Explanation/Reference:
Explanation:
A smart card, which includes the ability to process data stored on it, is also able to deliver a two-factor authentication method as the user may have to enter a PIN to unlock the smart card. The authentication can be completed by using an OTP, by utilizing a challenge/response value, or by presenting the user's private key if it is used within a PKI environment. The fact that the memory of a smart card is not readable until the correct PIN is entered, as well as the complexity of the smart token makes these cards resistant to reverse-engineering and tampering methods.
Incorrect Answers:
A: Transparent renewal of user keys is not the primary role of smartcards in a PKI.
B: Easy distribution of the certificates between the users is not the primary role of smartcards in a PKI.
C: Fast hardware encryption of the raw data is not the primary role of smartcards in a PKI.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 200, 201
http://en.wikipedia.org/wiki/Tamper_resistance

RSA can be used for encryption, key exchange, and digital signatures.
Key Exchange versus key Agreement
KEY EXCHANGE
Key exchange (also known as "key establishment") is any method in cryptography by which cryptographic keys are exchanged between users, allowing use of a cryptographic algorithm.
If sender and receiver wish to exchange encrypted messages, each must be equipped to encrypt messages to be sent and decrypt messages received. The nature of the equipping they require depends on the encryption technique they might use. If they use a code, both will require a copy of the same codebook. If they use a cipher, they will need appropriate keys. If the cipher is a symmetric key cipher, both will need a copy of the same key. If an asymmetric key cipher with the public/private key property, both will need the other's public key.
KEY AGREEMENT
Diffie-Hellman is a key agreement algorithm used by two parties to agree on a shared secret. The Diffie Hellman (DH) key agreement algorithm describes a means for two parties to agree upon a shared secret over a public network in such a way that the secret will be unavailable to eavesdroppers. The DH algorithm converts the shared secret into an arbitrary amount of keying material. The resulting keying material is used as a symmetric encryption key.
The other answers are not correct because:
DES and IDEA are both symmetric algorithms.
Diffie-Hellman is a common asymmetric algorithm, but is used only for key agreement. It is not typically used for data encryption and does not have digital signature capability.
References:
http://tools.ietf.org/html/rfc2631
For Diffie-Hellman information: http://www.netip.com/articles/keith/diffie-helman.htm

The trusted computing base (TCB) is a collection of all the hardware, software, and firmware components within a system that provide some type of security and enforce the system's security policy. The TCB does not address only operating system components, because a computer system is not made up of only an operating system.
Hardware, software components, and firmware components can affect the system in a negative or positive manner, and each has a responsibility to support and enforce the security policy of that particular system. Some components and mechanisms have direct responsibilities in supporting the security policy, such as firmware that will not let a user boot a computer from a USB drive, or the memory manager that will not let processes overwrite other processes' data. Then there are components that do not enforce the security policy but must behave properly and not violate the trust of a system. Examples of the ways in which a component could violate the system's security policy include an application that is allowed to make a direct call to a piece of hardware instead of using the proper system calls through the operating system, a process that is allowed to read data outside of its approved memory space, or a piece of software that does not properly release resources after use.
To assist with the evaluation of secure products, TCSEC introduced the idea of the Trusted
Computing Base (TCB) into product evaluation. In essence, TCSEC starts with the principle that there are some functions that simply must be working correctly for security to be possible and consistently enforced in a computing system. For example, the ability to define subjects and objects and the ability to distinguish between them is so fundamental that no system could be secure without it. The TCB then are these fundamental controls implemented in a given system, whether that is in hardware, software, or firmware. Each of the TCSEC levels describes a different set of fundamental functions that must be in place to be certified to that level.
The link below will take you to a one page document that describes the high-level requirements that any TCB would need to meet to achieve each division or class
(essentially a subdivision) of the TCSEC rating. See details at:
https://www.freepracticetests.org/documents/TCB.pdf
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (pp. 359-360).
McGraw-Hill. Kindle Edition.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 17936-17943). Auerbach Publications. Kindle
Edition.

The policy that should be updated to address the problem of having only six days of audit logs from the last month available while investigating a malicious event is the retention policy. A retention policy is a policy that defines and specifies the duration and conditions for keeping or storing the records or data of an organization, such as audit logs, backups, or archives. A retention policy should be based on the legal, regulatory, operational, or business requirements of the organization, and should balance the costs and benefits of retaining or disposing the records or data. The problem of having only six days of audit logs from the last month available while investigating a malicious event indicates that the retention policy is inadequate or ineffective, as it does not ensure the availability or accessibility of the audit logs for the investigation purposes.
The retention policy should be updated to address this problem by extending or adjusting the retention period or criteria for the audit logs, and by enforcing or monitoring the compliance with the retention policy. The other options are not the policies that should be updated to address this problem, but rather different or irrelevant policies. A reporting policy is a policy that defines and specifies the procedures and actions for communicating or disclosing the information or incidents of an organization, such as audit results, security breaches, or performance metrics. A reporting policy should be based on the legal, regulatory, operational, or business requirements of the organization, and should ensure the accuracy, timeliness, and completeness of the reporting. A recovery policy is a policy that defines and specifies the objectives and strategies for restoring the normal operations of an organization after a disaster or disruption, such as recovery time objective, recovery point objective, or recovery methods. A recovery policy should be based on the business impact analysis and risk assessment of the organization, and should ensure the continuity, resilience, and availability of the organization. A remediation policy is a policy that defines and specifies the procedures and actions for correcting or improving the security or performance of an organization, such as vulnerability remediation, incident response, or root cause analysis. A remediation policy should be based on the security assessment and audit findings of the organization, and should ensure the effectiveness, efficiency, and compliance of the organization. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, p. 376; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 7, p. 406.