Test 1 + 2 + 3 +4 - Applied Cryptography - Network Security Essentials Applications and Standards 6th
A connection-oriented integrity service deals with individual messages without regard to any larger context and generally provides protection against message modification only.
False
A loss of confidentiality is the unauthorized modification or destruction of information.
False
A means of generating predictable PGP session keys is needed.
False
AES (Advanced Encryption Standard) uses a Feistel structure.
False
Cryptographic hash functions generally execute slower in software than conventional encryption algorithms such as DES (Data Encryption Standard).
False
Data integrity is the protection of data from unauthorized disclosure.
False
Data origin authentication provides protection against the duplication or modification of data units.
False
Each PGP entity must maintain a file of its own public/private key pairs as well as a file of private keys of correspondents.
False
IEEE 802.11 defines seven services that need to be provided by the wireless LAN to achieve functionality equivalent to that which is inherent to wired LANs.
False
If an opponent captures an unexpired service granting ticket and tries to use it they will be denied access to the corresponding service.
False
If the lifetime stamped on a ticket is very short (e.g., minutes) an opponent has a greater opportunity for replay.
False
Information access threats exploit service flaws in computers to inhibit use by legitimate users.
False
It is not necessary for a certification authority to maintain a list of certificates issued by that CA that were not expired but were revoked.
False
It is not required for two parties to share a secret key in order to communicate securely with conventional encryption.
False
Kerberos relies exclusively on asymmetric encryption and makes use of public key encryption.
False
Message encryption alone provides a secure form of authentication.
False
Microsoft Explorer originated SSL.
False
One desirable property of a stream cipher is that the ciphertext be longer in length than the plaintext.
False
PGP (Pretty Good Privacy) provides confidentiality through the use of asymmetric block encryption.
False
PGP has a very rigid public-key management scheme.
False
Patient allergy information is an example of an asset with a moderate requirement for integrity.
False
Phase 3 completes the setting up of a secure connection of the Handshake Protocol.
False
Private key encryption is used to produce digital signatures which provide an enhanced form of message authentication.
False
Public-key encryption is also referred to as conventional encryption, secret-key, or single-key encryption.
False
Smaller block sizes mean greater security but reduced encryption/decryption speed.
False
The SSL Record Protocol is used before any application data is transmitted.
False
The WAP architecture is designed to cope with the two principal limitations of wireless Web access: the limitations of the mobile node and the high data rates of wireless digital networks.
False
The certificate message is required for any agreed on key exchange method except fixed Diffie-Hellman.
False
The encryption of the compressed message plus the MAC must increase the content length by more than 1024 bytes.
False
The integration service enables transfer of data between a station on an IEEE 802.11 LAN and a station on an integrated IEEE 802.x LAN.
False
The most commonly used symmetric encryption algorithms are stream ciphers.
False
The most complex part of Wireless Transport Layer Security is the Change Cipher Spec Protocol.
False
The pairwise master key is derived from the group key.
False
The security of symmetric encryption depends on the secrecy of the algorithm, not the secrecy of the key.
False
The security of the Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to calculate exponentials modulo a prime, it is very easy to calculate discrete logarithms.
False
The two important aspects of encryption are to verify that the contents of the message have not been altered and that the source is authentic.
False
There are clear boundaries between network security and internet security.
False
To enhance security an encrypted message is not accompanied by an encrypted form of the session key that was used for message encryption.
False
Unlike traditional publishing environments, the Internet is three-way and vulnerable to attacks on the Web servers.
False
User certificates generated by a CA need special efforts made by the directory to protect them from being forged.
False
WAP was not designed to work with all wireless network technologies.
False
A basic service set may be isolated or it may connect to a backbone distribution system through an access point, which functions as a bridge and a relay point.
True
A message component includes the actual data to be stored or transmitted as well as a filename and a timestamp that specifies the time of creation.
True
A session key is destroyed at the end of a session.
True
As a default, PGP compresses the message after applying the signature but before encryption.
True
Because of the mathematical properties of the message authentication code function it is less vulnerable to being broken than encryption.
True
Ciphertext is the scrambled message produced as output..
True
E-mail is the most common distributed application that is widely used across all architectures and vendor platforms.
True
EEE 802.11 is a standard for wireless LANs.
True
Even in the case of complete encryption there is no protection of confidentiality because any observer can decrypt the message by using the sender's public key.
True
Federated identity management is a concept dealing with the use of a common identity management scheme across multiple enterprises and numerous applications and supporting many thousands, even millions, of users.
True
For symmetric encryption to work the two parties to an exchange must share the same key, and that key must be protected from access by others.
True
In addition to providing authentication, a message digest also provides data integrity and performs the same function as a frame check sequence.
True
In developing a particular security mechanism or algorithm one must always consider potential attacks on those security features.
True
In the ECB (Electronic Code Book) mode of encryption if an attacker reorders the blocks of ciphertext then each block will still decrypt successfully, however, the reordering may alter the meaning of the overall data sequence.
True
Kerberos version 4 did not fully address the need to be of general purpose.
True
One notable approach to WAP assumes that the mobile device implements TLS over TCP/IP and the wireless network supports transfer of IP packets.
True
One of the major roles of public-key encryption is to address the problem of key distribution.
True
One way to classify Web security threats is in terms of the location of the threat: Web server, Web browser, and network traffic between browser and server.
True
PGP (Pretty Good Privacy) incorporates tools for developing public-key certificate management and a public-key trust model.
True
Pervasive security mechanisms are not specific to any particular OSI (Open Systems Interconnection) security service or protocol layer.
True
Ports are logical entities defined within the authenticator and refer to physical network connections.
True
Public key algorithms are based on mathematical functions rather than on simple operations on bit patterns.
True
Public key algorithms are useful in the exchange of conventional encryption keys.
True
Random numbers play an important role in the use of encryption for various network security applications.
True
SSl/TLS includes protocol mechanisms to enable two TCP users to determine the security mechanisms and services they will use.
True
Server authentication occurs at the transport layer, based on the server possessing a public/private key pair.
True
Sessions are used to avoid the expensive negotiation of new security parameters for each connection that shares security parameters.
True
The CIA (Confidentiality, Integrity, Availability) triad embodies the fundamental security objectives for both data and for information and computing services.
True
The Change Cipher Spec Protocol is one of the three SSL-specific protocols that use the SSL Record Protocol.
True
The DS can be a switch, a wired network, or a wireless network.
True
The Feistel structure is a particular example of the more general structure used by all symmetric block ciphers.
True
The TLS Record Format is the same as that of the SSL Record Format.
True
The WTLS Record Protocol takes user data from the next higher layer and encapsulates these data in a PDU (Protocal Data unit).
True
The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets.
True
The actual method of key generation depends on the details of the authentication protocol used.
True
The advantage of a block cipher is that you can reuse keys.
True
The automated key distribution approach provides the flexibility and dynamic characteristics needed to allow a number of users to access a number of servers and for the servers to exchange data with each other.
True
The ciphertext-only attack is the easiest to defend against because the opponent has the least amount of information to work with.
True
The emphasis in dealing with passive attacks is on prevention rather than detection.
True
The essence of a symmetric block cipher is that a single round offers inadequate security but that multiple rounds offer increasing security.
True
The first element of the Cipher Suite parameter is the key exchange method.
True
The key exchange protocol is vulnerable to a man- in-the-middle attack because it does not authenticate the participants.
True
The key legitimacy field is derived from the collection of signature trust fields in the entry.
True
The main advantage of HMAC over other proposed hash based schemes is that HMAC can be proven secure, provided that the embedded hash function has some reasonable cryptographic strengths.
True
The more critical a component or service, the higher the level of availability required.
True
The primary advantage of a stream cipher is that stream ciphers are almost always faster and use far less code than do block ciphers.
True
The principal drawback of 3DES is that the algorithm is relatively sluggish in software.
True
The principal underlying standard for federated identity is the Security Assertion Markup Language (SAML) which defines the exchange of security information between online business partners.
True
The private key is known only to its owner.
True
The shared master secret is a one-time 48-byte value generated for a session by means of secure key exchange.
True
The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm.
True
The ticket-granting ticket is encrypted with a secret key known only to the authentication server and the ticket granting server.
True
There is a natural tendency on the part of users and system managers to perceive little benefit from security investment until a security failure occurs.
True
Triple DES (Data Encryption Standard) was first standardized for use in financial applications in ANSI standard X9.17 in 1985.
True
Viruses and worms are two examples of software attacks.
True
WML (Wireless Markup Language) presents mainly text-based information that attempts to capture the essence of the Web page.
True
WTLS (Wireless Transport Layer Security) provides security services between the mobile device and the WAP gateway.
True
With the introduction of the computer the need for automated tools for protecting files and other information stored on the computer became evident.
True
X.509 is based on the use of public-key cryptography and digital signatures.
True
