Final Examination

Correct answers are in blue

Q1.(F.74) Which of the following correctly identifies what AH with tunnel mode protects? (2.5 point)

  1. All fields of the IP header, all fields of the AH header and the packet payload
  2. Selected fields of the outer IP header, selected fields of the AH header, selected fields of the inner IP header and the packet payload
  3. All fields of the outer IP header, all fields of the AH header and the packet payload
  4. All fields of the AH header, all fields of the inner IP header and the packet payload
  5. All fields of the AH header and the IP payload
  6. Selected fields of the outer IP header, all fields of the AH header, all fields of the inner IP header and the packet payload
  7. The IP payload

Q2.(F.57) Which of the following types of methods are commonly used for Mandatory Access Control (MAC)? (Select/check all that apply.) (2.5 points)

  1. Lattice-based
  2. Role-based
  3. Access Control Matrix
  4. Rule-based
  5. Access Control Bits

Q3.(F.58) Which of the following are true statements regarding security by function? (2.5 point)

  1. A system should detect attacks coming from outside the organization, but can safely assume that attacks within the organization, such as from an employee, will not occur
  2. Backing up an organization's critical data nightly, and creating a plan for restoring these backups if needed, is one piece of the recovery security function.
  3. Prevention focuses on providing negative motivational influences to help deter attacks.
  4. A properly secured system will never be attacked; therefore, properly secured systems do not need the ability to detect security-related incidents.
  5. Deterrence focuses on procedural or technological security mechanisms which help exterminate security-related incidents.
  6. Risk avoidance, deterrence, prevention, detection, and recovery are five independent security functions which are not related to each other. Changes to one security function within an organization do not effect changes in any of the other four.

Q4.(F.64) Which form of malware is able to send copies of itself to other nodes in the network without attach itself to existing programs or documents? (2.5 point)

  1. Key logger
  2. Virus
  3. Trojan horse
  4. Spyware
  5. Worm

Q5.(F.85) Which of the following are the major subject areas that a "Threat-Vulnerability Analysis" should cover? (Select/check all that apply.) (2.5 points)

  1. Asset vulnerabilities
  2. Likely attacks against assets
  3. Owners of assets
  4. Threat Agents that will target assets
  5. Asset values
  6. Asset recovery approaches

Q6.(F.82) Which of the following are security services are provided by IPSEC? (Select/check all that apply.) (2.5 points)

  1. Access Control
  2. Data Origin Authentication
  3. Data Confidentiality
  4. Rejection of Replayed Packets
  5. Limited Traffic Flow Confidentiality
  6. Data Integrity
  7. In-sequence delivery of sent packets

Q7.(F.93) Which of the following statements about Instant Messaging (IM) are valid? (2.5 point)

  1. No capability for scripting or delivery of malware, spyware etc.
  2. Never use encryption for confidentiality
  3. Have the capability for scripting or delivery of malware, spyware etc.
  4. Have robust password management
  5. Can be easily blocked by firewalls

Q8.(F.81) Which of the following identify the modes or transforms supported by IPsec (Select all choices that are correct)? (Select/check all that apply.) (2.5 points)

  1. Transport
  2. ESP
  3. IKE
  4. AH
  5. Tunnel
  6. ISAKMP

Q9.(F.59) Which of the following statements are correct regarding information integrity as a goal of security? (Select/check all that apply.) (2.5 point)

  1. To maintain information integrity, programmers should develop both on development systems and on production systems.
  2. There is no need to log user actions and events in a properly secured system.
  3. If an organization wishes to maintain information integrity, the duties of its critical functions should be separated among different employees.
  4. When the data in a system is modified only on rare occasions by unauthorized individuals, that system has information integrity.
  5. One way an organization can help maintain integrity is to require specific employees to use specific processes which cannot be changed or avoided without detection.

Q10.(F.96) When replacing an older server with a newer and faster server, which of the following should be done? (Select/check all that apply.) (2.5 points)

  1. The older server should be discarded in the trash after dragging all files to the recycle bin
  2. The older server should be given to an employee after dragging all files to the recycle bin
  3. The older server should be discarded in the trash after erasing all disk files using a DoD or NIST approved procedure
  4. The older server can be given to an employee after erasing all disk files using a DoD or NIST approved procedure
  5. The older server should be sold as surplus after dragging all files to the recycle bin
  6. The older server should be sold as surplus after erasing all disk files using a DoD or NIST approved procedure

Q11.(F.86) Which of the following provides Data-origin authentication of the sender? (Select/check all that apply.) (2.5 points)

  1. Sending a clear-text message along with a symmetrically encrypted message digest prepared from the clear-text message
  2. Sending a message asymmetrically encrypted using a private key
  3. Sending a clear-text message along with a message digest prepared from the clear-text message and a shared secret key
  4. Sending a message asymmetrically encrypted using a public key
  5. Sending a message and a message digest of the message where both are symmetrically encrypted using a shared secret key
  6. Sending a clear-text message along with a digital signature
  7. Sending a message symmetrically encrypted using a private key

Q12.(F.67) Which of the following mechanisms does Unix use for access control to files and directories? (2.5 point)

  1. Discretionary access control via inodes
  2. Access control rules
  3. Mandatory access control via inodes
  4. Discretionary access control via ACLs

Q13.(F.83) Which of the following are eight mandatory fields in X.509v3 digital certificates? (Select/check all that apply.) (2.5 points)

  1. Subject Public Key Information
  2. Signer Distinguished Name
  3. Version Number
  4. Subject Distinguished Name
  5. Validation Dates
  6. Algorithm Identifier
  7. Alternative Name Extension
  8. Serial Number
  9. URL of Certificate Revocation Lists
  10. Signer Digital Signature

Q14.(F.68) Which of the following protocols are said to use "an informal web of trust" rather than relying on certificate authorities? (2.5 point)

  1. ICMP
  2. PGP
  3. PKI
  4. IGP
  5. PEM

Q15.(F.87) Which of the following provides Data Confidentiality of a transmitted message? (Select/check all that apply.) (2.5 point)

  1. Sending a clear-text message along with a symmetrically encrypted message digest prepared from the clear-text message
  2. Sending a message asymmetrically encrypted using a public key
  3. Sending a clear-text message along with a digital signature
  4. Sending a message asymmetrically encrypted using a private key
  5. Sending a message symmetrically encrypted using a shared secret key
  6. Sending a clear-text message along with a message digest prepared from the clear-text message and a shared secret key

Q16.(F.94) Which of the following is the most important when it comes to ensuring that a security program is successful in an organization? (2.5 point)

  1. Weekly system backups with routine testing of backup restorability
  2. Internal web access to policies and procedures
  3. Biometric based smartcards for building access
  4. Centralized management of anti-virus on all desktop machines
  5. Senior management support, and approval

Q17.(F.90) Which of the following typically provides a service, or performs an operation, that the user considers desirable but also engages in other activities that the user is not aware of, such as stealing address book information or searching for passwords? (2.5 point)

  1. Trojan horse
  2. Worm
  3. Rootkit
  4. Virus
  5. Spyware

Q18.(F.77) Which of the following describe the purpose of each of the major components of IPsec? (2.5 point)

  1. IKE: used for peer-entity authentication and key management
    ISAKMP: used to provide data origin authentication and data integrity
    ESP: used to provide data origin authentication, data confidentiality and data integrity
    Security Policy: used to identify and define attributes of security used between two corresponding entities.
  2. IKE: used for peer-entity authentication and key management
    AH: used to provide data origin authentication and data integrity
    ESP: used to provide data origin authentication, optional data confidentiality and data integrity
    SAs used to identify and define attributes of security used between two corresponding entities.
  3. IKE: used for peer-entity authentication and key management
    AH: used to provide data origin authentication and data integrity
    ISAKMP: used to provide data origin authentication, data confidentiality and data integrity
    SAs used to identify and define attributes of security used between two corresponding entities.
  4. IKE: used for peer-entity authentication and key management
    AH: used to provide data origin authentication, data confidentiality and data integrity
    ESP: used to provide data origin authentication and data integrity
    Security Policy used to identify and define attributes of security used between two corresponding entities.

Q19.(F.89) Which of the following are security services are provided by IEEE 802.1x? (Select/check all that apply.) (2.5 point)

  1. Data Integrity
  2. Limited Traffic Flow Confidentiality
  3. Data Confidentiality
  4. Rejection of Replayed Packets
  5. Access Control
  6. Authentication

Q20.(F.80) Which of the following types of attacks are defended against by message data-origin authentication which includes a timestamp or nonce? (Select/check all that apply.) (2.5 points)

  1. Message sequence modification
  2. Message source masquerading
  3. Message replay
  4. Message privacy
  5. Message content modification

Q21.(F.60) Which of the following statements are correct statements regarding ITU X.509 digital certificates? (2.5 point)

  1. A certificate is valid for a specific period of time, and that period begins the first time the certificate is used.
  2. An ITU-T x.509 digital certificate can be used to authenticate a subject.
  3. If the issuer name in the certificate can be verified as valid, then the data therein can be trusted.
  4. When a certificate is revoked, the same certificate is re-issued by the authority with the revoked field marked as "true".

Q22.(F.92) Turnover rate is the ratio of the number of workers that had to be replaced in a given time period to the average number of workers. If a company has a high 'turnover rate', which access control structure is best for access control of company resources? (2.5 point)

  1. Role based
  2. Decetralized
  3. Centralized
  4. Rule based
  5. Groups
  6. Lattice based

Q23.(F.88) Which of the following provides Information Integrity? (Select/check all that apply.) (2.5 points)

  1. Sending a clear-text message along with a message digest prepared from the clear-text message and a shared secret key
  2. Sending a clear-text message along with a digital signature
  3. Sending a clear-text message along with a symmetrically encrypted message digest prepared from the clear-text message
  4. Sending a message asymmetrically encrypted using a private key
  5. Sending a message symmetrically encrypted using a private key
  6. Sending a message asymmetrically encrypted using a public key
  7. All these forms of encryption
  8. No type of encryption provides information integrity

Q24.(F.66) Which of the following security mechanisms are provided by TCP wrappers? (2.5 point)

  1. Logging
  2. Data integrity
  3. Data-origin authentication
  4. Peer-entity authentication

Q25.(F.75) Which of the following lists human authentication factors from strongest (most reliable on left) to weakest (least reliable on right)? (2.5 point)

  1. What a person knows, What a person is, What a person has
  2. What a person is, What a person has, What a person knows
  3. What a person has, What a person is, What a person knows
  4. What a person has, What a person knows, What a person is
  5. What a person is, What a person knows, What a person has
  6. What a person knows, What a person has, What a person is

Q26.(F.63) Which of the following statements are correct regarding packet filtering at the IP layer? (Select/check all that apply.) (2.5 points)

  1. IP packet filtering rules can determine which IP packets may flow based on IP source and destination addresses
  2. IP packet filtering rules can determine which IP packets may flow based on TCP session state.
  3. IP packet filtering rules can determine which IP packets may flow based on transport protocol port numbers.
  4. IP packet filtering may either be applied to the perimeter of a network, or to individual hosts within a network, but it cannot be applied to both at the same time.

Q27.(F.79) Which of the following correctly identifies what AH with transport mode protects? (2.5 point)

  1. Selected IP header fields, all fields within the AH header and the packet payload
  2. Only the IP payload
  3. All fields within the IP header, all fields within the AH header and the packet payload
  4. All fields within the AH header and the IP payload

Q28.(F.62) Which of the following statements about the OSI and Internet network models is correct? (2.5 point)

  1. The OSI network model defines protocol layers that include mandatory security mechanisms.
  2. The Internet model has many practical applications which include mandatory confidentiality mechanisms..
  3. The physical layer exists in both the OSI and TCP network models requires the use of confidentiality mechanisms
  4. TCP and IP are protocols in the Internet network model can be used with optional security mechanisms.

Q29.(F.84) Which of the following are the primary targets of an attack within Voice over IP (VoIP) services? (Select/check all that apply.) (2.5 points)

  1. Signaling protocols (SIP or H.323)
  2. Actual voice conversations (RTP)
  3. Session Boarder Controllers
  4. SIP Proxy Servers

Q30.(F.71) Computer-based assets are vulnerable to many types of attacks. Choose all true statements regarding these kinds of attacks? (Select/check all that apply.) (2.5 points)

  1. All known vulnerabilities have been addressed in mature protocols such as TCP/IP.
  2. An application which runs on a hardened operating system with no known vulnerabilities is invulnerable
  3. Improperly configured computer systems can be vulnerable to attack.
  4. An operating system may have vulnerabilities, and these vulnerabilities may be difficult for an organization to address in a timely fashion, since the organization must rely upon the operating system vendor to correct the vulnerability.

Q31.(F.76) Does Java only provide minimal support for the use of X.509 digital certificates? (2.5 point)

  1. No
  2. Yes

Q32.(F.69) Which of the following are purposes of the IKE/(ISAKMP) part of IPsec? (Select/check all that apply.) (2.5 points)

  1. Peer-entity authentication
  2. Data origin authentication
  3. Key management
  4. Information integrity
  5. Confidentiality

Q33.(F.91) Which of the following are correct? (Select/check all that apply.) (2.5 points)

  1. A password and a security token number can be used for non-repudiation
  2. A password and a security token number can be used for login authentication
  3. A password and a fingerprint can be used authorization
  4. A passphrase can be used for login authentication
  5. A password and a security token number can be used for authorization

Q34.(F.70) Which of the following are primary security services as defined in ITU-T 800? (Select/check all that apply.) (2.5 points)

  1. Detection
  2. Non-Repudiation
  3. Identification
  4. Confidentiality
  5. Authorization/Access Control
  6. Availability
  7. Authentication

Q35.Why would you want to digitally sign your Diffie-Hellman Q value and then encrypt the Q value and digital signature with the other side’s public key? (2.5 points)

A correct answer should include:

This prevents the "man-in-the middle" from spoofing the identity of the sender by providing peer-entity authentication and confidentiality for the Q value sent.

Q36.Why are X.509 certificate chains necessary in order to verify a user certificate? < 2.5 Points>

A correct answer should include:

When the number of certificates increase, it is better not to issue all certificates from a single CA, it is better to distribute certificates among multiple CA, so when a user A has certificate from a specific CA1, wants to know the public key of anther user using certificate from CA2, user can read user's B certificate but can't verify its signature, so for A to verify B's certificate, it needs to trust its CA2, so user A can get CA2 certificate signed by his CA1, and A knows CA1 public key, it can get CA2 certificate and verify CA1 signature on it, then gets user B certificate and verify it with the trusted certificate of CA2.

So if the certificate chain doesn't exist, users with certificates from specific certificate authority will not be able to verify user's certificates from anther CA. X.509 certificate chains are necessary because, unlike Kerberos, X.509 authentication occurs offline. X.509 does not work with a third-party system, like a KDC, to authenticate a user and grant them tickets for access into a network/system. Certificates are instead included within applications and used for verification offline.

Q37.Suppose Alice, Bob, and Carol want to use secret key cryptography to authenticate each other. Compare the security of having a single shared secret that they all share with the security of having each of them use their own secret (Alice authenticates to either Bob or Carol by proving knowledge of KA, Bob with KB, and Carol with KC). ( 2.5 points)

A correct answer should include:

Neither Alice, Bob or Carol have an item that is truly unique to themselves that they can use to authenticate themselves such that their claimed identity cannot be forged. Therefore any of them can repudiate (deny) that they originated a message by just claiming that the other person which whom they share the secret keys actually originated the message in question.

Without the use of public key technology, they will still need to know each other's keys to the verification, which means they can still forge each other's messages

Q38.What is the difference between a message authentication code and a one-way hash function? ( 2.5 points)

A correct answer should include:

A hash function accepts a variable-size message as input and generates a fixed-size block of data (hash code or digest) as output. Hash provides only the structure required to achieve authentication since encryption with a key is not part of the hash function itself. A hash is a function of the input message only.

The message authentication code (MAC) either: