The Pretty Good Privacy (PGP) email encryption system was developed by
Phil Zimmerman. For encrypting messages, it actually uses AES with up to 256-bit keys,
CAST, TripleDES, IDEA and Twofish. RSA is also used in PGP, but only for symmetric key exchange and for digital signatures, but not for encryption.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography
(pages 154, 169).
More info on PGP can be found on their site at
http://www.pgp.com/display.php?pageID=29.

Section: Software Development Security

“Identification is the process by which a subject professes an identify and accountability is initiated.” Pg 149 Tittel: CISSP Study Guide
“Identification and authentication are the keystones of most access control systems. Identification is the act of a user professing an identify to a system, usually in the form of a log-on ID to the system. Identification establishes user accountability for the actions on the system. Authentication is verification that the user’s claimed identity is valid and is usually implemented through a user password at log-on time.” Pg 36 Krutz: The CISSP Prep Guide

Explanation/Reference:
Explanation:
The main challenge brought by improved security is that introducing encryption software also introduces management complexity, and in particular this means dealing with encryption keys.
An encryption key applies a set of complex algorithms to data and translates it into streams of seemingly random alphanumeric characters. There are two main types – private key (or symmetric) encryption and public key (or asymmetric) encryption.
In symmetric encryption, all users have access to one private key, which is used to encrypt and decrypt data held in storage media such as backup tapes and disk drives. Although considered generally secure, the downside is that there is only one key, which has to be shared with others to perform its function.
Asymmetric encryption comprises two elements: a public key to encrypt data and a private key to decrypt data. The public key is used by the owner to encrypt information and can be given to third parties running a compatible application to enable them to send encrypted messages back.
Managing encryption keys effectively is vital. Unless the creation, secure storage, handling and deletion of encryption keys is carefully monitored, unauthorized parties can gain access to them and render them worthless. And if a key is lost, the data it protects becomes impossible to retrieve.
Incorrect Answers:
A: Data encryption should not ‘sometimes’ be used for password files; it should always be used.
B: It is not true that data encryption is usually easily administered; it is complicated.
C: It is not true that data encryption makes few demands on system resources; encrypting data requires significant processing power.
References:
http://www.computerweekly.com/feature/Encryption-key-management-is-vital-to-securing-enterprise-data- storage

Brute force cracking is considered more difficult and must work through all possible combinations of numbers and characters.

Explanation/Reference:
Explanation:
The maximum key size is 256 bits, not 512 bits.
Rijndael is a block symmetric cipher that was chosen to fulfill the Advanced Encryption Standard. It uses a
128-bit block size and various key lengths (128, 192, 256).
The Rijndael specification is specified with block and key sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.
Incorrect Answers:
A: It is true that the key sizes must be a multiple of 32 bits.
B: It is true that the maximum block size is 256 bits.
D: It is true that the key size does not have to match the block size.
References:
http://searchsecurity.techtarget.com/definition/Rijndael
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 145

Section: Mixed questions

Explanation/Reference:
Explanation:
Computer-generated evidence normally falls under the category of hearsay evidence, or second-hand evidence, because it cannot be proven accurate and reliable. Under the U.S. Federal Rules of Evidence, hearsay evidence is generally not admissible in court. Best evidence is original or primary evidence rather than a copy or duplicate of the evidence. It does not apply to computer-generated evidence. Direct evidence is oral testimony by witness. Demonstrative evidence is used to aid the jury (models, illustrations, charts).
References: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 9: Law, Investigation, and Ethics (page 310).
ROTHKE, Ben, CISSP CBK Review presentation on domain 9.

Explanation/Reference:
Explanation:
When a file is modified or created, the file system sets the archive bit to 1. A differential backup process backs up the files that have been modified since the last full backup, but does not change the archive bit value.
Incorrect Answers:
B: A differential backup process does not change the archive bit value.
C: Because a differential backup process backs up the files that have been modified since the last full backup, the archive bit at the start of the process would be set to 1.
D: Because a differential backup process backs up the files that have been modified since the last full backup, the archive bit at the start of the process would be set to 1.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 935-936

The correct answer is Authentication. Answer “Audit trail review.” is a review of audit system data, usually done after the fact. Answer “Accountability” is holding individuals responsible for their actions, and answer d is obtaining higher-sensitivity information from a number of pieces of information of lower sensitivity.

Wire and cash transfers of $10,000 or more in a single transaction
must be reported to government officials.
Actions in answers “Subpoena of electronic records”, “Monitoring of Internet communications”, and c are permitted under the Patriot Act.
In answers “Subpoena of electronic records” and “Monitoring of Internet communications”, the government has new powers to subpoena electronic records and to monitor Internet traffic. In monitoring information, the government can require the assistance of ISPs and network operators. This monitoring can even extend into individual organizations. In the Patriot Act, Congress permits investigators to gather information about electronic mail without having to show probable cause that the person to be monitored had committed a crime or was intending to commit a crime. In
answer c, the items cited now fall under existing search and seizure
laws. A new twist is delayed notification of a search warrant. Under
the Patriot Act, if it suspected that notification of a search warrant
would cause a suspect to flee, a search can be conducted before notification of a search warrant is given.
In a related matter, the US and numerous other nations have
signed the Council of Europes Cybercrime Convention. In the
US, participation in the Convention has to be ratified by the Senate.
In essence, the Convention requires the signatory nations to spy on
their own residents, even if the action being monitored is illegal in
the country in which the monitoring is taking place.

Packet filtering firewalls use routers with packet filtering rules to grant or deny access based on source address, destination address, and port. They offer minimum security but at a very low cost, and can be an appropriate choice for a low-risk environment. Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 3, Secured Connections to External Networks (page 60).

There is no DES mode call DES-EEE1. It does not exist.
The following are the correct modes for triple-DES (3DES):
DES-EEE3 uses three keys for encryption and the data is encrypted, encrypted, encrypted;
DES-EDE3 uses three keys and encrypts, decrypts and encrypts data.
DES-EEE2 and DES-EDE2 are the same as the previous modes, but the first and third operations
use the same key.
Reference(s) used for this question:
Shon Harris, CISSP All In One (AIO) book, 6th edition , page 808
and
Official ISC2 Guide to the CISSP CBK, 2nd Edition (2010) , page 344-345

Explanation/Reference:
Explanation:
Validation is the process of determining whether the product provides the necessary solution for the real- world problem that is was created to solve.
Incorrect Answers:
A: Verification is the process of determining whether the product accurately represents and meets the design specifications given to the developers.
C: Concurrence occurs when there is a piece of software that will be accessed at the same time by different users and/or applications. It is not an issue of product development.
D: Accuracy is related to the integrity of information and systems. The integrity of information and systems requires that the information and systems remain accurate and reliable. This is ensured by preventing any unauthorized modification to the information or systems.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 23-24, 1106,
1124, 1180-1181
http://iase.disa.mil/ditscap/DITSCAP.html

LAN transmission methods refer to the way packets are sent on the network and are
either unicast, multicast or broadcast.
CSMA/CD is a common LAN media access method.
Token ring is a LAN Topology.
LAN transmission protocols are the rules for communicating between computers on a LAN.
Common LAN transmission protocols are: polling and token-passing.
A LAN topology defines the manner in which the network devices are organized to facilitate
communications.
Common LAN topologies are: bus, ring, star or meshed.
LAN transmission methods refer to the way packets are sent on the network and are either
unicast, multicast or broadcast.
LAN media access methods control the use of a network (physical and data link layers). They can
be Ethernet, ARCnet, Token ring and FDDI.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and
Network Security (page 103).
HERE IS A NICE OVERVIEW FROM CISCO:
LAN Transmission Methods
LAN data transmissions fall into three classifications: unicast, multicast, and broadcast. In each type of transmission, a single packet is sent to one or more nodes. In a unicast transmission, a single packet is sent from the source to a destination on a network. First, the source node addresses the packet by using the address of the destination node. The package is then sent onto the network, and finally, the network passes the packet to its destination. A multicast transmission consists of a single data packet that is copied and sent to a specific subset of nodes on the network. First, the source node addresses the packet by using a multicast address. The packet is then sent into the network, which makes copies of the packet and sends a copy to each node that is part of the multicast address. A broadcast transmission consists of a single data packet that is copied and sent to all nodes on the network. In these types of transmissions, the source node addresses the packet by using the broadcast address. The packet is then sent on to the network, which makes copies of the packet and sends a copy to every node on the network. LAN Topologies LAN topologies define the manner in which network devices are organized. Four common LAN topologies exist: bus, ring, star, and tree. These topologies are logical architectures, but the actual devices need not be physically organized in these configurations. Logical bus and ring topologies, for example, are commonly organized physically as a star. A bus topology is a linear LAN architecture in which transmissions from network stations propagate the length of the medium and are received by all other stations. Of the three most widely used LAN implementations, Ethernet/IEEE 802.3 networks-including 100BaseT-implement a bus topology
Sources: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 104). http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/introlan.htm