Effective CISSP Questions

You are evaluating cryptographic functions to encrypt data transmitted on networks. Which of the following is incorrect? (Wentz QOTD)
A. Triple DES3-EEE means three keys are involved.
B. AES uses a larger block size than DES.
C. AES may not involve an initiation vector.
D. AES specifies block and key sizes that may be any multiple of 32 bits.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. AES specifies block and key sizes that may be any multiple of 32 bits.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.


Both DES (Data Encryption Standard) and AES (Advanced Encryption Standard) are the encryption STANDARD of the United States. The legacy DES used Lucifer, developed by IBM, while the current standard, AES, specified Rijndael via open selection. It’s common to refer to DES and AES as the cipher itself. For example, AES and Rijndael differ in that, “Rijndael per se is specified with block and key sizes that may be any multiple of 32 bits, with a minimum of 128 and a maximum of 256 bits.” However, AES specifies a “fixed block size” of 128 bits, but the key size has three choices: 128, 192, or 256 bits. (Wikipedia)

DES and AES are block ciphers. A block is a group of bits. A block is the basic processing unit of block ciphers. DES divides data into 64-bit blocks, while AES process data in 128-bit blocks. However, the key may not be equal to the data block. The DES key size is nominally 64-bit (8 bytes), but each bit of a byte is the so-called parity bit used for error control. So, the effective key length is 56 bits (64-8=56). The DES block size is much smaller than its successor, AES, which uses a 128-bit block.

Because block ciphers use the fixed size of blocks, the plaintext can not always be divided into whole blocks or multiples of the block size. “Padding” is the process of adding data into the plaintext so that it can be divided into complete blocks. The location (beginning, middle, or end), unit (bit or byte), and pattern (all zeros or ones) are issues of padding. ANSI X9.23, PKCS#5, PKCS#7, ISO/IEC 7816-4, etc. are standards dealing with the data pattern of padding.

AES in ECB mode may not involve an initialization vector (IV). Block ciphers can work in various modes of operation. The most well-known Electronic Code Book (ECB) doesn’t involve an initiation vector but may generate repeated patterns.

DES was developed in the early 1970s at IBM and based on an earlier design by Horst Feistel. It is approved as a US encryption standard in 1976. Triple DES (3DES/TDES) is a workaround to DES after broken in the 1990s. 3DES applies the same DES algorithm three times to increase the work factor. 3DES needs three keys (one for each DES operation); however, the key used the first time can be used the third time of processing. Nominally, 3DES uses three keys, but it can literally use two keys (the first time and the third time employ the same key). DES3-EEE means apply DES encryption three times using three distinct keys.


您正在評估加密功能以加密在網絡上傳輸的數據。 以下哪個是不正確的? (Wentz QOTD)
A. 三重 Triple DES3-EEE 意味著使用三個密鑰。
B. AES 使用比 DES 更大的區塊。
C. AES 可不使用初始向量(Initiation Vector)。
D. AES 指定的塊和密鑰大小可以是 32 位的任意倍數。

1 thought on “CISSP PRACTICE QUESTIONS – 20210629

  1. Pingback: AES(高級加密標準) – Choson資安大小事

Leave a Reply