Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
_Network_Security_2
_Network Security Exam 2
| Question | Answer |
|---|---|
| A _________ is a key used between entities for the purpose of distributing session keys. | permanent key |
| A _________ is the client's choice for an encryption key to be used to protect this specific application session. | subkey |
| A __________ indicates the length of time for which a ticket is valid (e.g., eight hours). | lifetime |
| A __________ is a set of managed nodes that share the same Kerberos database which resides on the Kerberos master computer system that is located in a physically secure room. | Kerberos realm |
| A __________ server issues tickets to users who have been authenticated to the authentication server. | ticket-granting |
| A ___________ is a service or user that is known to the Kerberos system and is identified by its principal name. | Kerberos principal |
| A random value to be repeated to assure that the response is fresh and has not been replayed by an opponent is the __________ . | nonce |
| An __________ manages the creation and maintenance of attributes such as passwords and biometric information. | attribute service |
| Containing the hash code of the other fields encrypted with the CA's private key, the __________ covers all of the other fields of the certificate and includes the signature algorithm identifier. | signature |
| Encryption in version 4 makes use of a nonstandard mode of DES known as ___________ . | PCBC |
| In order to prevent an opponent from capturing the login ticket and reusing it to spoof the TGS, the ticket includes a __________ indicating the date and time at which the ticket was issued. | timestamp |
| In order to solve the problem of minimizing the number of times that a user has to enter a password and the problem of a plaintext transmission of the password a __________ server is used. | ticket granting |
| Kerberos version 4 requires the use of ____________ . | IP address |
| Once the authentication server accepts the user as authentic it creates an encrypted _________ which is sent back to the client | ticket |
| Rather than building elaborate authentication protocols at each server, _________ provides a centralized authentication server whose function is to authenticate users to servers and servers to users. | Kerberos |
| The _________ exentsion is used only in certificates for CAs issued by other CAs and allows an issuing CA to indicate that one or more of that issuer's policies can be considered equivalent to another policy used in the subject CAs domain. | policy mappings |
| The _________ extension lists policies that the certificate is recognized as supporting, together with optional qualifier information. | certificate policies |
| The __________ knows the passwords of all users and stores these in a centralized database and also shares a unique secret key with each server | authentication server |
| The strength of any cryptographic system rests with the _________ technique, a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key. | key distribution |
| The technical deficiencies of Kerberos version 4 are: double encryption, PCBC encryption, session keys and __________ . | password attacks |
| Used in most network security applications the __________ standard has become universally accepted for formatting public-key certificates. | X.509 |
| When two end systems wish to communicate they establish a logical connection and, for the duration of that logical connection, all user data are encrypted with a one-time __________ which is destroyed at the end of the session. | session key |
| _________ are entities that obtain and employ data maintained and provided by identity and attribute providers, which are often used to support authorization decisions and to collect audit information. | Data Consumers |
| __________ defines a framework for the provision of authentication services by the X.500 directory to its users and defines alternative authentication protocols based on the use of public-key certificates. | X.509 |
| is a centralized, automated approach to provide enterprise wide access to resources by employees and other authorized indiv. with a focus of defining an ID for each user, assoc. attributes with the ID and enforcing a means by which a user can verify ID. | Identity management |
| __________ is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, thereby reducing the number of authentications needed by the user. | Federation |
| A WML _________ is similar to an HTML page in that it is identified by a URL and is the unit of content transmission. | deck |
| Forming a hierarchy beginning with a master key from which other keys are derived dynamically and used for a limited period of time, __________ are used for communication between a pair of devices typically between a STA and an AP. | pairwise keys |
| The MPDU authentication phase consists of three phases. They are: connect to AS, EAP exchange and _________ . | secure key delivery |
| The MPDU exchange for distributing pairwise keys is known as the _________ which the STA and SP use to confirm the existence of the PMK, to verify the selection of the cipher suite, and to derive a fresh PTK for data sessions. | 4-way handshake |
| The PMK is used to generate the _________ which consists of three keys to be used for communication between a STA and AP after they have been mutually authenticated. | PTK |
| The WAP Programming Model is based on three elements: the client, the original server, and the _________ | gateway |
| The _________ is used to ensure the confidentiality of the GTK and other key material in the 4-Way Handshake. | EAPOL-KEK |
| The __________ function is the logical function that determines when a station operating within a BSS is permitted to transmit and may be able to receive PDUs. | coordination |
| The __________ is the information that is delivered as a unit between MAC users. | MSDU |
| The __________ is used to convey WTLS-related alerts to the peer entity. | Alert Protocol |
| The __________ layer keeps track of which frames have been successfully received and retransmits unsuccessful frames | logical link control |
| The function of the __________ is to on transmission assemble data into a frame, on reception disassemble frame and perform address recognition and error detection, and govern access to the LAN transmission medium. | media access control layer |
| The layer of the IEEE 802 reference model that includes such functions as encoding/decoding of signals and bit transmission/reception is the _________ . | physical layer |
| The master session key is also known as the __________ key. | AAA |
| The purpose of the discovery phase in the ___________ is for a STA and an AP to recognize each other, agree on a set of security capabilities, and establish an association for future communication using those security capabilities. | RSN |
| The specification of a protocol along with the chosen key length is known as a __________ . | cipher suite |
| The term used for certified 802.11b products is ___________ | Wi-Fi |
| WAP security is primarily provided by the __________ which provides security services between the mobile device and the WAP gateway to the Internet. | WTLS |
| _________ is a standard to provide mobile users of wireless phones and other wireless terminals access to telephony and information services including the Internet and the Web. | WAP |
| was designed to describe content and format for presenting data on devices with limited bandwidth, limited screen size, and limited user input capability and to work with telephone keypads/styluses, and other input devices common to mobile, wireless comm. | WML |
| __________ is the primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS. | distribution |
| __________ specifies security standards for IEEE 802.11 LANs including authentication, data integrity, data confidentiality, and key management. | IEEE 802.11i |
| A _________ is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer, which is then encoded using base64 encoding. | digital signature |
| Computed by PGP, a _________ field indicates the extent to which PGP will trust that this is a valid public key for this user; the higher the level of trust, the stronger the binding of this user ID to this key. | key legitimacy |
| E-banking, personal banking, e-commerce server, software validation and membership-based online services all fall into the VeriSign Digital ID _________ . | Class 3 |
| For the __________ subtype the order of the parts is not significant. | multipart/parallel |
| Key IDs are critical to the operation of PGP and __________ key IDs are included in any PGP message that provides both confidentiality and authentication. | two |
| MIME is an extension to the ________ framework that is intended to address some of the problems and limitations of the use of SMTP. | RFC 5322 |
| PGP makes use of four types of keys: public keys, private keys, one-time session keys, and ___________ symmetric keys. | passphrase-based |
| PGP provides authentication through the use of _________ . | digital signatures |
| PGP provides compression using the __________ algorithm. | zip |
| PGP provides e-mail compatibility using the __________ encoding scheme | radix-64 |
| S/MIME cryptographic algorithms use __________ to specify requirement level | SHOULD and MUST |
| The ________ MIME field is a text description of the object with the body which is useful when the object is not readable as in the case of audio data. | Content-Description |
| The _________ accepts the message submitted by a Message User Agent and enforces the policies of the hosting domain and the requirements of Internet standards. | Mail Submission Agent |
| The _________ transfer encoding is useful when the data consists largely of octets that correspond to printable ASCII characters | quoted-printable |
| The _________ transfer encoding, also known as radix-64 encoding, is a common one for encoding arbitrary binary data in such a way as to be invulnerable to the processing by mail-transport programs | base64 |
| The _________ type refers to other kinds of data, typically either uninterpreted binary data or information to be processed by a mail-based application | application |
| The __________ field is used to identify MIME entities uniquely in multiple contexts | Content-ID |
| The __________ MIME field describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user or otherwise deal with the data in an appropriate manner. | Content-Type |
| The __________ enables the recipient to determine if the correct public key was used to decrypt the message digest for authentication | leading two octets of message digest |
| The __________ subtype is used when the different parts are independent but are to be transmitted together. They should be presented to the receiver in the order that they appear in the mail message | multipart/mixed |
| The key legitimacy field, the signature trust field and the owner trust field are each contained in a structure referred to as a ___________ . | trust flag byte |
| To provide transparency for e-mail applications, an encrypted message may be converted to an ASCII string using _________ conversion | radix-64 |
| Typically housed in the user's computer, a _________ is referred to as a client e-mail program or a local network e-mail server. | Message User Agent |
| Video content will be identified as _________ type. | MPEG |
| __________ is an Internet standard approach to e-mail security that incorporates the same functionality as PGP. | S/MIME |
| A _________ is a one way relationship between a sender and a receiver that affords security services to the traffic carried on it. | SA |
| A __________ attack is one in which an attacker obtains a copy of an authenticated packet and later transmits it to the intended destination | replay |
| A value chosen by the responder to identify a unique IKE SA is a _________ . | Responder Cookie |
| At any point in an IKE exchange the sender may include a _________ payload to request the certificate of the other communicating entity | certificate request |
| Authentication applied to all of the packet except for the IP header is _________ . | transport mode |
| Authentication applied to the entire original IP packet is _________ . | tunnel mode |
| Authentication makes use of the _________ message authentication code | HMAC |
| IKE key determination employs __________ to ensure against replay attacks | nonces |
| IPsec encompasses three functional areas: authentication, key management, and __________ | confidentiality |
| IPsec provides security services at the ________ layer by enabling a system to select required security protocols, determine the algorithms to use for the services and put in place any cryptographic keys required to provide the requested services | IP |
| The _________ facility enables communicating nodes to encrypt messages to prevent eavesdropping by third parties. | confidentiality |
| The _________ payload allows peers to identify packet flows for processing by IPsec services | Traffic Selector |
| The __________ facility is concerned with the secure exchange of keys. | key management |
| The __________ mechanism assures that a received packet was in fact transmitted by the party identified as the source in the packet header and assures that the packet has not been altered in transit. | authentication |
| The __________ payload contains either error or status information associated with this SA or this SA negotiation. | Notify |
| The key management mechanism that is used to distribute keys is coupled to the authentication and privacy mechanisms only by way of the _________ . | SPI |
| The means by which IP traffic is related to specific SAs is the _________ . | SPD |
| The selectors that determine a Security Policy Database are: Name, Local and Remote Ports, Next Layer Protocol, Remote IP Address, and _________ . | local IP address |
| Three different authentication methods can be used with IKE key determination: Public key encryption, symmetric key encryption, and _________ . | digital signatures |
| _________ consists of an encapsulating header and trailer used to provide encryption or combined encryption/authentication. The current specification is RFC 4303. | ESP |
| _________ defines a number of techniques for key management. | IKE |
| _________ identifies the type of data contained in the payload data field by identifying the first header in that payload. | Next Header |
| _________ mode is used when one or both ends of an SA are a security gateway, such as a firewall or router that implements IPsec. | Tunnel |
| __________ provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. | IPsec |
Created by:
ITSec_guy
Popular Computers sets