CISSP PRACTICE QUESTIONS – 20210912

Effective CISSP Questions

Which of the following least likely enforces integrity in a mandatory access control environment? (Wentz QOTD)
A. Assign an attribute as the primary key in a relation
B. Encrypt the digest of a document using the recipient’s public key as the digital signature
C. Generate the message authentication code using a block cipher
D. Prevent a subject at a lower security level from writing information to a higher level object

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Encrypt the digest of a document using the recipient’s public key as the digital signature.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

CIA as Security Objectives V2
CIA as Security Objectives

In the FISMA, authenticity and nonrepudiation are properties of integrity, even though they are separated from integrity in the US DoD Information Assurance program and the US Cybersecurity policy.

To encrypt the digest of a document as the digital signature shall use the sender’s private key, instead of the recipient’s public key.

Relational Database Integrity

There are three types of relational database integrity: entity, semantic, and referential integrity. Assigning an attribute as the primary key in a relation (table) enforces entity integrity.

RDBMS - Table
RDBMS – Table
RDBMS - Relationships
RDBMS – Relationships

Message Authentication Code (MAC)

Message Authentication Code (MAC) enforces authenticity, a property of integrity. It can be generated based on hash functions or cryptographic ciphers. HMAC and CBC-MAC are good examples. Generating the message authentication code using a block cipher is an example of CBC-MAC, used in WPA2 CCMP.

CBC-MAC
CBC-MAC (Source: https://en.wikipedia.org/wiki/CBC-MAC)

Biba Model

The Biba Model enforces integrity by preventing information from flowing to a higher security level through simple and star integrity axioms/properties. The start integrity axiom prevents a subject at a lower security level from writing information to a higher-level object.

Biba Model
Biba Model

Reference


以下哪項最不可能在強制訪問控制(MAC)的環境中強化完整性? (Wentz QOTD)
A. 在一個關聯(relation)中指定一個屬性(attribute)作為主鍵(primary key)
B. 使用接收者的公鑰加密文件的摘要(digest)作為數位簽章
C. 使用區塊型加密器(block cipher)生成訊息驗證代碼(MAC)
D. 防止較低安全級別的主體(subject)將信息寫入較高級別的客體(object)



Leave a Reply