CISSP Security Engineering Certification Practical Exam Set 8

What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)?


Options are :

  • The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate and a Certificate Revocation List (CRL) is used by Certificate Authorities.
  • The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates. (Correct)
  • The OCSP (Online Certificate Status Protocol) is a proprietary certificate mechanism developed by Microsoft and a Certificate Revocation List (CRL) is an open standard.
  • The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate Revocation List (CRL) is used by Certificate Authorities

Answer : The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.

CISSP Security Engineering Certification Practical Exam Set 9

What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity?


Options are :

  • A cryptographic hash
  • A digital envelope
  • A digital signature (Correct)
  • A Message Authentication Code

Answer : A digital signature

Which of the following encryption algorithms does NOT deal with discrete logarithms?


Options are :

  • RSA (Correct)
  • Diffie-Hellman
  • Elliptic Curve
  • El Gamal

Answer : RSA

Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys, passwords or certificates in a component located on the motherboard of a computer?


Options are :

  • Smart Card
  • Enigma Machine
  • TPM - Trusted Platform Module (Correct)
  • TPM - Trusted Procedure Module

Answer : TPM - Trusted Platform Module

CISSP Security Engineering Certification Practical Exam Set 4

Which of the following is not a one-way hashing algorithm?


Options are :

  • RC4 (Correct)
  • MD2
  • HAVAL
  • SHA-1

Answer : RC4

Which of the following statements pertaining to message digests is NOT true?


Options are :

  • Two different files should not have the same message digest.
  • The original file cannot be created from the message digest.
  • Message digests are usually of fixed size.
  • The message digest should be calculated using at least 128 bytes of the file. (Correct)

Answer : The message digest should be calculated using at least 128 bytes of the file.

Which of the following would best define a digital envelope?


Options are :

  • A message that is encrypted and signed with a digital certificate.
  • A message that is encrypted with the recipient's public key and signed with the sender's private key.
  • A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver. (Correct)
  • A message that is signed with a secret key and encrypted with the sender's private key.

Answer : A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.

CISSP Security Engineering Certification Practice Exam Set 1

Which of the following would best describe certificate path validation?


Options are :

  • Verification of the revocation status of the concerned certificate
  • Verification of the integrity of the concerned private key
  • Verification of the validity of all certificates of the certificate chain to the root certificate (Correct)
  • Verification of the integrity of the associated root certificate

Answer : Verification of the validity of all certificates of the certificate chain to the root certificate

Which of the following is not a DES mode of operation?


Options are :

  • Input feedback (Correct)
  • Cipher feedback
  • Electronic code book
  • Cipher block chaining

Answer : Input feedback

What enables users to validate each other's certificate when they are certified under different certification hierarchies?


Options are :

  • Root certification authorities
  • Multiple certificates
  • Redundant certification authorities
  • Cross-certification (Correct)

Answer : Cross-certification

CISSP Security Engineering Certification Practice Exam Set 10

Which of the following is NOT an encryption algorithm?


Options are :

  • DEA
  • SHA-1 (Correct)
  • Skipjack
  • Twofish

Answer : SHA-1

What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire?


Options are :

  • Certificate revocation list
  • Certificate revocation tree
  • Untrusted certificate list
  • Authority revocation list (Correct)

Answer : Authority revocation list

How many rounds are used by DES?


Options are :

  • 48
  • 16 (Correct)
  • 64
  • 32

Answer : 16

CISSP Security Engineering Certification Practice Exam Set 4

Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?


Options are :

  • Differential linear cryptanalysis
  • Statistical attack
  • Birthday attack (Correct)
  • Differential cryptanalysis

Answer : Birthday attack

The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?


Options are :

  • Illuminated at nine feet high with at least two foot-candles
  • Illuminated at nine feet high with at least three foot-candles
  • Illuminated at eight feet high with at least three foot-candles
  • Illuminated at eight feet high with at least two foot-candles (Correct)

Answer : Illuminated at eight feet high with at least two foot-candles

Which of the following statements pertaining to key management is NOT true?


Options are :

  • Keys should be backed up or escrowed in case of emergencies.
  • The more a key is used, the shorter its lifetime should be.
  • When not using the full keyspace, the key should be extremely random (Correct)
  • Keys should be backed up or escrowed in case of emergencies.

Answer : When not using the full keyspace, the key should be extremely random

CISSP Security Engineering Certification Practice Exam Set 8

Which of the following does NOT concern itself with key management?


Options are :

  • Diffie-Hellman (DH)
  • Cryptology (CRYPTO) (Correct)
  • Internet Security Association Key Management Protocol (ISAKMP)
  • Key Exchange Algorithm (KEA)

Answer : Cryptology (CRYPTO)

Which of the following is NOT an example of a block cipher?


Options are :

  • RC4 (Correct)
  • IDEA
  • Blowfish
  • Skipjack

Answer : RC4

Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism?


Options are :

  • OAKLEY
  • Internet Security Association and Key Management Protocol (ISAKMP) (Correct)
  • IPsec Key exchange (IKE)
  • Simple Key-management for Internet Protocols (SKIP)

Answer : Internet Security Association and Key Management Protocol (ISAKMP)

CISSP Security Engineering Certification Practical Exam Set 2

Which of the following statements pertaining to stream ciphers is TRUE?


Options are :

  • A stream cipher is not appropriate for hardware-based encryption.
  • A stream cipher is slower than a block cipher.
  • A stream cipher is a type of asymmetric encryption algorithm.
  • A stream cipher generates what is called a keystream. (Correct)

Answer : A stream cipher generates what is called a keystream.

Which of the following algorithms is a stream cipher?


Options are :

  • RC6
  • RC2
  • RC5
  • RC4 (Correct)

Answer : RC4

Cryptography does NOT help in:


Options are :

  • detecting fraudulent deletion. (Correct)
  • detecting fraudulent insertion.
  • detecting fraudulent disclosure.
  • detecting fraudulent modification.

Answer : detecting fraudulent deletion.

CISSP - Software Development Security Mock Questions

Cryptography does NOT concern itself with which of the following choices?


Options are :

  • Availability (Correct)
  • Confidentiality
  • Validation
  • Integrity

Answer : Availability

What key size is used by the Clipper Chip?


Options are :

  • 56 bits
  • 80 bits (Correct)
  • 64 bits
  • 40 bits

Answer : 80 bits

What is the key size of the International Data Encryption Algorithm (IDEA)?


Options are :

  • 128 bits (Correct)
  • 64 bits
  • 160 bits
  • 192 bits

Answer : 128 bits

CISSP - Communications and Network Security Mock Questions

Which of the following binds a subject name to a public key value?


Options are :

  • A private key certificate
  • A secret key infrastructure
  • A public key infrastructure (Correct)
  • A public-key certificate

Answer : A public key infrastructure

Who vouches for the binding between the data items in a digital certificate?


Options are :

  • Certification authority (Correct)
  • Vouching authority
  • Registration authority
  • Issuing authority

Answer : Certification authority

Which of the following statements pertaining to block ciphers is NOT true?


Options are :

  • It is more suitable for software than hardware implementations.
  • It operates on fixed-size blocks of plaintext.
  • Plain text is encrypted with a public key and decrypted with a private key (Correct)
  • Some Block ciphers can operate internally as a stream.

Answer : Plain text is encrypted with a public key and decrypted with a private key

CISSP - Security Operations Mock Questions

Which of the following statements pertaining to link encryption is FALSE?


Options are :

  • Information stays encrypted from one end of its journey to the other. (Correct)
  • It provides protection against packet sniffers and eavesdroppers.
  • User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
  • It encrypts all the data along a specific communication path.

Answer : Information stays encrypted from one end of its journey to the other.

Which of the following is NOT a disadvantage of symmetric cryptography when compared with asymmetric ciphers?


Options are :

  • Large number of keys are needed
  • Has no built in Key distribution
  • Speed (Correct)
  • Provides Limited security services

Answer : Speed

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions