Study IT

The first 802.11 standard to gain broad industry acceptance was _________.

802.11b

The master session key is also known as the __________ key

AAA

The _________ is the node that is attempting to access the network and may be any device that is managed by the network access control system

AR

_________ attacks include impersonating another user, altering messages in transit between client and server and altering information on a Web site .

Active

__________ attacks attempt to alter system resources or affect their operation.

Active

__________ approach is vulnerable to man-in-the-middle attacks

Anonymous Diffie-Hellman

An SSL session is an association between a client and a server and is created by the ___________

Handshake Protocol

__________ provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet.

IPsec

_________ is a professional membership society with worldwide organizational and individual membership that provides leadership in addressing issues that confront the future of the Internet and is the organization home for the groups responsible for Internet infrastructure standards, including the IETF and the IAB.

ISOC

_________ enables customers to combine basic computing services, such as number crunching and data storage, to build highly adaptable computer systems.

IaaS

__________ is a centralized, automated approach to provide enterprise wide access to resources by employees and other authorized individuals, with a focus of defining an identity for each user, associating attributes with the identity, and enforcing a means by which a user can verify identity

Identity management

A ___________ is a service or user that is known to the Kerberos system and is identified by its principal name

Kerberos principal

_________ is software that collects information from a computer and transmits it to another system

Spyware

The SSL Internet standard version is called _________

TLS

A ________ takes as input a source that is effectively random and is often referred to as an entropy source.

TRNG

If the message includes a _________ the receiver is assured that the message has not been delayed beyond that normally expected for network transit

Timestomp

The _________ method uses information contained on an infected victim machine to find more hosts to scan.

Topological

The _________ payload allows peers to identify packet flows for processing by IPsec services.

Traffic Selector

_________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

Traffic padding

A polymorphic virus creates copies during replication that are functionally equivalent but have distinctly different bit patterns, in order to defeat programs that scan for viruses.

True

An end user whose system is equipped with IP security protocols can make a local call to an ISP and gain secure access to a company network.

True

As a default, PGP compresses the message after applying the signature but before encryption.

True

Data must be secured while at rest, in transit, and in use, and access to the data must be controlled.

True

IP security is a capability that can be added to either current version of the Internet Protocol by means of additional headers.

True

MAC spoofing occurs when an attacker is able to eavesdrop on network traffic and identify the MAC address of a computer with network privileges

True

Malware can be put into two broad categories, based first on how it spreads or propagates to reach the desired targets and then on the actions or payloads it performs once a target is reached.

True

Network access control authenticates users logging into the network and determines what data they can access and actions they can perform.

True

One of the major roles of public-key encryption is to address the problem of key distribution.

True

PGP incorporates tools for developing public-key certificate management and a public-key trust model

True

Propagation mechanisms include system corruption, bots, phishing, spyware, and rootkits.

True

SSL/TLS includes protocol mechanisms to enable two TCP users to determine the security mechanisms and services they will use.

True

Server authentication occurs at the transport layer, based on the server possessing a public/private key pair.

True

The Extensible Authentication Protocol supports multiple authentication methods.

True

The Security Parameters Index identifies a security association

True

The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets

True

The automated key distribution approach provides the flexibility and dynamic characteristics needed to allow a number of users to access a number of servers and for the servers to exchange data with each other.

True

The key legitimacy field is derived from the collection of signature trust fields in the entry.

True

The main advantage of HMAC over other proposed hash based schemes is that HMAC can be proven secure, provided that the embedded hash function has some reasonable cryptographic strengths.

True

The objective of MIME Transfer Encodings is to provide reliable delivery across the largest range of environments.

True

The principal underlying standard for federated identity is the Security Assertion Markup Language (SAML) which defines the exchange of security information between online business partners.

True

The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm.

True

Viruses and worms are two examples of software attacks.

True

The term used for certified 802.11b products is ___________

Wi-Fi

The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity is _________ .

accountability

A Pseudorandom Function takes as input:

all of the above

The __________ mechanism assures that a received packet was in fact transmitted by the party identified as the source in the packet header and assures that the packet has not been altered in transit.

authentication

If the analyst is able to get the source system to insert into the system a message chosen by the analyst, a _________ attack is possible.

chosen plaintext

The specification of a protocol along with the chosen key length is known as a __________

cipher suite

Broad network access, measured service, resource pooling, and rapid elasticity are essential characteristics of ___________

cloud computing

A ________ is a person, organization, or entity responsible for making a service available to interested parties.

cloud provider

It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). A hash function with this property is referred to as __________ .

collision resistant

With a _________ infrastructure, the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns.

community cloud

The protection of data from unauthorized disclosure is _________ .

data confidentiality

PGP provides authentication through the use of _________

digital signatures

The _________ algorithm performs various substitutions and transformations on the plaintext.

encryption

The __________ enables the recipient to determine if the correct public key was used to decrypt the message digest for authentication

leading two octets of message digest

A __________ takes place when one entity pretends to be a different entity.

masquerade

The __________ subtype is used when the different parts are independent but are to be transmitted together. They should be presented to the receiver in the order that they appear in the mail message

multipart/mixed

A symmetric block cipher processes _________ of data at a time.

one block

A _________ is a key used between entities for the purpose of distributing session keys.

permanent key

A __________ virus is a virus that mutates with every infection, making detection by the "signature" of the virus impossible.

polymorphic

X.800 defines _________ as a service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers.

security service

A __________ processes the input elements continuously, producing output one element at a time, as it goes along

stream cipher

If both sender and receiver use the same key the system is referred to as _________ encryption

symmetric

In order to solve the problem of minimizing the number of times that a user has to enter a password and the problem of a plaintext transmission of the password a __________ server is used.

ticket granting

Authentication applied to the entire original IP packet is _________ .

tunnel mode

With each element of the list defining both a key exchange algorithm and a CipherSpec, the list that contains the combination of cryptographic algorithms supported by the client in decreasing order of preference is the __________

CipherSuite

A _________ attack is an attack on a computer system or network that causes a loss of service to users.

DDoS

_________ are entities that obtain and employ data maintained and provided by identity and attribute providers, which are often used to support authorization decisions and to collect audit information.

Data Consumers

The purpose of the _________ algorithm is to enable two users to exchange a secret key securely that then can be used for subsequent encryption of messages and depends on the difficulty of computing discrete logarithms for its effectiveness.

Diffie-Hellman

With the ________ mode if there is an error in a block of the transmitted ciphertext only the corresponding plaintext block is affected

ECB

A connection-oriented integrity service deals with individual messages without regard to any larger context and generally provides protection against message modification only

False

A loss of confidentiality is the unauthorized modification or destruction of information.

False

A means of generating predictable PGP session keys is needed.

False

A network access server does not include its own authentication services.

False

An individual SA can implement both the AH and the ESP protocol

False

Cryptographic hash functions generally execute slower in software than conventional encryption algorithms such as DES

False

Data origin authentication provides protection against the duplication or modification of data units.

False

IEEE 802.11 defines seven services that need to be provided by the wireless LAN to achieve functionality equivalent to that which is inherent to wired LANs

False

IPSec can guarantee that all traffic designated by the network administrator is authenticated but cannot guarantee that it is encrypted.

False

If an opponent captures an unexpired service granting ticket and tries to use it they will be denied access to the corresponding service

False

It is not necessary for a certification authority to maintain a list of certificates issued by that CA that were not expired but were revoked.

False

Message encryption alone provides a secure form of authentication.

False

Microsoft Word, Excel files, and Adobe PDF are document files that are safe from being infected by viruses.

False

Patient allergy information is an example of an asset with a moderate requirement for integrity.

False

Phase 3 completes the setting up of a secure connection of the Handshake Protocol.

False

Security policies for mobile devices should assume that any mobile device will not be stolen or accessed by a malicious party

False

Sensors and robots, are not vulnerable to physical attacks.

False

The encryption of the compressed message plus the MAC must increase the content length by more than 1024 bytes.

False

The security of the Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to calculate exponentials modulo a prime, it is very easy to calculate discrete logarithms.

False

The use of 802.1X cannot prevent rogue access points and other unauthorized devices from becoming insecure backdoors.

False

Worms cannot spread through shared media, such as USB drives or CD and DVD data disks.

False

Typically housed in the user's computer, a _________ is referred to as a client e-mail program or a local network e-mail server

Message User Agent

_________ identifies the type of data contained in the payload data field by identifying the first header in that payload

Next Header

___________ and links, such as personal network Bluetooth devices, barcode readers, and handheld PDAs, pose a security risk in terms of both eavesdropping and spoofing

Nontraditional networks

_________ is the original message or data that is fed into the algorithm as input

Plaintext

MIME is an extension to the ________ framework that is intended to address some of the problems and limitations of the use of SMTP

RFC 5322

The most important hash function is ________

SHA

Secure Hash Algorithms with hash value lengths of 256, 384, and 512 bits are collectively known as _________

SHA-2