Chapter 13 Quiz

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

__________ rely on traffic analysis when the defenders use encryption that is too difficult to attack.

Attackers

We are trying to decide between a public-key and a secret-key cryptographic solution. Which of the following criteria would encourage us to choose the public-key solution? Select all that apply best to public-key cryptography.

Attackers should not be able to penetrate the whole system simply by attacking a critical crypto server. The system can apply a lot of computational power to cryptographic operations. The process of adding new users must be easy to delegate.

True or False? Private addressing occurs when an ISP is assigned an IP address.

False

True or False? SSL works on top of IPsec and applies security to an orderly stream of bytes moving between a client and server.

False

True or False? The IP header and all remaining packet contents are never encrypted.

False

True or False? The Key Distribution Center (KDC) greatly simplifies key management. Each host must establish multiple "KDC keys" that it shares with the KDC.

False

True or False? Two users can construct a shared secret by sharing Diffie-Hellman private keys.

False

True or False? WPA2 uses public key encryption with the "counter and CBC MAC" (CCM) mode.

False

True or False? When replacing crypto keys, they must be all replaced 1 month at a time.

False

Amalgamated is implementing a private corporate network using a private IP address space. The network will connect separate sites using a VPN. Which of the following statements are true about this arrangement? Select all that apply.

Gateways will use IPsec tunnel mode between VPN sites. If Amalgamated buys another company, the new company's internal network must be assigned a compatible set of private IP addresses if it is to interact with other corporate VPN sites. VPN traffic will be restricted to Amalgamated's sites because the appropriate crypto credentials will only be shared among authorized VPN gateways.

Which of the following network protocols typically provide application transparency? Select all that apply.

IPsec Wi-Fi Protected Access

Why do protocols like IKE and SSL exchange nonces as part of their key creation/exchange protocol? Select all that apply.

If the nonces are always different, then the protocol yields a different result each time it takes place. New nonce values should make it impossible for an attacker to replay a previous set of messages and force the connection to reuse a previous key.

The phrases below describe functions of protocols that are part of the modern SSL protocol. Match the protocol with its function. Alert protocol

Indicates errors and the end of a secure session

Of the following, select the two primary components of IPsec.

Internet Key Exchange (IKE) Encapsulating Security Payload (ESP)

A protocol that establishes security associations (SAs) between a pair of hosts is:

Internet Key Exchange (IKE).

How does WPA2 encrypt a stream of data?

It uses AES with a Counter mode.

How does WPA2 use cryptography to ensure the integrity of packet data?

It uses CBC to calculate the packet's MIC.

Associate the following concepts with the appropriate secret-key building blocks. Shares a separate KEK with each registered user

Key distribution center

Associate the following concepts with the appropriate secret-key building blocks. Use a KEK to encrypt a TEK

Key wrapping

In typical applications, does SSL provide application transparency?

No, because the SSL software is traditionally integrated into the application software package and is not supported unless the application specifically provides it.

The phrases below describe some of the fields in an IPsec ESP packet. Match the field with its description. TFC padding

Random data intended to defeat traffic analysis

Which two of the following answers indicate the Internet crypto services providing end users with the easiest key management?

SSL/TLS IPsec gateways

Associate the following concepts with the appropriate secret-key building blocks. Build a unique TEK from nonces and a secret

Shared secret hashing

True or False? Encryption works against traffic filtering, because the filtering process can't detect malicious content in encrypted packets.

True

True or False? Self-rekeying transforms an existing encryption key into a new one using a pseudorandom number generator.

True

True or False? We clearly need to use encryption if we wish to protect against sniffing.

True

True or False? You can wrap a secret key with RSA.

True

Which of the following are requirements of secret-key cryptography? Select all that apply.

Trustworthy central servers Lower computing resources required than public-key algorithms Reliable key revocation

Which wireless security protocol is recommended for use today?

WPA2 with AES

We are trying to protect our traffic as much as possible from sniffing. To minimize the risk, should we encrypt as much of our packets as possible, including headers?

Yes, because plaintext headers open our network messages to traffic analysis.

In an SSL data packet, the field that indicates whether the packet carries data, an alert message, or is negotiating the encryption key is:

content type

The principal application of IPsec is

virtual private networking.

Wireless Protected Access, version 2 (WPA2.) falls under:

802.11

The phrases below describe some of the fields in an IPsec ESP packet. Match the field with its description. Sequence number

A numerical value that's used to detect duplicate packets

Bob and Alice want to construct a shared secret key using RSA. Which of the following components must Bob use to share the secret with Alice?

Alice's public key alone

Bob and Alice want to construct a shared secret key using Diffie-Hellman. Which components will Bob use to construct the shared secret?

Alice's public key and Bob's private key

To provide both encryption and integrity protection, WPA2 uses AES encryption with:

CCM mode

Which of the following security protections is used to prevent passive attacks?

Confidentiality

True or False? In manual keying, two encryption keys are produced for each cryptonet or communicating pair and those keys are distributed to the appropriate endpoints.

False

The phrases below describe functions of protocols that are part of the modern SSL protocol. Match the protocol with its function. Handshake protocol

Establishes the shared secret and the keys to be used to protect SSL traffic

The phrases below describe some of the fields in an IPsec ESP packet. Match the field with its description. Payload data

The headers and data being encrypted

The phrases below describe some of the fields in an IPsec ESP packet. Match the field with its description. Next header

The numeric code for the protocol appearing in the first header in the encrypted payload

We are trying to decide between a public-key and a secret-key cryptographic solution. Which of the following criteria would encourage us to choose the secret-key solution? Select all that apply best to secret-key cryptography.

The system will always be limited to a small user community. When someone loses the privilege to access the system, we must be able to revoke their access rights immediately. We are providing the service to an established user community whose members are already identified.

The phrases below describe functions of protocols that are part of the modern SSL protocol. Match the protocol with its function. Record protocol

Transfers information using a symmetric cipher and integrity check

Secure Sockets Layer (SSL) has been replaced by:

Transport Layer Security (TLS).

True or False? A network attack in which someone forges network traffic would be considered an active attack.

True

True or False? Crypto techniques originally focused on confidentiality.

True

True or False? Eavesdropping without interfering with communications would be considered a passive attack.

True

Virtual private networking is used primarily for encrypting:

a connection between two sites across the internet.

When we place crypto in different protocol layers, we often balance two important properties:

application transparency and network transparency.

The general objective of wireless defense was to implement a virtual boundary that includes __________ computers and excludes other _________.

authorized client; clients

Producing one encryption key for each cryptonet or communicating pair and distributing that key to the appropriate endpoints is called:

manual keying

Secure Sockets Layer (SSL):

may display a padlock on a Web page to indicate SSL protection.

Encrypting "above the stack":

means applying cryptography at the top of the application layer or above the network protocol stack and provides network transparency.

We use cryptography to apply all of the following protections to network traffic, except:

reliability.

The process of transforming an existing key into a new one is called:

self-rekeying


Ensembles d'études connexes

Chapter 45: Nursing Care of the Child With an Alteration in Tissue Integrity/Integumentary Disorder

View Set

Case Study: Streptococcus pneumoniae

View Set

Risks of Focused Strategies, Best-Cost Provider, Strategic Offensives, Defensive Strategies, Vertical Integration, Outsourcing, Strategic Alliances, International Strategies, Business Ethics, Corporate Social Responsibility

View Set

Call of the wild - there is more

View Set