CISSP PRACTICE QUESTIONS – 20210318

Effective CISSP Questions

Encryption protects confidentiality, hashing enforces data integrity, and message authentication code renders authenticity of data origin. Which of the following is the best candidate that implies all the three security properties are fulfilled?
A. AES
B. HMAC
C. CBC-MAC
D. Digital Signature Standard (DSS)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. CBC-MAC.

CBC-MAC
CBC-MAC (Source: https://en.wikipedia.org/wiki/CBC-MAC)
  • AES protects confidentiality only; it doesn’t deal with integrity.
  • Message Authentication Code (MAC), previously aka Message Integrity Code (MIC), enforces data integrity and authenticity of data origin. HMAC (Hash-based MAC) mixes the message with the shared secret to calculate the hash, while CBC-MAC renders the authentication code using a cipher and relies on the last block (using k2 as shown in the diagram above). Since a cipher is used in CBC-MAC, odds are that the message is encrypted, e.g., CCMP (Counter Mode CBC-MAC Protocol) in WPA2. If no need to use a cipher, HMAC is more appropriate.
  • The Digital Signature Standard (DSS) ensures non-repudiation, but it doesn’t take care of confidentiality. For example, when you send an email with a digital signature to your colleagues, the email is “signed” but not “encrypted.”
CIA as Security Objectives V2
CIA as Security Objectives

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

加密可保護機密性,雜湊(hash)可維持數據完整性,訊息驗證代碼(message authentication code)可呈現數據源的真實性。 以下哪一項是暗示這三個安全屬性皆可實現的最佳候選者?
A. AES
B. HMAC
C. CBC-MAC
D. Digital Signature Standard (DSS)

Leave a Reply