11. Regarding cryptographic module security, which of the following must be zeroized to protect against disablement of services?

1. Critical security parameters

2. Public security parameters

3. Sensitive security parameters

4. Any security parameter

a. 1 and 2

b. 2 and 3

c. 1, 2, and 3

d. 1, 2, 3, and 4

11. c. Both critical security parameters (CSPs) and public security parameters (PSPs) must be zeroized to protect them against disablement of services. Sensitive security parameters (SSPs) contain both CSPs and PSPs. Any security parameter need not be protected, only when it is sensitive or critical.

12. Which of the following is the first step to be taken during testing procedures of a cryptographic module that were interrupted when the temperature is outside the module’s normal operating range?

a. The module enters a failure mode.

b. All critical security parameters are immediately zeroized.

c. The module is shut down to prevent further operation.

d. All public security parameters are immediately zeroized.

12. c. The first step is to shut down the module to prevent further operation and to contain the damage. The next step is to zeroize all critical security parameters and public security parameters. The module enters a failure mode is the last step.

13. Which of the following conditions can result in a failure of a cryptographic module during its environmental failure testing procedures?

1. The module’s temperature is gradually decreasing to a lower level.

2. The module’s temperature is gradually increasing to a higher level.

3. The module’s voltage is gradually decreasing to a lower level.

4. The module’s voltage is gradually increasing to a higher level.

a. 1 and 3

b. 2 and 3

c. 2 and 4

d. 1, 2, 3, and 4

13. d. During environmental failure testing procedures, a cryptographic module can fail if the operating temperature or voltage falls outside of the normal operating range. Both the temperature and voltage should stay within the defined operating range.

14. Which of the following physical security devices do not process information but serve as a repository of information?

a. Smart cards

b. Memory cards

c. Hardware tokens

d. Physical tokens

14. b. Memory cards are data storage devices, and they do not process information but serve as a repository of information. When the smart card is used as a repository of information without requiring the cardholder to input a PIN or without presenting a biometric reference sample, the smart card is implemented as a memory card. Hardware tokens can be integrated into either a physical access control or logical access control solution. Physical tokens consist of keys and unique documents, such as hand-carried orders, and provide minimal protection and assurance.

15. Which of the following physical security devices process data like a simple computer?

a. Smart cards

b. Memory cards

c. Hardware tokens

d. Physical tokens

15. a. A smart card has one or more integrated circuit (IC) chips and can store data using memory chips on the card. The smart cards can process data like a simple computer. When the smart card is used as a repository of information without requiring the cardholder to input a PIN or without presenting a biometric reference sample, the smart card is implemented as a memory card. Hardware tokens can be integrated into either a physical access control or logical access control solution. Physical tokens consist of keys and unique documents such as hand-carried orders.

16. Which of the following physical security devices are equipped with computing capabilities integrated into the device?

a. Smart cards

b. Memory cards

c. Hardware tokens

d. Physical tokens

16. c. Hardware tokens (e-tokens) are devices with computing capabilities integrated into the device. For example, hardware tokens can be integrated into either a physical access control or logical access control solution. When the smart card is used as a repository of information without requiring the cardholder to input a personal identification number (PIN) or without presenting a biometric reference sample, the smart card is implemented as a memory card. Physical tokens consist of keys and unique documents, such as hand-carried orders.

17. Which of the following physical security devices are suitable for protecting IT assets with a low risk and low confidentiality level?

a. Smart cards

b. Memory cards

c. Hardware tokens

d. Physical tokens

17. d. Physical tokens provide a low level of assurance and are only suitable for use when protecting IT assets with a low risk and low confidentiality level. Physical tokens consist of keys and unique documents, such as hand-carried orders. When the smart card is used as a repository of information without requiring the cardholder to input a personal identification number (PIN) or without presenting a biometric reference sample, the smart card is implemented as a memory card. Hardware tokens can be integrated into either a physical access control or logical access control solution.

18. From a cryptographic module’s physical security viewpoint, which of the following refers to timing analysis attack?

a. Elapsed time between when the command is issued and the time the result is obtained

b. Elapsed time between when the vulnerability is discovered and the time it is exploited

c. Elapsed time between the beginning and ending of a critical activity

d. Elapsed time between the beginning and ending of a non-critical activity

18. a. It is the definition of a timing analysis attack, which is an attack on a cryptographic module that is based on an analysis of time periods between the time a command is issued and the time the result is obtained. It measures the elapsed time. The elapsed time between when the vulnerability is discovered and the time it is exploited is the definition of time-to-exploitation metric. The other two choices are examples of general metrics, not security related.

19. Regarding a cryptographic module, the input or output of critical security parameters (CSPs) require that a split knowledge procedure is performed using which of the following:

1. Physically separated ports

2. Environmentally separated ports

3. Logically separated interfaces

4. Environmentally separated interfaces

a. 1 and 2

b. 1 and 3