CISSP Practice question #115

What would be a common attack on data at rest?
A: Cryptanalysis.
B: Shoulder surfing.
C: Eavesdropping.
D: All of these.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


A: Data at Rest (Stored Data): This is data on Disks, Tapes, CDs/DVDs, USB Sticks. We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs). Encryption can be Hardware or Software Encryption.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like

41 Comments

  1. Cryptology is the science of secure communications.
    Cryptography creates messages whose meaning is hidden, cryptanalysis is the science of breaking encrypted messages (recovering their meaning). Many use the term cryptography in place of cryptology: it is important to remember that cryptology encompasses both cryptography
    and cryptanalysis.

  2. Answer: A: Cryptanalysis.

    Definition – What does Cryptanalysis mean?
    Cryptanalysis is the decryption and analysis of codes, ciphers or encrypted text. Cryptanalysis uses mathematical formulas to search for algorithm vulnerabilities and break into cryptography or information security systems.

    Cryptanalysis attack types include:

    Known-Plaintext Analysis (KPA): Attacker decrypt ciphertexts with known partial plaintext.
    Chosen-Plaintext Analysis (CPA): Attacker uses ciphertext that matches arbitrarily selected plaintext via the same algorithm technique.
    Ciphertext-Only Analysis (COA): Attacker uses known ciphertext collections.
    Man-in-the-Middle (MITM) Attack: Attack occurs when two parties use message or key sharing for communication via a channel that appears secure but is actually compromised. Attacker employs this attack for the interception of messages that pass through the communications channel. Hash functions prevent MITM attacks.
    Adaptive Chosen-Plaintext Attack (ACPA): Similar to a CPA, this attack uses chosen plaintext and ciphertext based on data learned from past encryptions.

  3. Cryptanalysis refers to the study of ciphers, ciphertext, or cryptosystems (that is, to secret code systems) with a view to finding weaknesses in them that will permit retrieval of the plaintext from the ciphertext, without necessarily knowing the key or the algorithm. This is known as breaking the cipher, ciphertext, or cryptosystem.

Leave a Reply