CISSP PRACTICE QUESTIONS – 20200305

Effective CISSP Questions

You are sniffing network traffic as a middle man and have captured a user’s encrypted login session for a couple of days. After analyzing the session packets, you conclude that the symmetric block cipher encrypts them. However, you are confused that the ciphertext of the password varies even though the user’s password is not changed. Which of the following is the least likely cipher mode of operation used to protect the user login session?
A. Electronic Codebook (ECB)
B. Cipher Block Chaining (CBC)
C. Cipher Feedback (CFB)
D. Output Feedback (OFB)


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Electronic Codebook (ECB).

The initialization vector (IV) is the crucial element to obscure the ciphertext. Electronic Codebook (ECB) doesn’t employ IV, so it produces patterns that can be the plaintext that can be cracked by the patterns existing in the ciphertext.

Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB) use IV in different ways that make the same password encrypted into various forms of ciphertext.

References

 


您正以中間人的身份截取網絡流量,連續好幾天截獲了用戶的加密登入過程。 在分析會話的封包之後,您相信整個過程是以對稱式的區塊密碼器(block cipher)進行加密。 但是,您感到困惑的是,即使用戶的密碼未更改,每次登入的密碼的密文卻不同。 以下哪項是用於保護用戶登錄會話,最不可能的加密器操作模式(cipher mode)?
A. Electronic Codebook (ECB)
B. Cipher Block Chaining (CBC)
C. Cipher Feedback (CFB)
D. Output Feedback (OFB)

1 thought on “CISSP PRACTICE QUESTIONS – 20200305

Leave a Reply