Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

_Network_Security_2

_Network Security Exam 2

QuestionAnswer
A _________ is a key used between entities for the purpose of distributing session keys. permanent key
A _________ is the client's choice for an encryption key to be used to protect this specific application session. subkey
A __________ indicates the length of time for which a ticket is valid (e.g., eight hours). lifetime
A __________ is a set of managed nodes that share the same Kerberos database which resides on the Kerberos master computer system that is located in a physically secure room. Kerberos realm
A __________ server issues tickets to users who have been authenticated to the authentication server. ticket-granting
A ___________ is a service or user that is known to the Kerberos system and is identified by its principal name. Kerberos principal
A random value to be repeated to assure that the response is fresh and has not been replayed by an opponent is the __________ . nonce
An __________ manages the creation and maintenance of attributes such as passwords and biometric information. attribute service
Containing the hash code of the other fields encrypted with the CA's private key, the __________ covers all of the other fields of the certificate and includes the signature algorithm identifier. signature
Encryption in version 4 makes use of a nonstandard mode of DES known as ___________ . PCBC
In order to prevent an opponent from capturing the login ticket and reusing it to spoof the TGS, the ticket includes a __________ indicating the date and time at which the ticket was issued. timestamp
In order to solve the problem of minimizing the number of times that a user has to enter a password and the problem of a plaintext transmission of the password a __________ server is used. ticket granting
Kerberos version 4 requires the use of ____________ . IP address
Once the authentication server accepts the user as authentic it creates an encrypted _________ which is sent back to the client ticket
Rather than building elaborate authentication protocols at each server, _________ provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Kerberos
The _________ exentsion is used only in certificates for CAs issued by other CAs and allows an issuing CA to indicate that one or more of that issuer's policies can be considered equivalent to another policy used in the subject CAs domain. policy mappings
The _________ extension lists policies that the certificate is recognized as supporting, together with optional qualifier information. certificate policies
The __________ knows the passwords of all users and stores these in a centralized database and also shares a unique secret key with each server authentication server
The strength of any cryptographic system rests with the _________ technique, a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key. key distribution
The technical deficiencies of Kerberos version 4 are: double encryption, PCBC encryption, session keys and __________ . password attacks
Used in most network security applications the __________ standard has become universally accepted for formatting public-key certificates. X.509
When two end systems wish to communicate they establish a logical connection and, for the duration of that logical connection, all user data are encrypted with a one-time __________ which is destroyed at the end of the session. session key
_________ are entities that obtain and employ data maintained and provided by identity and attribute providers, which are often used to support authorization decisions and to collect audit information. Data Consumers
__________ defines a framework for the provision of authentication services by the X.500 directory to its users and defines alternative authentication protocols based on the use of public-key certificates. X.509
is a centralized, automated approach to provide enterprise wide access to resources by employees and other authorized indiv. with a focus of defining an ID for each user, assoc. attributes with the ID and enforcing a means by which a user can verify ID. Identity management
__________ is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, thereby reducing the number of authentications needed by the user. Federation
A WML _________ is similar to an HTML page in that it is identified by a URL and is the unit of content transmission. deck
Forming a hierarchy beginning with a master key from which other keys are derived dynamically and used for a limited period of time, __________ are used for communication between a pair of devices typically between a STA and an AP. pairwise keys
The MPDU authentication phase consists of three phases. They are: connect to AS, EAP exchange and _________ . secure key delivery
The MPDU exchange for distributing pairwise keys is known as the _________ which the STA and SP use to confirm the existence of the PMK, to verify the selection of the cipher suite, and to derive a fresh PTK for data sessions. 4-way handshake
The PMK is used to generate the _________ which consists of three keys to be used for communication between a STA and AP after they have been mutually authenticated. PTK
The WAP Programming Model is based on three elements: the client, the original server, and the _________ gateway
The _________ is used to ensure the confidentiality of the GTK and other key material in the 4-Way Handshake. EAPOL-KEK
The __________ function is the logical function that determines when a station operating within a BSS is permitted to transmit and may be able to receive PDUs. coordination
The __________ is the information that is delivered as a unit between MAC users. MSDU
The __________ is used to convey WTLS-related alerts to the peer entity. Alert Protocol
The __________ layer keeps track of which frames have been successfully received and retransmits unsuccessful frames logical link control
The function of the __________ is to on transmission assemble data into a frame, on reception disassemble frame and perform address recognition and error detection, and govern access to the LAN transmission medium. media access control layer
The layer of the IEEE 802 reference model that includes such functions as encoding/decoding of signals and bit transmission/reception is the _________ . physical layer
The master session key is also known as the __________ key. AAA
The purpose of the discovery phase in the ___________ is for a STA and an AP to recognize each other, agree on a set of security capabilities, and establish an association for future communication using those security capabilities. RSN
The specification of a protocol along with the chosen key length is known as a __________ . cipher suite
The term used for certified 802.11b products is ___________ Wi-Fi
WAP security is primarily provided by the __________ which provides security services between the mobile device and the WAP gateway to the Internet. WTLS
_________ is a standard to provide mobile users of wireless phones and other wireless terminals access to telephony and information services including the Internet and the Web. WAP
was designed to describe content and format for presenting data on devices with limited bandwidth, limited screen size, and limited user input capability and to work with telephone keypads/styluses, and other input devices common to mobile, wireless comm. WML
__________ is the primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS. distribution
__________ specifies security standards for IEEE 802.11 LANs including authentication, data integrity, data confidentiality, and key management. IEEE 802.11i
A _________ is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer, which is then encoded using base64 encoding. digital signature
Computed by PGP, a _________ field indicates the extent to which PGP will trust that this is a valid public key for this user; the higher the level of trust, the stronger the binding of this user ID to this key. key legitimacy
E-banking, personal banking, e-commerce server, software validation and membership-based online services all fall into the VeriSign Digital ID _________ . Class 3
For the __________ subtype the order of the parts is not significant. multipart/parallel
Key IDs are critical to the operation of PGP and __________ key IDs are included in any PGP message that provides both confidentiality and authentication. two
MIME is an extension to the ________ framework that is intended to address some of the problems and limitations of the use of SMTP. RFC 5322
PGP makes use of four types of keys: public keys, private keys, one-time session keys, and ___________ symmetric keys. passphrase-based
PGP provides authentication through the use of _________ . digital signatures
PGP provides compression using the __________ algorithm. zip
PGP provides e-mail compatibility using the __________ encoding scheme radix-64
S/MIME cryptographic algorithms use __________ to specify requirement level SHOULD and MUST
The ________ MIME field is a text description of the object with the body which is useful when the object is not readable as in the case of audio data. Content-Description
The _________ accepts the message submitted by a Message User Agent and enforces the policies of the hosting domain and the requirements of Internet standards. Mail Submission Agent
The _________ transfer encoding is useful when the data consists largely of octets that correspond to printable ASCII characters quoted-printable
The _________ transfer encoding, also known as radix-64 encoding, is a common one for encoding arbitrary binary data in such a way as to be invulnerable to the processing by mail-transport programs base64
The _________ type refers to other kinds of data, typically either uninterpreted binary data or information to be processed by a mail-based application application
The __________ field is used to identify MIME entities uniquely in multiple contexts Content-ID
The __________ MIME field describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user or otherwise deal with the data in an appropriate manner. Content-Type
The __________ enables the recipient to determine if the correct public key was used to decrypt the message digest for authentication leading two octets of message digest
The __________ subtype is used when the different parts are independent but are to be transmitted together. They should be presented to the receiver in the order that they appear in the mail message multipart/mixed
The key legitimacy field, the signature trust field and the owner trust field are each contained in a structure referred to as a ___________ . trust flag byte
To provide transparency for e-mail applications, an encrypted message may be converted to an ASCII string using _________ conversion radix-64
Typically housed in the user's computer, a _________ is referred to as a client e-mail program or a local network e-mail server. Message User Agent
Video content will be identified as _________ type. MPEG
__________ is an Internet standard approach to e-mail security that incorporates the same functionality as PGP. S/MIME
A _________ is a one way relationship between a sender and a receiver that affords security services to the traffic carried on it. SA
A __________ attack is one in which an attacker obtains a copy of an authenticated packet and later transmits it to the intended destination replay
A value chosen by the responder to identify a unique IKE SA is a _________ . Responder Cookie
At any point in an IKE exchange the sender may include a _________ payload to request the certificate of the other communicating entity certificate request
Authentication applied to all of the packet except for the IP header is _________ . transport mode
Authentication applied to the entire original IP packet is _________ . tunnel mode
Authentication makes use of the _________ message authentication code HMAC
IKE key determination employs __________ to ensure against replay attacks nonces
IPsec encompasses three functional areas: authentication, key management, and __________ confidentiality
IPsec provides security services at the ________ layer by enabling a system to select required security protocols, determine the algorithms to use for the services and put in place any cryptographic keys required to provide the requested services IP
The _________ facility enables communicating nodes to encrypt messages to prevent eavesdropping by third parties. confidentiality
The _________ payload allows peers to identify packet flows for processing by IPsec services Traffic Selector
The __________ facility is concerned with the secure exchange of keys. key management
The __________ mechanism assures that a received packet was in fact transmitted by the party identified as the source in the packet header and assures that the packet has not been altered in transit. authentication
The __________ payload contains either error or status information associated with this SA or this SA negotiation. Notify
The key management mechanism that is used to distribute keys is coupled to the authentication and privacy mechanisms only by way of the _________ . SPI
The means by which IP traffic is related to specific SAs is the _________ . SPD
The selectors that determine a Security Policy Database are: Name, Local and Remote Ports, Next Layer Protocol, Remote IP Address, and _________ . local IP address
Three different authentication methods can be used with IKE key determination: Public key encryption, symmetric key encryption, and _________ . digital signatures
_________ consists of an encapsulating header and trailer used to provide encryption or combined encryption/authentication. The current specification is RFC 4303. ESP
_________ defines a number of techniques for key management. IKE
_________ identifies the type of data contained in the payload data field by identifying the first header in that payload. Next Header
_________ mode is used when one or both ends of an SA are a security gateway, such as a firewall or router that implements IPsec. Tunnel
__________ provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. IPsec
Created by: ITSec_guy