Università degli Studi di Brescia Network Security, Prof. F. Gringoli, A.A. 2012/2014 Written test, 21 November 2014 LAST name, FIRST name: ________________________________________ MATRICOLA: ______________________________ Answer the following questions, marking “T” for true, and “F” for false. Each correct answer gets you 1 point. Each incorrect answer gets you -1 point. Each answer without an explanation gets you 0 point. 1 IPsec a A IPsec session between two peers is made of two distinct Security Associations (SAs) T F b SAs are mainted inside the Security Association Database and are looked-up by the receiver using the Security Parameter Index (SPI) embedded in each received packet T F c The SPI is a 16-bit parameter T F d To connect to a whole remote network, a host on the internet may use IPsec in transport mode T F e The algorithm that protects the integrity of an IPsec AH (Authentication Header) packet covers the entire packet, including Time-To-Live (TTL) and checksum fields in the header T F 2 TLS a All applications can be converted to use Transport Layer Security (TLS) without changing any line of code T F b TLS may be used only for protecting TCP (Transmission Control Protocol) data sessions T F c TLS may provide Perfect Forward Secrecy (PFS) T F d TLS mandatorily authenticates the server to the client using x509 certificates T F e The PreMasterSecret (PMS) is a random number chosen by the server and transported to the client T F Page 1/3 Copyright © 2007-2014 F. Gringoli <[email protected]>, all rights reserved Università degli Studi di Brescia Network Security, Prof. F. Gringoli, A.A. 2012/2014 Written test, 21 November 2014 3 Hash and MAC functions a A MAC offers non-repudiation by construction b For a good MDC with n bit output, one should compute O( (2^n) / 2) values in order to find a collision with probability = ½ (brute force attack) O( 2 ^ (n/2) ) T F T F c Hash are building blocks for Digital Signature algorithms T F d MD5 has been mathematically shown to be pre-image resistant T F e Weak pre-image resistance implies strong collision resistance T F 4 Security and 802.11 a WPA-Enterprise may use EAP-MD5 to authenticate stations to the network T F b In WPA-PSK and WPA-Enterprise, the Four-Way-Handshake Protocol produces Pairwise Temporary Keys T F c WPA-PSK does not use any Pairwise Master Key T F d Both WEP and WPA1 uses a linear function to protect the integrity of packets T F e WPA-Enterprise does not allow Perfect Forward Secrecy (PFS) T F Page 2/3 Copyright © 2007-2014 F. Gringoli <[email protected]>, all rights reserved Università degli Studi di Brescia Network Security, Prof. F. Gringoli, A.A. 2012/2014 Written test, 21 November 2014 5 a Non-crypto authentication mechanisms The use of pseudo-random sequence numbers at the beginning of every TCP session helps preventing attackers to send data on behalf of a peer to the other one T F b The use of pseudo-random sequence numbers at the beginning of every TCP session cannot provide any protection if the attacker has physical access to a router lying in the path between the two peers T F c DNS queries embed a Transaction ID that helps preventing DNS poisoning attacks T F d The DNS Transaction ID is a 32 bit parameter T F e The source port in a DNS query should change randomly to improve the security of the DNS protocol T F Page 3/3 Copyright © 2007-2014 F. Gringoli <[email protected]>, all rights reserved
© Copyright 2024 ExpyDoc
