[CCCure CISSP] Qs6 Cryptography: cccure QuizEngn doubts

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Qs6 Cryptography: cccure QuizEngn doubts

Amlan Deb
Hello everyone,
 
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them. Request you to please provide a quick reply as I need to appear for the exam in the month of July.
 
Thanks,
Amlan
 

Doubt#6
========

103. 

1.     Question: 1122 | Difficulty: 4/5 | Relevancy: 3/3

Which of the following is not provided by a public key infrastructure (PKI)?

o      Access control

o      Integrity

o      Authentication

o     Reliability

You did not provide any answer to this question. Please review details below.

A Public Key Infrastructure (PKI) provides confidentiality, access control, integrity, authentication and non-repudiation. It does not provide reliability.

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org.

Contributor: Christian Vezina

Covered topic: <A title="Public key infrastructure (PKI) - A system of Certification Authorities that perform some set of certificate management, archive management, key management, and token management functions for a community of users in an application of asymmetric cryptograp" href="javascript:void(0)">Public key infrastructure (PKI)

 

My doubt:  Is my understanding correct that:

1. PKI can provide confidentiality by way of using receiver’s public key to encrypt a message?

2. PKI can provide authentication and non-repudiation by way of using the sender’s private key to sign a message?

3. For any symmetric or asymmetric cryptography algorithm to provide integrity as a service, we need to involve a hashing algorithm. Can any symmetric/ asymmetric  algorithm provide integrity as a service by default without using a hashing algorithm?

4. Please explain how PKI can provide access control and integrity?

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Qs6 Cryptography: cccure QuizEngn doubts

clementdupuis
Administrator

On Sun, Jun 2, 2013 at 4:23 PM, Amlan Deb <[hidden email]> wrote:

My doubt:  Is my understanding correct that:

1. PKI can provide confidentiality by way of using receiver’s public key to encrypt a message?

2. PKI can provide authentication and non-repudiation by way of using the sender’s private key to sign a message?

3. For any symmetric or asymmetric cryptography algorithm to provide integrity as a service, we need to involve a hashing algorithm. Can any symmetric/ asymmetric  algorithm provide integrity as a service by default without using a hashing algorithm?

4. Please explain how PKI can provide access control and integrity?

Good day Amlan,

From the questions presented, it seems that you will need to go over the whole cryptography domain in details.  

1. PKI can provide confidentiality by way of using receiver’s public key to encrypt a message?

CORRECT!

2. PKI can provide authentication and non-repudiation by way of using the sender’s private key to sign a message?

CORRECT AS LONG AS YOU HAVE A VALID PKI IN PLACE!

3. For any symmetric or asymmetric cryptography algorithm to provide integrity as a service, we need to involve a hashing algorithm. Can any symmetric/ asymmetric  algorithm provide integrity as a service by default without using a hashing algorithm?

THe short answer is:  NO

However, there are implementation such as CBC-MAC which was once used.  See description from Wikepedia below:

In cryptography, a cipher block chaining message authentication code (CBC-MAC) is a technique for constructing a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode to create a chain of blocks such that each block depends on the proper encryption of the previous block. This interdependence ensures that a change to any of the plaintext bits will cause the final encrypted block to change in a way that cannot be predicted or counteracted without knowing the key to the block cipher.

4. Please explain how PKI can provide access control and integrity?

A digital certificate can be use as an access control mechanism either on the logical side or even the physical side today.   For example to access many of the .mil websites on the net you need to have a certificate issued by the DoD which is usually kept on a smartcard (CAC Card).

Integrity of course is through the usage of digital signature.

Best regards

Clement



Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner
CLO @ SecureNinja.Com
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Qs6 Cryptography: cccure QuizEngn doubts

Stephens
In reply to this post by Amlan Deb
Amlan,

You are presenting some great highlights 
of the Cryptography CBK by asking your questions
to the group and getting feedback. Interpretation will make or
break you on this exam. However, instead of blasting the entire group
with your questions I would do the following - 


Suggestion:

I would join or establish a local study group or even
a virtual conference online and discuss specific concepts
with a few others. Interacting with others and hearing their
perspective on this material will SOLIDIFY it for you. I personally
don't mind reading your emails. It gives me that split second snapshot of a question
while driving, cooking, playing with my kids, etc. However, I can see how
it could be frustrating to others though.

Good luck my friend!

Tim

CCNA, SEC+, NET+, LINUX+, LPIC-1, A+, DELL DCSE
B.A. MGT of INFO SYS

On Jun 2, 2013, at 2:23 PM, Amlan Deb <[hidden email]> wrote:

Hello everyone,
 
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them. Request you to please provide a quick reply as I need to appear for the exam in the month of July.
 
Thanks,
Amlan
 

Doubt#6
========

103. 

1.     Question: 1122 | Difficulty: 4/5 | Relevancy: 3/3

Which of the following is not provided by a public key infrastructure (PKI)?

o      Access control

o      Integrity

o      Authentication

o     Reliability

You did not provide any answer to this question. Please review details below.

A Public Key Infrastructure (PKI) provides confidentiality, access control, integrity, authentication and non-repudiation. It does not provide reliability.

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org.

Contributor: Christian Vezina

Covered topic: <a title="Public key infrastructure (PKI) - A system of Certification Authorities that perform some set of certificate management, archive management, key management, and token management functions for a community of users in an application of asymmetric cryptograp" href="javascript:void(0)">Public key infrastructure (PKI)

 

My doubt:  Is my understanding correct that:

1. PKI can provide confidentiality by way of using receiver’s public key to encrypt a message?

2. PKI can provide authentication and non-repudiation by way of using the sender’s private key to sign a message?

3. For any symmetric or asymmetric cryptography algorithm to provide integrity as a service, we need to involve a hashing algorithm. Can any symmetric/ asymmetric  algorithm provide integrity as a service by default without using a hashing algorithm?

4. Please explain how PKI can provide access control and integrity?
_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Qs6 Cryptography: cccure QuizEngn doubts

Amlan Deb
Hi All,
 
Sorry I saw the below message a bit late.
 
Didn't want my mails to be an anoyance - would have preferred to send my questions in 10 attachments in a single mail to be very honest but since that was not allowed so I thought this was the normal way.
 
Anyways... no more individual question mails :).
 
Thanks,
Amlan


--- On Mon, 6/3/13, Stephens <[hidden email]> wrote:

From: Stephens <[hidden email]>
Subject: Re: [CCCure CISSP] Qs6 Cryptography: cccure QuizEngn doubts
To: "The CISSP Study Mailing list" <[hidden email]>
Cc: "[hidden email]" <[hidden email]>
Date: Monday, June 3, 2013, 9:04 AM

Amlan,

You are presenting some great highlights 
of the Cryptography CBK by asking your questions
to the group and getting feedback. Interpretation will make or
break you on this exam. However, instead of blasting the entire group
with your questions I would do the following - 


Suggestion:

I would join or establish a local study group or even
a virtual conference online and discuss specific concepts
with a few others. Interacting with others and hearing their
perspective on this material will SOLIDIFY it for you. I personally
don't mind reading your emails. It gives me that split second snapshot of a question
while driving, cooking, playing with my kids, etc. However, I can see how
it could be frustrating to others though.

Good luck my friend!

Tim

CCNA, SEC+, NET+, LINUX+, LPIC-1, A+, DELL DCSE
B.A. MGT of INFO SYS

On Jun 2, 2013, at 2:23 PM, Amlan Deb <amlan_deb999@...> wrote:

Hello everyone,
 
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them. Request you to please provide a quick reply as I need to appear for the exam in the month of July.
 
Thanks,
Amlan
 

Doubt#6
========

103. 

1.     Question: 1122 | Difficulty: 4/5 | Relevancy: 3/3

Which of the following is not provided by a public key infrastructure (PKI)?

o      Access control

o      Integrity

o      Authentication

o     Reliability

You did not provide any answer to this question. Please review details below.

A Public Key Infrastructure (PKI) provides confidentiality, access control, integrity, authentication and non-repudiation. It does not provide reliability.

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org.

Contributor: Christian Vezina

Covered topic: Public key infrastructure (PKI)

 

My doubt:  Is my understanding correct that:

1. PKI can provide confidentiality by way of using receiver’s public key to encrypt a message?

2. PKI can provide authentication and non-repudiation by way of using the sender’s private key to sign a message?

3. For any symmetric or asymmetric cryptography algorithm to provide integrity as a service, we need to involve a hashing algorithm. Can any symmetric/ asymmetric  algorithm provide integrity as a service by default without using a hashing algorithm?

4. Please explain how PKI can provide access control and integrity?
_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
CISSPstudy@...

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

-----Inline Attachment Follows-----

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
CISSPstudy@...

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org