COMP4337/9337 Securing Fixed and Wireless Networks
Advanced Encryption Standard (AES) is a a. Hybrid Encryption b. Symmetric Encryption c. Asymmetric Encryption
An individuals private key is known only to them and the person with whom they are communicating.
Digital Signature is used to append your personal signature to a message such as email.
Copyright By Assignmentchef assignmentchef
SHA-256 is an hash algorithm.
a. For encryption of channel b. Generating Hash c. Decrypting messages
Use of public Key is usually much faster than symmetric key.
A block cipher breaks data into block and then encrypts one bit at a time.
Brute force decryption (trying each key) takes few secs on DES, while it takes ___ for AES. a.One month b. One vear c. One hundred years d. More than 50 Trillion years
HMAC uses a secret key in conjunction with hash function to a. Encrypt the entire message b. Produce a
message digest C. Both encrypt the message and produce a digest Q4
If a message is encrypted, it guarantees its integrity.
If you change 1 bit in input, a hash function would change
a. None of the digest bits b. 25% of digest bits c. 50% of digest bits d. 10% of digest bits
In cipher block chaining, if the input block gets repeated, it will produce a different ciphertext.
Internet checksum provides a robust hash for security.
Symmetric kevs are much faster than RSA.
The AES confidentiality mode Electronic Codebook (ECB)
a. Split plaintext into blocks, encrypt each one separately using the block cipher.
b. Split plaintext into blocks, XOR each block with the result of encrypting previous blocks. X
Which of the following is the latest hash function standard? a. MD-5 b. RIPEMED c. SHA-3
A Stream Cipher encrypts each bit by XOR -ing it with a bit from the key stream.
A Temporal Key Integrity Protocol (TKIP) does NOT use _____ in a cryptographic mixing function. a A temporal kev b. The transmitter MAC address c. The receiver MAC address d. A sequence
counter/Initialisation Vector
In WEP protocol Integrity Check Value (ICV) is calculated using a. HMAC b. MD5 C SHA-1 d CRC-32
In WEP protocol, the initialisation vector (IV) in encrypted before being sent to the receiver.
Select the correct option. The Fluhrer, Matin and Shamir (FMS) attack exploits the weakness in: a. AES b. DES C. RC4 d. RSA
The Diffie-Hellman key exchange requires Alice to send her public key to Bob at the start of communication.
The Public Key Cryptography requires both a sender and a receiver to agree upon a shared key.
The Stream cipher RC4 has been attacked as it produces somewhat predictable starting bits.
The Wired Equivalent Privacy (WEP) protocol is frequently used these days due to its strong security features.
Which of the following is not an asymmetric encryption scheme? a. RSA b. Diffie Hellman C. d. RC4
A Kerberos authentication server stores a. Password of all clients b. Hash of password of all clients c. A pre-negotiated shared Key d. All of above
A Kerberos realm requires a Master database on a central Server. A read/write copy can be replicated on other servers.
Digital certificates issued by a CA is encrypted with CAs private Key.
DNSSec provides security to the original DNS protocol. Recent study shows that a vast majority of domains use DNSSec
PGP provides option to encrypt messages
PKI uses key revocation mechanism to issue a new key to a client.
Public Key Cryptography is useful in establishing a shared session key between two parties. If two parties can trust each others public key. Consider a scenario, Alice encrypts a shared key with her private key and sends it to Bob. Now Bob can retrieve the shared key sent by Alice using, a. Alices Private Kev b. Alices Public Key C. Bobs Public Key d. Bobs Private Key
Select the correct option. Last two messages in SSL handshake include MAC of all handshake message.
A This allows MiTM to insert. stronger crypto algorithms. b. This prevents MiTM to delete stronger crypto
algorithms. C. This prevents a Sybil attack. d. All of above
SSL uses sequence number to stop the following attack. a.Replay b. Relay c. SYN Flood d. Stripping
Web of trust is an alternative to public key infrastructure where two parties A and B sign each others security certificates mediated by a registrar.
The Tor circuit established between the client/OP and the exit node is encrypted.
In Tunnel Mode, end hosts behind a firewall need to create IPSec header. a. True b. False
I2P uses the same onion-based encryption as the Tor network. a. True b. False
In a ToR network, a commercial relay hides your identity from the websites that you visit. a.True b. False
The rendezvous point (RP) is set up by a Tor hidden service to advertise its services. a. True b. False
IPSec sequence number prevents an attacker from sniffing and replaying a packet. a. True b. False
Secure Transport layer protocol such as TLS hides IP address of a sender from an eavesdropper. a. True b. False
Consider sending a stream of packets from host A to host B using IPsec. Typically, a new SA will be established for each packet sent in the stream. (Select One)
a. True b. False
Which hash algorithms can be used in IKE Authentication process?
a. Deffie-Hellman b. ECDSA C. Secure Hash Algorithm ( SHA variants) d. ISAKMD
Triple-A servers e.g. a Radius Server and an Authenticator are configured with a shared secret. a.True b. False
The Authentication Server (AS) is typically connected to Access Point (Authenticator) via a wired network a.True b. False
In EAP exchange, a Supplicant needs to send one of the following information
a. Its password b. Hash of its password c. A newly generated Key d. Own IP address
In Port based authentication, a user must authenticate to a layer 2 device such as switch they are connected to.
a.True b. False
For WLAN, a device sends EP message to an authenticator using the following protocol a EAP over LAN b.
EAP over WAN c. UDP/Ip d. TCP/P
When a new supplicant is connected to an authenticator, the port on the switch/wireless AP (authenticator) is enabled and set to the authorised state.
a. True b. False
Which of the following is not used as Authentication server that checks the credentials of a supplicant a. Kerberos Server b. LDAP Server c. Active Directory Server d. SMTP Server
It is impossible for an Authentication Server to be co-located with an AP. a. True b. False
Which of the following action is invalid if you are running snort in the IDS mode? a. Log b. Alert c. Drop d. None of the other options
Snort is an open-source software that can operate in which of the following modes? a. Firewall b IDS c. IPS
d. All of the other options
In DNS exfiltration. data is encoded and added in the subdomain part of an attackers owned domain name a.True b. False
A _ firewall keeps track of network sessions (connections) between internal and external devices. a. Stateless b. Stateful C. Both stateless and stateful d. None of the other options
An anomaly-based IDS produces a higher rate of _ as compared with a rule-based IDS. a. False positives b. False negatives
What is the unauthorized movement of data?
a. Data cracking b. Data exfiltration C. Database hacking d. None of the given options
Packet filtering firewalls admit or drop packets on the basis of
a. IPs (source and destination) b. Direction (inbound or outbound) C. Services (Port Nos) d. All of the other
options Q8
What happens if a packet matches an entry in an Access Control List for your firewall?
a. The matching process stops, and the firewall takes the action specified in the matched rule. b. The firewall continues matching the remaining entries in the Access Control List looking for a more specific match c. None of the above 1
A stateless packet filtering firewall operates only at the network layer. a. True b. False
A network-based intrusion detection system (NIDS) examines all processes running on individual devices operating on the network. a. True b. False
DNS exfiltration is a type of volumetric attack such as distributed denial of service (DoS) attack. a. True b. False
The order of entries (rules) in an Access Control List (ACL) does not matter. a. True b. False
CS: assignmentchef QQ: 1823890830 Email: [email protected]
Reviews
There are no reviews yet.