Nicholas Bagnall
Test por , creado hace más de 1 año

Practice exam questions for FIT3031 Network Security Exam

218
0
0
Nicholas Bagnall
Creado por Nicholas Bagnall hace alrededor de 2 años
Cerrar

FIT3031 - Network Security Exam Practice

Pregunta 1 de 52

1

Which of the following algorithm is a symmetric encryption algorithm?

Selecciona una de las siguientes respuestas posibles:

  • RSA

  • Diffie-Hellman

  • SHA-256

  • DES

Explicación

Pregunta 2 de 52

1

Which of the following attacks are active attacks?
- Replay
- Modification of Message
- Denial of Service

Selecciona una de las siguientes respuestas posibles:

  • Replay

  • Modification of Message

  • Denial of Service

  • All of the above

Explicación

Pregunta 3 de 52

1

Which of the following statement(s) regarding symmetric encryption is/are not true?

Selecciona una de las siguientes respuestas posibles:

  • The encryption key is the same as decryption key

  • Symmetric key encryption is slower than asymmetric key encryption

  • AES can be speed up using hardware module

  • All of the above statements are not true

Explicación

Pregunta 4 de 52

1

Which of the following encryption algorithm is NOT used in 4G LTE?

Selecciona una de las siguientes respuestas posibles:

  • SNOW 3G

  • AES

  • 3DES

  • ZUC

Explicación

Pregunta 5 de 52

1

Asymmetric encryption can solve the __________ problem(s) of symmetric encryption.

Selecciona una de las siguientes respuestas posibles:

  • Key distribution

  • Integrity

  • Efficiency

  • All of the above

Explicación

Pregunta 6 de 52

1

Which of the following statement regarding SHA-1 is true?

Selecciona una de las siguientes respuestas posibles:

  • CWI Amsterdam and Google had performed a collision attack against SHA-1, publishing two dissimilar PDF files which produce the same SHA-1 hash.

  • CWI Amsterdam and Google had invented a polynomial time algorithm to find two different integers which produce the same SHA-1 hash.

  • CWI Amsterdam and Google had performed a one-wayness attack against SHA-1, such that given any random 160-bit string, they can re-construct a PDF file which produces this SHA-1 hash.

  • CWI Amsterdam and Google had invented a polynomial time algorithm to find the input of the hash function x, for any given 160-bit integer y such that H(x)=y where H( ) is the SHA-1 function.

Explicación

Pregunta 7 de 52

1

The security of Diffie-Hellman Algorithm relies on the __________ problem.

Selecciona una de las siguientes respuestas posibles:

  • Factorisation

  • Subset sum

  • Discrete logarithm (DL)

  • Learning with errors (LWE)

Explicación

Pregunta 8 de 52

1

IPSec is used to secure the __________ layer.

Selecciona una de las siguientes respuestas posibles:

  • Application

  • TCP

  • Network Layer (IP)

  • Physical

Explicación

Pregunta 9 de 52

1

X.509 is a standard of __________ .

Selecciona una de las siguientes respuestas posibles:

  • Digital Signature

  • Email Security

  • Wireless LAN Security

  • Digital Security

Explicación

Pregunta 10 de 52

1

Which of the following activities are examples of Intrusion?
A) Cracking password
B) Distributing pirated software
C) Using e-banking service from a web browser in a library public computer during opening hours

Selecciona una de las siguientes respuestas posibles:

  • Both A and B

  • Both B and C

  • Both A and C

  • All of the above

Explicación

Pregunta 11 de 52

1

SSH is an encrypted version of ______

Selecciona una de las siguientes respuestas posibles:

  • MIME

  • HTTP

  • TELNET

  • Internet Protocol

Explicación

Pregunta 12 de 52

1

Cloning of 4G SIM card can be done using __________ attack.

Selecciona una de las siguientes respuestas posibles:

  • Man-in-the-middle

  • SQL Injection

  • Denial of Service

  • Side Channel

Explicación

Pregunta 13 de 52

1

Which of the following statement(s) describe(s) correctly the difference(s) between a virus and a worm?

Selecciona una de las siguientes respuestas posibles:

  • A virus cannot be spread without a human action, but a worm has the capacity to travel without any human action.

  • A virus does not have the dormant phase, but a worm does have.

  • In the propagation phase, a virus searches for other systems but a worm only searchers for other programs running within the same system.

  • All of the above are correct

Explicación

Pregunta 14 de 52

1

Which of the following is/are the limitation(s) of a firewall?

Selecciona una de las siguientes respuestas posibles:

  • Cannot protect from attacks bypassing it

  • Cannot protect against internal threat

  • All of the above are limitations of a firewall

  • There is no limitation of a firewall

Explicación

Pregunta 15 de 52

1

What are two security services provided by signcryption?

Selecciona una de las siguientes respuestas posibles:

  • Confidentiality and Integrity

  • Confidentiality and Availability

  • Integrity and Availability

Explicación

Pregunta 16 de 52

1

What is meant by "Access Control"?

Selecciona una de las siguientes respuestas posibles:

  • A. The act of keeping unauthorised personel out of a system.

  • B. The act of allowing only authorised users into a system.

  • C. Authentication

  • All of the above

Explicación

Pregunta 17 de 52

1

A loss of integrity is unauthorised modification of data during the communication.

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 18 de 52

1

IPSec encapsulation mode provides protection to the entire IP packet.

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 19 de 52

1

Machine learning based intrusion detection systems are likely to produce false positives
during traffic analysis.

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 20 de 52

1

DDoS attacks cannot be launched at the application layer.

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 21 de 52

1

Which of the following is an example aspect of network security?

Selecciona una de las siguientes respuestas posibles:

  • Wireless security

  • Physical security

  • Human input errors

Explicación

Pregunta 22 de 52

1

Ciphertext-only capability means that: ______________.

Selecciona una de las siguientes respuestas posibles:

  • Only decryption can be performed on the ciphertexts

  • The adversary can only access to the ciphertexts

  • The adversary can only decrypt chosen ciphertexts

Explicación

Pregunta 23 de 52

1

PGP provides confidentiality through the use of ____________________.

Selecciona una de las siguientes respuestas posibles:

  • Symmetric block encryption

  • Radix-64

  • Digital signatures

Explicación

Pregunta 24 de 52

1

In IPSec, authentication NOT applied to the entire original IP packet is ______________.

Selecciona una de las siguientes respuestas posibles:

  • Cipher mode

  • Transport mode

  • Tunnel mode

Explicación

Pregunta 25 de 52

1

Which is FALSE regarding VPN?

Selecciona una de las siguientes respuestas posibles:

  • VPN server should be placed in front of firewall if the firewall needs to inspect the packet payloud.

  • VPN server can only be established by IP security.

  • VPN can build multiple overlaying networks that share the same physical network.

Explicación

Pregunta 26 de 52

1

How does a TCP flooding attack occur?

Selecciona una de las siguientes respuestas posibles:

  • Transport layer security (TLS) only secures communication between email servers and does not protect between client and server. This means all intermediate hops see plaintext. Hackers and government agencies can utilise this to their advantage. Google uses their key to encrypt emails and can decrypt the emails when requested.

  • During a TCP flood attack the attacker repeatedly send SYN packets to every port on the target server, often using fake IP addresses. These packets appear legitimate to the server as it tries to establish communication with a SYN-ACK packet. This basically overloads the server and it cannot establish communication due to the large amount of requests occurring.

  • A TCP flooding attack occurs by an attacker establishing a worm inside the victim system. This worm repeatedly attempts to connect to the system via SYN-ACK packets. These appear legeitimate as they come from within the host system and therefore bypass protection like firewalls and IPSec. This constant connections overload the systems resources causing it to reach capacity, and not be able to accept any legitimate connections.

Explicación

Pregunta 27 de 52

1

If the server does not allocate any resource to maintain the connections during the TCP
handshake, will the attack still be successful?

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 28 de 52

1

Domain Validated Certificates have to be verified offline?

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 29 de 52

1

If Alice wants to use PGP, she is required to egister at a CA to get a certificate?

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 30 de 52

1

In IPSec, transport mode provides protection to the entire IP packet?

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 31 de 52

1

Attack surfaces in networks include both physical and wireless communication channels?

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 32 de 52

1

If a certificate of a CA is self-signed, such a CA cannot be the root CA.

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 33 de 52

1

Which statement(s) is/are true about the TOR network?

Selecciona una de las siguientes respuestas posibles:

  • If there are 5 intermediate Tor routers between the user and web server, the middle one knows neither the user IP nor the server IP.

  • For per communication session, each TOR router will use its own key to encrypt the message.

  • Tor can hide the IP address of the users from all intermediate Tor routers.

Explicación

Pregunta 34 de 52

1

Which statement(s) is/are true about the secure key distribution?

Selecciona una de las siguientes respuestas posibles:

  • Alice can use public key of Bob to encrypt the private message encryption key in the presence of MITM attackers.

  • A security association is defined by the HMAC output that’s computed on the packets

  • Two parties can run the DH key exchange protocol to generate the key after mutual verification of their identities.

Explicación

Pregunta 35 de 52

1

Which way(s) is/are not trusted for obtaining the CA’s certificate?

Selecciona una de las siguientes respuestas posibles:

  • The certificate is installed on your mobile phone’s operating system.

  • The certificate is loaded from a USB, which is mailed from the CA service provider.

  • The certificate is sent by a chat bot via an end-to-end encrypted messaging app.

Explicación

Pregunta 36 de 52

1

Which statement(s) is/are not true regarding the security of IPSec-based (Tunnel Mode) VPN service?

Selecciona una de las siguientes respuestas posibles:

  • IPSec-based VPN reveals the IP address of the sender host.

  • IPSec-based VPN prevents from traffic analysis.

  • IPSec-based VPN reveals the IP addresses of the gateways which establish the tunnel.

Explicación

Pregunta 37 de 52

1

In PGP, the signature of message is generated before compression. Which statement(s) is/are the reason of doing this?

Selecciona una de las siguientes respuestas posibles:

  • The signature cannot be applied on the compressed message.

  • The compression algorithm might not be deterministic.

  • The compression algorithm can reduce the redundancy of the message.

Explicación

Pregunta 38 de 52

1

Why is the checksum in the header field of an IP packet insufficient for offering security?

Selecciona una de las siguientes respuestas posibles:

  • Checksum is not encrypted

  • Checksum only checks some parts of the payload

  • Checksum itself can be changed and forged

Explicación

Pregunta 39 de 52

1

Which statement/s is(are) not true about the Anti-Replay service of IPSec?

Selecciona una de las siguientes respuestas posibles:

  • The sequence number of packets cannot be a negative number.

  • The sliding window will be moved based on a time parameter defined in advance, e.g., after 1 minute, the window is advanced.

  • The receiver will accept the packets with a sequence number within the current sliding window and mark them as “received”.

Explicación

Pregunta 40 de 52

1

Which of the following is/are a service provided by PGP email encryption?

Selecciona una de las siguientes respuestas posibles:

  • Allow content filtering on encrypted emails

  • Ensure the confidentiality of all email fields

  • Provide a distributed key management service

Explicación

Pregunta 41 de 52

1

What is the ultimate goal of CONFidentiality in network applications?

Selecciona una de las siguientes respuestas posibles:

  • The encryption and decryption key remains secret

  • Both parties in a connection are confident about the security of their communication

  • The message m exchanged between two parties remains secret during the transmission

Explicación

Pregunta 42 de 52

1

It is sufficient to rely solely on transport layer security?

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 43 de 52

1

What is a countermeasure to TCP flooding attacks?

Selecciona una o más de las siguientes respuestas posibles:

  • Firewalls

  • Recycle list of half-opened connections

  • SYN cookies

  • Allocate backlog memory to a large amount

  • Encryption of IP header

  • Sliding window replay mechanism

Explicación

Pregunta 44 de 52

1

We generate a signature prior to compression so the signature does not depend on the compression algorithm.

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 45 de 52

1

Why does compression take place before encryption in PGP?

Selecciona una de las siguientes respuestas posibles:

  • Compression takes place before encryption to reduce the size of the message.

  • Compression is done prior to encryption to reduce redundancy. Compressing after encryption would mean the encryption would also have to be compressed, which would lower efficiency and speed.

  • Compression is done prior to encryption to increase the validity of the encryption.

Explicación

Pregunta 46 de 52

1

What are some limitations of PGP?

Selecciona una o más de las siguientes respuestas posibles:

  • Misuse

  • Leakage

  • No forward secrecy

  • Lack of non-repudiation and authentication in compromised scenarios

  • Lack of encryption

  • Headers can be targeted by hackers to reveal IP addresses

Explicación

Pregunta 47 de 52

1

Email service providers (eg. gmail) do not deploy end-to-end email encryption because it is too expensive?

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 48 de 52

1

TLS (transport layer security) hides the IP address of clients?

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 49 de 52

1

What are some services offered by IPSec?

Selecciona una o más de las siguientes respuestas posibles:

  • Messages Authentication (Integrity)

  • Key Management (Authenticity)

  • Anti-replay (Availability)

Explicación

Pregunta 50 de 52

1

The Internet Key Exchange (IKE) used in IPSec is based off of the Diffie-Hellman key exchange method?

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 51 de 52

1

What is true about ESP tunnel mode?

Selecciona una de las siguientes respuestas posibles:

  • ESP tunnel mode encrypts the IP paylod but not the IP header

  • ESP tunnel mode allows for traffic analysis

  • ESP tunnel mode disables traffic analysis

  • ESP tunnel mode authenticates the IP payloud and selected portions of the IP header

Explicación

Pregunta 52 de 52

1

What is true about AH transport mode?

Selecciona una de las siguientes respuestas posibles:

  • Authenticates entire IP packet

  • Encrypts IP payload

  • Encypts entire IP packet

  • Authenticates IP payloud and selected portions of the IP header

Explicación