user, so we would need 200 keys.
300
This is Incorrect.
4950
This is Incorrect.
2000
This is Incorrect.
Question 8: Jack is looking at different types of encryption. Which of these is a type of asymmetric encryption?
RSA
This is Correct. RSA is asymmetric. 3DES, RC6 and Twofish are all symmetric forms of encryption.
DES
This is Incorrect.
3DES
This is Incorrect.
Twofish
This is Incorrect.
Question 9: What is your public key in asymmetric encryption?
Shared
This is Correct. Asymmetric Encryption uses 2 keys: a Public Key and a Private Key (Key Pair). Your Public Key is publicly available. Used by others to encrypt messages sent to you. Since the key is asymmetric, the ciphertext can’t be decrypted with your public Key. Your Private Key – You keep this safe. You use it to decrypt messages sent with your public key.
Secret
This is Incorrect.
Used by you to decrypt messages sent to you.
This is Incorrect.
used by someone else to decrypt messages from you.
This is Incorrect.
Question 10: A senior VP stops you in the cafeteria because you are one of those IT people. She asks you questions about Public Key Infrastructure (PKI). After you explain it at a high level, they ask for more detail. You could tell them PKI uses which of these?
All of these.
This is Correct. PKI (Public Key Infrastructure): Uses Asymmetric and Symmetric Encryption as well as Hashing to provide and manage digital certificates. To ensure PKI works well, we keep the private key secret.
Symmetric Key Algorithm
This is Incorrect.
Asymmetric Key Algorithm
This is Incorrect.
Hashing
This is Incorrect.
Question 11: When we have our private and public keys in key escrow, what does that mean?
Someone keeping a copy of our keys, often law enforcement.
This is Correct.
The server we keep our public and private keys on.
This is Incorrect.
The private key have on my system.
This is Incorrect.
The public key available to everyone.
This is Incorrect.

CISSP Domain 3 questions – Cryptanalytic quiz

Question : Which of the following tools can be used to improve the effectiveness of a brute-force password cracking attack?
Rainbow tables
This is Correct. Rainbow tables contain precomputed hash values for commonly used passwords and may be used to increase the efficiency of password cracking attacks.
Hierarchical screening
This is Incorrect.
TKIP
This is Incorrect.
None of the mentioned
This is Incorrect.
Question : What kind of attack makes the Caesar cipher virtually unusable?
Frequency Analysis
This is Correct. The Caesar cipher (and other simple substitution ciphers) are vulnerable to frequency analysis attacks that analyze the rate at which specific letters appear in the ciphertext.
Escrow attack
This is Incorrect.
Meet-in-the-middle attack
This is Incorrect.
Transposition attack
This is Incorrect.
Question : When an attacker is using a brute force attack to break a password, what are they doing?
Trying every possible key to, over time, break any encryption
This is Correct. Using the entire keyspace (every possible key); with enough time, any plaintext can be decrypted. Effective against all key-based ciphers except the one-time pad; it would eventually decrypt it, but it would also generate so many false positives that the data would be useless.
Looking at common letter frequency to guess the plaintext.
This is Incorrect.
Trying to recover the key without breaking the encryption.
This is Incorrect.
Looking at the hash values and comparing it to thousands or millions of pre-calculated hashes.
This is Incorrect.
Question : Which of these countermeasures would be effective against rainbow tables?
Salting
This is Correct. Random data that is used as an additional input to a one-way function that “hashes” a password or passphrase. The primary function of salts is to defend against dictionary attacks or a pre-compiled rainbow table attack. Rainbow Tables: Pre-made list of plaintext and matching ciphertext, often passwords and matching hashes. A table can contain millions of pairs.
Keeping hashes in Plain Text
This is Incorrect.
Key Stretching
This is Incorrect.
Limiting Login attempts.
This is Incorrect.
Question : When we are using frequency analysis, what are we looking at?
How often certain letters are used.
This is Correct. Frequency Analysis (analyzing the frequency of a certain character) – In English “E” is used 12.7% of the time. Given enough encrypted substitution text, you can break it just with that.
How often pairs of letters are used.
This is Incorrect.
How many messages are sent.
This is Incorrect.
How often messages are sent.
This is Incorrect.
Question : If an attacker is using a digraph attack, what is the attacker looking for? ​
How often pairs of letters are used.
This is Correct. Digraph attack: Similar to frequency analysis/attacks, but looks at common pairs of letters (TH, HE, IN, ER).
How often certain letters are used.
This is Incorrect.
How many messages are sent.
This is Incorrect.
How often messages are sent.
This is Incorrect.
Question : What name is given to the random value added to a password in an attempt to defeat rainbow table attacks?
Salt
This is Correct. The salt is a random value added to a password before it is hashed by the operating system. The salt is then stored in a password file with the hashed password. This increases the complexity of cryptanalytic attacks by negating the usefulness of attacks that use precomputed hash values, such as rainbow tables.
Hash
This is Incorrect.
Extender
This is Incorrect.
Rebar
This is Incorrect.
Question : Tom is a cryptanalyst and is working on breaking a cryptographic algorithm’s secret key. He has a copy of an intercepted message that is encrypted, and he also has a copy of the decrypted version of that message. He wants to use both the encrypted message and its decrypted plaintext to retrieve the secret key for use in decrypting other messages. What type of attack is Tom engaging in?
Known plaintext
This is Correct. In a known plaintext attack, the attacker has a copy of the encrypted message along with the plaintext message used to generate that ciphertext.
Chosen plaintext
This is Incorrect.
Chosen ciphertext
This is Incorrect.
Brute Force
This is Incorrect.
Question : Alan intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message?
Transposition cipher
This is Correct. This message was most likely encrypted with a transposition cipher. The use of a substitution cipher, a category that includes AES and 3DES, would change the frequency distribution so that it did not mirror that of the English language.
Substitution cipher
This is Incorrect.
AES
This is Incorrect.
3DES
This is Incorrect.
Question : The Double DES (2DES) encryption algorithm was never used as a viable alternative to the original DES algorithm. What attack is 2DES vulnerable to that does not exist for the DES or 3DES approach?
Meet in the middle
This is Correct. The meet-in-the-middle attack uses a known plaintext message and uses both encryption of the plaintext and decryption of the ciphertext simultaneously in a brute force manner to identify the encryption key in approximately double the time of a brute force attack against the basic DES algorithm.
Man in the middle
This is Incorrect.
Bruteforce
This is Incorrect.
Chosen Ciphertext
This is Incorrect.
Question : Which attack executed against a cryptographic algorithm uses all possible keys until a key is discovered that successfully decrypts the ciphertext?
Brute force
This is Correct. A brute-force attack executed against a cryptographic algorithm uses all possible keys until a key is discovered that successfully decrypts the ciphertext. A frequency analysis attack relies on the fact that substitution and transposition ciphers will result in repeated patterns in ciphertext. A reverse engineering attack occurs when an attacker purchases a particular cryptographic product to attempt to reverse engineer the product to discover confidential information about the cryptographic algorithm used. A ciphertext-only attack uses several encrypted messages (ciphertext) to figure out the key used in the encryption process.
Ciphertext-only attack
This is Incorrect.
Reverse engineering
This is Incorrect.
Frequency analysis
This is Incorrect.
Question : Countermeasures against brute force attacks on cryptographic keys include which of the following?
1. Change keys
2. Increase key length
3. Change protocol
4. Change algorithm
1 and 2
This is Correct. Changing cryptographic keys frequently and increasing the key length can fight against the brute force attacks on keys. Changing protocols and algorithms cannot fight against the brute force attacks because the changed protocols and algorithms could be subjected to the same attacks or different attacks.
2 and 3
This is Incorrect.
3 and 4
This is Incorrect.
1 and 3
This is Incorrect.

CISSP Domain 3 questions – Symmetric Encryption

Question : A symmetric algorithm must have certain characteristics to be considered strong. Which of the following is correct pertaining to these types of characteristics?
Confusion is carried out through substitution, and diffusion is carried out through transposition.
This is Correct. Confusion is commonly carried out through substitution and diffusion is carried out by using transposition. For a cipher to be considered strong it must contain both of these attributes, to ensure that reverse engineering is basically impossible. The randomness of the key values and the complexity of the mathematical functions dictate the level of confusion and diffusion that is involved.
Confusion is carried out through transposition, and diffusion is carried out through diffusion.
This is Incorrect.
Confusion and diffusion are both used to increase the work factor.
This is Incorrect.
The randomness of the cryptoperiod and functions in the algorithm correlate with the level of confusion and diffusion that is provided.
This is Incorrect.
Question : What is Kerckhoff’s principle and why is it relevant?
The only secret portion to a cryptosystem should be the key so that the algorithms can be stronger.
This is Correct. Auguste Kerckhoff published a paper in 1883 stating that the only secrecy involved with a cryptography system should be the key. He claimed that the algorithm should be publicly known. Cryptographers in the private and academic sectors agree with Kerckhoff’s principle, because making an algorithm publicly available means that many more people can view the source code, test it, and uncover any type of flaws or weaknesses.
More than one alphabet should be used in substitution ciphers to increase the workfactor.
This is Incorrect.
A public key needs to with an individual’s identity for true non- repudiation.
This is Incorrect.
One-time pads should be just as long as the message, otherwise patterns will be shown.
This is Incorrect.
Question : Which AES finalist makes use of prewhitening and postwhitening techniques?
Twofish
This is Correct. The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening.
Blowfish
This is Incorrect.
Skipjack
This is Incorrect.
Rijndael
This is Incorrect.
Question : What block size is used by the Advanced Encryption Standard?
128 bit
This is Correct. The Advanced Encryption Standard uses a 128-bit block size, even though the Rijndael algorithm it is based on allows a variable block size.
32 bit
This is Incorrect.
64 bit
This is Incorrect.
Variable
This is Incorrect.
Question : The NSA wanted to embed the clipper chip on all motherboards. Which encryption algorithm did the chip use?
Skipjack
This is Correct. The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured “voice and data messages” with a built-in backdoor. It used SkipJack, a block cipher.
RSA
This is Incorrect.
DSA
This is Incorrect.
3DES
This is Incorrect.
Question : Which is the MOST secure encryption type of these 4?
AES
This is Correct. DES, Blowfish and RC4 are no longer considered secure, AES is still considered secure.
RC4
This is Incorrect.
DES
This is Incorrect.
Blowfish
This is Incorrect.
Question : When we are talking about the Twofish encryption algorithm, which of these is TRUE?
It is a 128-bit block cipher with 128, 192 or 256 bit keys.
This is Correct.
It is a 64 bit block cipher with a 128-bit key.
This is Incorrect.
It is a 64 bit block cipher with a 112-bit key.
This is Incorrect.
It is a 64 bit block cipher, with 56-bit keys.
This is Incorrect.
Question : Depending on our implementation, we may choose to use asymmetric or symmetric encryption. Which of these are types of symmetric encryption? (Select all that apply).
DES
This is Correct.
Twofish
This is Correct.
AES
This is Correct.
DH
This is Incorrect.
ECC
This is Incorrect.
Question : Which of these would be a TRUE statement about symmetric encryption?
It is the strongest per bit.
This is Correct. Asymmetric vs Symmetric Encryption and Hybrid: Asymmetric Pros: It does not need a pre-shared key, only 2x users = total keys. Cons: It is much slower, it is weaker per bit. Symmetric: Pros: Much faster, stronger per bit. Cons: Needs a pre-shared key, n(n-1)/2 users, becomes unmanageable with many users.
It uses private and public keys to share a session key.
This is Incorrect.
It does not use a shared key.
This is Incorrect.
All of these.
This is Incorrect.
Question : We are talking about implementing new encryption in our organization. Which of these would be TRUE about IDEA?
It is a 64 bit block cipher with a 128 bit key.
This is Correct. IDEA (International Data Encryption Algorithm): Designed to replace DES. Symmetric, 128 bit key, 64 bit block size, considered safe. Not widely used now, since it is patented and slower than AES.
It is a 64 bit block cipher with a 112 bit key.
This is Incorrect.
It is a 128 bit block cipher with 128, 192 or 256 bit keys.
This is Incorrect.
It is a 64 bit block cipher, with 56 bit keys.
This is Incorrect.
Question : We are looking at implementing a new type of symmetric encryption. Which of these symmetric encryption types are no longer considered secure, and should be something we should NOT consider?
RC4
This is Correct. RC4: Used by WEP/WPA/SSL/TLS. Pseudorandom keystream. No longer considered secure. Symmetric, Stream cipher, 40-2048 bit key length.
3DES K1
This is Incorrect.
AES
This is Incorrect.
Twofish
This is Incorrect.
Question : DES is very easy to break today. To remedy the problems with DES, 3DES was developed. Which of these is TRUE about 3DES K1?
It is a 64-bit block cipher with a 112-bit key strength.
This is Correct. 3 DES (Triple DES): Was developed to extend life of DES systems while getting ready for AES. Symmetric – 64-bit block cipher – 56-bit key, 16 rounds of encryption, uses Fistel. 3 rounds of DES vs 1. K1 (keymode1) – 3 different keys with a key length of 168-bits (three 56-bit DES keys), but due to the meet-in-the-middle attack, the effective security it provides is only 112-bits.
It is a 64-bit block cipher, with 56 bit keys.
This is Incorrect.
It is a 64-bit block cipher with a 128-bit key strength.
This is Incorrect.
It is a 128-bit block cipher with 128, 192 or 256-bit keys.
This is Incorrect.
Question : How many keys would we have if we had 100 users using symmetric encryption?
4950
This is Correct. Symmetric: n(n-1)/2 users, with 100 users we would need 100(100-1)/2 or (100×99)/2 = 4950 keys.
200
This is Incorrect.
100
This is Incorrect.
2000
This is Incorrect.
Question : As technology progresses or flaws are found in the symmetric algorithms, we stop using that encryption. Which of these symmetric encryption types are no longer considered secure?
3DES K3
This is Correct. 3DES (Triple DES) K3 (keymode3) – Same key 3 times, just as insecure as DES (encrypt/decrypt/encrypt).
3DES K1
This is Incorrect.
AES
This is Incorrect.
Twofish
This is Incorrect.
Question : How many bits of keying material does the Data Encryption Standard use for encrypting information?
56 bit
This is Correct. DES uses a 64-bit encryption key, but only 56 of those bits are actually used as keying material in the encryption operation. The remaining 8 bits are used to detect tampering or corruption of the key.
64 bit
This is Incorrect.
128 bit
This is Incorrect.
256 bit
This is Incorrect.
Question : Florian and Tobias would like to begin communicating using a symmetric cryptosystem, but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key?
Diffie-Hellman
This is Correct. The Diffie-Hellman algorithm allows for the secure exchange of symmetric encryption keys over a public network.
RSA
This is Incorrect.
IDEA
This is Incorrect.
MD5
This is Incorrect.
Question : The Double DES (2DES) encryption algorithm was never used as a viable alternative to the original DES algorithm. What attack is 2DES vulnerable to that does not exist for the DES or 3DES approach?
Meet in the middle
This is Correct. The meet-in-the-middle attack uses a known plaintext message and uses both encryption of the plaintext and decryption of the ciphertext simultaneously in a brute force manner to identify the encryption key in approximately double the time of a brute force attack against the basic DES algorithm.
Man in the middle
This is Incorrect.
Bruteforce
This is Incorrect.
Chosen Ciphertext
This is Incorrect.
Question : Which 3DES implementation encrypts each block of data three times, each time with a different key?
3DES-EEE3
This is Correct. The 3DES-EEE3 implementation encrypts each block of data three times, each time with a different key. The 3DES-EDE3 implementation encrypts each block of data with the first key, decrypts each block with the second key, and encrypts each block with the third key. The 3DES-EDE2 implementation encrypts each block of data with the first key, decrypts each block with the second key, and then encrypts each block with the first key. The 3DES-EEE2 implementation encrypts each block of data with the first key, encrypts each block with the second key, and then encrypts each block with the third key.
3DES-EDE3
This is Incorrect.
3DES-EDE2
This is Incorrect.
3DES-EEE2
This is Incorrect.
Question : What block size is used by the 3DES encryption algorithm?
64 bit
This is Correct.
32 bit
This is Incorrect.
128 bit
This is Incorrect.
256 bits
This is Incorrect.
Question : Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won’t spoil results throughout the communication?
Output Feedback (OFB)
This is Correct. Output feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large amounts of data.
Cipher Feedback (CFB)
This is Incorrect.
Electronic Code Book (ECB)
This is Incorrect.
Cipher Block Chaining (CBC)
This is Incorrect.
Question : What cryptosystem provides the encryption/decryption technology for the commercial version of Phil Zimmerman’s Pretty Good Privacy secure email system?
IDEA
This is Correct. Pretty Good Privacy uses a “web of trust” system of digital signature verification. The encryption technology is based on the IDEA private key cryptosystem.
ROT13
This is Incorrect.
ECC
This is Incorrect.
El Gamal
This is Incorrect.

CISSP Domain 3 questions – Digital Signature

Question : What can we use digital signatures to provide? [Select all that apply]
Non-repudiation
This is Correct.
Integrity
This is Correct.
Confidentiality
This is Incorrect.
Availability
This is Incorrect.
Question : Bob is a security administrator with the federal government and wishes to choose a digital signature approach that is an approved part of the federal Digital Signature Standard under FIPS 186-4. Which one of the following encryption algorithms is not an acceptable choice for use in digital signatures?
HAVAL
This is Correct. The Digital Signature Standard approves three encryption algorithms for use in digital signatures: the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA) algorithm; and the Elliptic Curve DSA (ECDSA) algorithm. HAVAL is a hash function, not an encryption algorithm. While hash functions are used as part of the digital signature process, they do not provide encryption.
DSA
This is Incorrect.
RSA
This is Incorrect.
ECDSA
This is Incorrect.
Question : Jane is talking to a friend and is explaining what digital signatures do. Which of these could be something that she tells her friend is one of the MAIN reasons we use digital signatures?
Integrity
This is Correct. Digital Signatures: Provides Integrity and Non-Repudiation.
Confidentiality
This is Incorrect.
Authentication
This is Incorrect.
Availability
This is Incorrect.
Question : Which one of the following algorithms is not supported by the Digital Signature Standard?
El Gamal DSA
This is Correct. The Digital Signature Standard allows federal government use of the Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.
ECC DSA
This is Incorrect.
RSA
This is Incorrect.
Digital Signature Algorithm
This is Incorrect.