ITN 262 EXAM REVISION QUESTIONS WITH
CORRECT ANSWERS.
True or False? Crypto techniques originally focused on confidentiality.
True
Which of the following security protections is used to prevent passive attacks?
Confidentiality
We use cryptography to apply all of the following protections to network traffic, except:
reliability
True or False? Eavesdropping without interfering with communications would be
considered a passive attack.
True
True or False? A network attack in which someone forges network traffic would be
considered an active attack.
True
When we place crypto in different protocol layers, we often balance two important
properties:
application transparency and network transparency.
Wireless Protected Access, version 2 (WPA2.) falls under:
802.11.
We are trying to protect our traffic as much as possible from sniffing. To minimize the risk,
should we encrypt as much of our packets as possible, including headers?
Yes, because plaintext headers open our network messages to traffic analysis.
In typical applications, does SSL provide application transparency?
,No, because the SSL software is traditionally integrated into the application software package
and is not supported unless the application specifically provides it.
Virtual private networking is used primarily for encrypting:
a connection between two sites across the internet.
Secure Sockets Layer (SSL) has been replaced by:
Transport Layer Security (TLS).
The principal application of IPsec is:
virtual private networking.
Which of the following network protocols typically provide application transparency?
Select all that apply.
a) Wi-Fi Protected Access
b) IPsec
True or False? Encryption works against traffic filtering, because the filtering process
can't detect malicious content in encrypted packets.
True
True or False? We clearly need to use encryption if we wish to protect against sniffing.
True
__________ rely on traffic analysis when the defenders use encryption that is too difficult to
attack.
Attackers
Producing one encryption key for each cryptonet or communicating pair and distributing
that key to the appropriate endpoints is called:
manual keying.
True or False? When replacing crypto keys, they must be all replaced 1 month at a time.
, False
True or False? In manual keying, two encryption keys are produced for each cryptonet or
communicating pair and those keys are distributed to the appropriate endpoints.
False
True or False? Self-rekeying transforms an existing encryption key into a new one using a
pseudorandom number generator.
True
The process of transforming an existing key into a new one is called:
self-rekeying.
Associate the following concepts with the appropriate secret-key building blocks.
Key wrapping
Build a unique TEK from nonces and a secret
Shared secret hashing
Shares a separate KEK with each registered user
Key distribution center
True or False? The Key Distribution Center (KDC) greatly simplifies key management.
Each host must establish multiple "KDC keys" that it shares with the KDC.
False
Why do protocols like IKE and SSL exchange nonces as part of their key
creation/exchange protocol? Select all that apply.
c) New nonce values should make it impossible for an attacker to replay a previous set of
messages and force the connection to reuse a previous key.
b) If the nonces are always different, then the protocol yields a different result each time it takes
place.
A protocol that establishes security associations (SAs) between a pair of hosts is:
CORRECT ANSWERS.
True or False? Crypto techniques originally focused on confidentiality.
True
Which of the following security protections is used to prevent passive attacks?
Confidentiality
We use cryptography to apply all of the following protections to network traffic, except:
reliability
True or False? Eavesdropping without interfering with communications would be
considered a passive attack.
True
True or False? A network attack in which someone forges network traffic would be
considered an active attack.
True
When we place crypto in different protocol layers, we often balance two important
properties:
application transparency and network transparency.
Wireless Protected Access, version 2 (WPA2.) falls under:
802.11.
We are trying to protect our traffic as much as possible from sniffing. To minimize the risk,
should we encrypt as much of our packets as possible, including headers?
Yes, because plaintext headers open our network messages to traffic analysis.
In typical applications, does SSL provide application transparency?
,No, because the SSL software is traditionally integrated into the application software package
and is not supported unless the application specifically provides it.
Virtual private networking is used primarily for encrypting:
a connection between two sites across the internet.
Secure Sockets Layer (SSL) has been replaced by:
Transport Layer Security (TLS).
The principal application of IPsec is:
virtual private networking.
Which of the following network protocols typically provide application transparency?
Select all that apply.
a) Wi-Fi Protected Access
b) IPsec
True or False? Encryption works against traffic filtering, because the filtering process
can't detect malicious content in encrypted packets.
True
True or False? We clearly need to use encryption if we wish to protect against sniffing.
True
__________ rely on traffic analysis when the defenders use encryption that is too difficult to
attack.
Attackers
Producing one encryption key for each cryptonet or communicating pair and distributing
that key to the appropriate endpoints is called:
manual keying.
True or False? When replacing crypto keys, they must be all replaced 1 month at a time.
, False
True or False? In manual keying, two encryption keys are produced for each cryptonet or
communicating pair and those keys are distributed to the appropriate endpoints.
False
True or False? Self-rekeying transforms an existing encryption key into a new one using a
pseudorandom number generator.
True
The process of transforming an existing key into a new one is called:
self-rekeying.
Associate the following concepts with the appropriate secret-key building blocks.
Key wrapping
Build a unique TEK from nonces and a secret
Shared secret hashing
Shares a separate KEK with each registered user
Key distribution center
True or False? The Key Distribution Center (KDC) greatly simplifies key management.
Each host must establish multiple "KDC keys" that it shares with the KDC.
False
Why do protocols like IKE and SSL exchange nonces as part of their key
creation/exchange protocol? Select all that apply.
c) New nonce values should make it impossible for an attacker to replay a previous set of
messages and force the connection to reuse a previous key.
b) If the nonces are always different, then the protocol yields a different result each time it takes
place.
A protocol that establishes security associations (SAs) between a pair of hosts is: