CISSP Domain 3 questions – Cipher quiz

Question 1: How are a one-time pad and a stream cipher similar?
They both XOR bits for their encryption process.
This is Correct. The individual bits in the one-time pad are used to encrypt the individual bits of the message through the XOR function, and in a stream algorithm the individual bits created by the keystream generator are used to encrypt the bits of the message through XOR also.
They are both asymmetric algorithms
This is Incorrect.
They are both vulnerable to linear frequency cryptanalysis attacks
This is Incorrect.
They are both block ciphers
This is Incorrect.
Question 2: Which of the following is a requirement for a secure Vernam cipher?
The pad must be used just one time
This is Correct. A one-time pad is a perfect encryption scheme because it is considered unbreakable if implemented properly. One of these requirements is that the pad is used only one time. It was invented by Gilbert Vernam in 1917, thus sometimes referred to as the Vernam cipher.
A symmetric key must be encrypted with an asymmetric key
This is Incorrect.
The private key must be only known to the owner
This is Incorrect.
It needs to hide the existence of a message
This is Incorrect.
Question 3: What type of cryptosystem commonly makes use of a passage from a well-known book for the encryption key?
Running key cipher
This is Correct. Running key (or “book”) ciphers often use a passage from a commonly available book as the encryption key.
Vernam cipher
This is Incorrect.
Skipjack cipher
This is Incorrect.
Twofish cipher
This is Incorrect.
Question 4: Which one of the following terms accurately describes the Caesar cipher?
Shift Cipher
This is Correct. The Caesar cipher is a shift cipher that works on a stream of text and is also a substitution cipher. It is not a block cipher or a transposition cipher. It is extremely weak as a cryptographic algorithm.
Block Cipher
This is Incorrect.
Transposition Cipher
This is Incorrect.
Strong Cipher
This is Incorrect.
Question 5: Which type of cipher is the Caesar cipher?
Mono-alphabetic substitution
This is Correct. The Caesar cipher is a mono-alphabetic substitution cipher. The Vigenere substitution is a polyalphabetic substitution.
Polyalphabetic transposition
This is Incorrect.
Polyalphabetic substitution
This is Incorrect.
Mono-alphabetic transposition
This is Incorrect.
Question 6: What type of cipher relies on changing the location of characters within a message to achieve confidentiality?
Transposition cipher
This is Correct.
Block cipher
This is Incorrect.
Substitution cipher
This is Incorrect.
Stream cipher
This is Incorrect.
Question 7: Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message?
Block Cipher
This is Correct. Block ciphers operate on message “chunks” rather than on individual characters or bits. The other ciphers mentioned are all types of stream ciphers that operate on individual bits or characters of a message.
Stream Cipher
This is Incorrect.
Caesar Cipher
This is Incorrect.
ROT3 cipher
This is Incorrect.

CISSP Domain 3 questions – Asymmetric Encryption quiz

Question 1: Which of the following is a true difference between an asymmetric and symmetric algorithm?
Symmetric algorithms are faster because they use substitution and transposition
This is Correct. This is because symmetric algorithms carry out relative simplistic mathematical functions on the bits during the encryption and decryption processes. They substitute and scramble (transposition) bits, which is not overly difficult or intensive. The reason that it is hard to break this type of encryption is because they carry out this type of functionality over and over again. Asymmetric algorithms use much more complex mathematics to carry out their functions, which require more processing time, which is why they are slower than symmetric algorithms.
Asymmetric algorithms are slower because they use substitution and transposition
This is Incorrect.
Asymmetric algorithms are best implemented in hardware and symmetric in software
This is Incorrect.
Asymmetric algorithms are more vulnerable to frequency analysis attacks
This is Incorrect.
Question 2: Which one of the following encryption algorithms is now considered insecure?
Merkle-Hellman Knapsack
This is Correct. The Merkle-Hellman Knapsack algorithm, which relies on the difficulty of factoring super-increasing sets, has been broken by cryptanalysts.
Elliptic Curve Cryptography
This is Incorrect.
RSA
This is Incorrect.
El Gamal
This is Incorrect.
Question 3: Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If it wants to maintain the same cryptographic strength, what ECC key length should it use?
160 bits
This is Correct. The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that would be the same strength as encryption achieved with the RSA encryption algorithm. A 1,024-bit RSA key is cryptographically equivalent to a 160-bit elliptic curve cryptosystem key.
512 bits
This is Incorrect.
1024 bits
This is Incorrect.
20148 bits
This is Incorrect.
Question 4: If a 2,048-bit plaintext message were encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be?
4096 bits
This is Correct. The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any message it encrypts. Therefore, a 2,048-bit plain-text message would yield a 4,096-bit ciphertext message when El Gamal is used for the encryption process.
8192 bits
This is Incorrect.
2048 bits
This is Incorrect.
1024 bits
This is Incorrect.
Question 5: Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?
Diffie-Hellman
This is Correct. The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange protocol to support the encryption and decryption of messages.
RSA
This is Incorrect.
3DES
This is Incorrect.
IDEA
This is Incorrect.
Question 6: If we want to implement a type of encryption that uses discrete logarithms, which of these could we choose?
ECC
This is Correct. Computer scientists and mathematicians believe that it is extremely hard to find x, even if P and Q are already known. This difficult problem, known as the elliptic curve discrete logarithm problem, forms the basis of elliptic curve cryptography. It is widely believed that this problem is harder to solve than both the prime factorization problem that the RSA cryptosystem is based on and the standard discrete logarithm problem utilized by Diffie–Hellman and El Gamal. Refer to our post on Hash Functions
Twofish
This is Incorrect.
AES
This is Incorrect.
DES
This is Incorrect.
Question 7: We have 100 users all needing to communicate with each other. If we are using asymmetric encryption how many keys would we need?
200
This is Correct. Asymmetric encryption uses 2 keys per user, so we would need 200 keys.
300
This is Incorrect.
4950
This is Incorrect.
2000
This is Incorrect.
Question 8: Jack is looking at different types of encryption. Which of these is a type of asymmetric encryption?
RSA
This is Correct. RSA is asymmetric. 3DES, RC6 and Twofish are all symmetric forms of encryption.
DES
This is Incorrect.
3DES
This is Incorrect.
Twofish
This is Incorrect.
Question 9: What is your public key in asymmetric encryption?
Shared
This is Correct. Asymmetric Encryption uses 2 keys: a Public Key and a Private Key (Key Pair). Your Public Key is publicly available. Used by others to encrypt messages sent to you. Since the key is asymmetric, the ciphertext can’t be decrypted with your public Key. Your Private Key – You keep this safe. You use it to decrypt messages sent with your public key.
Secret
This is Incorrect.
Used by you to decrypt messages sent to you.
This is Incorrect.
used by someone else to decrypt messages from you.
This is Incorrect.
Question 10: A senior VP stops you in the cafeteria because you are one of those IT people. She asks you questions about Public Key Infrastructure (PKI). After you explain it at a high level, they ask for more detail. You could tell them PKI uses which of these?
All of these.
This is Correct. PKI (Public Key Infrastructure): Uses Asymmetric and Symmetric Encryption as well as Hashing to provide and manage digital certificates. To ensure PKI works well, we keep the private key secret.
Symmetric Key Algorithm
This is Incorrect.
Asymmetric Key Algorithm
This is Incorrect.
Hashing
This is Incorrect.
Question 11: When we have our private and public keys in key escrow, what does that mean?
Someone keeping a copy of our keys, often law enforcement.
This is Correct.
The server we keep our public and private keys on.
This is Incorrect.
The private key have on my system.
This is Incorrect.
The public key available to everyone.
This is Incorrect.

CISSP Domain 3 questions – Cryptanalytic quiz

Question : Which of the following tools can be used to improve the effectiveness of a brute-force password cracking attack?
Rainbow tables
This is Correct. Rainbow tables contain precomputed hash values for commonly used passwords and may be used to increase the efficiency of password cracking attacks.
Hierarchical screening
This is Incorrect.
TKIP
This is Incorrect.
None of the mentioned
This is Incorrect.
Question : What kind of attack makes the Caesar cipher virtually unusable?
Frequency Analysis
This is Correct. The Caesar cipher (and other simple substitution ciphers) are vulnerable to frequency analysis attacks that analyze the rate at which specific letters appear in the ciphertext.
Escrow attack
This is Incorrect.
Meet-in-the-middle attack
This is Incorrect.
Transposition attack
This is Incorrect.
Question : When an attacker is using a brute force attack to break a password, what are they doing?
Trying every possible key to, over time, break any encryption
This is Correct. Using the entire keyspace (every possible key); with enough time, any plaintext can be decrypted. Effective against all key-based ciphers except the one-time pad; it would eventually decrypt it, but it would also generate so many false positives that the data would be useless.
Looking at common letter frequency to guess the plaintext.
This is Incorrect.
Trying to recover the key without breaking the encryption.
This is Incorrect.
Looking at the hash values and comparing it to thousands or millions of pre-calculated hashes.
This is Incorrect.
Question : Which of these countermeasures would be effective against rainbow tables?
Salting
This is Correct. Random data that is used as an additional input to a one-way function that “hashes” a password or passphrase. The primary function of salts is to defend against dictionary attacks or a pre-compiled rainbow table attack. Rainbow Tables: Pre-made list of plaintext and matching ciphertext, often passwords and matching hashes. A table can contain millions of pairs.
Keeping hashes in Plain Text
This is Incorrect.
Key Stretching
This is Incorrect.
Limiting Login attempts.
This is Incorrect.
Question : When we are using frequency analysis, what are we looking at?
How often certain letters are used.
This is Correct. Frequency Analysis (analyzing the frequency of a certain character) – In English “E” is used 12.7% of the time. Given enough encrypted substitution text, you can break it just with that.
How often pairs of letters are used.
This is Incorrect.
How many messages are sent.
This is Incorrect.
How often messages are sent.
This is Incorrect.
Question : If an attacker is using a digraph attack, what is the attacker looking for? ​
How often pairs of letters are used.
This is Correct. Digraph attack: Similar to frequency analysis/attacks, but looks at common pairs of letters (TH, HE, IN, ER).
How often certain letters are used.
This is Incorrect.
How many messages are sent.
This is Incorrect.
How often messages are sent.
This is Incorrect.
Question : What name is given to the random value added to a password in an attempt to defeat rainbow table attacks?
Salt
This is Correct. The salt is a random value added to a password before it is hashed by the operating system. The salt is then stored in a password file with the hashed password. This increases the complexity of cryptanalytic attacks by negating the usefulness of attacks that use precomputed hash values, such as rainbow tables.
Hash
This is Incorrect.
Extender
This is Incorrect.
Rebar
This is Incorrect.
Question : Tom is a cryptanalyst and is working on breaking a cryptographic algorithm’s secret key. He has a copy of an intercepted message that is encrypted, and he also has a copy of the decrypted version of that message. He wants to use both the encrypted message and its decrypted plaintext to retrieve the secret key for use in decrypting other messages. What type of attack is Tom engaging in?
Known plaintext
This is Correct. In a known plaintext attack, the attacker has a copy of the encrypted message along with the plaintext message used to generate that ciphertext.
Chosen plaintext
This is Incorrect.
Chosen ciphertext
This is Incorrect.
Brute Force
This is Incorrect.
Question : Alan intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message?
Transposition cipher
This is Correct. This message was most likely encrypted with a transposition cipher. The use of a substitution cipher, a category that includes AES and 3DES, would change the frequency distribution so that it did not mirror that of the English language.
Substitution cipher
This is Incorrect.
AES
This is Incorrect.
3DES
This is Incorrect.
Question : The Double DES (2DES) encryption algorithm was never used as a viable alternative to the original DES algorithm. What attack is 2DES vulnerable to that does not exist for the DES or 3DES approach?
Meet in the middle
This is Correct. The meet-in-the-middle attack uses a known plaintext message and uses both encryption of the plaintext and decryption of the ciphertext simultaneously in a brute force manner to identify the encryption key in approximately double the time of a brute force attack against the basic DES algorithm.
Man in the middle
This is Incorrect.
Bruteforce
This is Incorrect.
Chosen Ciphertext
This is Incorrect.
Question : Which attack executed against a cryptographic algorithm uses all possible keys until a key is discovered that successfully decrypts the ciphertext?
Brute force
This is Correct. A brute-force attack executed against a cryptographic algorithm uses all possible keys until a key is discovered that successfully decrypts the ciphertext. A frequency analysis attack relies on the fact that substitution and transposition ciphers will result in repeated patterns in ciphertext. A reverse engineering attack occurs when an attacker purchases a particular cryptographic product to attempt to reverse engineer the product to discover confidential information about the cryptographic algorithm used. A ciphertext-only attack uses several encrypted messages (ciphertext) to figure out the key used in the encryption process.
Ciphertext-only attack
This is Incorrect.
Reverse engineering
This is Incorrect.
Frequency analysis
This is Incorrect.
Question : Countermeasures against brute force attacks on cryptographic keys include which of the following?
1. Change keys
2. Increase key length
3. Change protocol
4. Change algorithm
1 and 2
This is Correct. Changing cryptographic keys frequently and increasing the key length can fight against the brute force attacks on keys. Changing protocols and algorithms cannot fight against the brute force attacks because the changed protocols and algorithms could be subjected to the same attacks or different attacks.
2 and 3
This is Incorrect.
3 and 4
This is Incorrect.
1 and 3
This is Incorrect.

CISSP Domain 3 questions – Symmetric Encryption

Question : A symmetric algorithm must have certain characteristics to be considered strong. Which of the following is correct pertaining to these types of characteristics?
Confusion is carried out through substitution, and diffusion is carried out through transposition.
This is Correct. Confusion is commonly carried out through substitution and diffusion is carried out by using transposition. For a cipher to be considered strong it must contain both of these attributes, to ensure that reverse engineering is basically impossible. The randomness of the key values and the complexity of the mathematical functions dictate the level of confusion and diffusion that is involved.
Confusion is carried out through transposition, and diffusion is carried out through diffusion.
This is Incorrect.
Confusion and diffusion are both used to increase the work factor.
This is Incorrect.
The randomness of the cryptoperiod and functions in the algorithm correlate with the level of confusion and diffusion that is provided.
This is Incorrect.
Question : What is Kerckhoff’s principle and why is it relevant?
The only secret portion to a cryptosystem should be the key so that the algorithms can be stronger.
This is Correct. Auguste Kerckhoff published a paper in 1883 stating that the only secrecy involved with a cryptography system should be the key. He claimed that the algorithm should be publicly known. Cryptographers in the private and academic sectors agree with Kerckhoff’s principle, because making an algorithm publicly available means that many more people can view the source code, test it, and uncover any type of flaws or weaknesses.
More than one alphabet should be used in substitution ciphers to increase the workfactor.
This is Incorrect.
A public key needs to with an individual’s identity for true non- repudiation.
This is Incorrect.
One-time pads should be just as long as the message, otherwise patterns will be shown.
This is Incorrect.
Question : Which AES finalist makes use of prewhitening and postwhitening techniques?
Twofish
This is Correct. The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening.
Blowfish
This is Incorrect.
Skipjack
This is Incorrect.
Rijndael
This is Incorrect.
Question : What block size is used by the Advanced Encryption Standard?
128 bit
This is Correct. The Advanced Encryption Standard uses a 128-bit block size, even though the Rijndael algorithm it is based on allows a variable block size.
32 bit
This is Incorrect.
64 bit
This is Incorrect.
Variable
This is Incorrect.
Question : The NSA wanted to embed the clipper chip on all motherboards. Which encryption algorithm did the chip use?
Skipjack
This is Correct. The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured “voice and data messages” with a built-in backdoor. It used SkipJack, a block cipher.
RSA
This is Incorrect.
DSA
This is Incorrect.
3DES
This is Incorrect.
Question : Which is the MOST secure encryption type of these 4?
AES
This is Correct. DES, Blowfish and RC4 are no longer considered secure, AES is still considered secure.
RC4
This is Incorrect.
DES
This is Incorrect.
Blowfish
This is Incorrect.
Question : When we are talking about the Twofish encryption algorithm, which of these is TRUE?
It is a 128-bit block cipher with 128, 192 or 256 bit keys.
This is Correct.
It is a 64 bit block cipher with a 128-bit key.
This is Incorrect.
It is a 64 bit block cipher with a 112-bit key.
This is Incorrect.
It is a 64 bit block cipher, with 56-bit keys.
This is Incorrect.
Question : Depending on our implementation, we may choose to use asymmetric or symmetric encryption. Which of these are types of symmetric encryption? (Select all that apply).
DES
This is Correct.
Twofish
This is Correct.
AES
This is Correct.
DH
This is Incorrect.
ECC
This is Incorrect.
Question : Which of these would be a TRUE statement about symmetric encryption?
It is the strongest per bit.
This is Correct. Asymmetric vs Symmetric Encryption and Hybrid: Asymmetric Pros: It does not need a pre-shared key, only 2x users = total keys. Cons: It is much slower, it is weaker per bit. Symmetric: Pros: Much faster, stronger per bit. Cons: Needs a pre-shared key, n(n-1)/2 users, becomes unmanageable with many users.
It uses private and public keys to share a session key.
This is Incorrect.
It does not use a shared key.
This is Incorrect.
All of these.
This is Incorrect.
Question : We are talking about implementing new encryption in our organization. Which of these would be TRUE about IDEA?
It is a 64 bit block cipher with a 128 bit key.
This is Correct. IDEA (International Data Encryption Algorithm): Designed to replace DES. Symmetric, 128 bit key, 64 bit block size, considered safe. Not widely used now, since it is patented and slower than AES.
It is a 64 bit block cipher with a 112 bit key.
This is Incorrect.
It is a 128 bit block cipher with 128, 192 or 256 bit keys.
This is Incorrect.
It is a 64 bit block cipher, with 56 bit keys.
This is Incorrect.
Question : We are looking at implementing a new type of symmetric encryption. Which of these symmetric encryption types are no longer considered secure, and should be something we should NOT consider?
RC4
This is Correct. RC4: Used by WEP/WPA/SSL/TLS. Pseudorandom keystream. No longer considered secure. Symmetric, Stream cipher, 40-2048 bit key length.
3DES K1
This is Incorrect.
AES
This is Incorrect.
Twofish
This is Incorrect.
Question : DES is very easy to break today. To remedy the problems with DES, 3DES was developed. Which of these is TRUE about 3DES K1?
It is a 64-bit block cipher with a 112-bit key strength.
This is Correct. 3 DES (Triple DES): Was developed to extend life of DES systems while getting ready for AES. Symmetric – 64-bit block cipher – 56-bit key, 16 rounds of encryption, uses Fistel. 3 rounds of DES vs 1. K1 (keymode1) – 3 different keys with a key length of 168-bits (three 56-bit DES keys), but due to the meet-in-the-middle attack, the effective security it provides is only 112-bits.
It is a 64-bit block cipher, with 56 bit keys.
This is Incorrect.
It is a 64-bit block cipher with a 128-bit key strength.
This is Incorrect.
It is a 128-bit block cipher with 128, 192 or 256-bit keys.
This is Incorrect.
Question : How many keys would we have if we had 100 users using symmetric encryption?
4950
This is Correct. Symmetric: n(n-1)/2 users, with 100 users we would need 100(100-1)/2 or (100×99)/2 = 4950 keys.
200
This is Incorrect.
100
This is Incorrect.
2000
This is Incorrect.
Question : As technology progresses or flaws are found in the symmetric algorithms, we stop using that encryption. Which of these symmetric encryption types are no longer considered secure?
3DES K3
This is Correct. 3DES (Triple DES) K3 (keymode3) – Same key 3 times, just as insecure as DES (encrypt/decrypt/encrypt).
3DES K1
This is Incorrect.
AES
This is Incorrect.
Twofish
This is Incorrect.
Question : How many bits of keying material does the Data Encryption Standard use for encrypting information?
56 bit
This is Correct. DES uses a 64-bit encryption key, but only 56 of those bits are actually used as keying material in the encryption operation. The remaining 8 bits are used to detect tampering or corruption of the key.
64 bit
This is Incorrect.
128 bit
This is Incorrect.
256 bit
This is Incorrect.
Question : Florian and Tobias would like to begin communicating using a symmetric cryptosystem, but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key?
Diffie-Hellman
This is Correct. The Diffie-Hellman algorithm allows for the secure exchange of symmetric encryption keys over a public network.
RSA
This is Incorrect.
IDEA
This is Incorrect.
MD5
This is Incorrect.
Question : The Double DES (2DES) encryption algorithm was never used as a viable alternative to the original DES algorithm. What attack is 2DES vulnerable to that does not exist for the DES or 3DES approach?
Meet in the middle
This is Correct. The meet-in-the-middle attack uses a known plaintext message and uses both encryption of the plaintext and decryption of the ciphertext simultaneously in a brute force manner to identify the encryption key in approximately double the time of a brute force attack against the basic DES algorithm.
Man in the middle
This is Incorrect.
Bruteforce
This is Incorrect.
Chosen Ciphertext
This is Incorrect.
Question : Which 3DES implementation encrypts each block of data three times, each time with a different key?
3DES-EEE3
This is Correct. The 3DES-EEE3 implementation encrypts each block of data three times, each time with a different key. The 3DES-EDE3 implementation encrypts each block of data with the first key, decrypts each block with the second key, and encrypts each block with the third key. The 3DES-EDE2 implementation encrypts each block of data with the first key, decrypts each block with the second key, and then encrypts each block with the first key. The 3DES-EEE2 implementation encrypts each block of data with the first key, encrypts each block with the second key, and then encrypts each block with the third key.
3DES-EDE3
This is Incorrect.
3DES-EDE2
This is Incorrect.
3DES-EEE2
This is Incorrect.
Question : What block size is used by the 3DES encryption algorithm?
64 bit
This is Correct.
32 bit
This is Incorrect.
128 bit
This is Incorrect.
256 bits
This is Incorrect.
Question : Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won’t spoil results throughout the communication?
Output Feedback (OFB)
This is Correct. Output feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large amounts of data.
Cipher Feedback (CFB)
This is Incorrect.
Electronic Code Book (ECB)
This is Incorrect.
Cipher Block Chaining (CBC)
This is Incorrect.
Question : What cryptosystem provides the encryption/decryption technology for the commercial version of Phil Zimmerman’s Pretty Good Privacy secure email system?
IDEA
This is Correct. Pretty Good Privacy uses a “web of trust” system of digital signature verification. The encryption technology is based on the IDEA private key cryptosystem.
ROT13
This is Incorrect.
ECC
This is Incorrect.
El Gamal
This is Incorrect.

CISSP Domain 3 questions – Digital Signature

Question : What can we use digital signatures to provide? [Select all that apply]
Non-repudiation
This is Correct.
Integrity
This is Correct.
Confidentiality
This is Incorrect.
Availability
This is Incorrect.
Question : Bob is a security administrator with the federal government and wishes to choose a digital signature approach that is an approved part of the federal Digital Signature Standard under FIPS 186-4. Which one of the following encryption algorithms is not an acceptable choice for use in digital signatures?
HAVAL
This is Correct. The Digital Signature Standard approves three encryption algorithms for use in digital signatures: the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA) algorithm; and the Elliptic Curve DSA (ECDSA) algorithm. HAVAL is a hash function, not an encryption algorithm. While hash functions are used as part of the digital signature process, they do not provide encryption.
DSA
This is Incorrect.
RSA
This is Incorrect.
ECDSA
This is Incorrect.
Question : Jane is talking to a friend and is explaining what digital signatures do. Which of these could be something that she tells her friend is one of the MAIN reasons we use digital signatures?
Integrity
This is Correct. Digital Signatures: Provides Integrity and Non-Repudiation.
Confidentiality
This is Incorrect.
Authentication
This is Incorrect.
Availability
This is Incorrect.
Question : Which one of the following algorithms is not supported by the Digital Signature Standard?
El Gamal DSA
This is Correct. The Digital Signature Standard allows federal government use of the Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.
ECC DSA
This is Incorrect.
RSA
This is Incorrect.
Digital Signature Algorithm
This is Incorrect.

CISSP Domain 3 Questions – History, Goals, Concepts of Cryptography

Question: When we talk about using cryptanalysis in our work, what are we doing?
The science of breaking encrypted communications.
This is Correct. Cryptanalysis is the science of breaking encrypted communication. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown. It uses mathematical analysis of the cryptographic algorithm, as well as side-channel attacks that do not target weaknesses in the cryptographic algorithms themselves, but instead exploit weaknesses in their implementation and the devices that run them
The science of securing communications.
This is Incorrect.
A cryptographic algorithm.
This is Incorrect.
Creates messages with a hidden meaning.
This is Incorrect.
Question: When we are replacing one character with another, what is that called?
Substitution
This is Correct.
Confusion
This is Incorrect.
Diffusion
This is Incorrect.
Permutation
This is Incorrect.
Question: The order of the plaintext should be dispersed in the ciphertext. What is this called?
Diffusion
This is Correct.
Confusion
This is Incorrect.
Permutation
This is Incorrect.
Substitution
This is Incorrect.
Question: What is the relationship between plaintext and ciphertext is called?
Confusion
This is Correct.
Permutation
This is Incorrect.
Substitution
This is Incorrect.
Diffusion
This is Incorrect.
Question: A historical type of encryption that was based on a set of disks with random letters; the sender and receiver would agree on the disk order. What is it called?
Bazeries
This is Correct. The Jefferson Disk (Bazeries Cylinder) – is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged around the edge. Jefferson (US president) invented it, and Bazeries improved it. The order of the letters is different for each disk and is usually scrambled in some random way. Each disk is marked with a unique number. A hole in the center of the disks allows them to be stacked on an axle. The disks are removable and can be mounted on the axle in any order desired. The order of the disks is the cipher key, and both sender and receiver must arrange the disks in the same predefined order. Jefferson’s device had 36 disks.
Vigenére cipher
This is Incorrect.
Spartan Scytale
This is Incorrect.
Caesar cipher
This is Incorrect.
Question: After the Second World War the US designed and built the SIGABA. How many rotors did it use?
15
This is Correct. SIGABA: A rotor machine used by the United States throughout World War II and into the 1950s, similar to the Enigma. It was more complex, and was built after examining the weaknesses of the Enigma. No successful cryptanalysis of the machine during its service lifetime is publicly known. It used 3x 5 sets of rotors.
3
This is Incorrect.
4
This is Incorrect.
10
This is Incorrect.
Question: What historical encryption was written on a thin piece of parchment that was wrapped around a round stick of a certain diameter?
Spartan Scytale.
This is Correct. Spartan Scytale – Message written lengthwise on a long thin piece of parchment wrapped around a certain size round stick. By itself it would make no sense, but if rewrapped around a stick of the same diameter it would be decipherable.
Vigenére cipher.
This is Incorrect.
Bazeries.
This is Incorrect.
Caesar cipher.
This is Incorrect.
Question: The original version of the Enigma machines encryption was broken by the Polish intelligence in 1939. When it was broken in 1939, how many rotors did it use?
3
This is Correct. Enigma – Rotary based. Was three rotors early on, which were broken, so the Germans added one rotor, making it much harder. Breaking the Enigma was responsible for ending the war early and saving millions of lives.
4
This is Incorrect.
10
This is Incorrect.
5
This is Incorrect.
Question: Which of these rotary based encryption machines was NOT known to have been broken while it was in active use?
SIGABA
This is Correct. SIGABA: A rotor machine used by the United States throughout World War II and into the 1950s, similar to the Enigma. It was more complex, and was built after examining the weaknesses of the Enigma. No successful cryptanalysis of the machine during its service lifetime is publicly known. It used 3x 5 sets of rotors.
Enigma
This is Incorrect.
Purple
This is Incorrect.
PRAAS
This is Incorrect.
Question: The original Enigma machine was broken by the Polish in 1939. How many rotors did the Enigma use at the end of the Second World War?
4
This is Correct. Enigma – Rotary based. Was 3 rotors early on, which was broken, so the Germans added 1 rotor, making it much harder. Breaking the Enigma was responsible for ending the war early and saving millions of lives.
3
This is Incorrect.
10
This is Incorrect.
5
This is Incorrect.
Question: Which one of the following cryptographic goals protects against the risks posed when a device is lost or stolen?
Confidentiality
This is Correct. The greatest risk when a device is lost or stolen is that sensitive data contained on the device will fall into the wrong hands. Confidentiality protects against this risk.
Integrity
This is Incorrect.
Non-repudiation
This is Incorrect.
Authentication
This is Incorrect.
Question: What logical operation is described by the truth table shown here?
XOR
This is Correct. The exclusive or (XOR) operation is true when one and only one of the input values is true.
AND
This is Incorrect.
OR
This is Incorrect.
NOR
This is Incorrect.
Question: How many possible keys exist for a cipher that uses a key containing 5 bits?
32
This is Correct. Binary keyspaces contain a number of keys equal to two raised to the power of the number of bits. Two to the fifth power is 32, so a 5-bit keyspace contains 32 possible keys.
16
This is Incorrect.
10
This is Incorrect.
64
This is Incorrect.
Question: Alice sent a message to Bob. Bob would like to demonstrate to Charlie that the message he received definitely came from Alice. What goal of cryptography is Bob attempting to achieve?
Non-repudiation
This is Correct. Nonrepudiation occurs when the recipient of a message is able to demonstrate to a third party that the message came from the purported sender.
Confidentiality
This is Incorrect.
Availability
This is Incorrect.
Authentication
This is Incorrect.
Question: When we are rearranging the plaintext what is it called?
Permutation
This is Correct.
Confusion
This is Incorrect.
Diffusion
This is Incorrect.
Substitution
This is Incorrect.
Question: Which historical type of encryption involved the sender switching letters a certain number of spots forwards or back in the alphabet, with the receiver doing the same in the opposite direction?
Caesar Cipher
This is Correct.
Vigenere Cipher
This is Incorrect.
Spartan Scytale
This is Incorrect.
Bazeries
This is Incorrect.
Question: Which one of the following is an example of a code, not a cipher?
“One if by land; two if by sea”
This is Correct. The major difference between a code and a cipher is that ciphers alter messages at the character or bit level, not at the word level. DES, shift ciphers, and word scrambles all work at the character or bit level and are ciphers. “One if by land; two if by sea” is a message with hidden meaning in the words and is an example of a code.
Word scramble
This is Incorrect.
Data Encryption Standard
This is Incorrect.
Shifting letters by three
This is Incorrect.
Question: Which process converts plaintext into ciphertext?
Encryption
This is Correct. Encryption converts plaintext into ciphertext. Hashing reduces a message to a hash value. Decryption converts ciphertext into plaintext. A digital signature is an object that provides sender authentication and message integrity by including a digital signature with the original message.
Digital Signature
This is Incorrect.
Hashing
This is Incorrect.
Decryption
This is Incorrect.
Question: For security protection mechanisms for cryptographic data in storage, backup, and archives, the storage of keying material is a part of which of the following cryptographic services?
Availability
This is Correct. The availability service for data in storage deals with backup and archive storages. During a key’s crypto-period, keying material (i.e., keys and initialization vectors) should be stored in both normal operational storage and in backup storage. After the end of a key’s crypto-period, keying material should be placed in archive storage. The other three choices do not deal with backup and archive storages.
Integrity
This is Incorrect.
Confidentiality
This is Incorrect.
Labels
This is Incorrect.
Question: What is the output value of the mathematical function 16 mod 3?
1
This is Correct.
0
This is Incorrect.
3
This is Incorrect.
5
This is Incorrect.
Question: Which of the following is not addressed in the Wassenaar Arrangement?
Products exported to terrorist countries.
This is Correct. In 1996 several countries (33 in all) came together to control the exportation of the same type of items to the agreed upon “terrorist countries,” and their guidelines are referred to as the Wassenaar Arrangement. These countries (Iran, Iraq, Libya, North Korea, Sudan, Cuba, and Syria) were identified as having connections with terrorist groups and activities. The agreed upon controls did not apply to products that could be downloaded from the Internet.
Intangibles that could be downloaded from the Internet
This is Incorrect.
Asymmetric algorithms
This is Incorrect.
Symmetric algorithms
This is Incorrect.

CISSP Domain 3 Questions – Hashing

Question : Which of these would be the PRIMARY reason we would choose to use hash functions?
Integrity
This is Correct. Hash Functions (One-Way Hash Functions) are used for Integrity: A variable-length plaintext is hashed into a fixed-length value hash or MD (Message Digest). It is used to prove the Integrity of the data has not changed.
Confidentiality
This is Incorrect.
Availability
This is Incorrect.
Authorization
This is Incorrect.
Question : We have decided to change the type of hashing we use to a newer version that is collision resistant. What happens when a hash collision occurs?
When two different plaintexts produce the same hash.
This is Correct. When two different plaintexts produce the same hash value it is called as Collision Free.
A variable-length text produces a fixed-length hash.
This is Incorrect.
The same plain text produces two different hashes using the same hash function.
This is Incorrect.
You can figure out the plain text from the hash.
This is Incorrect.
Question : We are adding hashing to our passwords. Which of these is a hashing function we could consider?
RIPEMD
This is Correct. RIPEMD is Developed outside of defense to ensure no government backdoors. 128, 256, 320 bit hashes. 
RSA
This is Incorrect.
Salting
This is Incorrect.
DES
This is Incorrect.
Question : “mrcissp” and “Bob” are talking about hashing and they use the abbreviation MAC. What are they talking about?
Message Authentication Code.
This is Correct. MAC (Message Authentication Code) – Hash function using a key. CBC-MAC, for instance, uses Cipher Block Chaining from a symmetric encryption (like DES). Provides integrity and authenticity.
Message Access Code.
This is Incorrect.
Media Access Control.
This is Incorrect.
Mandatory Access Control.
This is Incorrect.
Question : Which of these hashing algorithms are still considered secure and collision free?
RIPEMD160
This is Correct. RIPEMD160 – Redesigned, fixing flaws of RIPEMD. 160 bit hashes. Not used much but Considered secure. Refer to MD5 & SHA-1 option for further clarification
MD5
This is Incorrect. MD5 (Message Digest 5): 128bit Fixed-Length hash, used very widely until a flaw was found making it possible to produce collisions in a reasonable amount of time. While not a chosen-text collision, it is still a collision. MD6 (Message Digest 6): Was not used for very long; was supposed to replace MD5, but SHA2/3 were better. It was in the running for the SHA3 race, but withdrawn due to flaws.
MD4
This is Incorrect.
SHA-1
This is Incorrect. Found to have weak collision avoidance, but still commonly used.
Question : Chris wants to verify that a software package that he downloaded matches the original version. What hashing tool should he use if he believes that technically sophisticated attackers may have replaced the software package with a version containing a backdoor?
SHA256
This is Correct. Intentional collisions have been created with MD5, and a real-world collision attack against SHA 1 was announced in early 2017. 3DES is not a hashing tool, leaving SHA 256 (sometimes called SHA 2) as the only real choice that Chris has in this list.
SHA-1
This is Incorrect.
3DES
This is Incorrect.
MD5
This is Incorrect.
Question : Which one of the following is not an attribute of a hashing algorithm?
They require a cryptographic key.
This is Correct. Hash functions do not include any element of secrecy and, therefore, do not require a cryptographic key.
They are irreversible.
This is Incorrect.
It is very difficult to find two messages with the same hash value.
This is Incorrect.
They take variable-length input.
This is Incorrect.
Question : Which one of the following is not one of the basic requirements for a cryptographic hash function?
The function must work on fixed-length input.
This is Correct. Hash functions must be able to work on any variable-length input and produce a fixed-length output from that input, regardless of the length of the input.
The function must be relatively easy to compute for any input.
This is Incorrect.
The function must be one way.
This is Incorrect.
The function must be collision free.
This is Incorrect.
Question : “mrcissp” computes the digest of a single sentence of text using a SHA-2 hash function. He then changes a single character of the sentence and computes the hash value again. Which one of the following statements is true about the new hash value?
The new hash value will be completely different from the old hash value.
This is Correct. It is not possible to determine the degree of difference between two inputs by comparing their hash values. Changing even a single character in the input to a hash function will result in completely different output.
The new hash value will share at least 50% of the characters of the old hash value.
This is Incorrect.
The new hash value will be unchanged.
This is Incorrect.
The new hash value will be one character different from the old hash value.
This is Incorrect.
Question : John wants to produce a message digest of a 2,048-byte message he plans to send to Mary. If he uses the SHA-1 hashing algorithm, what size will the message digest for this particular message be?
160 bits
This is Correct. The SHA-1 hashing algorithm always produces a 160-bit message digest, regardless of the size of the input message. In fact, this fixed-length output is a requirement of any secure hashing algorithm.
512 bits
This is Incorrect.
1024 bits
This is Incorrect.
2048 bits
This is Incorrect.