All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
Search
Search
Sign In
Register
study help
computer sciences
systems analysis and design
Questions and Answers of
Systems Analysis And Design
(a) What is the main drawback to public key encryption? (b) What is the most popular public key encryption cipher? (c) What is the other commonly used public key encryption cipher? (d) Which need
(a) In public key encryption for authentication, which key does the supplicant use to encrypt? (b) Does the verifier decrypt the ciphertext with the supplicant's public key? (If not, explain what
(a) In public key authentication, what must the sender know that an impostor should not be able to learn? (b) For what type of authentication is a digital signature used-initial authentication or
(a) Besides authentication, what security benefit does a digital signature provide? (b) Explain what this benefit means. (c) Do most message-by-message authentication methods provide message
(a) Contrast the key the sender uses for encryption in public key encryption for confidentiality and public key encryption for authentication. (b) Contrast the key the receiver uses for decryption
(a) From what kind of organization can a verifier receive digital certificates? (b) Are most CAs regulated? (c) Does a digital certificate indicate that the person or firm named in the certificate
(a) What are the two most critical fields in the digital certificate? (b) What field in a digital certificate allows the receiver of a certificate to determine if the certificate has been altered?
(a) Does a digital signature by itself provide authentication? Explain why or why not. (b) Does a digital certificate by itself provide authentication? Explain why or why not. (c) How are digital
(a) What two cryptographic protections does an HMAC provide? (b) Do HMACs use symmetric key encryption, public key encryption, or hashing? (c) What is the benefit of HMACs over digital signatures?
(a) Why can't HMACs provide nonrepudiation? (b) Why is it usually not a problem that HMACs fail to provide nonrepudiation?
(a) What is a replay attack? (b) Can the attacker read the contents of the replayed message? (c) Why are replay attacks attempted? (d) What are the three ways to thwart replay attacks? (e) How do
(a) What is quantum key distribution? (b) What are the two advantages of quantum key distribution?
(a) What is the definition of a VPN? (b) Why do companies transmit over the Internet? (c) Why do they transmit over untrusted wireless networks? (d) Distinguish between the three types of VPNs. (e)
(a) Distinguish between SSL and TLS. (b) For what type of VPN was SSL/TLS developed? (c) For what type of VPN is SSL/TLS increasingly being used?
(a) At what layer does SSL/TLS operate? (b) What types of applications can SSL/TLS protect? (c) What are the two commonly SSL/TLS-aware applications? (d) Why is SSL/TLS popular?
(a) SSL/TLS was created for host-to-host (browser-webserver) communication. What device can turn SSL/TLS into a remote access VPN? (b) In SSL/TLS remote access VPNs, to what device does the client
(a) At what layer does IPsec operate? (b) What layers does IPsec protect? (c) Compare the amount of cryptographic security in IPsec with that in SSL/TLS. (d) Compare centralized management in IPsec
(a) Distinguish between transport and tunnel modes in IPsec in terms of packet protection. (b) What are the attractions of each? (c) What are the problematic issues of each?
(a) What does an SA specify? (Do not just spell SA out.) (b) When two parties want to communicate in both directions with security, how many IPsec SAs are necessary? (c) May there be different SAs in
(a) In codes, what do code symbols represent? (b) What is the advantage of codes? (c) What are the disadvantages?
(a) Why is the word symmetric used in symmetric key encryption? (b) When two parties communicate with each other using symmetric key encryption, how many keys are used in total? (c) What type of
(a) What is the best way to thwart exhaustive searches by cryptanalysts? (b) If a key is 43 bits long, how much longer will it take to crack it by exhaustive search if it is extended to 45 bits?
Why is cryptography not an automatic protection?
Identify potential security threats associated with authentication via digital signatures and digital certificates. Explain each and describe how you would address each threat.
The chapter described how public key authentication is used for message-by-message authentication in digital signatures. However, public key authentication is widely used for initial authentication.
If a supplicant gives you a digital certificate, should you accept it? Explain. (Think about this carefully. The answer is not obvious.)
Pretty Good Privacy (PGP) uses public key encryption and symmetric key encryption to encrypt long documents. How might this be possible?
Longer keys are more difficult to crack. Most symmetric keys today are 100 to 300 bits long. Why don't systems use far longer symmetric keys-say, 1,000 bit keys?
Brute force is used to crack a 100-bit key. The key is cracked in only 5,000 tries. How can this be?
In practice, public key authentication is used heavily for initial authentication but rarely for message-by-message authentication. Given the intense processing power required for public key
Describe the entries in the second row of Figure 3-9. Comment on the strengths of the choices it uses. Uses public key authentication (RSA) for initial authentication. Only export-grade
How are digital certificates and drivers' licenses similar, and how are they different?
Even if you encrypted a file with AxCrypt, wouldn't someone be able to recover a previous version of the file with a file recovery program?
Could your network administrator open these files after you encrypted them with AxCrypt? Why not?
How could Bloomberg insiders use terminal data to front-run traders?
How should Bloomberg handle questions about its ability to protect traders' data?
How could Bloomberg use encryption to calm trader's fears?
Why is confidentiality important in a business-to-business relationship?
Why does EFF publish a report about consumer privacy at large Internet companies?
How might privacy concerns affect customer loyalty and new product adoption?
(a) Explain the four general goals for secure networking. (b) How can information be gathered from encrypted network traffic? (c) Give an example of how new technology has made networks less
(a) What is the main access threat to Ethernet LANs? (b) What is the main access threat to wireless LANs? (c) Why is the access threat to wireless LANs more severe? (d) Is eavesdropping usually a
(a) Why is 802.1X called Port-Based Access Control? (b) Where is the heavy authentication work done? (c) What are the three benefits of using a central authentication server? (d) Which device is
(a) How does an EAP session start? (b) What types of messages carry requests for authentication information and responses to these requests? (c) Describe how the central authentication server tells
(a) What standard do most central authentication servers follow? (b) How are EAP and RADIUS related in terms of functionality? (c) What authentication method does RADIUS use?
(a) What is the most common attack against wireless networks? Why? (b) Which IEEE standard governs WLAN transmission? (c) Which device acts as a relay between wired and wireless networks? (d) What is
(a) What man-in-the-middle attack is a danger for 802.11 WLANs? (b) Physically, what is an evil twin access point? (c) What happens when the legitimate supplicant sends credentials to the
(a) How would a wireless DoS attack be carried out? (b) What type of devices could be used to flood the transmission frequency for a WLAN? (c) What device could be used to identify a DoS flood if the
(a) Why is it impossible to extend 802.1X operation using EAP directly to WLANs? (b) What standard did the 802.3 Working Group create to extend 802.1X operation to WLANs with security for EAP? (c)
(a) What was the first core wireless security standard? (b) What encryption algorithm does it use? (c) Why are permanent shared keys undesirable? (d) What per-frame key does a WEP computer or access
(a) What prompted the Wi-Fi Alliance to create WPA? (b) Compare WPA and 802.11i security. (c) What does the Wi-Fi Alliance call 802.11i? (d) Despite its security weaknesses, why do many companies
(a) What is a denial-of-service attack? (b) Other than a DoS attack, what could cause a company's webserver crash? (c) What are the main goals of DoS attacks? (d) Is a slow degradation of service
(a) Why is 802.1X mode unsuitable for homes and small offices? (b) What mode was created for homes or very small businesses with a single access point? (c) How do users in this mode authenticate
(a) What is the purpose of a wireless IDS? (b) How do wireless IDSs get their data? (c) What is a rogue access point? (d) What are the two alternatives to using a centralized wireless IDS? (e) Why
(a) Does the use of spread spectrum transmission in 802.11 create security? (b) What are SSIDs? (c) Does turning off SSID broadcasting offer real security? Explain. (d) What are MAC access control
(a) What is the difference between a direct and indirect DoS attack? (b) What is backscatter? (c) What types of packets can be sent as part of a DoS attack? (d) Describe a SYN flood. (e) How does a
(a) How does a P2P attack work? (b) How does a reflected attack work? (c) What is a DRDoS attack, and how does it work? (d) What is a Smurf flood? (e) What type of packet is sent in a Smurf flood?
(a) What is black holing? (b) Is black holing an effective defense against DoS attacks? Why? (c) How can the effects of SYN floods be mitigated? (d) What is a false opening? (e) Why is rate limiting
(a) Why do hosts use ARP? (b) Can ARP poisoning be used outside the LAN? Why not? (c) Why do hosts send ARP requests? (d) What is ARP spoofing? (e) How could an attacker use ARP spoofing to
(a) Explain ARP poisoning? (b) Why does the attacker have to send a continuous stream of unrequested ARP replies? (c) Do switches record IP addresses? Why not? (d) Does the attacker have to poison
(a) How can ARP poisoning be used as a DoS attack? (b) How can static IP and ARP tables be used to prevent ARP poisoning? (c) Can static IP and ARP tables be effectively used in large networks? Why
(a) What is a SLAAC attack? (b) Why do host automatically prefer IPv6 addressing? (c) What has to be introduced to a network for a SLAAC attack to work? (d) Would a SLAAC attack work on an existing
Why would it be desirable to protect all of a corporation's IP traffic by IPsec? Give multiple reasons.
What wireless LAN security threats do 802.11i and WPA not address?
Given the weakness of commercial WAN security, why do you think companies continue to use WAN technology without added cryptographic protections?
The 802.1X standard today is being applied primarily to wireless LANs rather than to wired LANs. Why do you think that is?
What are channels? Would one be better than another?
Why would someone want to use a Tor network?
What do relay servers do in a Tor network?
How do Tor networks provide anonymity?
Why is it still important to use an HTTPS connection if you are using a Tor network?
Why would Spamhaus be the target of such a large DDoS attack?
How could Spamhaus avoid similar attacks in the future?
Why would state-sponsored APTs be worrisome?
Why would a nation engage in cyber espionage?
What are the costs and benefits of a nation engaging in cyber espionage?
Should governments provide support to businesses to prevent cyber espionage? How?
(a) List the AAA access controls. (b) Explain each in a sentence. (c) What are the four bases for authentication credentials? (d) What is two-factor authentication's promise? (e) How can a Trojan
(a) Distinguish between magnetic stripe cards and smart cards. (b) What are one-time-password tokens? (c) What are USB tokens? (d) What is the advantage of USB tokens compared to cards? (e) What is
(a) Why is it important to disable lost or stolen access devices? (b) What is a PIN? (d) Why can PINs be short-only four to six digits-while passwords must be much longer?
(a) What is biometric authentication? (b) On what two things about you is biometric authentication based? (c) What is the major promise of biometrics?
(a) Describe the three scanner actions in the enrollment process. (b) What are key features? (c) Why are they necessary? (d) What does the server do with the key features created by the enrollment
(a) In biometrics, what is a match? (b) Distinguish between false acceptances and false rejections. (c) What are false acceptance rates (FARs) and false rejection rates (FRRs)? (d) For computer
(a) For watch lists of criminals, what is a false acceptance? (b) For watch lists of criminals, which is worse from a security viewpoint, a false acceptance or a false rejection? Explain. (c) For
(a) Distinguish between verification and identification. (b) Which requires more matches against templates? (c) Which is more likely to generate a false acceptance? Why? (d) Compare identification
(a) Suppose that the probability of a false acceptance is one in a million, that there are 10,000 identities in the database, and that there is a watch list with 100 people. What will be the FAR for
(a) Distinguish between error rates and deception in biometrics. (b) Why may fingerprint scanning, which is often deceived, be acceptable for entry into a supplies cabinet? (c) When may it not be
(a) Distinguish between mandatory access controls and discretionary access controls. (b) What is multilevel security? (c) What are SBU documents? (d) Do they need to be considered in access
(a) What is the advantage of fingerprint recognition? (b) What are the disadvantages? (c) For what type of use is fingerprint recognition sufficient? (d) What is the advantage of iris
(a) What is the advantage of face recognition? (b) What does surreptitious mean? (c) Where is hand geometry recognition used? (d) What are the disadvantages of voiceprint recognition? (e) What are
(a) What is the strongest form of authentication? (b) List the functions of a PKI. (c) Can a firm be its own certificate authority? (d) What is the advantage of doing so? (e) Who creates a computer's
(a) Why are authorizations needed after a person is authenticated? (b) What is another name for authorizations? (c) What is the principle of least permissions? (d) Why is it a good way to assign
(a) What is auditing? (b) Why is it necessary? (c) Why is log reading important? (d) What are the three types of actions that should be taken on log files? (e) Why are automatic alerts desirable?
(a) What are the three devices in central authentication using RADIUS servers? (b) What is the role of the authenticator? (c) What is the role of the central authentication server?
(a) In Kerberos, distinguish between the ticket granting ticket and the service ticket. (b) What information does the service ticket give the verifier? (c) How does the supplicant get the symmetric
(a) How is information in directory servers organized? (b) What are the top two levels of the organization? (c) Do directory servers only hold information about people?
(a) Why is having a single point of building entry important? (b) Why are emergency exits important? (c) What should be done about them? (d) List the four elements of entry authorization in CobiT.
(a) What is Microsoft's directory server product? (b) What is the smallest organizational unit in active directory? (c) What two things does a domain controller contain? (d) Can a domain have
(a) Distinguish between mutual and one-way trust among AD domains. (b) Distinguish between transitive and intransitive trust. (c) What principle should companies follow in making trust assignments?
(a) In federated identity management, do firms query one another's identity management databases? (b) What do they do instead? (c) What risk does this method avoid for the firm sending the security
Showing 2800 - 2900
of 3387
First
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34