« 返回题库列表2026 CISSP考试试题与答案详解|高频题库+备考经验提升通过率
问题 #1
Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability?
A. A risk.
B. A residual risk.
C. An exposure.
D. A countermeasure.
问题 #2
Which of the following is responsible for MOST of the security issues?
A. Outside espionage
B. Hackers
C. Personnel
D. Equipment failure
问题 #3
Which of the following is the most costly countermeasure to reducing physical security risks?
A. Procedural Controls
B. Hardware Devices
C. Electronic Systems
D. Security Guards
问题 #4
Which one of the following authentication mechanisms creates a problem for mobile users?
A. Mechanisms based on IP addresses
B. Mechanism with reusable passwords
C. One-time password mechanism.
D. Challenge response mechanism.
问题 #5
In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process?
A. Known-plaintext attack
B. Ciphertext-only attack
C. Chosen-Ciphertext attack
D. Plaintext-only attack
问题 #6
The RSA algorithm is an example of what type of cryptography?
A. Asymmetric Key.
B. Symmetric Key.
C. Secret Key.
D. Private Key.
问题 #7
What algorithm was DES derived from?
A. Twofish.
B. Skipjack.
C. Brooks-Aldeman.
D. Lucifer.
问题 #8
What is a characteristic of using the Electronic Code Book mode of DES encryption?
A. A given block of plaintext and a given key will always produce the same ciphertext.
B. Repetitive encryption obscures any repeated patterns that may have been present in the plaintext.
C. Individual characters are encoded by combining output from earlier encryption routines with plaintext.
D. The previous DES output is used as input.
问题 #9
Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?
A. Use of public key encryption to secure a secret key, and message encryption using the secret key.
B. Use of the recipient's public key for encryption and decryption based on the recipient's private key.
C. Use of software encryption assisted by a hardware encryption accelerator.
D. Use of elliptic curve encryption.
问题 #10
Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private"
A. The sender and recipient have reached a mutual agreement on the encryption key exchange that they will use.
B. The channels through which the information flows are secure.
C. The recipient's identity can be positively verified by the sender.
D. The sender of the message is the only other person with access to the recipient's private key.
问题 #11
Kerberos depends upon what encryption method?
A. Public Key cryptography.
B. Secret Key cryptography.
C. El Gamal cryptography.
D. Blowfish cryptography.
问题 #12
Which of the following statements is TRUE about data encryption as a method of protecting data?
A. It should sometimes be used for password files
B. It is usually easily administered
C. It makes few demands on system resources
D. It requires careful key management
问题 #13
Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?
A. Rivest, Shamir, Adleman (RSA)
B. El Gamal
C. Elliptic Curve Cryptography (ECC)
D. Advanced Encryption Standard (AES)
问题 #14
How many bits is the effective length of the key of the Data Encryption Standard algorithm?
问题 #15
The primary purpose for using one-way hashing of user passwords within a password file is which of the following?
A. It prevents an unauthorized person from trying multiple passwords in one logon attempt.
B. It prevents an unauthorized person from reading the password.
C. It minimizes the amount of storage required for user passwords.
D. It minimizes the amount of processing time used for encrypting passwords.
问题 #16
Which of the following issues is not addressed by digital signatures?
A. nonrepudiation
B. authentication
C. data integrity
D. denial-of-service
问题 #17
Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?
A. The use of good key generators.
B. The use of session keys.
C. Nothing can defend you against a brute force crypto key attack.
D. Algorithms that are immune to brute force key attacks.
问题 #18
The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?
A. 64 bits of data input results in 56 bits of encrypted output
B. 128 bit key with 8 bits used for parity
C. 64 bit blocks with a 64 bit total key length
D. 56 bits of data input results in 56 bits of encrypted output
问题 #19
PGP uses which of the following to encrypt data?
A. An asymmetric encryption algorithm
B. A symmetric encryption algorithm
C. A symmetric key distribution system
D. An X.509 digital certificate
问题 #20
A public key algorithm that does both encryption and digital signature is which of the following?
A. RSA
B. DES
C. IDEA
D. Diffie-Hellman
问题 #21
Which of the following is NOT true of Secure Sockets Layer (SSL)?
A. By convention it uses 's-http://' instead of 'http://'.
B. Is the predecessor to the Transport Layer Security (TLS) protocol.
C. It was developed by Netscape.
D. It is used for transmitting private information, data, and documents over the Internet.
问题 #22
The Physical Security domain focuses on three areas that are the basis to physically protecting enterprise's resources and sensitive information. Which of the following is NOT one of these areas?
A. Threats
B. Countermeasures
C. Vulnerabilities
D. Risks
问题 #23
Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard?
A. Twofish
B. Serpent
C. RC6
D. Rijndael
问题 #24
Compared to RSA, which of the following is true of Elliptic Curve Cryptography (ECC)?
A. It has been mathematically proved to be more secure.
B. It has been mathematically proved to be less secure.
C. It is believed to require longer key for equivalent security.
D. It is believed to require shorter keys for equivalent security.
问题 #25
Which of the following algorithms does NOT provide hashing?
A. SHA-1
B. MD2
C. RC4
D. MD5
问题 #26
Which of the following protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec?
A. Authentication Header (AH)
B. Encapsulating Security Payload (ESP)
C. Secure Sockets Layer (SSL)
D. Secure Shell (SSH-2)
问题 #27
Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet?
A. Secure Electronic Transaction (SET)
B. MONDEX
C. Secure Shell (SSH-2)
D. Secure Hypertext Transfer Protocol (S-HTTP)
问题 #28
Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext?
A. known plaintext
B. brute force
C. ciphertext only
D. chosen plaintext
问题 #29
Which of the following is NOT a true statement regarding the implementation of the 3DES modes?
A. DES-EEE1 uses one key
B. DES-EEE2 uses two keys
C. DES-EEE3 uses three keys
D. DES-EDE2 uses two keys
问题 #30
Which one of the following is a key agreement protocol used to enable two entities to agree and generate a session key (secret key used for one session) over an insecure medium without any prior secrets or communications between the entities? The negotiat
A. RSA
B. PKI
C. Diffie_Hellmann
D. 3DES
问题 #31
Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on?
A. Caesar
B. The Jefferson disks
C. Enigma
D. SIGABA
问题 #32
In a known plaintext attack, the cryptanalyst has knowledge of which of the following?
A. the ciphertext and the key
B. the plaintext and the secret key
C. both the plaintext and the associated ciphertext of several messages
D. the plaintext and the algorithm
问题 #33
What is the length of an MD5 message digest?
A. 128 bits
B. 160 bits
C. 256 bits
D. varies depending upon the message size.
问题 #34
The Secure Hash Algorithm (SHA-1) creates:
A. a fixed length message digest from a fixed length input message.
B. a variable length message digest from a variable length input message.
C. a fixed length message digest from a variable length input message.
D. a variable length message digest from a fixed length input message.
问题 #35
The RSA Algorithm uses which mathematical concept as the basis of its encryption?
A. Geometry
B. 16-round ciphers
C. PI (3.14159...)
D. Two large prime numbers
问题 #36
The Clipper Chip utilizes which concept in public key cryptography?
A. Substitution
B. Key Escrow
C. An undefined algorithm
D. Super strong encryption
问题 #37
Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?
A. S/MIME and SSH
B. TLS and SSL
C. IPsec and L2TP
D. PKCS#10 and X.509
问题 #38
What is the role of IKE within the IPsec protocol?
A. peer authentication and key exchange
B. data encryption
C. data signature
D. enforcing quality of service
问题 #39
In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?
A. Pre Initialization Phase
B. Phase 1
C. Phase 2
D. No peer authentication is performed
问题 #40
What is NOT an authentication method within IKE and IPsec?
A. CHAP
B. Pre shared key
C. certificate based authentication
D. Public key authentication
问题 #41
What is NOT true with pre shared key authentication within IKE / IPsec protocol?
A. Pre shared key authentication is normally based on simple passwords
B. Needs a Public Key Infrastructure (PKI) to work
C. IKE is used to setup Security Associations
D. IKE builds upon the Oakley protocol and the ISAKMP protocol.
问题 #42
In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term?
A. Subordinate CA
B. Top Level CA
C. Big CA
D. Master CA
问题 #43
What is the primary role of cross certification?
A. Creating trust between different PKIs
B. Build an overall PKI hierarchy
C. set up direct trust to a second root CA
D. Prevent the nullification of user certificates by CA certificate revocation
问题 #44
What kind of encryption is realized in the S/MIME-standard?
A. Asymmetric encryption scheme
B. Password based encryption scheme
C. Public key based, hybrid encryption scheme
D. Elliptic curve based encryption
问题 #45
What is the main problem of the renewal of a root CA certificate?
A. It requires key recovery of all end user keys
B. It requires the authentic distribution of the new root CA certificate to all PKI participants
C. It requires the collection of the old root CA certificates from all the users
D. It requires issuance of the new root CA certificate
问题 #46
Critical areas should be lighted:
A. Eight feet high and two feet out.
B. Eight feet high and four feet out.
C. Ten feet high and four feet out.
D. Ten feet high and six feet out.
问题 #47
What attribute is included in a X.509-certificate?
A. Distinguished name of the subject
B. Telephone number of the department
C. secret key of the issuing CA
D. the key pair of the certificate holder
问题 #48
Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA?
A. PKCS #17799
B. PKCS-RSA
C. PKCS#1
D. PKCS#11
问题 #49
The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the fac
A. Critical-channel analysis
B. Covert channel analysis
C. Critical-path analysis
D. Critical-conduit analysis
问题 #50
The DES algorithm is an example of what type of cryptography?
A. Secret Key
B. Two-key
C. Asymmetric Key
D. Public Key
问题 #51
Which of the following encryption methods is known to be unbreakable?
A. Symmetric ciphers.
B. DES codebooks.
C. One-time pads.
D. Elliptic Curve Cryptography.
问题 #52
Which of the following questions is LESS likely to help in assessing physical access controls?
A. Does management regularly review the list of persons with physical access to sensitive facilities?
B. Is the operating system configured to prevent circumvention of the security software and application controls?
C. Are keys or other access devices needed to enter the computer room and media library?
D. Are visitors to sensitive areas signed in and escorted?
问题 #53
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?
A. Wave pattern motion detectors
B. Capacitance detectors
C. Field-powered devices
D. Audio detectors
问题 #54
Which of the following Kerberos components holds all users' and services' cryptographic keys?
A. The Key Distribution Service
B. The Authentication Service
C. The Key Distribution Center
D. The Key Granting Service
问题 #55
There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?
A. public keys
B. private keys
C. public-key certificates
D. private-key certificates
问题 #56
Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following is NOT a component that
A. Administrative control mechanisms
B. Integrity control mechanisms
C. Technical control mechanisms
D. Physical control mechanisms
问题 #57
Which of the following is TRUE about digital certificate?
A. It is the same as digital signature proving Integrity and Authenticity of the data
B. Electronic credential proving that the person the certificate was issued to is who they claim to be.
C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user.
D. Can't contain geography data such as country for example.
问题 #58
What kind of encryption technology does SSL utilize?
A. Secret or Symmetric key
B. Hybrid (both Symmetric and Asymmetric)
C. Public Key
D. Private Key
问题 #59
What is the name of a one way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string? Such a transformation cannot be reversed.
A. One-way hash
B. DES
C. Transposition
D. Substitution
问题 #60
Which of the following is NOT an asymmetric key algorithm?
A. RSA
B. Elliptic Curve Cryptosystem (ECC)
C. El Gamal
D. Data Encryption Standard (DES)
问题 #61
Which of the following is NOT a symmetric key algorithm?
A. Blowfish
B. Digital Signature Standard (DSS)
C. Triple DES (3DES)
D. RC5
问题 #62
Which of the following asymmetric encryption algorithms is based on the difficulty of factoring LARGE numbers?
A. El Gamal
B. Elliptic Curve Cryptosystems (ECCs)
C. RSA
D. International Data Encryption Algorithm (IDEA)
问题 #63
The Diffie-Hellman algorithm is primarily used to provide which of the following?
A. Confidentiality
B. Key Agreement
C. Integrity
D. Non-repudiation
问题 #64
FIPS-140 is a standard for the security of which of the following?
A. Cryptographic service providers
B. Smartcards
C. Hardware and software cryptographic modules
D. Hardware security modules
问题 #65
Which of the following can best define the "revocation request grace period"?
A. The period of time allotted within which the user must make a revocation request upon a revocation reason
B. Minimum response time for performing a revocation by the CA
C. Maximum response time for performing a revocation by the CA
D. Time period between the arrival of a revocation request and the publication of the revocation information
问题 #66
Which is NOT a suitable method for distributing certificate revocation information?
A. CA revocation mailing list
B. Delta CRL
C. OCSP (online certificate status protocol)
D. Distribution point CRL
问题 #67
Which encryption algorithm is BEST suited for communication with handheld wireless devices?
A. ECC (Elliptic Curve Cryptosystem)
B. RSA
C. SHA
D. RC4
问题 #68
Which of the following keys has the SHORTEST lifespan?
A. Secret key
B. Public key
C. Session key
D. Private key
问题 #69
What is the RESULT of a hash algorithm being applied to a message?
A. A digital signature
B. A ciphertext
C. A message digest
D. A plaintext
问题 #70
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?
A. Message non-repudiation.
B. Message confidentiality.
C. Message interleave checking.
D. Message integrity.
问题 #71
Which of the following services is NOT provided by the digital signature standard (DSS)?
A. Encryption
B. Integrity
C. Digital signature
D. Authentication
问题 #72
What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?
A. Key collision
B. Key clustering
C. Hashing
D. Ciphertext collision
问题 #73
Which of the following is TRUE about link encryption?
A. Each entity has a common key with the destination node.
B. Encrypted messages are only decrypted by the final node.
C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised.
D. Only secure nodes are used in this type of transmission.
问题 #74
What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition?
A. Running key cipher
B. One-time pad
C. Steganography
D. Cipher block chaining
问题 #75
Guards are appropriate whenever the function required by the security program involves which of the following?
A. The use of discriminating judgment
B. The use of physical force
C. The operation of access control devices
D. The need to detect unauthorized access
问题 #76
What is the maximum number of different keys that can be used when encrypting with Triple DES?
问题 #77
What algorithm has been selected as the AES algorithm, replacing the DES algorithm?
A. RC6
B. Twofish
C. Rijndael
D. Blowfish
问题 #78
Which of the following is a symmetric encryption algorithm?
A. RSA
B. Elliptic Curve
C. RC5
D. El Gamal
问题 #79
Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic?
A. SSL or TLS
B. 802.1X
C. ARP Cache Security
D. SSH - Secure Shell
问题 #80
What type of key would you find within a browser's list of trusted root CAs?
A. Private key
B. Symmetric key
C. Recovery key
D. Public key
问题 #81
Where in a PKI infrastructure is a list of revoked certificates stored?
A. CRL
B. Registration Authority
C. Recovery Agent
D. Key escrow
问题 #82
The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to communicate securely with each other is given by which of the following?
A. K(N – 1)/ 2
B. N(K – 1)/ 2
C. K(N + 1)/ 2
D. N(N – 1)/ 2
问题 #83
In which mode of DES, will a block of plaintext and a key always give the same ciphertext?
A. Electronic Code Book (ECB)
B. Output Feedback (OFB)
C. Counter Mode (CTR)
D. Cipher Feedback (CFB)
问题 #84
Which of the following would best describe certificate path validation?
A. Verification of the validity of all certificates of the certificate chain to the root certificate
B. Verification of the integrity of the associated root certificate
C. Verification of the integrity of the concerned private key
D. Verification of the revocation status of the concerned certificate
问题 #85
What is the name for a substitution cipher that shifts the alphabet by 13 places?
A. Caesar cipher
B. Polyalphabetic cipher
C. ROT13 cipher
D. Transposition cipher
问题 #86
Which of the following standards concerns digital certificates?
A. X.400
B. X.25
C. X.509
D. X.75
问题 #87
Which fire class can water be most appropriate for?
A. Class A fires
B. Class B fires
C. Class C fires
D. Class D fires
问题 #88
What is the effective key size of DES?
A. 56 bits
B. 64 bits
C. 128 bits
D. 1024 bits
问题 #89
Which of the following offers confidentiality to an e-mail message?
A. The sender encrypting it with its private key.
B. The sender encrypting it with its public key.
C. The sender encrypting it with the receiver's public key.
D. The sender encrypting it with the receiver's private key.
问题 #90
Which of the following is not a DES mode of operation?
A. Cipher block chaining
B. Electronic code book
C. Input feedback
D. Cipher feedback
问题 #91
What size is an MD5 message digest (hash)?
A. 128 bits
B. 160 bits
C. 256 bits
D. 128 bytes
问题 #92
Which of the following service is not provided by a public key infrastructure (PKI)?
A. Access control
B. Integrity
C. Authentication
D. Reliability
问题 #93
In a Public Key Infrastructure, how are public keys published?
A. They are sent via e-mail.
B. Through digital certificates.
C. They are sent by owners.
D. They are not published.
问题 #94
Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender?
A. Message Authentication Code - MAC
B. PAM - Pluggable Authentication Module
C. NAM - Negative Acknowledgement Message
D. Digital Signature Certificate
问题 #95
Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys, passwords or certificates in a component located on the motherboard of a computer?
A. TPM - Trusted Platform Module
B. TPM - Trusted Procedure Module
C. Smart Card
D. Enigma Machine
问题 #96
Which of the following statements pertaining to stream ciphers is TRUE?
A. A stream cipher is a type of asymmetric encryption algorithm.
B. A stream cipher generates what is called a keystream.
C. A stream cipher is slower than a block cipher.
D. A stream cipher is not appropriate for hardware-based encryption.
问题 #97
Which of the following statements pertaining to block ciphers is NOT true?
A. It operates on fixed-size blocks of plaintext.
B. It is more suitable for software than hardware implementations.
C. Plain text is encrypted with a public key and decrypted with a private key.
D. Some Block ciphers can operate internally as a stream.
问题 #98
Cryptography does NOT help in:
A. detecting fraudulent insertion.
B. detecting fraudulent deletion.
C. detecting fraudulent modification.
D. detecting fraudulent disclosure.
问题 #99
What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)?
A. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.
B. The OCSP (Online Certificate Status Protocol) is a proprietary certificate mechanism developed by Microsoft and a Certificate Revocation List (CRL) is an open standard.
C. The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate Revocation List (CRL) is used by Certificate Authorities
D. The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate and a Certificate Revocation List (CRL) is used by Certificate Authorities.
问题 #100
Which of the following is BEST at defeating frequency analysis?
A. Substitution cipher
B. Polyalphabetic cipher
C. Transposition cipher
D. Ceasar cipher
问题 #101
A code, as is pertains to cryptography:
A. is a generic term for encryption.
B. is specific to substitution ciphers.
C. deals with linguistic units.
D. is specific to transposition ciphers.
闽公网安备 35012102500533号
|
闽ICP备18010967号-7