CISSP PRACTICE QUESTIONS – 20210225

Effective CISSP Questions

A subject is authenticating to the ID provider. Which of the following is not a cryptographic function or cipher and provides the lowest level of security in the authentication process?
A. Base64 for the encoding of ID and password in HTTP basic authentication
B. Electronic Codebook (ECB) that produces repeated patterns
C. Hash-based message authentication code (HMAC)
D. Cipher block chaining message authentication code (CBC-MAC)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Base64 for the encoding of ID and password in HTTP basic authentication.

Even though the HTTP basic authentication does use Base64 to encode User ID and password, HTTP transmits the encoding in clear text and relies on HTTPS to enforce security.

Cipher and codes differ. Literally, codes depend on the secrecy of the codebook, instead of the confusion by the secret key. Base64 uses a public mapping table.

Hash or message authentication code (MAC) are typical cryptographic functions that protect data integrity and authenticity respectively. They are commonly used in authentication processes.

The following table used by Base64 is excerpted from Wikipedia:

Index Binary Char Index Binary Char Index Binary Char Index Binary Char
0 000000 A 16 010000 Q 32 100000 g 48 110000 w
1 000001 B 17 010001 R 33 100001 h 49 110001 x
2 000010 C 18 010010 S 34 100010 i 50 110010 y
3 000011 D 19 010011 T 35 100011 j 51 110011 z
4 000100 E 20 010100 U 36 100100 k 52 110100 0
5 000101 F 21 010101 V 37 100101 l 53 110101 1
6 000110 G 22 010110 W 38 100110 m 54 110110 2
7 000111 H 23 010111 X 39 100111 n 55 110111 3
8 001000 I 24 011000 Y 40 101000 o 56 111000 4
9 001001 J 25 011001 Z 41 101001 p 57 111001 5
10 001010 K 26 011010 a 42 101010 q 58 111010 6
11 001011 L 27 011011 b 43 101011 r 59 111011 7
12 001100 M 28 011100 c 44 101100 s 60 111100 8
13 001101 N 29 011101 d 45 101101 t 61 111101 9
14 001110 O 30 011110 e 46 101110 u 62 111110 +
15 001111 P 31 011111 f 47 101111 v 63 111111 /
Padding =

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

一個主體(subject)正在向ID提供者(ID provider)進行身份驗證。 以下哪一項不是密碼功能(cryptographic function)或加密器(cipher),並且在身份驗證過程中提供了最低級別的安全性?
A. Base64,用於HTTP基本身份驗證(basic authentication)中ID和密碼的編碼
B. 產生重複樣態(pattern)的Electronic Codebook (ECB)
C. Hash-based message authentication code (HMAC)
D. Cipher block chaining message authentication code (CBC-MAC)

Leave a Reply