Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)?
Correct Answer: D
The following answers are incorrect: It has been mathematically proved to be less secure. ECC has not been proved to be more or less secure than RSA. Since ECC is newer than RSA, it is considered riskier by some, but that is just a general assessment, not based on mathematical arguments. It has been mathematically proved to be more secure. ECC has not been proved to be more or less secure than RSA. Since ECC is newer than RSA, it is considered riskier by some, but that is just a general assessment, not based on mathematical arguments. It is believed to require longer key for equivalent security. On the contrary, it is believed to require shorter keys for equivalent security of RSA. Shon Harris, AIO v5 pg719 states: "In most cases, the longer the key, the more protection that is provided, but ECC can provide the same level of protection with a key size that is shorter that what RSA requires" The following reference(s) were/was used to create this question: ISC2 OIG, 2007 p. 258 Shon Harris, AIO v5 pg719
Question 628
Which of the following statements pertaining to link encryption is false?
Correct Answer: C
When using link encryption, packets have to be decrypted at each hop and encrypted again. Information staying encrypted from one end of its journey to the other is a characteristic of end-to-end encryption, not link encryption. Link Encryption vs. End-to-End Encryption Link encryption encrypts the entire packet, including headers and trailers, and has to be decrypted at each hop. End-to-end encryption does not encrypt the IP Protocol headers, and therefore does not need to be decrypted at each hop. Reference: All in one, Page 735 & Glossary and Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 6).
Question 629
The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization?
Correct Answer: D
The other answers are not correct because: You are always looking for the "best" answer. While each of the answers listed here could be considered correct in that each of them require input from the security staff, the best answer is for that input to happen at all phases of the project. Reference: Official ISC2 Guide page: 556 All in One Third Edition page: 832 - 833
Question 630
Which of the following server contingency solutions offers the highest availability?
Correct Answer: D
Section: Risk, Response and Recovery Explanation/Reference: Of the offered technologies, load balancing/disk replication offers the highest availability, measured in terms of minutes of lost data or server downtime. A Network-Attached Storage (NAS) or a Storage Area Network (SAN) solution combined with virtualization would offer an even higher availability. Source: SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, December 2001 (page 49).
Question 631
Which of the following is an advantage that UDP has over TCP?
Correct Answer: C
Section: Network and Telecommunications Explanation/Reference: UDP is a scaled-down version of TCP. It is used like TCP, but only offers a "best effort" delivery. It is connectionless, does not offer error correction, does not sequence the packet segments, and less reliable than TCP but because of its lower overhead, it provides a faster transmission than TCP. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 86).