ITN 262 COMPLETE FINAL EXAM LATEST UPDATE

ITN 262 COMPLETE FINAL EXAM LATEST UPDATE True or False? Crypto techniques originally focused on confidentiality. - ANSWER True Which of the following security protections is used to prevent passive attacks? - ANSWER Confidentiality We use cryptography to apply all of the following protections to network traffic, except: - ANSWER reliability True or False? Eavesdropping without interfering with communications would be considered a passive attack. - ANSWER True True or False? A network attack in which someone forges network traffic would be considered an active attack. - ANSWER True When we place crypto in different protocol layers, we often balance two important properties: - ANSWER application transparency and network transparency. Wireless Protected Access, version 2 (WPA2.) falls under: - ANSWER 802.11. We are trying to protect our traffic as much as possible from sniffing. To minimize the risk, should we encrypt as much of our packets as possible, including headers? - ANSWER Yes, because plaintext headers open our network messages to traffic analysis. In typical applications, does SSL provide application transparency? - ANSWER No, because the SSL software is traditionally integrated into the application software package and is not supported unless the application specifically provides it. Virtual private networking is used primarily for encrypting: - ANSWER a connection between two sites across the internet. Secure Sockets Layer (SSL) has been replaced by: - ANSWER Transport Layer Security (TLS). The principal application of IPsec is: - ANSWER virtual private networking. Which of the following network protocols typically provide application transparency? Select all that apply. - ANSWER a) Wi-Fi Protected Access b) IPsec True or False? Encryption works against traffic filtering, because the filtering process can't detect malicious content in encrypted packets. - ANSWER True True or False? We clearly need to use encryption if we wish to protect against sniffing. - ANSWER True __________ rely on traffic analysis when the defenders use encryption that is too difficult to attack. - ANSWER Attackers Producing one encryption key for each cryptonet or communicating pair and distributing that key to the appropriate endpoints is called: - ANSWER manual keying. True or False? When replacing crypto keys, they must be all replaced 1 month at a time. - ANSWER False True or False? In manual keying, two encryption keys are produced for each cryptonet or communicating pair and those keys are distributed to the appropriate endpoints. - ANSWER False True or False? Self-rekeying transforms an existing encryption key into a new one using a pseudorandom number generator. - ANSWER True The process of transforming an existing key into a new one is called: - ANSWER self-rekeying. Associate the following concepts with the appropriate secret-key building blocks. - ANSWER Key wrapping Build a unique TEK from nonces and a secret - ANSWER Shared secret hashing Shares a separate KEK with each registered user - ANSWER Key distribution center True or False? The Key Distribution Center (KDC) greatly simplifies key management. Each host must establish multiple "KDC keys" that it shares with the KDC. - ANSWER False Why do protocols like IKE and SSL exchange nonces as part of their key creation/exchange protocol? Select all that apply. - ANSWER c) New nonce values should make it impossible for an attacker to replay a previous set of messages and force the connection to reuse a previous key. b) If the nonces are always different, then the protocol yields a different result each time it takes place. A protocol that establishes security associations (SAs) between a pair of hosts is: - ANSWER Internet Key Exchange (IKE ). True or False? You can wrap a secret key with RSA. - ANSWER True Bob and Alice want to construct a shared secret key using Diffie-Hellman. Which components will Bob use to construct the shared secret? - ANSWER Alice's public key and Bob's private key Bob and Alice want to construct a shared secret key using RSA. Which of the following components must Bob use to share the secret with Alice? - ANSWER Alice's public key alone Which of the following are requirements of secret-key cryptography? Select all that apply. - ANSWER c) Reliable key revocation a) Lower computing resources required than public-key algorithms d) Trustworthy central servers We are trying to decide between a public-key and a secret-key cryptographic solution. Which of the following criteria would encourage us to choose the public-key solution? Select all that apply best to public-key cryptography. - ANSWER a) The system can apply a lot of computational power to cryptographic operations. e) Attackers should not be able to penetrate the whole system simply by attacking a critical crypto server. c) The process of adding new users must be easy to delegate. We are trying to decide between a public-key and a secret-key cryptographic solution. Which of the following criteria would encourage us to choose the secret-key solution? Select all that apply best to secret-key cryptography. - ANSWER d) The system will always be limited to a small user community. f) When someone loses the privilege to access the system, we must be able to revoke their access rights immediately. b) We are providing the service to an established user community whose members are already identified. Encrypting "above the stack": - ANSWER c) means applying cryptography at the top of the application layer or above the network protocol stack and provides network transparency. In an SSL data packet, the field that indicates whether the packet carries data, an alert message, or is negotiating the encryption key is: - ANSWER d) content type. Secure Sockets Layer (SSL): - ANSWER b) may display a padlock on a Web page to indicate SSL protection. Handshake protocol - ANSWER Establishes the shared secret and the keys to be used to protect SSL traffic Record protocol - ANSWER Transfers information using a