Quiz 6

On average, ________ of all possible keys must be tried in order to achieve success with a brute-force attack. A. one-fourth B. half C. two-thirds D. three-fourths

B. half

________ is a procedure that allows communicating parties to verify that received or stored messages are authentic. A. Cryptanalysis B. Decryption C. Message authentication D. Collision resistance

C. Message authentication

_______ involves the collection of data relating to the behavior of legitimate users over a period of time. A. Profile based detection B. Signature detection C. Threshold detection D. Anomaly detection

D. Anomaly detection

The ______ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator. A. data source B. sensor C. operator D. analyzer

D. analyzer

The purpose of a ________ is to produce a ?fingerprint? of a file, message, or other block of data. A. secret key B. digital signature C. keystream D. hash function

D. hash function

A(n) ______ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor. A. passive sensor B. analysis sensor C. LAN sensor D. inline sensor

D. inline sensor

An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.

False

Public-key algorithms are based on simple operations on bit patterns.

False

A _________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key. A. digital signature B. keystream C. one-way hash function D. secret key

A. digital signature

A _______ monitors the characteristics of a single host and the events occurring within that host for suspicious activity. A. host-based IDS B. security intrusion C. network-based IDS D. intrusion detection

A. host-based IDS

If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to ________ . A. use longer keys B. use shorter keys C. use more keys D. use less keys

A. use longer keys

_______ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder. A. Profile based detection B. Signature detection C. Threshold detection D. Anomaly detection

B. Signature detection

A common location for a NIDS sensor is just inside the external firewall.

True

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.

True

Network-based intrusion detection makes use of signature detection and anomaly detection.

True

Symmetric encryption is used primarily to provide confidentiality.

True

The secret key is one of the inputs to a symmetric-key encryption algorithm.

True

The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm.

True

To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

True

Two of the most important applications of public-key encryption are digital signatures and key management.

True