Читаем CISSP Practice полностью

d. Tamper prevention and tamper correction

5. a. For cryptographic module, tamper detection and tamper response are not substitutes for tamper evidence. Tamper evidence is the external indication that an attempt has been made to compromise the physical security of a cryptographic module. The sequence of events taking place is as follows: Tamper prevention comes first, detection comes next or at the same time as prevention, evidence comes next or at the same time as detection, and response or correction comes last. The evidence of a tamper attempt should be observable by the module operator subsequent to the attempt. Tamper detection is the automatic determination by a cryptographic module that an attempt has been made to compromise the physical security of the module. Tamper response is demonstrated through tamper correction, which is the automatic action taken by a cryptographic module when a tamper attempt has been detected.

6. Which of the following analyzes the variations of the electrical power consumption of a cryptographic module to extract information about cryptographic keys?

a. Timing analysis attack

b. Differential power analysis attack

c. Simple power analysis attack

d. Electromagnetic emanation attack

6. b. Differential power analysis attack (side-channel attack) considers the variations of the electrical power consumption of a cryptographic module to correlate to cryptographic keys used in a cryptographic algorithm.

The other three choices are incorrect because they do not consider the power differential. A timing analysis attack is an attack on a cryptographic module that is based on an analysis of time periods between the time a command is issued and the time the result is obtained. A simple power analysis attack considers the patterns of instruction execution to reveal the values of cryptographic keys. An electromagnetic emanation attack uses signals to disclose information that is transmitted, received, handled, or processed by any equipment.

7. Which of the following physical security devices is authorized for the protection of unclassified and nonsensitive IT assets?

a. Smart cards

b. Memory cards

c. Hardware tokens

d. Physical tokens

7. d. The physical tokens are authorized for the protection of nonmission-critical, unclassified, and nonsensitive IT assets. Physical tokens consist of keys and unique documents, such as hand-carried orders. When the smart card is used as a repository of information without requiring the cardholder to input a PIN or without presenting a biometric reference sample, the smart card is implemented as a memory card. Hardware tokens can be integrated into either a physical access control or logical access control solution.

8. From a cryptographic module’s physical security viewpoint, tamper-evident seals or pick-resistant locks are placed on covers or doors to protect against unauthorized physical access to which of the following?

a. Environmental equipment

b. Critical security parameters

c. Configuration management system

d. Data center furniture

8. b. Tamper-evident coatings or seals or pick-resistant locks are placed on removable covers or doors of the cryptographic module so that they must be broken to attain physical access to the critical security parameters (CSPs). The other three choices do not use pick-resistant locks because they are not high risk.

9. The cryptographic modules that contain software must provide for which of the following to prevent and detect the disclosure and modification of critical security parameters?

1. Encryption

2. Authentication

3. Fluctuations in temperature

4. Fluctuations in voltage

a. 1 only

b. 2 only

c. 1 and 2

d. 1, 2, 3, and 4

9. d. The cryptographic modules that contain software must provide for the encryption and authentication of all retained parameters and integrity test code when the module is not in use. In addition, environmental failure protection mechanisms that protect the module from fluctuations in temperature and voltage are needed.

10. The highest security level of cryptographic modules requires the environmental failure protection from which of the following?

1. Nonvisual radiation examination