Network Security Essentials Applications and Standards 4e ALL Tests SOLUTIONS AT THE END OF FILE

Exam
Name___________________________________
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
1) With the introduction of the computer the need for automated tools for protecting files and other 1)
information stored on the computer became evident.
2) There is a natural tendency on the part of users and system managers to perceive little benefit from 2)
security investment until a security failure occurs.
3) There are clear boundaries between network security and internet security. 3)
4) The CIA triad embodies the fundamental security objectives for both data and for information and 4)
computing services.
5) In developing a particular security mechanism or algorithm one must always consider potential 5)
attacks on those security features.
6) A loss of confidentiality is the unauthorized modification or destruction of information. 6)
7) Patient allergy information is an example of an asset with a moderate requirement for integrity. 7)
8) The more critical a component or service, the higher the level of availability required. 8)
9) Data origin authentication provides protection against the duplication or modification of data 9)
units.
10) The emphasis in dealing with passive attacks is on prevention rather than detection. 10)
11) Data integrity is the protection of data from unauthorized disclosure. 11)
12) Information access threats exploit service flaws in computers to inhibit use by legitimate users. 12)
13) Viruses and worms are two examples of software attacks. 13)
14) A connection-oriented integrity service deals with individual messages without regard to any 14)
larger context and generally provides protection against message modification only.
15) Pervasive security mechanisms are not specific to any particular OSI security service or protocol 15)
layer.
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
16) _________ security consists of measures to deter, prevent, detect, and correct security violations 16)
that involve the transmission of information.
A) Internet B) Computer C) Network D) Intranet
1
17) Verifying that users are who they say they are and that each input arriving at the system came from 17)
a trusted source is _________ .
A) accountability B) authenticity C) integrity D) confidentiality
18) __________ assures that systems work promptly and service is not denied to authorized users. 18)
A) Availability B) Integrity
C) System integrity D) Data confidentiality
19) __________ assures that a system performs its intended function in an unimpaired manner, free 19)
from deliberate or inadvertent unauthorized manipulation of the system.
A) System integrity B) Availability
C) Data confidentiality D) Privacy
20) The security goal that generates the requirement for actions of an entity to be traced uniquely to that 20)
entity is _________ .
A) authenticity B) privacy C) accountability D) integrity
21) __________ attacks attempt to alter system resources or affect their operation. 21)
A) Active B) Release of message content
C) Traffic analysis D) Passive
22) A __________ takes place when one entity pretends to be a different entity. 22)
A) masquerade B) passive attack
C) replay D) modification of message
23) X.800 defines _________ as a service that is provided by a protocol layer of communicating open 23)
systems and that ensures adequate security of the systems or of data transfers.
A) integrity B) security service C) replay D) authenticity
24) _________ is a professional membership society with worldwide organizational and individual 24)
membership that provides leadership in addressing issues that confront the future of the Internet
and is the organization home for the groups responsible for Internet infrastructure standards,
including the IETF and the IAB.
A) ITU-T B) ISOC C) ISO D) FIPS
25) The protection of data from unauthorized disclosure is _________ . 25)

A) nonrepudiation B) data confidentiality
C) access control D) authentication
26) __________ is a U.S. federal agency that deals with measurement science, standards, and 26)
technology related to U.S. government use and to the promotion of U.S. private sector innovation.
A) NIST B) ISO C) ITU-T D) ISOC
27) The prevention of unauthorized use of a resource is __________ . 27)

A) data confidentiality B) authentication
C) access control D) nonrepudiation
28) The __________ service addresses the security concerns raised by denial-of-service attacks. 28)
A) routing control B) availability C) event detection D) integrity
2
29) _________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. 29)
A) Routing control B) Traffic padding
C) Authentication exchange D) Notarization
30) _________ is a variety of mechanisms used to assure the integrity of a data unit or stream of data 30)
units.
A) Data integrity B) Authentication exchange
C) Event detection D) Trusted functionality
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
31) _________ is defined as "the protection afforded to an automated information system in 31)
order to attain
the applicable objectives of preserving the integrity, availability, and confidentiality of
information system resources".
32) Three key objectives that are at the heart of computer security are: confidentiality, 32)
availability, and _________ .
33) An intelligent act that is a deliberate attempt to evade security services and violate the 33)
security policy of a system is an __________ .
34) A loss of _________ is the disruption of access to or use of information or an information 34)
system.
35) __________ is the use of mathematical algorithms to transform data into a form that is not 35)
readily intelligible, in which the transformation and subsequent recovery of the data
depend on an algorithm and zero or more encryption keys.
36) Student grade information is an asset whose confidentiality is considered to be highly 36)
important by students and, in the United States, the release of such information is
regulated by the __________.
37) A possible danger that might exploit a vulnerability, a _________ is a potential for 37)
violation of security which exists when there is a circumstance, capability, action, or event
that could breach security and cause harm.
38) A __________ attack attempts to learn or make use of information from the system but does 38)
not affect system resources.
39) The common technique for masking contents of messages or other information traffic so 39)
that opponents, even if they captured the message, could not extract the information from
the message is _________ .
40) Active attacks can be subdivided into four categories: replay, modification of messages, 40)
denial of service, and __________ .
41) X.800 divides security services into five categories: authentication, access control, 41)
nonrepudiation, data integrity and __________ .
3
42) In the context of network security, _________ is the ability to limit and control the access to 42)
host systems and applications via communications links.
43) The __________ is a worldwide federation of national standards bodies that promote the 43)
development of standardization and related activities with a view to facilitating the
international exchange of goods and services and to developing cooperation in the spheres
of intellectual, scientific, technological, and economic activity.
44) __________ prevents either sender or receiver from denying a transmitted message; when a 44)
message is sent the receiver can prove that the alleged sender in fact sent the message and
when a message is received the sender can prove that the alleged receiver in fact received
the message.
45) A __________ is data appended to, or a cryptographic transformation of, a data unit that 45)
allows a recipient of the data unit to prove the source and integrity of the data unit and
protect against forgery.
46) Public-key encryption is also referred to as conventional encryption, secret-key, or single-key 46)
encryption.
47) The advantage of a block cipher is that you can reuse keys. 47)
48) Ciphertext is the scrambled message produced as output. 48)
49) The security of symmetric encryption depends on the secrecy of the algorithm, not the secrecy of 49)
the key.
50) The ciphertext-only attack is the easiest to defend against because the opponent has the least 50)
amount of information to work with.
51) The Feistel structure is a particular example of the more general structure used by all symmetric 51)
block ciphers.
52) Smaller block sizes mean greater security but reduced encryption/decryption speed. 52)
53) The essence of a symmetric block cipher is that a single round offers inadequate security but that 53)
multiple rounds offer increasing security.
54) Triple DES was first standardized for use in financial applications in ANSI standard X9.17 in 1985. 54)
55) The most commonly used symmetric encryption algorithms are stream ciphers. 55)
56) The principal drawback of 3DES is that the algorithm is relatively sluggish in software. 56)
57) AES uses a Feistel structure. 57)
4
58) Random numbers play an important role in the use of encryption for various network security 58)
applications.
59) The primary advantage of a stream cipher is that stream ciphers are almost always faster and use 59)
far less code than do block ciphers.
60) One desirable property of a stream cipher is that the ciphertext be longer in length than the 60)
plaintext.
61) A symmetric encryption scheme has _________ ingredients. 61)

A) four B) five C) three D) six
62) _________ is the original message or data that is fed into the algorithm as input. 62)
A) DES B) Ciphertext C) Encryption key D) Plaintext
63) _________ mode requires only the implementation of the encryption algorithm and not the 63)
decryption algorithm.
A) CTR B) CBC C) DKS D) ECB
64) A __________ processes the input elements continuously, producing output one element at a time, 64)
as it goes along.
A) keystream B) stream cipher C) cryptanalysis D) block cipher
65) If both sender and receiver use the same key the system is referred to as _________ encryption. 65)
A) symmetric B) public-key C) asymmetric D) two-key
66) If the sender and receiver each use a different key the system is referred to as __________ 66)
encryption.
A) secret-key B) asymmetric C) conventional D) single-key
67) A _________ approach involves trying every possible key until an intelligible translation of the 67)
ciphertext into plaintext is obtained.
A) brute-force B) triple DES C) block cipher D) computational
68) With the ________ mode if there is an error in a block of the transmitted ciphertext only the 68)
corresponding plaintext block is affected.
A) ECB B) CTS C) CBC D) TSR
69) The most common key length in modern algorithms is ________ . 69)
A) 128 bits B) 32 bits C) 256 bits D) 64 bits
70) A ________ takes as input a source that is effectively random and is often referred to as an entropy 70)
source.
A) PSRN B) PRNG C) TRNG D) PRF
71) A symmetric block cipher processes _________ of data at a time. 71)

A) four blocks B) one block C) two blocks D) three blocks
5
72) In _________ mode a counter equal to the plaintext block size is used. 72)
A) CBC B) ECB C) CFB D) CTR
73) The _________ algorithm performs various substitutions and transformations on the plaintext. 73)
A) codebook B) cipher C) keystream D) encryption
74) If the analyst is able to get the source system to insert into the system a message chosen by the 74)
analyst, a _________ attack is possible.
A) known plaintext B) ciphertext only
C) chosen ciphertext D) chosen plaintext
75) The _________ key size is used with the Data Encryption Standard algorithm. 75)
A) 128 bit B) 56 bit C) 32 bit D) 168 bit
76) The _________ algorithm takes the ciphertext and the same secret key and produces the 76)
original plaintext.
77) A _________ cipher processes the plaintext input in fixed sized blocks and produces a 77)
block of ciphertext of equal size for each plaintext block.
78) With the use of symmetric encryption, the principal security problem is maintaining the 78)
secrecy of the _________ .
79) Three broad categories of cryptographic algorithms are commonly used to create PRNGs: 79)
Asymmetric ciphers, Hash functions and message authentication codes, and ___________ .
80) The process of attempting to discover the plaintext or key is known as _________ . 80)
81) An encryption scheme is __________ if the cost of breaking the cipher exceeds the value of 81)
the encrypted information and/or the time required to break the cipher exceeds the useful
lifetime of the information.
82) The three most important symmetric block ciphers are: triple DES (3DES), the Advanced 82)
Encryption Standard (AES), and the ___________ .
83) The ________ source is drawn from the physical environment of the computer and could 83)
include things such as keystroke timing patterns, disk electrical activity, mouse
movements, and instantaneous values of the system clock.
84) A PRNG takes as input a fixed value called the ________ and produces a sequence of 84)
output bits using a deterministic algorithm.
85) __________ is a stream cipher used in the Secure Sockets Layer/Transport Layer Security 85)
standards that have been defined for communication between Web browsers and servers
and is also used in WEP and WPA protocols.
6
86) In the _________ mode the input to the encryption algorithm is the XOR of the current 86)
plaintext block and the preceeding ciphertext block; the same key is used for each block.
87) Also referred to as conventional encryption, secret-key, or single-key encryption, 87)

_________ encryption was the only type of encryption in use prior to the development of
public-key encryption in the late 1970's.
88) Two requirements for secure use of symmetric encryption are: sender and receiver must 88)
have obtained copies of the secret key in a secure fashion and a strong __________ is
needed.
89) All encryption algorithms are based on two general principles: _________, in which each 89)
element in the plaintext is mapped into another element, and transposition, in which
elements in the plaintext are rearranged.
90) Many symmetric block encryption algorithms including DES have a structure first 90)
described by _________ of IBM in 1973.
91) Public key algorithms are useful in the exchange of conventional encryption keys. 91)
92) Private key encryption is used to produce digital signatures which provide an enhanced form of 92)
message authentication.
93) The strength of a hash function against brute-force attacks depends solely on the length of the hash 93)
code produced by the algorithm.
94) The two important aspects of encryption are to verify that the contents of the message have not 94)
been altered and that the source is authentic.
95) In the ECB mode of encryption if an attacker reorders the blocks of ciphertext then each block will 95)
still decrypt successfully, however, the reordering may alter the meaning of the overall data
sequence.
96) Message encryption alone provides a secure form of authentication. 96)
97) Because of the mathematical properties of the message authentication code function it is less 97)
vulnerable to being broken than encryption.
98) In addition to providing authentication, a message digest also provides data integrity and performs 98)
the same function as a frame check sequence.
99) Cryptographic hash functions generally execute slower in software than conventional encryption 99)
algorithms such as DES.
100) The main advantage of HMAC over other proposed hash based schemes is that HMAC can be 100)
proven secure, provided that the embedded hash function has some reasonable cryptographic
strengths.
7
101) Public key algorithms are based on mathematical functions rather than on simple operations on bit 101)
patterns.
102) The private key is known only to its owner. 102)
103) The security of the Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to 103)
calculate exponentials modulo a prime, it is very easy to calculate discrete logarithms.
104) The key exchange protocol is vulnerable to a man-in-the-middle attack because it does not 104)
authenticate the participants.
105) Even in the case of complete encryption there is no protection of confidentiality because any 105)
observer can decrypt the message by using the sender's public key.
106) ________ protects against passive attack (eavesdropping). 106)

A) SCR B) Message authentication
C) Encryption D) Obfuscation
107) The most important hash function is ________ . 107)

A) MAC B) ECB C) SHA D) OWH
108) __________ is a procedure that allows communicating parties to verify that received messages are 108)
authentic.
A) Encryption B) Message authentication
C) Passive attack D) ECB
109) If the message includes a _________ the receiver is assured that the message has not been delayed 109)
beyond that normally expected for network transit.
A) shared key B) timestamp
C) error detection code D) sequence number
110) The purpose of a ___________ is to produce a "fingerprint" of a file, message, or other block of data. 110)
A) public key B) message authentication
C) cipher encryption D) hash function
111) It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). A hash function with 111)
this property is referred to as __________ .
A) collision resistant B) preimage resistant
C) one-way D) weak collision resistant
112) "It is easy to generate a code given a message, but virtually impossible to generate a message given 112)
a code" describes the __________ hash function property.
A) collision resistant B) strong collision resistant
C) preimage resistant D) second preimage resistant
8
113) The __________ property protects against a sophisticated class of attack known as the birthday 113)
attack.
A) collision resistant B) one-way
C) preimage resistant D) second preimage resistant
114) Secure Hash Algorithms with hash value lengths of 256, 384, and 512 bits are collectively known as 114)
_________ .
A) SHA-3 B) SHA-1 C) SHA-0 D) SHA-2
115) Public key cryptography is __________ . 115)

A) asymmetric B) one key C) symmetric D) bit patterned
116) The readable message or data that is fed into the algorithm as input is the __________ . 116)
A) encryption algorithm B) plaintext
C) private key D) ciphertext
117) The key used in conventional encryption is typically referred to as a _________ key. 117)
A) cipher B) secret C) primary D) secondary
118) The most widely accepted and implemented approach to public-key encryption, _________ is a 118)
block cipher in which the plaintext and ciphertext are integers between 0 and n - 1 for some n.
A) SHA B) CTR C) RSA D) MD5
119) The purpose of the _________ algorithm is to enable two users to exchange a secret key securely 119)
that then can be used for subsequent encryption of messages and depends on the difficulty of
computing discrete logarithms for its effectiveness.
A) DSS B) Diffie-Hellman
C) Rivest-Adleman D) RSA
120) Based on the use of a mathematical construct known as the elliptic curve and offering equal 120)
security for a far smaller bit size, __________ has begun to challenge RSA.
A) RIPE-160 B) DSS C) ECC D) TCB
121) Protection against active attack (falsification of data and transactions) is known as 121)
___________ .
122) The __________ property is the "one-way" property and is important if the authentication 122)
technique involves the use of a secret value.
123) The __________ approach has two advantages: it provides a digital signature as well as 123)
message authentication and it does not require the distribution of keys to communicating
parties.
124) Like the MAC, a __________ accepts a variable size message M as input and produces a 124)
fixed size message digest H(M) as output. Unlike the MAC, it does not take a secret key as
input.
9
125) The __________ property guarantees that it is impossible to find an alternative message 125)
with the same hash value as a given message thus preventing forgery when an encrypted
hash code is used.
126) As with symmetric encryption there are two approaches to attacking a secure hash 126)
function: brute-force attack and ___________ .
127) The two most widely used public key algorithms are RSA and _________ . 127)
128) The _________ was developed by NIST and published as a federal information processing 128)
standard in 1993.
129) __________ is a term used to describe encryption systems that simultaneously protect 129)
confidentiality and authenticity (integrity) of communications.
130) The key algorithmic ingredients of __________ are the AES encryption algorithm, the CTR 130)
mode of operation, and the CMAC authentication algorithm.
131) The __________ algorithm accepts the ciphertext and the matching key and produces the 131)
original plaintext.
132) A __________ is when the sender "signs" a message with its private key, which is achieved 132)
by a cryptographic algorithm applied to the message or to a small block of data that is a
function of the message.
133) A _________ is when two sides cooperate to exchange a session key. 133)
134) Using an algorithm that is designed to provide only the digital signature function, the 134)
_________ makes use of the SHA-1 and cannot be used for encryption or key exchange.
135) Bob uses his own private key to encrypt the message. When Alice receives the ciphertext 135)
she finds that she can decrypt it with Bob's public key, thus proving that the message must
have been encrypted by Bob. No one else has Bob's private key and therefore no one else
could have created a ciphertext that could be decrypted with Bob's public key. Therefore
the entire encrypted message serves as a _________ .
136) For symmetric encryption to work the two parties to an exchange must share the same key, and 136)
that key must be protected from access by others.
137) It is not necessary for a certification authority to maintain a list of certificates issued by that CA that 137)
were not expired but were revoked.
138) A session key is destroyed at the end of a session. 138)
139) Kerberos relies exclusively on asymmetric encryption and makes use of public key encryption. 139)
10
140) The automated key distribution approach provides the flexibility and dynamic characteristics 140)
needed to allow a number of users to access a number of servers and for the servers to exchange
data with each other.
141) If an opponent captures an unexpired service granting ticket and tries to use it they will be denied 141)
access to the corresponding service.
142) The ticket-granting ticket is encrypted with a secret key known only to the authentication server 142)
and the ticket granting server.
143) If the lifetime stamped on a ticket is very short (e.g., minutes) an opponent has a greater 143)
opportunity for replay.
144) Kerberos version 4 did not fully address the need to be of general purpose. 144)
145) One of the major roles of public-key encryption is to address the problem of key distribution. 145)
146) It is not required for two parties to share a secret key in order to communicate securely with 146)
conventional encryption.
147) X.509 is based on the use of public-key cryptography and digital signatures. 147)
148) User certificates generated by a CA need special efforts made by the directory to protect them from 148)
being forged.
149) The principal underlying standard for federated identity is the Security Assertion Markup 149)
Language (SAML) which defines the exchange of security information between online business
partners.
150) Federated identity management is a concept dealing with the use of a common identity 150)
management scheme across multiple enterprises and numerous applications and supporting many
thousands, even millions, of users.
151) A _________ is a key used between entities for the purpose of distributing session keys. 151)
A) session relay key B) permanent key
C) key distribution center D) symmetric key
152) The __________ knows the passwords of all users and stores these in a centralized database and 152)
also shares a unique secret key with each server.
A) authentication server B) ticket server
C) management server D) key distribution server
153) Once the authentication server accepts the user as authentic it creates an encrypted _________ 153)
which is sent back to the client.
A) ticket B) access code C) key D) password
11
154) In order to solve the problem of minimizing the number of times that a user has to enter a 154)
password and the problem of a plaintext transmission of the password a __________ server is used.
A) authentication B) access code
C) ticket granting D) password ciphering
155) In order to prevent an opponent from capturing the login ticket and reusing it to spoof the TGS, the 155)
ticket includes a __________ indicating the date and time at which the ticket was issued.
A) validation B) timestamp C) realm D) certificate
156) A ___________ is a service or user that is known to the Kerberos system and is identified by its 156)
principal name.
A) Kerberos realm B) Kerberos key
C) Kerberos ticket D) Kerberos principal
157) Kerberos version 4 requires the use of ____________ . 157)

A) MAC address B) Ethernet link address
C) IP address D) ISO network address
158) Encryption in version 4 makes use of a nonstandard mode of DES known as ___________ . 158)
A) PCBC B) CBC C) KDC D) PKI
159) A random value to be repeated to assure that the response is fresh and has not been replayed by an 159)
opponent is the __________ .
A) rtime B) option C) nonce D) realm
160) Used in most network security applications the __________ standard has become universally 160)
accepted for formatting public-key certificates.
A) IETF B) X.509 C) X.905 D) PKIX
161) Containing the hash code of the other fields encrypted with the CA's private key, the __________ 161)
covers all of the other fields of the certificate and includes the signature algorithm identifier.
A) extension B) subject unique identifier
C) issuer unique identifier D) signature
162) The _________ extension lists policies that the certificate is recognized as supporting, together with 162)
optional qualifier information.
A) directory attribute B) authority key identifier
C) policy mappings D) certificate policies
163) _________ are entities that obtain and employ data maintained and provided by identity and 163)
attribute providers, which are often used to support authorization decisions and to collect audit
information.
A) CAs B) Principals
C) Federations D) Data Consumers
164) An __________ manages the creation and maintenance of attributes such as passwords and 164)
biometric information.
A) identity provider B) authorizing agent
C) authenticator D) attribute service
12
165) __________ is a centralized, automated approach to provide enterprise wide access to resources by 165)
employees and other authorized individuals, with a focus of defining an identity for each user,
associating attributes with the identity, and enforcing a means by which a user can verify identity.
A) PKIX management B) Registration authority
C) Federated managing authority D) Identity management
166) The strength of any cryptographic system rests with the _________ technique, a term that 166)
refers to the means of delivering a key to two parties that wish to exchange data without
allowing others to see the key.
167) A __________ indicates the length of time for which a ticket is valid (e.g., eight hours). 167)
168) When two end systems wish to communicate they establish a logical connection and, for 168)
the duration of that logical connection, all user data are encrypted with a one-time
__________ which is destroyed at the end of the session.
169) After determining which systems are allowed to communicate with each other and 169)
granting permission for the two systems to establish a connection, the _________ provides
a one-time session key for that connection.
170) Rather than building elaborate authentication protocols at each server, _________ provides 170)
a centralized authentication server whose function is to authenticate users to servers and
servers to users.
171) A __________ server issues tickets to users who have been authenticated to the 171)
authentication server.
172) A __________ is a set of managed nodes that share the same Kerberos database which 172)
resides on the Kerberos master computer system that is located in a physically secure
room.
173) Kerberos version 5 defines all message structures by using __________ and Basic Encoding 173)
Rules (BER), which provide an unambiguous byte ordering.
174) The technical deficiencies of Kerberos version 4 are: double encryption, PCBC encryption, 174)
session keys and __________ .
175) A _________ is the client's choice for an encryption key to be used to protect this specific 175)
application session.
176) A _________ consists of a public key plus a user ID of the key owner, with the whole block 176)
signed by a trusted third party which is typically a CA that is trusted by the user
community.
177) __________ defines a framework for the provision of authentication services by the X.500 177)
directory to its users and defines alternative authentication protocols based on the use of
public-key certificates.
13
178) The _________ exentsion is used only in certificates for CAs issued by other CAs and 178)
allows an issuing CA to indicate that one or more of that issuer's policies can be considered
equivalent to another policy used in the subject CAs domain.
179) With a principal objective of enabling secure, convenient and efficient acquisition of public 179)
keys, __________ is the set of hardware, software, people, policies, and procedures needed
to create, manage, store, distribute, and revoke digital certificates based on asymmetric
cryptography.
180) __________ is a process where authentication and permission will be passed on from one 180)
system to another, usually across multiple enterprises, thereby reducing the number of
authentications needed by the user.
181) SSl/TLS includes protocol mechanisms to enable two TCP users to determine the security 181)
mechanisms and services they will use.
182) Unlike traditional publishing environments, the Internet is three-way and vulnerable to attacks on 182)
the Web servers.
183) Sessions are used to avoid the expensive negotiation of new security parameters for each 183)
connection that shares security parameters.
184) Microsoft Explorer originated SSL. 184)
185) The World Wide Web is fundamentally a client/server application running over the Internet and 185)
TCP/IP intranets.
186) One way to classify Web security threats is in terms of the location of the threat: Web server, Web 186)
browser, and network traffic between browser and server.
187) The encryption of the compressed message plus the MAC must increase the content length by more 187)
than 1024 bytes.
188) The Change Cipher Spec Protocol is one of the three SSL-specific protocols that use the SSL Record 188)
Protocol.
189) The SSL Record Protocol is used before any application data is transmitted. 189)
190) The first element of the CipherSuite parameter is the key exchange method. 190)
191) The certificate message is required for any agreed on key exchange method except fixed 191)
Diffie-Hellman.
192) Phase 3 completes the setting up of a secure connection of the Handshake Protocol. 192)
193) The shared master secret is a one-time 48-byte value generated for a session by means of secure 193)
key exchange.
14
194) The TLS Record Format is the same as that of the SSL Record Format. 194)
195) Server authentication occurs at the transport layer, based on the server possessing a public/private 195)
key pair.
196) The SSL Internet standard version is called _________ . 196)

A) TLS B) SLP C) SSH D) HTTP
197) The most complex part of SSL is the __________ . 197)

A) Change Cipher Spec Protocol B) Handshake Protocol
C) Alert Protocol D) SSL Record Protocol
198) _________ attacks include impersonating another user, altering messages in transit between client 198)
and server and altering information on a Web site.
A) Active B) Shell C) Passive D) Psuedo
199) The symmetric encryption key for data encrypted by the client and decrypted by the server is a 199)
_________ .
A) client write key B) server write key
C) sequence key D) master key
200) _________ provides secure, remote logon and other secure client/server facilities. 200)
A) TLS B) SLP C) HTTPS D) SSH
201) An SSL session is an association between a client and a server and is created by the ___________ . 201)
A) administrator B) user
C) Spec Protocol D) Handshake Protocol
202) An arbitrary byte sequence chosen by the server to identify an active or resumable session state is a 202)
_________ .
A) session identifier B) compression
C) cipher spec D) peer certificate
203) The _________ is used to convey SSL-related alerts to the peer entity. 203)
A) Handshake Protocol B) Alert Protocol
C) SSL Record Protocol D) Change Cipher Spec Protocol
204) With each element of the list defining both a key exchange algorithm and a CipherSpec, the list that 204)
contains the combination of cryptographic algorithms supported by the client in decreasing order
of preference is the __________ .
A) Random B) CipherSuite C) Session ID D) Version
205) Phase _________ of the Handshake Protocol establishes security capabilities. 205)
A) 4 B) 2 C) 3 D) 1
206) The __________ approach is vulnerable to man-in-the-middle attacks. 206)

A) Fortezza B) Anonymous Diffie-Hellman
C) Ephemeral Diffie-Hellman D) Fixed Diffie-Hellman
15
207) The final message in phase 2, and one that is always required, is the ___________ message, which is 207)
sent by the server to indicate the end of the server hello and associated messages.
A) goodbye B) server_done C) no_certificate D) finished
208) Defined as a Proposed Internet Standard in RFC 2246, _________ is an IETF standardization 208)
initiative whose goal is to produce an Internet standard version of SSL.
A) CCSP B) SHA-1 C) SSH D) TLS
209) A Pseudorandom Function takes as input: 209)

A) a seed value B) a secret value
C) an identifying label D) all of the above
210) _________ is organized as three protocols that typically run on top of TCP for secure network 210)
communications and are designed to be relatively simple and inexpensive to implement.
A) SSL B) SSI C) SSH D) TLS
211) __________ provides security services between Transport Layer Protocol and applications 211)
that use TCP.
212) The _________ Protocol allows the server and client to authenticate each other and to 212)
negotiate an encryption and MAC algorithm along with cryptographic keys to be used to
protect data sent in an SSL Record.
213) _________ attacks include eavesdropping on network traffic between browser and server 213)
and gaining access to information on a Web site that is supposed to be restricted.
214) __________ provides confidentiality using symmetric encryption and message integrity 214)
using a message authentication code.
215) The _________ takes an application message to be transmitted, fragments the data into 215)
manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a
header, and transmits the resulting unit in a TCP segment.
216) __________ refers to the combination of HTTP and SSL to implement secure 216)
communication between a Web browser and a Web server.
217) Two important SSL concepts are the SSL session and the SSL _________ . 217)
218) Three standardized schemes that are becoming increasingly important as part of Web 218)
commerce and that focus on security at the transport layer are: SSL/TLS, HTTPS, and
_________.
219) Three higher-layer protocols defined as part of SSL and used in the management of SSL 219)
exchanges are: The Handshake Protocol, The Change Cipher Spec Protocol, and the
__________ .
16
220) _________ would appear to be the most secure of the three Diffie-Hellman options because 220)
it results in a temporary, authenticated key.
221) A signature is created by taking the hash of a message and encrypting it with the sender's 221)
_________ .
222) The handshake is complete and the client and server may begin to exchange application 222)
layer data after the server sends its finished message in phase _________ of the Handshake
Protocol.
223) _________ require a client write MAC secret, a server write MAC secret, a client write key, 223)
a server write key, a client write IV, and a server write IV, which are generated from the
master secret in that order.
224) TLS makes use of a pseudorandom function referred to as __________ to expand secrets 224)
into blocks of data for purposes of key generation or validation.
225) __________ allows the client to set up a "hijacker" process that will intercept selected 225)
application-level traffic and redirect it from an unsecured TCP connection to a secure SSH
tunnel.
226) IEEE 802.11 is a standard for wireless LANs. 226)
227) A basic service set may be isolated or it may connect to a backbone distribution system through an 227)
access point, which functions as a bridge and a relay point.
228) WAP was not designed to work with all wireless network technologies. 228)
229) The integration service enables transfer of data between a station on an IEEE 802.11 LAN and a 229)
station on an integrated IEEE 802.x LAN.
230) One notable approach to WAP assumes that the mobile device implements TLS over TCP/IP and 230)
the wireless network supports transfer of IP packets.
231) The DS can be a switch, a wired network, or a wireless network. 231)
232) The pairwise master key is derived from the group key. 232)
233) IEEE 802.11 defines seven services that need to be provided by the wireless LAN to achieve 233)
functionality equivalent to that which is inherent to wired LANs.
234) Ports are logical entities defined within the authenticator and refer to physical network 234)
connections.
235) The actual method of key generation depends on the details of the authentication protocol used. 235)
17
236) The WAP architecture is designed to cope with the two principal limitations of wireless Web 236)
access: the limitations of the mobile node and the high data rates of wireless digital networks.
237) WML presents mainly text-based information that attempts to capture the essence of the Web page. 237)
238) WTLS provides security services between the mobile device and the WAP gateway. 238)
239) The WTLS Record Protocol takes user data from the next higher layer and encapsulates these data 239)
in a PDU.
240) The most complex part of Wireless Transport Layer Security is the Change Cipher Spec Protocol. 240)
241) The term used for certified 802.11b products is ___________ . 241)
A) WEP B) Wi-Fi C) WPA D) WAP
242) The layer of the IEEE 802 reference model that includes such functions as encoding/decoding of 242)
signals and bit transmission/reception is the _________ .
A) control layer B) logical link layer
C) media access layer D) physical layer
243) A WML _________ is similar to an HTML page in that it is identified by a URL and is the unit of 243)
content transmission.
A) card B) unit C) page D) deck
244) WAP security is primarily provided by the __________ which provides security services between 244)
the mobile device and the WAP gateway to the Internet.
A) WTLS B) MSDU C) CCMP D) TKIP
245) The function of the __________ is to on transmission assemble data into a frame, on reception 245)
disassemble frame and perform address recognition and error detection, and govern access to the
LAN transmission medium.
A) media access control layer B) physical layer
C) transmission layer D) logical layer
246) The master session key is also known as the __________ key. 246)
A) STA B) GTK C) MIC D) AAA
247) The __________ is the information that is delivered as a unit between MAC users. 247)
A) DS B) BSS C) MPDU D) MSDU
248) The __________ layer keeps track of which frames have been successfully received and retransmits 248)
unsuccessful frames.
A) transmission B) media access control
C) physical layer D) logical link control
18
249) The purpose of the discovery phase in the ___________ is for a STA and an AP to recognize each 249)
other, agree on a set of security capabilities, and establish an association for future communication
using those security capabilities.
A) WPA B) WAE C) TKIP D) RSN
250) The specification of a protocol along with the chosen key length is known as a __________ . 250)
A) cipher suite B) extended service
C) distribution system D) RSN
251) The _________ is used to ensure the confidentiality of the GTK and other key material in the 4-Way 251)
Handshake.
A) TK B) EAPOL-KEK C) MIC key D) EAPOL-KCK
252) The PMK is used to generate the _________ which consists of three keys to be used for 252)
communication between a STA and AP after they have been mutually authenticated.
A) PTK B) PSK C) AAA Key D) GTK
253) _________ is a standard to provide mobile users of wireless phones and other wireless terminals 253)
access to telephony and information services including the Internet and the Web.
A) WEP B) WML C) WPA D) WAP
254) _________ was designed to describe content and format for presenting data on devices with limited 254)
bandwidth, limited screen size, and limited user input capability and to work with telephone
keypads, styluses, and other input devices common to mobile, wireless communication.
A) WPA B) WAE C) WAP D) WML
255) The __________ is used to convey WTLS-related alerts to the peer entity. 255)
A) Counter Mode MAC Protocol B) Cipher Spec Protocol
C) Alert Protocol D) WAP Protocol
256) __________ specifies security standards for IEEE 802.11 LANs including authentication, 256)
data integrity, data confidentiality, and key management.
257) The _________ is a universal open standard developed to provide mobile users of wireless 257)
phones and other wireless terminals such as pages and personal digital assistants access to
telephony and information services including the Internet and the Web.
258) __________ is the primary service used by stations to exchange MPDUs when the MPDUs 258)
must traverse the DS to get from a station in one BSS to a station in another BSS.
259) To certify interoperability for 802.11b products an industry consortium named the 259)
__________ was formed.
260) The __________ function is the logical function that determines when a station operating 260)
within a BSS is permitted to transmit and may be able to receive PDUs.
261) Derived from the GMK, the _________ is used to provide confidentiality and integrity 261)
protection for multicast/broadcast user traffic.
19
262) An __________ is a set of one or more interconnected BSSs and integrated LANs that 262)
appear as a single BSS to the LLC layer at any station associated with one of these BSSs.
263) The __________ layer is responsible for detecting errors and discarding any frames that 263)
contain errors.
264) The smallest building block of a wireless LAN is a __________ which consists of wireless 264)
stations executing the same MAC protocol and competing for access to the same shared
wireless medium.
265) In order to accelerate the introduction of strong security into WLANs, the Wi-Fi Alliance 265)
promulgated __________ as a set of security mechanisms for the Wi-Fi standard.
266) The MPDU authentication phase consists of three phases. They are: connect to AS, EAP 266)
exchange and _________ .
267) Forming a hierarchy beginning with a master key from which other keys are derived 267)
dynamically and used for a limited period of time, __________ are used for communication
between a pair of devices typically between a STA and an AP.
268) The MPDU exchange for distributing pairwise keys is known as the _________ which the 268)
STA and SP use to confirm the existence of the PMK, to verify the selection of the cipher
suite, and to derive a fresh PTK for data sessions.
269) Consisting of tools and formats that are intended to ease the task of developing 269)
applications and devices supported by WAP, the ________ specifies an application
framework for wireless devices such as mobile telephones, pagers, and PDAs.
270) The WAP Programming Model is based on three elements: the client, the original server, 270)
and the _________ .
271) PGP incorporates tools for developing public-key certificate management and a public-key trust 271)
model.
272) PGP provides confidentiality through the use of asymmetric block encryption. 272)
273) E-mail is the most common distributed application that is widely used across all architectures and 273)
vendor platforms.
274) As a default, PGP compresses the message after applying the signature but before encryption. 274)
275) Each PGP entity must maintain a file of its own public/private key pairs as well as a file of private 275)
keys of correspondents.
276) A means of generating predictable PGP session keys is needed. 276)
20
277) To enhance security an encrypted message is not accompanied by an encrypted form of the session 277)
key that was used for message encryption.
278) A message component includes the actual data to be stored or transmitted as well as a filename and 278)
a timestamp that specifies the time of creation.
279) PGP has a very rigid public-key management scheme. 279)
280) The key legitimacy field is derived from the collection of signature trust fields in the entry. 280)
281) Only single user IDs may be associated with a single public key on the public-key ring. 281)
282) The MIME-Version field must have the parameter value 1.0 in order for the message to conform to 282)
RFCs 2045 and 2046.
283) For the text type of body no special software is required to get the full meaning of the text aside 283)
from support of the indicated character set.
284) The objective of MIME Transfer Encodings is to provide reliable delivery across the largest range of 284)
environments.
285) Native form is a format, appropriate to the content type, that is standardized for use between 285)
systems.
286) __________ is an Internet standard approach to e-mail security that incorporates the same 286)
functionality as PGP.
A) MIME B) HTTPS C) DKIM D) S/MIME
287) PGP provides authentication through the use of _________ . 287)

A) symmetric block encryption B) radix-64
C) asymmetric block encryption D) digital signatures
288) PGP provides e-mail compatibility using the __________ encoding scheme. 288)
A) radix-64 B) MIME
C) digital signature D) symmetric block
289) The __________ enables the recipient to determine if the correct public key was used to decrypt the 289)
message digest for authentication.
A) key ID of the sender's public key B) leading two octets of message digest
C) filename D) timestamp
290) Key IDs are critical to the operation of PGP and __________ key IDs are included in any PGP 290)
message that provides both confidentiality and authentication.
A) two B) six C) four D) three
21
291) MIME is an extension to the ________ framework that is intended to address some of the problems 291)
and limitations of the use of SMTP.
A) RFC 821 B) RFC 3852 C) RFC 4871 D) RFC 5322
292) The ________ MIME field is a text description of the object with the body which is useful when the 292)
object is not readable as in the case of audio data.
A) Content-Description B) Content-Type
C) Content-ID D) Content-Transfer-Encoding
293) The __________ field is used to identify MIME entities uniquely in multiple contexts. 293)
A) Content-Description B) Content-ID
C) Content-Transfer- Encoding D) Content-Type
294) Video content will be identified as _________ type. 294)

A) JPEG B) MPEG C) GIF D) BMP
295) The __________ subtype is used when the different parts are independent but are to be transmitted 295)
together. They should be presented to the receiver in the order that they appear in the mail
message.
A) multipart/alternative B) multipart/digest
C) multipart/parallel D) multipart/mixed
296) For the __________ subtype the order of the parts is not significant. 296)
A) multipart/mixed B) multipart/digest
C) multipart/alternative D) multipart/parallel
297) S/MIME cryptographic algorithms use __________ to specify requirement level. 297)
A) SHOULD and MIGHT B) SHOULD and MUST
C) CAN and MUST D) SHOULD and CAN
298) E-banking, personal banking, e-commerce server, software validation and membership-based 298)
online services all fall into the VeriSign Digital ID _________ .
A) Class 2 B) Class 4 C) Class 3 D) Class 1
299) The _________ accepts the message submitted by a Message User Agent and enforces the policies of 299)
the hosting domain and the requirements of Internet standards.
A) Message Transfer Agent B) Mail Submission Agent
C) Mail Delivery Agent D) Message Store
300) Typically housed in the user's computer, a _________ is referred to as a client e-mail program or a 300)
local network e-mail server.
A) Message Store B) Message User Agent
C) Mail Submission Agent D) Message Transfer Agent
301) ___________ is an open-source, freely available software package for e-mail security. 301)
302) The key legitimacy field, the signature trust field and the owner trust field are each 302)
contained in a structure referred to as a ___________ .
22
303) PGP provides compression using the __________ algorithm. 303)
304) To provide transparency for e-mail applications, an encrypted message may be converted 304)
to an ASCII string using _________ conversion.
305) PGP makes use of four types of keys: public keys, private keys, one-time session keys, and 305)
___________ symmetric keys.
306) Computed by PGP, a _________ field indicates the extent to which PGP will trust that this 306)
is a valid public key for this user; the higher the level of trust, the stronger the binding of
this user ID to this key.
307) __________ is a security enhancement to the MIME Internet e-mail format standard based 307)
on technology from RSA Data Security.
308) The __________ MIME field describes the data contained in the body with sufficient detail 308)
that the receiving user agent can pick an appropriate agent or mechanism to represent the
data to the user or otherwise deal with the data in an appropriate manner.
309) The _________ type refers to other kinds of data, typically either uninterpreted binary data 309)
or information to be processed by a mail-based application.
310) The _________ transfer encoding is useful when the data consists largely of octets that 310)
correspond to printable ASCII characters.
311) The _________ transfer encoding, also known as radix-64 encoding, is a common one for 311)
encoding arbitrary binary data in such a way as to be invulnerable to the processing by
mail-transport programs.
312) A _________ is formed by taking the message digest of the content to be signed and then 312)
encrypting that with the private key of the signer, which is then encoded using base64
encoding.
313) S/MIME provides the following functions: enveloped data, signed data, clear signed data, 313)
and ________ .
314) A specification for cryptographically signing e-mail messages permitting a signing 314)
domain to claim responsibility for a message in the mail stream, _________ allow message
recipients to verify the signature by querying the signer's domain directly to retrieve the
appropriate public key and thereby confirming that the message was attested to by a party
in possession of the private key for the signing domain.
315) The _________ is a directory lookup service that provides a mapping between the name of 315)
a host on the Internet and its numerical address.
316) IP security is a capability that can be added to either current version of the Internet Protocol by 316)
means of additional headers.
23
317) The principal feature of IPsec is that it can encrypt and/or authenticate all traffic at the IP level. 317)
318) Transport mode provides protection to the entire IP packet. 318)
319) Additional padding may be added to provide partial traffic flow confidentiality by concealing the 319)
actual length of the payload.
320) Authentication must be applied to the entire original IP packet. 320)
321) An end user whose system is equipped with IP security protocols can make a local call to an ISP 321)
and gain secure access to a company network.
322) Both tunnel and transport modes can be accommodated by the encapsulating security payload 322)
encryption format.
323) An individual SA can implement both the AH and the ESP protocol. 323)
324) By implementing security at the IP level an organization can ensure secure networking not only for 324)
applications that have security mechanisms but also for the many security ignorant applications.
325) IPSec can guarantee that all traffic designated by the network administrator is authenticated but 325)
cannot guarantee that it is encrypted.
326) Any traffic from the local host to a remote host for purposes of an IKE exchange bypasses the IPsec 326)
processing.
327) IPsec is executed on a packet-by-packet basis. 327)
328) The Payload Data Field is designed to deter replay attacks. 328)
329) The Security Parameters Index identifies a security association. 329)
330) The default automated key management protocol for IPsec is referred to as ISAKMP/Oakley. 330)
331) Authentication applied to the entire original IP packet is _________ . 331)

A) transport mode B) security mode C) cipher mode D) tunnel mode
332) _________ defines a number of techniques for key management. 332)

A) KMP B) IKE C) SKE D) KEP
333) Authentication applied to all of the packet except for the IP header is _________ . 333)
A) tunnel mode B) transport mode
C) association mode D) security mode
24
334) The __________ mechanism assures that a received packet was in fact transmitted by the party 334)
identified as the source in the packet header and assures that the packet has not been altered in
transit.
A) confidentiality B) key management
C) authentication D) security
335) __________ provides the capability to secure communications across a LAN, across private and 335)
public WANs, and across the Internet.
A) IKE B) ISA C) IPsec D) IAB
336) The _________ facility enables communicating nodes to encrypt messages to prevent 336)
eavesdropping by third parties.
A) authentication B) confidentiality
C) security D) key management
337) The key management mechanism that is used to distribute keys is coupled to the authentication 337)
and privacy mechanisms only by way of the _________ .
A) ESP B) SPD C) IAB D) SPI
338) A _________ is a one way relationship between a sender and a receiver that affords security 338)
services to the traffic carried on it.
A) SAD B) SPI C) SA D) SPD
339) The means by which IP traffic is related to specific SAs is the _________ . 339)
A) TRS B) SAD C) SPD D) SPI
340) _________ consists of an encapsulating header and trailer used to provide encryption or combined 340)
encryption/authentication. The current specification is RFC 4303.
A) ISA B) SPI C) IPsec D) ESP
341) _________ identifies the type of data contained in the payload data field by identifying the first 341)
header in that payload.
A) Sequence Header B) Security Parameters Index
C) Payload Data D) Next Header
342) A value chosen by the responder to identify a unique IKE SA is a _________ . 342)
A) Responder Cookie B) Message ID
C) Flag D) Initiator SPI
343) IKE key determination employs __________ to ensure against replay attacks. 343)
A) nonces B) groups C) cookies D) flags
344) The __________ payload contains either error or status information associated with this SA or this 344)
SA negotiation.
A) Notify B) Nonce C) Encrypted D) Configuration
345) The _________ payload allows peers to identify packet flows for processing by IPsec services. 345)
A) Traffic Selector B) Vendor ID
C) Configuration D) Extensible Authentication Protocol
25
346) IPsec encompasses three functional areas: authentication, key management, and 346)
__________ .
347) _________ mode is used when one or both ends of an SA are a security gateway, such as a 347)
firewall or router that implements IPsec.
348) IPsec policy is determined primarily by the interaction of two databases: The security 348)
policy database and the __________ .
349) Confidentiality is provided by an encryption format known as __________ . 349)
350) A __________ attack is one in which an attacker obtains a copy of an authenticated packet 350)
and later transmits it to the intended destination.
351) Authentication makes use of the _________ message authentication code. 351)
352) A security association is uniquely identified by three parameters: Security Protocol 352)
Identifier, IP Destination Address, and ________ .
353) The __________ facility is concerned with the secure exchange of keys. 353)
354) _________ can be used to provide confidentiality, data origin authentication, 354)
connectionless integrity, an anti-replay service, and traffic flow confidentiality.
355) IPsec provides security services at the ________ layer by enabling a system to select 355)
required security protocols, determine the algorithms to use for the services and put in
place any cryptographic keys required to provide the requested services.
356) The selectors that determine a Security Policy Database are: Name, Local and Remote 356)
Ports, Next Layer Protocol, Remote IP Address, and _________ .
357) The term _________ refers to a sequence of SAs through which traffic must be processed to 357)
provide a desired set of IPsec services.
358) Generic in that it does not dictate specific formats, the _________ is a key exchange 358)
protocol based on the Diffie-Hellman algorithm with added security.
359) Three different authentication methods can be used with IKE key determination: Public 359)
key encryption, symmetric key encryption, and _________ .
360) At any point in an IKE exchange the sender may include a _________ payload to request 360)
the certificate of the other communicating entity.
361) Unauthorized intrusion into a computer system or network is one of the most serious threats to 361)
computer security.
26
362) A Trojan horses and viruses are confined to network based attacks. 362)
363) Intrusion detection involves detecting unusual patterns of activity or patterns of activity that are 363)
known to correlate with intrusions.
364) Statistical approaches attempt to define proper behavior and rule-based approaches attempt to 364)
define normal or expected behavior.
365) The main advantage of the use of statistical profiles is that a prior knowledge of security flaws is 365)
not required.
366) One important element of intrusion prevention is password management. 366)
367) The ID determines the privileges accorded to the user. 367)
368) Insider attacks are among the easiest to detect and prevent. 368)
369) The hacking community is a strong meritocracy in which status is determined by level of 369)
competency.
370) Penetration identification is an approach developed to detect deviation from previous usage 370)
patterns.
371) A weakness of the IDES approach is its lack of flexibility. 371)
372) To be of practical use an intrusion detection system should detect a substantial percentage of 372)
intrusions while keeping the false alarm rate at an acceptable level.
373) System administrators can stop all attacks and hackers from penetrating their systems by installing 373)
software patches periodically.
374) Password crackers rely on the fact that some people choose easily guessable passwords. 374)
375) Traditional hackers usually have specific targets, or at least classes of targets in mind. 375)
376) Software trespass can take the form of a _________ . 376)

A) virus B) all of the above C) Trojan horse D) worm
377) A _________ is an individual who is not authorized to use the computer and who penetrates a 377)
system's access controls to exploit a legitimate user's account.
A) Misfeasor B) Sniffer
C) Clandestine User D) Masquerader
378) _________ involves counting the number of occurrences of a specific event type over an interval of 378)
time.
A) Threshold detection B) Rule-based detection
C) Resource usage D) Profile-based system
27
379) A ________ is a legitimate user who accesses data, programs, or resources for which such access is 379)
not authorized, or who is authorized for such access but misuses his or her privileges.
A) Misfeasor B) Masquerader
C) Clandestine User D) Emissary
380) The simplest statistical test is to measure the _________ of a parameter over some historical period 380)
which would give a reflection of the average behavior and its variability.
A) Markov process B) time series
C) multivariate D) mean and standard deviation
381) _________ detection focuses on characterizing the past behavior of individual users or related 381)
groups of users and then detecting significant deviations.
A) Profile-based anomaly B) Action condition
C) Statistical anomaly D) Threshold
382) A ________ is an individual who seizes supervisory control of the system and uses this control to 382)
evade auditing and access controls or to suppress audit collection.
A) Misfeasor B) Mole
C) Clandestine User D) Masquerader
383) The _________ model is used to establish transition probabilities among various states, such as 383)
looking at transitions between certain commands.
A) Markov process B) Multivariate
C) Operational D) Profile-based
384) The _________ is based on a judgment of what is considered abnormal rather than an automated 384)
analysis of past audit records.
A) Operational model B) Markov process
C) Time series D) Mean and standard deviation
385) The ________ is an audit collection module operating as a background process on a monitored 385)
system whose purpose is to collect data on security related events on the host and transmit these to
the central manager.
A) intruder alert module B) LAN monitor agent module
C) central manager module D) host agent module
386) The _________ prevents duplicate passwords from being visible in the password file. Even if two 386)
users choose the same password, those passwords will be assigned at different times.
A) rule based intrusion detection B) salt
C) honeypot D) audit record
387) An operation such as login, read, perform, I/O or execute that is performed by the subject on or 387)
with an object is the _________ audit record field.
A) Object B) Resource-usage
C) Subject D) Action
28
388) A ________ is used to measure the current value of some entity. Examples include the number of 388)
logical connections assigned to a user application and the number of outgoing messages queued for
a user process.
A) Counter B) Interval timer
C) Gauge D) Resource utilization
389) A ________ model is based on correlations between two or more variables. 389)
A) Operational B) Multivariate
C) Markov process D) Mean and Standard Deviation
390) The most promising approach to improved password security is __________ . 390)
A) a reactive password checking strategy B) a proactive password checker
C) user education D) computer generated passwords
391) __________ systems have been developed to provide early warning of an intrusion so that 391)
defensive action can be taken to prevent or minimize damage.
392) _________ detection involves the collection of data relating to the behavior of legitimate 392)
users over a period of time. Statistical tests are applied to observed behavior to determine
with a high level of confidence whether that behavior is not legitimate user behavior.
393) The three classes of intruders identified by Anderson are: Masquerader, Misfeasor, and 393)
_________ .
394) Password files can be protected in one of two ways: One-way function or __________ . 394)
395) Metrics that are useful for profile-based intrusion detection are: counter, gauge, resource 395)
utilization, and _________ .
396) _________ is based on the assumption that the behavior of the intruder differs from that of 396)
a legitimate user in ways that can be quantified.
397) Two types of audit records used are Detection-specific audit records and _________ audit 397)
records.
398) _________ techniques detect intrusion by observing events in the system and applying a set 398)
of rules that lead to a decision regarding whether a given pattern of activity is or is not
suspicious.
399) Designed to lure a potential attacker away from critical systems ____________ are decoy 399)
systems that divert an attacker from accessing critical systems, collect information about
the hacker's activity, and encourage the attacker to stay on the system long enough for
administrators to respond.
400) The focus of the __________ is to define data formats and exchange procedures for sharing 400)
information of interest to intrusion detection and response systems and to management
that may need to interact with them.
29
401) A _________ strategy is one in which the system periodically runs its own password 401)
cracker to find guessable passwords.
402) A fundamental tool for intrusion detection is the _________ record. 402)
403) An example of a metric used for profile-based intrusion detection is _________ which is a 403)
non-negative integer that may be incremented but not decremented until it is reset by
management action. Examples include the number of logins by a single user during an
hour, the number of times a given command is executed during a single user session, and
the number of password failures during a minute.
404) _________ identification takes a very different approach to intrusion detection. The key 404)
feature of such systems is the use of rules for identifying known penetration or
penetrations that would exploit known weaknesses. Typically the rules used in these
systems are specific to the machine and operating system.
405) One of the most important results from probability theory is known as ________ which is 405)
used to calculate the probability that something really is the case, given evidence in favor
of it.
406) In addition to propagation a worm usually performs some unwanted function. 406)
407) Viruses, logic bombs, and backdoors are examples of independent malicious software. 407)
408) Malware is another name for Malicious Software. 408)
409) Bot programs are activated by a trigger. 409)
410) An encrypted virus is a virus that mutates with every infection, making detection by the signature 410)
of the virus impossible.
411) Backdoors become threats when unscrupulous programmers use them to gain unauthorized access. 411)
412) Macro viruses infect documents, not executable portions of code. 412)
413) A multipartite virus uses multiple methods of infection or transmission to maximize the speed of 413)
contagion and the severity of the attack.
414) Spyware is software that collects information from a computer and transmits it to another system. 414)
415) The success of the digital immune system depends on the ability of the virus analysis machine to 415)
detect new and innovative virus strains.
416) Like heuristics or fingerprint based scanners, behavior blocking software integrates with the 416)
operating system of a ghost computer and monitors program behavior in real time for malicious
actions.
30
417) Stealth is not a term that applies to a virus as such but, rather, refers to a technique used by a virus 417)
to evade detection.
418) The generic decryption system is a comprehensive approach to virus protection developed by IBM 418)
and refined by Symantec.
419) A behavior blocker can block suspicious software in real time thus giving it an advantage over such 419)
established antivirus detection techniques as fingerprinting or heuristics.
420) The challenge in coping with DDoS attacks is the sheer number of ways in which they can operate. 420)
421) Malicious software that needs a host program is referred to as _________ . 421)
A) flooders B) blended C) logic bomb D) parasitic
422) The sheer number of ways in which they can operate make coping with _________ attacks 422)
challenging because the countermeasures must evolve with the threat.
A) DDoS B) Slammer C) logic bomb D) peer
423) A _________ is a secret entry point into a program that allows someone who is aware of it to gain 423)
access without going through the usual security access procedures.
A) multipartite B) Trojan horse C) hatch D) backdoor
424) A _________ is used when the programmer is developing an application that has an authentication 424)
procedure or a long setup requiring the user to enter many different values to run the application.
A) direct trap B) mobile entrance
C) maintenance hook D) boot door
425) _________ are used to attack networked computer systems with a large volume of traffic to carry 425)
out a denial-of-service attack.
A) Keyloggers B) Exploits C) Bots D) Flooders
426) ________ attacks make computer systems inaccessible by flooding servers, networks, or even end 426)
user systems with useless traffic so that legitimate users can no longer gain access to those
resources.
A) DDoS B) Flooder C) Backdoor D) PWC
427) A _________ virus is a form of virus explicitly designed to hide itself from detection by antivirus 427)
software.
A) stealth B) encrypted C) polymorphic D) metamorphic
428) _________ is a mass mailing e-mail worm that installs a backdoor in infected computers thereby 428)
enabling hackers to gain remote access to data such as passwords and credit card numbers.
A) Sobig.f B) Code Red C) Mydoom D) Slammer
429) The IDEAL solution to the threat of viruses is __________ . 429)

A) prevention B) identification C) removal D) detection
31
430) _________ antivirus programs are memory resident programs that identify a virus by its actions 430)
rather than its structure in an infected program.
A) Second generation B) First generation
C) Fourth generation D) Third generation
431) Unlike heuristics or fingerprint based scanners,the _________ integrates with the operating system 431)
of a host computer and monitors program behavior in real time for malicious actions.
A) generic decryption B) behavior blocking software
C) mobile code D) digital immune system
432) The _________ worm exploits a security hole in the Microsoft Internet Information Server to 432)
penetrate and spread to other hosts. It also disables the system file checker in Windows.
A) Warezov B) Code Red C) Slammer D) Mydoom
433) In a __________ attack the slave zombies construct packets requiring a response that contains the 433)
target's IP address as the source IP address in the packet's IP header. These packets are sent to
uninfected machines that respond with packets directed at the target machine.
A) blended B) direct DDoS
C) internal resource D) reflector DDoS
434) Mobile phone worms communicate through Bluetooth wireless connections or via the _________ . 434)
A) PWC B) SQL C) TRW D) MMS
435) Worm propagation proceeds through __________ phases. 435)

A) 4 B) 5 C) 2 D) 3
436) __________ is software that is intentionally included or inserted in a system for a harmful 436)
purpose.
437) Worms and bot programs are examples of __________ malicious software programs. 437)
438) A __________ attack is an attempt to prevent legitimate users of a service from using that 438)
service.
439) __________ software is essentially fragments of programs that cannot exist independently 439)
of some actual application program, utility, or system program.
440) The _________ is code embedded in some legitimate program that is set to "explode" when 440)
certain conditions are met. Examples of such conditions that can be used as triggers are the
presence or absence of certain files, a particular day of the week or date, or a particular
user running the application.
441) Advertising that is integrated into software that can result in pop-up ads or redirection of a 441)
browser to a commercial site is called _________ .
442) The Nimda attack, erroneously referred to as a worm, uses four distribution methods: 442)
Windows shares, Web servers, Web clients, and __________ .
32
443) A computer virus has three parts: infection mechanism, trigger, and __________ . 443)
444) _________ technology enables the antivirus program to easily detect even the most 444)
complex polymorphic viruses while maintaining fast scanning speeds.
445) Two major trends in Internet technology that have had an increasing impact on the rate of 445)
virus propagation in recent years are: integrated mail systems and _________ systems.
446) _________ software runs on server and desktop computers and is instructed through 446)
policies set by the network administrator to let benign actions take place but to intercede
when unauthorized or suspicious actions occur.
447) A network worm exhibits the same characteristics as a computer virus: a dormant phase, a 447)
propagation phase, a __________ phase, and an execution phase.
448) In a ________ attack an attacker is able to recruit a number of hosts throughout the Internet 448)
to simultaneously or in a coordinated fashion launch an attack upon the target.
449) There are three lines of defense against DDoS attacks: Attack prevention and preemption 449)
(before the attack), Attack source traceback and identification (during and after the attack),
and __________ (during the attack).
450) _________ exploits randomness in picking destinations to connect to as a way of detecting 450)
if a scanner is in operation. It is suitable for deployment in high-speed, low cost network
devices and is effective against the common behavior seen in worm scans.
451) A firewall may be designed to operate as a filter at the level of IP packets or may operate at a 451)
higher protocol layer.
452) The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP 452)
header.
453) The direction control determines the types of Internet services that can be accessed, inbound or 453)
outbound.
454) The firewall cannot fully protect against internal threats. 454)
455) A firewall may not act as a packet filter. 455)
456) A stateful packet inspection firewall reviews the same packet information as a packet filtering 456)
firewall but also records information about TCP connections.
457) One advantage of a packet filtering firewall is its simplicity. 457)
458) Packet filter firewalls examine upper layer data therefore they can prevent attacks that employ 458)
application specific vulnerabilities or functions.
33
459) Due to the small number of variables used in access control decisions packet filter firewalls are 459)
susceptible to security breaches caused by improper configurations.
460) Packet filters tend to be more secure than application level gateways. 460)
461) A circuit level proxy can be a stand alone system or it can be a specialized function performed by 461)
an application level gateway for certain applications.
462) An example of application level gateway implementation is the SOCKS package. 462)
463) Firewall functionality can also be implemented as a software module in a router or LAN switch. 463)
464) The primary role of the personal firewall is to deny unauthorized remote access to the computer. 464)
465) The external firewall adds more stringent filtering capability in order to protect enterprise servers 465)
and workstations from external attack.
466) _________ can be an effective means of protecting a local system or network of systems from 466)
network based security threats while at the same time affording access to the outside world via
wide area networks and the Internet.
A) SOCKS B) Firewalls C) Proxys D) VPNs
467) The _________ is the address of the system that originated the IP packet. 467)
A) IP protocol field
B) Interface
C) Source IP address
D) Source and destination transport level address
468) The technique that controls how particular services are used is the _________ control. The firewall 468)
may filter e-mail to eliminate spam, or it may enable external access to only a portion of the
information on a local Web server.
A) direction B) service C) behavior D) user
469) The _________ is the transport level port number which defines applications such as SNMP or 469)
TELNET.
A) Interface
B) IP protocol field
C) Source IP address
D) Source and destination transport level address
470) A _________ firewall applies a set of rules to each incoming and outgoing IP packet and then 470)
forwards or discards the packet.
A) stateful inspection B) distributed
C) packet filtering D) host-based
471) The __________ defines the transport protocol. 471)

A) source IP address B) IP protocol field
C) destination IP address D) interface
34
472) The _________ attack is designed to circumvent filtering rules that depend on TCP header 472)
information.
A) network layer address spoofing B) tiny fragment
C) source routing D) IP address spoofing
473) A typical use of a _________ is a situation in which the system administrator trusts the internal 473)
users.
A) stateful inspection firewall. B) packet filtering firewall
C) application level gateway D) circuit level gateway
474) SOCKS is defined in _________ as "a framework for client server applications in both the TCP and 474)
UDP domains to conveniently and securely use the services of a network firewall".
A) RFC 1024 B) RFC 1935 C) RFC 1928 D) RFC 1046
475) Available in many operating systems or provided as an add on package, a ________ is a software 475)
module used to secure an individual host and also filters and restricts the flow of packets.
A) host based firewall B) DMZ
C) circuit level gateway D) application level gateway
476) An important aspect of a distributed firewall configuration is _________ . 476)

A) change control B) security monitoring
C) configuration alerting D) network frame locking
477) A ________ is a single router between internal and external networks with stateless or full packet 477)
filtering. This arrangement is typical for SOHO applications.
A) host resident firewall B) DMZ
C) screening router D) single bastion T
478) Common for large businesses and government organizations, the ________ configuration is 478)
required for Australian government use.
A) Double bastion inline B) Double bastion T
C) Single bastion T D) Single bastion inline
479) ________ has a third network interface on bastion to a DMZ where externally visible servers are 479)
placed. This is a common appliance configuration for medium to large organizations.
A) single bastion inline B) double bastion T
C) double bastion inline D) single bastion T
480) The iTunes Music Sharing inbound service is port number ________ . 480)
A) 3031 B) 5298 C) 3869 D) 5297
481) A _________ forms a barrier through which the traffic going in each direction must pass 481)
and dictates which traffic is authorized to pass.
482) The four general techniques that firewalls use to control access and enforce the site's 482)
security policy are: service control, direction control, user control, and __________ control.
35
483) Common for large businesses and government organizations, the _________ configuration 483)
sandwiches the DMZ between bastion firewalls.
484) The default _________ policy increases ease of use for end users but provides reduced 484)
security because the security administrator must, in essence, react to each new security
threat as it becomes known.
485) A __________ attack is where the source station specifies the route that a packet should 485)
take as it crosses the Internet in the hopes that this will bypass security measures that do
not analyze the source routing information.
486) A _________ firewall configuration involves stand alone firewall devices plus host based 486)
firewalls working together under a central administrative control.
487) Four types of firewalls are: Packet filtering, stateful inspection, circuit level proxy and 487)
_________ .
488) A _________ packet firewall tightens up the rules for TCP traffic by creating a directory of 488)
outbound TCP connections. There is an entry for each currently established connection
and the packet filter will now allow incoming traffic to high numbered ports only for those
packets that fit the profile of one of the entries in this directory.
489) A _________ sets up two TCP connections, one between itself and a TCP user on an inner 489)
host and one between itself and a TCP user on an outside host. Once the two connections
are established TCP segments from one connection are relayed to the other without
examining the contents.
490) Typically serving as a platform for an application level or circuit level gateway, a ________ 490)
is a system identified by the firewall administrator as a critical strong point in the
network's security.
491) A ________ firewall controls the traffic between a personal computer or workstation on one 491)
side and the Internet or enterprise network on the other side.
492) Between an internal firewall and an external firewall are one or more networked devices in 492)
a region referred to as a _________ . Systems that are externally accessible but need some
protection are usually located in this area.
493) A _________ consists of a set of computers that interconnect by means of a relatively 493)
unsecure network and that make use of encryption and special protocols to provide
security.
494) _________ firewalls include personal firewall software and firewall software on servers. 494)
Such firewalls can be used alone or as part of an in-depth firewall deployment.
495) A ________ is a single firewall device between an internal and external router. The firewall 495)
may implement stateful filters and/or application proxies. This is the typical firewall
appliance configuration for small to medium sized organizations.
36
Answer Key
Testname: UNTITLED1
1) TRUE
2) TRUE
3) FALSE
4) TRUE
5) TRUE
6) FALSE
7) FALSE
8) TRUE
9) FALSE
10) TRUE
11) FALSE
12) FALSE
13) TRUE
14) FALSE
15) TRUE
16) A
17) B
18) A
19) A
20) C
21) A
22) A
23) B
24) B
25) B
26) A
27) C
28) B
29) B
30) A
31) Computer Security
32) integrity
33) attack
34) availability
35) Encipherment
36) Family Educational Rights and Privacy Act (FERPA)
37) threat
38) passive
39) encryption
40) masquerade
41) data confidentiality
42) access control
43) International Organization for Standardization (ISO)
44) Nonrepudiation
45) digital signature
46) FALSE
47) TRUE
48) TRUE
49) FALSE
50) TRUE
1
Answer Key
Testname: UNTITLED1
51) TRUE
52) FALSE
53) TRUE
54) TRUE
55) FALSE
56) TRUE
57) FALSE
58) TRUE
59) TRUE
60) FALSE
61) B
62) D
63) A
64) B
65) A
66) B
67) A
68) A
69) A
70) C
71) B
72) D
73) D
74) D
75) B
76) decryption
77) block
78) key
79) Symmetric block ciphers
80) cryptanalysis
81) computationally secure
82) Data Encryption Standard (DES)
83) entropy
84) seed
85) RC4
86) cipher block chaining (CBC)
87) symmetric
88) encryption algorithm
89) substitution
90) Horst Feistel
91) TRUE
92) FALSE
93) TRUE
94) FALSE
95) TRUE
96) FALSE
97) TRUE
98) TRUE
99) FALSE
100) TRUE
2
Answer Key
Testname: UNTITLED1
101) TRUE
102) TRUE
103) FALSE
104) TRUE
105) TRUE
106) C
107) C
108) B
109) B
110) D
111) A
112) C
113) A
114) D
115) A
116) B
117) B
118) C
119) B
120) C
121) message authentication
122) preimage resistant
123) public-key
124) hash function
125) second preimage resistant
126) cryptanalysis
127) Diffie-Hellman
128) Secure Hash Algorithm (SHA)
129) Authenticated encryption
130) CCM
131) decryption
133) key exchange
134) Digital Signature Standard (DSS)
136) TRUE
137) FALSE
138) TRUE
139) FALSE
140) TRUE
141) FALSE
142) TRUE
143) FALSE
144) TRUE
145) TRUE
146) FALSE
147) TRUE
148) FALSE
149) TRUE
150) TRUE
3
Answer Key
Testname: UNTITLED1
151) B
152) A
153) A
154) C
155) B
156) D
157) C
158) A
159) C
160) B
161) D
162) D
163) D
164) D
165) D
166) key distribution
167) lifetime
168) session key
169) key distribution center (KDC)
170) Kerberos
171) ticket-granting
172) Kerberos realm
173) Abstract Syntax Notation One (ASN.1)
174) password attacks
175) subkey
176) (public-key) certificate
177) X.509
178) policy mappings
179) public-key infrastructure (PKI)
180) Federation
181) TRUE
182) FALSE
183) TRUE
184) FALSE
185) TRUE
186) TRUE
187) FALSE
188) TRUE
189) FALSE
190) TRUE
191) FALSE
192) FALSE
193) TRUE
194) TRUE
195) TRUE
196) A
197) B
198) A
199) A
200) D
4
Answer Key
Testname: UNTITLED1
201) D
202) A
203) B
204) B
205) D
206) B
207) B
208) D
209) D
210) C
211) Secure Socket Layer (SSL)
212) Handshake
213) Passive
214) SSL/TLS
215) SSl Record Protocol
216) HTTPS
217) connection
218) SSH
219) Alert Protocol
220) Ephemeral Diffie-Hellman
221) private key
222) 4
223) CipherSpecs
224) Pseudorandom Function (PRF)
225) Local forwarding
226) TRUE
227) TRUE
228) FALSE
229) FALSE
230) TRUE
231) TRUE
232) FALSE
233) FALSE
234) TRUE
235) TRUE
236) FALSE
237) TRUE
238) TRUE
239) TRUE
240) FALSE
241) B
242) D
243) D
244) A
245) A
246) D
247) D
248) D
249) D
250) A
5
Answer Key
Testname: UNTITLED1
251) B
252) A
253) D
254) D
255) C
256) IEEE 802.11i
257) Wireless Application Protocol (WAP)
258) Distribution
259) Wireless Ethernet Compatibility Alliance (WECA)
260) coordination
261) Group Temporal Key (GTK)
262) extended service set (ESS)
263) media access control (MAC)
264) basic service set (BSS)
265) Wi-Fi Protected Access (WPA)
266) secure key delivery
267) pairwise keys
268) 4-way handshake
269) Wireless Application Environment (WAE)
270) gateway
271) TRUE
272) FALSE
273) TRUE
274) TRUE
275) FALSE
276) FALSE
277) FALSE
278) TRUE
279) FALSE
280) TRUE
281) FALSE
282) TRUE
283) FALSE
284) TRUE
285) FALSE
286) D
287) D
288) A
289) B
290) A
291) D
292) A
293) B
294) B
295) D
296) D
297) B
298) C
299) B
300) B
6
Answer Key
Testname: UNTITLED1
301) Pretty Good Privacy (PGP)

302) trust flag byte
303) ZIP
304) radix-64
305) passphrase-based
306) key legitimacy
307) Secure/Multipurpose Internet Mail Extension (S/MIME)
308) Content-Type
309) application
310) quoted-printable
311) base64
313) signed and enveloped data
314) DomainKeys Identified Mail (DKIM)
315) Domain Name System (DNS)
316) TRUE
317) TRUE
318) FALSE
319) TRUE
320) FALSE
321) TRUE
322) TRUE
323) FALSE
324) TRUE
325) FALSE
326) TRUE
327) TRUE
328) FALSE
329) TRUE
330) TRUE
331) D
332) B
333) B
334) C
335) C
336) B
337) D
338) C
339) C
340) D
341) D
342) A
343) A
344) A
345) A
346) confidentiality
347) Tunnel
348) security association database (SAD)
349) encapsulating security payload
350) replay
7
Answer Key
Testname: UNTITLED1
351) HMAC
352) Security Parameters Index (SPI)
353) key management
354) Encapsulating Security Payload
355) IP
356) Local IP Address
357) security association bundle
358) Oakley Key Determination Protocol
359) digital signatures
360) Certificate Request
361) TRUE
362) FALSE
363) TRUE
364) FALSE
365) TRUE
366) TRUE
367) TRUE
368) FALSE
369) TRUE
370) FALSE
371) TRUE
372) TRUE
373) FALSE
374) TRUE
375) FALSE
376) B
377) D
378) A
379) A
380) D
381) A
382) C
383) A
384) A
385) D
386) B
387) D
388) C
389) B
390) B
391) Intrusion detection
392) Statistical anomaly
393) Clandestine user
394) Access control
395) interval timer
396) Intrusion detection
397) Native
398) Rule-based
399) honeypots
400) IETF Intrusion Detection Working Group
8
Answer Key
Testname: UNTITLED1
401) reactive password checking

402) audit
403) Counter
404) Rule-based penetration
405) Bayes' theorem
406) TRUE
407) FALSE
408) TRUE
409) TRUE
410) FALSE
411) TRUE
412) TRUE
413) FALSE
414) TRUE
415) TRUE
416) FALSE
417) TRUE
418) FALSE
419) TRUE
420) TRUE
421) D
422) A
423) D
424) C
425) D
426) A
427) A
428) C
429) A
430) D
431) B
432) B
433) D
434) D
435) D
436) Malicious software
437) independent
438) denial of service (DoS)
439) Parasitic
440) logic bomb
441) adware
442) E-mail
443) payload
444) Generic decryption (GD)
445) mobile program
446) Behavior blocking
447) triggering
448) DDoS
449) Attack detection and filtering
450) Threshold random walk scan detection (TRW)
9
Answer Key
Testname: UNTITLED1
451) TRUE
452) TRUE
453) FALSE
454) TRUE
455) FALSE
456) TRUE
457) TRUE
458) FALSE
459) TRUE
460) FALSE
461) TRUE
462) FALSE
463) TRUE
464) TRUE
465) FALSE
466) B
467) C
468) C
469) D
470) C
471) B
472) B
473) D
474) C
475) B
476) B
477) C
478) B
479) D
480) C
481) firewall
482) behavior
483) double bastion inline
484) forward
485) source routing
486) distributed
487) application proxy
488) stateful inspection
489) circuit level gateway
490) bastion host
491) personal
492) DMZ (demilitarized zone)
493) virtual private network (VPN)
494) Host resident
495) single bastion inline
10

Network Security Essentials Applications and Standards 4e ALL Tests SOLUTIONS AT THE END OF FILE

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Network Security Essentials Applications and Standards 4e ALL Tests SOLUTIONS AT THE END OF FILE

Uploaded by

Copyright:

Available Formats

Exam

6) A loss of confidentiality is the unauthorized modification or destruction of information. 6)

25) The protection of data from unauthorized disclosure is _________ . 25)

27) The prevention of unauthorized use of a resource is __________ . 27)

48) Ciphertext is the scrambled message produced as output. 48)

57) AES uses a Feistel structure. 57)

61) A symmetric encryption scheme has _________ ingredients. 61)

71) A symmetric block cipher processes _________ of data at a time. 71)

87) Also referred to as conventional encryption, secret-key, or single-key encryption, 87)

96) Message encryption alone provides a secure form of authentication. 96)

102) The private key is known only to its owner. 102)

106) ________ protects against passive attack (eavesdropping). 106)

107) The most important hash function is ________ . 107)

115) Public key cryptography is __________ . 115)

138) A session key is destroyed at the end of a session. 138)

157) Kerberos version 4 requires the use of ____________ . 157)

184) Microsoft Explorer originated SSL. 184)

196) The SSL Internet standard version is called _________ . 196)

197) The most complex part of SSL is the __________ . 197)

206) The __________ approach is vulnerable to man-in-the-middle attacks. 206)

209) A Pseudorandom Function takes as input: 209)

226) IEEE 802.11 is a standard for wireless LANs. 226)

231) The DS can be a switch, a wired network, or a wireless network. 231)

276) A means of generating predictable PGP session keys is needed. 276)

279) PGP has a very rigid public-key management scheme. 279)

287) PGP provides authentication through the use of _________ . 287)

294) Video content will be identified as _________ type. 294)

318) Transport mode provides protection to the entire IP packet. 318)

320) Authentication must be applied to the entire original IP packet. 320)

327) IPsec is executed on a packet-by-packet basis. 327)

329) The Security Parameters Index identifies a security association. 329)

331) Authentication applied to the entire original IP packet is _________ . 331)

332) _________ defines a number of techniques for key management. 332)

349) Confidentiality is provided by an encryption format known as __________ . 349)

366) One important element of intrusion prevention is password management. 366)

367) The ID determines the privileges accorded to the user. 367)

371) A weakness of the IDES approach is its lack of flexibility. 371)

376) Software trespass can take the form of a _________ . 376)

408) Malware is another name for Malicious Software. 408)

409) Bot programs are activated by a trigger. 409)

429) The IDEAL solution to the threat of viruses is __________ . 429)

435) Worm propagation proceeds through __________ phases. 435)

455) A firewall may not act as a packet filter. 455)

457) One advantage of a packet filtering firewall is its simplicity. 457)

471) The __________ defines the transport protocol. 471)

476) An important aspect of a distributed firewall configuration is _________ . 476)

301) Pretty Good Privacy (PGP)

401) reactive password checking

You might also like