For symmetric, you need ${n \choose 2} = \frac{n \cdot (n-1)}{2}$ keys: Each pair of parties would need a single key that will be used to both encrypt and decrypt the message between the two parties. The number of pairs of parties is equal to the number of combinations to choose a pair of parties among $n$ parties: first you choose the first party - $n$ possibilities. Then, you are left with $n-1$ options to choose the next party. Once you've chosen the pair of parties, notice that you don't have any significance to the order of the parties in the pair, so you need to divide the number of possibilities by 2 to cancel out the order. Overall it's ${n \choose 2} = \frac{n \cdot (n-1)}{2}$.
For asymmetric, you need $2n$ keypairs, like you said - every party $A$ that wants to send a message $m$ to party $B$, encrypts $m$ using $PK_B$, the public key of party $B$, and then party $B$ decrypts the message using the private key corresponding to $PK_B$.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Group of answer choices 20 45 10 100 Flag question: Question 2Question 22 pts Many cryptographic algorithms rely on the difficulty of factoring the product of large prime numbers. What characteristic of this problem are they relying on? Group of answer choices It complies with Kerckhoffs's principle. It contains confusion. It is a one-way function. It contains diffusion. Flag question: Question 3Question 32 pts What is the minimum number of cryptographic keys required for secure two-way communications in symmetric key cryptography? Group of answer choices Three One Two Four Flag question: Question 4Question 42 pts What block size is used by the Advanced Encryption Standard? Group of answer choices 128 bits 64 bits Variable 32 bits Flag question: Question 5Question 52 pts Which AES finalist makes use of prewhitening and postwhitening techniques? Group of answer choices Skipjack Twofish Blowfish Rijndael Flag question: Question 6Question 62 pts What block size is used by the 3DES encryption algorithm? Group of answer choices 64 bits 256 bits 32 bits 128 bits Flag question: Question 7Question 72 pts What kind of attack makes the Caesar cipher virtually unusable? Group of answer choices Transposition attack Meet-in-the-middle attack Frequency analysis attack Escrow attack Flag question: Question 8Question 82 pts Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message? Group of answer choices Caesar cipher ROT3 cipher Stream cipher Block cipher Flag question: Question 9Question 92 pts What type of cryptosystem commonly makes use of a passage from a well-known book for the encryption key? Group of answer choices Skipjack cipher Running key cipher Twofish cipher Vernam cipher Flag question: Question 10Question 102 pts Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present. What type of technique is he using? Group of answer choices Zero-knowledge proof Split knowledge Work function M of N Control Flag question: Question 11Question 112 pts Brian is upgrading a system to support SSH2 rather than SSH1. Which one of the following advantages will he achieve? Group of answer choices Support for IDEA encryption Support for simultaneous sessions Support for 3DES encryption Support for multifactor authentication Flag question: Question 12Question 122 pts Which one of the following algorithms is not supported by the Digital Signature Standard under FIPS 186-4? Group of answer choices RSA ElGamal DSA Digital Signature Algorithm Elliptic Curve DSA Flag question: Question 13Question 132 pts Richard received an encrypted message sent to him from Sue. Sue encrypted the message using the RSA encryption algorithm. Which key should Richard use to decrypt the message? Group of answer choices Richard's private key Richard's public key Sue's private key Sue's public key Flag question: Question 14Question 142 pts Beth is assessing the vulnerability of a cryptographic system to attack. She believes that the cryptographic keys are properly secured and that the system is using a modern, secure algorithm. Which one of the following attacks would most likely still be possible against the system by an external attacker who did not participate in the system and did not have physical access to the facility? Group of answer choices Fault injection Chosen plaintext Ciphertext only Known plaintext Flag question: Question 15Question 152 pts Chris is searching a Windows system for binary key files and wishes to narrow his search using file extensions. Which one of the following certificate formats is closely associated with Windows binary certificate files? Group of answer choices P7B PEM PFX CCM Flag question: Question 16Question 162 pts Richard wants to digitally sign a message he's sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest? Group of answer choices Sue's public key Richard's public key Sue's private key Richard's private key Flag question: Question 17Question 172 pts Ron believes that an attacker accessed a highly secure system in his data center and applied high-voltage electricity to it in an effort to compromise the cryptographic keys that it uses. What type of attack does he suspect? Group of answer choices Implementation attack Chosen ciphertext Fault injection Timing Flag question: Question 18Question 182 pts Which International Telecommunications Union (ITU) standard governs the creation and endorsement of digital certificates for secure electronic communication? Group of answer choices X.500 X.509 X.900 X.905 Flag question: Question 19Question 192 pts Which one of the following encryption algorithms is now considered insecure? Group of answer choices ElGamal RSA Elliptic Curve Cryptography Merkle-Hellman Knapsack Flag question: Question 20Question 202 pts Which of the following tools can be used to improve the effectiveness of a brute-force password cracking attack? Group of answer choices Hierarchical screening Rainbow tables Random enhancement TKIP Flag question: Question 21Question 212 pts You are tasked with designing the core security concept for a new government computing system. The details of its use are classified, but it will need to protect confidentiality across multiple classification levels. Which security model addresses data confidentiality in this context? Group of answer choices Biba Bell-LaPadula Clark-Wilson Brewer and Nash Flag question: Question 22Question 222 pts The Authorizing Official (AO) has the discretion to determine which breaches or security changes result in a loss of Authorization to Operate (ATO). The AO can also issue four types of authorization decisions. Which of the following are examples of these ATOs? (Choose all that apply.) Group of answer choices Denial of authorization Common control authorization Verified authorization Mutual authorization Authorization to transfer Authorization to use Flag question: Question 23Question 232 pts As an application designer, you need to implement various security mechanisms to protect the data that will be accessed and processed by your software. What would be the purpose of implementing a constrained or restricted interface? Group of answer choices To enforce identity verification To limit the actions of authorized and unauthorized users To swap datasets between primary and secondary memory To track user events and check for violations Flag question: Question 24Question 242 pts A security model provides a way for designers to map abstract statements into a solution that prescribes the algorithms and data structures necessary to build hardware and software. Thus, a security model gives software designers something against which to measure their design and implementation. Which of the following is the best definition of a security model? Group of answer choices A security model states policies an organization must follow. A security model is used to host one or more operating systems within the memory of a single host computer or to run applications that are not compatible with the host OS. A security model provides a framework to implement a security policy. A security model is a technical evaluation of each part of a computer system to assess its concordance with security standards. Flag question: Question 25Question 252 pts What is a security perimeter? (Choose all that apply.) Group of answer choices Any connections to your computer system The boundary of the physically secure area surrounding your system The imaginary boundary that separates the TCB from the rest of the system The network where your firewall resides Flag question: Question 26Question 262 pts The state machine model describes a system that is always secure no matter what state it is in. A secure state machine model system always boots into a secure state, maintains a secure state across all transitions, and allows subjects to access resources only in a secure manner compliant with the security policy. Which security models are built on a state machine model? Group of answer choices Biba Clark-Wilson Brewer and Nash Bell-LaPadula and take-grant Flag question: Question 27Question 272 pts The Biba model was designed after the Bell-LaPadula model. Whereas the Bell-LaPadula model addresses confidentiality, the Biba model addresses integrity. The Biba model is also built on a state machine concept, is based on information flow, and is a multilevel model. What is the implied meaning of the simple property of Biba? Group of answer choices Write-down Read-up No write-up No read-down Flag question: Question 28Question 282 pts The Common Criteria defines various levels of testing and confirmation of systems' security capabilities, and the number of the level indicates what kind of testing and confirmation has been performed. What part of the Common Criteria specifies the claims of security from the vendor that are built into a target of evaluation? Group of answer choices Security target Authorizing Official Protection profiles Evaluation Assurance Levels Flag question: Question 29Question 292 pts The Bell-LaPadula multilevel security model was derived from the DoD's multilevel security policies. The multilevel security policy states that a subject with any level of clearance can access resources at or below its clearance level. Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher security level? Group of answer choices (Star) security property No write-up property No read-up property No read-down property Flag question: Question 30Question 302 pts A new operating system update has made significant changes to the prior system. While testing, you discover that the system is highly unstable, allows for integrity violations between applications, can be affected easily by local denial-of-service attacks, and allows for information disclosure between processes. You suspect that a key security mechanism has been disabled or broken by the update. What is a likely cause of these problems? Group of answer choices Use of virtualization Lack of memory protections Support for storage and transmission encryption Not following the Goguen-Meseguer model Flag question: Question 31Question 312 pts A review of your company's virtualization of operations determines that the hardware resources supporting the VMs are nearly fully consumed. The auditor asks for the plan and layout of VM systems but is told that no such plan exists. This reveals that the company is suffering from what issue? Group of answer choices Poor cryptography VM escaping Use of EOSL systems VM sprawl Flag question: Question 32Question 322 pts A company is developing a new product to perform simple automated tasks related to indoor gardening. The device will be able to turn lights on and off and control a pump to transfer water. The technology to perform these automated tasks needs to be small and inexpensive. It only needs minimal computational capabilities, does not need networking, and should be able to execute C++ commands natively without the need of an OS. The organization thinks that using an embedded system or a microcontroller may be able to provide the functionality necessary for the product. Which of the following is the best choice to use for this new product? Group of answer choices Arduino Raspberry Pi FPGA RTOS Flag question: Question 33Question 332 pts Your boss wants to automate the control of the building's HVAC system and lighting in order to reduce costs. He instructs you to keep costs low and use off-the-shelf IoT equipment. When you are using IoT equipment in a private environment, what is the best way to reduce risk? Group of answer choices Power off devices when not in use Keep devices current on updates Block access from the IoT devices to the internet Use public IP addresses Flag question: Question 34Question 342 pts Service-oriented architecture (SOA) constructs new applications or functions out of existing but separate and distinct software services. The resulting application is often new; thus, its security issues are unknown, untested, and unprotected. Which of the following is a direct extension of SOA that creates single-use functions that can be employed via an API by other software? Group of answer choices Fog computing DCS Microservices Cyber-physical systems Flag question: Question 35Question 352 pts ____________ is a cloud computing concept where code is managed by the customer and the platform (i.e., supporting hardware and software) or server is managed by the cloud service provider (CSP). There is always a physical server running the code, but this execution model allows the software designer/architect/programmer/developer to focus on the logic of their code and not have to be concerned about the parameters or limitations of a specific server. Group of answer choices Infrastructure as code Microservices Serverless architecture Distributed systems Flag question: Question 36Question 362 pts You are working on improving your organization's policy on mobile equipment. Because of several recent and embarrassing breaches, the company wants to increase security through technology as well as user behavior and activities. What is the most effective means of reducing the risk of losing the data on a mobile device, such as a laptop computer? Group of answer choices Using a cable lock Encrypting the hard drive Minimizing sensitive data stored on the mobile device Defining a strong logon password Flag question: Question 37Question 372 pts A company server is currently operating at near maximum resource capacity, hosting just seven virtual machines. Management has instructed you to deploy six new applications onto additional VMs without purchasing new hardware since the IT/IS budget is exhausted. How can this be accomplished? Group of answer choices Infrastructure as code Containerization Data sovereignty Serverless architecture Flag question: Question 38Question 382 pts A new local VDI has been deployed in the organization. There have been numerous breaches of security due to issues on typical desktop workstations and laptop computers used as endpoints. Many of these issues stemmed from users installing unapproved software or altering the configuration of essential security tools. In an effort to avoid security compromises originating from endpoints in the future, all endpoint devices are now used exclusively as dumb terminals. Thus, no local data storage or application execution is performed on endpoints. Within the VDI, each worker has been assigned a VM containing all of their business necessary software and datasets. These VMs are configured to block the installation and execution of new software code, data files cannot be exported to the actual endpoints, and each time a worker logs out, the used VM is discarded and a clean version copied from a static snapshot replaces it. What type of system has now been deployed for the workers to use? Group of answer choices Nonpersistent Fog computing Thin clients Cloud services Flag question: Question 39Question 392 pts You are developing a new product that is intended to process data in order to trigger real-world adjustments with minimal latency or delay. The current plan is to embed the code into a ROM chip in order to optimize for mission-critical operations. What type of solution is most appropriate for this scenario? Group of answer choices An Arduino DCS Containerized application RTOS Flag question: Question 40Question 402 pts A major online data service wants to provide better response and access times for its users and visitors. They plan on deploying thousands of mini-web servers to ISPs across the nation. These mini-servers will host the few dozen main pages of their website so that users will be routed to the logically and geographically closest server for optimal performance and minimal latency. Only if a user requests data not on these mini-servers will they be connecting to the centralized main web cluster hosted at the company's headquarters. What is this type of deployment commonly known as? Group of answer choices Fog computing Edge computing Thin clients Infrastructure as code Flag question: Question 41Question 412 pts While reviewing the facility design blueprints, you notice several indications of a physical security mechanism being deployed directly into the building's construction. Which of the following is a double set of doors that is often protected by a guard and is used to contain a subject until their identity and authentication are verified? Group of answer choices Access control vestibule Turnstile Proximity detector Gate Flag question: Question 42Question 422 pts What is the best type of water-based fire suppression system for a computer facility? Group of answer choices Ionization detectors Wet pipe system People Placement of detectors in drop ceilings Flag question: Question 43Question 432 pts A data center has had repeated hardware failures. An auditor notices that systems are stacked together in dense groupings with no clear organization. What should be implemented to address this issue? Group of answer choices Visitor logs Hot aisles and cold aisles Gas-based fire suppression Industrial camouflage Flag question: Question 44Question 442 pts While implementing a motion detection system to monitor unauthorized access into a secured area of the building, you realize that the current infrared detectors are causing numerous false positives. You need to replace them with another option. What type of motion detector senses changes in the electrical or magnetic field surrounding a monitored object? Group of answer choices Capacitance Heat Photoelectric Wave Flag question: Question 45Question 452 pts Your company has a yearly fire detection and suppression system inspection performed by the local authorities. You start up a conversation with the lead inspector and they ask you, "What is the most common cause of a false positive for a water-based fire suppression system?" So, what do you answer? Group of answer choices Ionization detectors Placement of detectors in drop ceilings Water shortage People Flag question: Question 46Question 462 pts Your organization has just landed a new contract for a major customer. This will involve increasing production operations at the primary facility, which will entail housing valuable digital and physical assets. You need to ensure that these new assets receive proper protections. Which of the following is not a disadvantage of using security guards? Group of answer choices Not all environments and facilities support security guards. Security guards are usually unaware of the scope of the operations within a facility. Prescreening, bonding, and training do not guarantee effective and reliable security guards. Not all security guards are themselves reliable. Flag question: Question 47Question 472 pts Which of the following are benefits of a gas-based fire suppression system? (Choose all that apply.) Group of answer choices May be able to extinguish the fire faster than a water discharge system Can be deployed throughout a company facility Will cause the least damage to computer systems Extinguishes the fire by removing oxygen Flag question: Question 48Question 482 pts When designing physical security for an environment, it is important to focus on the functional order in which controls should be used. Which of the following is the correct order of the six common physical security control mechanisms? Group of answer choices Deny, Deter, Delay, Detect, Decide, Determine Decide, Delay, Deny, Detect, Deter, Determine Decide, Detect, Deny, Determine, Deter, Delay Deter, Deny, Detect, Delay, Determine, Decide Flag question: Question 49Question 492 pts Due to a recent building intrusion, facility security has become a top priority. You are on the proposal committee that will be making recommendations on how to improve the organization's physical security stance. What is the most common form of perimeter security devices or mechanisms? Group of answer choices Security guards CCTV Lighting Fences Flag question: Question 50Question 502 pts You have been placed on the facility security planning team. You've been tasked to create a priority list of issues to address during the initial design phase. What is the most important goal of all security solutions? Group of answer choices Sustaining availability Maintaining integrity Human safety Prevention of disclosure |