Symmetric key encryption algorithm is used?
For symmetric, you need ${n \choose 2} = \frac{n \cdot (n-1)}{2}$ keys: Each pair of parties would need a single key that will be used to both encrypt and decrypt the message between the two parties. The number of pairs of parties is equal to the number of combinations to choose a pair of parties among $n$ parties: first you choose the first party - $n$ possibilities. Then, you are left with $n-1$ options to choose the next party. Once you've chosen the pair of parties, notice that you don't have any significance to the order of the parties in the pair, so you need to divide the number of possibilities by 2 to cancel out the order. Overall it's ${n \choose 2} = \frac{n \cdot (n-1)}{2}$.
Asymmetric key encryption algorithm is used?
For asymmetric, you need $2n$ keypairs, like you said - every party $A$ that wants to send a message $m$ to party $B$, encrypts $m$ using $PK_B$, the public key of party $B$, and then party $B$ decrypts the message using the private key corresponding to $PK_B$.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Group of answer choices
20
45
10
100
Flag question: Question 2Question 22 pts
Many cryptographic algorithms rely on the difficulty of factoring the product of large prime numbers. What characteristic of this problem are they relying on?
Group of answer choices
It complies with Kerckhoffs's principle.
It contains confusion.
It is a one-way function.
It contains diffusion.
Flag question: Question 3Question 32 pts
What is the minimum number of cryptographic keys required for secure two-way communications in symmetric key cryptography?
Group of answer choices
Three
One
Two
Four
Flag question: Question 4Question 42 pts
What block size is used by the Advanced Encryption Standard?
Group of answer choices
128 bits
64 bits
Variable
32 bits
Flag question: Question 5Question 52 pts
Which AES finalist makes use of prewhitening and postwhitening techniques?
Group of answer choices
Skipjack
Twofish
Blowfish
Rijndael
Flag question: Question 6Question 62 pts
What block size is used by the 3DES encryption algorithm?
Group of answer choices
64 bits
256 bits
32 bits
128 bits
Flag question: Question 7Question 72 pts
What kind of attack makes the Caesar cipher virtually unusable?
Group of answer choices
Transposition attack
Meet-in-the-middle attack
Frequency analysis attack
Escrow attack
Flag question: Question 8Question 82 pts
Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message?
Group of answer choices
Caesar cipher
ROT3 cipher
Stream cipher
Block cipher
Flag question: Question 9Question 92 pts
What type of cryptosystem commonly makes use of a passage from a well-known book for the encryption key?
Group of answer choices
Skipjack cipher
Running key cipher
Twofish cipher
Vernam cipher
Flag question: Question 10Question 102 pts
Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present. What type of technique is he using?
Group of answer choices
Zero-knowledge proof
Split knowledge
Work function
M of N Control
Flag question: Question 11Question 112 pts
Brian is upgrading a system to support SSH2 rather than SSH1. Which one of the following advantages will he achieve?
Group of answer choices
Support for IDEA encryption
Support for simultaneous sessions
Support for 3DES encryption
Support for multifactor authentication
Flag question: Question 12Question 122 pts
Which one of the following algorithms is not supported by the Digital Signature Standard under FIPS 186-4?
Group of answer choices
RSA
ElGamal DSA
Digital Signature Algorithm
Elliptic Curve DSA
Flag question: Question 13Question 132 pts
Richard received an encrypted message sent to him from Sue. Sue encrypted the message using the RSA encryption algorithm. Which key should Richard use to decrypt the message?
Group of answer choices
Richard's private key
Richard's public key
Sue's private key
Sue's public key
Flag question: Question 14Question 142 pts
Beth is assessing the vulnerability of a cryptographic system to attack. She believes that the cryptographic keys are properly secured and that the system is using a modern, secure algorithm. Which one of the following attacks would most likely still be possible against the system by an external attacker who did not participate in the system and did not have physical access to the facility?
Group of answer choices
Fault injection
Chosen plaintext
Ciphertext only
Known plaintext
Flag question: Question 15Question 152 pts
Chris is searching a Windows system for binary key files and wishes to narrow his search using file extensions. Which one of the following certificate formats is closely associated with Windows binary certificate files?
Group of answer choices
P7B
PEM
PFX
CCM
Flag question: Question 16Question 162 pts
Richard wants to digitally sign a message he's sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest?
Group of answer choices
Sue's public key
Richard's public key
Sue's private key
Richard's private key
Flag question: Question 17Question 172 pts
Ron believes that an attacker accessed a highly secure system in his data center and applied high-voltage electricity to it in an effort to compromise the cryptographic keys that it uses. What type of attack does he suspect?
Group of answer choices
Implementation attack
Chosen ciphertext
Fault injection
Timing
Flag question: Question 18Question 182 pts
Which International Telecommunications Union (ITU) standard governs the creation and endorsement of digital certificates for secure electronic communication?
Group of answer choices
X.500
X.509
X.900
X.905
Flag question: Question 19Question 192 pts
Which one of the following encryption algorithms is now considered insecure?
Group of answer choices
ElGamal
RSA
Elliptic Curve Cryptography
Merkle-Hellman Knapsack
Flag question: Question 20Question 202 pts
Which of the following tools can be used to improve the effectiveness of a brute-force password cracking attack?
Group of answer choices
Hierarchical screening
Rainbow tables
Random enhancement
TKIP
Flag question: Question 21Question 212 pts
You are tasked with designing the core security concept for a new government computing system. The details of its use are classified, but it will need to protect confidentiality across multiple classification levels. Which security model addresses data confidentiality in this context?
Group of answer choices
Biba
Bell-LaPadula
Clark-Wilson
Brewer and Nash
Flag question: Question 22Question 222 pts
The Authorizing Official (AO) has the discretion to determine which breaches or security changes result in a loss of Authorization to Operate (ATO). The AO can also issue four types of authorization decisions. Which of the following are examples of these ATOs? (Choose all that apply.)
Group of answer choices
Denial of authorization
Common control authorization
Verified authorization
Mutual authorization
Authorization to transfer
Authorization to use
Flag question: Question 23Question 232 pts
As an application designer, you need to implement various security mechanisms to protect the data that will be accessed and processed by your software. What would be the purpose of implementing a constrained or restricted interface?
Group of answer choices
To enforce identity verification
To limit the actions of authorized and unauthorized users
To swap datasets between primary and secondary memory
To track user events and check for violations
Flag question: Question 24Question 242 pts
A security model provides a way for designers to map abstract statements into a solution that prescribes the algorithms and data structures necessary to build hardware and software. Thus, a security model gives software designers something against which to measure their design and implementation. Which of the following is the best definition of a security model?
Group of answer choices
A security model states policies an organization must follow.
A security model is used to host one or more operating systems within the memory of a single host computer or to run applications that are not compatible with the host OS.
A security model provides a framework to implement a security policy.
A security model is a technical evaluation of each part of a computer system to assess its concordance with security standards.
Flag question: Question 25Question 252 pts
What is a security perimeter? (Choose all that apply.)
Group of answer choices
Any connections to your computer system
The boundary of the physically secure area surrounding your system
The imaginary boundary that separates the TCB from the rest of the system
The network where your firewall resides
Flag question: Question 26Question 262 pts
The state machine model describes a system that is always secure no matter what state it is in. A secure state machine model system always boots into a secure state, maintains a secure state across all transitions, and allows subjects to access resources only in a secure manner compliant with the security policy. Which security models are built on a state machine model?
Group of answer choices
Biba
Clark-Wilson
Brewer and Nash
Bell-LaPadula and take-grant
Flag question: Question 27Question 272 pts
The Biba model was designed after the Bell-LaPadula model. Whereas the Bell-LaPadula model addresses confidentiality, the Biba model addresses integrity. The Biba model is also built on a state machine concept, is based on information flow, and is a multilevel model. What is the implied meaning of the simple property of Biba?
Group of answer choices
Write-down
Read-up
No write-up
No read-down
Flag question: Question 28Question 282 pts
The Common Criteria defines various levels of testing and confirmation of systems' security capabilities, and the number of the level indicates what kind of testing and confirmation has been performed. What part of the Common Criteria specifies the claims of security from the vendor that are built into a target of evaluation?
Group of answer choices
Security target
Authorizing Official
Protection profiles
Evaluation Assurance Levels
Flag question: Question 29Question 292 pts
The Bell-LaPadula multilevel security model was derived from the DoD's multilevel security policies. The multilevel security policy states that a subject with any level of clearance can access resources at or below its clearance level. Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher security level?
Group of answer choices
(Star) security property
No write-up property
No read-up property
No read-down property
Flag question: Question 30Question 302 pts
A new operating system update has made significant changes to the prior system. While testing, you discover that the system is highly unstable, allows for integrity violations between applications, can be affected easily by local denial-of-service attacks, and allows for information disclosure between processes. You suspect that a key security mechanism has been disabled or broken by the update. What is a likely cause of these problems?
Group of answer choices
Use of virtualization
Lack of memory protections
Support for storage and transmission encryption
Not following the Goguen-Meseguer model
Flag question: Question 31Question 312 pts
A review of your company's virtualization of operations determines that the hardware resources supporting the VMs are nearly fully consumed. The auditor asks for the plan and layout of VM systems but is told that no such plan exists. This reveals that the company is suffering from what issue?
Group of answer choices
Poor cryptography
VM escaping
Use of EOSL systems
VM sprawl
Flag question: Question 32Question 322 pts
A company is developing a new product to perform simple automated tasks related to indoor gardening. The device will be able to turn lights on and off and control a pump to transfer water. The technology to perform these automated tasks needs to be small and inexpensive. It only needs minimal computational capabilities, does not need networking, and should be able to execute C++ commands natively without the need of an OS. The organization thinks that using an embedded system or a microcontroller may be able to provide the functionality necessary for the product. Which of the following is the best choice to use for this new product?
Group of answer choices
Arduino
Raspberry Pi
FPGA
RTOS
Flag question: Question 33Question 332 pts
Your boss wants to automate the control of the building's HVAC system and lighting in order to reduce costs. He instructs you to keep costs low and use off-the-shelf IoT equipment. When you are using IoT equipment in a private environment, what is the best way to reduce risk?
Group of answer choices
Power off devices when not in use
Keep devices current on updates
Block access from the IoT devices to the internet
Use public IP addresses
Flag question: Question 34Question 342 pts
Service-oriented architecture (SOA) constructs new applications or functions out of existing but separate and distinct software services. The resulting application is often new; thus, its security issues are unknown, untested, and unprotected. Which of the following is a direct extension of SOA that creates single-use functions that can be employed via an API by other software?
Group of answer choices
Fog computing
DCS
Microservices
Cyber-physical systems
Flag question: Question 35Question 352 pts
____________ is a cloud computing concept where code is managed by the customer and the platform (i.e., supporting hardware and software) or server is managed by the cloud service provider (CSP). There is always a physical server running the code, but this execution model allows the software designer/architect/programmer/developer to focus on the logic of their code and not have to be concerned about the parameters or limitations of a specific server.
Group of answer choices
Infrastructure as code
Microservices
Serverless architecture
Distributed systems
Flag question: Question 36Question 362 pts
You are working on improving your organization's policy on mobile equipment. Because of several recent and embarrassing breaches, the company wants to increase security through technology as well as user behavior and activities. What is the most effective means of reducing the risk of losing the data on a mobile device, such as a laptop computer?
Group of answer choices
Using a cable lock
Encrypting the hard drive
Minimizing sensitive data stored on the mobile device
Defining a strong logon password
Flag question: Question 37Question 372 pts
A company server is currently operating at near maximum resource capacity, hosting just seven virtual machines. Management has instructed you to deploy six new applications onto additional VMs without purchasing new hardware since the IT/IS budget is exhausted. How can this be accomplished?
Group of answer choices
Infrastructure as code
Containerization
Data sovereignty
Serverless architecture
Flag question: Question 38Question 382 pts
A new local VDI has been deployed in the organization. There have been numerous breaches of security due to issues on typical desktop workstations and laptop computers used as endpoints. Many of these issues stemmed from users installing unapproved software or altering the configuration of essential security tools. In an effort to avoid security compromises originating from endpoints in the future, all endpoint devices are now used exclusively as dumb terminals. Thus, no local data storage or application execution is performed on endpoints. Within the VDI, each worker has been assigned a VM containing all of their business necessary software and datasets. These VMs are configured to block the installation and execution of new software code, data files cannot be exported to the actual endpoints, and each time a worker logs out, the used VM is discarded and a clean version copied from a static snapshot replaces it. What type of system has now been deployed for the workers to use?
Group of answer choices
Nonpersistent
Fog computing
Thin clients
Cloud services
Flag question: Question 39Question 392 pts
You are developing a new product that is intended to process data in order to trigger real-world adjustments with minimal latency or delay. The current plan is to embed the code into a ROM chip in order to optimize for mission-critical operations. What type of solution is most appropriate for this scenario?
Group of answer choices
An Arduino
DCS
Containerized application
RTOS
Flag question: Question 40Question 402 pts
A major online data service wants to provide better response and access times for its users and visitors. They plan on deploying thousands of mini-web servers to ISPs across the nation. These mini-servers will host the few dozen main pages of their website so that users will be routed to the logically and geographically closest server for optimal performance and minimal latency. Only if a user requests data not on these mini-servers will they be connecting to the centralized main web cluster hosted at the company's headquarters. What is this type of deployment commonly known as?
Group of answer choices
Fog computing
Edge computing
Thin clients
Infrastructure as code
Flag question: Question 41Question 412 pts
While reviewing the facility design blueprints, you notice several indications of a physical security mechanism being deployed directly into the building's construction. Which of the following is a double set of doors that is often protected by a guard and is used to contain a subject until their identity and authentication are verified?
Group of answer choices
Access control vestibule
Turnstile
Proximity detector
Gate
Flag question: Question 42Question 422 pts
What is the best type of water-based fire suppression system for a computer facility?
Group of answer choices
Ionization detectors
Wet pipe system
People
Placement of detectors in drop ceilings
Flag question: Question 43Question 432 pts
A data center has had repeated hardware failures. An auditor notices that systems are stacked together in dense groupings with no clear organization. What should be implemented to address this issue?
Group of answer choices
Visitor logs
Hot aisles and cold aisles
Gas-based fire suppression
Industrial camouflage
Flag question: Question 44Question 442 pts
While implementing a motion detection system to monitor unauthorized access into a secured area of the building, you realize that the current infrared detectors are causing numerous false positives. You need to replace them with another option. What type of motion detector senses changes in the electrical or magnetic field surrounding a monitored object?
Group of answer choices
Capacitance
Heat
Photoelectric
Wave
Flag question: Question 45Question 452 pts
Your company has a yearly fire detection and suppression system inspection performed by the local authorities. You start up a conversation with the lead inspector and they ask you, "What is the most common cause of a false positive for a water-based fire suppression system?" So, what do you answer?
Group of answer choices
Ionization detectors
Placement of detectors in drop ceilings
Water shortage
People
Flag question: Question 46Question 462 pts
Your organization has just landed a new contract for a major customer. This will involve increasing production operations at the primary facility, which will entail housing valuable digital and physical assets. You need to ensure that these new assets receive proper protections. Which of the following is not a disadvantage of using security guards?
Group of answer choices
Not all environments and facilities support security guards.
Security guards are usually unaware of the scope of the operations within a facility.
Prescreening, bonding, and training do not guarantee effective and reliable security guards.
Not all security guards are themselves reliable.
Flag question: Question 47Question 472 pts
Which of the following are benefits of a gas-based fire suppression system? (Choose all that apply.)
Group of answer choices
May be able to extinguish the fire faster than a water discharge system
Can be deployed throughout a company facility
Will cause the least damage to computer systems
Extinguishes the fire by removing oxygen
Flag question: Question 48Question 482 pts
When designing physical security for an environment, it is important to focus on the functional order in which controls should be used. Which of the following is the correct order of the six common physical security control mechanisms?
Group of answer choices
Deny, Deter, Delay, Detect, Decide, Determine
Decide, Delay, Deny, Detect, Deter, Determine
Decide, Detect, Deny, Determine, Deter, Delay
Deter, Deny, Detect, Delay, Determine, Decide
Flag question: Question 49Question 492 pts
Due to a recent building intrusion, facility security has become a top priority. You are on the proposal committee that will be making recommendations on how to improve the organization's physical security stance. What is the most common form of perimeter security devices or mechanisms?
Group of answer choices
Security guards
CCTV
Lighting
Fences
Flag question: Question 50Question 502 pts
You have been placed on the facility security planning team. You've been tasked to create a priority list of issues to address during the initial design phase. What is the most important goal of all security solutions?
Group of answer choices
Sustaining availability
Maintaining integrity
Human safety
Prevention of disclosure