CISSP Exam Simulator Demo

A stream cipher is a symmetric key cipher that operates on each character, or bit of a message. It encrypts one character per bit at a time. Caesar cipher and one-time pad are the examples of a stream cipher. One-time pad is a stream cipher since it independently operates on each letter of the plaintext message. Significant computational resources are required by the stream ciphers.

The term cryptanalysis refers to the act of obtaining plaintext from ciphertext without a cryptographic key. It is a method of obtaining the meaning of encrypted information without accessing the secret information or key, which is normally required for encryption purposes.

 Job rotation is implemented in this scenario. A job rotation policy defines intervals at which employees must rotate through positions. It helps to ensure that the company does not become too dependent on one person and it does afford the company with the opportunity to place another person in that same job. It provides an opportunity to see what the person is doing and potentially uncover any fraud.

The practitioner’s actions harm the CISSP certification and information security community by undermining the integrity of the examination process. While the practitioner also is acting dishonestly, the harm to the profession is more of a direct violation of the code of ethics.

Here are the modes of 3DES:

• DES-EEE3: Three different keys are used in the three stages of encryption. 3DES uses a 168 bit key. The following function is used to represent this mode:

C = E K1 (E K2 (E K3 (P ))) 

• DES-EDE3: Three DES operations take place in the sequence encrypt-decrypt-encrypt by using three different keys. 3DES uses a 168 bit key. The following function is used to represent this mode:

C = E K1 (D K2 (E K3 (P ))) 

• DES-EEE2: Two keys are used for the 3DES encryptions. 3DES uses a 112 bit key. The following function is used to represent this mode:

C = E K1 (E K2 (E K1 (P ))) 

• DES-EDE2: Three DES operations take place in the sequence encrypt-decrypt-encrypt by using two different keys. 3DES uses a 112 bit key. The following function is used to represent this mode:

C = E K1 (D K2 (E K1 (P )))

Agent based solutions require a software agent to be actively running on the participating systems. Managing and updating these agents often becomes a time consuming task which is not scalable. 

The maximum tolerable downtime (MTD) is the amount of time that a business may be without a service before irreparable harm occurs. This measure is sometimes also called maximum tolerable outage (MTO).

While developers may feel like they have a business need to be able to move code into production, the principle of segregation of duties dictates that they should not have the ability to both write code and place it on a production server. The change management staff generally deploy code.

 A blue box was used to generate the 2600 Hz tones that trunking systems required. White boxes included a dual-tone, multifrequency generator to control phone systems. Black boxes were designed to steal long-distance service by manipulating line voltages, and red boxes simulated the tones of coins being deposited into payphones.

The enterprise should use Common Criteria to get the most simplified and universal evaluation. It was created to combine the strengths of both TCSEC and ITSEC while removing their weaknesses. This evaluation program is recognized globally and is considered more flexible than the TCSEC, and more straightforward than ITSEC.

Code signing is submitting code along with a hash of the code being submitted. The recipient regenerates the hash and if it is different from the submitted hash then the recipient knows that the code that he received is not identical to the original code. This control maintains the Code’s integrity.

The attacker is engaged in a back door attack. Back doors are undocumented command sequences that allow individuals with knowledge of the back door to bypass normal access restrictions. They are often used during the development and debugging process to speed up the workflow and avoid forcing developers to continuously authenticate to the system.

Sessions keys are used for a single session and are then discarded, as is the one-time pad. Additionally, each session key must be statistically unpredictable and unrelated to the previous key, as the one-time pad requires, as well. Any technology that takes advantage of a short-term password or key can ultimately be traced back to the one-time pad. Asymmetric Cryptography is often used to provide secure session key exchange. Digital signatures are used to verify a message sender and content. IPSec handshaking is used to establish a secure channel. 

Availability defines measures used to keep services and systems operational during an outage. In short, the goal is to provide all services to all users, where they need them and when they need them. With high availability, the goal is to have key services available 99.999 percent of the time. It refers to the functional state of a system and in the networking world is often simplified as uptime.

The Identify Function assists in developing an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. Understanding the business environment, the assets that support critical functions, and assessing the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.