Network Admin Security Exam 2
Phase _________ of the Handshake Protocol establishes security capabilities. 3 1 2 4
1
The handshake is complete and the client and server may begin to exchange application layer data after the server sends its finished message in phase _________ of the Handshake Protocol.
4
The MPDU exchange for distributing pairwise keys is known as the _________ which the STA and SP use to confirm the existence of the PMK, to verify the selection of the cipher suite, and to derive a fresh PTK for data sessions.
4-way handshake
The master session key is also known as the __________ key. GTK AAA MIC STA
AAA
_________ attacks include impersonating another user, altering messages in transit between client and server and altering information on a Web site. Psuedo Passive Active Shell
Active
The _________ is used to convey SSL-related alerts to the peer entity. Alert Protocol Handshake Protocol Change Cipher Spec Protocol SSL Record Protocol
Alert Protocol
The __________ is used to convey WTLS-related alerts to the peer entity. Counter Mode MAC Protocol Cipher Spec Protocol Alert Protocol WAP Protocol
Alert Protocol
Three higher-layer protocols defined as part of SSL and used in the management of SSL exchanges are: The Handshake Protocol, The Change Cipher Spec Protocol, and the __________ .
Alert Protocol
The __________ approach is vulnerable to man-in-the-middle attacks. Fixed Diffie-Hellman Fortezza Anonymous Diffie-Hellman Ephemeral Diffie-Hellman
Anonymous Diffie-Hellman
At any point in an IKE exchange the sender may include a _________ payload to request the certificate of the other communicating entity.
Certificate Request
_________ require a client write MAC secret, a server write MAC secret, a client write key, a server write key, a client write IV, and a server write IV, which are generated from the master secret in that order.
CipherSpecs
With each element of the list defining both a key exchange algorithm and a CipherSpec, the list that contains the combination of cryptographic algorithms supported by the client in decreasing order of preference is the __________ . Random CipherSuite Session ID Version
CipherSuite
E-banking, personal banking, e-commerce server, software validation and membership-based online services all fall into the VeriSign Digital ID _________ .
Class 3
The ________ MIME field is a text description of the object with the body which is useful when the object is not readable as in the case of audio data. Content-Transfer-Encoding Content-Description Content-Type Content-ID
Content-Description
The __________ field is used to identify MIME entities uniquely in multiple contexts. Content-Transfer- Encoding Content-ID Content-Description Content-Type
Content-ID
The __________ MIME field describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user or otherwise deal with the data in an appropriate manner.
Content-Type
__________ is the primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS.
Distribution
The _________ is used to ensure the confidentiality of the GTK and other key material in the 4-Way Handshake. MIC key EAPOL-KEK EAPOL-KCK TK
EAPOL-KEK
_________ consists of an encapsulating header and trailer used to provide encryption or combined encryption/authentication. The current specification is RFC 4303. IPsec ISA ESP SPI
ESP
Please list at least four main IP security problems
Eavsdropping, Modification of packets in transit, Identity spoofing, and Denial of service.
Authentication makes use of the _________ message authentication code.
HMAC
__________ refers to the combination of HTTP and SSL to implement secure communication between a Web browser and a Web server.
HTTPS
The _________ Protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm along with cryptographic keys to be used to protect data sent in an SSL Record.
Handshake
An SSL session is an association between a client and a server and is created by the ___________ .
Handshake Protocol
The most complex part of SSL is the __________ . Handshake Protocol Alert Protocol SSL Record Protocol Change Cipher Spec Protocol
Handshake Protocol
__________ specifies security standards for IEEE 802.11 LANs including authentication, data integrity, data confidentiality, and key management.
IEEE 802.11i
_________ defines a number of techniques for key management. KEP IKE SKE KMP
IKE
IPsec provides security services at the ________ layer by enabling a system to select required security protocols, determine the algorithms to use for the services and put in place any cryptographic keys required to provide the requested services.
IP
__________ provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. ISA IKE IAB IPsec
IPsec
The selectors that determine a Security Policy Database are: Name, Local and Remote Ports, Next Layer Protocol, Remote IP Address, and _________ .
Local IP Address
__________ allows the client to set up a "hijacker" process that will intercept selected application-level traffic and redirect it from an unsecured TCP connection to a secure SSH tunnel.
Local forwarding
Video content will be identified as _________ type. MPEG JPEG GIF BMP
MPEG
The __________ is the information that is delivered as a unit between MAC users. MSDU DS BSS MPDU
MSDU
The _________ accepts the message submitted by a Message User Agent and enforces the policies of the hosting domain and the requirements of Internet standards. Mail Submission Agent Mail Delivery Agent Message Transfer Agent Message Store
Mail Submission Agent
Typically housed in the user's computer, a _________ is referred to as a client e-mail program or a local network e-mail server. Message User Agent Mail Submission Agent Message Store Message Transfer Agent
Message User Agent
_________ identifies the type of data contained in the payload data field by identifying the first header in that payload. Security Parameters Index Sequence Header Payload Data Next Header
Next Header
The __________ payload contains either error or status information associated with this SA or this SA negotiation. Nonce Configuration Notify Encrypted
Notify
Please explain how PGP realizes confidentiality and authentication
PGP realizes confidentiality with this process: First the sender forms 128 bit random session key, then the sender encrypts the message with the session key, then the sender encrypts the key with the receivers public key, the receiver then decrypts and recovers the session key, and last the receiver decrypts the message with the session key. PGP realizes authentication with the following process: first the sender creates the message, then the sender generates a SHA hash value, then the sender signs the hash value with the private key: RSA, then the receiver decrypts and recovers the hash code, and last the receiver verifies the received message hash.
The PMK is used to generate the _________ which consists of three keys to be used for communication between a STA and AP after they have been mutually authenticated. PTK AAA Key GTK PSK
PTK
_________ attacks include eavesdropping on network traffic between browser and server and gaining access to information on a Web site that is supposed to be restricted.
Passive
MIME is an extension to the ________ framework that is intended to address some of the problems and limitations of the use of SMTP. RFC 821 RFC 3852 RFC 5322 RFC 4871
RFC 5322
The purpose of the discovery phase in the ___________ is for a STA and an AP to recognize each other, agree on a set of security capabilities, and establish an association for future communication using those security capabilities. WPA TKIP RSN WAE
RSN
A value chosen by the responder to identify a unique IKE SA is a _________ . Flag Initiator SPI Responder Cookie Message ID
Responder Cookie
__________ is an Internet standard approach to e-mail security that incorporates the same functionality as PGP. MIME DKIM S/MIME HTTPS
S/MIME
A _________ is a one way relationship between a sender and a receiver that affords security services to the traffic carried on it. SA SAD SPD SPI
SA
S/MIME cryptographic algorithms use __________ to specify requirement level. SHOULD and CAN SHOULD and MUST SHOULD and MIGHT CAN and MUST
SHOULD and MUST
The means by which IP traffic is related to specific SAs is the _________ . SPI SAD TRS SPD
SPD
The key management mechanism that is used to distribute keys is coupled to the authentication and privacy mechanisms only by way of the _________ . SPI ESP SPD IAB
SPI
Three standardized schemes that are becoming increasingly important as part of Web commerce and that focus on security at the transport layer are: SSL/TLS, HTTPS, and _________.
SSH
_________ is organized as three protocols that typically run on top of TCP for secure network communications and are designed to be relatively simple and inexpensive to implement. SSL SSH TLS SSI
SSH
_________ provides secure, remote logon and other secure client/server facilities. SSH HTTPS TLS SLP
SSH
Please explain what is SSH and explain how to realize secure remote login with username password with SSH
SSH provides secure remote login. First, the client generates a session key with the username/password. Then the client sends a remote login request with the session key encryption to the server. Then the server generates a session key with the users name and password. Then the server sends acknowledgement information encrypted with the session key to the client. Last, the communication begins.
__________ provides confidentiality using symmetric encryption and message integrity using a message authentication code.
SSL/TLS
The _________ takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment.
SSl Record Protocol
Defined as a Proposed Internet Standard in RFC 2246, _________ is an IETF standardization initiative whose goal is to produce an Internet standard version of SSL. SSH SHA-1 CCSP TLS
TLS
The SSL Internet standard version is called _________ . SSH SLP HTTP TLS
TLS
Please list the main functions of S/MIME
The main functions of S/MIME include: enveloped data, signed data, clear signed data, and signed and enveloped data.
Please list the main protocols in Email server
The main protocols in the Email server are: SMTP(Simple Mail Transfer Protocol), MIME protocol, POP(Post Office Protocol), and IMAP(Internet Message Access Protocol).
Please list the two main IPSec Modes
The two main IPSec modes include transport mode which is traffic from host to host, or host to gateway and tunnel mode which is traffic from gateway to gateway, or from host to gateway.
please explain the main work process for wireless authentication protocol such as WEP and WPA.
The work process begins with a probe request being sent from the client to the access point. The access point then sends a probe response back to the client. Then the client sends an authentication request to the access point. The access point then sends a response back to the client. After this communication, the client will have access to the wireless.
please explain the work process of SSL and HTTPS. Especially, please explain their difference.
The work process of SSL starts with the handshaking protocol and is followed by the record process. The handshaking protocol begins with the client sending a message to the server and the server responding. Then the server sends its certificate to the client along with a request for the clients certificate. Then the client sends its certificate to the server. The record process starts with the client generating a symmetric key, then encrypting the symmetric key with the server certificate, and then the digital signature is generated. The server then gets the symmetric key, the message, and compares the two to verify the hash value. HTTPS begins with the user generating a session key. Then the server sends the public key certificate to the client. Then the client sends the server the sessions key encrypted with the public key certificate. After that the server acknowledges the communication. Then the client sens the username and password to the server encrypted with the session key. Then the server sends the response service. After that the client sends request service encrypted with the session key. Lastely the server sends response service encrypted with the session key. The difference between SSL and HTTPS is unlike SSL, HTTPS client does not have a certificate.
The _________ payload allows peers to identify packet flows for processing by IPsec services. Traffic Selector Extensible Authentication Protocol Vendor ID Configuration
Traffic Selector
_________ mode is used when one or both ends of an SA are a security gateway, such as a firewall or router that implements IPsec.
Tunnel
Please explain what is VPN
VPN stands for Virtual Private Network. VPN uses a public infastructure (Internet) to provide remote offices or individuals with secure access to their organizations network. Virtual makes your other office or individual to be a part of your network. Private means the original packets are encrypted, the encrypted payload is then encapsulated inside of another packet. This encapsulation process is often referred to as tunneling.
_________ is a standard to provide mobile users of wireless phones and other wireless terminals access to telephony and information services including the Internet and the Web. WAP WPA WEP WML
WAP
Please explain what is WAP
WAP stands for Wireless Application Protocol. This protocol is a universal, open standard developed to provide mobile wireless users access to telephony and information services.
_________ was designed to describe content and format for presenting data on devices with limited bandwidth, limited screen size, and limited user input capability and to work with telephone keypads, styluses, and other input devices common to mobile, wireless communication. WAP WPA WAE WML
WML
WAP security is primarily provided by the __________ which provides security services between the mobile device and the WAP gateway to the Internet. TKIP CCMP MSDU WTLS
WTLS
The term used for certified 802.11b products is ___________ . WEP WPA Wi-Fi WAP
Wi-Fi
A Pseudorandom Function takes as input: an identifying label a secret value all of the above a seed value
all of the above
The _________ type refers to other kinds of data, typically either uninterpreted binary data or information to be processed by a mail-based application.
application
The __________ mechanism assures that a received packet was in fact transmitted by the party identified as the source in the packet header and assures that the packet has not been altered in transit. key management security authentication confidentiality
authentication
The _________ transfer encoding, also known as radix-64 encoding, is a common one for encoding arbitrary binary data in such a way as to be invulnerable to the processing by mail-transport programs.
base64
The specification of a protocol along with the chosen key length is known as a __________ . cipher suite distribution system RSN extended service
cipher suite
The symmetric encryption key for data encrypted by the client and decrypted by the server is a _________ . server write key master key client write key sequence key
client write key
IPsec encompasses three functional areas: authentication, key management, and __________ .
confidentiality
The _________ facility enables communicating nodes to encrypt messages to prevent eavesdropping by third parties. security key management authentication confidentiality
confidentiality
Two important SSL concepts are the SSL session and the SSL _________ .
connection
The __________ function is the logical function that determines when a station operating within a BSS is permitted to transmit and may be able to receive PDUs.
coordination
A WML _________ is similar to an HTML page in that it is identified by a URL and is the unit of content transmission. page card deck unit
deck
A _________ is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer, which is then encoded using base64 encoding.
digital signature
PGP provides authentication through the use of _________ . digital signatures radix-64 symmetric block encryption asymmetric block encryption
digital signatures
Three different authentication methods can be used with IKE key determination: Public key encryption, symmetric key encryption, and _________ .
digital signatures
The WAP Programming Model is based on three elements: the client, the original server, and the _________ .
gateway
Computed by PGP, a _________ field indicates the extent to which PGP will trust that this is a valid public key for this user; the higher the level of trust, the stronger the binding of this user ID to this key.
key legitimacy
The __________ facility is concerned with the secure exchange of keys.
key management
The __________ enables the recipient to determine if the correct public key was used to decrypt the message digest for authentication. timestamp key ID of the sender's public key leading two octets of message digest filename
leading two octets of message digest
The __________ layer keeps track of which frames have been successfully received and retransmits unsuccessful frames. physical layer transmission media access control logical link control
logical link control
The function of the __________ is to on transmission assemble data into a frame, on reception disassemble frame and perform address recognition and error detection, and govern access to the LAN transmission medium. transmission layer media access control layer logical layer physical layer
media access control layer
The __________ subtype is used when the different parts are independent but are to be transmitted together. They should be presented to the receiver in the order that they appear in the mail message. multipart/alternative multipart/mixed multipart/digest multipart/parallel
multipart/mixed
For the __________ subtype the order of the parts is not significant. multipart/digest multipart/alternative multipart/parallel multipart/mixed
multipart/parallel
IKE key determination employs __________ to ensure against replay attacks. groups flags nonces cookies
nonces
Forming a hierarchy beginning with a master key from which other keys are derived dynamically and used for a limited period of time, __________ are used for communication between a pair of devices typically between a STA and an AP.
pairwise keys
PGP makes use of four types of keys: public keys, private keys, one-time session keys, and ___________ symmetric keys.
passphrase-based
The layer of the IEEE 802 reference model that includes such functions as encoding/decoding of signals and bit transmission/reception is the _________ . physical layer media access layer logical link layer control layer
physical layer
A signature is created by taking the hash of a message and encrypting it with the sender's _________ .
private key
The _________ transfer encoding is useful when the data consists largely of octets that correspond to printable ASCII characters.
quoted-printable
PGP provides compression using the __________ algorithm. radix-64 symmetric block MIME digital signature
radix-64
To provide transparency for e-mail applications, an encrypted message may be converted to an ASCII string using _________ conversion.
radix-64
A __________ attack is one in which an attacker obtains a copy of an authenticated packet and later transmits it to the intended destination.
replay
The MPDU authentication phase consists of three phases. They are: connect to AS, EAP exchange and _________ .
secure key delivery
The final message in phase 2, and one that is always required, is the ___________ message, which is sent by the server to indicate the end of the server hello and associated messages. server_done no_certificate finished goodbye
server_done
An arbitrary byte sequence chosen by the server to identify an active or resumable session state is a _________ . cipher spec compression session identifier peer certificate
session identifier
Authentication applied to all of the packet except for the IP header is _________ . transport mode association mode security mode tunnel mode
transport mode
The key legitimacy field, the signature trust field and the owner trust field are each contained in a structure referred to as a ___________ .
trust flag byte
Authentication applied to the entire original IP packet is _________ . transport mode security mode tunnel mode cipher mode
tunnel mode
Key IDs are critical to the operation of PGP and __________ key IDs are included in any PGP message that provides both confidentiality and authentication. six two three four
two
