Network Security Essentials Applications and Standards 5th Edition By Willaim Stallings

To Purchase this Complete Test Bank with Answers Click the link Below

https://tbzuiqe.com/product/network-security-essentials-applications-and-standards-5th-edition-by-willaim-stallings-test-bank/

If face any problem or Further information contact us At tbzuiqe@gmail.com

Sample Test

Chapter 3: Public-Key Cryptography and Message Authentication

TRUE OR FALSE

T F 1. Public key algorithms are useful in the exchange of conventional

encryption keys.

T F 2. Private key encryption is used to produce digital signatures which

provide an enhanced form of message authentication.

T F 3.  The strength of a hash function against brute-force attacks

depends solely on the length of the hash code produced by the

algorithm.

T F 4. The two important aspects of encryption are to verify that the

contents of the message have not been altered and that the source

is authentic.

T F 5. In the ECB mode of encryption if an attacker reorders the blocks of

ciphertext then each block will still decrypt successfully, however,

the reordering may alter the meaning of the overall data sequence.

T F 6. Message encryption alone provides a secure form of authentication.

T F 7. Because of the mathematical properties of the message

authentication code function it is less vulnerable to being broken

than encryption.

T F 8. In addition to providing authentication, a message digest also

provides data integrity and performs the same function as a frame

check sequence.

T F 9. Cryptographic hash functions generally execute slower in software

than conventional encryption algorithms such as DES.

T F 10. The main advantage of HMAC over other proposed hash based

schemes is that HMAC can be proven secure, provided that the

embedded hash function has some reasonable cryptographic

strengths.

T F 11. Public key algorithms are based on mathematical functions rather

than on simple operations on bit patterns.

T F 12. The private key is known only to its owner.

T F 13.  The security of the Diffie-Hellman key exchange lies in the fact

that, while it is relatively easy to calculate exponentials modulo a

prime, it is very easy to calculate discrete logarithms.

T F 14. The key exchange protocol is vulnerable to a man-in-the-middle

attack because it does not authenticate the participants.

T F 15. Even in the case of complete encryption there is no protection of

confidentiality because any observer can decrypt the message by

using the sender’s public key.

MULTIPLE CHOICE

1. ________ protects against passive attacks (eavesdropping).

1. Obfuscation   B. Encryption

1. SCR   D. Message authentication

2. The most important hash function is ________ .

1. MAC   B. SHA

1. OWH   D. ECB

3. __________ is a procedure that allows communicating parties to verify that received messages are authentic.

1. ECB   B. Message authentication

1. Passive attack   D. Encryption

4. If the message includes a _________ the receiver is assured that the message has not been delayed beyond that normally expected for network transit.

1. sequence number   B. shared key

1. error detection code   D. timestamp

5. The purpose of a ___________ is to produce a “fingerprint” of a file, message, or other block of data.

1. hash function   B. public key

1. message authentication   D. cipher encryption

6. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). A hash function with this property is referred to as __________ .

1. collision resistant   B. preimage resistant

1. one-way   D. weak collision resistant

7. “It is easy to generate a code given a message, but virtually impossible to generate a message given a code” describes the __________ hash function property.

1. second preimage resistant   B. preimage resistant

1. strong collision resistant   D. collision resistant

8. The __________ property protects against a sophisticated class of attack known as the birthday attack.

1. preimage resistant   B. one-way

1. collision resistant   D. second preimage resistant

9. Secure Hash Algorithms with hash value lengths of 256, 384, and 512 bits are collectively known as _________ .

1. SHA-0   B. SHA-3

1. SHA-2   D. SHA-1

10. Public key cryptography is __________ .

1. bit patterned   B. one key

1. symmetric   D. asymmetric

11. The readable message or data that is fed into the algorithm as input is the __________ .

1. ciphertext   B. plaintext

1. encryption algorithm   D. private key

12. The key used in conventional encryption is typically referred to as a _________ key.

1. secondary   B. primary

1. cipher   D. secret

13. The most widely accepted and implemented approach to public-key encryption, _________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n – 1 for some n.

1. MD5   B. RSA

1. SHA   D. CTR

14. The purpose of the _________ algorithm is to enable two users to exchange a secret key securely that then can be used for subsequent encryption of messages and depends on the difficulty of computing discrete logarithms for its effectiveness.

1. Diffie-Hellman   B. RSA

1. DSS   D. Rivest-Adleman

15. Based on the use of a mathematical construct known as the elliptic curve and offering equal security for a far smaller bit size, __________ has begun to challenge RSA.

1. DSS   B. TCB

1. RIPE-160   D. ECC

SHORT ANSWER

1. Protection against active attacks (falsification of data and transactions) is known

as ___________ .

2. The __________ property is the “one-way” property and is important if the

authentication technique involves the use of a secret value.

3. The __________ approach has two advantages: it provides a digital signature as well

as message authentication and it does not require the distribution of keys to

communicating parties.

4. Like the MAC, a __________ accepts a variable size message M as input and produces

a fixed size message digest H(M) as output. Unlike the MAC, it does not take a

secret key as input.

5. The __________ property guarantees that it is impossible to find an alternative

message with the same hash value as a given message, thus preventing forgery

when an encrypted hash code is used.

6. As with symmetric encryption, there are two approaches to attacking a secure

hash function: brute-force attack and ___________ .

7. The two most widely used public key algorithms are RSA and _________ .

8. The _________ was developed by NIST and published as a federal information

processing standard in 1993.

9. __________ is a term used to describe encryption systems that simultaneously

protect confidentiality and authenticity (integrity) of communications.

10. The key algorithmic ingredients of __________ are the AES encryption algorithm,

the CTR mode of operation, and the CMAC authentication algorithm.

11. The __________ algorithm accepts the ciphertext and the matching key and

produces the original plaintext.

12. A __________ is when the sender “signs” a message with its private key, which is

achieved by a cryptographic algorithm applied to the message or to a small

block of data that is a function of the message.

13. A _________ is when two sides cooperate to exchange a session key.

14. Using an algorithm that is designed to provide only the digital signature

function, the _________ makes use of the SHA-1 and cannot be used for encryption

or key exchange.

15. Bob uses his own private key to encrypt the message. When Alice receives the

ciphertext she finds that she can decrypt it with Bob’s public key, thus proving

that the message must have been encrypted by Bob. No one else has Bob’s

private key and therefore no one else could have created a ciphertext that could

be decrypted with Bob’s public key. Therefore the entire encrypted message

serves as a _________ .

Chapter 3: Public-Key Cryptography and Message Authentication

TRUE OR FALSE

1. T

2. F

3. T

4. F

5. T

6. F

7. T

8. T

9. F

10. T

11. T

12. T

13. F

14. T

15. T

MULTIPLE CHOICE

1. B

2. B

3. B

4. D

5. A

6. A

7. B

8. C

9. C

10. D

11. B

12. D

13. B

14. A

15. D

SHORT ANSWER

1. message authentication

2. preimage resistant

3. public-key

4. hash function

5. second preimage resistant

6. cryptanalysis

7. Diffie-Hellman

8. Secure Hash Algorithm (SHA)

9. Authenticated encryption

10. CCM

11. decryption

12. digital signature

13. key exchange

14. Digital Signature Standard (DSS)

15. digital signature

Chapter 4: Key Distribution and User Authentication

TRUE OR FALSE

T F 1. For symmetric encryption to work the two parties to an exchange

must share the same key, and that key must be protected from

access by others.

T F 2. It is not necessary for a certification authority to maintain a list of

certificates issued by that CA that were not expired but were

revoked.

T F 3.  A session key is destroyed at the end of a session.

T F 4. Kerberos relies exclusively on asymmetric encryption and makes

use of public key encryption.

T F 5.   The automated key distribution approach provides the flexibility

and dynamic characteristics needed to allow a number of users to

access a number of servers and for the servers to exchange data

with each other.

T F 6.  If an opponent captures an unexpired service granting ticket and

tries to use it they will be denied access to the corresponding

service.

T F 7.  The ticket-granting ticket is encrypted with a secret key known

only to the authentication server and the ticket granting server.

T F 8.  If the lifetime stamped on a ticket is very short (e.g., minutes) an

opponent has a greater opportunity for replay.

T F 9. Kerberos version 4 did not fully address the need to be of general

purpose.

T F 10.  One of the major roles of public-key encryption is to address the

problem of key distribution.

T F 11. It is not required for two parties to share a secret key in order to

communicate securely with conventional encryption.

T F 12. X.509 is based on the use of public-key cryptography and digital

signatures.

T F 13.  User certificates generated by a CA need special efforts made by

the directory to protect them from being forged.

T F 14. The principal underlying standard for federated identity is the

Security Assertion Markup Language (SAML) which defines the

exchange of security information between online business partners.

T F 15.  Federated identity management is a concept dealing with the use

of a common identity management scheme across multiple

enterprises and numerous applications and supporting many

thousands, even millions, of users.

MULTIPLE CHOICE

16. A _________ is a key used between entities for the purpose of distributing session keys.

1. A)  permanent key   B)  key distribution center

1. C)  symmetric key  D)  session relay key

2. The __________ knows the passwords of all users and stores these in a centralized database and also shares a unique secret key with each server.

1. A)  authentication server   B)  key distribution server

1. C)  management server   D)  ticket server

3. Once the authentication server accepts the user as authentic it creates an

encrypted _________ which is sent back to the client.

1. A)  password   B)  key

1. C)  access code  D)  ticket

4. In order to solve the problem of minimizing the number of times that a user

has to enter a password and the problem of a plaintext transmission of the

password a __________ server is used.

1. A)  ticket granting   B)  password ciphering

1. C)  access code   D)  authentication

5. In order to prevent an opponent from capturing the login ticket and reusing it to spoof the TGS, the ticket includes a __________ indicating the date and time at which the ticket was issued.

1. validation   B. certificate

1. timestamp   D. realm

6. A ___________ is a service or user that is known to the Kerberos system and is identified by its principal name.

1. Kerberos key   B. Kerberos ticket

1. Kerberos principal   D. Kerberos realm

7. Kerberos version 4 requires the use of a(n) ____________ .

1. IP address   B. Ethernet link address

1. ISO network address   D. MAC address

8. Encryption in version 4 makes use of a nonstandard mode of DES known as ___________ .

1. KDC   B. CBC

1. PCBC   D. PKI

9. A random value to be repeated to assure that the response is fresh and has not been replayed by an opponent is the __________ .

1. nonce   B. option

1. rtime   D. realm

10. Used in most network security applications, the __________ standard has become universally accepted for formatting public-key certificates.

1. IETF   B. X.905

1. PKIX   D. X.509

11. Containing the hash code of the other fields encrypted with the CA’s private key, the __________ covers all of the other fields of the certificate and includes the signature algorithm identifier.

1. extension   B. signature

1. issuer unique identifier   D. subject unique identifier

12. The _________ extension lists policies that the certificate is recognized as supporting, together with optional qualifier information.

1. policy mappings   B. directory attribute

1. certificate policies   D. authority key identifier

13. _________ are entities that obtain and employ data maintained and provided by identity and attribute providers, which are often used to support authorization decisions and to collect audit information.

1. Federations   B. Principals

1. CAs   D. Data Consumers

14. An __________ manages the creation and maintenance of attributes such as passwords and biometric information.

1. attribute service   B. authenticator

1. identity provider   D. authorizing agent

15. __________ is a centralized, automated approach to provide enterprise wide access to resources by employees and other authorized individuals, with a focus of defining an identity for each user, associating attributes with the identity, and enforcing a means by which a user can verify identity.

1. Registration authority   B. Federated managing authority

1. Identity management   D. PKIX management

SHORT ANSWER

1. The strength of any cryptographic system rests with the _________ technique, a

term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key.

2. A __________ indicates the length of time for which a ticket is valid (e.g., eight hours).

3. When two end systems wish to communicate they establish a logical connection and, for the duration of that logical connection, all user data are encrypted with a one-time __________ which is destroyed at the end of the session.

4. After determining which systems are allowed to communicate with each other and granting permission for the two systems to establish a connection, the _________ provides a one-time session key for that connection.

5. Rather than building elaborate authentication protocols at each server, _________ provides a centralized authentication server whose function is to authenticate users to servers and servers to users.

6. A __________ server issues tickets to users who have been authenticated to the authentication server.

7. A __________ is a set of managed nodes that share the same Kerberos database which resides on the Kerberos master computer system that is located in a physically secure room.

8. Kerberos version 5 defines all message structures by using __________ and Basic Encoding Rules (BER), which provide an unambiguous byte ordering.

9. The technical deficiencies of Kerberos version 4 are: double encryption, PCBC encryption, session keys and __________ .

10. A _________ is the client’s choice for an encryption key to be used to protect this specific application session.

11. A _________ consists of a public key plus a user ID of the key owner, with the whole block signed by a trusted third party which is typically a CA that is trusted by the user community.

12. __________ defines a framework for the provision of authentication services by the X.500 directory to its users and defines alternative authentication protocols based on the use of public-key certificates.

13. The _________ exentsion is used only in certificates for CAs issued by other CAs and allows an issuing CA to indicate that one or more of that issuer’s policies can be considered equivalent to another policy used in the subject CAs domain.

14. With a principal objective of enabling secure, convenient and efficient acquisition of public keys, __________ is the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography.

15. __________ is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, thereby reducing the number of authentications needed by the user.

Chapter 4: Key Distribution and User Authentication

TRUE OR FALSE

16. T

17. F

18. T

19. F

20. T

21. F

22. T

23. F

24. T

25. T

26. F

27. T

28. F

29. T

30. T

MULTIPLE CHOICE

16. A

17. A

18. D

19. A

20. C

21. C

22. A

23. C

24. A

25. D

26. B

27. C

28. D

29. A

30. C

SHORT ANSWER

1. key distribution

2. lifetimsession key

3. key distribution center (KDC)

4. Kerberos

5.  ticket-granting

6. Kerberos realm

7. Abstract Syntax Notation One (ASN.1)

8. password attacks

9. subkey

10. (public-key) certificate

11. 509

12. policy mappings

13. public-key infrastructure (PKI)

14. Federation

Search This Blog

Test Banks 1

Network Security Essentials Applications and Standards 5th Edition By Willaim Stallings – Test Bank

Sample Test

Comments

Post a Comment

Popular posts from this blog

Pharmacology For Canadian Health Care Practice 3rd Edition By Linda Lane Lilley – Test Bank

Memory Foundations And Applications 2nd Edition By Bennett L. Schwartz – Test Bank

Operations And Supply Chain Management 14 Edition By Jacobs – Test Bank