CISSP PRACTICE QUESTIONS – 20200903

Effective CISSP Questions

A protocol is a set of specifications, rules, and instructions agreed by two or more parties. A standard is a formalized protocol defined by a standard body. Most of the communication protocols are designed without security in mind in the early days. Which of the following is designed with the least consideration of security in nature?
A. PPP (Point-to-Point Protocol)
B. IPsec
C. WEP (Wired Equivalent Privacy)
D. OFDM (Orthogonal Frequency Division Multiplexing)


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. OFDM (Orthogonal Frequency Division Multiplexing).

Orthogonal frequency-division multiplexing (OFDM) is a type of digital transmission and a method of encoding digital data on multiple carrier frequencies to improve bandwidth efficiency, which reflects how efficiently the allocated bandwidth is used and is defined as the throughput data rate per Hertz in a given bandwidth. (Source: Wikipedia)

OFDM is designed primarily to improve bandwidth efficiency with fewer security considerations. The following video has a concise introduction to OFDM:

PPP (Point-to-Point Protocol)

PPP uses PAP, CHAP, and EAP for authentication. Even though PAP is transmitted in clear text, PAP is designed with consideration of authentication.

WEP (Wired Equivalent Privacy)

WEB has been craked and insecure. However, it use the stream cipher, RC4 for encryption (confidentiality), shared key for authentication, and the CRC-32 checksum for integrity.

IPsec

IPsec provides tunnel mode and transport mode, and AH and ESP to enforce confidentiality, integrity, and authenticity.

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

協定(protocol)是由兩個或更多各方同意的一組規格,規則和指令(instructions)。 標準(standard)是由標準機構定義的正式協定。 在早期,大多數通信協定在設計時都沒有考慮安全性。 以下哪項在設計時,本質上對安全性的考慮最少?
A. PPP (Point-to-Point Protocol)
B. IPsec
C. WEP (Wired Equivalent Privacy)
D. OFDM (Orthogonal Frequency Division Multiplexing)

2 thoughts on “CISSP PRACTICE QUESTIONS – 20200903

  1. I was debating between answer A and D and decided to go with answer A.

    Thank you for your further explanation on Answer D even with Sunny’s video 🙂

    • Wentz Wu – Taiwan – Wentz is a co-founder of Amicliens, a company from Taiwan delivering business solutions. He enjoys applying IT technologies to solve business problems and has been working in the IT industry for over 20 years.
      Wentz Wu on said:

      My pleasure, Joey!

Leave a Reply