InterNetwork Defense | Securing the Future for the Commonwealth

Question 1

Which control below is most likely to detect a kernel level malware?

Network based Intrusion Detection Systems (NIDS)
Antivirus software installed on the target system
Blockchain based Digital Signatures
Trusted Platform Module (TPM)

Question 2

After a change to strengthen an existing control to meet new industry guidelines has been certified and accredited (authorized) it is implemented. Immediately, users start complaining of slow performance. Which of the following should a security manager do first?

Bring the issue up to senior management for guidance
Inform the users that the change must stay to be in line with the industry guidelines
Initiate a rollback if possible
Review the issue with the data owner

Question 3

A new exploit, taking advantage of an operating system flaw, is currently spreading rapidly on the internet through a variety of vectors including email and social networking sites. The operating system vendor has released a patch that appears to fix the vulnerability. After confirming that critical systems in an organization depend on the effected operating systems and a CISO and system owner agree to maintenance to apply the patch immediately. Which process below can be skipped?

Testing
Scheduling
Documenting
Authorization

Question 4

When connecting to an TLS server, Bob notices that the server presented two different certificates; one for the server he tried to connect to and one more. Which of the following is the most likely reason?

The web server he was connected to also gave him the certificate for a SQL server and a DNS server
The web server's certificate was issued by a subordinate CA
The web server was compromised and also provided rogue server certificates
There was a mutual trust relationship between Bob's CA and the web server's CA

Question 5

Critical systems are migrated to a hot site after a disaster. The backup operator from the recovery team receives a call from a user complaining that the data that have been restored for their system are too old to be of any use. The operator checks the tape that was used for the restore and confirms it was indeed the most recent backup and that the tape was created only the night before. What is the most likely cause of the problem?

The user is looking at a cached copy
The data was restored to the wrong directory
There is a network latency issue
Recovery point objectives are very short

Question 6

Recovery Point Objectives (RPO) values are best described as?

The amount of time it should take to restore data
Acceptable service level objectives including supplies required to continue operations
The amount of data loss that can be tolerated
The amount of time it should take to restore operations

Question 7

The scope of ISO/IEC 27002 includes which of the following?

Standards for information security management systems
Mandatory requirements for audit objectives
Guidance on development of security standards
Policies on controls objectives

Question 8

Which of the following is likely the BEST evidence of due care with regards to governance oversight?

Risk Assessment results
IT staff has a robust and effective change management process
The CISO reports to the CIO
The steering committee regularly reviews audit data

Question 9

Intellectual property rights are the primary focus of which organization?

World Trade Organization (WTO)
Organization of Economic Cooperative Development (OECD)
International Intellectual Property Organization (IIPO)
World Intellectual Property Organization (WIPO)

Question 10

Which of the following intellectual property laws provides confidentiality protection?

Trademark
Trade Secret
Copyright
Patent

Question 11

Granting access to an object can be based on identity of a subject, however this can present process challenges for both administration and server CPU usage. Which of the following allows for implicit access control, by grouping subjects together with similar needs?

Attribute Based
Role Based
Rule Based
Mandatory

Question 12

In what stage of a system development life cycle would be of most use to a subject matter expert to verify their builds?

Design
Develop
Requirements
Testing

Question 13

To address a contract agreement with a new client, management is required to select stronger encryption algorithms. What directive needs to be modified to define the specifications for these new algorithms?

Policies
Standards
Baselines
Procedures

Question 14

Insurance is mostly associated with what risk treatment approach? It reduces

Likelihood
Exposures
Vulnerabilities
Impact

Question 15

An information owner has specified a particular file’s security category (SC) as {(confidentiality, low), (integrity, high), (availability, medium)}. Which of the following algorithms would be most appropriate for ensuring the highest requirement?

SHA2
AES
RSA
MD5

Question 16

Which of the following would be the best counter measure to protect from a Cross Site Request Forgery (CSRF)?

Tokens
Input Validation
Strong Encryption
Sand Boxing

Question 17

Who is ultimately responsible to see that information assets are properly categorized?

Chief Executive Officer / Head of Agency
Data Owner
System Owner
Chief Information Security Officer

Question 18

Which of the following best explains the use of asymmetric algorithms?

Data encryption and integrity
Integrity and authentication
SSL & IPSec
Signing and key exchange

Question 19

The finance department requires that accountants rotate their roles as a control that falls into which category?

Detective administrative
Directive technical
Preventive technical
Physical deterrent

Question 20

An organization is in the process of implementing an intrusion detection system consisting of dozens of sensors placed at various vulnerability points on their network infrastructure. What process below is MOST imperative?

Sensors must be placed on DMZ networks
Rules need to be updated based on vendor suggestions
The management console should have a trusted path to the sensors
The system must be tailored to the organizations needs

Question 21

Which of the following best explains the difference between using certificate revocation lists versus the online certificate status protocol?

CRLs are only updated once a day, where OCSP updates are real time
OCSP uses serial numbers to request the current state
CLRs require a reboot
OCSP is only supported in private PKI certificate authorities

Question 22

If a database system isn’t properly developed and configured to check input variables, which of the following is the most likely attack vectors?

SQL_Injection
Stack Based Buffer Overflow
Heap Based Buffer Overflow
Cross Site Scripting

Question 23

A system engineer would like to design a backup system that allows an operator to perform backups on all system data without giving the operator file system rights. What should the engineer consider?

The Clark Wilson model
A SANS device
Role Based Access Control
Least privilege and need to know. In this case the operator by nature must have read access only.

Question 24

A remote database user maliciously enters a command in a user input dialog box, and manages to execute a command to upgrade his rights in the system. Which recommended remediation method is least likely to mitigate this risk?

The system should check for input length
The system should check for input type
The system should block data control language from remote locations
The system should implement a mandatory access control

Question 25

Which process below entails a detailed objective review of a system’s features and service assurances, often by a third party, to ensure compliance to a set of requirements?

Accreditation
Assessment
Audit
Certification

Question 26

To address a compliance requirement, management is required to select stronger key lengths for their established algorithms. What directive needs to be modified to define the specifications for these new keys?

Policies
Standards
Baselines
Procedures

Question 27

To be certified under the ISO/IEC 15408 a product must meet a series of functional and assurance requirements. A vendor of a given product must provide a detailed list of the features and assurance claims, so that evaluators can conduct testing, in a document referred to as:

The Protection Profile
The Security Target
The an Orange Book
The Target of Evaluation

Question 28

A rogue application required administrator privileges during the installation by an unsuspecting system owner. It was discovered later that the application contained a back door, and was attempting to contact an external IP address. Why would simply removing the application likely fail to remove the back door?

The application modified a user profile
The application modified a program DLL
The application modified an application EXE
The application modified a device driver

Question 29

Which of the following statements is incorrect?

To ensure the integrity of data create a message digest
To ensure privacy, encrypt the data with a symmetric key and the symmetric key with the receiver’s private key
To validate the sender, encrypt the message digest with the sender’s private key
To obtain the fastest method to encrypt data use a symmetric, shared secret key

Question 30

Which step in a TLS handshake is used to select or reject a cipher suite?

Client Syn
Server Syn/Ack
Client Hello
Server Hello

Question 31

Elliptical Curve Cryptography is far more efficient than either Diffie Hellman or RSA. For example, it would require over 15,000 bits in an RSA key to provide the equivalent entropy to an ECC key of only 512 bits. Since an asymmetric system provides two basic purposes, key agreement and hash authentication, which of the following is the algorithm that is based on ECC for authenticating hash values?

ECDHE
ECDH
ECHASH
ECDSA

Question 32

What is the primary purpose of emergency lighting?

To allow rescue teams to search for distressed personnel after a power failure
Illumination of evacuation routes
To assist in CCTV controls during a threatening situation
Lighting is an effective deterrent

Question 33

Many organizations use access badges for the purpose of ingress authentication. What is primary reason an organization would also implement egress authentication?

To discourage piggybacking and tailgating
To provide pass back protection
To allow for logical access termination
To track contractors and temporary employees

Question 34

A CISO has been asked to design a physical access solution to an organizations premise that employs smart cards. In addition to new readers, what other component is most required to gain the full benefits of smart cards versus memory cards?

DNS
A domain controller
An SQL server
A certificate authority

Question 35

Which VPN method is less likely to work through NAT?

SSL/TLS
IPSec AH
IPSec ESP
PPTP

Question 36

To validate a claimed identity, which of the following best describes authentication tokens

Time-based access control
Sensitivity labels
Access control lists
Credentials

Question 37

To protect the central store of passwords, most systems have adopted the best practice of not actually storing a password, only hash values of the password. However, if hash is based on only the password value, which of the following is a serious concern?

An attacker could pre-compute hash values
An attacker could inject collisions
An attacker could reverse the hash value
An attacker could spoof the hash value

Question 38

A CISO is asked to assist a process owner review the services provided by a cloud provider for a given application using the SaaS model. The process owner doesn’t want their users to have to maintain a separate set of credentials to gain access to the provider network. Which technology below would most likely assist the CISO if supported?

Kerberos
RADIUS
TACACS+
SAML

Question 39

Why is MD5 not as popular as it used to be?

It is highly vulnerable to Known Plain Text Attacks
It is highly vulnerable to Collisions
It is highly vulnerable to Clustering
It is highly vulnerable to Chosen Plain Text Attacks with differential analysis

Question 40

The most basic way to authenticate is Type 1 or “Something a user knows”. However stronger methods have been developed that can be based on what the user has or even through a biometric. Which protocol below allows the use of other credential types?

Two factor authentication
PAP
CHAP
EAP

Question 41

Kerberos provides which of the following services?

Confidentiality, Integrity & Authenticity
Confidentiality, Authenticity & Non-Repudiation
Authenticity, Accessibility & Authenticity
Confidentiality, Integrity & Availability

Question 42

A penetration test is authorized and currently underway. A tester sends a TCP SYN on port 53 to a system and receives a SYN/ACK. Which of the following is most likely to assume?

The system is listening on port 443 as well
The system is a DNS primary server
The system is DNS backup
The system is a live host

Question 43

Which of the following control is more likely to provide confidentiality protection?

Rotation of Duties
Segregation of Duties
Dual Control
Quality assurance

Question 44

An organization wants to contract with a cloud provider. The organization would like to maintain control over guest operating systems so that OS patch management can be under their control. Which Model would be most appropriate?

Platform as a Service (PaaS)
Software as a Service (SaaS)
Hardware as a Service (HaaS)
Infrastructure as a Service (IaaS)

Question 45

Due to new laws governing the actions taken by companies when customer-identifiable information is collected, a senior manager directs internal auditors to analyze the company’s exposure to the new regulations. The results of the audit identify a number of potential violations. What is the most appropriate action to take?

Consult outside advice to ensure that the audit is accurate
Conduct a gap analysis to prioritize ways to close the gaps
Review the company’s privacy policy and determine the necessary changes
Take steps to encrypt the sensitive data to protect the information

Question 46

Bob is hired to perform a penetration test for Griffin Space Tech, a leading space exploration company. Alice is nearly killed when her navigation system is interrupted by what turned out to be a test on a system that was not supposed to be part of the test. What Directive, if defined and understood, most likely may have prevented such a problem?

Rules of engagement
Concept of operations
Statement of work
Exception reports

Question 47

A person in Applications Development writes a new module for a production customer tracking system. This module may increase productivity significantly for the organization, leading to substantial savings over time. Another person in Development has tested the module and has found no problem with the code. Which of the following is not recommended?

The new code should be implemented as soon as independent evaluator personnel certify the module
The module should go to Operations for implementation
An accrediting official should wait for the results of certification
All changes must be logged in the configuration management database (CMDB)

Question 48

What types of tests are required for ISO/IEC-15408?

Technical and Physical
Technical and Functional
Storage and Timing
Functionality and Assurance

Question 49

An organization’s software development department has demonstrated a consistent ability to effectively repeat their processes and documented them in a shared area. What would likely follow to further the processes level of growth?

The processes should be made more efficient
The processes should be measured
The processes should be counted
The processes should be defined

Question 50

Which of the following ways to check for input validation problems should be performed first?

Fuzzing to see how the input buffers respond to various input types and lengths
Vulnerability Scanning to check for both missing patches and weak configurations
Reviewing documented configuration baselines
Code reviews before compilation of the source

Question 51

Many implementations of various authentication protocols, such as EAP-MD5 can provide authentication of a client to a server but not the reverse. Which vulnerability below would likely affect systems with such limitations?

Lack of mutual authentication could allow rogue infrastructure
Heap Based Buffer Overflows
Stack Based Buffer Overrun
Port Redirection to evade intrusion detection and/or prevention systems and firewalls

Question 52

Which of the following is not an example of civil law?

Contract
Property
Tort
Regulatory

Question 53

Which of the following is out of place?

High, medium, low rankings
Subjective intuition
Objective opinions
Value

Question 54

Standards have been decided on for an organization’s endpoint security for mobile devices. Which would follow next to direct users on how to support the security policy?

Baselines
Training
Procedures
Guidelines

Question 55

A Data owner is primarily responsible for valuation of an asset. What other processes are the primary responsibility of the data owner?

Categorizing and capability assignment
Access rights and custodial assignments
Administration and classification
Compartmentalization and operations

Question 56

A CISO has met with a process owner and performed a risk assessment, identifying a potential exposure of PII. Before defining an architecture for stronger controls, what should the CISO do first?

Confirm with IT the use of approved standards
Assess existing controls
Ask the data owner for more input
Have the strategy for the control approved by users

Question 57

Having a process to regularly review vulnerability databases and initiate patching where appropriate is most associated with which of the following control categories?

Detective administrative
Directive technical
Preventive technical
Physical deterrent

Question 58

A CISO reviews an insurance policy to indemnify an organization should an accident occur to a machine due to accidental mistreatment. What situation below would most likely be the reason the CISO would decide not to implement the insurance policy?

Likelihood of failure is low
There is already a backup to ensure continuity of operations
Impact values are below risk metrics
The cost of the control exceeds asset value

Question 59

The cost of acquisition or development of a control is most likely far less than the costs associated with the cost of administration. In addition, the total cost of ownership should also include?

TCO
Impact on performance
Purchase price
Incentives

Question 60

Which of the following is considered the most secure way to ensure there is no residual data left at a cloud provider after termination of the service contract?

Delete all data from all sites
Low level formatting of all involved disk arrays
Delete the symmetric data encryption keys
Delete designated key encryption keys

Question 61

Which of the following is the output of a hashing algorithm that is authenticated symmetrically?

Message Digest
Digital Signature
Hashed Massage Authentication Code
Electronic Signature

Question 62

Which of the following best describes the difference between a Stream Cipher and a Block cipher?

Stream ciphers only substitute bits, where block ciphers substitute and transpose or permutate
Stream ciphers are slower than block ciphers
Stream ciphers are considered more effective than block ciphers
Stream ciphers encrypt a bit at a time where block ciphers encrypt along an elliptical curve

Question 63

What is the relationship of focal length to field of view?

They are inversely proportional
They are directly proportional
They are abstractly proportional
They are unrelated

Question 64

With regards to an intrusion detection system, what is meant by an insertion attack?

Enabling attackers to insert themselves into a system without detection
Injecting false data to mislead an IDS
Adding additional rules to misclassify an attack
Code injection attacks

Question 65

Voice Over IP or VOIP, uses two protocols; the Session Initiation Protocol (SIP) to initiate and maintain the session and one to carry the voice traffic. Which protocol listed below performs this second function?

Transport Layer Security
Point to Point Tunneling Protocol
Voice Telephony Protocol
Real-time Transport Protocol

Question 66

One of the many weaknesses of WEP is that the key used to authenticate to the access point is also used to encrypt data. WPA2 fixes this problem by using separate keys for these functions. To derive the encryption key, a function is run using a number of inputs including?

Pairwise Master Key
Digital Signing Key
A Diffie Hellman agreement
Elliptical Curves

Question 67

In organizations where it is considered unacceptable risk to allow a user to make entitlement changes which access control model would be most appropriate?

Digitally signed tokens by trusted 3rd parties
Mandatory Access Control
Role Based Access Control
Two factor authentication with high entropy

Question 68

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are both examples of which of the following?

Mandatory Access Control (MAC)
Graham Denning Model
Segregation of Duties
Attribute Based Access Control

Question 69

Which of the following is most likely to affect a change in an organization’s BC/DR policy?

Failure of critical infrastructure technology
Change in staff
Identity theft incident
Legal requirement

Question 70

To ensure performance as expected, management has implemented continuous monitoring of a given control. Which of the following are the most important metrics to record and review for security status trending?

Key Performance Indicators (KPIs)
Key Risk Indicators (KRIs)
Key Goal Indicators (KGIs)
Key Usage Indicators (KUIs)

Question 71

Which of the following about penetration testing is most true? Penetration tests…

Can assure management security is effective
Can identify best practices
Can guarantee requirements are being met
Can be used to test controls

Question 72

Which test type provides the most assurance that contingency technologies specified in the DR plan are appropriate in a most cost-effective manner, without impact to production?

Simulation
Desk Check
Parallel
Bell Lapadula

Question 73

Which access control concept refers to isolating memory so processes can protect from violations of the need to know principle?

Multilevel
Dedicated
System High
Compartmented

Question 74

Which of the following is a threat model?

OWASP
ISO/IEC
Risk Registers
STRIDE

Question 75

At what stage in the BC/DR life cycle are the specific criticality metrics determined?

Project initiation
Functional requirements
System Design
Testing and Exercising

Question 76

What is a common term for spam over VOIP?

SPAV
SPIT
VAM
VASP

Question 77

A Vendor releases a hot fix for their operating system which was certified under the Common Criteria (ISO/IEC 15409) through NIAP at EAL Level 4. After the fix is applied, which of the following is true?

The new certification is EAL 5
It must be recertified
The Vendor must update the Security Target
There would be no change to their certification

Question 78

At what stage of a development life cycle do users validate the new system?

Verification
Design
Operations
Testing

Question 79

What the common term used to describe the property of algorithm to mitigate chosen plain text attacks that use differential analysis to guess variables?

Initialization Vector
Random Number Generator Effectiveness
Salting
Avalanche Effect

Question 80

The primary purpose of exercising recovery plans is to:

Test the plan for accuracy
Meet industry specific regulations
Identify gaps in technical infrastructures and their ability to meet the recovery time objectives
Train personnel

Question 81

Without encryption, VOIP traffic is vulnerable to sniffing. To protect against such attacks various protocols have been suggest and applied. Which method below encrypts the actual voice data?

SRTP
SIP-TLS
RTPS over OSPF
RTP-TLS

Question 82

WPA2 made significant improvements to wireless networking over WEP. However there are still attacks that may work against it to derive the data encryption key. Which of the following is most true?

In personal mode the data encryption key is based on a passphrase which could be guessed online via deauth attacks
In personal mode the data encryption key is based on a passphrase which could be guessed offline
In enterprise mode, deauth attacks can reveal the data encryption key
In enterprise mode deauth attacks are used to reveal the passphrase which is used to generate the data encryption key

Question 83

If a program is to support mutilevel data, which of the following would allow the program to be trusted not to share memory from one level to another?

The program would have to maintain containers to isolate memory for each classification
The program would have to be compartmented to provide memory segmentation
The program would have to use different process domains to allow for polymorphic data types
The program would have to support polyinstantiation to allow it to run in separated memory locations

Question 84

Who would be in the best position to confirm the appropriateness of the contingency plans after a test and exercise?

Security management
Operations management
User management
Senior management

Question 85

Which of the following is the biggest risk to PKI?

Registration Authorities issuing keys to unauthenticated to rogue CAs
Users downloading unsigned certificates
Man in the Middle attacks
Rogue CAs

Question 86

Which of the following is most true about Fuzzing?

Fuzzing is used to test the input controls on a web server and is considered a white box test
Fuzzing is used to test input validation and is considered a crystal box test
Fuzzing can be used to test external control mechanisms and is considered a black box test
Fuzzing can be used to test input controls and is considered a way to automate negative testing

Question 87

What is the relationship between Maximum Tolerable Downtime or MTD and Recovery Time Objectives or RTO?

They are different terms for the same concept
RTO must be less than MTD to allow for the initial emergency response including damage assessment
RTO is greater than the MTD to provide safe evacuation of the facility
RTO is for people and MTD is for processes

Question 88

Which of the following protocols allows for multiple network protocol types, including broadcast, multicast and other non routable layer 2 traffic, to be routed over an IP network through a tunnel?

IPSec Tunnels
GRE
IPSec Transports
TLS

Question 89

Which of the following helped improve issues with the Initialization Vectors used in WEP as opposed to when implemented in WPA2?

WPA2 used longer IVs to provide replay protection
WPA2 uses 48 bit IVs compared to the 24 bit IVs used in WEP to allow for more randomness assessment
WPA2 IVs are 128 bits compared to the 64 bit IVs in WEP to mitigate cipher text only attacks
WPA2 IVs are longer than whose used in WEP to mitigate related key attacks

Question 90

During a BIA, Alice notices that data for an online customer order tracking system is backed up nightly to a remote system. However if there were a disk crash, there could be a loss of up to a full day’s transactions. When Alice informs the process owner, the owner performs a needs analysis do determine an acceptable backup schedule. What metric would Alice use to design a more appropriate solution?

Risk Assessment
Business Impact Assessment
Recovery Point Objective (RPO)
Maximum Tolerable Downtime (MTD)

Question 91

Biometrics can be used to identify and authenticate a subject. First a subject must be enrolled in a database that contains the subjects identity and unique characteristics in a reference file. Which of the following is used to both identify and authenticate the subject when their biometric characteristic is supplied by a reader?

Two Factor
Something you know and something you are/do
One to one matching
One to many comparisons

Question 92

In remote access solutions, passwords are often used to authenticate subjects. Early systems would send the password in clear text, however making it vulnerable to interception. While encryption can protect a password, it has become desirable to use additional methods to allow a subject to be authenticate using tokens, biometrics and other methods. Which of the following can optionally be configured to perform mutual authentication using PKI?

EAPOL (802.1x)
EAP-MD5
EAP-TLS
EAP-TTLS

Question 93

During a BC/DR exercise, a critical system was not recovered in the required time frame. An assessment by an independent observer identified a gap in the point of contact list accuracy. After further analysis, it was determined that the human resource records were not consistent with the contact lists in the call trees. Which of the following is most likely to improve the process?

Better training for the team members to understand such problems are common
Change in BC/DR policy to require more efficient technologies
Synchronizing the Human Resource systems to auto update the point of contact lists
Threat analysis

Question 94

Which two types of attacks are likely most difficult to prevent?

Active attacks such as malware and privilege escalation
Passive attacks such as storage and timing
Passive attacks such as sniffing and scanning
Active attacks such as fraud and covert channels

Question 95

Most production applications, such as those provided by third parties through cloud SaaS models are encrypted through transport layer protocols such as SSL/TLS. However, even when all data in the payload of a transport is kept confidential from eavesdroppers, there is still a threat to the communication that would possibly allow attackers to determine otherwise private information. Which of the following attacks could more likely determine confidential information over an encrypted channel?

Social Engineering could be used to locate private keys
Traffic analysis and pattern recognition
Network scanning and DDoS
Man in the Browser attacks implemented through phishing

Question 96

Bob is asked to perform a business impact analysis for the customer service department. He is currently reviewing the service level agreements to determine the most cost effective plan. Which of the following metrics will MOST help Bob in his analysis?

Resource Dependency Analysis
Supply Chain Management
Impact Assessment
Minimum Operating Requirements

Question 97

To determine the most appropriate controls of an organization’s needs, all assets must be identified and valued. As part of the valuation, it is best practice to consider the impact if an asset is compromised and experiences loss of confidentiality, integrity and or availability. These losses could come from man made or natural events. What process is used to determine if an asset could be effected by such events?

Criticality Metrics
Threat Analysis
Impact Assessment
Vulnerability Analysis

Question 98

Blockchain based consensus protocols promise to revolutionize many of the processes and applications that power the internet and other parts of society, including financial systems, agriculture and even voting by using hashing and asymmetric signing algorithms. Multisignature (multisig) is often use to mitigate fraud in such system as a way of implementing what best practice below?

Dual Control
Separation of Duties
Trusted Third Parties
Trusted Identity Verification

Question 99

After understanding the recovery time objectives for the human resources department, Alice reviewed various alternate data processing facilities to determine which would allow a recovery process in the required time frame. She found that while it would be less expensive to lease a site from a provider, there was no vendor with a site close enough to the primary site to meet the timing constraints. She therefore decided the organization should build its own facility. At what stage in the life cycle does Alice make such decisions?

During the Business Impact Analysis
Management review
Design
Gap Analysis

Question 100

Advances in quantum computing appear to be on the verge of cracking our most common protocols used for key agreement and signing. Many newer algorithms are currently being developed to treat this risk including lattice based systems and perhaps even quantum cryptography. Besides being resistant to Shor’s algorithm, what other feature makes quantum encryption attractive?

Digital Signatures would be unbreakable
If session keys are compromised it is detectable
Signing strength is nearly infinite
It would provide true one time pads

CISSP Final Quiz

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

31. Question

32. Question

33. Question

34. Question

35. Question

36. Question

37. Question

38. Question

39. Question

40. Question

41. Question

42. Question

43. Question

44. Question

45. Question

46. Question

47. Question

48. Question

49. Question

50. Question

51. Question

52. Question

53. Question

54. Question

55. Question

56. Question

57. Question

58. Question

59. Question

60. Question

61. Question

62. Question

63. Question

64. Question

65. Question

66. Question

67. Question

68. Question

69. Question

70. Question

71. Question

72. Question

73. Question

74. Question