Data Communication And Network Security

25 Questions | Total Attempts: 42

SettingsSettingsSettings
Please wait...
Data Communication And Network Security

Questions and Answers
  • 1. 
    Blowfish is an example of a _________-structure
    • A. 

      Feistel

    • B. 

      Twofish

    • C. 

      Round

    • D. 

      Permutation

    • E. 

      Substitution

  • 2. 
    What does IPS mean?
    • A. 

      Intrusion Prevention System

    • B. 

      Intrusion Private System

    • C. 

      Intrusion Public System

    • D. 

      Intrusion Detection System

    • E. 

      Intrusion Protection System

  • 3. 
    The security of RSA is based on the difficulty of:
    • A. 

      Discrete exponentiations

    • B. 

      Factorization

    • C. 

      Modular multiplications

    • D. 

      Diffie-Hallman

    • E. 

      Encryption

  • 4. 
    A digital signature is created as follows:
    • A. 

      Encrypting the message with the public key of the receiver; hashing the result; appending the hash to the encrypted message

    • B. 

      Hashing the message; adding the hash to the message; encrypting the result with the private key of the receiver

    • C. 

      Encrypting the message with the public key of the receiver; hashing the result; appending the hash to the original message

    • D. 

      Hashing the message; encrypting the hash value with the private key of the sender; appending the result to the message

    • E. 

      Hashing the message; encrypting the hash value with the public key of the receiver; appending the result to the message

  • 5. 
    How many keys are used in symmetric crypto in case we have 13 users?
    • A. 

      144

    • B. 

      13

    • C. 

      78

    • D. 

      169

    • E. 

      12

  • 6. 
    Which three functional areas are provided by IPSec?
    • A. 

      Authentication, Confidentiality, and Key management

    • B. 

      Authentication, Confidentiality, and Digital Signatures

    • C. 

      Authentication, Error detection, and Error correction

    • D. 

      Authentication, Key generation, and Certificate exchange

    • E. 

      Encryption, Decryption, and Certificate validation

  • 7. 
    What does AES mean?
    • A. 

      Alternating Encryption System

    • B. 

      Adversary Encapsulating System

    • C. 

      Alternative Encipherment Solution

    • D. 

      Adversary Encapsulating Solution

    • E. 

      Advanced Encryption Standard

  • 8. 
    If a hash function H is said to have strong collision resistance, then:
    • A. 

      Given H(x) it is hard to find x

    • B. 

      Given one pair (x,y) where h=H(x)=H(y) it is hard to find another input z such that H(z)=h

    • C. 

      It is hard to find any pair (x,y) such that H(x)=H(y)

    • D. 

      Given input x it is hard to find h=H(x)

    • E. 

      Given x it is hard to find y such that H(y)=H(x)

  • 9. 
    The Ticket Granting Server (TGS) in a Kerberos system has 2 pre-shared keys. These are shared with:
    • A. 

      The Authentication Server and the server in a network

    • B. 

      The user/client and the server in a network

    • C. 

      The Authentication Server (AS) and the user/client

    • D. 

      The 2 servers in the network

    • E. 

      None of the above

  • 10. 
    Assume that 1 in 10.000 network packets are related to an attack. Assume our IDS system will detect malicious (attack) packets with 99% certainty and will wrongly mark 1% of the normal traffic as an attack packet. If the IDS classifies a particular packet as malicious, then the possibility that this is a wrong decision is approximately:
    • A. 

      10%

    • B. 

      99%

    • C. 

      1%

    • D. 

      50%

    • E. 

      90%

  • 11. 
    What does the Diffie-Hellman key exchange protocol enable two users to establish?
    • A. 

      A secret key using a public-key scheme based on hardness of integer factorization.

    • B. 

      Both private and public keys using a public-key scheme based on hardness of integer factorization

    • C. 

      A secret key using a public-key scheme based on discrete logarithms

    • D. 

      Both private and public keys using a secret-key scheme based on discrete logarithms.

    • E. 

      A public key using a secret-key scheme based on discrete logarithms.

  • 12. 
    Which is NOT TRUE for an anomaly detection IDS system:
    • A. 

      Looks for statistical deviations from the normal situation

    • B. 

      Vulnerable for zero-days exploits

    • C. 

      Must adapt to changes in user’s behaviour

    • D. 

      Needs to define “normal” expected behaviour of a system

    • E. 

      Is suitable to detect port scans

  • 13. 
    A Security Association can uniquely be identified by the Security Parameter Index (SPI) and:
    • A. 

      The destination IP address and the security protocol identifier

    • B. 

      The source IP address, the ICV and the security protocol identifier

    • C. 

      The source IP address and the security protocol identifier

    • D. 

      The source IP address

    • E. 

      The source IP address and the Integrity Check Value (ICV)

  • 14. 
    What does ESP mean?
    • A. 

      Encryption System Protection

    • B. 

      Encapsulating System Parameters

    • C. 

      Encapsulating Security Payload

    • D. 

      Encapsulated Security Protocol

    • E. 

      Encrypted Security Parameters

  • 15. 
    Which of the following statements is NOT TRUE in IPSec:
    • A. 

      In the tunnel mode a new IP header is attached

    • B. 

      In transport mode the information is protected from source to destination host

    • C. 

      In tunnel mode the mutable fields in the IP header are set to zero for the calculation of the Integrity Check Value (ICV)

    • D. 

      Tunnel mode can be used for both AH and ESP

    • E. 

      In transport mode the “next header” field is copied from the original IP header

  • 16. 
    Kerberos is using an authentication protocol that is based on the following protocol:
    • A. 

      Ipsec

    • B. 

      HMAC

    • C. 

      Needham-Schroeder

    • D. 

      RSA

    • E. 

      X.509

  • 17. 
    Where was the Kerberos protocol developed?
    • A. 

      HIG

    • B. 

      MIT

    • C. 

      Stanford

    • D. 

      Oxford

    • E. 

      Cambridge

  • 18. 
    What does the abbreviation “CFB mode” stand for?
    • A. 

      Current Fail Backup mode

    • B. 

      Cipher Forward Blocking mode

    • C. 

      Crypto Fall Back mode

    • D. 

      Crypto Final Block mode

    • E. 

      Cipher Feed Back mode

  • 19. 
    Which of the following statements is NOT TRUE in IKE:
    • A. 

      IKE is used to negotiate ESP keys for symmetric encryption for confidentiality

    • B. 

      In aggressive mode the Initiator only suggest 1 set of SA for the communication

    • C. 

      Oakley provides a framework for key exchange, but the actual key exchange is based on the ISAKMP protocol

    • D. 

      The two IKE components are ISAKMP and Oakley

    • E. 

      The ISAKMP SA is first established before AH or ESP SA’s are established

  • 20. 
    What is symmetric encryption?
    • A. 

      A form of cryptosystem in which encryption and decryption are performed using the same key.

    • B. 

      A form of cryptosystem in which encryption and decryption are symmetric according to the y-axis.

    • C. 

      A form of cryptosystem in which encryption and decryption are symmetric according to the x-axis.

    • D. 

      A form of cryptosystem that is based on groups of symmetry.

    • E. 

      A mathematical procedure that is using a symmetric group.

  • 21. 
    An ESP trailer contains:
    • A. 

      Padding and Pad length

    • B. 

      Padding and Integrity Check Value (ICV)

    • C. 

      Padding, Pad length, and Next header

    • D. 

      Padding, Pad length, Next header, Security Parameter Index (SPI), and ICV

    • E. 

      Padding, Pad length, Next header and ICV

  • 22. 
    Snort is an example of:
    • A. 

      A protocol based IDS

    • B. 

      A firewall

    • C. 

      An anomaly based IDS

    • D. 

      A signature based IDS

    • E. 

      An action based IDS

  • 23. 
    Suppose a firewall has the following rules implemented: What will this firewall do?
    • A. 

      Allows only for incoming connections to our SMTP server

    • B. 

      Allows our network to be tracerouted

    • C. 

      Allows DNS lookup as a client

    • D. 

      Allows only outgoing connections to our SMTP server

    • E. 

      Allows only outgoing connections to an external SMTP server

  • 24. 
    The 4 general means of authentication are by something you:
    • A. 

      Must, will, shall, or can

    • B. 

      Know, Have, Are, or Will

    • C. 

      Know, take, give, or are

    • D. 

      Know, speak, touch, or see

    • E. 

      Do, have, know, or are

  • 25. 
    There exist ___ versions of the X.509 certificate:
    • A. 

      1

    • B. 

      3

    • C. 

      5

    • D. 

      Depends on the IPsec version number

    • E. 

      Depends on the user