ImageVerifierCode 换一换
格式:PDF , 页数:94 ,大小:410.11KB ,
资源ID:3332296      下载积分:2 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。 如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【https://www.wnwk.com/docdown/3332296.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: QQ登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(CISSP_cccure_d5.pdf)为本站会员(a****2)主动上传,蜗牛文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知蜗牛文库(发送邮件至admin@wnwk.com或直接QQ联系客服),我们立即给予删除!

CISSP_cccure_d5.pdf

1、CISSP and SSCP Open Study GROUP Online Quizzer CISSP and SSCP Open Study GROUP Online Quizzer Question 1640|Difficulty level:3/5|Relevancy:3/31.Which of the following is NOT a property of a one-way hash function?It converts a message of a fixed length into a message digest of arbitrary length.It is

2、computationally infeasible to construct two different messages with the same digest.It converts a message of arbitrary length into a message digest of a fixed length.Given a digest value,it is computationally infeasible to find the corresponding message.You did not provide any answer to this questio

3、n.Please review details below.DetailsSubmit a comment on this questionSource:TIPTON,Hal,(ISC)2,Introduction to the CISSP ExamIntroduction to the CISSP Exam presentation.Available at http:/www.cccure.org.Contributor:Contributor:Hal Tipton Study area:Study area:CISSP CBK domain#5-CryptographyCISSP CBK

4、 domain#5-Cryptography Covered topic:Covered topic:Message digests and hash functions This question Copyright 2003 Hal Tipton,cccure.org.All rights reserved.No unauthorized use or duplication without explicit written permission of author and of cccure.org.Question 1021|Difficulty level:3/5|Relevancy

5、:3/32.What uses a key of the same length as the message?Running key cipher One-time pad Steganography Cipher block chaining You did not provide any answer to this question.Please review details below.DetailsSubmit a comment on this questionA one-time pad is an encryption scheme using a random key of

6、 the same size as the message and is used only once.It is said to be unbreakable,even with infinite resources.A running key cipher uses articles in the physical world rather than an electronic algorithm.Steganography is a method where the very existence of the message is concealed.Cipher block chain

7、ing is a DES operating mode.Source:HARRIS,Shon,All-In-One CISSP Certification Exam Guide,McGraw-Hill/Osborne,2002,chapter 8:Cryptography(page 555).Contributor:Contributor:Christian V閦ina Study area:Study area:CISSP CBK domain#5-CryptographyCISSP CBK domain#5-Cryptography Covered topic:Covered topic:

8、One-time pads This question Copyright 2003 Christian V閦ina,cccure.org.All rights reserved.页码,1/94CISSP and SSCP Open Study GROUP Online Quizzer2006-1-8file:/E:CISSPcccured5.htmNo unauthorized use or duplication without explicit written permission of author and of cccure.org.Question 1321|Difficulty

9、level:4/5|Relevancy:3/33.In a SSL session between a client and a server,who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?Both client and server The clients browser The web server The merchants Certific

10、ate Server You did not provide any answer to this question.Please review details below.DetailsSubmit a comment on this questionOnce the merchant server has been authenticated by the browser client,the browser generates a master secret that is to be shared only between the server and client.This secr

11、et serves as a seed to generate the session(private)keys.The master secret is then encrypted with the merchants public key and sent to the server.The fact that the master secret is generated by the clients browser provides the client assurance that the server is not reusing keys that would have been

12、 used in a previous session with another client.Source:ANDRESS,Mandy,Exam Cram CISSP,Coriolis,2001,Chapter 6:Cryptography(page 112).Also:HARRIS,Shon,All-In-One CISSP Certification Exam Guide,McGraw-Hill/Osborne,2001,page 569.Contributors:Contributors:Christian V閦ina,Will Harmon Study areas:Study are

13、as:CISSP CBK domain#2-Telecommunication and Network Security,CISSP CBK domain#5-CryptographyCISSP CBK domain#5-Cryptography Covered topic:Covered topic:Secure Sockets Layer(SSL)This question Copyright 2003 Christian V閦ina,cccure.org.All rights reserved.No unauthorized use or duplication without expl

14、icit written permission of author and of cccure.org.Question 388|Difficulty level:3/5|Relevancy:3/34.What kind of Encryption technoloy VeriSIGNs SSL utilize?Secret key Hybrid:Symmetric and asymmetric cryptography Public Key Asymmetric key You did not provide any answer to this question.Please review

15、 details below.DetailsSubmit a comment on this questionVeriSigns SSL use public-key cryptography to secure session key,while session key(private key)to secure communication between both parties.Study area:Study area:CISSP CBK domain#5-CryptographyCISSP CBK domain#5-Cryptography Covered topics(2):Cov

16、ered topics(2):Hybrid cryptography,Secure Sockets Layer(SSL)This question Copyright 2003 cccure.org.All rights reserved.No unauthorized 页码,2/94CISSP and SSCP Open Study GROUP Online Quizzer2006-1-8file:/E:CISSPcccured5.htmuse or duplication without explicit written permission of author and of cccure

17、.org.Question 669|Difficulty level:3/5|Relevancy:3/35.Which of the following algorithms does*NOT*provide hashing?SHA-1 MD2 RC4 MD5 You did not provide any answer to this question.Please review details below.DetailsSubmit a comment on this questionRons Code 4(RC4)is an algorithm used for encryption a

18、nd does not provide hashing functions.Source:HARRIS,Shon,All-In-One CISSP Certification Exam Guide,McGraw-Hill/Osborne,2002,Chapter 8:Cryptography(page 550).Contributor:Contributor:Christian V閦ina Study area:Study area:CISSP CBK domain#5-CryptographyCISSP CBK domain#5-Cryptography Covered topic:Cove

19、red topic:Message digests and hash functions This question Copyright 2003 Christian V閦ina,cccure.org.All rights reserved.No unauthorized use or duplication without explicit written permission of author and of cccure.org.Question 1122|Difficulty level:4/5|Relevancy:3/36.Which of the following is not

20、provided by a public key infrastructure(PKI)?Access control Integrity Authentication Reliability You did not provide any answer to this question.Please review details below.DetailsSubmit a comment on this questionA Public Key Infrastructure(PKI)provides confidentiality,access control,integrity,authe

21、ntication and non-repudiation.It does not provide reliability.Source:TIPTON,Hal,(ISC)2,Introduction to the CISSP ExamIntroduction to the CISSP Exam presentation.Available at http:/www.cccure.org.Contributor:Contributor:Christian V閦ina Study area:Study area:CISSP CBK domain#5-CryptographyCISSP CBK do

22、main#5-Cryptography Covered topic:Covered topic:Public key infrastructure(PKI)This question Copyright 2003 Christian V閦ina,cccure.org.All rights reserved.No unauthorized use or duplication without explicit written permission of author and of cccure.org.Question 1576|Difficulty level:2/5|Relevancy:3/

23、37.Who vouches for the binding between the data items in a digital certificate?Registration authority Certification authority页码,3/94CISSP and SSCP Open Study GROUP Online Quizzer2006-1-8file:/E:CISSPcccured5.htm Issuing authority Vouching authority You did not provide any answer to this question.Ple

24、ase review details below.DetailsSubmit a comment on this questionA certification authority(CA)is an entity that issues digital certificates(especially X.509 certificates)and vouches for the binding between the data items in a certificate.An issuing authority could be considered a correct answer,but

25、not the best answer,since it is too generic.Source:SHIREY,Robert W.,RFC2828:Internet Security Glossary,may 2000.Contributor:Contributor:Christian V閦ina Study area:Study area:CISSP CBK domain#5-CryptographyCISSP CBK domain#5-Cryptography Covered topic:Covered topic:Certification authorities(CA)This q

26、uestion Copyright 2003 Christian V閦ina,cccure.org.All rights reserved.No unauthorized use or duplication without explicit written permission of author and of cccure.org.Question 1572|Difficulty level:4/5|Relevancy:3/38.Which of the following binds a subject name to a public key value?A public-key ce

27、rtificate A public key infrastructure A Certificate Authority A private key You did not provide any answer to this question.Please review details below.DetailsSubmit a comment on this questionA public-key certificate binds a subject name to a public key value.Source:SHIREY,Robert W.,RFC2828:Internet

28、 Security Glossary,may 2000.Contributor:Contributor:Christian V閦ina Study area:Study area:CISSP CBK domain#5-CryptographyCISSP CBK domain#5-Cryptography Covered topic:Covered topic:X.509 Digital certificates This question Copyright 2003 Christian V閦ina,cccure.org.All rights reserved.No unauthorized

29、use or duplication without explicit written permission of author and of cccure.org.Question 1639|Difficulty level:2/5|Relevancy:3/39.In what way does the Rivest-Shamir-Adleman algorithm differ from the Data Encryption Standard?It is based on a symmetric algorithm.It uses a public key for encryption.

30、It eliminates the need for a key-distribution center.It cannot produce a digital signature.You did not provide any answer to this question.Please review details below.DetailsSubmit a comment on this questionThe first answer is wrong because it is based on an asymmetric algorithm.The 页码,4/94CISSP and

31、 SSCP Open Study GROUP Online Quizzer2006-1-8file:/E:CISSPcccured5.htmthird option is wrong because often a third party creates and distributes the key pairs;thereby acting as a key distribution center.The last option is wrong because it can produce a digital signature.Source:TIPTON,Hal,(ISC)2,Intro

32、duction to the CISSP ExamIntroduction to the CISSP Exam presentation.Available at http:/www.cccure.org.Contributor:Contributor:Hal Tipton Study area:Study area:CISSP CBK domain#5-CryptographyCISSP CBK domain#5-Cryptography Covered topics(2):Covered topics(2):Rivest Shamir Adleman(RSA),Public vs secr

33、et cryptography This question Copyright 2003 Hal Tipton,cccure.org.All rights reserved.No unauthorized use or duplication without explicit written permission of author and of cccure.org.Question 280|Difficulty level:3/5|Relevancy:3/310.Microsoft and Netscape offer two version of Web browser,export a

34、nd domestic.Which of the following differentiates the versions?The browser for domestic market uses 40-bit encryption and the browser for international market uses 128-bit encryption.The browser for domestic market uses 128-bit encryption and the browser for international market uses 64-bit encrypti

35、on.The browser for domestic market uses 128-bit encryption and the browser for international market uses 40-bit encryption.The browser for domestic market uses 64-bit encryption and the browser for international market uses 96-bit encryption.You did not provide any answer to this question.Please rev

36、iew details below.DetailsSubmit a comment on this questionSource:Building E-Commerce Infrastructure,White Paper from Verisign,Page 11 section-SSL Strength 40-bit and 128-bit SSL.Contributor:Contributor:Jamil Siddique Study areas:Study areas:CISSP CBK domain#5-CryptographyCISSP CBK domain#5-Cryptogra

37、phy,CISSP CBK domain#9-Law,Investigations,and Ethics Covered topics(3):Covered topics(3):Secure Sockets Layer(SSL),Import/export laws,Computer lawsThis question Copyright 2003 Jamil Siddique,cccure.org.All rights reserved.No unauthorized use or duplication without explicit written permission of auth

38、or and of cccure.org.Question 1591|Difficulty level:5/5|Relevancy:3/311.Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets?Internet Security Association and Key Management Protocol(I

39、SAKMP)Simple Key-management for Internet Protocols(SKIP)Diffie-Hellman Key Distribution Protocol IPsec Key exchange(IKE)You did not provide any answer to this question.Please review details below.DetailsSubmit a comment on this question页码,5/94CISSP and SSCP Open Study GROUP Online Quizzer2006-1-8fil

40、e:/E:CISSPcccured5.htmRFC 2828(Internet Security Glossary)defines SKIP as a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets.ISAKMP is an Internet IPsec protocol to negotiate,establish,modify,and delete security associations,and

41、 to exchange key generation and authentication data,independent of the details of any specific key generation technique,key establishment protocol,encryption algorithm,or authentication mechanism.IKE is an Internet,IPsec,key-establishment protocol(partly based on OAKLEY)that is intended for putting

42、in place authenticated keying material for use with ISAKMP and for other security associations,such as in AH and ESP.Source:SHIREY,Robert W.,RFC2828:Internet Security Glossary,may 2000.Contributor:Contributor:Christian V閦ina Study area:Study area:CISSP CBK domain#5-CryptographyCISSP CBK domain#5-Cry

43、ptography Covered topic:Covered topic:Simple Key Management for Internet Protocols(SKIP)This question Copyright 2003 Christian V閦ina,cccure.org.All rights reserved.No unauthorized use or duplication without explicit written permission of author and of cccure.org.Question 331|Difficulty level:3/5|Rel

44、evancy:3/312.Which of the following would best describe certificate path validation?verification of the validity of all certificates of the certificate chain till the root certificate verification of the integrity of the associated root certificate verification of the integrity of the concerned priv

45、ate key verification of the revocation status of the concerned certificate You did not provide any answer to this question.Please review details below.DetailsSubmit a comment on this questionReference:FORD,Warwick&BAUM,Michael S.,Secure Electronic Commerce:Building the Infrastructure for Digital Sig

46、natures and Encryption(2nd Edition),2000,Prentice Hall PTR,Page 262.Contributor:Contributor:Claus Stark and his wife Shubhangi Study area:Study area:CISSP CBK domain#5-CryptographyCISSP CBK domain#5-Cryptography Covered topic:Covered topic:Certification authorities(CA)This question Copyright 2003 Cl

47、aus Stark and his wife Shubhangi,cccure.org.All rights reserved.No unauthorized use or duplication without explicit written permission of author and of cccure.org.Question 1410|Difficulty level:3/5|Relevancy:3/313.Which of the following statements pertaining to link encryption is false?It encrypts a

48、ll the data along a specific communication path.It provides protection against packet sniffers and eavesdroppers.Information stays encrypted from one end of its journey to the other.User information,header,trailers,addresses and routing data that are part of the packets are encrypted.You did not pro

49、vide any answer to this question.Please review details below.DetailsSubmit a comment on this question页码,6/94CISSP and SSCP Open Study GROUP Online Quizzer2006-1-8file:/E:CISSPcccured5.htmWhen using link encryption,packets have to be decrypted at each hop and encrypted again.Information staying encry

50、pted from one end of its journey to the other is a characteristic of end-to-end encryption,not link encryption.Source:WALLHOFF,John,CBK#5 CryptographyCBK#5 Cryptography(CISSP Study Guide),April 2002(page 6).Available at http:/www.cccure.org.Contributor:Contributor:Christian V閦ina Study areas:Study a

copyright@ 2008-2023 wnwk.com网站版权所有

经营许可证编号:浙ICP备2024059924号-2