# Question 12 of 530 from exam 400-251: CCIE Security written exam

### Question

Which two statements are correct regarding the AES encryption algorithm? (Choose two.)

### Answers

### Explanations

AD.

The correct statements regarding the AES encryption algorithm are:

A. It is a FIPS-approved symmetric block cipher:

This statement is correct. The Advanced Encryption Standard (AES) is a symmetric block cipher algorithm that has been approved by the U.S. National Institute of Standards and Technology (NIST) and is used to protect classified and sensitive information. FIPS (Federal Information Processing Standards) is a set of standards that define cryptographic algorithms for use in protecting sensitive government information. AES is one of the FIPS-approved algorithms for protecting sensitive government data.

B. It supports a block size of 128, 192, or 256 bits:

This statement is also correct. AES supports three block sizes: 128, 192, and 256 bits. The block size is the amount of data that is processed at once by the encryption algorithm. The larger the block size, the more secure the algorithm is considered to be, but the slower it is in processing.

C. It supports a variable length block size from 16 to 448 bits:

This statement is incorrect. AES only supports block sizes of 128, 192, or 256 bits. There is no provision for a variable block size.

D. It supports a cipher key size of 128, 192, or 256 bits:

This statement is correct. AES supports three key sizes: 128, 192, and 256 bits. The key size determines the strength of the encryption. A larger key size means that it is more difficult for an attacker to break the encryption.

E. The AES encryption algorithm is based on the presumed difficulty of factoring large integers:

This statement is incorrect. The AES encryption algorithm is not based on factoring large integers. Instead, it is based on a symmetric-key block cipher design, which uses the same key for encryption and decryption. The strength of the encryption is based on the key size and the complexity of the algorithm itself.

In summary, the correct statements regarding the AES encryption algorithm are that it is a FIPS-approved symmetric block cipher and it supports a block size of 128, 192, or 256 bits, and a cipher key size of 128, 192, or 256 bits.