Domain 3 – Section B Review: Vulnerabilities and Cryptography

CISSP Domain 3 — Security Architecture and Engineering Section B — Vulnerabilities and Cryptography Review 10 Questions

This section integrates:

Vulnerability Assessment, Prioritization, and Management Lifecycle
Client, Server, Database, Mobile, and IoT Vulnerability Types
Patching Strategies and Compensating Controls
Symmetric and Asymmetric Encryption, Hashing, and Digital Signatures
PKI, Key Management Lifecycle, and Cryptographic Protocol Selection
Cryptanalytic Attacks and Their Countermeasures

Section B questions test your ability to connect vulnerability management decisions to cryptographic solution design and attack resistance. A correctly selected algorithm with poor key management is no better than a vulnerable system with no patch. Both represent risk that management must address.

1. Vulnerability Mitigation Is Risk Management

Vulnerability management is not “patch everything.” It is a prioritization exercise. The right remediation depends on the vulnerability severity, the system’s exposure, the sensitivity of the data it processes, and whether a patch is even available.

When reviewing a vulnerability scenario, ask:

What is the actual exploitability — is there a known exploit in the wild?
What data or systems are at risk if exploited?
Can we patch, or do we need compensating controls?
Has remediation been verified, not just applied?

2. Cryptography Is a Selection Problem

For every cryptographic scenario, determine the required security services (confidentiality, integrity, authentication, non-repudiation) and then select the tool that delivers them. Symmetric encryption provides confidentiality. Hashing provides integrity. Digital signatures provide authentication, integrity, and non-repudiation. Hybrid approaches combine symmetric speed with asymmetric key exchange.

3. Key Management Determines Cryptographic Success

The strongest algorithm fails when keys are poorly managed. Every key must be generated securely, distributed safely, stored in protected environments (HSMs, key vaults), rotated on schedule, and destroyed when no longer needed. Most real-world cryptographic failures trace back to key management, not algorithm weakness.

4. Know the Attack by Its Signature

Cryptanalytic attacks each have recognizable patterns: unsalted hashes point to rainbow tables, timing differences point to side-channel attacks, frequency patterns in ciphertext point to weak substitution ciphers. The countermeasure follows from correctly identifying the attack type.

Section B Decision Pattern

Identify the vulnerability or cryptographic requirement in the scenario
Determine what security service is needed or what risk needs mitigation
Select the appropriate tool: patch, compensating control, algorithm, or key management action
Verify that the solution addresses the root cause, not just a symptom
Check for implementation-level considerations (side channels, error handling, testing)

Section B – Practice Questions

Question 1

A hospital’s biomedical engineering team reports that 40 patient monitoring devices running an embedded Linux OS have a critical remote code execution vulnerability. The device vendor has no patch available and estimates one will take 6–8 months. The devices communicate with a central monitoring server using a proprietary protocol on port 4443.

What is the MOST appropriate immediate response?

A. Replace all 40 devices with models from a vendor that provides timely patches
B. Accept the risk and document it until the vendor provides a patch
C. Segment the devices onto a dedicated VLAN with firewall rules restricting traffic to only the monitoring server on port 4443, and increase monitoring for anomalous behavior
D. Disconnect the devices from the network until the patch is available

Answer & reasoning

Correct: C

When patching is not available, compensating controls are required. Network segmentation restricts the attack surface by limiting what can communicate with the vulnerable devices. Restricting traffic to only the necessary protocol and destination (the monitoring server on port 4443) minimizes exposure. Enhanced monitoring provides detection capability. Replacing devices (A) is a long-term strategy. Accepting risk without controls (B) is passive. Disconnecting (D) removes the monitoring capability that patient care depends on.

Question 2

An organization needs to send digitally signed contracts to business partners. The partners must be able to verify that the contracts were signed by authorized representatives and were not modified after signing. The partners are external and do not share any pre-existing keys with the organization.

What cryptographic solution meets these requirements?

A. HMAC-SHA256 applied to each contract before sending
B. AES-256 encryption of the contracts using a shared secret key
C. Digital signatures using the organization’s private key, with the public key distributed via PKI certificates issued by a mutually trusted CA
D. SHA-256 hash of each contract sent alongside the document

Answer & reasoning

Correct: C

The scenario requires authentication (signed by authorized representatives), integrity (not modified), and non-repudiation (the signer cannot deny signing). Digital signatures provide all three. PKI solves the trust problem with external partners who do not share keys — the CA vouches for the public key binding. HMAC (A) requires a pre-shared secret key, which the scenario states does not exist. AES (B) provides confidentiality, not non-repudiation. A plain hash (D) provides integrity but no authentication or non-repudiation — anyone can compute a hash.

Question 3

A penetration tester discovers that a web application allows any authenticated user to access another user’s account details by changing the user ID parameter in the URL (e.g., changing /profile?id=1001 to /profile?id=1002). The development team cannot fix the code for two weeks.

What OWASP category does this vulnerability belong to, and what is the best interim mitigation?

A. Injection — deploy input validation rules on the web application firewall
B. Broken Access Control — implement WAF rules to detect and block parameter manipulation attempts on the profile endpoint
C. Security Misconfiguration — restrict the application to authenticated users only
D. Cryptographic Failures — encrypt the user ID parameter in the URL

Answer & reasoning

Correct: B

This is an Insecure Direct Object Reference (IDOR), which falls under Broken Access Control in the OWASP Top 10. The application fails to verify that the authenticated user is authorized to access the requested user ID. While the permanent fix is server-side authorization checks, a WAF rule can provide interim protection by detecting parameter tampering on sensitive endpoints. The users are already authenticated (C is irrelevant). Encrypting the parameter (D) is security through obscurity, not access control.

Question 4

An organization’s security team discovers that a database encryption key has been stored in a configuration file on the same server as the encrypted database for the past three years. The key has never been rotated. A recent vulnerability scan shows the server has an unpatched remote code execution vulnerability.

What is the MOST significant risk this situation creates?

A. The encryption algorithm has weakened over three years of continuous use
B. An attacker exploiting the RCE vulnerability gains access to both the encrypted data and the decryption key, rendering the encryption meaningless
C. The configuration file format may not support the key length required by the algorithm
D. The database vendor will not support encryption implementations that store keys locally

Answer & reasoning

Correct: B

Storing the encryption key alongside the encrypted data is a fundamental key management failure. Combined with the unpatched RCE vulnerability, an attacker who compromises the server obtains both the data and the key needed to decrypt it. The encryption provides no protection in this scenario. Algorithms do not weaken from use (A). The issue is key management practice, not vendor support or file format limitations.

Question 5

A security analyst notices that the organization’s legacy VPN concentrator is using 3DES for encryption and SHA-1 for integrity in its IPSec configuration. The analyst recommends upgrading the cryptographic settings.

Which replacement configuration is MOST appropriate?

A. AES-256 for encryption and SHA-256 for integrity, using IKEv2 with Perfect Forward Secrecy
B. RSA-4096 for encryption and MD5 for integrity, using IKEv1
C. AES-128 for encryption and SHA-1 for integrity, using IKEv2
D. Blowfish for encryption and SHA-512 for integrity, using IKEv1

Answer & reasoning

Correct: A

AES-256 replaces the deprecated 3DES with the current standard symmetric algorithm. SHA-256 replaces the deprecated SHA-1 with a hash that has no known practical collision attacks. IKEv2 with PFS ensures that session keys are ephemeral and a compromised long-term key does not expose past traffic. RSA (B) is not used for bulk VPN encryption. Keeping SHA-1 (C) does not address the integrity vulnerability. Blowfish with IKEv1 (D) is not a current standard configuration.

Question 6

After a breach, forensic analysts determine that the attacker gained access to a web server by exploiting an SQL injection vulnerability in a customer search feature. The injected query extracted the entire customer database, including credit card numbers stored in plaintext.

How many distinct security failures does this scenario represent?

A. One — the SQL injection vulnerability
B. Two — the SQL injection vulnerability and the plaintext storage of credit card data
C. Three — SQL injection, plaintext credit card storage, and likely a PCI DSS compliance failure
D. One — if the credit cards had been encrypted, the SQL injection would not have mattered

Answer & reasoning

Correct: B

There are two distinct technical failures. First, the SQL injection vulnerability (broken input validation) allowed unauthorized database access. Second, credit card data stored in plaintext meant that once access was gained, the data was immediately usable. If the credit card data had been encrypted (or tokenized), the SQL injection would still be a vulnerability, but the stolen data would be unreadable without the decryption key. Defense in depth means addressing both the access failure and the data protection failure independently. PCI DSS compliance (C) is a regulatory consequence, not a separate security failure.

Question 7

An organization has 2,000 IoT temperature sensors deployed across a warehouse complex. The sensors transmit data using an unencrypted proprietary protocol. The vendor has released a firmware update that adds TLS support, but the update requires physical access to each sensor’s USB port — remote update is not possible.

While planning the firmware update rollout, what should the organization do FIRST?

A. Prioritize the update and begin physically updating sensors in order of location
B. Wait until all sensors can be updated simultaneously to maintain consistency
C. Segment the sensor network and restrict traffic to only the data collection server while planning the phased firmware update
D. Replace all sensors with models that support over-the-air updates

Answer & reasoning

Correct: C

The immediate action is to reduce the risk of the unencrypted protocol through network segmentation, then plan the firmware rollout as a secondary effort. Segmentation limits who can observe or interfere with the unencrypted traffic. Beginning physical updates (A) addresses the long-term fix but does not protect the sensors during the rollout period. Waiting for simultaneous updates (B) delays all protection. Replacement (D) is disproportionate when a firmware update is available.

Question 8

A software development team uses the same RSA key pair for both encrypting API tokens and digitally signing code releases. A security architect reviews this practice.

What is the architect’s PRIMARY concern?

A. RSA cannot perform both encryption and signing operations
B. Using the same key pair for multiple purposes increases the impact of a compromise and violates the principle of key separation
C. The key pair will degrade faster from performing two different types of operations
D. Digital signatures require a symmetric key, not an asymmetric key pair

Answer & reasoning

Correct: B

Key separation is a fundamental principle of key management. Using the same key for encryption and signing means that if the key is compromised, both the confidentiality of API tokens and the authenticity of code releases are simultaneously lost. Separate key pairs limit the blast radius of a compromise. RSA can technically perform both operations (A is wrong), and keys do not degrade from use (C). Digital signatures use asymmetric keys, not symmetric (D is wrong).

Question 9

During a security assessment, the team discovers that a partner-facing API returns different HTTP error codes: 400 for invalid padding errors and 500 for other decryption failures when processing encrypted request payloads. An attacker could observe these different responses when submitting crafted ciphertext.

What attack does this enable, and what is the correct remediation?

A. Known plaintext attack — stop encrypting the API payloads
B. Birthday attack — increase the hash output length in the encryption scheme
C. Padding oracle attack (chosen ciphertext) — return a uniform error response for all decryption failures and implement authenticated encryption (AES-GCM)
D. Brute force attack — implement rate limiting on the API endpoint

Answer & reasoning

Correct: C

Distinct error responses for different decryption failure modes create a padding oracle. An attacker submits crafted ciphertext and uses the different responses to deduce plaintext one byte at a time. The fix has two parts: return the same error code for all decryption failures (eliminating the oracle), and switch to authenticated encryption like AES-GCM, which verifies integrity before attempting decryption (eliminating the attack vector entirely).

Question 10

A financial institution is planning its cryptographic migration strategy in preparation for quantum computing threats. The CISO asks which current cryptographic systems are most urgently affected and what the migration timeline should consider.

Which assessment is MOST accurate?

A. All cryptographic systems are equally threatened — begin migrating everything to post-quantum algorithms immediately
B. Asymmetric algorithms (RSA, ECC, DH) face the greatest threat from quantum computing; symmetric algorithms like AES-256 remain adequately secure with their current key lengths; prioritize inventorying asymmetric dependencies and long-lived data protection
C. Quantum computing only threatens hashing algorithms — focus on migrating from SHA-256 to quantum-resistant hashes
D. Quantum computing is theoretical and no preparation is needed until practical quantum computers exist

Answer & reasoning

Correct: B

Shor’s algorithm threatens the mathematical foundations of asymmetric cryptography (integer factoring for RSA, discrete logarithms for DH, elliptic curve problems for ECC). Grover’s algorithm affects symmetric and hashing, but only by effectively halving the key/output length — AES-256 retains 128 bits of security, which remains sufficient. The “harvest now, decrypt later” threat means data encrypted today with RSA or protected by ECC-based key exchange could be decrypted once quantum computers mature. Inventorying cryptographic dependencies and protecting long-lived sensitive data are appropriate first steps.