ITN 262 Final

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Number of keys in a secret-key algorithm

1

Block size of AES

128

Key sizes of AES

128, 192, 256

The U.S. government standards published by NIST recommended that a secret key be used for no more than _______ years before changing it.

2

When encrypting a file, a fully punctuated passphrase should have a minimum of ________ characters.

20

What is the key size of DES

56

What is the block size of DES

64

Wireless Protected Access, version 2 (WPA2.) falls under:

802.11.

Destination IP address field

Contains the IP address of the receiving host

Source IP address field

Contains the IP address of the sending host

IP checksum field

Contains the checksum of the IP header fields

Data field

Contains the header indicated by the Type field and the data contents

TTL field

Counts the number of times a packet passes through a router

A simple gateway as described in Section 12.4 can filter on a variety of packet contents. Select all types of packets listed below that a simple gateway can filter.

e) Broadcasts c) ICMP d) IP addresses b) Web traffic

Encrypting the key itself using a passphrase is called __________.

key wrapping

Producing one encryption key for each cryptonet or communicating pair and distributing that key to the appropriate endpoints is called:

manual keying.

We use cryptography to apply all of the following protections to network traffic, except:

reliability

Volume encryption protects data on a computer against:

theft

Handshake protocol

Establishes the shared secret and the keys to be used to protect SSL traffic

Scavenge keys from powered-off RAM

Extract keys from cooled RAM chips

Port 21

FTP

True or False? After changing an encryption key, all backup copies of the protected file are also protected by the new key.

False

Establishes protocol standards used on the internet

Internet Engineering Task Force (IETF)

A protocol that establishes security associations (SAs) between a pair of hosts is:

Internet Key Exchange (IKE).

Uses the destination's IP address to choose the packet's MAC address.

Internet layer

Uses the MAC address to construct the link layer header.

Link layer

16 bits

Port number

port 25

SMTP

Port 22

SSH

Build a unique TEK from nonces and a secret

Shared secret hashing

We are implementing volume encryption using ESSIV mode, as discussed in Section 9.4.2. Which of the following statements are true about the implementation? Select all that apply.

The mode uses sector numbers to vary the information in the ciphertext. c) All sectors use the same block cipher key.

Next header

The numeric code for the protocol appearing in the first header in the encrypted payload

Record protocol

Transfers information using a symmetric cipher and integrity check

Which of the following is correct about the nmap utility? Select all that apply. Note: nmap does not graphically "map"; rather, it scans and reports what it finds in text.

a) Maps all devices on a LAN c) Identifies the versions of network protocol software each host is running

We receive several blocks of ciphertext in CTR mode. An error has changed a single bit in the middle of the ciphertext. How much of the plaintext will be affected by the error when we decrypt it?

a) One bit

Which two of the following answers indicate the Internet crypto services providing end users with the easiest key management?

a) SSL/TLS b) IPsec gateways

Which of the following network protocols typically provide application transparency? Select all that apply.

a) Wi-Fi Protected Access b) IPsec

The general objective of wireless defense was to implement a virtual boundary that includes __________ computers and excludes other _________.

a) authorized client; clients

Using the Diffie-Hellman algorithm:

a) both participants in the exchange must have a public/private key pair.

Used by a server when a client's connection arrives

accept()

File encryption protects data on a computer against all of the following, except:

c) Trojan crypto.

Which wireless security protocol is recommended for use today?

d) WPA2 with AES

In 2008, researchers at Princeton University demonstrated techniques to retrieve RAM contents after the computer had been powered off. They then extracted drive encryption keys from RAM and used them to decrypt an encrypted drive. This is called a(n):

d) cold-boot attack.

When we share a key with two or more people, we refer to that group as being the:

d) cryptonet.

The principal weakness is its key size

des

A(n) __________ uses asymmetric keys to sign or verify digital data.

digital signature

Eavesdrop on a software encryption process

A computer process "listens" to the encryption or decryption process and sniffs the key schedule

Bob and Alice want to construct a shared secret key using Diffie-Hellman. Which components will Bob use to construct the shared secret?

Alice's public key and Bob's private key

True or False? Exterior routing relies on interior routers.

False

True or False? In manual keying, two encryption keys are produced for each cryptonet or communicating pair and those keys are distributed to the appropriate endpoints.

False

True or False? Network address translation (NAT) prevents hosts on a LAN from sharing the global IP address assigned by the ISP.

False

True or False? The underlying code of the Rijndael algorithm was leaked to the public in 1994, allowing for successful attacks against data encrypted with Rijndael.

False

True or False? There is a single, global public-key infrastructure (PKI).

False

True or False? WPA2 uses public key encryption with the "counter and CBC MAC" (CCM) mode.

False

True or False? When replacing crypto keys, they must be all replaced 1 month at a time.

False

port 80

HTTP

Alert protocol

Indicates errors and the end of a secure session

Type field

Indicates the type of TCP/IP transport protocol carried by this IP packet

Is DES a us standard key?

Originally, but now no

Uses the port number to route traffic to an application.

Transport layer

Each encryption operation may use a separate 56-bit key

Triple DES

Which authentication pattern may be implemented with no cryptography at all?

a) Local authentication

What was the first web browser to use public key certificates?

a) Netscape Navigator

We receive several blocks of ciphertext in OFB mode. An error has changed a single bit in the middle of the ciphertext. How much of the plaintext will be affected by the error when we decrypt it?

a) One bit

A cryptonet:

a) is two or more people who share an encryption key.

What RSA attack relies on mathematical test to reduce the risk that the chosen number isn't really a prime number?

b) Bogus primes

In the 1970s, the _________ was the only organization in the U.S. government with cryptographic expertise.

b) NSA

We receive several blocks of ciphertext in ECB mode. An error has changed a single bit in the middle of the ciphertext. How much of the plaintext will be affected by the error when we decrypt it?

b) One block

What role does the trusted third party serve in public-key certificates? Select all that apply.

b) Publishes its own public key so others can use it to verify the certificates it issues a) Signs public-key certificates using its private key

Alice is using file encryption on her laptop. Which of the following attacks are blocked by file encryption, instead of other techniques, like volume encryption or access controls?

b) Someone steals Alice's laptop. c) Kevin gives Alice a program with a Trojan horse that steals sensitive files from her and emails them to him.

1111 1111 - 1111 1111 - 1111 0000 - 0000 0000 is an example of a(n):

b) binary network mask.

Secure Sockets Layer (SSL):

b) may display a padlock on a Web page to indicate SSL protection.

Which of the following key sizes are supported by Triple DES? Select all that apply.

c) 112 e) 168 56

True or False? Two users can construct a shared secret by sharing Diffie-Hellman private keys.

False

We receive several blocks of ciphertext in CFB mode. An error has changed a single bit in the middle of the ciphertext. How much of the plaintext will be affected by the error when we decrypt it?

c) One bit and one block

Shares a separate KEK with each registered user

Key distribution center

Scavenge keys from swap files

Key schedule and possibly the key are extracted from paging file after RAM is written to the hard drive

Associate the following concepts with the appropriate secret-key building blocks.

Key wrapping

A DVD's key is encrypted with how many player keys?

c) 409 keys

TCP and the User Datagram Protocol (UDP) provide _________ between processes on any two of those hosts.

c) data transport

Access control protects data on a computer against:

c) hostile users.

Encrypting an encryption key using a passphrase is called:

c) key wrapping.

Which of the following are valid private IP addresses? Select all that apply.

d) 172.30.222.111 b) 192.168.1.270 a) 10.96.16.114

Digital signatures may be used to provide:

nonrepudiation

Used by server or client to write data to a connection

sendto()

Subdomain name assigned by the domain registrar

umn

The principal application of IPsec is:

virtual private networking.

Which interface provides a well-known way of addressing hosts and processes on a computer and of writing client or server software?

Socket interface

The ______ was carefully designed so that the network protocols worked seamlessly across a broad range of computing equipment.

ARPANET

Each _______ is essentially a(n) _______ that handles routing between its networking customers.

AS; ISP

True or False? A digital signature uses symmetric keys to sign or verify digital data.

False

Handles a cluster of networks, usually for paying customers

Internet Service Provider (ISP)

TFC padding

Random data intended to defeat traffic analysis

Performs 10 rounds when encrypting with a 128-bit key

Rijndael

Payload data

The headers and data being encrypted

True or False? Address scope is based on the protocol layer at which the address is defined.

True

Routing devices on the early ARPANET were called:

b) IMPs.

How does WPA2 encrypt a stream of data?

b) It uses AES with a Counter mode.

Bob and Raj share a file under two-person control: Neither can open the file unless both provide their passphrases. Which of the following are true? Select all that apply.

) Bob and Raj provide separate KEKs to produce the CEK. e) Bob and Raj share a CEK. b) Bob and Raj do not share a KEK.

48 bits

How long is a MAC address?

Which tool collects network traffic and displays it as a sequence of packets?

Wireshark

We are trying to protect our traffic as much as possible from sniffing. To minimize the risk, should we encrypt as much of our packets as possible, including headers?

Yes, because plaintext headers open our network messages to traffic analysis.

Key secrecy in a secret-key algorithm

All keys are kept secret

128 bits

An IPv6 address consists of this.

This layer is not used in routing.

Application layer

__________ rely on traffic analysis when the defenders use encryption that is too difficult to attack.

Attackers

Organizes the internet into clusters of networks for routing

Autonomous system (AS)

Routes network traffic between ASes

Border routers

True or False? A bit-flipping attack is not knowing what the message says and changing it bit by bit.

False

True or False? A router changes everything past the IP header.

False

True or False? Each site's router contains the complete path followed by every packet arriving at that site.

False

True or False? ICANN stands for Internet Communications for Assigned Numbers and Networking

False

True or False? Private addressing occurs when an ISP is assigned an IP address.

False

True or False? SSL works on top of IPsec and applies security to an orderly stream of bytes moving between a client and server.

False

True or False? The Diffie-Hellman cipher is a full encryption method.

False

True or False? The IP header and all remaining packet contents are never encrypted.

False

True or False? The Key Distribution Center (KDC) greatly simplifies key management. Each host must establish multiple "KDC keys" that it shares with the KDC.

False

32 bits

IPv4 address

Fragment field

Manages the fragmentation and reassembly of IP packets

In typical applications, does SSL provide application transparency?

No, because the SSL software is traditionally integrated into the application software package and is not supported unless the application specifically provides it.

An initialization vector is most similar to which of the following?

Nonce

Which of the following are true about the development of DES? Select all that apply

The algorithm was officially published to allow its general-purpose use. e) The rationale for the algorithm design was kept secret. f) The U.S. government adopted the algorithm as an official federal standard for encryption.

True or False? A 192-bit secret key, on average, has 2^191 keys to crack.

True

True or False? A certificate authority is a trusted third party that issues certificates on behalf of some organization.

True

True or False? A keyed hash gives us a way to verify that some of our own data has not been modified by an attacker or someone who doesn't have the secret key.

True

True or False? A tweakable cipher includes a third input, a nonce-like value that modifies the encryption without the cost of changing the encryption key.

True

True or False? Changing a single bit of a block cipher's input affects the entire output block.

True

True or False? Cipher block chaining (CBC) is a widely used cipher mode that requires plaintext to be a multiple of the cipher's block size.

True

True or False? Eavesdropping without interfering with communications would be considered a passive attack.

True

True or False? IP provides global addressing for internet hosts.

True

True or False? Private IP addresses may only be used on a private network.

True

True or False? Randomized request are a part of the DNS Security Improvements.

True

True or False? S-boxes are special data structures that control substitutions in block ciphers.

True

True or False? Self-rekeying transforms an existing encryption key into a new one using a pseudorandom number generator.

True

True or False? The ARP cache contains every MAC address and corresponding IP address the host will use.

True

True or False? The Internet Control Message Protocol (ICMP) provides status messages that report errors detected while routing internet packets.

True

True or False? The Internet Corporation for Assigned Names and Numbers (ICAAN) manages the distribution of domain names and IP addresses.

True

True or False? The internet layer of every such protocol stack contains a routing table that chooses a network and/or MAC address for the outgoing packet.

True

True or False? The time to live (TTL) field in an IP header counts the number of hops a packet takes through routers on its way to its destination.

True

True or False? Though vulnerabilities exist, most DNS transactions take place without trouble or interference.

True

True or False? We clearly need to use encryption if we wish to protect against sniffing.

True

True or False? When internet technology connects two networks with separate link layers together, each individual network is called a subnet.

True

True or False? When you visit a website with an "https" prefix in the address, the site uses encryption on the web data it sends and receives.

True

True or False? You can wrap a secret key with RSA.

True

Number of keys in a public-key algorithm

Two different, but related keys

Symmetry of keys in a public-key algorithm

Uses asymmetric keys

A tool that captures packets on a network and helps you analyze the packets is:

Wireshark

Virtual private networking is used primarily for encrypting:

a connection between two sites across the internet.

An Advanced Encryption Standard (AES) key may not be:

a) 16 bits in length.

Bob needs to deploy an efficient block cipher. He has a choice between 128-bit AES and Triple DES using three different keys. Which of the following statements is most accurate about these choices?

a) AES is more efficient than triple DES and it provides better security.

Alice is using volume encryption on her laptop. Which of the following attacks are blocked by volume encryption, instead of other techniques, like file encryption or access controls? Select all that apply.

a) Alice forgets to explicitly encrypt a sensitive file. b) Someone steals Alice's laptop.

We have an operating system that includes built-in file encryption. When we consider the layers of system software, where does the file encryption reside?

a) Between the file system and the application layer.

The element that automatically assigns an IP address to a newly-appearing LAN host is:

a) Dynamic Host Configuration Protocol (DHCP).

What is the single most important feature of stream encryption that could prevent reused key streams?

a) Incorporating a nonce

A block cipher algorithm operates more slowly if we change the key every time we use it. Which of the following concepts is most responsible for this delay?

a) Key expansion

Which of the following are true about the development of AES? Select all that apply.

a) The algorithm was officially published to allow its general-purpose use. c) The algorithm was chosen based on published criteria. d) The algorithm was chosen by comparing it to other algorithms. f) The U.S. government adopted the algorithm as an official federal standard for encryption. b) The algorithm was chosen from a group of candidates.

When encrypting data with a block cipher, each repetition is called a:

a) round.

When we place crypto in different protocol layers, we often balance two important properties:

application transparency and network transparency.

Below are statements about ARP and routing. Select all that are true.

b) ARP can provide the MAC address of a gateway router if the router's IP address is known. d) ARP requests are broadcast to all hosts on a given local network. a) A host can rely exclusively on ARP to route packets between hosts on its local network.

Section 8.1.1 discusses NIST recommendations for cryptoperiods. Which of the following best summarizes the recommendations?

b) Issue a new key at least every 2 years and use that key for all subsequent encryption tasks. Use old keys for decryption only as needed.

Why should a self-encrypting hard drive wrap its working keys when the drive is locked?

b) It protects the key from electronic probing and extraction even if the drive is powered off.

Why does nmap pose a risk when scanning a host or network?

b) It sends numerous messages to hosts and networks, which could interfere with more important network traffic.

Which type of attack is a bit-flipping attack?

b) Known plaintext

DNS by itself provides specific services, not including services that a domain registrar might provide to customers. Which of the following services are part of DNS as opposed to additional services provided by registrars? Select all that apply.

b) Map a domain name to an email server's IP address a) Map a domain name to an IP address

Which of the following are practical risks that apply to software-based volume encryption systems? Select all that apply.

b) Online eavesdropping on a software encryption process a) Offline cracking of wrapped keys d) Retrieve working key from saved RAM when the system hibernates e) Intercept a passphrase that unlocks the encrypted drive

Which of the following play an essential part in a smurf attack? Select all that apply.

b) Packet broadcasting d) A forged IP source address

Which of the following crypto building blocks are used to construct a typical digital signature, as described in Section 8.5.3? Select all that apply.

b) Public-key encryption a) One-way hash

How does DNS cache poisoning work?

b) The attacker transmits bogus DNS responses to the victim, or the victim's DNS server, containing the bogus information.

Which of the following explanations of how packet addresses are used during routing is most accurate?

b) The packet's destination IP address is used to select the packet's next MAC address.

We are implementing a server with direct authentication. What is included in the security boundary?

b) The server itself, including its credential checking mechanism and the authentication database

We have implemented volume encryption using a self-encrypting drive. Which of the following attacks is the volume still vulnerable to? Select all that apply.

b) Trojan BIOS intercepting the unlock code when the operator unlocks the drive

We wish to crack an RSA key using brute force. Which of the following techniques will be most efficient and successful?

b) Try to factor N to find P and Q.

A major obstacle to becoming an ISP today is:

b) the shortage of internet addresses.

Encryption can help protect volumes in all of the following situations, except:

b) to prevent physical damage to a hard drive.

The following are all best practices or proper recommendations for choosing an encryption algorithm, except:

b) use DES if at all possible.

An autonomous system (AS):

b) uses border routers to connect one AS to another. a) handles two types of routing: interior and exterior.

We reduce the risk of untrustworthy encryption by using certified products. In the

c) 140-2.

Kevin's little brother has implemented a 28-bit one-way hash as a math project. How many trials should it take to locate a collision using a birthday attack?

c) 214

Which of the following qualities of a good encryption algorithm apply to DES today? Select all that apply.

c) Available for analysis a) Explicitly designed for encryption b) Security does not rely on its secrecy d) Subjected to analysis

A firewall gateway for a household or small business LAN contains several of the following features. Select all that appear in a typical gateway.

c) DHCP protocol b) Share a single IP address assigned by the ISP among multiple hosts inside the network

192.168.1.1 is an example of a(n):

c) IPv4 address.

A successful bit-flipping attack requires which of the following? Select all that apply.

c) Knowledge of the exact contents of the plaintext b) A stream cipher

Here is a list of features appearing in a low-cost commercial gateway. Which feature is most important in order to use private IP addresses?

c) Network address translation

Why do protocols like IKE and SSL exchange nonces as part of their key creation/exchange protocol? Select all that apply.

c) New nonce values should make it impossible for an attacker to replay a previous set of messages and force the connection to reuse a previous key. b) If the nonces are always different, then the protocol yields a different result each time it takes place.

We receive several blocks of ciphertext in CBC mode. An error has changed a single bit in the middle of the ciphertext. How much of the plaintext will be affected by the error when we decrypt it?

c) One bit and one block

Which of the following are requirements of secret-key cryptography? Select all that apply.

c) Reliable key revocation a) Lower computing resources required than public-key algorithms d) Trustworthy central servers

Which of the following information services are maintained as part of a domain name registration? Select all that apply.

c) Street address of the domain name's owner a) Numerical server addresses associated with the domain name b) Contact information for people responsible for the DNS entry's ownership and technical support

When encrypting a one-way hash or a secret encryption key with RSA, you must encrypt a value that contains more bits than the public key's N value. You can accomplish this via which of the following? Select all that apply.

c) Using a sufficiently large hash value a) Padding the hash value with additional, randomly generated data

PGP implemented _______________, making it so that no single person was universally trusted to sign certificates.

c) a web of trust

Internet routing:

c) makes routing decisions one at a time as a packet crosses individual networks.

Used by a client to contact a selected server

connect()

Which of the following can help to avoid problems with reused encryption keys? Select all that apply.

d) Combine the key with a nonce c) Change the internal key

How does WPA2 use cryptography to ensure the integrity of packet data?

d) It uses CBC to calculate the packet's MIC.

Which of the following security measures can detect a bit-flipping attack? Select all that apply.

d) Message containing a digital signature c) Message containing a keyed hash

Bob has purchased a self-encrypting hard drive that always encrypts everything stored on the drive. Bob wants to install a bootable operating system on it and use it on an older computer. The old computer does not allow him to install pre-boot authentication in the BIOS. Will he be able to use the drive?

d) No, because there is no way to add a plaintext partition to this drive.

Which of the following qualities of a good encryption algorithm apply to AES today? Select all that apply.

d) Subjected to analysis c) Available for analysis e) No practical weaknesses a) Explicitly designed for encryption b) Security does not rely on its secrecy

Which of the following are true of generic top-level domains .edu, .gov, and .mil? Select all that apply.

d) The domain registrar ensures that the domain information is published in the Domain Name System. a) A registrar is responsible for issuing names to domain name owners. b) The registrar restricts domain names to owners in particular countries, industries, or organizations.

Which of the following represents the best size for a cryptonet?

d) The fewest people who require access to the encrypted data

Highway systems of driveways, local roads, and national roads are networks for automobiles, much like the internet is a network for data traffic. Both types of network share some similarities. Select the most appropriate similarities from those listed below.

d) The networks may be used for private, public service, and commercial traffic. c) There is no single organization responsible for all network elements. b) The networks connect their elements across many different types of links.

We are implementing a server with off-line authentication. What is included in the security boundary?

d) The server itself, which does not include an authentication database

We are trying to decide between a public-key and a secret-key cryptographic solution. Which of the following criteria would encourage us to choose the secret-key solution? Select all that apply best to secret-key cryptography.

d) The system will always be limited to a small user community. f) When someone loses the privilege to access the system, we must be able to revoke their access rights immediately. b) We are providing the service to an established user community whose members are already identified.

In an SSL data packet, the field that indicates whether the packet carries data, an alert message, or is negotiating the encryption key is:

d) content type.

Modern internet technology evolved from research on:

d) the ARPANET.

The well-known port number 80 is used for:

d) the World Wide Web via HTTP.

Which of the following are possible features of the DNS protocol? Select all that apply.

e) Recursive name resolution c) Hierarchical domain name structure b) Distributed database for retrieving domain name information

Here is a list of features of a block cipher mode. Select all that apply to the OFB mode.

e) The mode relies on block encryption; it does not use the block decryption operation even when decrypting data. d) The mode requires an initialization vector. f) The mode uses both the block cipher algorithm and the XOR operation.

Which of the following are true about the development of RC4? Select all that apply.

e) The rationale for the algorithm design was kept secret.

Top-level domain name

edu

Here is a list of features of a block cipher mode. Select all that apply to the CBC mode.

f) The mode uses both the block cipher algorithm and the XOR operation. d) The mode requires an initialization vector. a) Ciphertext must fit into a multiple of the cipher's block size; it can't be an arbitrary number of bits.

Here is a list of features of a block cipher mode. Select all that apply to the CTR mode.

f) The mode uses both the block cipher algorithm and the XOR operation. e) The mode relies on block encryption; it does not use the block decryption operation even when decrypting data. d) The mode requires an initialization vector.

Alice has constructed a document. Bob needs to verify the document's integrity. Which of the following data items must they share? Select all that apply.

g) A one-way hash value encrypted with Alice's private key a) Alice's public key

A router is traditionally called a(n) ________.

gateway

Used by a server to await a client's connection

listen()

A(n) _______ binary value contains a row of 1 bits to identify the network address bits.

network mask

Subdomain name assigned by the domain's owner

www

True or False? A network attack in which someone forges network traffic would be considered an active attack.

True

On the internet, the entity that looks up a domain name and retrieves information about it is the:

a) Domain Name System (DNS).

Which if the following is not one of the stages that TCP connections go through?

c) Error reporting

Which authentication pattern requires public-key cryptography?

d) Off-line authentication

Sequence number

A numerical value that's used to detect duplicate packets

Bob and Alice want to construct a shared secret key using RSA. Which of the following components must Bob use to share the secret with Alice?

Alice's public key alone

Which of the following security protections is used to prevent passive attacks?

Confidentiality

True or False? The concept that embodies dumb networking by placing most network protocols in the connection's endpoint hosts is the domain name principle.

False

Secure Sockets Layer (SSL) has been replaced by:

Transport Layer Security (TLS).

True or False? Encryption works against traffic filtering, because the filtering process can't detect malicious content in encrypted packets.

True

True or False? Hosts behind a network address translation (NAT) gateway are typically assigned local IP addresses.

True

True or False? The failure of network-based reliable transport influenced a central design principle of internet-oriented networks: the end-to-end principle.

True

True or False? The point of DNS redundancy is to provide other servers that can be contacted in the event the main server goes down.

True

True or False? The purpose of a gateway firewall is to block potentially hostile traffic from reaching the internal LAN.

True

What is the "ping" packet?

a) An ICMP message used to verify that a host is on the network

To provide both encryption and integrity protection, WPA2 uses AES encryption with:

a) CCM mode.

Packet filtering looks at any packet header and filters on all of the following values, except:

a) email address.

Bob has started a company and registered its name with the government as a private corporation. He tries to create a domain name using that registered name along with his country code. The name has already been registered by someone else. What should Bob do?

b) Choose a different name that has not already been registered.

How have DDOS attacks affected DNS and hosts that rely on it? Select all that apply.

b) DDOS attacks on DNS servers for specific hosts have made it difficult for some users to reach those hosts. a) Partially successful attacks on root DNS servers have had little effect on Internet traffic. d) Botnets may have been used in some DNS DDOS attacks.

True or False? Crypto techniques originally focused on confidentiality.

True

True or False? DNS is an essential part of the internet; nobody remembers the numerical IP address of Google or Amazon or Microsoft, but everyone knows their domain names.

True

We are implementing a product with local authentication on the device. What is included in the security boundary?

a) Everything from the point where the credential is entered to the checking mechanism and the authentication database

We are trying to decide between a public-key and a secret-key cryptographic solution. Which of the following criteria would encourage us to choose the public-key solution? Select all that apply best to public-key cryptography.

a) The system can apply a lot of computational power to cryptographic operations. e) Attackers should not be able to penetrate the whole system simply by attacking a critical crypto server. c) The process of adding new users must be easy to delegate.

Which of the following statements related to the end-to-end concept of network design are true? Select all that apply.

b) Dumb networks require smart endpoints. c) Internet technology is based on interconnecting a lot of dumb networks.

Amalgamated is implementing a private corporate network using a private IP address space. The network will connect separate sites using a VPN. Which of the following statements are true about this arrangement? Select all that apply.

b) Gateways will use IPsec tunnel mode between VPN sites. c) If Amalgamated buys another company, the new company's internal network must be assigned a compatible set of private IP addresses if it is to interact with other corporate VPN sites. d) VPN traffic will be restricted to Amalgamated's sites because the appropriate crypto credentials will only be shared among authorized VPN gateways.

Which TCP fields help ensure reliable transmission of data by keeping track of the number of bytes sent and received? Select all that apply.

b) Sequence number d) Acknowledgment number

A network's topology refers to the structure of its:

b) connections.

TCP and UDP are purely ___________ protocols.

b) end-to-end

An attack in which one or more hosts conspire to inundate a victim with ping requests is called a:

b) ping flood.

An attack that forges the sender's IP address is called a(n):

c) IP spoofing attack.

We need to implement services on several servers, and we wish to use the same login credentials for all of them. Which authentication patterns are most effective for this? Select all that apply.

c) Indirect authentication d) Off-line authentication

Of the following, select the two primary components of IPsec.

c) Internet Key Exchange (IKE) d) Encapsulating Security Payload (ESP)

Encrypting "above the stack":

c) means applying cryptography at the top of the application layer or above the network protocol stack and provides network transparency.

DNS security improvements include which of the following? Select all that apply.

d) Limited access to resolvers c) Distributed DNS servers b) Randomized requests

The Domain Name System (DNS) looks up a(n) ________ name and ________ information about it.

d) domain; retrieves

The process of transforming an existing key into a new one is called:

self-rekeying.


Ensembles d'études connexes

Chapter 11 Integrated Exercise Programming: From Evidence to Practice

View Set

U.S. ARMY Maps - Marginal Information and Map Symbols

View Set

Equities: Special Securities and Financial Listings

View Set

AP Chemistry Chapter 12 Test Review

View Set