CISSP PRACTICE QUESTIONS – 20200721

Effective CISSP Questions

You are developing a client/server-based application in which the client shall communicate with the server through a trusted channel. Which of the following is the best design of key exchange to encrypt data in transit? (Source: Wentz QOTD)
A. The client encrypts the preshared key using its private key
B. The client encrypts the premaster key using the server’s private key
C. The client encrypts the session key using the server’s public key
D. The client encrypts the master key using the server’s public key


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. The client encrypts the session key using the server’s public key.

Key Generation

The session key, generated by the master key, is used to encrypt data. The master key, in a fixed length, is produced by the premaster key, which is of variable length depending on the key exchange method.

The purpose of the master key is to generate session key(s) instead of encrypting data.

The Purpose of the Private Key

The purpose of the private key is to sign documents instead of encrypting documents. The secret key should be encrypted by the recipient’s public key.

Reference


您正在開發Clien/Server架構的應用程式,客戶端透過受信任通道與伺服器進行通訊。
以下哪種金鑰交換是最佳設計,可以保護傳輸中的數據安全?
A. 客戶端通過其私鑰,加密預共享密鑰 (preshared)
B. 客戶端通過服務器的私鑰,加密預主密鑰 (premaster key)
C. 客戶端通過服務器的公鑰,加密會話密鑰 (session key)
D. 客戶端通過服務器的公鑰,加密主密鑰(master key)


A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

Leave a Reply