Hard CISSP Practice Questions - Domain Wise (400 Questions)

5. Which of the following is true about private key cryptography?

Answer: d) Different keys are used for encryption and decryption. (However, the explanation provided in the question contains an error. Private key cryptography does offer nonrepudiation through the use of digital signatures where a unique digital signature is created using the sender's private key which can be verified by others using the sender's public key. This ensures that the sender cannot deny having sent the message.)

6. Which of the following models employs sensitivity labels such as top secret and secret?

Answer: c) MAC (Mandatory Access Control)

7. A digital certificate endorsed by a CA contains the issuer name, public key of david.cooper@itpro.com as well as the serial number, period of validity and the signature algorithm used. Which of the following is NOT true about this certificate?

Answer: c) It certifies that David Cooper is the subject. (The explanation provided in the question actually clarifies why this statement is incorrect.)

8. Which of the following is a MORE serious concern for biometric authentication systems?

Answer: a) False positives

9. An organization wants to test a software but does not have access to its source code. Which of the following is NOT a valid type of testing?

Answer: d) SAST (Static Application Security Testing) requires access to the source code. DAST and Blackbox testing do not require source code access, while fuzzing can be performed without knowledge of the source code but by sending unexpected or random data to the application's input mechanisms.

10. Demonstrating to someone that you know the password to a lock without sharing it with that person is an example of?

Answer: b) Zero-knowledge proof