Internet Security Protocols, Wireless and Mobile Security (ch23, 22, 24) Flashcards

1
Q

In IPSec, packets can be protected using ESP or AH but not both at the same time.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In IPSec, if A uses DES for traffic from A to B, then B must also use DES for traffic from B to A.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In IPSec, the sequence number is used for preventing replay attacks.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Most browsers come equipped with SSL and most Web servers have implemented the protocol.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Even web searches have (often) been in HTTPS.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In a wireless network, traffic is broadcasted into the air, and so it is much easier to sniff wireless traffic compared with wired traffic.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Compared with WEP, WPA2 has more flexible authentication and stronger encryption schemes.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

iOS has no vulnerability.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In iOS, each file is encrypted using a unique, per-file key.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In iOS, an app can run its own dynamic, run-time generated code.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The App Store review process can guarantee that no malicious iOS app is allowed into the store for download.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In iOS, each app runs in its own sandbox.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In Android, all apps have to be reviewed and signed by Google.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In Android, an app will never be able to get more permission than what the user has approved.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Since Android is open-source, each handset vendor can customize it, and this is good for security (hint: consider security updates).

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The most complex and important part of TLS is the ________.

A. signature

B. message header

C. payload

D. handshake protocol

17
Q

_______ is a list that contains the combinations of cryptographic algorithms supported by the client.

A. Compression method

B. Session ID

C. CipherSuite

D. All of the above

18
Q

ESP supports two modes of use: transport and ________.

A. padding

B. tunnel

C. payload

D. sequence

19
Q

A benefit of IPsec is ________.

A. that it is below the transport layer and transparent to applications

B. there is no need to revoke keying material when users leave the organization

C. it can provide security for individual users if needed

D. all of the above

20
Q

The ______ field in the outer IP header indicates whether the association is an AH or ESP security association.

A. protocol identifier

B. security parameter index

C. IP destination address

D. sequence path counter

21
Q

IPsec can assure that:

A. a router advertisement comes from an authorized router.

B. A routing update is not forged.

C. A redirect message comes from the router to which the initial packet was sent.

D. All of the above

22
Q

ESP can provide both confidentiality and integrity protection.

23
Q

If the authentication option of ESP is chosen, message integrity code is computed before encryption.

24
Q

To protect the confidentiality and integrity of the whole original IP packet, we can use ESP with authentication option in tunnel mode.

25
Q

In AH, the integrity hash covers the IP header.

26
Q

The security association, SA, specifies a two-way security arrangement between the sender and receiver.

27
Q

SPI is used to help receiver identify the SA to un-process the IPSec packet.

28
Q

If the sequence number in the IPSec header is greater than the largest number of the current anti-replay window the packet is rejected.

29
Q

If the sequence number in the IPSec header is smaller than the smallest number of the current anti-replay window the packet is rejected.

30
Q

Since TLS is for the Transport Layer, it relies on IPSec, which is for the IP Layer.

31
Q

In most applications of TLS or SSL, public keys are used for authentication and key exchange.