Transport

Question 1

DNS

Answer 1

looks up associated IP address for a particular domain name

Question 2

Process for accessing website

Answer 2

A computer asks its DNS server for the address associated with a website, the DNS server responds with an IP address, and your computer undoubtedly accepts it as legitimate response and connects to that website

Question 3

DNSSEC

Answer 3

can foil DNS cache poisoning attacks by signing replies by responding server

Question 4

HTTP web based login process

Answer 4

Client requests nonce from server

server responds with nonce

Client uses server, client nonce, and password to generate hash

Client sends username, nonce and hash to server

Server retrieves server nonce and password from database

Server combines server nonce, client nonce, and password to generate a hash

server compares hash just generated with hash sent from client

Question 5

HTTPS encrypts what

Answer 5

URL of requested web page

web page contents

contents of forms filled in

cookies established

Question 6

integrating HTTP and SSL leads to 2 majority security services

Answer 6

encryption and SSL handshaking

Question 7

HTTPS provides

Answer 7

confidentiality

server authentication

message integrity

Question 8

TLS (Transport Layer Security)

Answer 8

enhances network communication with confidentiality, data integrity, server authentication, client authentication, and secure HTTP web transactions

Question 9

Message Digest

Answer 9

cryptographic hash function containing string of digits created by a one-way hashing formula

protect integrity of data

detects changes and alterations to any part of message

Question 10

TLS is designed to operate over TCP. Why?

Answer 10

doesn’t work with UDP. because it is not designed to handle the ;timing out’ and ‘retransmitting lost data’ which are handled by TCP

Question 11

SSL provides network connection through

Answer 11

Confidentiality

Authentication

Reliability

Question 12

SSL consists of

Answer 12

handshake protocol

cipher change protocol

alert protocol

Record protocol

Question 13

SSL Hanshake protocol process

Answer 13

Establish security capabilities

server authentication and key exchange

client authentication and key exchange

finishing and verification

Question 14

what does cipher change protocol do in SSL

Answer 14

exchange of this message indicates all future data exchanges are encrypted and integrity is protected

Question 15

what does Alert protocol do in SSL

Answer 15

Report errors

notify closure of TCP connection

notify of bad certificate

Question 16

SSH (Secure Shell Protocol)

Answer 16

method for secure remote login from one computer to another

Question 17

SSH process

Answer 17

connection established with public key sent to client

negotiate on symmetric encryption algorithm that will be used and generate the key

Question 18

What is ssh replacing

Answer 18

Telnet

Question 19

ssh port

Answer 19

22

Question 20

Types of Digital Certificate

Answer 20

Server

Personal

Organization

Developer

Question 21

Server certificate

Answer 21

allows visitors to exchange personal information

credit card info

Question 22

Personal certificates

Answer 22

allow one to authenticate a visitor’s identity and restrict access to specified content

Question 23

Organization Certificate

Answer 23

used by corporate entities to identify employees for corporate secure email and web based transaction

Question 24

Developer Certificates

Answer 24

Prove authorship and retain integrity of software

Question 25

advantages of digital certificate

Answer 25

decrease number of passwords a user has to remember to gain access to different network domains

creates electronic audit trail

Question 26

what does Man in the middle attack

Answer 26

Public Keys