Computer network security quiz 2

The principal object of a hash function is ______

A. data integrity

B. Compression

C. Collision resistance

D. mapping messages

Data integrity

A _______ accepts a variable length block of data as input and produces a fixed size hash value h = H(M)

A. hash resistance

B. hash value

C. hash function

D. hash code

Hash function

A _______ is an algorithm for which it is computationally infeasible to find either (a) a data object that maps to a pre0specificed hash result or (b) two data objects that map to the same hash result

A. cryptographic hash function

B. strong collision resistance

C. one way hash function

D. compression function

Cryptographic hash function

Kerberos relies exclusively on ______

A. symmetric encryption

B. asymmetric encryption

C. private key encryption

D. public key encryption

symmetric encryption

Authentication applied to all of the packet except for the IP header is _____

A. tunnel mode

B. transport mode

C. association mode

D. security mode

tunnel mode

______ consists of an encapsulating header and trailer used to provide encryption or combined encryption authentication

A. SPI

B. ESP

C. ISA

D. IPsec

IPsec

IPsec provides secure key exchange using _____ algorithm

A. Diffie-hellman

B. hash algorithm

C. encryption

D. key exchange

Diffie-hellman

IDS detection methods are

A. signature based

B. anomaly based

C. physical IDS

D. all of the above

all of the above

A ______ firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet

A. host based

B. packet filtering

C. distributed

D. stateful inspection

Packet filtering

A ______ consists of a set of computers that interconnect by means of a relatively unsecure network and that make use of encryption and special protocols to provide security

A. virtual private network

B. bastion host

C. circuit level gateway

D. stateful inspection

virtual private network

______ would be the most cost effectiv3e method of providing a secure connection between two corporate networks

A> remote access VPN using IPSec

B. frame relay

C. site to site VPN

D. cisco mobility clientless

Site to site VPN

Which is a requirement of a site to site VPN

A. it requires a client/server architecture

B. it requires the placement of a VPN server at the edge of the company network

C. it requires hosts to use VPN client software to encapsulate traffic

D. it requires a VPN gateway at each end of the tunnel to encrypt traffic

it requires a VPN gateway at each end of the tunnel to encrypt traffic

______ provides secure, remote logon and other secure client/server facilities

A. TLS

B. SLP

C. HTTPS

D. SSH

SSH

______ ACL identifies traffic on source address, destination address and protocol

A. standard

B. extended

C. named

standard

A message authentication code (MAC) function is similar to encryption. What is the one difference between MAC and encryption algorithms, in terms of decryption?

The MAC algorithm needs not to be reversible, as it must be for decryption

Briefly describe what an access control list and interpret the following access rules

ACLs are rule based lists that are used by switches and routers to identify traffic based on characteristics such as source address, destination address and port number. Once identified, the switch or router can filter the traffic

10 permit tcp any host 192.168.20.50 eq www

rule number 10 permits tcp traffic from any source ip to destination host address of 192.168.20.50 for web traffic on port 80

20 deny tcp 192.168.10.00 192.168.20.50 eq ftp

rule number 10 denies tcp traffic from any source ip to destination host address of 192.168.20.50 for ftp traffic on port 21

10.10.10.05 any 192.168.2.0 80 allow

allow traffic from source ip address 10.10.10.05 to destination ip address 192.168.2.0 for web traffic on port 80 (WWW)

any any 10.10.10.4 7 deny

deny any traffic from anu source ip address to destination ip address 10.10.10.4 on port 7

10.10.10.10.05 any any any deny

deny any traffic from source ip address 10.10.10.05 to any destination ip address on any port

To allow confidential access to web sites using HTTPS, web browsers most often use:

A. IPSEC

B. TLS

C. MD5

D. SSH

TLS

It is possible to use a hash function but no encryption for message authentication

True or false

True

The principal feature of IPsec is that it can only encrypt and or authenticate all traffic at the IP level

True or false

true

Packet filters tend to be more secure than application level gateways

True or false

false

There is an allow everything (implicit Deny) rule at the bottom of every ACL

True or false

True

The primary function of a circuit level firewall is a TCP handshake

True or false

true

Give an example of an ACL extended rule set

Giving a IP address or traffic from source the ability to transmit the destination address from 99-199

Allow the HR computer (source IP address: 10.18.255.10) to have HTTPS (port #443) access only to the Administrative server 2 (destination IP address: 10.18.255.101) using TCP protocol

10.18.255.10 TCP 10.18.255.101 port 443

Deny the payroll computer (source IP: 10.18.255.11) to communicate with server 1 over ftp (port #22) using TCP protocol

deny 10.18.255.11 TCP server 1 port 22

What component in the internet mail architecture is responsible for formatting a message and submitting it into the message handling system (MHS)?

The message user agent (MUA)

What is the role of the message transfer agent (MTA)

Relays mail from one application level hop, makes routing assessments, and moves the message closer to the recipient

Which agent accepts a message from the MUA and enforces the policies of the hosting domain?

The mail submission agent (MSA)

What are the two common protocols used by an MUA to retrieve messages from a remote Message store (MS)

POP (post office protocol) and IMAP (internet message access protocol)

What is the primary protocol used to move messages through the internet from source to destination between mail servers?

Simple mail transfer protocol (SMTP)

Which protocol is an extension to the RFC 5322 framework that address SMTP limitations like transmitting binary files and multimedia

Multipurpose internet mail extensions (NIME)

Which SMTP security extension enables confidentiality and authenntication by running SMTP over transport layer security (TLS)

STARTTLS

What is the key difference between POP3 and IMAP regarding mail access?

POP3 allows the client to download an email from the server, IMAP enables the client to access mail on the email server

Name one of the limitations of SMTP that MIME helps to resolve

SMTP cannot transmit executable files or other binary objects, or it may reject mail messages over a certain size

A security threat that could result in unauthorized modification of email content is classified as what type of threat?

Integrity threat

A threat that could result in the unauthorized disclosure of sensitive information is what kind of threat?

Confidentiality threat

What two schemes stand out as approaches for providing authentication and confidentiality in email

Pretty good privacy (PGP) and S/MIME (secure/multipurpose internet mail extensions)

What is the primary method S/MIME uses to provide authentication

digital signature

Describe the S/MIME process for providing message confidentiality

The message is encrypted using symmetric content encryption key, and then the key is encrypted using the recipients public key

What security protocol provides authentication and integrity protection of DNS data, and is used by various email security protocols?

DNS security extensions (DNSSEC)

What protocol provides an alternative channel for authenticating public keys by using DNSSEC to overcome problems with the traditional certificate authority system

DNS based authenticaiton of named entities (DANE)