CISSP PRACTICE QUESTIONS – 20201007

Effective CISSP Questions

Which of the following statements about nonrepudiation is true?
A. Nonrepudiation is a property of confidentiality.
B. CBC-MAC enforces nonrepudiation better than HMAC.
C. Nonrepudiation relies on a third party to verify the integrity and origin of data.
D. The recipient of the information is provided with proof of delivery.


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Nonrepudiation relies on a third party to verify the integrity and origin of data.

  • Nonrepudiation is a property of integrity as defined in FISMA.
  • None of CBC-MAC and HMAC enforces nonrepudiation; they enforce authenticity instead.
  • The sender of the information is provided with proof of delivery.

Non-repudiation

  • The inability to deny responsibility for performing a specific act. (NISTIR 4734)
  • Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information. (CNSSI 4009)
  • A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified by a third party as having originated from a specific entity in possession of the private key of the claimed signatory.
    In a general information security context, assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information. (NIST SP 800-57 Part 2)
  • ability to protect against denial by one of the entities involved in an action of having participated in all or part of the action. (ITU-T X.1252)
  • service providing proof of the integrity and origin of data (both in an unforgeable relationship), which can be verified by any party. (ISO 17090:2013)

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

The Effective CISSP - SRM

The Effective CISSP: Practice Questions

The Effective CISSP: Practice Questions

下列有關不可否認性(nonrepudiation)的哪些陳述是正確的?
A. 不可否認性是機密性的屬性。
B. CBC-MAC比HMAC更好地執行了不可否認性。
C. 不可否認性依賴於第三方來驗證數據的完整性和來源。
D. 信息的接收者會收到交付證明。

 

Leave a Reply