INFA 620 INFA620 Midterm Answers (UMUC)
1. Which of the following is considered a flaw, loophole, oversight, or error that makes the organization susceptible to attack or damage?
2. Which of the following are not directly addressed when implementing network security?
3. Select from the following the best definition of security risk analysis:
4. Which of the following is considered the first line of defense against human behavior?
5. The two methods of encrypting data are
6. The only cipher system said to be unbreakable by brute force is
7. When a user needs to provide message integrity, what options may be the best?
8. Consider the following protocol that involves both RSA public-key operations and DES. Suppose that A has an RSA private key prv(A) and an RSA public key pub(A). Suppose that B has an RSA private key prv(B) and an RSA public key pub(B). Assume both A and B knows each other’s public key. A wants to send B some message M. A selects random DES key K and send B the following two messages:
“E” means encryption and “Sig” means digital signature. Which of the following statement(s) is true?
9. Suppose a user is authenticated based on an ID and password that are supplied by the transmitter in plaintext. Does it make any difference if the passwords and ID are encrypted?
10. You have an issue in your company with users claiming they did not receive e-mail messages, while other users claim they were sent. What PKI component will help you to prove the dates and times of messages sent on the network?
11. A certificate authority provides what benefits to a user?
12. All of the following are types of cyber attack, except:
13. If you notice that the number of existing half-open sessions is beginning to rise, what could this indicate?
14. Consider using DHCP. What are the major security concerns? Indicate the two best answers from the following list.
15. DoS attacks exist for which part of the OSI protocol stack?
PART 2
1. Can two network interfaces have the same IP address? Why or why not?
2. Consider a public key encryption. Ann wants to send Bill a message. Let Annpriv and Annpub be Ann’s private and public keys respectively. The same for Bill (Billpriv and Billpub).
– If Ann sends a message to Bill, what encryption should Ann use so that only Bill can decrypt the message (secrecy)? (4 points)
– Can Ann encrypt the message so that anyone who receives the message is assured that the message only came from Ann (authenticity)? (4 points)
– Is it possible for Ann to devise a method that will allow for both secrecy and authenticity for her message? Please justify your answer. (4 points)
4. Alan and Bill agree (through a public exchange) on using the Diffie-Hellman algorithm to create a common secret key. They also agree on two public numbers: q (large prime number), (generator mod q):
q = 7, a = 2
Alan generates a random CA =5, use CA to calculate DA and then sends DA to Bill. Alan has also received a value DB from Bill.
Bill generates a random CB =6, use CB to calculate DB and then sends DB to Alan. Bill has also received the value DA sent from Alan as mentioned above.
No comments:
Post a Comment