ISC2 SSCP Exam Questions 2025

A. 1: This refers to a 3DES mode where all three keys are identical (K1=K2=K3), which is functionally equivalent to single DES and is not the maximum.

B. 2: This describes two-key 3DES, where the first and third keys are the same (K1=K3) and the second key (K2) is different. This is a valid mode but not the maximum.

D. 4: The 3DES/TDEA standard is defined with a maximum of three sequential cipher operations and does not have a four-key implementation.

1. National Institute of Standards and Technology (NIST). (2017). Special Publication 800-67 Revision 2: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher. Section 3, "TDEA Keying Options," p. 6. This document explicitly states, "TDEA has three keying options: (1) The three keys, K1, K2, and K3, are independent."

2. Stallings, W. (2017). Cryptography and Network Security: Principles and Practice (7th ed.). Pearson. In Chapter 6.2, "Triple DES," the text describes the three keying options, including the use of three distinct keys (K1 ≠ K2 ≠ K3) as the most secure and primary variant.

3. Menezes, A. J., van Oorschot, P. C., & Vanstone, S. A. (1996). Handbook of Applied Cryptography. CRC Press. Chapter 7, "Block Ciphers," Section 7.4.3, "Multiple encryption," p. 258. The text discusses triple-encryption and notes the use of three independent keys (k1, k2, k3) as a standard configuration.

A. RC6: This was one of the five finalist algorithms in the AES competition but was ultimately not selected as the standard.

B. Twofish: This was also a strong contender and one of the five finalists in the AES competition, but it was not the winning algorithm.

D. Blowfish: This is a symmetric-key block cipher designed before the AES competition; it was not submitted as a candidate for the AES standard.

1. National Institute of Standards and Technology (NIST). (2001, November 26). FIPS PUB 197: Advanced Encryption Standard (AES). U.S. Department of Commerce. In the Foreword, it states, "This standard specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits." (Page ii).

2. Nechvatal, J., et al. (2000, October 2). Report on the Development of the Advanced Encryption Standard (AES). National Institute of Standards and Technology. The report's abstract states, "This report summarizes the major events in the development of the Advanced Encryption Standard (AES). It describes the process that was established and followed to select the Rijndael algorithm for the AES." (Page 1).

3. Daemen, J., & Rijmen, V. (2002). The Design of Rijndael: AES - The Advanced Encryption Standard. Springer. The book provides a complete specification of the algorithm that was selected as the AES. Chapter 1 details the history of the AES selection process.

4. Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2015). Security in Computing (5th ed.). Pearson Education. In Chapter 2, "Toolbox: Authentication, Access Control, and Cryptography," the text discusses the AES competition and notes, "In 2001, NIST announced that the winner was an algorithm called Rijndael... NIST standardized Rijndael as AES." (Section 2.4.2, The Advanced Encryption Standard).

A. RSA is a foundational asymmetric (public-key) algorithm used for secure data transmission and digital signatures, not a symmetric one.

B. Elliptic Curve Cryptography (ECC) is a type of public-key cryptography that provides a framework for asymmetric algorithms like ECDH and ECDSA.

D. El Gamal is an asymmetric cryptosystem based on the Diffie-Hellman key exchange, used for both encryption and digital signatures.

1. Rivest, R. (1996). The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms. RFC 2040. Internet Engineering Task Force (IETF). Section 1, Introduction, states, "RC5 is a fast symmetric block cipher designed by Ronald L. Rivest for RSA Data Security, Inc." Available at: https://doi.org/10.17487/RFC2040

2. Stallings, W. (2017). Cryptography and Network Security: Principles and Practice (7th ed.). Pearson.

Chapter 6, Section 6.5, describes RC5 as a symmetric block cipher.

Chapter 9 is dedicated to the RSA algorithm, classifying it as a public-key (asymmetric) cryptosystem.

Chapter 10, Sections 10.3 and 10.4, detail ElGamal and Elliptic Curve Cryptography as public-key schemes.

3. Rivest, R. (2017). Lecture 6: Public-Key Crypto I. MIT OpenCourseWare, 6.857 Computer and Network Security. This lecture material explicitly categorizes RSA and El Gamal as public-key (asymmetric) cryptosystems, contrasting them with the symmetric-key algorithms discussed in the preceding lecture. Available at: https://ocw.mit.edu/courses/6-857-computer-and-network-security-fall-2017/resources/lecture-6-public-key-crypto-i/

A. The key sizes must be a multiple of 32 bits

This is a true property. The Rijndael specification explicitly defines both key and block sizes as multiples of 32 bits, ranging from 128 to 256 bits.

B. Maximum block size is 256 bits

This is a true property. The Rijndael algorithm supports a maximum block size of 256 bits, alongside other sizes like 128, 160, 192, and 224 bits.

D. The key size does not have to match the block size

This is a true property. Rijndael was designed to allow the key and block sizes to be chosen independently from the set of supported sizes (128, 160, 192, 224, 256 bits).

1. Daemen, J., & Rijmen, V. (1999). AES Proposal: Rijndael. National Institute of Standards and Technology (NIST). In Section 4, "Parameters," page 9, the document states: "The block length and the key length of Rijndael can be any multiple of 32 bits, with a minimum of 128 bits and a maximum of 256 bits." This directly refutes option C and confirms options A, B, and D.

2. Daemen, J., & Rijmen, V. (2002). The Design of Rijndael: AES - The Advanced Encryption Standard. Springer. In Chapter 3, Section 3.4, "Block and Key Length," page 39, the authors state: "The block length and the key length can be independently specified to be 128, 192, or 256 bits." This confirms that the key and block sizes are independent (D) and that the maximum size is 256 bits (refuting C).

3. Boneh, D. (n.d.). Cryptography I, Course Handout #10: AES. Stanford University. In the section "The AES Cipher," page 2, it is noted: "The Rijndael family of ciphers supports key sizes and block sizes of 128, 160, 192, 224, and 256 bits." This academic source verifies the valid sizes, confirming the maximum is 256 bits.

A. Rijndael's round function is composed of distinct, invertible transformation layers (SubBytes, ShiftRows, MixColumns) that provide confusion and diffusion, which are fundamental properties of a secure block cipher.

B. Rijndael was specifically designed for high performance in both hardware and software. Its structure is well-suited for efficient implementation on high-speed processors and dedicated cryptographic hardware.

D. A key design requirement for the AES candidates was efficiency on constrained platforms. Rijndael's low memory footprint and simple byte-oriented operations make it highly suitable for devices like smart cards.

1. National Institute of Standards and Technology (NIST). (2001). FIPS PUB 197: Advanced Encryption Standard (AES).

Page 15, Section 5, "Algorithm Specification": "The input and output for the AES algorithm each consist of sequences of 128 bits (digits with values of 0 or 1). These sequences are referred to as blocks..." This directly contradicts option C, which claims a 64-bit block size.

2. Daemen, J., & Rijmen, V. (2002). The Design of Rijndael: AES - The Advanced Encryption Standard. Springer.

Page 30, Section 3.2, "Block and Key Length": "Rijndael is a block cipher with a variable block length and a variable key length. The block length and the key length can be independently specified to 128, 192, or 256 bits." This confirms that 64 bits was never a supported block length.

Page 1, Section 1.1, "Design Criteria": The authors list suitability for smart cards as a key design criterion, supporting option D.

Page 33, Section 3.4, "The Round Transformation": This section details the distinct layers of the round transformation: SubBytes, ShiftRows, and MixColumns, supporting option A.

3. Katz, J., & Lindell, Y. (n.d.). Introduction to Modern Cryptography (Courseware based on the book). University of Maryland.

Chapter 6, "The Advanced Encryption Standard," Section 6.2, "The Basic Structure of AES": "AES is a block cipher with a 128-bit block length... The key length can be 128, 192, or 256 bits." This university-level material confirms the 128-bit block size.

A. 128 bits: This is a valid key size for Rijndael and the minimum size specified for AES, but it is not the maximum.

B. 192 bits: This is an intermediate, valid key size for both Rijndael and AES, but it is not the maximum.

D. 512 bits: This key size is not supported by the Rijndael specification. The algorithm was not designed to operate with keys of this length.

1. Daemen, J., & Rijmen, V. (2002). The Design of Rijndael: AES - The Advanced Encryption Standard. Springer-Verlag. In Chapter 3, Section 3.4, "Key-Block-Round Combinations," the authors state, "In Rijndael, the block length and the key length can be independently specified to be 128, 192 or 256 bits." Note: The initial submission also included 160 and 224-bit variants, but the core design's maximum is consistently cited as 256 bits.

2. National Institute of Standards and Technology (NIST). (2001). FIPS PUB 197: Advanced Encryption Standard (AES). Section 2, "DEFINITIONS," and Section 5, "AES ALGORITHM SPECIFICATION," specify that the AES algorithm uses the Rijndael algorithm with a fixed block size of 128 bits and key sizes of 128, 192, or 256 bits. This document confirms that 256 bits is the maximum key size adopted for the standard from the Rijndael family.

3. Stallings, W. (2017). Cryptography and Network Security: Principles and Practice (7th ed.). Pearson. In Chapter 6, "Advanced Encryption Standard," Section 6.1, "Finite Field Arithmetic," the text discusses the AES selection process and notes that the original Rijndael proposal allowed for key and block sizes in 32-bit steps from 128 to 256 bits.

A. RSA – Used in PGP only for public-key wrapping of the session key, not for bulk message encryption.

C. Blowfish – Never part of the OpenPGP mandatory or default cipher list; very few plug-ins add it experimentally.

D. RC5 – Not specified in RFC 4880 and absent from standard PGP distributions.

1. RFC 4880: “OpenPGP Message Format,” IETF, Nov 2007, §9.2 (Symmetric-Key Algorithms – value 1 = IDEA).

2. P. van Oorschot, S. Vanstone, A. Menezes, Handbook of Applied Cryptography, CRC Press, 1996, §13.12, pp. 556-558 – PGP’s use of IDEA for data encryption.

3. B. Schneier, Applied Cryptography, 2nd ed., Wiley, 1996, pp. 617-620 – Description of PGP 2.x architecture specifying IDEA as the symmetric cipher.

4. MIT OpenCourseWare, 6.857 “Network and Computer Security,” Lecture 5 slides (Fall 2014), p. 10 – Diagram of PGP hybrid encryption noting IDEA for bulk data.

A. Tokens: This term is too generic. While Kerberos uses tickets (a type of token), the timestamp within the associated Authenticator, not the ticket itself, is the specific replay prevention mechanism.

B. Passwords: Passwords are used to derive the client's initial secret key for authentication with the Key Distribution Center (KDC) but are not used to prevent replay of service requests.

C. Cryptography: Cryptography is the enabling technology used to encrypt the Authenticator and protect its contents, but the timestamp is the specific data element that provides the anti-replay function.

1. Neuman, C., Yu, T., Hartman, S., & Raeburn, K. (2005). The Kerberos Network Authentication Service (V5). RFC 4120. Internet Engineering Task Force (IETF). In Section 3.2.2, "The Authenticator," it states: "The timestamp and usec fields are used to detect replays. The authenticator is valid only for a short time."

2. Massachusetts Institute of Technology (MIT). Kerberos V5 System Administrator's Guide. In the section "A conceptual overview of the Kerberos protocol," it describes the role of the authenticator: "The authenticator proves that the client is who they say they are... Because the authenticator contains a timestamp, it has a very short lifetime."

3. Bellovin, S. M., & Merritt, M. (1990). Limitations of the Kerberos Authentication System. Computer Communication Review, 20(5), 119-132. This foundational academic paper discusses Kerberos design, noting on page 121, "Replay is prevented by a timestamp in the authenticator; the server remembers all valid timestamps seen within a given time window (the 'clock skew')." DOI: https://doi.org/10.1145/102179.102190

A. Caesar cipher: This is a more general term for a substitution cipher with any fixed integer shift. ROT13 is a specific, named instance of a Caesar cipher.

B. Polyalphabetic cipher: This type of cipher uses multiple substitution alphabets (e.g., the Vigenère cipher), whereas the described cipher uses only one fixed shift.

D. Transposition cipher: This cipher rearranges the positions of the letters in the plaintext to form the ciphertext, rather than substituting the letters themselves.

1. Katz, J., & Lindell, Y. (2014). Introduction to Modern Cryptography (2nd ed.). CRC Press. In Section 2.1, "Historical Ciphers and Their Cryptanalysis," the book defines the shift (or Caesar) cipher with a key k from {0, ..., 25}. It explicitly notes, "The shift cipher with key k=13 is called the ROT13 cipher." (p. 28).

2. Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2015). Security in Computing (5th ed.). Prentice Hall. Chapter 2, "Toolbox: Authentication, Access Control, and Cryptography," describes the Caesar cipher and mentions, "A special case of the Caesar cipher is ROT13... where the advance is 13 characters." (p. 40).

3. Bellovin, S. M. (2011). A Look Back at "Security Problems in the TCP/IP Protocol Suite". Columbia University Academic Commons. In discussing historical internet culture, the paper notes, "ROT13 is a simple substitution cipher, where each letter is replaced by the letter 13 places after it in the alphabet... It is its own inverse." (p. 10). https://doi.org/10.7916/D82V2G2F

4. University of California, Berkeley. CS 161: Computer Security, Fall 2020, Lecture 8: "Symmetric Key Cryptography." The lecture notes define the Caesar cipher and then state: "A popular version on the old Usenet was ROT13 (Caesar cipher with shift 13)." (Slide 11).

A. X.400: This is a standard for message handling systems (MHS) and directory services, a precursor to modern internet email, not digital certificates.

B. X.25: This is a legacy protocol suite for packet-switched Wide Area Network (WAN) communications and is unrelated to digital certificates.

D. X.75: This standard defines the protocol for interconnecting separate X.25 networks and does not concern digital certificates.

1. International Telecommunication Union (ITU). (2019, August). Recommendation ITU-T X.509: Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks. Section 1, "Scope." This document is the primary standard defining the structure and content of digital certificates.

2. National Institute of Standards and Technology (NIST). (2001, February). Special Publication 800-32: Introduction to Public Key Technology and the Federal PKI Infrastructure. Section 2.1.2, "X.509 Certificates," states, "The certificate format used by the Federal PKI is X.509 version 3."

3. Housley, R., & Polk, T. (2001). Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure. John Wiley & Sons. Chapter 2, "PKI Components," page 25, explicitly identifies X.509 as the standard format for digital certificates used in a PKI.

4. Rivest, R. L. (1998). Lecture Notes for 6.857 Computer and Network Security. Massachusetts Institute of Technology (MIT) OpenCourseWare. Lecture 14, "Public-Key Infrastructure (PKI)," describes the role and format of X.509 certificates in establishing trust.