ISC Systems Security Certified Practitioner SSCP Question # 176 Topic 18 Discussion

SSCP Exam Topic 18 Question 176 Discussion:

Question #: 176

Topic #: 18

Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs?

A known-plaintext attack

A known-algorithm attack

A chosen-ciphertext attack

A chosen-plaintext attack

Get Premium SSCP Questions

Explanation

RFC2828 (Internet Security Glossary) defines a known-plaintext attack as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs (although the analyst may also have other clues, such as the knowing the cryptographic algorithm). A chosen-ciphertext attack is defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of plaintext that corresponds to ciphertext selected (i.e., dictated) by the analyst. A chosen-plaintext attack is a cryptanalysis technique in which the analyst tries to determine the key from knowledge of ciphertext that corresponds to plaintext selected (i.e., dictated) by the analyst. The other choice is a distracter.

The following are incorrect answers:

A chosen-plaintext attacks

The attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext. This gives her more power and possibly a deeper understanding of the way the encryption process works so she can gather more information about the key being used. Once the key is discovered, other messages encrypted with that key can be decrypted.

A chosen-ciphertext attack

In chosen-ciphertext attacks, the attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Again, the goal is to figure out the key. This is a harder attack to carry out compared to the previously mentioned attacks, and the attacker may need to have control of the system that contains the cryptosystem.

A known-algorithm attack

Knowing the algorithm does not give you much advantage without knowing the key. This is a bogus detractor. The algorithm should be public, which is the Kerckhoffs's Principle . The only secret should be the key.

Reference(s) used for this question:

Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

and

Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 866). McGraw-Hill. Kindle Edition.

and

Kerckhoffs's Principle

Actual exam question for ISC SSCP exam by Talon811 at Aug 3, 2025, 5:11:22 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

ISC Systems Security Certified Practitioner SSCP Question # 176 Topic 18 Discussion

ISC Systems Security Certified Practitioner SSCP Question # 176 Topic 18 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

ISC Systems Security Certified Practitioner SSCP Question # 176 Topic 18 Discussion

ISC Systems Security Certified Practitioner SSCP Question # 176 Topic 18 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval