Internet Security Protocols, Wireless and Mobile Security (ch23, 22, 24) Flashcards
In IPSec, packets can be protected using ESP or AH but not both at the same time.
False
In IPSec, if A uses DES for traffic from A to B, then B must also use DES for traffic from B to A.
True
In IPSec, the sequence number is used for preventing replay attacks.
True
Most browsers come equipped with SSL and most Web servers have implemented the protocol.
True
Even web searches have (often) been in HTTPS.
True
In a wireless network, traffic is broadcasted into the air, and so it is much easier to sniff wireless traffic compared with wired traffic.
True
Compared with WEP, WPA2 has more flexible authentication and stronger encryption schemes.
True
iOS has no vulnerability.
False
In iOS, each file is encrypted using a unique, per-file key.
True
In iOS, an app can run its own dynamic, run-time generated code.
False
The App Store review process can guarantee that no malicious iOS app is allowed into the store for download.
False
In iOS, each app runs in its own sandbox.
True
In Android, all apps have to be reviewed and signed by Google.
False
In Android, an app will never be able to get more permission than what the user has approved.
False
Since Android is open-source, each handset vendor can customize it, and this is good for security (hint: consider security updates).
False
The most complex and important part of TLS is the ________.
A. signature
B. message header
C. payload
D. handshake protocol
D
_______ is a list that contains the combinations of cryptographic algorithms supported by the client.
A. Compression method
B. Session ID
C. CipherSuite
D. All of the above
C
ESP supports two modes of use: transport and ________.
A. padding
B. tunnel
C. payload
D. sequence
B
A benefit of IPsec is ________.
A. that it is below the transport layer and transparent to applications
B. there is no need to revoke keying material when users leave the organization
C. it can provide security for individual users if needed
D. all of the above
D
The ______ field in the outer IP header indicates whether the association is an AH or ESP security association.
A. protocol identifier
B. security parameter index
C. IP destination address
D. sequence path counter
A
IPsec can assure that:
A. a router advertisement comes from an authorized router.
B. A routing update is not forged.
C. A redirect message comes from the router to which the initial packet was sent.
D. All of the above
D
ESP can provide both confidentiality and integrity protection.
True
If the authentication option of ESP is chosen, message integrity code is computed before encryption.
False
To protect the confidentiality and integrity of the whole original IP packet, we can use ESP with authentication option in tunnel mode.
True
In AH, the integrity hash covers the IP header.
True
The security association, SA, specifies a two-way security arrangement between the sender and receiver.
False
SPI is used to help receiver identify the SA to un-process the IPSec packet.
True
If the sequence number in the IPSec header is greater than the largest number of the current anti-replay window the packet is rejected.
False
If the sequence number in the IPSec header is smaller than the smallest number of the current anti-replay window the packet is rejected.
True
Since TLS is for the Transport Layer, it relies on IPSec, which is for the IP Layer.
False
In most applications of TLS or SSL, public keys are used for authentication and key exchange.
True