74 Chapter 3 ■ Security Architecture and Engineering (Domain 3)
- Chris is designing a cryptographic system for use within his company. The company has
1,000 employees, and they plan to use an asymmetric encryption system. How many total
keys will they need?
A. 500
B. 1,000
C. 2,000
D. 4,950 - What term is used to describe the formal declaration by a designated approving author-
ity (DAA) that an information technology (IT) system is approved to operate in a specific
environment?
A. Certification
B. Accreditation
C. Evaluation
D. Approval - Object-oriented programming languages use a black box approach to development, where
users of an object do not necessarily need to know the object’s implementation details.
What term is used to describe this concept?
A. Layering
B. Abstraction
C. Data hiding
D. Process isolation - Todd wants to add a certificate to a certificate revocation list. What element of the certifi-
cate goes on the list?
A. Serial number
B. Public key
C. Digital signature
D. Private key - Alison is examining a digital certificate presented to her by her bank’s website. Which one
of the following requirements is not necessary for her to trust the digital certificate?
A. She knows that the server belongs to the bank.
B. She trusts the certificate authority.
C. She verifies that the certificate is not listed on a CRL.
D. She verifies the digital signature on the certificate. - Which one of the following is an example of a covert timing channel when used to exfil-
trate information from an organization?
A. Sending an electronic mail message
B. Posting a file on a peer-to-peer file sharing service