2 True/False

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.

False

Assuming that Alice and Bob have each other?s public key. In order to establish a shared session key, Alice just needs to generate a random k, encrypt k using Bob?s public key, and send the encrypted k to Bob and then Bob will know he has a key shared with Alice.

False

Each block of 64 plaintext bits is encoded independently using the same key? is a description of the CBC mode of operation.

False

In Android, all apps have to be reviewed and signed by Google.

False

In IPSec, if A uses DES for traffic from A to B, then B must also use DES for traffic from B to A.

False

In IPSec, packets can be protected using ESP or AH but not both at the same time.

False

In XSRF, the malicious site can send malicious script to execute in the user?s browser by embedding the script in a hidden iframe.

False

In iOS, an app can run its own dynamic, run-time generated code.

False

In iOS, each file is encrypted using a unique, per-file key.

False

It is a good idea to use sequentially increasing numbers as challenges in security protocols.

False

It is easy for the legitimate site to know if a request is really from the (human) user.

False

Just like RSA can be used for signature as well as encryption, Digital Signature Standard can also be used for encryption.

False

Kerberos does not support inter-realm authentication.

False

Public-key algorithms are based on simple operations on bit patterns.

False

SHA-1 is considered to be very secure.

False

SQL injection attacks only lead to information disclosure.

False

Since Android is open-source, each handset vendor can customize it, and this is good for security (hint: consider security updates).

False

The App Store review process can guarantee that no malicious iOS app is allowed into the store for download.

False

The IT security management process ends with the implementation of controls and the training of personnel.

False

The additive constant numbers used in SHA-512 are random-looking and are hardcoded in the algorithm.

False

The ticket-granting ticket is never expired.

False

Timing attacks are only applicable to RSA.

False

5.0 Points Since the responsibility for IT security is shared across the organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control.

True

A brute-force approach involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained.

True

A common location for a NIDS sensor is just inside the external firewall.

True

A cookie can be used to authenticate a user to a web site so that the user does not have to type in his password for each connection to the site.

True

A hash function such as SHA-1 was not designed for use as a MAC and cannot be used directly for that purpose because it does not rely on a secret key.

True

A key exchange protocol is vulnerable to a man-in-the-middle attack if it does not authenticate the participants.

True

Compared with WEP, WPA2 has more flexible authentication and stronger encryption schemes.

True

Cryptographic hash functions generally execute faster in software than conventional encryption algorithms such as DES and AES.

True

Even web searches have (often) been in HTTPS.

True

HMAC can be proven secure provided that the embedded hash function has some reasonable cryptographic strengths.

True

In Android, an app will never be able to get more permission than what the user has approved.

True

In IPSec, the sequence number is used for preventing replay attacks.

True

In Kerberos, each human user has a master key shared with the authentication server, and the key is usually derived from the user's password.

True

In Kerberos, the authentication server shares a unique secret key with each authorized computer on the network.

True

In Kerberos, the purpose of using ticket-granting-ticket (TGT) is to minimize the exposure of a user?s master key.

True

In a wireless network, traffic is broadcasted into the air, and so it is much easier to sniff wireless traffic compared with wired traffic.

True

In general, public key based encryption is much slower than symmetric key based encryption.

True

In iOS, each app runs in its own sandbox.

True

In security protocol, an obvious security risk is that of impersonation.

True

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.

True

It is likely that an organization will not have the resources to implement all the recommended controls.

True

Legal and regulatory constraints may require specific approaches to risk assessment.

True

Malicious JavaScripts is a major threat to browser security.

True

Most browsers come equipped with SSL and most Web servers have implemented the protocol.

True

Network-based intrusion detection makes use of signature detection and anomaly detection.

True

One asset may have multiple threats and a single threat may target multiple assets.

True

Organizational security objectives identify what IT security outcomes should be achieved.

True

SHA is perhaps the most widely used family of hash functions.

True

SQL injection is yet another example that illustrates the importance of input validation.

True

Symmetric encryption is also referred to as secret-key or single-key encryption.

True

Symmetric encryption is used primarily to provide confidentiality.

True

The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms.

True

The ciphertext-only attack is the easiest to defend against.

True

The purpose of the privacy functions is to provide a user protection against discovery and misuse of identity by other users.

True

The relative lack of success in bringing cybercriminals to justice has led to an increase in their numbers, boldness, and the global scale of their operations.

True

The secret key is one of the inputs to a symmetric-key encryption algorithm.

True

The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm.

True

The strong collision resistance property subsumes the weak collision resistance property.

True

To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

True

Two of the most important applications of public-key encryption are digital signatures and key management.

True

Using PKCS (public-key cryptography standard), when RSA encrypts the same message twice, different ciphertexts will be produced.

True

Using an input filter to block certain characters is an effective way to prevent SQL injection attacks.

True

XSRF is possible when a user has a connection to a malicious site while a connection to a legitimate site is still alive.

True

XSS can perform many types of malicious actions because a malicious script is executed at user?s browser.

True

XSS is possible when a web site does not check user input properly and use the input in an outgoing html page.

True

AES uses a Feistel structure.

False

iOS has no vulnerability.

False


Kaugnay na mga set ng pag-aaral

The Declaration of Independence / quiz

View Set

Capital Punishment Quotes - FL2022

View Set

Fundamentals: ATI Practice Test A

View Set