IPSec and TLS Flashcards
IP spoofing is useful for ____________ communication
unidirectionalP2 L10
IPsec can assure that ___________________
A router advertisement comes from an authorized routera routing update is not forgeda redirect message comes from the router to which the initial packet was sentP2 L10
Encapsulated Security Payload (ESP) can be used inA) encryption only modeB) authentication only modeC) encryption and authentication mode
A, B, and CP2 L10
Encapsulated Security Payload (ESP) can provide both confidentiality and integrity protection
trueP2 L10
If the authentication option of ESP is chosen, message integrity code is computed before encryption
falseP2 L10
To protect the confidentiality and integrity of the whole original IP packet, we can use ESP with the authentication option in tunnel mode
trueP2 L10
In Authentication Header, the integrity hash covers the IP header
trueP2 L10
The security association, SA, specifies a two-way security arrangements between the sender and receiver
falseP2 L10
Security Parameter Index (SPI) is used to help receiver identify the Security Association (SA) to unprocess the IPSec packet
trueP2 L10
If the sequence number of the IPSec header is greater than the largest number of the current anti-reply window the packet is rejected
falseP2 L10
If the sequence number in the IPSec header is smaller than the smallest umber of the current anti-replay window the packet is rejected
trueP2 L10
The Diffie-Hellman key exchange is restricted to two party communication only
falseP2 L10
An IKE SA needs to be established before IPSec SAs can be negotiated
trueP2 L10
The identity of the responder and receiver and the messages they have exchanged need to be authenticated(authentication and key exchange)
trueP2 L10
With perfect forward secrecy, the IPSec SA keys are based on the IKE shared secret established in phase I.
falseP2 L10
