SSCP Exam Results

In a ciphertext-only attack, the attacker has the ciphertext of several messages encrypted with the same encryption algorithm. Its goal is to discover the plaintext of the messages by figuring out the key used in the encryption process. In a known-plaintext attack, the attacker has the plaintext and the ciphertext of one or more messages. In a chosen-ciphertext attack, the attacker can chose the ciphertext to be decrypted and has access to the resulting plaintext.

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 8: Cryptography (page 578).

Triple DES encrypts a message three times. This encryption can be accomplished in several ways. The most secure form of triple DES is when the three encryptions are performed with three different keys.

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 152).

Which means the company understands the level of risk it is faced.

The following answers are incorrect because :

Reject the risk is incorrect as it means ignoring the risk which is dangerous.

Perform another risk analysis is also incorrect as the existing risk analysis has already shown the results.

Reduce the risk is incorrect is applicable after implementing the countermeasures.

Reference : Shon Harris AIO v3 , Chapter-3: Security Management Practices , Page : 39

The Answer: Risk: The potential for harm or loss to an information system or network; the probability that a threat will materialize.

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Pages 16, 32.