The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?
Correct Answer: B
Test equipment must be secured. There are equipment and other tools that if in the wrong hands could be used to "sniff" network traffic and also be used to commit fraud. The storage and use of this equipment should be detailed in the security policy for this reason. The following answers are incorrect: Test equipment is easily damaged. Is incorrect because it is not the best answer, and from a security point of view not relevent. Test equipment is difficult to replace if lost or stolen. Is incorrect because it is not the best answer, and from a security point of view not relevent. Test equipment must always be available for the maintenance personnel. Is incorrect because it is not the best answer, and from a security point of view not relevent. References: OIG CBK Operations Security (pages 642 - 643)
Question 992
Which of the following would best describe a Concealment cipher?
Correct Answer: B
When a concealment cipher is used, every X number of words within a text, is a part of the real message. The message is within another message. A concealment cipher is a message within a message. If my other super-secret spy buddy and I decide our key value is every third word, then when I get a message from him, I will pick out every third word and write it down. Suppose he sends me a message that reads, "The saying, 'The time is right' is not cow language, so is now a dead subject." Because my key is every third word, I come up with "The right cow is dead." This again means nothing to me, and I am now turning in my decoder ring. Concealment ciphers include the plaintext within the ciphertext. It is up to the recipient to know which letters or symbols to exclude from the ciphertext in order to yield the plaintext. Here is an example of a concealment cipher: i2l32i5321k34e1245ch456oc12ol234at567e Remove all the numbers, and you'll have i like chocolate. How about this one? Larry even appears very excited. No one worries. The first letter from each word reveals the message leave now. Both are easy, indeed, but many people have crafted more ingenious ways of concealing the messages. By the way, this type of cipher doesn't even need ciphertext, such as that in the above examples. Consider the invisible drying ink that kids use to send secret messages. In a more extreme example, a man named Histiaeus, during 5th century B.C., shaved the head of a trusted slave, then tattooed the message onto his bald head. When the slave's hair grew back, Histiaeus sent the slave to the message's intended recipient, Aristagoros, who shaved the slave's head and read the message instructing him to revolt. The following answers are incorrect: A transposition cipher uses permutations. A substitution cipher replaces bits, characters, or blocks of characters with different bits, characters or blocks. Steganography refers to hiding the very existence of the message. Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 1). and also see: http://www.go4expert.com/forums/showthread.php?t=415
Question 993
Which of the following algorithms is used today for encryption in PGP?
Correct Answer: B
The Pretty Good Privacy (PGP) email encryption system was developed by Phil Zimmerman. For encrypting messages, it actually uses AES with up to 256-bit keys, CAST, TripleDES, IDEA and Twofish. RSA is also used in PGP, but only for symmetric key exchange and for digital signatures, but not for encryption. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (pages 154, 169). More info on PGP can be found on their site at http://www.pgp.com/display.php?pageID=29.
Question 994
Which backup method is used if backup time is critical and tape space is at an extreme premium?
Correct Answer: A
Hierarchical Storage Management (HSM) is commonly employed in very large data retrieval systems. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 71.
Question 995
Which security model introduces access to objects only through programs?
Correct Answer: C
"The Clark-Wilson model is also an integrity-protecting model. The Clark-Wilson model was developed after Biba and approaches integrity protection from a different perspective. Rather than employing a lattice structure, it uses a three-part relationship of subject/program/object known as a triple. Subjects do not have direct access to objects. Objects can be access only through programs." Pg 347 Tittel: CISSP Study Guide
