CISSP Domain 3 questions – Symmetric Encryption

Question : A symmetric algorithm must have certain characteristics to be considered strong. Which of the following is correct pertaining to these types of characteristics?
Confusion is carried out through substitution, and diffusion is carried out through transposition.
This is Correct. Confusion is commonly carried out through substitution and diffusion is carried out by using transposition. For a cipher to be considered strong it must contain both of these attributes, to ensure that reverse engineering is basically impossible. The randomness of the key values and the complexity of the mathematical functions dictate the level of confusion and diffusion that is involved.
Confusion is carried out through transposition, and diffusion is carried out through diffusion.
This is Incorrect.
Confusion and diffusion are both used to increase the work factor.
This is Incorrect.
The randomness of the cryptoperiod and functions in the algorithm correlate with the level of confusion and diffusion that is provided.
This is Incorrect.
Question : What is Kerckhoff’s principle and why is it relevant?
The only secret portion to a cryptosystem should be the key so that the algorithms can be stronger.
This is Correct. Auguste Kerckhoff published a paper in 1883 stating that the only secrecy involved with a cryptography system should be the key. He claimed that the algorithm should be publicly known. Cryptographers in the private and academic sectors agree with Kerckhoff’s principle, because making an algorithm publicly available means that many more people can view the source code, test it, and uncover any type of flaws or weaknesses.
More than one alphabet should be used in substitution ciphers to increase the workfactor.
This is Incorrect.
A public key needs to with an individual’s identity for true non- repudiation.
This is Incorrect.
One-time pads should be just as long as the message, otherwise patterns will be shown.
This is Incorrect.
Question : Which AES finalist makes use of prewhitening and postwhitening techniques?
Twofish
This is Correct. The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening.
Blowfish
This is Incorrect.
Skipjack
This is Incorrect.
Rijndael
This is Incorrect.
Question : What block size is used by the Advanced Encryption Standard?
128 bit
This is Correct. The Advanced Encryption Standard uses a 128-bit block size, even though the Rijndael algorithm it is based on allows a variable block size.
32 bit
This is Incorrect.
64 bit
This is Incorrect.
Variable
This is Incorrect.
Question : The NSA wanted to embed the clipper chip on all motherboards. Which encryption algorithm did the chip use?
Skipjack
This is Correct. The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured “voice and data messages” with a built-in backdoor. It used SkipJack, a block cipher.
RSA
This is Incorrect.
DSA
This is Incorrect.
3DES
This is Incorrect.
Question : Which is the MOST secure encryption type of these 4?
AES
This is Correct. DES, Blowfish and RC4 are no longer considered secure, AES is still considered secure.
RC4
This is Incorrect.
DES
This is Incorrect.
Blowfish
This is Incorrect.
Question : When we are talking about the Twofish encryption algorithm, which of these is TRUE?
It is a 128-bit block cipher with 128, 192 or 256 bit keys.
This is Correct.
It is a 64 bit block cipher with a 128-bit key.
This is Incorrect.
It is a 64 bit block cipher with a 112-bit key.
This is Incorrect.
It is a 64 bit block cipher, with 56-bit keys.
This is Incorrect.
Question : Depending on our implementation, we may choose to use asymmetric or symmetric encryption. Which of these are types of symmetric encryption? (Select all that apply).
DES
This is Correct.
Twofish
This is Correct.
AES
This is Correct.
DH
This is Incorrect.
ECC
This is Incorrect.
Question : Which of these would be a TRUE statement about symmetric encryption?
It is the strongest per bit.
This is Correct. Asymmetric vs Symmetric Encryption and Hybrid: Asymmetric Pros: It does not need a pre-shared key, only 2x users = total keys. Cons: It is much slower, it is weaker per bit. Symmetric: Pros: Much faster, stronger per bit. Cons: Needs a pre-shared key, n(n-1)/2 users, becomes unmanageable with many users.
It uses private and public keys to share a session key.
This is Incorrect.
It does not use a shared key.
This is Incorrect.
All of these.
This is Incorrect.
Question : We are talking about implementing new encryption in our organization. Which of these would be TRUE about IDEA?
It is a 64 bit block cipher with a 128 bit key.
This is Correct. IDEA (International Data Encryption Algorithm): Designed to replace DES. Symmetric, 128 bit key, 64 bit block size, considered safe. Not widely used now, since it is patented and slower than AES.
It is a 64 bit block cipher with a 112 bit key.
This is Incorrect.
It is a 128 bit block cipher with 128, 192 or 256 bit keys.
This is Incorrect.
It is a 64 bit block cipher, with 56 bit keys.
This is Incorrect.
Question : We are looking at implementing a new type of symmetric encryption. Which of these symmetric encryption types are no longer considered secure, and should be something we should NOT consider?
RC4
This is Correct. RC4: Used by WEP/WPA/SSL/TLS. Pseudorandom keystream. No longer considered secure. Symmetric, Stream cipher, 40-2048 bit key length.
3DES K1
This is Incorrect.
AES
This is Incorrect.
Twofish
This is Incorrect.
Question : DES is very easy to break today. To remedy the problems with DES, 3DES was developed. Which of these is TRUE about 3DES K1?
It is a 64-bit block cipher with a 112-bit key strength.
This is Correct. 3 DES (Triple DES): Was developed to extend life of DES systems while getting ready for AES. Symmetric – 64-bit block cipher – 56-bit key, 16 rounds of encryption, uses Fistel. 3 rounds of DES vs 1. K1 (keymode1) – 3 different keys with a key length of 168-bits (three 56-bit DES keys), but due to the meet-in-the-middle attack, the effective security it provides is only 112-bits.
It is a 64-bit block cipher, with 56 bit keys.
This is Incorrect.
It is a 64-bit block cipher with a 128-bit key strength.
This is Incorrect.
It is a 128-bit block cipher with 128, 192 or 256-bit keys.
This is Incorrect.
Question : How many keys would we have if we had 100 users using symmetric encryption?
4950
This is Correct. Symmetric: n(n-1)/2 users, with 100 users we would need 100(100-1)/2 or (100×99)/2 = 4950 keys.
200
This is Incorrect.
100
This is Incorrect.
2000
This is Incorrect.
Question : As technology progresses or flaws are found in the symmetric algorithms, we stop using that encryption. Which of these symmetric encryption types are no longer considered secure?
3DES K3
This is Correct. 3DES (Triple DES) K3 (keymode3) – Same key 3 times, just as insecure as DES (encrypt/decrypt/encrypt).
3DES K1
This is Incorrect.
AES
This is Incorrect.
Twofish
This is Incorrect.
Question : How many bits of keying material does the Data Encryption Standard use for encrypting information?
56 bit
This is Correct. DES uses a 64-bit encryption key, but only 56 of those bits are actually used as keying material in the encryption operation. The remaining 8 bits are used to detect tampering or corruption of the key.
64 bit
This is Incorrect.
128 bit
This is Incorrect.
256 bit
This is Incorrect.
Question : Florian and Tobias would like to begin communicating using a symmetric cryptosystem, but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key?
Diffie-Hellman
This is Correct. The Diffie-Hellman algorithm allows for the secure exchange of symmetric encryption keys over a public network.
RSA
This is Incorrect.
IDEA
This is Incorrect.
MD5
This is Incorrect.
Question : The Double DES (2DES) encryption algorithm was never used as a viable alternative to the original DES algorithm. What attack is 2DES vulnerable to that does not exist for the DES or 3DES approach?
Meet in the middle
This is Correct. The meet-in-the-middle attack uses a known plaintext message and uses both encryption of the plaintext and decryption of the ciphertext simultaneously in a brute force manner to identify the encryption key in approximately double the time of a brute force attack against the basic DES algorithm.
Man in the middle
This is Incorrect.
Bruteforce
This is Incorrect.
Chosen Ciphertext
This is Incorrect.
Question : Which 3DES implementation encrypts each block of data three times, each time with a different key?
3DES-EEE3
This is Correct. The 3DES-EEE3 implementation encrypts each block of data three times, each time with a different key. The 3DES-EDE3 implementation encrypts each block of data with the first key, decrypts each block with the second key, and encrypts each block with the third key. The 3DES-EDE2 implementation encrypts each block of data with the first key, decrypts each block with the second key, and then encrypts each block with the first key. The 3DES-EEE2 implementation encrypts each block of data with the first key, encrypts each block with the second key, and then encrypts each block with the third key.
3DES-EDE3
This is Incorrect.
3DES-EDE2
This is Incorrect.
3DES-EEE2
This is Incorrect.
Question : What block size is used by the 3DES encryption algorithm?
64 bit
This is Correct.
32 bit
This is Incorrect.
128 bit
This is Incorrect.
256 bits
This is Incorrect.
Question : Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won’t spoil results throughout the communication?
Output Feedback (OFB)
This is Correct. Output feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large amounts of data.
Cipher Feedback (CFB)
This is Incorrect.
Electronic Code Book (ECB)
This is Incorrect.
Cipher Block Chaining (CBC)
This is Incorrect.
Question : What cryptosystem provides the encryption/decryption technology for the commercial version of Phil Zimmerman’s Pretty Good Privacy secure email system?
IDEA
This is Correct. Pretty Good Privacy uses a “web of trust” system of digital signature verification. The encryption technology is based on the IDEA private key cryptosystem.
ROT13
This is Incorrect.
ECC
This is Incorrect.
El Gamal
This is Incorrect.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.