View SSCP Exam Questions

Q: 1

What is the name of a one way transformation of a string of characters into a usually shorter fixed- length value or key that represents the original string? Such a transformation cannot be reversed?

Options

Discussion

Anita S. Feb 17, 2026 2:57 pm

A . DES sounds tempting but it's reversible, unlike a hash. Some folks mix up substitution here but that's definitely not one-way.

Ryan D. Feb 18, 2026 8:47 am

Option A

Jamie B. Mar 1, 2026 2:30 am

Could be B here since DES is a well-known string transformation too, and it outputs a fixed length. I know DES is encryption so you can reverse it with the key, but the question wasn't super clear on reversibility for me. If I'm missing something obvious let me know.

Vikram W. Feb 17, 2026 7:45 am

Probably A since hashes are one-way and the others can actually be reversed.

Ravi B. Feb 12, 2026 6:23 pm

A, but I always second guess when they mention "cannot be reversed" since some ciphers confuse me on wording.

Emma J. Feb 20, 2026 5:59 pm

Yeah, I'm thinking A fits best here since hash functions are explicitly one-way, can't go back to the source even if you try. C and D (transposition and substitution) are both forms of cipher that can usually be reversed with the right info. Not totally sure if I'm missing a use case though.

Aisha U. Feb 14, 2026 5:34 am

C/D? If the hash output length was longer than input, would that flip things?

CuriousCandidate3753 Feb 23, 2026 4:26 pm

Why are so many picking D? Isn't substitution usually reversible if you know the system, unlike a one-way hash?

ThoughtfulLead1046 Feb 14, 2026 8:03 am

D . Substitution makes sense to me since it's a way of transforming characters and sometimes results in a different string. The question just says the output can't be reversed, and basic substitution methods can get complex enough that reversing isn't practical. Not sure if that's exactly what they want here, but that's how I read it. Anyone see it differently?

Aisha V. Feb 16, 2026 9:07 am

Had something like this in a mock exam, it's A. One-way hash is designed to be irreversible, just like the question says. B (DES) can be decrypted if you have the key, so it doesn't fit here. Open to correction but pretty confident.

Be respectful. No spam.

Correct Answer:

Explanation

A one-way hash is a cryptographic function that meets all the criteria described. It takes an input of arbitrary length (a string of characters) and produces a fixed-length string, known as a hash value or message digest. The core properties of a cryptographic hash function are that it is deterministic (the same input always produces the same output), fast to compute, and, crucially, "one-way." This one-way property, also known as preimage resistance, makes it computationally infeasible to determine the original input string from its hash value, meaning the transformation cannot be reversed.

Why Incorrect

B. DES: This is a symmetric-key encryption algorithm. It is a two-way, reversible process used for confidentiality, not a one-way transformation.

C. Transposition: A classical encryption cipher that rearranges the order of characters. It is reversible and does not produce a fixed-length output.

D. Substitution: A classical encryption cipher that replaces characters with other characters. It is also reversible and does not produce a fixed-length output.

References

1. National Institute of Standards and Technology (NIST). (2015). FIPS PUB 180-4

Secure Hash Standard (SHS). Section 1

"Introduction

" states

"A hash algorithm is used to compute a condensed representation of a message or a data file... For a given algorithm

the message digests are of a fixed length..."

2. Katz

& Lindell

Y. (2014). Introduction to Modern Cryptography (2nd ed.). CRC Press. In Chapter 5

Section 5.1

a hash function is defined as a function that maps arbitrary-length strings to a fixed-length output. The property of being "one-way" is formally defined as preimage resistance.

3. Stallings

W. (2017). Cryptography and Network Security: Principles and Practice (7th ed.). Pearson. Chapter 11

Section 11.1

"Secure Hash Algorithms

" describes the fundamental requirements for a cryptographic hash function

including the one-way property (preimage resistance) and the production of a fixed-length hash value.

Q: 2

A multinational corporation has detected unusual activity suggesting that an attacker has gained access to the hypervisor layer of their virtual environment. What is the most critical immediate step the security team should take to mitigate the threat?

Options

Discussion

Olivia P. Feb 24, 2026 7:46 pm

C imo. Cutting the hypervisor off the network is key for containment before anything else.

Ivy P. Feb 24, 2026 4:53 pm

Why not check the official guide or incident response playbooks for escalation steps on hypervisor compromise?

Priya B. Feb 25, 2026 6:45 pm

D , ISC2 puts too much weight on disconnecting but patching feels more actionable sometimes.

Kevin F. Feb 22, 2026 9:38 am

Its D

Emma K. Feb 16, 2026 2:44 am

Containment always takes priority so definitely C here.

Luna M. Mar 4, 2026 5:12 pm

Why does ISC2 keep mixing up patching with containment on these? C/D always causes noise, but here it’s C.

Chris W. Feb 23, 2026 4:42 am

Not B, C. Restarting VMs (B) won't help if the attacker already has hypervisor access-they could just get back in or pivot again. Disconnecting (C) is classic containment, lines up with incident response basics. Open to discussion if someone sees it differently.

QuietLearner3612 Feb 28, 2026 10:54 pm

Likely C is the way to go. Disconnecting the hypervisor cuts off attacker access right away, which matches IR best practices for containment. D trips some folks up since patching is important, but it doesn't stop what's already happening. Open to corrections if I missed something.

Mason O. Mar 1, 2026 9:32 am

Probably C. If the attacker still has access, disconnecting the hypervisor contains any network-based compromise right away.

Daniel I. Feb 27, 2026 6:15 am

C tbh

Be respectful. No spam.

Correct Answer:

Explanation

A compromised hypervisor represents a complete failure of the virtualization security boundary, granting the attacker potential control over all hosted virtual machines (VMs) and a powerful pivot point for lateral movement. The most critical immediate step, according to established incident response principles, is containment. Disconnecting the hypervisor from the network immediately severs the attacker's command and control (C2) channel and prevents them from exfiltrating data or attacking other systems on the network. This action isolates the threat, limiting the scope of the damage, which is the primary objective in the initial phase of handling a critical security incident.

Why Incorrect

A. Increase the monitoring frequency of virtual machine logs.

This is a detective, not a mitigative, action. It does not stop the active attack, and the attacker could potentially alter the logs from the compromised hypervisor.

B. Restart all virtual machines hosted by the hypervisor.

This is ineffective because the compromise is at the hypervisor level. The attacker would retain control of the hypervisor and could simply re-compromise the VMs upon restart.

D. Apply the latest hypervisor patches and updates.

Patching is a preventative and recovery measure, not an immediate containment step for an active breach. It will not eject an attacker who is already in the system.

References

1. NIST Special Publication 800-61 Rev. 2

Computer Security Incident Handling Guide. Section 3.3.2

"Containment

" states that a major decision is "how much to disconnect the affected systems from the network." For a severe compromise

complete disconnection is a primary strategy to prevent the attacker from causing further damage.

2. NIST Special Publication 800-125

Guide to Security for Full Virtualization Technologies. Section 5.3

"Hypervisor

" describes the hypervisor as the most critical component. A compromise at this level is catastrophic

implicitly requiring immediate and decisive containment actions like network isolation to prevent the compromise from spreading.

3. Souppaya

& Scarfone

K. (2011). NIST Special Publication 800-146

Cloud Computing Synopsis and Recommendations. Section 5.2.2

"Network Security

" discusses the risk of a compromised hypervisor allowing an attacker to "gain access to the underlying physical infrastructure and from there to other tenants." This highlights the urgency of preventing lateral movement

which is best achieved by network isolation.

4. Garfinkel

& Rosenblum

M. (2005). When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing. Proceedings of the 10th conference on Hot Topics in Operating Systems

Vol. 10. This foundational academic paper discusses the severe implications of a Virtual Machine Monitor (hypervisor) compromise

noting that it "subverts the security of every guest OS running above it

" reinforcing the need for immediate

drastic containment measures.

Q: 3

What is the primary role of smartcards in a PKI?

Options

Correct Answer:

Explanation

The primary role of a smartcard within a Public Key Infrastructure (PKI) is to provide a secure, hardware-based environment for the user's private key. Smartcards are designed to be tamper-resistant, preventing unauthorized physical or logical access to the key. Critically, the private key is generated on and never leaves the card. All cryptographic operations requiring the private key, such as digital signing or decrypting a session key, are performed by the processor on the card itself. This protects the key from being compromised by malware on the host computer and provides strong non-repudiation, as the user must physically possess the card and typically provide a PIN to authorize its use.

Why Incorrect

A. Key renewal is a PKI management process; the smartcard is a secure endpoint for this process, not the primary enabler of renewal itself.

B. Public certificates are distributed by Certificate Authorities (CAs) and directories, not primarily by users exchanging smartcards.

C. While smartcards perform cryptographic operations, they are not designed for high-speed bulk data encryption; dedicated Hardware Security Modules (HSMs) serve that role.

References

1. National Institute of Standards and Technology (NIST) FIPS 201-3

Personal Identity Verification (PIV) of Federal Employees and Contractors

January 2022. Section 6.2

"PIV Cryptographic Keys

" states

"Private keys are generated on the PIV card and are not exportable." This highlights the card's role as a secure

non-exportable container for private keys.

2. National Institute of Standards and Technology (NIST) SP 800-73-4

Interfaces for Personal Identity Verification - Part 1: PIV Card Application Namespace

Data Model

and Representation

January 2015. Section 3.1.1

"PIV Card

" specifies

"The PIV Card is used to store PIV identity credentials and to perform cryptographic computations." This directly supports the role of secure storage and application of keys.

3. Stallings

& Brown

L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson. Chapter 22

"Public-Key Cryptography and Message Authentication

" discusses the critical need to protect private keys

stating that hardware tokens like smartcards "provide tamper-resistant storage of private keys."

4. Microsoft Documentation

Smart Card Architecture. The documentation explains that a smart card's Cryptographic Service Provider (CSP) or Key Storage Provider (KSP) ensures that "authentication and other private key operations are performed on the smart card and not on the host computer

" reinforcing the principle of secure application and storage.

Q: 4

Which of the following services is NOT provided by the digital signature standard (DSS)?

Options

Discussion

Sanjay Mar 4, 2026 6:58 pm

A is right, encryption isn't part of DSS. Had something like this in a mock exam, same answer.

Maya Feb 24, 2026 2:53 am

Aisha Q. Feb 24, 2026 2:42 am

Its A. Official guide and some practice sets both flag DSS as not handling encryption, just signatures and integrity stuff.

Ravi K. Feb 24, 2026 8:38 pm

I don’t think it’s B. A is correct here.

Logan Feb 14, 2026 8:32 am

Official guide and those end-of-chapter practice exams both call out that DSS doesn’t provide encryption, only signature, integrity, and authentication. If you’re reviewing, focus on which NIST/FIPS standards pair which features with each crypto tool. Pretty sure A is what they want here but chime in if you've seen different in the official book.

Sofia Feb 22, 2026 10:44 pm

I don't think it's D. A is correct here. DSS doesn't actually do encryption, just handles signatures for integrity and authentication. I remember a similar question came up in my practice set. Let me know if anyone picked something else, but pretty sure it's A.

Cameron Feb 25, 2026 3:50 am

No way it's D, DSS doesn't do encryption. That's usually the trap in these kinds of questions. A for sure.

Emma I. Feb 20, 2026 12:50 pm

Why do some folks pick D? DSS specifically doesn't handle encryption, that's more of a trap answer here.

Ravi Q. Feb 25, 2026 1:20 pm

Had something like this in a mock, pretty sure it's A.

Sam K. Feb 23, 2026 12:26 pm

Guessing A. DSS doesn't actually encrypt, it just signs and verifies. Integrity and authentication are both part of what digital signatures offer, but encryption's out. I could be off if they're splitting terms, but think it's right.

Be respectful. No spam.

Correct Answer:

Explanation

The Digital Signature Standard (DSS), specified in FIPS 186-4, defines algorithms for generating and verifying digital signatures. The primary security services provided by a digital signature are authentication (verifying the sender's identity), data integrity (ensuring the message has not been altered), and non-repudiation (preventing the sender from denying the message). DSS is not designed to provide confidentiality. While the underlying algorithms like RSA can be used for encryption, the standard itself is exclusively for creating signatures, not for encrypting data to keep it secret.

Why Incorrect

B. Integrity: DSS provides integrity by using a secure hash function on the message before signing. Any change to the message results in a different hash, causing signature verification to fail.

C. Digital signature: This is the core function of the standard. DSS explicitly defines the methods and algorithms (DSA, RSA, ECDSA) for creating and verifying digital signatures.

D. Authentication: DSS authenticates the origin of a message. Since the signature is created with the signer's private key, successful verification with the public key proves the message came from the claimed sender.

References

1. National Institute of Standards and Technology (NIST). (2013

July). FIPS PUB 186-4: Digital Signature Standard (DSS). U.S. Department of Commerce. In Section 1

"Specification

" the document states its purpose is for applications requiring a digital signature to "detect unauthorized modifications to data and to authenticate the identity of the signatory." It makes no mention of providing encryption or confidentiality. (Page 1

Section 1).

2. Purdue University. (n.d.). CS 555: Introduction to Cryptography - Lecture 20: Digital Signatures. "The main goal of digital signatures is to provide authenticity

including data integrity and origin authentication. It also provides non-repudiation... Digital signatures do not provide confidentiality." (Slide 3).

3. Katz

& Lindell

Y. (2014). Introduction to Modern Cryptography (2nd ed.). CRC Press. In Chapter 12

the text clearly distinguishes the security goals of digital signatures (integrity and authentication) from those of encryption schemes (confidentiality). DSS is presented as a standard for the former. (Chapter 12

Section 12.1

"Definition of Secure Signatures").

Q: 5

Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit?

Options

Discussion

Riley C. Feb 26, 2026 9:19 pm

C. no doubt here

Karan Mar 3, 2026 8:33 pm

C/D? D's a classic trap but pretty sure C fits with the whole dynamic allocation part.

Rowan I. Feb 23, 2026 12:44 pm

I was thinking B here, since async TDM does adjust time slots based on traffic, so it feels like bandwidth could be dynamically assigned. Saw similar phrasing on a practice test. Might be mixing up statistical and async TDM though! If anyone's got the official guide handy, let me know if I'm off.

Emma M. Mar 3, 2026 1:55 pm

It's gotta be C for this one. Statistical multiplexing is the approach that handles variable bit-rate and allocates bandwidth only to channels with data to send. Saw similar wording pop up on practice exams lately. Pretty sure that's what they're asking for, but open to pushback if anyone thinks otherwise.

Logan Y. Mar 2, 2026 10:57 pm

It’s C here. D is a common trap since FDM splits channels, but it’s not variable or dynamic like the question says. Seen similar wording on some practice sets. If you think it’s another option, check if "dynamic" is the key word-you’ll see C fits better.

Layla S. Feb 13, 2026 1:52 pm

A is wrong, C fits better here. Statistical multiplexing is what dynamically shares bandwidth for variable bit-rate streams, not fixed slots like TDM. Pretty sure C is what they're going for.

Luke S. Feb 22, 2026 6:47 am

Definitely recommend checking the official ISC2 guide and trying some practice exams for questions like this. C

Adam N. Feb 15, 2026 6:56 am

If the channels are async but not strictly dynamic, wouldn't B also fit here?

Hannah J. Mar 1, 2026 11:19 am

Neha O. Feb 18, 2026 6:03 am

C tbh, A is tempting but static time slots trip people up on these.

Be respectful. No spam.

Correct Answer:

Explanation

Statistical multiplexing, also known as statistical time-division multiplexing (STDM), is a communication channel sharing method that allocates bandwidth dynamically. Unlike traditional time-division multiplexing (TDM) which uses fixed time slots, statistical multiplexing allocates time slots on an as-needed basis to users who have data to transmit. This approach is highly efficient for bursty data traffic from variable bit-rate sources, as it leverages the statistical probability that not all users will transmit simultaneously, thereby accommodating more users on a shared channel. This directly matches the question's description of dynamic allocation for an arbitrary number of variable bit-rate streams.

Why Incorrect

A. Time-division multiplexing: This method allocates a fixed, pre-determined time slot to each channel in a round-robin fashion, regardless of whether the channel has data to send. It is a static, not dynamic, allocation method.

B. Asynchronous time-division multiplexing: While often used synonymously with statistical multiplexing, "statistical multiplexing" is the more precise and fundamental term describing the method based on traffic statistics. ATDM is a specific implementation of this principle.

D. Frequency division multiplexing: This method divides the channel's bandwidth into distinct, non-overlapping frequency bands, with each channel assigned a dedicated band. This allocation is static and based on frequency, not time.

References

1. Kurose

J. F.

& Ross

K. W. (2017). Computer Networking: A Top-Down Approach (7th ed.). Pearson.

Page 33

Section 1.3.2: "Packet switching also makes use of statistical multiplexing... In a TDM link

each host gets a dedicated rate of R/N bps during every time frame... With statistical multiplexing... there is no a priori reservation of a link’s capacity." This source distinguishes statistical multiplexing's dynamic

on-demand nature from TDM's fixed allocation.

2. Tanenbaum

A. S.

& Wetherall

D. J. (2011). Computer Networks (5th ed.). Prentice Hall.

Page 135

Section 2.5.2: "A variation of TDM is statistical TDM

in which slots are allocated to lines dynamically... The statistical TDM scans the input lines and collects data until a frame is full

and then it sends the frame." This directly describes the dynamic allocation method for channels with data.

3. Stallings

W. (2014). Data and Computer Communications (10th ed.). Pearson.

Page 243

Section 8.2: "In statistical time-division multiplexing

time slots are allocated dynamically on the basis of need... The statistical multiplexer can absorb peak rates of a number of the attached devices

providing a better response time than a synchronous TDM system." This confirms the dynamic

on-demand allocation for variable traffic.

Q: 6

What protocol is used on the Local Area Network (LAN) to obtain an IP address from it's known MAC address?

Options

Discussion

Karan X. Mar 4, 2026 11:31 am

A . RARP's the one that gives you an IP from a MAC, even if it's barely used today. ARP does it the other way around (IP to MAC). Easy trap for folks used to modern networks though, so I get the confusion.

Sara P. Feb 14, 2026 5:48 pm

A . Most people jump to ARP, but ARP is for finding MAC from IP, not the other way. Since this asks for getting IP from known MAC, RARP (A) is the right one here. Seen similar confusion on other practice sets.

Neha C. Feb 17, 2026 9:47 pm

A. not B-ARP is the common trap but question flips direction (MAC to IP).

Alex P. Feb 23, 2026 12:09 pm

Option A is the way to go here, since RARP maps from MAC to IP. ARP works the other way around (IP to MAC). Kinda rare to see RARP now but the question's wording fits it. Anyone see it differently?

Karan N. Feb 21, 2026 12:09 pm

Option A Not totally sure but I remember RARP is for getting IP from MAC. ARP works the other way, right? Can someone confirm if I'm mixing them up?

Nora Feb 24, 2026 6:37 am

encountered exactly similar question in my exam in some labs, and I'd pick B here. ARP is what comes up most for address resolution on LANs, mapping IP to MAC addresses. The question's phrasing confused me a bit but pretty sure ARP is still widely used for this-correct me if I'm wrong.

Aaron Y. Feb 26, 2026 1:08 am

Option A. but B gets so much use I'm never totally sure on these legacy protocol questions.

Olivia Z. Feb 18, 2026 10:27 pm

RARP is the one that actually maps MAC to IP directly, so A fits best for this legacy scenario. I remember a similar question on an older exam. Pretty sure that's what ISC2 wants here. Anyone disagree?

Nathan C. Feb 16, 2026 5:23 am

A saw something just like this in past exam reports.

HelpfulSec2199 Feb 13, 2026 5:45 pm

I thought B, since ARP is all over the place on LANs and deals with addresses, but now I'm not so sure. ARP maps IP to MAC, not the other way. Maybe someone else sees it differently?

Be respectful. No spam.

Correct Answer:

Explanation

Reverse Address Resolution Protocol (RARP) is a network protocol used by a client device on a Local Area Network (LAN) to request its Internet Protocol (IP) address from a server. The client broadcasts a RARP request packet, which contains its own unique Media Access Control (MAC) address. A designated RARP server on the network receives this request, looks up the MAC address in its configuration table, and replies with the corresponding IP address. This mechanism was historically used by diskless workstations or other devices at boot time to discover their IP address when they only knew their hardware address.

Why Incorrect

B. Address resolution protocol (ARP): ARP performs the opposite function; it resolves a known IP address to an unknown MAC address (IP -> MAC).

C. Data link layer: This is Layer 2 of the OSI model. It is a conceptual layer, not a specific protocol that resolves a MAC address to an IP address.

D. Network address translation (NAT): NAT is a method for remapping IP addresses, typically between a private LAN and a public network (like the Internet), not for local address discovery.

References

1. Finlayson

Mann

Mogul

& Theimer

M. (1984). RFC 903: A Reverse Address Resolution Protocol. IETF. The abstract states

"This RFC describes a protocol for allowing a host to discover its Internet address when it knows only its hardware address."

2. Comer

D. E. (2018). Internetworking with TCP/IP Volume 1: Principles

Protocols

and Architecture (6th ed.). Pearson. In Chapter 6

"Mapping Internet Addresses To Physical Addresses (ARP)

" the text contrasts ARP with RARP

explicitly stating RARP's purpose: "A host uses RARP to find its IP address when it knows its hardware address" (Section 6.10

RARP).

3. Tanenbaum

A. S.

& Wetherall

D. J. (2011). Computer Networks (5th ed.). Prentice Hall. In Chapter 5

"The Network Layer

" Section 5.6.3

the text describes ARP and its inverse

RARP

noting that RARP allows a host to broadcast its Ethernet address and ask for someone to tell it the corresponding IP address.

Q: 7

You have been tasked to develop an effective information classification program. Which one of the following steps should be performed first?

Options

Discussion

Taylor B. Feb 17, 2026 9:28 am

D . You need to set the classification criteria before you do anything else, otherwise you can't decide controls or assign custodians. Everything builds on those criteria. Pretty sure that's how most SSCP frameworks explain it.

Ava T. Feb 22, 2026 1:04 pm

D , it's about setting the foundation before anything else. Without those classification criteria, you can't assign security controls or roles properly. B is a common trap but comes later in the process. Pretty sure ISC2 likes D as first step here.

Luna G. Feb 25, 2026 6:07 pm

D every time. You have to define the criteria before anything else in a classification program.

Parker E. Feb 14, 2026 5:58 am

Olivia M. Feb 14, 2026 8:11 pm

D first thing is always define the criteria for classifying info before anything else gets built.

ZoeC Feb 14, 2026 2:25 am

Thinking it's B. Setting the required controls for each level sounds like a logical first move before diving into the criteria specifics.

Skyler F. Feb 18, 2026 2:52 am

B this time

Ravi N. Mar 3, 2026 8:52 pm

D is the logical starting point. You really can't set controls or assign responsibilities until you've defined what makes something confidential vs public, etc. Pretty sure that's how ISC2 frames it, but open if someone disagrees.

Daniel K. Feb 21, 2026 7:44 pm

D imo. You need to know the criteria for classifying data before you can pick controls or assign custodians. B is tempting but it skips a key foundation step. Pretty sure D is what ISC2 wants here, correct me if I'm off.

Hannah O. Feb 22, 2026 2:24 am

I was thinking B since you need to specify the controls for each level at the start, right? Controls define how strict you are with different classes. Not 100% on this though, open to other ideas.

Be respectful. No spam.

Correct Answer:

Explanation

The foundational step in any information classification program is to establish the framework upon which all other activities will be based. This involves specifying the criteria that define the classification levels (e.g., Public, Internal, Confidential, Restricted). These criteria determine how data is categorized based on its sensitivity, criticality, and impact if disclosed. All subsequent steps, such as assigning security controls, appointing custodians, and establishing review procedures, are dependent on this initial, fundamental definition. Without clear criteria, the classification process would be arbitrary, inconsistent, and ultimately ineffective.

Why Incorrect

A. Establishing review procedures is a governance and maintenance step that occurs after the initial classification program has been defined and implemented.

B. Specifying security controls for each level can only be done logically after the classification levels and their corresponding criteria have been established.

C. Identifying a data custodian is an operational step to assign responsibility, which follows the creation of the classification framework that the custodian will manage.

---

References

1. Official (ISC)² Guide to the SSCP CBK

5th Edition. Chapter 2

"Security Operations and Administration

" in the section "Implement and Support Data-Labeling Policies

" explains that the creation of a data classification policy begins with defining the objectives and criteria for classification before assigning roles or controls.

2. NIST Special Publication 800-60 Vol. 1 Rev. 1

Guide for Mapping Types of Information and Information Systems to Security Categories. Section 2.1

"The Security Categorization Process

" outlines the initial step as identifying the types of information to be protected. This act of identification and understanding is integral to defining the criteria for how they will be classified based on impact.

3. University of California

Berkeley

Data Classification Standard. This official university document exemplifies the correct process. The standard begins by defining the "Protection Levels" (PLs) and "Availability Levels" (ALs)

which constitute the criteria for classification

before it proceeds to detail any roles

responsibilities

or specific controls. (See Section III

"UC Berkeley Data Classification

" and Section IV

"UC Berkeley Data Availability Classification").

Q: 8

Which of the following LAN topologies offers the highest availability?

Options

Discussion

Adam D. Mar 4, 2026 6:58 pm

C tbh, unless the question means "practical" or considers cost, then maybe D, but strictly highest availability is full mesh.

JamieG Mar 4, 2026 5:41 pm

Nah, highest availability really does mean C here. Full mesh covers all node-to-node failures, while D (partial mesh) can miss some redundancy paths. Trap is thinking about cost like some comments mention.

Nora T. Feb 18, 2026 8:31 pm

I don’t think D is right. C, full mesh, has more redundancy than partial mesh so it’s the top pick for max availability.

FriendlyCandidate4624 Mar 1, 2026 5:15 am

I was leaning toward D, partial mesh, since it also has some redundancy and seems more scalable than a full mesh. But maybe I’m missing something about the "highest" part. Wouldn’t full mesh be overkill except in tiny setups?

Sam B. Feb 17, 2026 6:24 am

Full mesh definitely gives the most redundancy since every device has a direct link to all others. If one link fails, traffic just takes another path. C is right here, that's what gives it the highest availability.

LoganT Mar 2, 2026 4:35 pm

Full mesh (C) is the pick for highest availability since every node connects to every other, so you get max redundancy. Even if multiple connections drop, others can still keep the LAN up. Tree and bus are much more vulnerable to single failures. Pretty sure this is right but open to other takes.

CalmSec3745 Feb 20, 2026 4:07 pm

C has to be it, full mesh means every node connects to every other, so max redundancy. Partial mesh (D) is tempting but doesn’t guarantee that level of availability. I’m pretty sure about this but open if someone thinks otherwise.

Nathan W. Mar 1, 2026 6:00 am

Nah, I don't think D holds up for highest availability. The real trap's thinking partial mesh is enough. C.

Piya E. Feb 14, 2026 1:48 am

Wouldn't tree topology (B) actually create several single points of failure at the higher nodes? I get why someone might pick D for scalability, but the question's all about availability, not cost. Full mesh (C) has no single points, so that's why it's usually picked for these types of questions.

Ethan Feb 20, 2026 4:07 am

C for sure. Full mesh means every device is connected to every other, so if something fails there are still tons of paths available. Partial mesh adds some redundancy but not to the same level. Pretty confident on this unless I'm misreading what they want by "highest." Agree?

Be respectful. No spam.

Correct Answer:

Explanation

A full mesh topology offers the highest availability and fault tolerance. In this configuration, every node is directly connected to every other node in the network. This design creates the maximum number of redundant paths for data to travel between any two points. If a link or a node fails, traffic can be immediately rerouted through numerous alternative paths, ensuring that network communication remains uninterrupted. While costly and complex to implement, its inherent redundancy makes it the most resilient and available LAN topology.

Why Incorrect

A. Bus topology: This topology has a single point of failure; a break in the shared central cable will cause the entire network to fail.

B. Tree topology: A failure of a central hub or the main backbone cable can disconnect entire segments or all of the network.

D. Partial mesh topology: It provides redundancy but less than a full mesh, as not all nodes are connected to each other, creating fewer alternative paths.

References

1. Stallings

W. (2016). Data and Computer Communications (10th ed.). Pearson. In Chapter 11.2

"Topologies

" it is stated

"In a mesh topology

each station is connected to every other station... The primary advantage of the mesh topology is that it is very reliable or robust." The text implicitly supports that a full mesh is more reliable than a partial mesh.

2. Kurose

J. F.

& Ross

K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson. Chapter 1

Section 1.3

"The Network Edge

" discusses various access network types. The principles described illustrate that direct

multiple paths (a characteristic of full mesh) increase fault tolerance

a key component of availability.

3. Tanenbaum

A. S.

& Wetherall

D. J. (2011). Computer Networks (5th ed.). Prentice Hall. Chapter 1

Section 1.3.2

"Local Area Networks

" describes mesh networks as having high reliability due to the existence of multiple paths between nodes. It notes

"If one link becomes unusable

the network can often find a second path and work around it."

Q: 9

Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING LARGE NUMBERS?

Options

Discussion

Mia Feb 25, 2026 6:26 am

Pretty sure it's C for this one. Factoring large numbers is classic RSA territory, not El Gamal or ECC. Let me know if you think otherwise.

Hannah B. Feb 28, 2026 2:36 am

RSA is the one based on factoring large numbers, so C makes sense. El Gamal and ECC deal with discrete log problems instead. Not 100% sure since sometimes the options throw me off, but I'm pretty sure it's C.

AlexV Feb 25, 2026 11:45 pm

C, not A. El Gamal is a trap here since it's about discrete logs, but factoring large numbers only lines up with RSA. Pretty sure that's what exam questions are looking for.

Morgan X. Feb 22, 2026 7:03 pm

C every time for factoring large numbers. El Gamal and ECC are tied to discrete log problems, not this. If you see "factoring" think RSA. Let me know if I missed something.

Grace N. Feb 15, 2026 11:45 pm

Maybe A. I remember El Gamal uses asymmetric keys and is often mentioned alongside RSA, so thought it had something to do with factoring too. But now not fully sure if it’s based on the same math trap as RSA (C). Open to correction here.

Karan Feb 26, 2026 2:37 pm

C RSA

Sam Feb 28, 2026 12:35 am

Wouldn't El Gamal use discrete logarithms though, not factoring? Just making sure I'm not missing a trick here.

Jack Mar 3, 2026 5:21 pm

C imo. Most practice exams say RSA is based on factoring difficulty, the others use different math like discrete logs or block ciphers. If anyone's seen a question twist this, drop a reference. Official guide covers this.

Chloe I. Feb 12, 2026 7:45 am

None of these use factoring except RSA, right? Only C matches the question, the others rely on different math problems.

Hannah E. Feb 23, 2026 8:26 pm

A is wrong, C. Only RSA’s tied to factoring large numbers for asymmetric crypto.

Be respectful. No spam.

Correct Answer:

Explanation

The RSA (Rivest-Shamir-Adleman) algorithm is a widely used asymmetric cryptosystem. Its security is fundamentally based on the computational difficulty of the integer factorization problem. The public key consists of a modulus n (the product of two large, secret prime numbers) and a public exponent e. To derive the corresponding private key, an attacker would need to determine the original prime factors of n. For sufficiently large numbers, factoring n is computationally infeasible with current technology, which ensures the security of the private key.

Why Incorrect

A. El Gamal: Its security is based on the difficulty of solving the Discrete Logarithm Problem (DLP) over a finite field.

B. Elliptic Curve Cryptosystems (ECCs): Security relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP), a more complex variant of the DLP.

D. International Data Encryption Algorithm (IDEA): This is a symmetric-key block cipher and does not use the principles of asymmetric cryptography like factoring or discrete logarithms.

References

1. Paar

& Pelzl

J. (2010). Understanding Cryptography: A Textbook for Students and Practitioners. Springer. In Chapter 6

Section 6.2

"The RSA Cryptosystem

" it is stated: "The security of RSA relies on the fact that it is difficult to factor large integers." (p. 161).

2. Katz

& Lindell

Y. (2014). Introduction to Modern Cryptography (2nd ed.). CRC Press. Chapter 11

Section 11.3

"The RSA Assumption

" directly connects the security of the RSA cryptosystem to the hardness of the factoring problem. (p. 378).

3. National Institute of Standards and Technology (NIST). (2013). FIPS PUB 186-4: Digital Signature Standard (DSS). Section 5.1.1

"RSA Key Pair Generation

" details the process where the modulus n is the product of two secret primes

p and q

establishing that the security relies on the secrecy of these factors. (DOI: https://doi.org/10.6028/NIST.FIPS.186-4).

4. Boneh

D. (1999). Twenty Years of Attacks on the RSA Cryptosystem. Notices of the American Mathematical Society

46(2)

203-213. The paper's introduction states

"The security of the RSA system is based on the assumption that factoring a large number is difficult." (p. 203).

Q: 10

What is the effective key size of DES?

Options

Discussion

Luke T. Feb 26, 2026 2:22 am

B is wrong, A. Effective key size in DES means the actual bits used for encryption, not with the parity bits included. Seen it asked this way before so I'd pick A here.

Morgan Q. Feb 18, 2026 3:18 am

A. Saw this in recent exam reports too, always came up as 56 bits for effective key size.

Skyler O. Feb 13, 2026 6:45 am

Option A is correct, but only because they're asking "effective" key size. That trips people up since the actual key is 64 bits including parity. I've seen a similar question sneak in that catch before.

Anita T. Feb 21, 2026 9:33 pm

Pretty sure it's A here. Effective key size for DES is 56 bits, since parity bits aren't actually used for encryption. Agree?

Ethan H. Feb 27, 2026 3:52 am

Its A for sure, since "effective key size" means only the 56 bits used after dropping parity. The 64 bits answer is tempting but that's including the parity ones, not actual usable key material. Pretty common ISC2 trap. Someone correct me if I'm missing anything.

Vikram Feb 22, 2026 12:37 pm

A that's what I saw on a similar question in one of my practice exams. 56 bits is the real strength, not the full key. Not 100 percent sure if they ever try to trick with B though.

AmeliaY Feb 21, 2026 2:59 am

A seen this a lot in practice sets. Clear and straightforward question.

Chloe V. Feb 18, 2026 12:33 pm

A imo, since the question is about effective key size, not the whole key with parity. DES only uses 56 bits for encryption, rest are parity bits. Saw this in other practice sets too. Let me know if anyone thinks differently.

Mia N. Feb 27, 2026 1:45 pm

B tbh, since DES uses a 64-bit key overall (counting parity bits). Easy to mix up with effective key size though, but I'd pick B if they just mean total length. Correct me if that's off.

Sofia Z. Feb 20, 2026 11:10 am

Likely A, lots of practice tests and the official ISC2 book mention 56 bits as the effective key size.

Be respectful. No spam.

Correct Answer:

Explanation

The Data Encryption Standard (DES) algorithm specifies a key of 64 bits in length. However, within this 64-bit block, every eighth bit (bits 8, 16, 24, 32, 40, 48, 56, and 64) is designated as a parity bit for error detection. These parity bits are discarded before the key-scheduling process begins. Consequently, only 56 of the 64 bits are actually used to generate the subkeys for the encryption rounds. This makes the effective key size 56 bits, which defines the algorithm's cryptographic strength against brute-force attacks.

Why Incorrect

B. 64 bits: This is the nominal key size, including the 8 parity bits, not the effective key size used in the cryptographic operations.

C. 128 bits: This is a common key size for modern symmetric algorithms like the Advanced Encryption Standard (AES), not for the legacy DES algorithm.

D. 1024 bits: This key length is characteristic of asymmetric cryptographic algorithms, such as RSA, not symmetric block ciphers like DES.

References

1. National Institute of Standards and Technology (NIST). (1999). FIPS PUB 46-3

Data Encryption Standard (DES). U.S. Department of Commerce. In Section 3

"THE ALGORITHM

" it states

"The 64 bits of the key are denoted by K1

...

K64. The bits K8

K16

...

K64 are for error detection... The 56 bits used in the algorithm are selected from the 64-bit key." (Page 4).

2. Boneh

D. (n.d.). CS255 Introduction to Cryptography

Lecture 5: DES. Stanford University. The lecture notes state

"DES uses a 64-bit key

but 8 of these bits are parity bits. So the effective key length is 56 bits." (Slide 10

"DES: The Data Encryption Standard").

3. Katz

& Lindell

Y. (2014). Introduction to Modern Cryptography (2nd ed.). CRC Press. In Chapter 6

"The Data Encryption Standard (DES)

" Section 6.2

"A High-Level Description of DES

" it is explained that the initial 64-bit key is subjected to a permutation (PC-1) that discards the parity bits

resulting in a 56-bit key for the key-scheduling algorithm. (Page 178).

Question 1 of 20 · Page 1 / 2

Premium Access Includes

✓ Quiz Simulator
✓ Exam Mode
✓ Progress Tracking
✓ Question Saving
✓ Flash Cards
✓ Drag & Drops
✓ 3 Months Access
✓ PDF Downloads

Get Premium Access

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE