Chapter 8, Chapter 11, Chapter 9, Chapter 12, Chapter 13
Which of the following are valid private IP addresses? Select all that apply.
- 172.30.222.111 - 192.168.1.270 - 10.96.16.114
Alice has constructed a document. Bob needs to verify the document's integrity. Which of the following data items must they share? Select all that apply.
- A one-way hash value encrypted with Alice's private key - Alice's public key
Below are statements about ARP and routing. Select all that are true.
- ARP can provide the MAC address of a gateway router if the router's IP address is known. - ARP requests are broadcast to all hosts on a given local network. - A host can rely exclusively on ARP to route packets between hosts on its local network.
Alice is using volume encryption on her laptop. Which of the following attacks are blocked by volume encryption, instead of other techniques, like file encryption or access controls? Select all that apply.
- Alice forgets to explicitly encrypt a sensitive file. - Someone steals Alice's laptop.
Which of the following qualities of a good encryption algorithm apply to DES today? Select all that apply.
- Available for analysis a) Explicitly designed for encryption b) Security does not rely on its secrecy d) Subjected to analysis
Bob and Raj share a file under two-person control: Neither can open the file unless both provide their passphrases. Which of the following are true? Select all that apply.
- Bob and Raj provide separate KEKs to produce the CEK - Bob and Raj share a CEK. - Bob and Raj do not share a KEK.
Which of the following can help to avoid problems with reused encryption keys? Select all that apply.
- Combine the key with a nonce - Change the internal key
True or False? A bit-flipping attack is not knowing what the message says and changing it bit by bit.
False
True or False? A digital signature uses symmetric keys to sign or verify digital data.
False
True or False? A router changes everything past the IP header.
False
True or False? After changing an encryption key, all backup copies of the protected file are also protected by the new key.
False
True or False? Each site's router contains the complete path followed by every packet arriving at that site.
False
True or False? Exterior routing relies on interior routers.
False
True or False? Network address translation (NAT) prevents hosts on a LAN from sharing the global IP address assigned by the ISP.
False
True or False? The Diffie-Hellman cipher is a full encryption method.
False
True or False? There is a single, global public-key infrastructure (PKI).
False
Which of the following qualities of a good encryption algorithm apply to AES today? Select all that apply.
Subjected to analysis c) Available for analysis No practical weaknesses a) Explicitly designed for encryption b) Security does not rely on its secrecy
True or False? A 192-bit secret key, on average, has 2^191 keys to crack.
True
True or False? A certificate authority is a trusted third party that issues certificates on behalf of some organization.
True
True or False? A keyed hash gives us a way to verify that some of our own data has not been modified by an attacker or someone who doesn't have the secret key.
True
True or False? Address scope is based on the protocol layer at which the address is defined.
True
True or False? Private IP addresses may only be used on a private network.
True
True or False? S-boxes are special data structures that control substitutions in block ciphers.
True
True or False? The ARP cache contains every MAC address and corresponding IP address the host will use.
True
True or False? The internet layer of every such protocol stack contains a routing table that chooses a network and/or MAC address for the outgoing packet.
True
True or False? The time to live (TTL) field in an IP header counts the number of hops a packet takes through routers on its way to its destination.
True
True or False? When internet technology connects two networks with separate link layers together, each individual network is called a subnet.
True
True or False? When you visit a website with an "https" prefix in the address, the site uses encryption on the web data it sends and receives.
True
We wish to crack an RSA key using brute force. Which of the following techniques will be most efficient and successful?
Try to factor N to find P and Q.
Associate the following socket functions with the operations they perform.
Used by a client to contact a selected server - connect() Used by a server to await a client's connection - listen() Used by a server when a client's connection arrives -accept() Used by server or client to write data to a connection - sendto()
1111 1111 - 1111 1111 - 1111 0000 - 0000 0000 is an example of a(n):
binary network mask.
Using the Diffie-Hellman algorithm:
both participants in the exchange must have a public/private key pair.
Which of the following key sizes are supported by Triple DES? Select all that apply.
c) 112 168 56
A network's topology refers to the structure of its:
connections.
When we share a key with two or more people, we refer to that group as being the:
cryptonet
A(n) __________ uses asymmetric keys to sign or verify digital data.
digital signature
A router is traditionally called a(n) ________.
gateway
Access control protects data on a computer against:
hostile users.
A cryptonet:
is two or more people or share an encryption key
Encrypting an encryption key using a passphrase is called:
key wrapping
Encrypting the key itself using a passphrase is called __________.
key wrapping
Internet routing:
makes routing decisions one at a time as a packet crosses individual networks.
A(n) _______ binary value contains a row of 1 bits to identify the network address bits.
network mask
Digital signatures may be used to provide:
nonrepudiation.
Kevin is using Diffie-Hellman to share information with Tina. The following phrases explain what he must do. Select the most appropriate phrases to describe the process.
private key -Kevin combines his own public key belonging to Tina - With the unique secret shared by Kevin and Tina - to produce a
Kevin is using RSA to send information to Tina. The following phrases explain what he must do. Select the most appropriate phrases to describe the first part of the process.
randomly-generated secret key - Kevin encrypts a public key belonging to Tina - with the wrapped key - to produce a
When encrypting data with a block cipher, each repetition is called a:
round.
Modern internet technology evolved from research on:
the ARPANET.
The well-known port number 80 is used for:
the World Wide Web via HTTP
Volume encryption protects data on a computer against:
theft
Encryption can help protect volumes in all of the following situations, except:
to prevent physical damage to a hard drive.
The following are all best practices or proper recommendations for choosing an encryption algorithm, except:
use DES if at all possible.
Which tool collects network traffic and displays it as a sequence of packets?
Wireshark
The ______ was carefully designed so that the network protocols worked seamlessly across a broad range of computing equipment.
ARPANET
Each _______ is essentially a(n) _______ that handles routing between its networking customers.
AS; ISP
A successful bit-flipping attack requires which of the following? Select all that apply.
- Knowledge of the exact contents of the plaintext - A stream cipher
Which of the following is correct about the nmap utility? Select all that apply. Note: nmap does not graphically "map"; rather, it scans and reports what it finds in text.
- Maps all devices on a LAN - Identifies the versions of network protocol software each host is running
Which of the following security measures can detect a bit-flipping attack? Select all that apply.
- Message containing a digital signature - Message containing a keyed hash
Which of the following crypto building blocks are used to construct a typical digital signature, as described in Section 8.5.3? Select all that apply.
- Public-key encryption - One-way hash
What role does the trusted third party serve in public-key certificates? Select all that apply.
- Publishes its own public key so others can use it to verify the certificates it issues - Signs public-key certificates using its private key
Alice is using file encryption on her laptop. Which of the following attacks are blocked by file encryption, instead of other techniques, like volume encryption or access controls?
- Someone steals Alice's laptop. - Kevin gives Alice a program with a Trojan horse that steals sensitive files from her and emails them to him.
Highway systems of driveways, local roads, and national roads are networks for automobiles, much like the internet is a network for data traffic. Both types of network share some similarities. Select the most appropriate similarities from those listed below.
- The networks may be used for private, public service, and commercial traffic - There is no single organization responsible for all network elements. - The networks connect their elements across many different types of links.
When encrypting a one-way hash or a secret encryption key with RSA, you must encrypt a value that contains more bits than the public key's N value. You can accomplish this via which of the following? Select all that apply.
- Using a sufficiently large hash value - Padding the hash value with additional, randomly generated data
An autonomous system (AS):
- uses border routers to connect one AS to another. - handles two types of routing: interior and exterior.
Here is a list of different types of addresses that appear in packets. Associate each with the address size in terms of the number of bits.
16 bits - Port number 32 bits - IPv4 address 128 bits - IPv6 address 48 bits - MAC address
An Advanced Encryption Standard (AES) key may not be:
16 bits in length
The U.S. government standards published by NIST recommended that a secret key be used for no more than _______ years before changing it.
2
When encrypting a file, a fully punctuated passphrase should have a minimum of ________ characters.
20
Kevin's little brother has implemented a 28-bit one-way hash as a math project. How many trials should it take to locate a collision using a birthday attack?
214
A DVD's key is encrypted with how many player keys?
409 keys
Select the technical features of DES from the following list:
64 - block size 56 - key size Originally, but now no longer - Is this a U.S. government standard?
Bob needs to deploy an efficient block cipher. He has a choice between 128-bit AES and Triple DES using three different keys. Which of the following statements is most accurate about these choices?
AES is more efficient than triple DES and it provides better security.
Select the technical features of AES from the following list:
Block size of AES 128 Key sizes of AES 128, 192, 256 Yes Is this a U.S. government standard?
What RSA attack relies on mathematical test to reduce the risk that the chosen number isn't really a prime number?
Bogus primes
The element that automatically assigns an IP address to a newly-appearing LAN host is:
Dynamic Host Configuration Protocol (DHCP).
The phrases below describe fields in an IP packet. Match the IP packet field with its description.
Fragment field - Manages the fragmentation and reassembly of IP packets TTL field - Counts the number of times a packet passes through a router Type field - Indicates the type of TCP/IP transport protocol carried by this IP packet IP checksum field - Contains the checksum of the IP header fields Source IP address field - Contains the IP address of the sending host Destination IP address field - Contains the IP address of the receiving host Data field - Contains the header indicated by the Type field and the data contents
Make the best match between the internet concepts listed below and the corresponding terms.
Handles a cluster of networks, usually for paying customers - Internet Service Provider (ISP) Establishes protocol standards used on the internet -Internet Engineering Task Force (IETF) Organizes the internet into clusters of networks for routing - Autonomous system (AS) Routes network traffic between ASes - Border routers
Routing devices on the early ARPANET were called:
IMPs
192.168.1.1 is an example of a(n):
IPv4 address
The phrases below describe situations in which RSA is vulnerable to attack. Match the attack with the method of use of RSA.
Small plaintext attack - If the public key value is 3 and the message length is less than a third the length of the modulus N, a shortcut attack can recover the message Small private key attack - If the private key d value is relatively small, there is a mathematical shortcut for recovering it Timing attack - Accurately measuring how long it takes to decrypt an RSA-encrypted message provides information about the private key value
What is the single most important feature of stream encryption that could prevent reused key streams?
Incorporating a nonce
Section 8.1.1 discusses NIST recommendations for cryptoperiods. Which of the following best summarizes the recommendations?
Issue a new key at least every 2 years and use that key for all subsequent encryption tasks. Use old keys for decryption only as needed.
Why does nmap pose a risk when scanning a host or network?
It sends numerous messages to hosts and networks, which could interfere with more important network traffic.
A block cipher algorithm operates more slowly if we change the key every time we use it. Which of the following concepts is most responsible for this delay?
Key expansion
Select the technical features of Lucifer from the following list:
Key size Is this a U.S. government standard? Block size 128 Key size Is this a U.S. government standard? Block size No Key size Is this a U.S. government standard? Block size
Which type of attack is a bit-flipping attack?
Known plaintext
In the 1970s, the _________ was the only organization in the U.S. government with cryptographic expertise.
NSA
What was the first web browser to use public key certificates?
Netscape Navigator
Here is a list of features appearing in a low-cost commercial gateway. Which feature is most important in order to use private IP addresses?
Network address translation
Which interface provides a well-known way of addressing hosts and processes on a computer and of writing client or server software?
Socket interface
Provide the best matches below between terms and concepts.
One key - Number of keys in a secret-key algorithm Two different, but related keys - Number of keys in a public-key algorithm Uses asymmetric keys - Symmetry of keys in a public-key algorithm All keys are kept secret - Key secrecy in a secret-key algorithm
Associate the following internet services with their typical port numbers.
Port 21 - FTP Port 22 - SSH Port 25 - SMTP Port 80 - HTTP
Which of the following represents the best size for a cryptonet?
The fewest people who require access to the encrypted data
Which of the following explanations of how packet addresses are used during routing is most accurate?
The packet's destination IP address is used to select the packet's next MAC address.
A major obstacle to becoming an ISP today is:
The shortage of Internet addresses
Associate each protocol layer with the best description of its role when routing an internet packet.
This layer is not used in routing - Application layer Uses the port number to route traffic to an application- Transport layer Uses the destination's IP address to choose the packet's MAC address. - Internet layer Uses the MAC address to construct the link layer header. - Link layer
File encryption protects data on a computer against all of the following, except:
Trojan crypto.
The phrases below describe terms and entities associated with encryption. Match the term or entity with its description.
Web of trust - No single person is universally trusted to sign certificates; individual users decide who they trust to sign certificates Public-key infrastructure (PKI) - Used to validate public keys and to use them safely Certificate authority - A trusted third party that issues certificates
A tool that captures packets on a network and helps you analyze the packets is:
Wireshark
PGP implemented _______________, making it so that no single person was universally trusted to sign certificates.
a web of trust
