QUESTION 747
The primary purpose for using one-way encryption of user passwords within a system is which of the following?
A. It prevents an unauthorized person from trying multiple passwords in one logon attempt
B. It prevents an unauthorized person from reading or modifying the password list
C. It minimizes the amount of storage required for user passwords
D. It minimizes the amount of processing time used for encrypting password
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 748
Which of the following is not a known type of Message Authentication Code (MAC)?
A. Hash function-based MAC
B. Block cipher-based MAC
C. Signature-based MAC
D. Stream cipher-based MAC
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
352
ISC CISSP Exam
QUESTION 749
Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT)?
A. Secure Electronic Transaction (SET)
B. Message Authentication Code (MAC)
C. Cyclic Redundency Check (CRC)
D. Secure Hash Standard (SHS)
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: pg 218 Krutz: CISSP Prep Guide: Gold Edition
QUESTION 750
Where parties do not have a shared secret and large quantities of sensitive information must be passed, the
most efficient means of transferring information is to use a hybrid encryption technique. What does this mean?
A. Use of public key encryption to secure a secret key, and message encryption using the secret key
B. Use of the recipient’s public key for encryption and decryption based on the recipient’s private key
C. Use of software encryption assisted by a hardware encryption accelerator
D. Use of elliptic curve encryption
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 751
One-way hash provides:
A. Confidentiality
B. Availability
C. Integrity
353
ISC CISSP Exam
D. Authentication
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Hash Functions
….how cryptosystems implement digital signatures to provide proof that a message originated from a particular
user of a cryptosystem and to ensure that the message was not modified while in transit between the two
parties.”
Pg. 292 Tittel: CISSP Study Guide Second Edition
“integrity A state characterized by the assurance that modifications are not made by unauthorized users and
authorized users do not make unauthorized modifications.”
Pg. 616 Tittel: CISSP Study Guide Second Edition
QUESTION 752
What size is an MD5 message digest (hash)?
A. 128 bits
B. 160 bits
C. 256 bits
D. 128 bytes
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: “MD4
MD4 is a one-way hash function designed by Ron Rivest. It produces 128-bit hash, or message digest, values.
It is used for high-speed computation in software implementations and is optimized for microprocessors.
MD5
MD5 is the newer version of MD4. It still produces a 128-bit hash, but the algorithm is more complex, which
makes it harder to break. MD5 added a fourth round of operations to be performed during the hashing functions
and makes several of it mathematical operations carry out more steps or more complexity to provide a higher
level of security.
MD2
MD2 is also a 128-bit one-way hash designed by Ron Rivest. It is not necessarily any weaker than the
previously mentioned hash functions, but is much slower.
354
ISC CISSP Exam
SHA
SHA was designed by NIST and NSA to be used with DSS. The SHA was designed to be used with digital
signatures and was developed when a more secure hashing algorithm was required for federal application.
SHA produces a 160-bit hash value, or message digest. This is then inputted into the DSA, which computes the
signature for a message. The message digest is signed instead of the whole message because it is a much
quicker process. The sender computes a 160-bit hash value, encrypts it with his private key (signs it), appends
it to the message, and sends it. The receiver decrypts the value with the sender’s public key, runs the same
hashing function, and compares the two values. If the values are the same, the receiver can be sure that the
message has not been tampered with in transit.
SHA is similar to MD4. It has some extra mathematical functions and produces a 160-bit hash instead of 128-
bit, which makes it more resistant to brute force attacks, including birthday attacks.
HAVAL
HAVAL is a variable-length one-way hash function and is the modification of MD5. It processes message
blocks twice the size of those used in MD5; thus it processes blocks of 1,024 bits.
Pg. 508-509 Shon Harris CISSP Certification All-In-One Exam Guide
QUESTION 753
Which of the following is NOT a property of a one-way hash function?
A. It converts a message of a fixed length into a message digest of arbitrary length.
B. It is computationally infeasible to construct two different messages with the same digest
C. It converts a message of arbitrary length into a message digest of a fixed length
D. Given a digest value, it is computationally infeasible to find the corresponding message
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 754
Which of the following would best describe a Concealment cipher?
355
ISC CISSP Exam
A. Permutation is used, meaning that letters are scrambled
B. Every X number of words within a text, is a part of the real message
C. Replaces bits, characters, or blocks of characters with different bits, characters, or blocks.
D. Hiding data in another message so that the very existence of the data is concealed.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: pg 468 Shon Harris: All-in-One CISSP Certification
QUESTION 755
Which of the following ciphers is a subset of the Vignere polyalphabetic cipher?
A. Caesar
B. Jefferson
C. Alberti
D. SIGABA
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: “The Caesar Cipher,…., is a simple substitution cipher that involves shifting the alphabet three
positions to the right. The Caesar Cipher is a subset of the Vigenere polyalphabetic cipher. In the Caesar
cipher, the message’s characters and repetitions of the key are added together, modulo 26. In modulo 26, the
letters A to Z of the alphabet are given a value of 0 to 25, respectively.”
Pg. 189 Krutz: The CISSP Prep Guide: Gold Edition
QUESTION 756
Which of the following is not a property of the Rijndael block cipher algorithm?
A. Resistance against all known attacks
B. Design simplicity
C. 512 bits maximum key size
D. Code compactness on a wide variety of platforms
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
356
ISC CISSP Exam
QUESTION 757
What are two types of ciphers?
A. Transposition and Permutation
B. Transposition and Shift
C. Transposition and Substitution
D. Substitution and Replacement
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Classical Ciphers:
Substitution
Transposition (Permutation)
Vernam (One-Time Pad)
Book or Running Key
Codes
Steganography”
Pg 189-193 Krutz: CISSP Prep Guide: Gold Edition.
QUESTION 758
Which one of the following, if embedded within the ciphertext, will decrease the likelihood of a message being
replayed?
A. Stop bit
B. Checksum
C. Timestamp
D. Digital signature
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: CBC is the CBC mode of some block cipher, HMAC is a keyed message digest, MD is a plain
message digest, and timestamp is to protect against replay attacks. From the OpenSSL project http://www.
mail-archive.com/openssl-users@openssl.org/msg23576.html
357
ISC CISSP Exam
QUESTION 759
Which of the following statements pertaining to block ciphers is incorrect?
A. it operates on fixed-size blocks of plaintext
B. it is more suitable for software than hardware implementation
C. Plain text is encrypted with a public key and decrypted with a private key
D. Block ciphers can be operated as a stream
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Strong and efficient block cryptosystems use random key values so an attacker cannot find a
pattern as to which S-boxes are chosen and used.” Pg. 481 Shon Harris CISSP Certification All-in-One Exam
Guide
Not A:
“When a block cipher algorithm is used for encryption and decryption purposes, the message is divided into
blocks of bits. These blocks are then put through substitution, transposition, and other mathematical functions,
on block at a time.” Pg. 480 Shon Harris CISSP Certification All-in-One Exam Guide
Not B:
“Block ciphers are easier to implement in software because they work with blocks of data that the software is
used to work with.” Pg 483 Shon Harris CISSP Certification All-in-One Exam Guide
Not D:
“This encryption continues until the plaintext is exhausted.” Pg. 196 Krutz The CISSP Prep Guide.
Not A or D:
“When a block a block cipher algorithm is used for encryption and decryption purposes, the message is divided
into blocks of bits. These blocks are then put through substitution, transposition, and other mathematical
functions, one block at a time.” Pg 480 Shon Harris: All-in- One CISSP Certification
358
ISC CISSP Exam
QUESTION 760
The repeated use of the algorithm to encipher a message consisting of many blocks is called
A. Cipher feedback
B. Elliptical curve
C. Cipher block chaining
D. Triple DES
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: “There are two main types of symmetric algorithms: stream and block ciphers. Like their names
sound, block ciphers work on blocks of plaintext and ciphertext, whereas stream ciphers work on streams of
plaintext and ciphertext, on bit or byte at a time. Pg 521. Shon Harris CISSP All-In-One Certification Exam
Guide
Cipher Block Chaining (CBC) operates with plaintext blocks of 64 bits. ….Note that in this mode, errors
propogate.” Pg 149 Krutz: The CISSP Prep Guide
QUESTION 761
When block chaining cryptography is used, what type of code is calculated and appended to the data to ensure
authenticity?
A. Message authentication code.
B. Ciphertext authentication code
C. Cyclic redundancy check
D. Electronic digital signature
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: The original Answer was B. This is incorrect as cipthertext is the result not an authentication code.
“If meaningful plaintext is not automatically recognizable, a message authentication code (MAC)
359
ISC CISSP Exam
can be computed and appended to the message. The computation is a function of the entire message and a
secret key; it is practically impossible to find another message with the same authenticator. The receiver
checks the authenticity of the message by computing the MAC using the same secret key and then verifying
that the computed value is the same as the one transmitted with the message. A MAC can be used to provide
authenticity for unencrypted messages as well as for encrypted ones. The National Institute of Standards and
Technology (NIST) has adopted a standard for computing a MAC. (It is found in Computer Data Authentication,
Federal Information Processing Standards Publication (FIPS PUB) 113.)” http://www.cccure.org/Documents/
HISM/637-639.html from the Handbook of Information Security Management by Micki Krause
QUESTION 762
Which of the following statements pertaining to block ciphers is incorrect?
A. It operates on fixed-size blocks of plaintext
B. It is more suitable for software than hardware implementations
C. Plain text is encrypted with a public key and decrypted with a private key
D. Block ciphers can be operated as a stream
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Strong and efficient block cryptosystems use random key values so an attacker cannot find a
pattern as to which S-boxes are chosen and used.” Pg. 481 Shon Harris CISSP Certification All-in-One Exam
Guide
Not A:
“When a block cipher algorithm is used for encryption and decryption purposes, the message is divided into
blocks of bits. These blocks are then put through substitution, transposition, and other mathematical functions,
on block at a time.” Pg. 480 Shon Harris CISSP Certification All-in-One Exam Guide
Not B:
“Block ciphers are easier to implement in software because they work with blocks of data that the software is
used to work with.” Pg 483 Shon Harris CISSP Certification All-in-One Exam Guide
Not D:
360
ISC CISSP Exam
“This encryption continues until the plaintext is exhausted.” Pg. 196 Krutz The CISSP Prep Guide.
QUESTION 763
Which of the following is a symmetric encryption algorithm?
A. RSA
B. Elliptic Curve
C. RC5
D. El Gamal
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 764
How many bits is the effective length of the key of the Data Encryption Standard Algorithm?
A. 16
B. 32
C. 56
D. 64
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 765
Compared to RSA, which of the following is true of elliptic curve cryptography?
A. It has been mathematically proved to be the more secure
B. It has been mathematically proved to be less secure
361
ISC CISSP Exam
C. It is believed to require longer keys for equivalent security
D. It is believed to require shorter keys for equivalent security
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation: CISSP All-In-One – page 491: “In most cases, the longer the key length, the more protection
provided, but ECC can provide the same level of protection with a key size that is smaller than what RSA
requires.”
CISSP Prep Guide (not Gold edition) – page 158: “… smaller key sizes in the elliptic curve implementation can
yield higher levels of security. For example, an elliptic curve key of 160 bits is equivalent to 1024-bit RSA key.”
QUESTION 766
Which of the following is not a one-way algorithm?
A. MD2
B. RC2
C. SHA-1
D. DSA
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: Not: A, C or D.
“Hash Functions
SHA
MD2
MD4
MD5″
Pg. 337- 340 Tittel: CISSP Study Guide
DSA, Digital Signature Algorithm, is a approved standard for Digital Signatures that utilizes SHA-1 hashing
function.
Pg. 342-343 Tittel: CISSP Study Guide
362
ISC CISSP Exam
QUESTION 767
A public key algorithm that does both encryption and digital signature is which of the following?
A. RSA
B. DES
C. IDEA
D. DSS
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: “RSA, named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman, is a public key
algorithm that is the most popular when it comes to asymmetric algorithms. RSA is a worldwide de facto
standard and can be used for digital signatures, key exchange, and encryption.”
Pg. 489 Shon Harris: All-In-One CISSP Certification Exam Guide
QUESTION 768
Which of the following encryption algorithms does not deal with discrete logarithms?
A. El Gamal
B. Diffie-Hellman
C. RSA
D. Elliptic Curve
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 769
The RSA algorithm is an example of what type of cryptography?
A. Asymmetric key
363
ISC CISSP Exam
B. Symmetric key
C. Secret Key
D. Private Key
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 770
How many rounds are used by DES?
A. 16
B. 32
C. 64
D. 48
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: “When the DES algorithm is applied to data, it divides the message into blocks and operates on
them one at a time. A block is made of 64 bits and is divided in half and each character is encrypted one at a
time. The characters are put through 16 rounds of transposition and substitution functions. The order and type
of transposition and substitution function depend on the value of the key that is inputted into the algorithm. The
result is the 64-bit block of ciphertext.” Pg. 526 Shon Harris: CISSSP All-In-One Certification Guide
QUESTION 771
Which of the following is the most secure form of triple-DES encryption?
A. DES-EDE3
B. DES-EDE1
C. DES-EEE4
D. DES-EDE2
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The reason is that it uses three keys.
Four keys cannot be used.
364
ISC CISSP Exam
The other alternatives do not use as many keys so less secure. We do not believe there is such a thing as
DES-EDE1, but it would still be less secure if it would exist.
QUESTION 772
Which of the following algorithms does *NOT* provide hashing?
A. SHA-1
B. MD2
C. RC4
D. MD5
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: Hashed Algorithms
SHA-1
HMAC-SHA-1
MD5
HMAC-MD5
Pg 426 Hansche: Official (ISC)2 Guide to the CISSP Exam
Note: MD2 is also a one-way hash, like MD5, but slower
QUESTION 773
Which of the following is unlike the other three?
A. El Gamal
B. Teardrop
C. Buffer Overflow
D. Smurf
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
365
ISC CISSP Exam
QUESTION 774
Which of the following is not an encryption algorithm?
A. Skipjack
B. SHA-1
C. Twofish
D. DEA
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: SHA-1 is a hash algorithm opposed to encryption algorithm.
Reference: pg 293 Tittel: CISSP Study Guide
QUESTION 775
Which one of the following is an asymmetric algorithm?
A. Data Encryption Algorithm.
B. Data Encryption Standard
C. Enigma
D. Knapsack
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation: Merkle-Hellman Knapsack is a Public Key Algorithm Pg 206 Krutz: CISSP Prep Guide: Gold
Edition.
Not A:
“DES describes the Data Encryption Algorithm (DEA) and is the name of the Federal Information Processing
Standard (FIPS) 46-1 that was adopted in 1977…” pg 195 Krutz: CISSP Prep Guide:
Gold Edition.
Not B:
“The best-known symmetric key system is probably the Data Encryption Standard (DES).” pg 195 Krutz: CISSP
Prep Guide: Gold Edition.
366
ISC CISSP Exam
Not C:
“The German military used a polyalphabetic substitution cipher machine called the Enigma as its principal
encipherment system during World War II.” Pg 185 Krutz: CISSP Prep Guide: Gold Edition.
QUESTION 776
Which of the following is *NOT* a symmetric key algorithm?
A. Blowfish
B. Digital Signature Standard (DSS)
C. Triple DES (3DES)
D. RC5
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: pg 489 Shon Harris
QUESTION 777
Which of the following layers is not used by the Rijndael algorithm?
A. Non-linear layer
B. Transposition layer
C. Key addition layer
D. The linear mixing layer
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: pg 201 Krutz: CISSP Prep Guide: Gold Edition
QUESTION 778
What is the basis for the Rivest-Shamir-Adelman (RSA) algorithm scheme?
367
ISC CISSP Exam
A. Permutations
B. Work factor
C. Factorability
D. Reversivibility
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: This algorithm is based on the difficulty of factoring a number, N, which is the product of two large
prime numbers. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 204
QUESTION 779
Which of the following encryption algorithms does not deal with discrete logarithms?
A. El Gamal
B. Diffie-Hellman
C. RSA
D. Elliptic Curve
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: pg 416 Hansche: Official (ISC)2 Guide to the CISSP Exam
QUESTION 780
The RSA Algorithm uses which mathematical concept as the basis of its encryption?
A. Geometry
B. Irrational numbers
C. PI (3.14159…)
D. Large prime numbers
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 781
368
ISC CISSP Exam
PGP provides which of the following?(Choose three)
A. Confidentiality
B. Accountability
C. Accessibility
D. Integrity
E. Interest
F. Non-repudiation
G. Authenticity
Correct Answer: ADG
Section: (none)
Explanation
Explanation/Reference:
Explanation: PGP provides confidentiality, integrity, and authenticity.
QUESTION 782
PGP uses which of the following to encrypt data?
A. An asymmetric scheme
B. A symmetric scheme
C. a symmetric key distribution system
D. An asymmetric key distribution
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 783
Which of the following mail standards relies on a “Web of Trust”?
A. Secure Multipurpose Internet Mail extensions (S/MIME)
B. Pretty Good Privacy (PGP)
C. MIME Object Security Services (MOSS)
D. Privacy Enhanced Mail (PEM)
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: “PGP does not use a hierarchy of Cas, or any type of formal trust certificates, but relies on a “web
of trust” in its key management approach. Each user generates and distributes his or her public key, and users
sign each other’s public keys, which creates a community of users who trust each other. This is different than
the CA approach where no one trusts each other, they
369
ISC CISSP Exam
only trust the CA.
QUESTION 784
Which of the following offers confidentiality to an e-mail message?
A. The sender encrypting it with it’s private key
B. The sender encrypting it with it’s public key
C. The sender encrypting it with it’s receiver’s public key
D. The sender encrypting it with the receiver’s private key
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 785
Which of the following items should not be retained in an E-mail directory?
A. drafts of documents
B. copies of documents
C. permanent records
D. temporary documents
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: This is another matter of common sense; the CISSP exam has many situations like this. It is not a
good practice to have Permanent documents in your e-mail, this is because you don’t know if your e-mail is
always backed up, and maybe the document must be available in a corporate repository. There is no problem
to have Copies, draft or temporary documents in your e- mail. The important ones for the company are the
Permanent documents.
QUESTION 786
In a Secure Electronic Transaction (SET), how many certificates are required for a payment gateway to support
multiple acquires?
370
ISC CISSP Exam
A. Two certificates for the gateway only.
B. Two certificates for the gateway and two for the acquirers.
C. Two certificates for each acquirer.
D. Two certificates for the gateway and two for each acquirer.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: I think it may be D two for each acquirer. Which unless I read it wrong it means each person must
have 2 certificates exchanged with the gateway.
“SET uses a des symmetric key system for encryption of the payment information and uses rsa for the
symmetric key exchange and digital signatures. SET covers the end-to-end transaction from the cardholder to
the financial institution”. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 219-220
In the SET environment, there exists a hierarchy of Certificate Authorities. The SET protocol specifies a method
of entity authentication referred to as trust chaining. This method entails the exchange of digital certificates and
verification of the public keys by validating the digital signatures of the issuing CA. This trust chain method
continues all the way up to the CA at the top of the hierarchy, which is referred to as the SET Root CA. The
SET Root CA is owned and maintained by SET Secure Electronic Transaction LLC. http://setco.org/certificates.
html
QUESTION 787
Which protocol makes use of an electronic wallet on a customer’s PC and sends encrypted credit card
information to merchant’s Web server, which digitally signs it and sends it on to its processing bank?
A. SSH
B. S/MIME
C. SET
D. SSL
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 788
Which of the following best describes the Secure Electronic Transaction (SET) protocol?
371
ISC CISSP Exam
A. Originated by VISA and MasterCard as an Internet credit card protocol
B. Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures
C. Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer
D. Originated by VISA and MasterCard as an Internet credit card protocol using SSL
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 789
Which of the following would best define the “Wap Gap” security issue?
A. The processing capability gap between wireless devices and PC’s
B. The fact that WTLS transmissions have to be decrypted at the carrier’s WAP gateway to be re- encrypted
with SSL for use over wired networks.
C. The fact that Wireless communications are far easier to intercept than wired communications
D. The inability of wireless devices to implement strong encryption
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 790
What encryption algorithm is best suited for communication with handheld wireless devices?
A. ECC
B. RSA
C. SHA
D. RC4
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Eliptic curves are rich mathematical structures that have shown usefulness in many different
types of applications. An Elliptic Curve Cryptosystem (ECC) provides much of the same functionality that RSA
provides: digital signatures, secure key distribution, and encryption. One differing factor is ECC’s efficiency.
Some devices have limited processing capacity, storage, power supply, and bandwidth like wireless devices
and cellular telephones. With these types of devices, efficiency of resource use is very important. ECC provides
encryption functionality requiring a smaller percentage of resources required by RSA and other algorithms, so it
is used in these types of devices. In most cases, the longer the key length, the protection provided, but ECC
can provide
372
ISC CISSP Exam
the same level of protection with a key size that is smaller than what RSA requires. Because longer keys
require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources
of the device.” Pg. 491 Shon Harris: All-In-One CISSP Certification Guide.
QUESTION 791
Which security measure BEST provides non-repudiation in electronic mail?
A. Digital signature
B. Double length Key Encrypting Key (KEK)
C. Message authentication
D. Triple Data Encryption Standard (DES)
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: A tool used to provide the authentication of the sender of a message. It can verify the origin of the
message along with the identity of the sender. IT is unique for every transaction and created with a private key.
– Shon Harris All-in-one CISSP Certification Guide pg 930
“Secure Multipurpose Internet Mail Extensions (S/MIME) offers authentication and privacy to e- mail through
secured attachments. Authentication is provided through X.509 digital certificates. Privacy is provided through
the use of Public Key Cryptography Standard (PKCS) Enryption. Two types of messages can be formed using
S/MIME: signed messages and enveloped messages. A signed message provides integrity and sender
authentication. An enveloped message provides ntegrity, sender authentication, and confidentiality.” Pg 123
Tittle: CISSP Study Guide
QUESTION 792
Which of the following services is not provided by the digital signature standard (DSS)?
A. Encryption
B. Integrity
C. Digital signature
D. Authentication
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
373
ISC CISSP Exam
Explanation:
QUESTION 793
Public key cryptography provides integrity verification through the use of public key signature and?
A. Secure hashes
B. Zero knowledge
C. Private key signature
D. Session key
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 794
Electronic signatures can prevent messages from being:
A. Erased
B. Disclosed
C. Repudiated
D. Forwarded
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 795
Why do vendors publish MD5 hash values when they provide software patches for their customers to download
from the Internet?
374
ISC CISSP Exam
A. Recipients can verify the software’s integrity after downloading.
B. Recipients can confirm the authenticity of the site from which they are downloading the patch.
C. Recipients can request future updates to the software by using the assigned hash value.
D. Recipients need the hash value to successfully activate the new software.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: If the two values are different, Maureen knows that the message was altered, either intentionally or
unintentionally, and she discards the message…As stated in an earlier section, the goal of using a one-way
hash function is to provide a fingerprint of the message. MD5 is the newer version of MD4. IT still produces a
128-bit hash, but the algorithm is a bit more complex to make it harder to break than MD4. The MD5 added a
fourth round of operations to be performed during the hash functions and makes several of its mathematical
operations carry steps or more complexity to provide a higher level of security . – Shon Harris All-in-one CISSP
Certification Guide pg 182-185
QUESTION 796
What attribute is included in a X.509-certificate?
A. Distinguished name of subject
B. Telephone number of the department
C. secret key of the issuing CA
D. the key pair of the certificate holder
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: The key word is ‘In create the certificate..” Certificates that conform to X.509 contain the following
data: Version of X.509 to which the certificate conforms; Serial number (from the certificate creator); Signature
algorithm identifier (specifies the technique used by the certificate authority to digitally sign the contents of the
certificate); Issuer name (identification of the certificate authority that issues the certificate) Validity period
(specifies the dates and times – a starting date and time and an ending date and time – during which the
certificate is valid); Subject’s name (contains the distinguished name, or DN, of the entity that owns the public
key contained in the certificate); Subject’s public key (the meat of the certificate – the actual public key of the
certificate owner used to setup secure communications) pg 343-344 CISSP Study Guide byTittel
375
ISC CISSP Exam
QUESTION 797
What is used to bind a document to it’s creation at a particular time?
A. Network Time Protocol (NTP)
B. Digital Signature
C. Digital Timestamp
D. Certification Authority (CA)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 798
What attribute is included in a X-509-certificate?
A. Distinguished name of the subject
B. Telephone number of the department
C. Secret key of the issuing CA
D. The key pair of the certificate holder
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Certificates that conform to X.509 contain the following data:
Version of X.509 to which the certificate conforms
Serial number
Signature algorithm identifier
Issuer name
Validity period
Subject’s name (contains the distinguished name, or DN of the entity that owns the public key contained in the
certificate)
Subjects Public Key”
Pg. 297 Tittel: CISSP Study Guide
QUESTION 799
Which of the following standards concerns digital certificates?
376
ISC CISSP Exam
A. X.400
B. X.25
C. X.509
D. X.75
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 800
What level of assurance for a digital certificate only requires an e-mail address?
A. Level 0
B. Level 1
C. Level 2
D. Level 3
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
QUESTION 801
The “revocation request grace period” is defined as:
A. The period for to the user within he must make a revocation request upon a revocation reason
B. Minimum response time for performing a revocation by the CA
C. Maximum response time for performing a revocation by the CA
D. Time period between the arrival of a revocation reason and the publication of the revocation information
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 802
What enables users to validate each other’s certificate when they are certified under different certification
hierarchies?
377
ISC CISSP Exam
A. Cross-certification
B. Multiple certificates
C. Redundant certificate authorities
D. Root certification authorities
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 803
Digital signature users register their public keys with a certification authority, which distributes a certificate
containing the user’s public key and digital signature of the certification authority. In creating the certificate, the
user’s public key and the validity period are combined with what other information before computing the digital
signature?
A. Certificate issuer and the Digital Signature Algorithm identifier
B. User’s private key and the identifier of the master key code
C. Name of secure channel and the identifier of the protocol type
D. Key authorization and identifier of key distribution center
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: The key word is ‘In create the certificate..” Certificates Certificates that conform to X.509 contain
the following data: Version of X.509 to which the certificate conforms; Serial number (from the certificate
creator); Signature algorithm identifier (specifies the technique used by the certificate authority to digitally sign
the contents of the certificate); Issuer name (identification of the certificate authority that issues the certificate)
Validity period (specifies the dates and times – a starting date and time and an ending date and time – during
which the certificate is validated); Subject’s name (contains the distinguished name, or DN, of the entity that
owns the public key contained in teh certificate); Subject’s public key (the meat of the certificate – the actual
public key of the certificate owner used to setup secure communications) pg 343-344 CISSP Study Guide
byTittel
QUESTION 804
What level of assurance for digital certificate verifies a user’s name, address, social security number, and other
information against a credit bureau database?
378
ISC CISSP Exam
A. Level 1
B. Level 2
C. Level 3
D. Level 4
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 805
Which one of the following security technologies provides safeguards for authentication before securely
sending information to a web server?
A. Secure/Multipurpose Internet Mail Extension (S/MIME)
B. Common Gateway Interface (CGI) scripts
C. Applets
D. Certificates
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation: Digital certificates provide communicating parties with the assurance that they are communicating
with people who truly are who they claim to be.” Titel: CISSP Study Guide. pg 343. In this case, if the web
server was a bank, you want to have a certificate confirming that they really are the bank before you
authenticate with your username and password.
QUESTION 806
The primary role of cross certification is:
A. Creating trust between different PKIs
B. Build an overall PKI hierarchy
C. set up direct trust to a second root CA
D. Prevent the nullification of user certifications by CA certificate revocation
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
379
ISC CISSP Exam
QUESTION 807
Windows 98 includes the ability to check the digitally signed hardware drivers. Which of the following are true?
A. Drivers are the only files supplied with W98 that can checked for digital signatures and all drivers included
with W98 have been digitally signed
B. If a file on a windows W98 has been digitally signed it means that the file has passed quality testing by
Microsoft.
C. The level to which signature checking is implemented could only be changed by editing the registry
D. All of the statements are true
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: Windows device drivers and operating system files have been digitally signed by Microsoft to
ensure their quality. A Microsoft digital signature is your assurance that a particular file has met a certain level
of testing, and that the file has not been altered or overwritten by another program’s installation process.
Depending on how your administrator has configured your computer, Windows either ignores device drivers
that are not digitally signed, displays a warning when it detects device drivers that are not digitally signed (the
default behavior), or prevents you from installing device drivers without digital signatures.
Windows includes the following features to ensure that your device drivers and system files remain in their
original, digitally-signed state:
·Windows File Protection
·System File Checker
·File Signature Verification
Windows XP help.
Not A: operating system files are included.
Not C: the setting can be changed in the GUI.
QUESTION 808
What is the purpose of certification path validation?
380
ISC CISSP Exam
A. Checks the legitimacy of the certificates in the certification path.
B. Checks that all certificates in the certification path refer to same certification practice statement.
C. Checks that no revoked certificates exist outside the certification path.
D. Checks that the names in the certification path are the same.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: Not C. Revoked certificates are not checked outside the certification path.
“A Transaction with Digital Certificates
1.)Subscribing entity sends Digital Certificate Application to Certificate Authority. 2.)Certificate Authority issues
Signed Digital Certificate to Subscribing Entity. 3.)Certificate Authority sends Certificate Transaction to
Repository. 4.)Subscribing Entity Signs and sends to Party Transacting with Subscriber. 5.)Party Transacting
with Subscriber queries Repository to verify Subscribers Public Key. 6.)Repository responds to Party
Transacting with Subscriber the verification request.”
Pg. 214 Krutz: The CISSP Prep Guide: Gold Edition.
“John needs to obtain a digital certificate for himself so that he can participate in a PKI, so he makes a request
to the RA. The RA requests certain identification from John, like a copy of his driver’s licens, his phone number,
address, and other identification information. Once the RA receives the required informoration from John and
verifies it, the RA sends his certificate request to the CA. The CA creates a certificate with John’s public key
and identify information embedded. (The private/public key pair is either generated by the CA or on John’s
machine, which depends on the systems’ configurations. If it is created at the CA, his private key needs to be
sent to him by secure means. In most cases the user generates this pair and sends in his public key during the
registration process.) Now John is registered and can participate in PKI. John decides he wants to
communicate with Diane, so he requests Diane’s public key from a public directory. The directory, sometimes
called a repository, sends Diane’s public key, and John uses this to encrypt a session key that will be used to
encrypt their messages. John sends the encrypted session key to Diane. Jon then sends his certificate,
containing his public key, to Diane. When Diane receives John’s certificate, her browser looks to see if it trusts
the CA that digitally signed this certificate. Diane’s browser trusts this CA, and she makes a reques to the CA to
see if this certificate is still valid. The CA responds that the certificate is valid, so Diane decrypts the session
key with her private key. Now they can both communicate using encryption.” Pg 499 Shon Harris: All-In-One
CISSP Certification Guide.
381
ISC CISSP Exam
QUESTION 809
In what type of attack does an attacker try, from several encrypted messages, to figure out the key using the
encryption process?
A. Known-plaintext attack
B. Ciphertext-only attack
C. Chosen-Ciphertext attack
D. Known Ciphertext attack
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Ciphertext-Only Attack
In this type of attack, the attacker has the ciphertext of several messages. Each of the messages has been
encrypted using the same encryption algorithm. The attacker’s goal is to discover the key that was used in the
encryption process. Once the attacker figures out the key, she can decrypt all other messages encrypted with
the same key. A ciphertext-only attack is the most common because it is very easy to get ciphertext by sniffing
someone’s traffic, but it is the hardest attack to actually be successful at because the attacker has so little
information about the encryption process.” Pg 531 Shon Harris CISSP All-In-One Exam Guide
QUESTION 810
When combined with unique session values, message authentication can protect against which of the
following?
A. Reverse engineering, frequency analysis, factoring attacks, and ciphertext-only attack.
B. Masquerading, frequency analysis, sequence manipulation, and ciphertext-only attack.
C. Reverse engineering, content modification, factoring attacks, and submission notification.
D. Masquerading, content modification, sequence manipulation, and submission notification.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: Unique session values: “IPSec: ….Each device will have one security association (SA) for each
session that it uses. The SA is critical to the IPSec architecture and is a record of the configuration the device
needs to support an IPSec connection. Pg 575 Shon Harris All-In-One CISSP Certification Exam Guide.
Message authentication and content modification: “Hashed Message Authentication Code
382
ISC CISSP Exam
(HMAC): An HMAC is a hashed alogrithim that uses a key to generate a Message Authentication Code (MAC).
A MAC is a type of check sum that is a function of the information in the message. The MAC is generated
before the message is sent, appended to the message, and then both are transmitted. At the receiving end, a
MAC is generated from the message alone using the same algorithm as used by the sender and this MAC is
compared to the MAC sent with the message. If they are not identical, the message was modified en route.
Hashing algorithms can be used to generate the MAC and hash algorithms using keys provide stronger
protection than ordinary MAC generation.
Frequency analysis: Message authentication and session values do not protect against Frequency Analysis so
A and B are eliminated.
“Simple substitution and transposition ciphers are vulnerable to attacks that perform frequency analysis. In
every language, there are words and patters that are used more often than others. For instance, in the English
language, the words “the.’ “and,” “that,” and “is” are very frequent patters of letters used in messages and
conversation. The beginning of messages usually starts “Hello” or “Dear” and ends with “Sincerely” or
“Goodbye.” These patterns help attackers figure out the transformation between plaintext to ciphertext, which
enables them to figure out the key that was used to perform the transformation. It is important for
cryptosystems to no reveal these patterns.” Pg. 507 Shon Harris All-In-One CISSP Certification Exam Guide
Ciphertext-Only Attack: Message authentication and session values do not protect against Ciphertext so A and
B are again eliminated.
“Ciphertext-Only Attack: In this type of an attack, an attacker has the ciphertext of several messages. Each of
the messages has been encrypted using the same encryption algorithm. The attacker’s goal is to discover the
plaintext of the messages by figuring out the key used in the encryption process. Once the attacker figures out
the key, she can now decrypt all other messages encrypted with the same key.” Pg 577 Shon Harris All-In-One
CISSP Certification Exam Guide.
Birthday attack: “….refer to an attack against the hash function known as the birthday attack.” Pg 162 Krutz:
The CISSP Prep Guide. MAC utilizes a hashing function and is therefore susceptible to birthday attack.
Masguerading Attacks: Session values (IPSec) does protect against session hijacking but not spoofing so C is
eliminated.
“Masguerading Attacks: ….we’ll look at two common masquerading attacks – IP Spoofing and session
hijacking.” Pg 275 Tittel: CISSP Study Guide.
Session hijacking: “If session hijacking is a concern on a network, the administrator can implement a protocol
that requires mutual authentication between users like IPSec. Because the attacker will not have the necessary
credentials to authenticate to a user, she cannot act as an imposter and hijack sessions.” Pg 834 Shon Harris
All-In-One CISSP Certification Exam Guide
383
ISC CISSP Exam
Reverse engineering: Message authentication protects against reverse engineering. Reverse engineering: “The
hash function is considered one-way because the original file cannot be created from the message digest.” Pg.
160 Krutz: The CISSP Prep Guide
Content modification: Message authentication protects against content modification.
Factoring attacks: Message authentication protects against factoring attacks.
QUESTION 811
The relative security of a commercial cryptographic system can be measured by the?
A. Rating value assigned by the government agencies that use the system.
B. Minimum number of cryptographic iterations required by the system.
C. Size of the key space and the available computational power.
D. Key change methodology used by the cryptographic system.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: The strength of the encryption method comes from the algorithm, secrecy of the key, length of the
key, initialization vectors, and how they all work together. – Shon Harris All-in- one CISSP Certification Guide pg
504
QUESTION 812
Which one of the following describes Kerchoff’s Assumption for cryptoanalytic attack?
A. Key is secret; algorithm is known
B. Key is known; algorithm is known
C. Key is secret; algorithm is secret
D. Key is known; algorithm is secret
384
ISC CISSP Exam
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: Kerhkoff’s laws were intended to formalize the real situation of ciphers in the field. Basically, the
more we use any particular cipher system, the more likely it is that it will “escape” into enemy hands. So we
start out assuming that our opponents know “all the details” of the cipher system, except the key. http://www.
ciphersbyritter.com/NEWS4/LIMCRYPT.HTM
QUESTION 813
Which of the following actions can make a cryptographic key more resistant to an exhaustive attack?
A. None of the choices.
B. Increase the length of a key.
C. Increase the age of a key.
D. Increase the history of a key.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Defenses against exhaustive attacks involve increasing the cost of the attack by increasing the number of
possibilities to be exhausted. For example, increasing the length of a password will increase the cost of an
exhaustive attack. Increasing the effective length of a cryptographic key variable will make it more resistant to
an exhaustive attack.
QUESTION 814
Which type of attack is based on the probability of two different messages using the same hash function
producing a common message digest?
A. Differential cryptanalysis
B. Differential linear cryptanalysis
C. Birthday attack
D. Statistical attack
385
ISC CISSP Exam
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: Attacks Against One-Way Hash Functions: A good hashing algorithm should not produce the
same hash value for two different messages. If the algorithm does produce the same value for two distinctly
different messages, this is referred to as a collision. If an attacker finds an instance of a collision, he has more
information to use when trying to break the cryptographic methods used. A complex way of attacking a one-way
hash function is called the birthday attack. Now hold on to your had while we go through this — it is a bit tricky.
In standard statistics, a birthday paradox exists. It goes something like this:
How many people must be in the same room for the chance to be greater than even that another person has
the same birthday as you?
Answer: 253
How many people must be in the same room for the chance to be greater than even that at least two people
share the same birthday?
Answer: 23
This seems a bit backwards, but the difference is that in the first instance, you are looking for someone with a
specific birthday date, which matches yours. In the second instance, you are looking for any two people who
share the same birthday. There is a higher probability of finding two people who share a birthday than you
finding another person sharing your birthday — thus, the birthday paradox.
This means that if an attacker has one hash value and wants to find a message that hashes to the same hash
value, this process could take him years. However, if he just wants to find any two messages with the same
hashing value, it could take him only a couple hours. …..The main point of this paradox and this section is to
show how important longer hashing values truly are. A hashing algorithm that has a larger bit output is stronger
and less vulnerable to brute force attacks like a birthday attack.
Pg 554-555 Shon Harris: All-In-One Certification Exam Guide
Topic 8, Telecommunications, Network, and Internet Security
386
ISC CISSP Exam
QUESTION 815
Frame-relay uses a public switched network to provide:
A. Local Area Network (LAN) connectivity
B. Metropolitan Area Network (MAN) connectivity
C. Wide Area Network (WAN) connectivity
D. World Area Network (WAN) connectivity
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 816
Which of the following technologies has been developed to support TCP/IP networking over low- speed serial
interfaces?
A. ISDN
B. SLIP
C. xDSL
D. T1
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
SLIP, Serial Line IP, is a currently a de facto standard, commonly used for point-to-point serial connections
running TCP/IP.
Reference: http://tools.ietf.org/html/rfc1055
QUESTION 817
Which of the following provide network redundancy in a local network environment?
A. Mirroring
B. Shadowing
C. Dual backbones
D. Duplexing
387
ISC CISSP Exam
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 818
Which of the following is a Wide Area Network that was originally funded by the Department of Defense, which
uses TCP/IP for data interchange?
A. the Internet
B. the Intranet
C. the Extranet
D. The Ethernet
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 819
Internet specifically refers to the global network of:
A. public networks and Internet Service Providers (ISPs) throughout the world
B. private networks and Internet Services Providers (ISPs) through the world
C. limited networks and Internet Service Providers (ISPs) throughout the world
D. point networks and Internet Service Providers (ISPs) throughout the world
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 820
To improve the integrity of asynchronous communications in the realm of personal computers, the Microcom
Networking Protocol (MNP) uses a highly effective communications error-control technique known as
388
ISC CISSP Exam
A. Cyclic redundancy check.
B. Vertical redundancy check.
C. Checksum.
D. Echoplex.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 821
Organizations should consider which of the following first before connecting their LANs to the Internet?
A. plan for implementing W/S locking mechanisms
B. plan for protecting the modem pool
C. plan for providing the user with his account usage information
D. plan for considering all authentication options
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 822
Which xDSL flavour delivers both downstream and upstream speeds of 1.544 Mbps over two copper twisted
pairs?
A. HDSL
B. SDSL
C. ADSL
D. VDSL
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
HDSL High-Data-Rate Digital Subscriber Line 1.544 Mbps each way over 2 copper twisted pair (http://www.
cisco.com/en/US/tech/tk175/tk318/tsd_technology_support_protocol_home.html)
QUESTION 823
389
ISC CISSP Exam
Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false?
A. It can be used for voice
B. It can be used for data
C. It carries various sizes of packets
D. It can be used for video
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Asynchronous transfer mode (ATM) is a cell-switching technology, as opposed to a packetswitching
technology like Frame Relay. ATM uses virtual circuits much like Frame Relay, but because it uses
fixed-size frames or cells, it can guarantee throughput. This makes ATM an excellent WAN technology for voice
and video conferencing.” Pg 87 Tittel: CISSP Study Guide
QUESTION 824
Satellite communications are easily intercepted because__
A. transmissions are continuous 24 hours per day.
B. a satellite footprint is narrowly focused.
C. a satellite footprint is very large.
D. a satellite footprint does not change.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: I think it may have to do with the footprint of the satellite. Footprint – The area of Earth with
sufficient antenna gain to receive a signal from a satellite. – http://www.aero.org/publications/crosslink/
winter2002/backpage.html
Not A: Granted Satellites transmit but they may not do it 24×7 as it could be only when traffic is sent.
QUESTION 825
Which one of the following protocols CANNOT be used for full duplex Wide Area Network (WAN)
communications?
390
ISC CISSP Exam
A. Synchronous Data Link Control (SDLC)
B. Serial Line Internet Protocol (SLIP)
C. Point-to-Point Protocol (PPP)
D. High-Level Data Link Control (HDLC)
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: By exclusion SLIP is the correct answer.
Note:
Serial Line Internet Protocol (SLIP) is an older technology developed to support TCP/IP communications over
asynchronous serial connections, such as serial cables or modem dial-up. Pg 96. Tittel: CISSP Study Guide.
SLIP is serial protocol opposed to WAN protocol.
Not SDLC: SDLC is full duplex.
“SDLC was developed to enable mainframes to communicate with remote locations.” Pg 456 Shon Harris
CISSP Certification Exam Guide. This is a WAN protocol.
Not C.
“PPP is a full-duplex protocol that provides bi-directional links over synchronous, asynchronous, ISDN, frame
relay and SONET connections.” Pg. 472 Shon Harris CISSP All-In-One Certification Exam Guide. PPP is fullduplex.
Not D.
“HDLC is an extension of SDLC, which is mainly used in SNA environments. HDLC provides high throughput
because it supports full-duplex transmissions and is used in point-to-point and multipoint connections.” Pg 456
Shon Harris CISSP All-In-One Certification Exam Guide. PPP is full-duplex.
QUESTION 826
Fast ethernet operates at which of the following?
A. 10 Mbps
B. 100 Mbps
C. 1000 Mbps
D. All of the above
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Fast Ethernet 100Mbps IEE 802.3u” pg 810 Shon Harris CISSP All-In-One Exam
391
ISC CISSP Exam
Guide
QUESTION 827
Which of the following statements about the “Intranet” is NOT true?
A. It is an add-on to a local area network.
B. It is unrestricted and publicly available.
C. It is usually restricted to a community of users
D. it can work with MANS or WANS
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
“An intranet is a ‘private’ network that uses Internet technologies, such as TCP/IP. The company has Web
servers and client machines using Web browsers, and it uses the TCP/IP protocol suite. The Web pages are
written in Hypertext Markup Language (HTML) or Extensible Markup Language (XML) and are accessed via
HTTP.” Pg 395 Shon Harris: All-In-One CISSP Certification Guide.
QUESTION 828
Frame relay and X.25 networks are part of which of the following?
A. Circuit-switched services
B. Cell-switched services
C. Packet-switched services
D. Dedicated digital services
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: Packet-Switched Technologies:
X.25
Link Access Procedure-Balanced (LAPB)
Frame Relay
Switched Multimegabit Data Service (SMDS)
Asynchronous Transfer Mode (ATM)
392
ISC CISSP Exam
Voice over IP (VoIP)
QUESTION 829
A Wide Area Network (WAN) may be privately operated for a specific user community, may support multiple
communication protocols, or may provide network connectivity and services via:
A. interconnected network segments (extranets, intranets, and Virtual Private Networks)
B. interconnected network segments (extranets, internets, and Virtual Private Networks)
C. interconnected netBIOS segments (extranets, intranets, and Virtual Private Networks)
D. interconnected NetBIOS segments (extranets, interest, and Virtual Private Networks)
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 830
What is the proper term to refer to a single unit of Ethernet data?
A. Ethernet segment
B. Ethernet datagram
C. Ethernet frame
D. Ethernet packet
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: When the Ethernet software receives a datagram from the Internet layer, it performs the following
steps: 1.) Breaks IP layer data into smaller chunks if necessary which will be in the data field of ethernet
frames. Pg. 40 Sams Teach Yourself TCP/IP in 24 hrs.
QUESTION 831
Which of the following is a LAN transmission protocol?
393
ISC CISSP Exam
A. Ethernet
B. Ring Topology
C. Unicast
D. Polling
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: “LAN Transmission Methods. LAN data is transmitted from the sender to one or more receiving
stations using either a unicast, multicast, or broadcast transmission.” pg 528 Hansche:
Official (ISC)2 Guide to the CISSP Exam
QUESTION 832
Which of the following access methods is used by Ethernet?
A. CSMA/CD
B. CSU/DSU
C. TCP/IP
D. FIFO
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Under the Ethernet CSMA/CD media-access process, any computer on a CSMA/CD LAN can
access the network at any time.” Pg. 103 Krutz: The CISSP Prep Guide.
QUESTION 833
Which one of the following data transmission technologies is NOT packet-switch based?
A. X.25
B. ATM (Asynchronous Transfer Mode)
C. CSMA/CD (Carr