Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CS 6035 - Exam 2 > CS 6035 - Exam 2 > Flashcards

CS 6035 - Exam 2 Flashcards

1
Q

Packet filter firewalls can not prevent attacks that employ application-specific vulnerabilities or functions

(T/F)

A

True –> because packet filter firewalls do not examine upper-layer data, they cannot prevent attacks that employ application-specific vulnerabilities or functions.

For example, a packet filtering firewall cannot block specific application commands; if a packet filter firewall allows a given application, all functions available within the application will be permitted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A firewall can protect fully against internal threats, such as a disgruntled employee or an employee who unwittingly cooperates with an external attacker.

(T/F)

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A Stateful Packet Inspection Firewall only allows incoming TCP traffic to high level ports for packets which fit the profile of an entry in its directory of outbound TCP packets

(T/F)

A

True

A simple packet filtering firewall must permit inbound network traffic on all high-numbers ports for TCP-based traffic filtering. This creates a vulnerability that can be exploited by unauthorized users.

A stateful packet inspection firewall tightens up the rules for TCP traffic by creating a directory of outbound TCP connections. Incoming traffic has to fit the profile of entries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Internal firewalls usually provide two-way protection for the DMZ (demilitarized zone) network system

(T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A botnet attack compromises the availability of a system but not its integrity

(T/F)

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is not used by packet filtering firewall rules?

  • Source or destination IP address
  • IP protocol field
  • TCP port number
  • TCP sequence number
A

TCP sequence number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A privilege - escalation exploit is malicious behavior which:

  • Operates by changing system resources such as libraries, directories, registry settings, and user accounts
  • Mails a copy of itself to address in the local system’s email address book
  • Allows the hacker to access files outside the range of which a server application would normally need to access
  • Obtains root access from a (non-root) user account
A

Obtains access from a (non-root) user account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A _____ vulnerability in a Web server allows the hacker to access files outside the range of what a server application user would normally need access to.

A

directory traversal

examples of types of malicious behavior addresses by a host-based IPS (HIPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You run a network firewall for a company that handles lots of text message traffic. Spammers occasionally try to trick your systems into sending text messages for them. You notice these incoming requests always contain a spoofed address that looks like an IP address internal to your network. What is the most effective countermeasure for you to take against the spoofers.

  • Discard packets with an internal source address if that packet arrives on an internal interface
  • Change settings in the browser so that they only send requests with their own ip address as the source address
  • Modify the routers to block all external traffic
  • Discard packets with an internal source address if the packet arrives on an external interface
A

Discard packets with an internal source address if the packet arrives on an external interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following are examples of attacks that can be made on packet-filtering firewalls?

  • IP address spoofing
  • Fragment attacks
  • Source routing attacks
  • All of the above
  • A & C
A

All of the above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In the context of a network-based IPS (NIPS), _____ is a strategy used to identify malicious packets by scanning for attack signatures in a traffic stream, rather than individual packets.

A

Stateful matching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In the context of a network-based IPS (NIPS), _____ scans incoming packets for specific byte sequences (the signatures) stores in database of known attacks.

A

Pattern matching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In the context of a network-based IPS (NIPS), _____ looks for deviation from standards set forth in RFCs (remote function call).

A

Protocol anomaly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In the context of a network-based IPS (NIPS), _____ watches for unusual traffic activities, such as flood of UDP packets or a new service appearing on the network.

A

Traffic anomaly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In the context of a network-based IPS (NIPS), _____ develops baselines of normal traffic activity and throughput, and alerts on deviations from those baselines.

A

Statistical anomaly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A bot is a computer compromised by malware and under the control of a bot master

(T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The best defense against being an unwitting participant in a DDoS attack is to prevent your system from being compromised.

(T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Botnet command-and-control must be centralize, i.e., all bots communicate with a central server(s).

(T/F)

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Both static and dynamic analysis are needed in order to fully understand malware behaviors.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The domain name(s) of the command and control server(s) of botnet are pre-determined for the lifetime of the bot.

(T/F)

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Some API attacks last for years before they are detected.

T/F

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

If we find that a botnet server is located in country X, we can be certain that criminals within country X control the botnet.

(T/F)

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The firewall may be a single computer system or set of two or more systems that cooperate to perform the firewall function

(T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A firewall can serve as the platform for IPSec.

T/F

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A packet filtering firewall is typically configured to filter packets going in both directions.

(T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A prime disadvantage of an application-level gateway is additional processing overhead on each connection.

(T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A DMZ (demilitarized zone) is one of the internal firewalls protecting the bulk of the enterprise network.

(T/F)

A

False

External Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A botnet can use ____ for command-and-control.

  • Email
  • HTTP
  • IRC (Internet Relay Chat)
  • All of the above
A

All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

In a ____ attack the attacker creates a series of DNS requests containing the spoofed source address for the target system.

  • SYN flood
  • DNS amplification
  • Poison packet
  • UDP flood
A

DNS amplification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Characters of Advanced Persistent Treats (APT) include ________.

  • Using zero-day exploit
  • Low-and-slow
  • Targeting high-value data
  • All of the above
A

All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

The _____ defines the transport protocol.

  • Destination IP address
  • Source IP address
  • Interface
  • IP protocol field
A

IP protocol field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A _____ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.

  • Packet filtering
  • Stateful inspection
  • Application-level
  • Circuit-level
A

Circuit-level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Typically the systems in the _____ require or foster external connectivity such as a corporate Web site, an email server, or an DNS server.

  • DMZ (demilitarized zone)
  • IP protocol field
  • Boundary firewall
  • VPN
A

DMZ (demilitarized zone)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A ____ configuration involves stand-alone firewall devices plus host-based firewall working together under a central administrative control.

  • Packet filtering firewall
  • Distributed firewall
  • Personal firewall
  • Stateful inspection firewall
A

Distributed firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

The _____ attack is designed to circumvent filtering rules that depend on TCP header information.

  • tiny fragment
  • address spoofing
  • source routing
  • bastion host
A

Tiny Fragment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

When analyzing traffic on a honeypot, care should be used in discerning legitimate traffic from potential intruders.

A

False.

put true –> still confusing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

The purpose of Diffie-Hellman key exchange is to enable two users to securely reach agreement about a shared secret, that can be used as a secret key for subsequent symmetric encryption messages.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Arranging for the sender and receiver to have the same secret key is the first requirement for digital envelope to protect a message.

A

False.

Digital envelope allows a message to be protected without first arranging for the sender and receiver to have the same key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

In RSA cryptography, a public key size of 100 bits is sufficient to secure a message.

A

False.

Currently, a 1024-bit key size is considered strong enough for virtually all applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A worm can potentially be identified through the use of anomaly detection techniques like noticing that hosts are using ports that they do not normally use.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Compared to symmetric encryption, public-key encryption.

  • is more important
  • relies on bit operations instead of mathematical functions
  • is more secure from cryptanalysis
  • uses less computational overhead
  • all of the above
  • none of the above
A

None of the above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

X.509 certificates are not used in:

  • IP Security (IPSec)
  • Transport Layer Security (TLS)
  • Secure Shell (SSH)
  • Secure/Multi-purpose Internet Mail Extension (S/MIME)
  • Physical Layer Security (PLS)
  • None of the Above
A

Physical Layer Security (PLS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which of the following are algorithms that can be used in the digital signature process:

  1. RSA
  2. Diffie-Hellman
  3. Elliptic Curve
A
  1. RSA

3. Elliptic Curve

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Hash functions can be used for which of the following applications:

  • Message authenticity
  • Password security
  • Intrusion detection
  • All of the above
A

All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

The four major categories of Snort rule options are:

  1. Sub-Data
  2. Meta-Data
  3. Payload
  4. Non-Payload
  5. Post-Detection
  6. Pre-Detection
A
  1. Meta-Data
  2. Payload
  3. Non-Payload
  4. Post-Detection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Intrusion detection is based on the assumption that the behavior of the intruder differs from that can be quantified

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

To be of practical use an IDS (intrusion detection system) should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.

A

False.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

A common location for Network Intrusion Detection (NIDS) sensor is just inside the external firewall.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Network-based intrusion detection makes use of signature detection and anomaly detection.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Symmetric encryption is used primarily to provide confidentiality.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Two of the most important applications of public-key encryption are digital signatures and key management

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

The secret key is one of the inputs to a symmetric-key encryption algorithm.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Public-key algorithms are based on simple operations on bit patterns.

A

False.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

A ______ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.

A

host-based IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

______ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.

A

Signature detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

_____ involves the collection of data relating to the behavior of legitimate users over a period of time.

A

Anomaly detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

A(n) _____ is inserted into a network segment so that the traffic that is monitoring must pass through the sensor.

A

inline sensor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

The _____ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.

A

analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

On average, ______ of all possible keys must be tried in order to achieve success with a brute-force attack.

A

half

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to _____.

A

use longer keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

_______ is a procedure that allows communicating parties to verify that received or stored messages are authentic.

A

message authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

The purpose of a _______ is to produce a “fingerprint” of a file, message, or other block of data.

A

hash function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

A _______ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.

A

digital signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

A _____ applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.

A

packet filtering firewall

note: the firewall is typically configured to filter packets going in both directions (from and to the internal network)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

A ______ is in essence an inline NIDS with the authority to modify or discard packets and tear down TCP connections

A

network-based IPS (intrusion protection system)

As with a NIDS, a NIPS makes use of techniques used in a NIPS but not commonly found in a firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

The principle features of ____ that enables it to support these applications is that it can encrypt and/or authenticate all traffic at the IP level.

A

IPSec

example use cases:

  1. secure branch office connectivity over the internet
  2. secure remote access over the internet
  3. establishing extranet and intranet connectivity with partners
  4. enhancing electronic commerce security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Symmetric encryption is also referred to as secret-key or single-key encryption

(T/F)

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

The ciphertext-only attack is the easiest to defend against

T/F

A

True

Because the opponent has the least amount of information to work with.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

A brute-force approach involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained.

(T/F)

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Advanced Encryption Standard (AES) users a Feistel structure.

(T/F)

A

False

AES uses a block length of 128 bits and a key length that can be 128, 192, or 256 bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Each block of 64 plaintext bits is encoded independently using the same key is a description of the CBC mode of operation.

A

False.

CBC encryption algorithm is the XOR of the 64 bits of plaintext and the preceding 64 bits of cipher text.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Timing attacks are only applicable to RSA

A

False.

These depend on the running time of the decryption algorithm.

Applicable not just to RSA, but to other public-key cryptography systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

_____ RSA attack involves trying all possible private keys

A

Brute force

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

_____ RSA attack, there are several different approaches, all equivalent in effort to factoring the product of two primes.

A

Mathematical attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

_____ RSA attack, this type of attack exploits properties of RSA algorithm.

A

Chosen ciphertext attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Using PKCS (public-key cryptography standard), when RSA encrypts the same message twice, different ciphertexts will be produced.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithsm

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

A key exchange protocol is vulnerable to a man-in-the-middle attack if it does not authenticate the participants

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Just like RSA can be used for signature as well as encryption, Digital Signature Standard can also be used for encryption.

A

False

Digital Signature Standard is a suite of algorithms that can be used to generate digital signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

In general, public key based encryption is much slower than symmetric key based encryption.

(T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

______ is the original message or data that is fed into the encryption process as input

  1. Plaintext
  2. Encryption algorithm
  3. Decryption algorithm
  4. Ciphertext
A

Plaintext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Which of the following would allow an attack that to know the plaintext of the current message must be the same as one previously transmitted because their ciphertexts are the same.

  1. CBC Cipher Block Chaining
  2. ECB Electronic Code Book
  3. CFB Cipher Feedback
  4. OFB Output Feedback
  5. CTR Counter
A

ECB Electronic Code Book

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

_____ is a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key.

  1. Session Key
  2. Subkey
  3. Key distribution technique
  4. Ciphertext key
A

Key distribution technique

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Which of the following features can only be provided by publc-key cryptography?

A

Integrity protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

______ attacks have several approaches, all equivalent in effort to factoring the product of two primes.

  1. Mathematical
  2. Brute-force
  3. Chosen cipher
  4. Timing
A

mathematical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

_____ are analogous to a burglar guessing a safe combination by observing how long it takes to turn the dial from number to number.

  1. Digital standards
  2. Mathematical attacks
  3. Ciphertext attacks
  4. Timing attacks
A

Timing attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

______ was the first published public-key algorithm

  1. NIST
  2. Diffie-Hellman
  3. RC4
  4. RSA
A

Diffie-Hellman

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

One problem inherent in public-key infrastructure (PKI) is that not all certificate authorities (CAs) are equally trustworthy.

(T/F)

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

A certificate authority’s X.509 certificate can be used for encrypting email in addition to signing other certificates.

(T/F)

A

False.

signing executable code. An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

When attacking HMAC, the attacker can generate message/code pairs offline, even though the attacker does not know K (the secret key)

(T/F)

A

False.

When attacking HMAC, the attacker cannot generate message/code pairs offline because the attacker does not know K. Therefore, the attacker must observe a sequence of messages generated by HMAC under the same key and perform the attack on these known messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

A Certificate Authority’s public key is not needed to verify a certificate it has issued.

(T/F)

A

False.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

The brute force method of attacking RSA algorithms involves trying all public keys.

(T/F)

A

False.

all private keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

X.509 is used in:

  • IP Security (IPSec)
  • Secure socket layer (SSL)
  • Secure electronic transactions (SET)
  • All of the above
  • None of the above
A

All of the above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Kerberos makes use of a protocol that involves:

  • Clients
  • Application servers
  • a Kerberos server
  • All of the above
A

All of the above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

Which of the following is not true of the p and q in the RSA public key generation algorithm.

  • p cannot equal q
  • the value of M (the message) is not related to p and q
  • sign(n) is not directly dependent on p and q (only being dependent on the public key n)
  • the exponent e is independent of p and q
  • none of the above
A

sign(n) is not directly dependent on p and q (only being dependent on the public key n)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Which of the following are required to be part of a Kerberos realm?

  1. The Kerberos server must share a public key with each server
  2. The Kerberos server must have the user ID and password of all participating users in the database
  3. All servers are registered with the Kerberos server.
A
  1. The Kerberos server must have the user ID and password of all participating users in the database
  2. All servers are registered with the Kerberos server.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

In IPSec, packets can be protected using Encapsulating Security Payloads (ESP) or Authentication Headers (AH) but not both at the same time.

(T/F)

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

In IPSec, if A uses Data Encryption Standard (DES) for traffic from A to B, then B must also uses DES for traffic from B to A.

(T/F)

A

False.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

In IPSec, the sequence number is used for preventing replay attacks.

(T/F)

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Most browsers come equipped with SSL and most Web servers have implemented the protocol.

(T/F)

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

Even web searches have (often) been in HTTPS.

T/F

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

In a wireless network, traffic is broadcasted into the air, and so it is much easier to sniff wireless traffic compared with wired traffic.

(T/F)

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

Compared with Wired Equivalent Privacy (WEP), Wi-Fi Protected Access 2 (WPA2) has more flexible authentication and stronger encryption schemes.

(T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

iOS has no vulnerability

T/F

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

In iOS, each file is encrypted using a unique, per-file key.

T/F

A

True

108
Q

In iOS, an app can run its own dynamic, run-time generated code.

(T/F)

A

False

109
Q

The App Store review process can guarantee that no malicious iOS is allowed into the store for download.

(T/F)

A

False.

110
Q

In iOS, each app runs in its own sandbox

T/F

A

True

111
Q

In Android, all apps have to be reviewed and signed by Google.

(T/F)

A

False.

112
Q

In Android, an app will never be able to get more permission than what the user has approved

(T/F)

A

False.

113
Q

Since Android is open-source, each handset vendor can customize it, and this is good for security

A

False.

114
Q

The more complex and important part of Transport Security Layer (TLS) is the ______.

  • signature
  • message header
  • payload
  • handshake protocol
A

handshake protocol

115
Q

______ is a list that contains the combinations of cryptographic algorithms supported by the client.

  • compression method
  • session ID
  • cipher suite
  • all of the above
A
  • cipher suite
116
Q

Encapsulating Security Payloads (ESP) supports two modes of use: transport and _____.

  • padding
  • tunnel
  • payload
  • sequence
A

tunnel

provides confidentiality, connectionless data integrity, data-origin authentication, an anti-repay service, and limited traffic-flow confidentiality.

117
Q

The benefit of IPSec is _______.

  • that it is below the transport layer and transparent to applications
  • there is no need to revoke keying material when users leave the organization
  • it can provide security for individual users if needed
  • all of the above
A

all of the above

118
Q

The ______ field in the outer IP header indicates whether the association is an Authentication Header (AH) or Encapsulating Security Payloads (ESP) security association.

  • protocol identifier
  • security parameter index
  • IP destination address
  • sequence path counter
A

protocol identifier

119
Q

A _____ is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

A

SYN Flood

SYN is one of 3 TCP handshakes. SYN, SYN-ACK, ACK

120
Q 
SYN spoofing attack targets \_\_\_\_\_.
A. Email service
B. TCP connection table
C. DNS service
D. None of the above
A

TCP connection table.

121
Q

What is a poison packet?
A. A packet that tiggers a bug in the network software and makes it crash.
B. A packet that contains the signature of a virus
C. A packet that infects other packets in the network buffer.
D. A packet that redirects other packets to a malicious target.

A

A. A packet that triggers a bug in the network software and makes it crash.

122
Q

What is a cyber slam?

A

A large number of queries that severely load a server.

123
Q

If an attacker directs a large number of forged requests to a server, what type of attack is being made?

A

SYN spoofing

124
Q

ICMP (Internet Control Message Protocol ) flood attacks remain common because some ICMP packets are critical to normal network behavior and cannot be filtered

(T/F)

A

True

125
Q

What is the difference between a TCP SYN flood attack and a SYN spoofing attack?
A. There is no difference
B. The difference is the volume of kacets
C. SYN spoofing works with UDP only
D. TCP SYN flood attakcs don’t use spoofed source addresses.

A

Ther

TCP SYN flood attacks may or may not use spoofed addresses, but the difference is in the volume of packets sent, meant to overwhelm the server. The SYN spoofing attack is meant to overwhelm the server in sending SYN-ACK messages to spoofed (preferably not invalid) addresses.

126
Q 
What type of attack is based on sending a large number of INVITE requests with spoofed IP addresses to a server?
A. Reflection attack
B. Smurf attack
C. Slashdot attack
D. SIP flood attack
A

SIP flood attack

127
Q

The best defense against a reflection attack is to not allow directed broadcasts to be routed into the network

(T/F)

A

False.

The best defense against a amplification attack is to not allow directed broadcasts to be routed into the network

To defend against a reflection attack, filtering to block spoofed-source packets.

A reflection attack is a method of attacking a challenge-response authentication system that uses the same protocol in both directions. That is, the same challenge-response protocol is used by each side to authenticate the other side. The essential idea of the attack is to trick the target into providing the answer to its own challenge.

128
Q

A characteristic of reflect attacks is the lack of backscatter traffic

(T/F)

A

True.

129
Q

What are some ways to prevent SYN spoofing attacks?
A. use SYN cookies
B. modify the size of the TCP connections table or timeout period
C. impose rate limits on network links
D. use selection or random dropping of TCP table entries.
E. all of the above
F. none of the above

A

All of the above.

130
Q

Slowloris uses a ping flood via ICMP (Internet Control Message Protocol ) echo request packets.

(T/F)

A

False.

Smurf attack uses a ping flood via ICMP echo request packets

Slowloris exploits servers that use multiple threads by sending multiple incomplete connections (by not including the terminating newline sequence) to the server.

131
Q

In a TCP spoofing attack, attacker ideally wishes to use addresses that will not respond to the SYN-ACK with a RST.

(T/F)

A

True

132
Q 
A recursive HTTP flood attack is also known as what?
A. a Fraggle attack
B. a Delayed Binding attack
C. a Spidering attack
D. a SIP flood
A

C. A spidering attack

Bots start from given HTTP link and then follows all links on the provided website in a recursive way. This is also called spidering.

133
Q 
When is comes to defense against attacks one fo the most important principles is what?
A. Authorization
B. Authentication
C. Defense-in-depth
D. Time
A

D. Defense-in-depth

134
Q 
Firewalls are what type of mechanisms?
A. Prevention
B. Botnet
C. Attack
D. None of the above
A

A. Prevention

135
Q

The firewall will enforce different security restrictions on traffic

(T/F)

A

True

136
Q 
A \_\_\_\_\_ is a device that provide secure connectivity between networks.
A. Enterprise intranet
B. Trusted users
C. Firewall
D. DMZ
A

C. Firewall

137
Q 
Firewalls as a prevention mechanism should be designed to enforce what?
A. User safety
B. Security Policy
C. Organizational Policy
D. Public Key Infrastructure
A

B. Security Policy

138
Q

All traffic from internal network to the internet and visa versa (external and out of the network) must pass through the firewall

(T/F)

A

True.

139
Q 
A critical component of planning and implementation of firewall is specifying a suitable \_\_\_\_ policy?
A. Security
B. Access
C. Network
D. Directory
A

Network

140
Q

At a high level the types of traffic that are allowed through the access policy is what?
A. Address ranges (Machines, protocols, the applications and the contents)
B. IPSec & TLS
C. Intranet
D. Defense in depth

A

A. Address ranges

141
Q

Firewalls can log all traffic and can provide Network Address Translation

(T/F)

A

True

142
Q

What is firewall filtering?
A. when policies are defined for the firewall
B. authentication into the system
C. means the firewall decides whether to let the traffic through or not
D. means whether it will allow for a defense in depth strategy to protect the organizations digital assets

A

C. Firewall filtering means the firewall decides whether to let the traffic through or not

143
Q 
Session filtering is based on the context within a session. In order to do this a firewall maintains a session or connection and performs a \_\_\_\_\_\_\_\_.
A. Traffic Block
B. Stateful inspection
C. DMZ re route
D. Virtual Switch
A

B. Stateful inspection

144
Q

In a packet filtering firewall decisions are made on a per packet basis and not by other packets.

(T/F)

A

True

145
Q

The packet filtering firewall applies a list of rules to match the IP or TCP header of a packet and based on the rules match the firewall and then to decide to forward or discard the packet

(T/F)

A

True.

IP or TCP header information that a firewall can use to filter a packet
• Source IP address where the packets from
• Destinations IP address this is the IP for the destination
• Source and destination transport-level address- This defines the port number and applications such as smtp, http
• IP Protocol field this defines TCP , UDP or ICMP (Internet Control Message Protocol)
• Interface this is with three or more ports with which interface the packet came or where it is going to.

146
Q 
What policies for packet filtering firewalls are used?
A. Default discard policy
B. Default forward policy
C. Default isolation policy
D. Default write down policy
A

A. Default discard policy
B. Default forward policy

When there is no rule that matches the packet it will be discarded this is safe procedure but also a hindrance to users who see that some traffic isn’t allowed.

Forward policy is easier to use and manage and use but less secure it just lets all packets in

147
Q

What are the weaknesses to packet filtering?
A. Limited logging functionality
B. Vulnerable to attacks that take advantage of TCP/IP
C. Can’t prevent attacks that employ application specific vulnerabilities or functions
D. Packet filter firewalls are susceptible to security breaches if improperly configured
D. All of the above.

A

All of the above.

148
Q 
Packet Filtering Firewall Countermeasures are which of the following:
A. IP address spoofing
B. Source routing attacks
C. Tiny fragment attack
D. Stateful inspection attack
A

A. IP address spoofing
B. Source routing attacks
C. Tiny fragment attack

149
Q

_______ countermeasure is: enforcing a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header.

A

Tiny Fragment Attack

150
Q

_____ countermeasure discards all packets in which the source destinations specifies to the route

A

Source Routing Attacks

151
Q

______ countermeasure discards packets with an inside source address if the packet arrives on an external interface

A

IP Address Spoofing

152
Q

A major component in the planning and implementation of a firewall is specifying an access policy.

(T/F)

A

True.

153
Q 
A firewall access policy would use which of the following to filter traffic?
A.) IP Address and Protocol values
B.) Application Protocol
C.) User Identity
D.) Network Activity
E.) All of the Above
A

E.) All of the Above

154
Q

A web proxy is a form of application-level gateway

T/F

A

True.

155
Q

Intrusion is what?

A.) Any attack that aims to compromise the security goals of an Organization
B.) Any attack that is hidden from a user
C.) A form of detection which users are able to see everyone on the network
D.) A form of encryption which allows end to end security.

A

A.) Any attack that aims to compromise the security goals of an Organization

156
Q

Intrusion detection systems are part of the defense in depth strategy

(T/F)

A

True

157
Q

Defense in depth strategies should include the following except what?

A.) Encrypting sensitive information
B.) Intrusion detection systems
C.) Detailed audit trails
D.) Strong authentication and authorization controls
E.) Zero day exploits
F.) Actively management of operating systems
G.) Application security

A

Zero day exploits.

Defense in Depth (DiD) is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information.

158
Q

The key design elements for an intrusion detection system is examining network and group activities

(T/F)

A

The key design elements of an intrusion detection system is examining network and user activities

159
Q 
Which of the Components is not part of an Intrusion detection system?
A.) Data preprocessor
B.) Detection Models
C.) Detection Engines
D.) Decision Table
E.) Reporting and Analytics
F.) Decision Engine
A

E.) Reporting and Analytics

160
Q 
An IDS is comprised of three logical components which of the following is not a component:
A.) Analyzers
B.) User interface
C.) Deep Learning
D.) Sensors
A

C. Deep Learning

Sensors are responsible for collecting data

Analyzers receive input from one or more sensors or from other analyzers.

The user interface to an IDS enables a user to view output from the system or control the behavior of the system.

161
Q

In an IDS system the sensors do what?
A.) Determine if an intrusion has occurred
B.) Allow users to view the output of the system
C.) Provide guidance about what actions to take when the intrusion occurs.
D.) Collect and forward information to the analyzer

A

D.) Collect and forward information to the analyzer

162
Q

Analyzers are responsible for determining if an intrusion has occurred.

(T/F)

A

False.

The analyzer output may include evidence supporting the conclusion that an intrusion occurred. The analyzer may provide guidance about what actions to take as a result of the intrusion

163
Q

Intrusion Detection Systems are only allowed to use a single sensor.

(T/F)

A

False.

IDS can use multiple sensors across a range of host and network devices sending information to a centralized analyzer and user interface in a distributed architecture

164
Q

Maintaining Access is backdoor that is hard to detect because it modifies machine level code

(T/F)

A

False.

Object Code Backdoors- This backdoor is hard to detect because it modifies machine code

165
Q

The SNORT system is a signature-based NIDS.

T/F

A

False.

The SNORT system is a rule-based NIDS. A large collection of rules exist for it to detect a wide variety of network attacks.

166
Q

A key limitation of anomaly detection approaches used by many IDS’s is that they are generally only trained with legitimate data.

(T/F)

A

True.

167
Q

The advantages of __________________ anomaly detection include relative simplicity and low computation cost, and lack of assumptions about behavior expected. Disadvantages include difficulty in selecting suitable metrics, and that all behaviors can’t be modeled using this approach.

A. Statistical
B. Knowledge based
C. Machine-learning
D. Heuristic
E. Signature
A

A. Statistical

168
Q

A key disadvantage of _______________ anomaly detection is the significant time and computational resources needed.

A. Statistical
B. Knowledge based
C. Machine-learning
D. Heuristic
E. Signature
A

C. Machine-learning

169
Q

The advantages of ______________ approaches include their robustness and flexibility. A disadvantage is the difficulty and time required and the need for expert assistance.

A. Statistical
B. Knowledge based
C. Machine-learning
D. Heuristic
E. Signature
A

B. Knowledge based

170
Q

Signature detection would be suitable to detect buffer overflows, password guessing, or malware transmission attacks.

(T/F)

A

True

171
Q

Anomaly detection would be suitable to detect policy violation attacks.

(T/F)

A

False

Signature detection is better suited.

172
Q

Signature detection would be suitable to worm attacks.

T/F

A

False.

Anomaly detection is better suited.

173
Q

Anomaly detection would be suitable to detect DoS attacks.

T/F

A

True.

174
Q

Signature detection would be suitable to detect network layer recon attacks, such as spoofed IP addresses or illegal IP header values.

(T/F)

A

True.

175
Q

Signature detection would be suitable to detect unexpected application service attacks, such as a host running an unauthorized service.

(T/F)

A

True

176
Q

Anomaly detection would be suitable to detect transport layer recon and attacks, such as packet fragmentation, port scanning, or SYN floods.

(T/F)

A

False.

Signature detection is better suited.

177
Q

What is unique about Stateful Protocol Analysis?

A. It is primarily used by government organizations.
B. It requires less resource use than other methods
C. It uses predetermined vendor supplied profiles of benign protocol traffic.
D. It measures the state of the system in period time intervals to detect intruder activity.

A

C. It uses predetermined vendor supplied profiles of benign protocol traffic.

A disadvantage is that it requires high resource use.

178
Q

There are two schemes to attack a symmetric encryption scheme. What are they?

A.) Cryptanalysis & Brute-Force attacks
B.) Cryptanalysis & DDoS
C.) Brute-force attack and CipherText
D.) Cryptanalysis & Caesar

A

A.) Cryptanalysis & Brute-Force attacks

179
Q

The most commonly used asymmetric encryption are block ciphers. They are DES, Tripe DES and AES

(T/F)

A

False.

DES, Tripe DES and AES as symmetric encryption algorithms.

180
Q

The two categories of concern about DES fall into two categories. What are they?

A.) 128 bit encryption and the algorithm itself (i.e. its cryptanalysis)
B.) The Key length of 56 bits and 256 bit encryption
C.) The key length of 56 bits and the cryptanalysis of the algorithm
D.) All of the above

A

C.) The key length of 56 bits and the cryptanalysis of the algorithm

181
Q

The main reason most companies go with 3DES is because the algorithm is relatively faster in software compared to normal DES and AES

(T/F)

A

False.

False The principal drawback of 3DES is that the algorithm is relatively sluggish in software.

182
Q

If you want to achieve the highest level of privacy and reliability, it is often best to use a new or unpublished encryption algorithm.

(T/F)

A

False.

In practice, we should always use the widely known and deployed algorithms and standards.

183
Q

A digital envelope is a technique for attaching a one-time key that encrypts a message to the receiver’s public key.

(T/F)

A

True

184
Q

Symmetric Encryption relies on a public and private key meanwhile asymmetric encryption relies on a shared key between two parties.

(T/F)

A

False

185
Q

The primary advantage of a block cipher is that block ciphers are almost always faster and use far less code than do stream ciphers.

(T/F)

A

False.

Source: Text pg 35

Both Block Cipher and Stream Cipher are belongs to the symmetric key cipher. These two block cipher and stream cipher are the methods used for converting the plain text into cipher text.

The main difference between Block cipher and Stream cipher is that block cipher converts the plain text into cipher text by taking plain text’s block at a time. While stream cipher Converts the plaint text into cipher text by taking 1 byte of plain text at a time.

186
Q

All but one of the following situations are examples were Message Authentication confidentiality would not be preferable. Select that situation.

A. When a message or notification is broadcast to many different users.
B. When the receiver is expecting a message from the sender, or when both the user and sender have the same access privileges.
C. When the system for either the sender or recipient are heavily loaded and cannot afford the time to encrypt.
D. When authenticating a computer program, allowing it to execute without having to perform a decryption each time.

A

B. When the receiver is expecting a message from the sender, or when both the user and sender have the same access privileges.

187
Q

Which of the following is not a characteristic that is sought in random (or pseudo random) numbers used in cryptography?

A. The overall distribution of numbers is normal or approximately normal.
B. Values are statistically independent of one another.
C. The sequence is unpredictable.

A

A. The overall distribution of numbers is normal or approximately normal.

The values should be uniformly distributed.

188
Q

It is possible to for a computer chip to use software to generate true random numbers.

(T/F)

A

True.

The Intel DRNG, offered on multi-core chips since 2012, uses thermal noise within the silicon to output a random stream of bits.

189
Q

So called data at rest is often not encrypted, but it should be encrypted.

(T/F)

A

True

190
Q

Under which of the following situations would Message Authentication confidentiality NOT be preferable?

A. Encryption software is slow.
B. Hash functions are irreversible
C. Encryption hardware is not inexpensive.
D. Encryption hardware is geared toward larger data sizes.
E. Encryption algorithms may be patent protected.

A

B. Hash functions are irreversible

191
Q

What are some uses of hash functions?

I. Message encryption 
II. Message authentication 
III. Creating Digital Signatures 
IV. Password encapsulation 
V. Intrusion detection
A. I, II, and III
B. All of the choices
C. I, III, and V
D. II, IV, and V
E. All except I.
F. All except IV.
A

E. All except I.

192
Q

A symmetric cipher is characterized by ciphertext that is the same size as the original plaintext.

(T/F)

A

False

It can be characterized by the use of a shared secret key.

193
Q

For applications such as file transfer, email, and database, a stream cipher may be more appropriate.

(T/F)

A

False

A block cipher may be more appropriate for applications that deal with large blocks of data. Stream ciphers may be more appropriate for data in web browsers or data communications channels.

194
Q

A number of attacks against RC4 have been published, but if a large enough key is used, none of those attacks are practical.

(T/F)

A

True

195
Q

RC4 is a very fast and simple to explain, and it allows for variable key lengths.

(T/F)

A

True

196
Q

Which of the following is not among the ways two users can arrange to exchange keys?

A. If the two parties have recently used a key, they can transmit the old key, using the new key to encrypt.
B. A third party could physically deliver the key to the second party.
C. If the two parties have an encrypted connection to a third party, the third party can deliver the key.
D. None of the above answers are correct.

A

A. If the two parties have recently used a key, they can transmit the old key, using the new key to encrypt.

197
Q

Which of the following defines a Session Key?

A. A key used between entities for the purpose of distributing keys.
B. A one-time key used to communicate between two end systems.
C. The authority that determines which systems are allowed to communicate with each other.
D. A shared key that is used in Asymmetric encryption standards such as RSA.

A

B. A one-time key used to communicate between two end systems.

198
Q

How can 3DES be used to decrypt DES encrypted ciphertext?

A. By setting Key1 = Key2 and Key3 = Key_DES
B. By setting Key1 = Key2 = Key3 = Key_DES
C. By setting Key3 = Key_DES
D. By setting Key1 = Key3 and Key2 = Key_DES.

A

A. By setting Key1 = Key2 and Key3 = Key_DES

199
Q

In a public-key system using RSA, you intercept the ciphertext C=10 sent to a user whose public key is e=5, n=35. What is the plaintext M (as an integer)?

A. 50
B 25
C. 17
D. 30
E. 5
A

B

n=35, so p = 7 and q = 5, so phi(n) = 6x4 = 24, so d = e^-1 mod phi(n) = 5, since 5x5 = 25 = 1 mod 24, M = C^d (mod N) = 10^5 mod 35 = 25

200
Q

Consider a Diffie-Hellman scheme with a common prime q=11 and a primitive root α=2. If user A has public key YA=9, what is A’s private key XA?

A. 6
B. 4
C. 10
D. 5
E. 2
A

A

YA = 2^x mod 11 = 9, by inspection, 2^6 = 64 mod 11 = 9, so x = 6 = private key

201
Q

The structure and functions used in SHA-1 and SHA-2 are substantially different from those used in SHA-3.

A

True

202
Q

The CTR cipher block mode does not have which of the following advantages listed, according to the text?

A. Simplicity
B. Preprocessing capability
C. Software efficiency
D. Hardware efficiency
E. Scalability
F. Random Access capability
G. Provable Security
A

E. Scalability

203
Q

It is possible to convert any block cipher into a stream cipher.

(T/F)

A

True

Using the Cipher Feedback Mode

204
Q

AES is a Feistel cipher.

T/F

A

False

205
Q

The primary advantage of a block cipher is that block ciphers are almost always faster than stream ciphers.

(T/F)

A

False

206
Q

What is the main reason 3DES uses an encrypt-decrypt-encrypt sequence?

A. It makes it more difficult to crytanalyze by eavesdroppers.
B. It is faster than encrypt-encrypt-encrypt would be.
C. It can decrypt DES encrypted messages.
D It is easier to use with cipher block chaining.

A

C. It can decrypt DES encrypted messages.

207
Q

Which of the following is not a mode of operation used in Cipher blocks?

A. Random Bit Optimization
B. Electronic Code Book
C. Cipher Feedback
D. Output Feedback
E. Counter
A

A. Random Bit Optimization

208
Q

Which of the following is the weakest form of attack?

A. Chosen Plaintext
B. Chosen Ciphertext
C Known Plaintext
D Ciphertext Only
E. Chosen Text
A

D Ciphertext Only

209
Q

What is RC4?

A. A stream cipher.
B. A symmetric block cipher
C An asymmetric block cipher.
D. A set of standards used in Internet encryption

A

A. A stream cipher.

210
Q

CTR mode is used for timing, for example, to ensure that encrypted streams remain in sync with one another.

(T/F)

A

False.

In this mode, both the sender and receiver need to access to a reliable counter, which computes a new shared value each time a ciphertext block is exchanged.

211
Q

What operation does the Diffie-Hellman algorithm use as a one way function?

A. Discrete exponentiation
B. Elliptical Key Cryptography.
C. Discrete logarithms
D. Hashing functions.

A

C. Discrete logarithms

212
Q

OCB offers Authenticated Encryption (T/F?).

It used 3DES to encrypt messages. (T/F?)

Its structure is similar to ECB mode, which makes it vulnerable to repeated messages. (T/F?)

It uses the same key for authentication and encryption. (T/F?)

A

True
False (OCB uses AES)
False (while it’s structure is similar to ECB, it uses an offset xor’ed with PT in each block)
True

OCB mode (Offset Codebook Mode) is an authenticated encryption mode of operation for cryptographic block ciphers.

213
Q

The MD5 hash function, despite being susceptible to the birthday attack, is suitable for HMAC.

(T/F)

A

True

214
Q

RSA can be used for both encryption and key exchange, but DSS (digital signature standard) cannot.

(T/F)

A

True

215
Q

If someone finds an efficient way to factor large integers, then AES (advanced encryption standard) will be obsolete.

(T/F)

A

False

216
Q

The Certification Authority is responsible for generating the public keys.

(T/F)

A

False

217
Q

HMAC treats the SHA function as a black box. What benefits does this have?

I. The hash algorithm used in HMAC is hidden from hackers.
II. It is easy to replace the given hash function.
III. HMAC code can be prepackaged and ready to use without modification.

A. I and II
B. I and III
C. II and III
D. I, II, and III

A

II. It is easy to replace the given hash function.

III. HMAC code can be prepackaged and ready to use without modification.

218
Q

Using the Pigeonhole Principle, given that a hash can take an input of any size and output a value of fixed size, then it should have collisions.

(T/F)

A

(T/F)

219
Q

The Pigeonhole Principle can be used as a counterexample to the Collision Resistance property of hashes.

(T/F)

A

False.

While the Pigeonhole Principle says there exist collisions, the collision resistance property says that it is computationally infeasible to find them. So even though collisions exist, they are hard to find, thus keeping the collision resistance property of hashes intact.

220
Q

From the birthday “paradox”, if the length of the hash is x bits, then a hacker would have to search 2^(x/2) messages in order to find a collision. In doing so, what is the probability, approximately, that the hacker will find a collision?

A. nearly 100%
B. about 75%
C. about 66%
D. about 50%
E. about 25%
F. less than 25%
A

D. about 50%

The approximate 2^(n/2) = sqrt(2^n) gives the probability of about 50% that the hacker will find at least 1 match.

So it’s misleading to say that the hacker would have to search 2^(n/2) messages to “find a match”. This would only give the hacker better than 50% chance of finding it without some more strategic choices.

221
Q

SHA-1 allows message sizes as large as 2 terabytes.

T/F

A

True.

That’s quite an understatement, though. SHA-1 holds messages up to 2^64 bits, which is a (2^21)*(2^43), , so the answer is more like up to a 2 million terabytes. And SHA-384 and SHA-512 accept messages of that size squared! (2^128)

222
Q

A truly ideal hash function should be nondeterministic.

T/F

A

False.

You want to be able to always get the same hash for a given input, hence, it must be deterministic.

223
Q

What is the main advantage of ECC compared to RSA?

A. Its technique is not as difficult to explain.
B. Hackers have not shown interest in it.
C. Its theory has been around for a long time.
D. It offers equal security with smaller key size.

A

D. It offers equal security with smaller key size.

(A and B are the opposite of being true, and C is a true statement, but it’s not relevant her- e.

224
Q

Diffie-Hellman Key Exchange is, on its own, completely vulnerable to a man in the middle attack.

(T/F)

A

True

It is vulnerable because it does not authenticate the participants.

225
Q

In attacks on RSA, it has been demonstrated that if the public key d is less than n and the private key d is less than the fourth root of n, then d can be “easily determined”.

(T/F)

A

True.

226
Q

According to the text, the largest product of primes that has been factored to date was over 200 decimal digits long.

(T/F)

A

True.

In fact, it was 232 digits long, and that was done in late 2009.

227
Q

All hash functions operate using these two principles: (select two)

I. The size of the input is greater than the size of the output
II. The input is viewed as a sequence of n-bit blocks.
III. The input value is “randomized” to overcome regularities.
IV. Ciphertext does not change when blocks are permuted.
V. Input is processed one block at a time in an iterative fashion.

A. I and II
B. I and III
C. II and III
D. II and V
E. III and IV
F. III and V
A

II. The input is viewed as a sequence of n-bit blocks.

V. Input is processed one block at a time in an iterative fashion.

228
Q

SHA-512 is more efficient than SHA-256 on many 64-bit systems.

(T/F)

A

True

229
Q

SHA-512 makes use of constants derived from the first 64 bits of fractional parts of cube roots of the first 80 (one for each round) prime numbers.

(T/F)

A

True

230
Q

A longitudinal redundancy check is reasonably effective for random data as a data integrity check. It uses which bitwise function?

A

XOR

231
Q

What are the principal elements of a Kerberos system?

I. AS
II. TGT
III. TGS

A. I, II, and III
B. I and II only
C. I and III only
D. II and III only

A

I. AS

III. TGS

232
Q

What of the following are steps Kerberos uses to ensure security and authentication?

A. It includes a timestamp to prevent replay attacks.
B. It sets a lifetime on TGTs.
C. It uses short-lived authenticators encrypted with session keys.
D. It encrypts the TGT with the server key to prevent alteration.
E. All of the above

A

E. All of the above

233
Q

What is an authenticator, as used by Kerberos?

A. A software application that verifies a user’s identity.
B. An encrypted message which contains the ID, the address of the user, and a timestamp.
C. An application that creates a one-time password that authenticates a user.
D. A server which contains the IP, user ID, and user password, used for authentication.
E. None of the above.

A

B. An encrypted message which contains the ID, the address of the user, and a timestamp.

234
Q

The Authentication Server holds a copy of symmetric keys for all clients and servers.

(T/F)

A

True

235
Q

The TGT includes a key (“ticket”) that gives the client access to the requested service.

(T/F)

A

False

236
Q

The user cannot read the TGT, she only passes it forward along with other information, to the TGS.

(T/F)

A

True

237
Q

The set of keys and and user ID’s / passwords in a Kerberos network (i.e., a full-service Kerberos environment consisting of a Kerberos server, a number of clients, and a number of application servers) are known as ______________.

A. a realm.
B. a session.
C. a dictionary.
D. an organization
E. a Kerberos policy.
A

A. a realm.

238
Q

PKI is defined as the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on symmetric cryptography.

A

False

Change symmetric to asymmetric, and it’s true!

239
Q

Which of the following is not a long-known problem with the X-509 PKI model?

A. There is not a standardized set of trust stores used by all browsers and operating systems.
B. The user is sometimes relied upon to make an informed decision regarding certificate trust.
C. All CA’s in the trust store are assumed to be equally trusted, well managed, and applying equal policies.
D. The trust certificates shared in the trust store are not encrypted.

A

D. The trust certificates shared in the trust store are not encrypted.

240
Q

What is a trust store?

A. A database of IP addresses of known trusted servers.
B. A list of CA’s and their public keys.
C. A CA that issues authentication certificates.
D. A single internationally specified hierarchy of government regulated CAs.

A

B. A list of CA’s and their public keys.

241
Q

The Certification Authority is responsible for generating the public keys.

(T/F)

A

False

242
Q

Kerberos provides both authentication and access control.

T/F

A

True

243
Q

How does Trudy, the (wo)man in the middle, initiate a mutual authentication reflection attack between two users, Bob and Alice?

A. She tricks Bob into sharing Alice’s public key with her.
B. She tricks Bob into solving a challenge response from Alice.
C. She tricks Alice into sending her challenge twice.
D. She simply re-sends the challenge response that she intercepted from Alice, back to her.

A

B. She tricks Bob into solving a challenge response from Alice.

244
Q

What is a major shortcoming of using a pairwise key exchange based on a shared secret (key)?

A. It does not scale well.
B. It lacks computational security.
C. Session keys expire after a set time.
D. It is vulnerable to the man in the middle attack.

A

A. It does not scale well.

245
Q

In Kerberos, the localhost must store the user’s password (or password hash) after retrieving the session key from the key distribution center.

(T/F)

A

False.

246
Q

What are some reasons a user would revoke a certificate before it expires?

I. A key has been compromised.
II. Upgrades require a new key.
III. The key has been duplicated.

A. I, II, and III
B. I and II only
C. II and III only
D. I and III only
E I only
A

B. I and II only

I. A key has been compromised.
II. Upgrades require a new key.

247
Q

Conventional X.509 certifications have validity periods of months to years.

(T/F)

A

True.

248
Q

What is the main difference between signed data and clear signed data?

A. Signed data allows users without S/MIME capability to view message content, but clear signed data does not.
B. Clear signed data uses base 64 encoding, signed data uses does not.
C. Clear signed data is not authenticated, signed data is.
D. Clear signed data allows users to use PKI, signed data requires users to apply a private key.
E. None of the above are correct.

A

E. None of the above are correct.

If you switch clear signed data and signed data in answer A, it would be correct. ; )

249
Q

What is radix 64 encoding (aka base 64 encoding)?

A. Encryption that is optimized for use with 64 bit computers.
B. Encoding that uses binary logarithmic functions (radix base 2) to map input to output values.
C. Encoding that maps binary data to ASCII characters.
D. Encoding that encrypts a message using the receiver’s 64 bit private key.
E. None of the above are correct.

A

C. Encoding that maps binary data to ASCII characters.

250
Q

The basic tool that permits the wide scale use of S/MIME is a pseudo random key generator.

(T/F)

A

False

The tool is a public key certificate that conforms to X509v3 standards.

251
Q

TLS sessions avoid the need for updating security parameters for each connection.

(T/F)

A

True

252
Q

Why is a random parameter sent along with client_hello message during phase 1 of a TLS handshake?

A. It is used as a nonce which is combined with a security key.
B. It prevents an eavesdropper from replaying the message.
C. It is used to to exchange a key using the Diffie-Hellman protocol.
D. It is sent to confuse bots to prevent a DDoS attack.
E. It is part of legacy code, sent to allow back compatibility.

A

B. It prevents an eavesdropper from replaying the message.

253
Q

The Heartbleed vulnerability was due to a design flaw that was discovered in the TLS specification.

(T/F)

A

False

It was due to a programming mistake in the commonly-used OpenSSL library.

254
Q

Which of the following statements concerning benefits of IPSec is false?

A. IPSec is transparent to applications.
B. No need to train users.
C. IPSec can ensure that a routing update is forged.
D. IPSec can ensure that a routing advertisement comes from an authorized router.

A

C

It can ensure the update is not forged, i.e., that it is authentic.

255
Q

When ESP is used in IPSec transport mode, the packet payload and ESP trailer are encrypted, but the ESP header is not encrypted.

(T/F)

A

True

The header gives security information such as which algorithm or secret key was used.

256
Q

The Security Policy Database and the Security Association Database are maintained in separate tables.

(T/F)

A

True

257
Q

The SA is a two-way relationship between a sender and receiver, defined by IPSec parameters.

(T/F)

A

False

It is a one-way relationship – one SA for inbound traffic, and another for outbound traffic.

258
Q

In default mode, if a pre-shared key is compromised during phase 2 of Internet Key Exchange, then all IPSec keys previously computed are compromised.

(T/F)

A

True

If perfect forward security is required, then for each IPSec SA, the shared key along with new public components from Diffie-Hellman and new nonce values are used, protecting previously generated keys.

259
Q

Which IPSec mode offers end-to-end security protection?

A. ESP Mode
B. IKE Mode
C. Tunnel Mode
D. TLS Mode
E. Transport Mode
A

E. Transport Mode

260
Q

Multiple IPSec SAs can be established with one IKE SA.

T/F

A

True

261
Q

Which is the main reason a cookie is sent during Phase 1 of IKE?

A. To authenticate the users
B. To store log in credentials for the session.
C. To help prevent DoS attacks.
D. To store header information, such as time stamp, a nonce, and the user’s public key.

A

C. To help prevent DoS attacks.

262
Q

Adding firewall policies to limit the scope of data and application access for all mobile devices, as well as setting up IDS and IPS configured to have tighter rules for mobile device traffic is:

A. Device security
B. Traffic security
C. Barrier security
D None of the above

A

C. Barrier security

263
Q

Using Virtual Private Network(VPN) configured so that all traffic between mobile devices and the organization’s network is an example of:

A. Device security
B. Traffic security
C. Barrier security
D None of the above

A

B. Traffic security

264
Q

What are the main threats to wireless transmission?

I. Eavesdropping 
II. Disrupted transmissions
 III. Message integrity attacks 
IV. Signal attenuation attacks 
V. Masquerade channel attacks
A. I and II
B. I, III, and V
C. II, III, and IV
D. I, II, III, IV, and V
E. none of the above
A

I. Eavesdropping
II. Disrupted transmissions
III. Message integrity attacks

265
Q

The main threat to wireless access points is disruption.

T/F

A

The main threat is unauthorized access to the network.

266
Q

Configuring routers to use MAC authentication will block unauthorized access to the network.

(T/F)

A

MAC addresses can be spoofed, so this is just one element of a defense in depth strategy.

CS 6035 - Exam 2 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions