Effective CISSP Questions

Alice encrypted a document using AES with an encryption key that is a combination of her birthday and phone number. She has sent the document to bob through e-mail and is considering how to deliver the key securely. Which of the following is the least feasible?”
A. Print the key out and send it through a courier
B. Text the key using WhatsApp
C. Mail him a one-time password token to generate the key
D. Send the key encrypted by Bob’s public key through email

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Mail him a one-time password token to generate the key.

  • Courier and WhatsApp are different transmission channels from the e-mail that Alice used to send the encrypted document. This is the key exchange of out-of-band.
  • Using Bob’s public key to encrypt the shared key is the key exchange of public-key encryption.
  • One-time password (OTP) token is a hardware device that generates passwords dynamically for one-time use. It must be paired with a server synchronously or asynchronously. As Alice has predefined the shared key (a combination of her birthday and phone number), it’s not feasible for the OTP token to generate a predefined password.
  • In practice, users don’t have to do encryption/decryption manually; the cryptographic tasks are completed by software or hardware behind the scene. This question is designed to verify the concept of cryptography only.


Leave a Reply