Which of the following choices describe a Challenge-response tokens generation?
Correct Answer: A
Explanation/Reference: Challenge-response tokens are: - A workstation or system generates a random challenge string and the owner enters the string into the token along with the proper PIN. - The token generates a response that is then entered into the workstation or system. - The authentication mechanism in the workstation or system then determines if the owner should be authenticated. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 136-137).
Question 217
Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of?
Correct Answer: C
Explanation/Reference: The data link layer contains the Logical Link Control sublayer and the Media Access Control (MAC) sublayer. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 83).
Question 218
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?
Correct Answer: C
Section: Cryptography Explanation/Reference: A Birthday attack is usually applied to the probability of two different messages using the same hash function producing a common message digest. The term "birthday" comes from the fact that in a room with 23 people, the probability of two of more people having the same birthday is greater than 50%. Linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher. Attacks have been developed for block ciphers and stream ciphers. Linear cryptanalysis is one of the two most widely used attacks on block ciphers; the other being differential cryptanalysis. Differential Cryptanalysis is a potent cryptanalytic technique introduced by Biham and Shamir. Differential cryptanalysis is designed for the study and attack of DES-like cryptosystems. A DES-like cryptosystem is an iterated cryptosystem which relies on conventional cryptographic techniques such as substitution and diffusion. Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output. In the case of a block cipher, it refers to a set of techniques for tracing differences through the network of transformations, discovering where the cipher exhibits non-random behaviour, and exploiting such properties to recover the secret key. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 163). and http://en.wikipedia.org/wiki/Differential_cryptanalysis
Question 219
A confidential number used as an authentication factor to verify a user's identity is called a:
Correct Answer: A
PIN Stands for Personal Identification Number, as the name states it is a combination of numbers. The following answers are incorrect: User ID This is incorrect because a Userid is not required to be a number and a Userid is only used to establish identity not verify it. Password. This is incorrect because a password is not required to be a number, it could be any combination of characters. Challenge. This is incorrect because a challenge is not defined as a number, it could be anything.
Question 220
Which of the following is the most critical item from a disaster recovery point of view?
Correct Answer: A
The most important point is ALWAYS the data. Everything else can be replaced or repaired. Data MUST be backed up, backups must be regularly tested, because once it is truly lost, it is lost forever. The goal of disaster recovery is to minimize the effects of a disaster or disruption. It means taking the necessary steps to ensure that the resources, personnel, and business processes are able to resume operation in a timely manner . This is different from continuity planning, which provides methods and procedures for dealing with longer-term outages and disasters. The goal of a disaster recovery plan is to handle the disaster and its ramifications right after the disaster hits; the disaster recovery plan is usually very information technology (IT)- focused. A disaster recovery plan (DRP) is carried out when everything is still in emergency mode, and everyone is scrambling to get all critical systems back online. Reference(s) used for this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 887). McGraw- Hill. Kindle Edition. and Veritas eLearning CD - Introducing Disaster Recovery Planning, Chapter 1.
