Last Updated on March 10, 2022 by Admin 3

SSCP : System Security Certified Practitioner (SSCP) : Part 04

  1. The Clipper Chip utilizes which concept in public key cryptography?

    • Substitution
    • Key Escrow
    • An undefined algorithm
    • Super strong encryption

    Explanation:

    The Clipper chip is a chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission. It was announced in 1993 and by 1996 was entirely defunct.

    The heart of the concept was key escrow. In the factory, any new telephone or other device with a Clipper chip would be given a “cryptographic key”, that would then be provided to the government in “escrow”. If government agencies “established their authority” to listen to a communication, then the password would be given to those government agencies, who could then decrypt all data transmitted by that particular telephone.

    The CISSP Prep Guide states, “The idea is to divide the key into two parts, and to escrow two portions of the key with two separate ‘trusted’ organizations. Then, law enforcement officals, after obtaining a court order, can retreive the two pieces of the key from the organizations and decrypt the message.”

    References:
    http://en.wikipedia.org/wiki/Clipper_Chip
    and
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, page 166.

  2. What is the length of an MD5 message digest?

    • 128 bits
    • 160 bits
    • 256 bits
    • varies depending upon the message size.
    Explanation:

    A hash algorithm (alternatively, hash “function”) takes binary data, called the message, and produces a condensed representation, called the message digest. A cryptographic hash algorithm is a hash algorithm that is designed to achieve certain security properties. The Federal Information Processing Standard 180-3, Secure Hash Standard, specifies five cryptographic hash algorithms – SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 for federal use in the US; the standard was also widely adopted by the information technology industry and commercial companies.

    The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity. MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. An MD5 hash is typically expressed as a 32-digit hexadecimal number.

    However, it has since been shown that MD5 is not collision resistant; as such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property. In 1996, a flaw was found with the design of MD5, and while it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 – which has since been found also to be vulnerable. In 2004, more serious flaws were discovered in MD5, making further use of the algorithm for security purposes questionable – specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum. Further advances were made in breaking MD5 in 2005, 2006, and 2007. In December 2008, a group of researchers used this technique to fake SSL certificate validity, and US-CERT now says that MD5 “should be considered cryptographically broken and unsuitable for further use.” and most U.S. government applications now require the SHA-2 family of hash functions.

    NIST CRYPTOGRAPHIC HASH PROJECT
    NIST announced a public competition in a Federal Register Notice on November 2, 2007 to develop a new cryptographic hash algorithm, called SHA-3, for standardization. The competition was NIST’s response to advances made in the cryptanalysis of hash algorithms.

    NIST received sixty-four entries from cryptographers around the world by October 31, 2008, and selected fifty-one first-round candidates in December 2008, fourteen second-round candidates in July 2009, and five finalists – BLAKE, Grøstl, JH, Keccak and Skein, in December 2010 to advance to the third and final round of the competition.

    Throughout the competition, the cryptographic community has provided an enormous amount of feedback. Most of the comments were sent to NIST and a public hash forum; in addition, many of the cryptanalysis and performance studies were published as papers in major cryptographic conferences or leading cryptographic journals. NIST also hosted a SHA-3 candidate conference in each round to obtain public feedback. Based on the public comments and internal review of the candidates, NIST announced Keccak as the winner of the SHA-3 Cryptographic Hash Algorithm Competition on October 2, 2012, and ended the five-year competition.

    Reference:
    Tipton, Harold, et. al., Officical (ISC)2 Guide to the CISSP CBK, 2007 edition, page 261.
    and
    https://secure.wikimedia.org/wikipedia/en/wiki/Md5
    and
    http://csrc.nist.gov/groups/ST/hash/sha-3/index.html

  3. The Secure Hash Algorithm (SHA-1) creates:

    • a fixed length message digest from a fixed length input message
    • a variable length message digest from a variable length input message
    • a fixed length message digest from a variable length input message
    • a variable length message digest from a fixed length input message
    Explanation:

    According to The CISSP Prep Guide, “The Secure Hash Algorithm (SHA-1) computes a fixed length message digest from a variable length input message.”
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, page 160.

    also see:
    http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf

  4. In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?

    • Pre Initialization Phase
    • Phase 1
    • Phase 2
    • No peer authentication is performed
    Explanation:

    The Internet Key Exchange (IKE) protocol is a key management protocol standard that is used in conjunction with the IPSec standard. IKE enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec standard. IPSec can however, be configured without IKE by manually configuring the gateways communicating with each other for example.
    A security association (SA) is a relationship between two or more entities that describes how the entities will use security services to communicate securely.

    In phase 1 of this process, IKE creates an authenticated, secure channel between the two IKE peers, called the IKE security association. The Diffie-Hellman key agreement is always performed in this phase.

    In phase 2 IKE negotiates the IPSec security associations and generates the required key material for IPSec. The sender offers one or more transform sets that are used to specify an allowed combination of transforms with their respective settings.

    Benefits provided by IKE include:
    Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at both peers.

    Allows you to specify a lifetime for the IPSec security association.
    Allows encryption keys to change during IPSec sessions.
    Allows IPSec to provide anti-replay services.
    Permits Certification Authority (CA) support for a manageable, scalable IPSec implementation.
    Allows dynamic authentication of peers.

    References:
    RFC 2409: The Internet Key Exchange (IKE);

    DORASWAMY, Naganand & HARKINS, Dan, Ipsec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, 1999, Prentice Hall PTR;
    SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
    Reference: http://www.ciscopress.com/articles/article.asp?p=25474

  5. What is NOT an authentication method within IKE and IPsec?

    • CHAP
    • Pre shared key
    • certificate based authentication
    • Public key authentication
    Explanation:

    CHAP is not used within IPSEC or IKE. CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link (LCP), and may happen again at any time afterwards. The verification is based on a shared secret (such as the client user’s password).

    After the completion of the link establishment phase, the authenticator sends a “challenge” message to the peer.
    The peer responds with a value calculated using a one-way hash function on the challenge and the secret combined.
    The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection.
    At random intervals the authenticator sends a new challenge to the peer and repeats steps 1 through 3.

    The following were incorrect answers:

    Pre Shared Keys
    In cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function should be used. Such systems almost always use symmetric key cryptographic algorithms. The term PSK is used in WiFi encryption such as WEP or WPA, where both the wireless access points (AP) and all clients share the same key.

    The characteristics of this secret or key are determined by the system which uses it; some system designs require that such keys be in a particular format. It can be a password like ‘bret13i’, a passphrase like ‘Idaho hung gear id gene’, or a hexadecimal string like ’65E4 E556 8622 EEE1′. The secret is used by all systems involved in the cryptographic processes used to secure the traffic between the systems.
    Certificat Based Authentication

    The most common form of trusted authentication between parties in the wide world of Web commerce is the exchange of certificates. A certificate is a digital document that at a minimum includes a Distinguished Name (DN) and an associated public key.

    The certificate is digitally signed by a trusted third party known as the Certificate Authority (CA). The CA vouches for the authenticity of the certificate holder. Each principal in the transaction presents certificate as its credentials. The recipient then validates the certificate’s signature against its cache of known and trusted CA certificates. A “personal
    certificate” identifies an end user in a transaction; a “server certificate” identifies the service provider.

    Generally, certificate formats follow the X.509 Version 3 standard. X.509 is part of the Open Systems Interconnect
    (OSI) X.500 specification.

    Public Key Authentication
    Public key authentication is an alternative means of identifying yourself to a login server, instead of typing a password. It is more secure and more flexible, but more difficult to set up.

    In conventional password authentication, you prove you are who you claim to be by proving that you know the correct password. The only way to prove you know the password is to tell the server what you think the password is. This means that if the server has been hacked, or spoofed an attacker can learn your password.

    Public key authentication solves this problem. You generate a key pair, consisting of a public key (which everybody is allowed to know) and a private key (which you keep secret and do not give to anybody). The private key is able to generate signatures. A signature created using your private key cannot be forged by anybody who does not have a copy of that private key; but anybody who has your public key can verify that a particular signature is genuine.

    So you generate a key pair on your own computer, and you copy the public key to the server. Then, when the server asks you to prove who you are, you can generate a signature using your private key. The server can verify that signature (since it has your public key) and allow you to log in. Now if the server is hacked or spoofed, the attacker does not gain your private key or password; they only gain one signature. And signatures cannot be re-used, so they have gained nothing.

    There is a problem with this: if your private key is stored unprotected on your own computer, then anybody who gains access to your computer will be able to generate signatures as if they were you. So they will be able to log in to your server under your account. For this reason, your private key is usually encrypted when it is stored on your local machine, using a passphrase of your choice. In order to generate a signature, you must decrypt the key, so you have to type your passphrase.

    References:
    RFC 2409: The Internet Key Exchange (IKE); DORASWAMY, Naganand & HARKINS, Dan

    Ipsec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, 1999, Prentice Hall PTR; SMITH, Richard E.
    Internet Cryptography, 1997, Addison-Wesley Pub Co.; HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne, page 467.

    http://en.wikipedia.org/wiki/Pre-shared_key
    http://www.home.umk.pl/~mgw/LDAP/RS.C4.JUN.97.pdf
    http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html#S8.1

  6. Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?

    • S/MIME and SSH
    • TLS and SSL
    • IPsec and L2TP
    • PKCS#10 and X.509
    Explanation:
    Reference: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne, page 467; SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
  7. What is the role of IKE within the IPsec protocol?

    • peer authentication and key exchange
    • data encryption
    • data signature
    • enforcing quality of service
    Explanation:
    Reference: RFC 2409: The Internet Key Exchange (IKE); DORASWAMY, Naganand & HARKINS, Dan, Ipsec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, 1999, Prentice Hall PTR; SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
  8. Which of the following statements pertaining to Secure Sockets Layer (SSL) is false?

    • The SSL protocol was developed by Netscape to secure Internet client-server transactions.
    • The SSL protocol’s primary use is to authenticate the client to the server using public key cryptography and digital certificates.
    • Web pages using the SSL protocol start with HTTPS
    • SSL can be used with applications such as Telnet, FTP and email protocols.
    Explanation:

    All of these statements pertaining to SSL are true except that it is primary use is to authenticate the client to the server using public key cryptography and digital certificates. It is the opposite, Its primary use is to authenticate the server to the client.

    The following reference(s) were used for this question:
    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 170).

  9. What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)?

    • Internet Key Exchange (IKE)
    • Secure Key Exchange Mechanism
    • Oakley
    • Internet Security Association and Key Management Protocol
    Explanation:

    The Key management for IPSec is called the Internet Key Exchange (IKE)

    Note: IKE underwent a series of improvements establishing IKEv2 with RFC 4306. The basis of this answer is IKEv2.

    The IKE protocol is a hybrid of three other protocols: ISAKMP (Internet Security Association and Key Management Protocol), Oakley and SKEME. ISAKMP provides a framework for authentication and key exchange, but does not define them (neither authentication nor key exchange). The Oakley protocol describes a series of modes for key exchange and the SKEME protocol defines key exchange techniques.

    IKE—Internet Key Exchange. A hybrid protocol that implements Oakley and Skeme key exchanges inside the ISAKMP framework. IKE can be used with other protocols, but its initial implementation is with the IPSec protocol. IKE provides authentication of the IPSec peers, negotiates IPSec keys, and negotiates IPSec security associations.
    IKE is implemented in accordance with RFC 2409, The Internet Key Exchange.

    The Internet Key Exchange (IKE) security protocol is a key management protocol standard that is used in conjunction with the IPSec standard. IPSec can be configured without IKE, but IKE enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec standard.
    IKE is a hybrid protocol that implements the Oakley key exchange and the SKEME key exchange inside the Internet Security Association and Key Management Protocol (ISAKMP) framework. (ISAKMP, Oakley, and SKEME are security protocols implemented by IKE.)

    IKE automatically negotiates IPSec security associations (SAs) and enables IPSec secure communications without costly manual preconfiguration. Specifically, IKE provides these benefits:

    •Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at both peers.
    •Allows you to specify a lifetime for the IPSec security association.
    •Allows encryption keys to change during IPSec sessions.
    •Allows IPSec to provide anti-replay services.
    •Permits certification authority (CA) support for a manageable, scalable IPSec implementation.
    •Allows dynamic authentication of peers.

    About ISAKMP
    The Internet Security Association and Key Management Protocol (ISAKMP) is a framework that defines the phases for establishing a secure relationship and support for negotiation of security attributes, it does not establish sessions keys by itself, it is used along with the Oakley session key establishment protocol. The Secure Key Exchange Mechanism (SKEME) describes a secure exchange mechanism and Oakley defines the modes of operation needed to establish a secure connection.

    ISAKMP provides a framework for Internet key management and provides the specific protocol support for negotiation of security attributes. Alone, it does not establish session keys. However it can be used with various session key establishment protocols, such as Oakley, to provide a complete solution to Internet key management.
    About Oakley
    The Oakley protocol uses a hybrid Diffie-Hellman technique to establish session keys on Internet hosts and routers. Oakley provides the important security property of Perfect Forward Secrecy (PFS) and is based on cryptographic techniques that have survived substantial public scrutiny. Oakley can be used by itself, if no attribute negotiation is needed, or Oakley can be used in conjunction with ISAKMP. When ISAKMP is used with Oakley, key escrow is not feasible.

    The ISAKMP and Oakley protocols have been combined into a hybrid protocol. The resolution of ISAKMP with Oakley uses the framework of ISAKMP to support a subset of Oakley key exchange modes. This new key exchange protocol provides optional PFS, full security association attribute negotiation, and authentication methods that provide both repudiation and non-repudiation. Implementations of this protocol can be used to establish VPNs and also allow for users from remote sites (who may have a dynamically allocated IP address) access to a secure network.

    About IPSec
    The IETF’s IPSec Working Group develops standards for IP-layer security mechanisms for both IPv4 and IPv6. The group also is developing generic key management protocols for use on the Internet. For more information, refer to the IP Security and Encryption Overview.

    IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides security for transmission of sensitive information over unprotected networks such as the Internet. It acts at the network level and implements the following standards:

    IPSec
    Internet Key Exchange (IKE)
    Data Encryption Standard (DES)
    MD5 (HMAC variant)
    SHA (HMAC variant)
    Authentication Header (AH)
    Encapsulating Security Payload (ESP)

    IPSec services provide a robust security solution that is standards-based. IPSec also provides data authentication and anti-replay services in addition to data confidentiality services.

    For more information regarding IPSec, refer to the chapter “Configuring IPSec Network Security.”

    About SKEME
    SKEME constitutes a compact protocol that supports a variety of realistic scenarios and security models over Internet. It provides clear tradeoffs between security and performance as required by the different scenarios without incurring in unnecessary system complexity. The protocol supports key exchange based on public key, key distribution centers, or manual installation, and provides for fast and secure key refreshment. In addition, SKEME selectively provides perfect forward secrecy, allows for replaceability and negotiation of the underlying cryptographic primitives, and addresses privacy issues as anonymity and repudiatability

    SKEME’s basic mode is based on the use of public keys and a Diffie-Hellman shared secret generation.

    However, SKEME is not restricted to the use of public keys, but also allows the use of a pre-shared key. This key can be obtained by manual distribution or by the intermediary of a key distribution center (KDC) such as Kerberos.

    In short, SKEME contains four distinct modes:

    Basic mode, which provides a key exchange based on public keys and ensures PFS thanks to Diffie-Hellman.
    A key exchange based on the use of public keys, but without Diffie-Hellman.
    A key exchange based on the use of a pre-shared key and on Diffie-Hellman.
    A mechanism of fast rekeying based only on symmetrical algorithms.

    In addition, SKEME is composed of three phases: SHARE, EXCH and AUTH.

    During the SHARE phase, the peers exchange half-keys, encrypted with their respective public keys. These two half-keys are used to compute a secret key K. If anonymity is wanted, the identities of the two peers are also encrypted. If a shared secret already exists, this phase is skipped.
    The exchange phase (EXCH) is used, depending on the selected mode, to exchange either Diffie-Hellman public values or nonces. The Diffie-Hellman shared secret will only be computed after the end of the exchanges.
    The public values or nonces are authenticated during the authentication phase (AUTH), using the secret key established during the SHARE phase.

    The messages from these three phases do not necessarily follow the order described above; in actual practice they are combined to minimize the number of exchanged messages.
    References used for this question:

    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 172).

    http://tools.ietf.org/html/rfc4306
    http://tools.ietf.org/html/rfc4301
    http://en.wikipedia.org/wiki/Internet_Key_Exchange

    CISCO ISAKMP and OAKLEY information
    CISCO Configuring Internet Key Exchange Protocol
    http://www.hsc.fr/ressources/articles/ipsec-tech/index.html.en

  10. Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?

    • Timestamping
    • Repository
    • Certificate revocation
    • Internet Key Exchange (IKE)
    Explanation:
    Other elements are included in a PKI.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 165).
  11. Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission?

    • Secure Electronic Transaction (SET)
    • Message Authentication Code (MAC)
    • Cyclic Redundancy Check (CRC)
    • Secure Hash Standard (SHS)
    Explanation:

    In order to protect against fraud in electronic fund transfers (EFT), the Message Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value, which is derived from the contents of the message itself, that is sensitive to the bit changes in a message. It is similar to a Cyclic Redundancy Check (CRC).

    The aim of message authentication in computer and communication systems is to verify that he message comes from its claimed originator and that it has not been altered in transmission. It is particularly needed for EFT Electronic Funds Transfer). The protection mechanism is generation of a Message Authentication Code (MAC), attached to the message, which can be recalculated by the receiver and will reveal any alteration in transit. One standard method is described in (ANSI, X9.9). Message authentication mechanisms an also be used to achieve non-repudiation of messages.

    The Secure Electronic Transaction (SET) was developed by a consortium including MasterCard and VISA as a means of preventing fraud from occurring during electronic payment.

    The Secure Hash Standard (SHS), NIST FIPS 180, available at http://www.itl.nist.gov/fipspubs/fip180-1.htm, specifies the Secure Hash Algorithm (SHA-1).

    Source:
    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 170)

    also see:
    http://luizfirmino.blogspot.com/2011/04/message-authentication-code-mac.html
    and
    http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.22.2312&rep=rep1&type=pdf

  12. What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire?

    • Certificate revocation list
    • Certificate revocation tree
    • Authority revocation list
    • Untrusted certificate list
    Explanation:

    The Internet Security Glossary (RFC2828) defines the Authority Revocation List (ARL) as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire.

    Do not to confuse with an ARL with a Certificate Revocation List (CRL). A certificate revocation list is a mechanism for distributing notices of certificate revocations. The question specifically mentions “issued to CAs” which makes ARL a better answer than CRL.
    http://rfclibrary.hosting.com/rfc/rfc2828/rfc2828-29.asp
    $ certificate revocation list (CRL)
    (I) A data structure that enumerates digital certificates that have been invalidated by their issuer prior to when they were
    scheduled to expire. (See: certificate expiration, X.509 certificate revocation list.)

    http://rfclibrary.hosting.com/rfc/rfc2828/rfc2828-17.asp
    $ authority revocation list (ARL)
    (I) A data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire. (See: certificate expiration, X.509 authority revocation list.)

    In a few words: We use CRL’s for end-user cert revocation and ARL’s for CA cert revocation – both can be placed in distribution points.

  13. What is the name of the third party authority that vouches for the binding between the data items in a digital certificate?

    • Registration authority
    • Certification authority
    • Issuing authority
    • Vouching authority
    Explanation:
    A certification authority (CA) is a third party entity that issues digital certificates (especially X.509 certificates) and vouches for the binding between the data items in a certificate. An issuing authority could be considered a correct answer, but not the best answer, since it is too generic.
    Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
  14. Which of the following binds a subject name to a public key value?

    • A public-key certificate
    • A public key infrastructure
    • A secret key infrastructure
    • A private key certificate
    Explanation:

    Remember the term Public-Key Certificate is synonymous with Digital Certificate or Identity certificate.

    The certificate itself provides the binding but it is the certificate authority who will go through the Certificate Practice Statements (CPS) actually validating the bindings and vouch for the identity of the owner of the key within the certificate.

    As explained in Wikipedia:
    In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.

    In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme such as PGP or GPG, the signature is of either the user (a self-signed certificate) or other users (“endorsements”) by getting people to sign each other keys. In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.
    RFC 2828 defines the certification authority (CA) as:

    An entity that issues digital certificates (especially X.509 certificates) and vouches for the binding between the data items in a certificate.

    An authority trusted by one or more users to create and assign certificates. Optionally, the certification authority may create the user’s keys.

    X509 Certificate users depend on the validity of information provided by a certificate. Thus, a CA should be someone that certificate users trust, and usually holds an official position created and granted power by a government, a corporation, or some other organization. A CA is responsible for managing the life cycle of certificates and, depending on the type of certificate and the CPS that applies, may be responsible for the life cycle of key pairs associated with the certificates

    Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
    and
    http://en.wikipedia.org/wiki/Public_key_certificate

  15. What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?

    • A public-key certificate
    • An attribute certificate
    • A digital certificate
    • A descriptive certificate
    Explanation:
    The Internet Security Glossary (RFC2828) defines an attribute certificate as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate. A public-key certificate binds a subject name to a public key value, along with information needed to perform certain cryptographic functions. Other attributes of a subject, such as a security clearance, may be certified in a separate kind of digital certificate, called an attribute certificate. A subject may have multiple attribute certificates associated with its name or with each of its public-key certificates.
    Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
  16. Which of the following statements pertaining to link encryption is false?

    • It encrypts all the data along a specific communication path.
    • It provides protection against packet sniffers and eavesdroppers.
    • Information stays encrypted from one end of its journey to the other.
    • User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
    Explanation:

    When using link encryption, packets have to be decrypted at each hop and encrypted again.

    Information staying encrypted from one end of its journey to the other is a characteristic of end-to-end encryption, not link encryption.
    Link Encryption vs. End-to-End Encryption

    Link encryption encrypts the entire packet, including headers and trailers, and has to be decrypted at each hop.

    End-to-end encryption does not encrypt the IP Protocol headers, and therefore does not need to be decrypted at each hop.

    Reference: All in one, Page 735 & Glossary
    and
    Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 6).

  17. Cryptography does not concern itself with which of the following choices?

    • Availability
    • Integrity
    • Confidentiality
    • Validation
    Explanation:

    The cryptography domain addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity. Unlike the other domains, cryptography does not completely support the standard of availability.

    Availability
    Cryptography supports all three of the core principles of information security. Many access control systems use cryptography to limit access to systems through the use of passwords. Many token-based authentication systems use cryptographic-based hash algorithms to compute one-time passwords. Denying unauthorized access prevents an attacker from entering and damaging the system or network, thereby denying access to authorized users if they damage or currupt the data.

    Confidentiality
    Cryptography provides confidentiality through altering or hiding a message so that ideally it cannot be understood by anyone except the intended recipient.

    Integrity
    Cryptographic tools provide integrity checks that allow a recipient to verify that a message has not been altered. Cryptographic tools cannot prevent a message from being altered, but they are effective to detect either intentional or accidental modification of the message.
    Additional Features of Cryptographic Systems In addition to the three core principles of information security listed above, cryptographic tools provide several more benefits.

    Nonrepudiation
    In a trusted environment, the authentication of the origin can be provided through the simple control of the keys. The receiver has a level of assurance that the message was encrypted by the sender, and the sender has trust that the message was not altered once it was received. However, in a more stringent, less trustworthy environment, it may be necessary to provide assurance via a third party of who sent a message and that the message was indeed delivered to the right recipient. This is accomplished through the use of digital signatures and public key encryption. The use of these tools provides a level of nonrepudiation of origin that can be verified by a third party.

    Once a message has been received, what is to prevent the recipient from changing the message and contesting that the altered message was the one sent by the sender? The nonrepudiation of delivery prevents a recipient from changing the message and falsely claiming that the message is in its original state. This is also accomplished through the use of public key cryptography and digital signatures and is verifiable by a trusted third party.

    Authentication
    Authentication is the ability to determine if someone or something is what it declares to be. This is primarily done through the control of the keys, because only those with access to the key are able to encrypt a message. This is not as strong as the nonrepudiation of origin, which will be reviewed shortly Cryptographic functions use several methods to ensure that a message has not been changed or altered. These include hash functions, digital signatures, and message authentication codes (MACs). The main concept is that the recipient is able to detect any change that has been made to a message, whether accidentally or intentionally.

    Access Control
    Through the use of cryptographic tools, many forms of access control are supported—from log-ins via passwords and passphrases to the prevention of access to confidential files or messages. In all cases, access would only be possible for those individuals that had access to the correct cryptographic keys.

    NOTE FROM CLEMENT:
    As you have seen this question was very recently updated with the latest content of the Official ISC2 Guide (OIG) to the CISSP CBK, Version 3.

    Myself, I agree with most of you that cryptography does not help on the availability side and it is even the contrary sometimes if you loose the key for example. In such case you would loose access to the data and negatively impact availability. But the ISC2 is not about what I think or what you think, they have their own view of the world where they claim and state clearly that cryptography does address availability even thou it does not fully address it.

    They look at crypto as the ever emcompassing tool it has become today. Where it can be use for authentication purpose for example where it would help to avoid corruption of the data through illegal access by an unauthorized user.

    The question is worded this way in purpose, it is VERY specific to the CISSP exam context where ISC2 preaches that cryptography address availability even thou they state it does not fully address it. This is something new in the last edition of their book and something you must be aware of.

    Best regards
    Clement

    The following terms are from the Software Development Security domain:

    Validation: The assurance that a product, service, or system meets the needs of the customer and other identified stakeholders. It often involves acceptance and suitability with external customers. Contrast with verification below.”

    Verification: The evaluation of whether or not a product, service, or system complies with a regulation, requirement, specification, or imposed condition. It is often an internal process. Contrast with validation.”

    The terms above are from the Software Development Security Domain.

    Reference(s) used for this question:
    Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Cryptography (Kindle Locations 227-244). . Kindle Edition.
    and
    Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Cryptography (Kindle Locations 206-227). . Kindle Edition.
    and
    http://en.wikipedia.org/wiki/Verification_and_validation

  18. Which of the following is not a one-way hashing algorithm?

    • MD2
    • RC4
    • SHA-1
    • HAVAL
    Explanation:

    RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed “Rivest Cipher 4”, the RC acronym is alternatively understood to stand for “Ron’s Code” (see also RC2, RC5 and RC6).

    RC4 was initially a trade secret, but in September 1994 a description of it was anonymously posted to the Cypherpunks mailing list. It was soon posted on the sci.crypt newsgroup, and from there to many sites on the Internet. The leaked code was confirmed to be genuine as its output was found to match that of proprietary software using licensed RC4. Because the algorithm is known, it is no longer a trade secret. The name RC4 is trademarked, so RC4 is often referred to as ARCFOUR or ARC4 (meaning alleged RC4) to avoid trademark problems. RSA Security has never officially released the algorithm; Rivest has, however, linked to the English Wikipedia article on RC4 in his own course notes. RC4 has become part of some commonly used encryption protocols and standards, including WEP and WPA for wireless cards and TLS.

    The main factors in RC4’s success over such a wide range of applications are its speed and simplicity: efficient implementations in both software and hardware are very easy to develop.

    The following answer were not correct choices:
    SHA-1 is a one-way hashing algorithms. SHA-1 is a cryptographic hash function designed by the United States National Security Agency and published by the United States NIST as a U.S. Federal Information Processing Standard. SHA stands for “secure hash algorithm”.

    The three SHA algorithms are structured differently and are distinguished as SHA-0, SHA-1, and SHA-2. SHA-1 is very similar to SHA-0, but corrects an error in the original SHA hash specification that led to significant weaknesses. The SHA-0 algorithm was not adopted by many applications. SHA-2 on the other hand significantly differs from the SHA-1 hash function.

    SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several widely used security applications and protocols. In 2005, security flaws were identified in SHA-1, namely that a mathematical weakness might exist, indicating that a stronger hash function would be desirable. Although no successful attacks have yet been reported on the SHA-2 variants, they are algorithmically similar to SHA-1 and so efforts are underway to develop improved alternatives. A new hash standard, SHA-3, is currently under development — an ongoing NIST hash function competition is scheduled to end with the selection of a winning function in 2012.

    SHA-1 produces a 160-bit message digest based on principles similar to those used by Ronald L. Rivest of MIT in the design of the MD4 and MD5 message digest algorithms, but has a more conservative design.

    MD2 is a one-way hashing algorithms. The MD2 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1989. The algorithm is optimized for 8-bit computers. MD2 is specified in RFC 1319. Although MD2 is no longer considered secure, even as of 2010 it remains in use in public key infrastructures as part of certificates generated with MD2 and RSA.

    Haval is a one-way hashing algorithms. HAVAL is a cryptographic hash function. Unlike MD5, but like most modern cryptographic hash functions, HAVAL can produce hashes of different lengths. HAVAL can produce hashes in lengths of 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits. HAVAL also allows users to specify the number of rounds (3, 4, or 5) to be used to generate the hash.

    The following reference(s) were used for this question:

    SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
    and
    https://en.wikipedia.org/wiki/HAVAL
    and
    https://en.wikipedia.org/wiki/MD2_%28cryptography%29
    and
    https://en.wikipedia.org/wiki/SHA-1

  19. Which of the following statements pertaining to key management is incorrect?

    • The more a key is used, the shorter its lifetime should be.
    • When not using the full keyspace, the key should be extremely random.
    • Keys should be backed up or escrowed in case of emergencies.
    • A key’s lifetime should correspond with the sensitivity of the data it is protecting.
    Explanation:
    A key should always be using the full spectrum of the keyspace and be extremely random. Other statements are correct.
    Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 6). 
  20. Which of the following statements pertaining to message digests is incorrect?

    • The original file cannot be created from the message digest.
    • Two different files should not have the same message digest.
    • The message digest should be calculated using at least 128 bytes of the file.
    • Messages digests are usually of fixed size.
    Explanation:
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 160).