Effective CISSP Questions

You employ a symmetric cipher to protect data at rest. Which of the following is the most feasible secret key providing the highest level of security? (Wentz QOTD)
A. Fixed 128-bit key
B. Complicated password
C. A key with a length between 2048 and 3072 bits
D. A randomly generated key with the lowest level of entropy

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Fixed 128-bit key.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

NIST Recommendation for Key Management
NIST Recommendation for Key Management

It’s common that symmetric ciphers nowadays typically employ a secret key with a length between 128 and 256 bits. Block ciphers use fixed-length keys, while stream ciphers use a fix-length key to generate a keystream that works like a conveyor belt and looks unlimited.

  • Complicated passwords or pre-shared keys are typically used as parameters to generate cryptographic keys, which are random and unpredictable, instead of acting as the key to encrypt data directly.
  • A key with a length between 2048 and 3072 bits implies asymmetric encryption, typically employed to exchange secret keys or digitally sign documents.
  • A randomly generated key should have a reasonably high level of entropy.
Keystream as Conveyor Belt
Keystream as Conveyor Belt
RC4 - Stream Cipher
RC4 – Stream Cipher


Entropy is a measure of the disorder, randomness or variability in a closed system. An entropy value is between 0 and 1. The higher an entropy value is, the more unpredictable a key generator is.

Entropy Source Model
Entropy Source Model (Source: NIST SP 800-90B)


您使用對稱密碼來保護靜態數據。 以下哪項是提供最高安全級別的最可行的密鑰? (Wentz QOTD)
A. 固定 128 位元的密鑰
B. 複雜的密碼
C. 長度介於2048 和 3072位元 之間的一個密鑰
D. 隨機生成的具有最低熵(entropy)的密鑰

Leave a Reply