[SOLVED] information technology
Im studying and need help with a Computer Science question to help me learn.
General questions
- Which of the following are not directly addressed when implementing network security? (Choose two.)
A) Personal safety
B) Physical plant security
C) Evolving business requirements
D) Protection of data
E) Freedom of information initiatives - Select from the following the best definition of security risk analysis:
- Which of the following is considered the first line of defense against human behavior?
A) Policies
B) Cryptography
C) Physical security
D) Business continuity planning - Which of the following is considered a flaw, loophole, oversight, or error that makes the organization susceptible to attack or damage?
A) Risk
B) Vulnerability
C) Exposure
D) Threat - The two methods of encrypting data are
A) Substitution and transposition
B) Block and stream
C) Symmetric and asymmetric
D) DES and AES - The only cipher system said to be unbreakable by brute force is
A) AES
B) DES
C) One-time pad
D) Triple DES - When a user needs to provide message integrity, what options may be the best?
A) Send a digital signature of the message to the recipient
B) Encrypt the message with a symmetric algorithm and send it
C) Create a checksum, append it to the message, encrypt the message, then send it to the recipient
D) Encrypt the message with a private key so the recipient can decrypt with the corresponding public key - Consider the following protocol that involves both RSA public-key operations and DES. Suppose that A has an RSA private key prv(A) and an RSA public key pub(A). Suppose that B has an RSA private key prv(B) and an RSA public key pub(B). Assume both A and B knows each others public key. A wants to send B some message M. A selects random DES key K and send B the following two messages:
- Suppose a user is authenticated based on an ID and password that are supplied by the transmitter in plaintext. Does it make any difference if the password and ID are encrypted?
- You have an issue in your company with users claiming they did not receive e-mail messages, while other users claim they were sent. What PKI component will help you to prove the dates and times of messages sent on the network?
A) Non-Repudiation
B) Encryption
C) Encapsulation
D) Integrity
E) Confidentiality - A certificate authority provides what benefits to a user?
A) Protection of public keys of all users
B) History of symmetric keys
C) Proof of nonrepudiation of origin
D) Validation that a public key is associated with a particular user - All of the following are types of cyber attack, except:
A) A nuclear explosion that knocks out all electronic devices.
B) Spam.
C) Malicious software designed to interrupt services.
D) A flood of computers hacked to disrupt other computers. - If you notice that the number of existing half-open sessions is beginning to rise, what could this indicate? (Select all that apply)
A) Answers
B) Man in the Middle attack
C) Serial Scan
D) IP Spoofing
E) Port Scan
F) DoS attack - DoS attacks exist for which part of the OSI protocol stack?
A) Application and Presentation
B) Session and Transport
C) Network and Data Link
D) All of the above - Consider using DHCP. What are the major security concerns? Indicate the two best answers from the following list.
A) Anyone hooking up to the network can automatically receive a network address.
B) Clients might be redirected to an incorrect DNS address.
C) The network is vulnerable to man-in-the-middle attacks.
D) There are no security concerns with using DHCP.
- Risk analysis looks at the probability that a vulnerability exists in your system.
- Risk analysis looks at the probability that your security measures won’t stop a hacker breaking in to your system.
- Risk analysis determines what resources you need to protect and quantifies the costs of not protecting them.
- Risk analysis looks at the probability that a hacker may break in to your system.
- Risk analysis looks at the consequences of being connected to the Internet.
Cryptography Fundamentals. Public-Key Cryptography and Message Authentication
Key Distribution and User Authentication
— Epub(B)( K, Sigprv(A)(K))
— EK(M)
“E” means encryption and “Sig” means digital signature. Which of the following statement(s) is true? (Choose two.)
(A) Only B can decipher the contents of the message M.
(B) B is certain that the message M is from A.
(C) B can prove to a third party that the message M arrived from A.(D) B cannot decipher the contents of the message M.
(E) B is not certain that the message M is from A.
- If the system authenticates users based on IDs and passwords that are transmitted in plaintext, the system is very insecure.
- If the password and ID are encrypted, the system is definitely more secure than in the plaintext case.
- The intruder can still record the encrypted ID and the corresponding encrypted password. By replaying these, the intruder can gain access to the system.
- None of the above is correct.
Network Vulnerabilities, Attacks and Countermeasures
Please put your answers in the following table.
Multiple Choice Questions |
Answer |
1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 |
|
12 |
|
13 |
|
14 |
|
15 |
Part 2: Short Answers. Please answer briefly and completely.
- Consider the following hashing algorithm. A binary block of length M is divided into subblocks of length 128 bits, and the last block is padded with zeros to a length of 128. The hash consists of the XOR of the resulting 128-bit vectors. Is this algorithm appropriate for encryption? Explain. (16 points)
- Can two network interfaces have the same IP address? Why or why not? (12 points)
- Alan and Bill agree (through a public exchange) on using the Diffie-Hellman algorithm to create a common secret key.They also agree on two public numbers: q (large prime number), a (generator mod q):q = 13, a = 3
Alan generates a random RA =11.
Bill generates a random RB =13.
- What is the SA Alan sends to Bill ?(i.e.SA =?(3 points)
- What is the SBBill sends to Alan? (i.e.SB =?(3 points)
- Show how Alan can calculate to obtain a common secret key.What is the common secret key? (3 points)
- Show how Bill can calculate to obtain a common secret key. What is the common secret key? (3 points)
Note you need to show the calculation procedures step by step in (a)-(d).