Network security

UNIT 4
1. In terms of Web Security Threats, “Impersonation of another user” is a Passive Attack.
a) True b) False
View Answer
Answer: b
Explanation: Passive attacks include eavesdropping on network traffic between browser and server and gaining
access to information on a website that is supposed to be restricted. Active attacks include impersonating
another user, altering messages in transit between client and server, altering information on a website.
2 Which one of the following is not a higher –layer SSL protocol?
a) Alert Protocol b) Handshake Protocol c) Alarm Protocol d) Change Cipher Spec Protocol
View Answer
Answer: c
Explanation: Three higher –layer protocols are defined as part of SSL: The Handshake Protocol, The Change
Cipher Spec Protocol and The Alert Protocol.
3. Which one of the following is not a session state parameter?
a) Master Secret b) Cipher Spec c) Peer Certificate d) Server Write Key
View Answer
Answer: d
Explanation: Session state is defined by the following parameters – Session identifier, Peer certificate,
Compression method, Cipher spec, Master secret, Is resumable. Server Write Key falls under Connection State.
4. In the SSL Protocol, each upper layer message if fragmented into a maximum of __________ bytes.
a) 216 b) 232 c) 214 d) 212
View Answer
Answer: c
Explanation: In the fragmentation process we obtain blocks of 2^14 bytes which is compressed in the next step.
5. The difference between HMAC algorithm and SSLv3 is that pad1 and pad2 are ________ in SSLv3 whereas
________ in HMAC.
a) NANDed, XORed b) Concatenated, XORed c) XORed, NANDed d) XORed, Concatenated
View Answer
Answer: b
Explanation: The pads are concatenated in SSLv3 and XORed in HMAC algorithm.
6. The full form of SSL is
a) Serial Session Layer b) Secure Socket Layer c) Session Secure Layer d) Series Socket Layer
View Answer
Answer: b
Explanation: SSL stands for Secure Sockets Layer.
7. After the encryption stage in SSL, the maximum length of each fragment is
a) 214+1028 b) 214+2048 c) 216+1028 d) 216+2048
View Answer
Answer: b
Explanation: Encryption may not increase the content length by more than 1024 bytes, so the total length may
not exceed 214+2048.
8. Consider the following example –
Size of Plaintext – 48 bytes.
Size of MAC – 20 bytes.
Block Length – 8 bytes.
How many bytes of padding need to be added to the system?
a) 1 b) 2 c) 3 d) 4
View Answer
Answer: c
Explanation: 48 + 20 = 68 bytes. 72 is the next multiple of 8 (Block Length). 72 – 68 = 4. But we need to
compensate 1 byte for length of the padding. Therefore, we require only 3 Bytes padding.
9. Which protocol is used to convey SSL related alerts to the peer entity?
a) Alert Protocol b) Handshake Protocol
c) Upper-Layer Protocol d) Change Cipher Spec Protocol
View Answer
Answer: a
Explanation: The Alert protocol is used to convey SSL related alerts to the peer entity.
10. Which protocol consists of only 1 bit?
a) Alert Protocol b) Handshake Protocol
c) Upper-Layer Protocol d) Change Cipher Spec Protocol
View Answer
Answer: d
Explanation: The change cipher spec protocol is bit long.
11. Which protocol is used for the purpose of copying the pending state into the current state?
a) Alert Protocol b) Handshake Protocol
c) Upper-Layer Protocol d) Change Cipher Spec Protocol
View Answer
Answer: d
Explanation: The Change Cipher Spec Protocol is used for this action.
12. Which of the following are possible sizes of MACs?
i) 12 Bytes
ii) 16 Bytes
iii) 20 Bytes
iv) 24 Bytes

a) i and iii b) ii only

c) ii and iii d) ii iii and iv
View Answer
Answer: c
Explanation: MACs can be 0, 16 or 20 Bytes.
13. In the alert protocol the first byte takes the value 1 or 2 which corresponds to _________ and _________
respectively.
a) Select, Alarm b) Alert, Alarm
c) Warning, Alarm d) Warning, Fatal
View Answer
Answer: d
Explanation: The first byte takes the value warning(1) or fatal(2) to convey the severity of the message.
14. Number of phases in the handshaking protocol?
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: c
Explanation: There are 4 phases in the handshaking protocol. These are –
Phase 1 : Establishing security capabilities
Phase 2 : Server Authentication and Key Exchange
Phase 3 : Client Authentication and Key Exchange
Phase 4 : Finish/ End.
15. In the SSL record protocol operation pad_2 is –
a) is the byte 0x36 repeated 40 times for MD5
b) is the byte 0x5C repeated 48 times for MD5
c) is the byte 0x5C repeated 48 times for SHA-1
d) is the byte 0x36 repeated 48 times for MD5
View Answer
Answer: b
Explanation: pad_2 = is the byte 0x5C repeated 48 times for MD5.
16.In the SSL record protocol operation pad_1 is –
a) is the byte 0x36 repeated 40 times for MD5
b) is the byte 0x5C repeated 40 times for MD5
c) is the byte 0x5C repeated 48 times for SHA-1
d) is the byte 0x36 repeated 48 times for MD5
View Answer
Answer: d
Explanation: pad_1 = is the byte 0x36 repeated 48 times for MD5.
17. In the Handshake protocol action, which is the last step of the Phase 2 : Server Authentication and Key
Exchange?
a) server_done b) server_key_exchange
c) certificate_request d) crtificate_verify
View Answer
Answer: a
Explanation: The last step of the Phase 2 is the server_done step.
18. Which is the key exchange algorithm used in CipherSuite parameter?
a) RSA b) Fixed Diffie-Hellman
c) Ephemeral Diffie-Hellman d) Any of the mentioned
View Answer
Answer: d
Explanation: We can use either of the following for the CipherSuite key exchange-
i) RSA ii) Fixed Diffie-Hellman
iii) Ephemeral Diffie-Hellman iv) Anonymous Diffie-Hellman
v) Fortezza.
19.The certificate message is required for any agreed-on key exchange method except _______________
a) Ephemeral Diffie-Hellman
b) Anonymous Diffie-Hellman
c) Fixed Diffie-Hellman
d) RSA
View Answer
Answer: b
Explanation: The certificate message is required for any agreed-on key exchange method except Anonymous
Diffie-Hellman.
20. In the Phase 2 of the Handshake Protocol Action, the step server_key_exchange is not needed for which of
the following cipher systems?
a) Fortezza
b) Anonymous Diffie-Hellman
c) Fixed Diffie-Hellman
d) RSA
View Answer
Answer: c
Explanation: The Fixed Diffie-Helmann does not require the server_key_exchange step in the handshake
protocol.
21. The DSS signature uses which hash algorithm?
a) MD5
b) SHA-2
c) SHA-1
d) Does not use hash algorithm
View Answer
Answer: c
Explanation: The DSS signature uses SHA-1.
22. The RSA signature uses which hash algorithm?
a) MD5
b) SHA-1
c) MD5 and SHA-1
d) None of the mentioned.
View Answer
Answer: c
Explanation: The MD5 and SHA-1 hash is concatenated together and the then encrypted with the server’s
private key.
23. What is the size of the RSA signature hash after the MD5 and SHA-1 processing?
a) 42 bytes
b) 32 bytes
c) 36 bytes
d) 48 bytes
View Answer
Answer: c
Explanation: The size is 36 bytes after MD5 and SHA-1 processing.
24. The certificate_request massage includes two parameters, one of which is-
a) certificate_extension
b) certificate_creation
c) certificate_exchange
d) certificate_type
View Answer
Answer: d
Explanation: The certificate_request massage includes two parameters : certificate_type and
certificate_authorities.
25. The client_key_exchange message uses a pre master key of size –
a) 48 bytes
b) 56 bytes
c) 64 bytes
d) 32 bytes
View Answer
Answer: a
Explanation: The client_key_exchange message uses a pre master key of size 48 bytes.
26. The certificate_verify message involves the process defined by the pseudo-code (in terms of MD5) –
CertificateVerify.signature.md5_hash = MD5(master_secret || pad_2 || MD5(handshake_messages ||
master_secret || pad_1).
Is there any error? If so, what is it?
a) Yes. pad_1 and pad_2 should be interchanged
b) Yes. pad’s should be present towards the end
c) Yes. master_key should not be used, the pre_master key should be used
d) No Error
View Answer
Answer: d
Explanation: The code is correct with no errors.
27. In the handshake protocol which is the message type first sent between client and server ?
a) server_hello b) client_hello c) hello_request d) certificate_request
View Answer
Answer: b
Explanation: Interaction between the client and server starts via the client_hello message.
28 In the SSLv3 the padding bits are ____________ with the secret key.
a) Padded b) XORed c) Concatenated d) ANDed
View Answer
Answer: c
Explanation: The padding bits are concatenated with the secret key.
29 Which of the following is not a valid input to the PRF in SSLv3?
a) secret value
b) identifying label
c) initialization vector
d) secret value
View Answer
Answer: c
Explanation: The PRF does not require an initialization vector.
30. Which of the following alert codes is not supported by SSLv3?
a) record_overflow b) no_certificate c) internal_error d) decode_error
View Answer
Answer: b
Explanation: no_certificate is not supported by the SSLv3.
31. We encounter the record_overflow error when the payload length exceeds –
a) 214 + 1024 b) 216 + 1024 c) 214 + 2048 d) 216 + 2048
View Answer
Answer: c
Explanation: The overflow error is encountered when the length exceeds 214 + 2048.
32. Which key exchange technique is not supported by SSLv3?
a) Anonymous Diffie-Hellman b) Fixed Diffie-Hellman
c) RSA d) Fortezza
View Answer
Answer: d
Explanation: Fortezza is not supported in SSLv3.
e-learning-project-cartoonifier
33. Calculation of the certificate_verify in TLS involves the use of a finished_label. The finished_label is the
string-
a) client finished for the client
b) client finished for the client, server finished for the server
c) server finished for the server
d) client finished for the server, server finished for the client
View Answer
Answer: b
Explanation: The finished_label is the string client finished for the client, server finished for the server.
34. In TLS padding cann be upto a maximum of –
a) 79 bytes b) 127 bytes c) 255 bytes d) none of the mentioned
View Answer
Answer: c
Explanation: Padding can be upto a maximum of 255 bytes.
35. URL stands for –
a) Universal Remote Locator b) Universal Resource Language
c) Uniform Resource Locator d) Uniform Resource Language
View Answer
36. HTTPS stands for Hypertext Transfer Protocol over TLS.
a) True b) False
View Answer
Answer: a
Explanation: The statement is true. HTTPS is HTTP invoked over SSL/TLS.
37. An HTTP connection uses port _________ whereas HTTPS uses port ____________ and invokes SSL.
a) 40; 80 b) 60; 620 c) 80; 443 d) 620; 80
View Answer
Answer: c
Explanation: HTTP uses 80 ports, whereas HTTPS uses 443 ports.

UNIT 5

1. Which layer in the IEEE 802.11 protocol stack has the function of flow control and error control?
a) Physical Layer
b) Logic Link Control Layer
c) Medium Access Layer
d) None of the mentioned
View Answer
Answer: b
Explanation: Logic Link Layer has the function of flow control and error control.
2. With respect to IEEE 802.11 Wireless LAN, MSDU stands for-
a) MAC service data unit.
b) Main server data user
c) Multiframe service datagram usage
d) MAC server device usage
View Answer
Answer: a
Explanation: MSDU stands for MAC service data unit.
3. Frequency band definition and Wireless signal encoding are functions of which layer?
a) Physical Layer
b) Logic Link Control Layer
c) Medium Access Layer
d) None of the mentioned
View Answer
Answer: a
Explanation: Frequency band definition and Wireless signal encoding are functions of the Physical Layer.
4. The correct order of the of the MAC header is-
a) MAC Control, Destination MAC Address, Source MAC Address
b) Destination MAC Address, Source MAC Address, MAC Control
c) Source MAC Address, Destination MAC Address, MAC Control
d) none of the mentioned
View Answer
Answer: a
Explanation: The correct order of arrangement is MAC Control, Destination MAC Address, Source MAC
Address.
advertisement
5. CRC is a component of the MAC trailer.
a) True
b) False
View Answer
Answer: a
Explanation: CRC is a component of the MAC trailer. The statement is true.
6. Reliable data delivery and Wireless access control protocols are functions of which layer?
a) Physical Layer
b) Logic Link Control Layer
c) Medium Access Layer
d) None of the mentioned
View Answer
Answer: c
Explanation: Reliable data delivery and Wireless access control protocols are functions of the Medium Access
Layer.
7. Which layer keeps track of the frames that have been transmitted and received?
a) Physical Layer
b) Logic Link Control Layer
c) Medium Access Layer
d) None of the mentioned
View Answer
Answer: b
Explanation: The LLC keeps track of the frames that have been transmitted and received.
8. The smallest building block of a wireless LAN is –
a) Unit server set
b) Unit service set
c) Basic server set
d) Basic service set
View Answer
Answer: d
Explanation: The smallest building block of a wireless LAN is Basic service set (BSS).
9. In an IBSS system all communications are done via access points (APs).
a) True
b) False
View Answer
Answer: b
Explanation: IBSS stands for Independent Basic Service Set.

10. __________ consists of two or more basic service sets interconnected by a distribution system.
a) Extended Service Set
b) Permuted Service Set
c) Complex Service Set
d) Multiplex Service Set
View Answer
Answer: a
Explanation: Extended Service Set consists of two or more basic service sets interconnected by a distribution
system.
11. IEEE 802.11 defines ___________ services that need to be provided by the wireless LAN to achieve
functionality equivalent to that which is inherent to wired LANs.
a) 4
b) 7
c) 5
d) 9
View Answer
Answer: d
Explanation: There are 9 services provided by IEEE 802.11.
12. ___________ services are used to control IEEE 302.11 LAN access and confidentiality.
a) 4
b) 5
c) 2
d) 3
View Answer
Answer: d
Explanation: Three of the services provided by IEEE 302.11 LAN are used to control access and confidentiality.
13.__________ services are used to control IEEE 302.11 LAN delivery of MDSUs between stations.
a) 5
b) 6
c) 3
d) 2
View Answer
Answer: b
Explanation: 6 services are used to control IEEE 302.11 LAN delivery of MDSUs between stations.
148
14. _________ services are implemented in every 802.11 station, including AP stations. _________ services are
provided between BSSs.
a) Station, Distribution
b) Distribution, Station
c) Extended, Basic
d) Basic, Extended
View Answer
Answer: a
Explanation: Station services are implemented in every 802.11 station, including AP stations. Distribution
services are provided between BSSs.
15. The _________ service enables transfer of data between a station on an IEEE 802.11 LAN and a station on
an integrated IEEE 802.x LAN.
a) extension
b) differentiation
c) integration
d) distribution
View Answer
Answer: c
Explanation: The integration service enables transfer of data between a station on an IEEE 802.11 LAN and a
station on an integrated IEEE 802.x LAN.
16. When a station moves only within the direct communication range of the communication stations of a single
BSS, it is referred to as –
a) No transition
b) BSS transition
c) ESS transition
d) All of the mentioned
View Answer
Answer: a
Explanation: When a station moves only within the direct communication range of the communication stations
of a single BSS, it is referred to as No transition.
17. A station movement from one BSS in one ESS to a BSS within another ESS falls under –
a) No transition
b) BSS transition
c) ESS transition
d) All of the mentioned
View Answer
Answer: c
Explanation: A station movement from one BSS in one ESS to a BSS within another ESS falls under ESS
transition.
18. “Enables an established association to be transferred from one AP to another, allowing a mobile station to
move from one BSS to another.” This can be referred to as-
a) Association
b) Reassociation
c) Disassociation
d) All of the mentioned
View Answer
Answer: a
Explanation: This is known as association.
19. What was the security algorithm defined for the IEEE 802.11?
a) WEP
b) RSN
c) WPA
d) SSL
View Answer
Answer: a
Explanation: Wired Equivalency Privacy was the security algorithm defined for the IEEE 802.11.
20. The final form of the 802.11i standard is referred to as –
a) Wi-Fi Protected Access
b) Robust Security Network
c) Wired Equivalency Privacy
d) None of the mentioned
View Answer
Answer: b
Explanation: The final form of the 802.11i standard is the Robust Security Network (RSN).
21. EAP stands for –
a) Extended Application Protocol
b) Extensible Authentication Protocol
c) Embedded Application Protocol
d) Embedded Authentication Protocol
View Answer
Answer: b
Explanation: EAP stands for Extensible Authentication Protocol.
22. TKIP is an access control protocol.
a) True
b) False
View Answer
Answer: b
Explanation: TKIP stands for Temporal Key Integrity Protocol and falls under “Confidentiality, Data Origin
Authentication and Integrity and Replay Protection.”
23. In which phase of operation does the STA and AS prove their identities to each other?
a) Discovery
b) Authentication
c) Key generation and distribution
d) Protected data transfer
View Answer
Answer: b
Explanation: The STA and AS prove their identities to each other in the Authentication phase.ory Design
Pattern
24. The specification of a protocol, along with the chosen key length (if variable) is known as –
a) cipher suite
b) system suite
c) key set
d) service set
View Answer
Answer: a
Explanation: The specification of a protocol, along with the chosen key length (if variable) is known as cipher
suite.
25. Which the 3rd phase of operation in the IEEE 802.11i Protocol?
a) Protected Data Transfer
b) Discovery
c) Authentication
d) Key Management
View Answer
Answer: d
Explanation: Key management is the 3rd Phase of operation in the IEEE 802.11i Protocol.
26. Which phase uses the Extensible Authentication Protocol?
a) Discovery
b) Authentication
c) Key Management
d) Protected Data Transfer
View Answer
Answer: b
Explanation: EAP belongs to the Authentication Phase and is defined in the IEEE 802.1X standard.
27. There are a number of possible EAP exchanges that can be used during authentication phase. Typically the
message flow between the STA and AP employs the ___________ protocol.
a) RADUIS
b) EAPOL
c) TKIP
d) KSN
View Answer
Answer: b
Explanation: The message flow between the STA and AP employs the EAP over LAN (EAPOL) protocol.
28. Another name for the AAA key (Authentication, Authorization and Accounting Key) is –
a) pre-shared key
b) pairwise transient key
c) master session key
d) key conformation key
View Answer
Answer: c
Explanation: The AAA key (Authentication, Authorization and Accounting Key) is also known as master
session key.