Network Security Essentials Applications and Standards 5th Edition By Willaim Stallings – Test Bank



Sample  Questions



Chapter 1:  introduction



TRUE OR FALSE                                                                      


T          F          1.  With the introduction of the computer the need for automated

tools for protecting files and other information stored on the

computer became evident.


T          F          2.  There is a natural tendency on the part of users and system

managers to perceive little benefit from security investment until a

security failure occurs.


T          F          3.  There are clear boundaries between network security and internet



T          F          4.  The CIA triad embodies the fundamental security objectives for

both data and for information and computing services.


T          F          5.  In developing a particular security mechanism or algorithm one

must always consider potential attacks on those security features.


T          F          6.  A loss of confidentiality is the unauthorized modification or

destruction of information.


T          F          7.  Patient allergy information is an example of an asset with a

moderate requirement for integrity.


T          F          8.  The more critical a component or service, the higher the level of

availability required.


T          F          9.  Data origin authentication provides protection against the

duplication or modification of data units.


T          F          10. The emphasis in dealing with passive attacks is on prevention

rather than detection.


T          F          11. Data integrity is the protection of data from unauthorized



T          F          12.  Information access threats exploit service flaws in computers to

inhibit use by legitimate users.





T          F          13. Viruses and worms are two examples of software attacks.


T          F          14. A connection-oriented integrity service deals with individual

messages without regard to any larger context and generally

provides protection against message modification only.


T          F          15. Pervasive security mechanisms are not specific to any particular

OSI security service or protocol layer.






  1. _________ security consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information.


  1. Computer B.  Internet


  1. Intranet D.  Network



  1. Verifying that users are who they say they are and that each input arriving at the system came from a trusted source.


  1. authenticity B.  accountability


  1. integrity 
 D.  confidentiality



  1. __________ assures that systems work promptly and service is not denied to authorized users.


  1. Integrity 
 B.  Availability


  1. System integrity 
 D.  Data confidentiality



  1. __________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.


  1. Data confidentiality 
 B.  Availability


  1. System integrity 
             D.  Privacy


  1. The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity is _________ .


  1. accountability 
 B.  authenticity


  1. privacy 
 D.  integrity



  1. __________ attacks attempt to alter system resources or affect their operation.


  1. Active 
 B.  Release of message content


  1. Passive 
 D.  Traffic analysis



  1. A __________ takes place when one entity pretends to be a different entity.


  1. passive attack 
             B.  masquerade


  1. modification of message 
             D.  replay



  1. 800 defines _________ as a service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers.


  1. replay 
 B.  integrity


  1. authenticity 
 D.  security service



  1. _________ is a professional membership society with worldwide organizational and individual membership that provides leadership in addressing issues that confront the future of the Internet and is the organization home for the groups responsible for Internet infrastructure standards, including the IETF and the IAB.


  1. ITU-T 
             B.  ISO


  1. FIPS 
             D.  ISOC







  1. The protection of data from unauthorized disclosure is _________ .


  1. access control 
             B.  authentication


  1. data confidentiality 
 D.  nonrepudiation



  1. __________ is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government use and to the promotion of U.S. private sector innovation.


  1. ISO 


  1. ITU-T 



  1. The prevention of unauthorized use of a resource is __________ .


  1. access control 
             B.  authentication


  1. data confidentiality 
 D.  nonrepudiation



  1. The __________ service addresses the security concerns raised by denial-of-service attacks.


  1. event detection 
             B.  integrity


  1. availability 
 D.  routing control



  1. _________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.


  1. Notarization 
 B.  Authentication exchange


  1. Routing control 
             D.  Traffic padding



  1. _________ is a variety of mechanisms used to assure the integrity of a data unit or stream of data units.


  1. Data integrity 
             B.  Authentication exchange


  1. Trusted functionality 
 D.  Event detection






  1. _________ is defined as “the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources”.


  1. Three key objectives that are at the heart of computer security are: confidentiality, availability, and _________ .


  1. An intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is an __________ .


  1. A loss of _________ is the disruption of access to or use of information or an information system.


  1. __________ is the use of mathematical algorithms to transform data into a form that is not readily intelligible, in which the transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.


  1. Student grade information is an asset whose confidentiality is considered to be highly important by students and, in the United States, the release of such information is regulated by the __________.


  1. A possible danger that might exploit a vulnerability, a _________ is a potential for violation of security which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.


  1. A __________ attack attempts to learn or make use of information from the system but does not affect system resources.


  1. The common technique for masking contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message is _________ .


  1. Active attacks can be subdivided into four categories: replay, modification of messages, denial of service, and __________ .


X.800 divides security services into five categories: authentication, access control, nonrepudiation, data integrity and __________ .


  1. In the context of network security, _________ is the ability to limit and control the access to host systems and applications via communications links.




  1. The __________ is a worldwide federation of national standards bodies that promote the development of standardization and related activities with a view to facilitating the international exchange of goods and services and to developing cooperation in the spheres of intellectual, scientific, technological, and economic activity.


  1. __________ prevents either sender or receiver from denying a transmitted message; when a message is sent the receiver can prove that the alleged sender in fact sent the message and when a message is received the sender can prove that the alleged receiver in fact received the message.


  1. A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.



Chapter 3:  Public-Key Cryptography and Message Authentication







T          F          1.  Public key algorithms are useful in the exchange of conventional

encryption keys.


T          F          2.  Private key encryption is used to produce digital signatures which

provide an enhanced form of message authentication.


T          F          3.  
The strength of a hash function against brute-force attacks

depends solely on the length of the hash code produced by the



T          F          4.  The two important aspects of encryption are to verify that the

contents of the message have not been altered and that the source

is authentic.


T          F          5.  In the ECB mode of encryption if an attacker reorders the blocks of

ciphertext then each block will still decrypt successfully, however,

the reordering may alter the meaning of the overall data sequence.


T          F          6.  Message encryption alone provides a secure form of authentication.


T          F          7.  Because of the mathematical properties of the message

authentication code function it is less vulnerable to being broken

than encryption.


T          F          8.  In addition to providing authentication, a message digest also

provides data integrity and performs the same function as a frame

check sequence.


T          F          9.  Cryptographic hash functions generally execute slower in software

than conventional encryption algorithms such as DES.


T          F          10.  The main advantage of HMAC over other proposed hash based

schemes is that HMAC can be proven secure, provided that the

embedded hash function has some reasonable cryptographic





T          F          11.  Public key algorithms are based on mathematical functions rather

than on simple operations on bit patterns.


T          F          12.  The private key is known only to its owner.


T          F          13. 
The security of the Diffie-Hellman key exchange lies in the fact

that, while it is relatively easy to calculate exponentials modulo a

prime, it is very easy to calculate discrete logarithms.


T          F          14.  The key exchange protocol is vulnerable to a man-in-the-middle

attack because it does not authenticate the participants.


T          F          15.  Even in the case of complete encryption there is no protection of

confidentiality because any observer can decrypt the message by

using the sender’s public key.







  1. ________ protects against passive attacks (eavesdropping).


  1. Obfuscation 
 B.  Encryption


  1. SCR 
 D.  Message authentication



  1. The most important hash function is ________ .


  1. MAC 
 B.  SHA


  1. OWH 
 D.  ECB



  1. __________ is a procedure that allows communicating parties to verify that received messages are authentic.


  1. ECB 
             B.  Message authentication


  1. Passive attack 
             D.  Encryption





  1. If the message includes a _________ the receiver is assured that the message has not been delayed beyond that normally expected for network transit.


  1. sequence number 
 B.  shared key


  1. error detection code 
 D.  timestamp



  1. The purpose of a ___________ is to produce a “fingerprint” of a file, message, or other block of data.


  1. hash function 
             B.  public key


  1. message authentication 
             D.  cipher encryption



  1. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). A hash function with this property is referred to as __________ .


  1. collision resistant 
 B.  preimage resistant


  1. one-way 
             D.  weak collision resistant



  1. “It is easy to generate a code given a message, but virtually impossible to generate a message given a code” describes the __________ hash function property.


  1. second preimage resistant 
 B.  preimage resistant


  1. strong collision resistant 
 D.  collision resistant



  1. The __________ property protects against a sophisticated class of attack known as the birthday attack.


  1. preimage resistant 
 B.  one-way


  1. collision resistant 
 D. second preimage resistant








  1. Secure Hash Algorithms with hash value lengths of 256, 384, and 512 bits are collectively known as _________ .


  1. SHA-0 
 B.  SHA-3


  1. SHA-2 
 D.  SHA-1


  1. Public key cryptography is __________ .


  1. bit patterned 
 B.  one key


  1. symmetric 
 D.  asymmetric


  1. The readable message or data that is fed into the algorithm as input is the __________ .


  1. ciphertext 
 B.  plaintext


  1. encryption algorithm 
             D.  private key



  1. The key used in conventional encryption is typically referred to as a _________ key.


  1. secondary 
 B.  primary


  1. cipher 
 D.  secret



  1. The most widely accepted and implemented approach to public-key encryption, _________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n – 1 for some n.


  1. MD5 
 B.  RSA


  1. SHA 
 D.  CTR



  1. The purpose of the _________ algorithm is to enable two users to exchange a secret key securely that then can be used for subsequent encryption of messages and depends on the difficulty of computing discrete logarithms for its effectiveness.


  1. Diffie-Hellman 
 B.  RSA


  1. DSS 
 D.  Rivest-Adleman


  1. Based on the use of a mathematical construct known as the elliptic curve and offering equal security for a far smaller bit size, __________ has begun to challenge RSA.


  1. DSS 
 B.  TCB


  1. RIPE-160 
 D.  ECC







  1. Protection against active attacks (falsification of data and transactions) is known

as ___________ .


  1. The __________ property is the “one-way” property and is important if the

authentication technique involves the use of a secret value.


  1. The __________ approach has two advantages: it provides a digital signature as well

as message authentication and it does not require the distribution of keys to

communicating parties.


  1. Like the MAC, a __________ accepts a variable size message M as input and produces

a fixed size message digest H(M) as output.  Unlike the MAC, it does not take a

secret key as input.


  1. The __________ property guarantees that it is impossible to find an alternative

message with the same hash value as a given message, thus preventing forgery

when an encrypted hash code is used.


  1. As with symmetric encryption, there are two approaches to attacking a secure

hash function:  brute-force attack and ___________ .


  1. The two most widely used public key algorithms are RSA and _________ .


  1. The _________ was developed by NIST and published as a federal information

processing standard in 1993.


  1. __________ is a term used to describe encryption systems that simultaneously

protect confidentiality and authenticity (integrity) of communications.


  1. The key algorithmic ingredients of __________ are the AES encryption algorithm,

the CTR mode of operation, and the CMAC authentication algorithm.


  1. The __________ algorithm accepts the ciphertext and the matching key and

produces the original plaintext.


  1. A __________ is when the sender “signs” a message with its private key, which is

achieved by a cryptographic algorithm applied to the message or to a small

block of data that is a function of the message.


  1. A _________ is when two sides cooperate to exchange a session key.


  1. Using an algorithm that is designed to provide only the digital signature

function, the _________ makes use of the SHA-1 and cannot be used for encryption

or key exchange.


  1. Bob uses his own private key to encrypt the message. When Alice receives the

ciphertext she finds that she can decrypt it with Bob’s public key, thus proving

that the message must have been encrypted by Bob.  No one else has Bob’s

private key and therefore no one else could have created a ciphertext that could

be decrypted with Bob’s public key.  Therefore the entire encrypted message

serves as a _________ .


Chapter 5:  Network Access Control and Cloud Security



TRUE OR FALSE                                                                      



T          F          1.  Network access control authenticates users logging into the

network and determines what data they can access and actions

they can perform.


T          F          2.  Access requestors are also referred to as clients.


T          F          3.  A network access server does not include its own authentication



T          F          4.  VLANs are common NAC enforcement methods.


T          F          5.  The Extensible Authentication Protocol supports multiple

authentication methods.


T          F          6.  EAPOL operates at the network layers and makes use of an IEEE

802 LAN, such as Ethernet or Wi-Fi, at the link level.


T          F          7.  There is a decreasing trend in organizations to move information

technology operations to a cloud computing infrastructure.


T          F          8.  Cloud computing gives you the ability to expand and reduce

resources according to your specific service requirement.


T          F          9.  The cloud provider in a private cloud infrastructure is responsible

for both the infrastructure and the control.


T          F          10. The NIST cloud computing reference architecture focuses on the

requirements of “what” cloud services provide, not a “how to”

design solution and implementation.


T          F          11. A cloud broker is useful when cloud services are too complex for a

cloud consumer to easily manage.


T          F          12.  For many clients, the most devastating impact from a security

breach is the loss or leakage of data.


T          F          13.  In using cloud infrastructures, the client necessarily cedes control

to the CP on a number of issues that may affect security.


T          F          14.  The threat of data compromise decreases in the cloud.


T          F          15.  Data must be secured while at rest, in transit, and in use, and

access to the data must be controlled.





  1. ___________ is an umbrella term for managing access to a network.


  1. NAS B.  ARC


  1. NAC D.  RAS


  1. The _________ is the node that is attempting to access the network and may be any device that is managed by the network access control system.


  1. AR B.  RAS


  1. IP D.  PS


  1. The __________ determines what access should be granted.


  1. authentication server B.  policy server


  1. supplicant D.  access requestor


  1. The __________ is an Internet protocol that enables dynamic allocation of IP addresses to hosts.


  1. VLAN B.  IEEE 802.1X


  1. EAPS D.  DHCP


  1. _________ is a client computer that is attempting to access a network.


  1. EAP peer B.  PSK


  1. NAC                                     D.  RAS


  1. Broad network access, measured service, resource pooling, and rapid elasticity are essential characteristics of ___________.


  1. PaaS B.  network access control


  1. cloud computing D.  EAP-TLS


  1. _________ saves the complexity of software installation, maintenance, upgrades, and patches.


  1. IaaS B.  SaaS


  1. EAP D.  DHCP


  1. In effect, ________ is an operating system in the cloud.


  1. IEEE 802.1X B.  PaaS


  1. IaaS D.  DHCP


  1. _________ enables customers to combine basic computing services, such as number crunching and data storage, to build highly adaptable computer systems.


  1. IaaS B.  EAP peer


  1. CP D.  SaaS


  1. With a _________ infrastructure, the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.


  1. hybrid cloud B.  private cloud


C  public cloud                                   D.  community cloud


  1. With a _________ infrastructure, the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns.


  1. community cloud B.  public cloud


  1. private cloud D.  hybrid cloud


  1. A _________ is a person or organization that maintains a business relationship with, and uses service from, cloud providers.


  1. cloud auditor B.  cloud broker


  1. cloud carrier D.  cloud consumer



  1. A ________ is a person, organization, or entity responsible for making a service available to interested parties.


  1. cloud broker B.  cloud auditor


  1. cloud provider D.  cloud carrier


  1. A ________ is a party that can conduct independent assessment of cloud service, information sytem operations, performance, and security of the cloud implementation.


  1. cloud auditor B.  cloud carrier


  1. cloud broker D.  all of the above


  1. _________ is the provision of security applications and services via the cloud either to cloud-based infrastructure and software or from the cloud to the customers’ on-premise systems.


  1. IaaS B.  PaaS


  1. SaaS D.  SecaaS







  1. The ___________ functions as an access control point for users in remote locations connecting to an enterprise’s internal network.


  1. __________ methods are the actions that are applied to ARs to regulate access to the enterprise network.


  1. A __________ provides a form of NAC by allowing or denying network traffic between an enterprise host and an external user.


  1. An __________ is a server computer that negotiates the use of a specific EAP method with an EAP peer, validates the EAP peer’s credentials, and authorizes access to the network.


  1. A _________ is an entity at one end of a point-to-point LAN segment that seeks to be authenticated by an autheticator attached to the other end of that link.




  1. _________ is a model for enabling ubiquitous, convenient, on-demand network

access to a shared pool of configurable computing resources that can be

rapidly provisioned and released with minimal management effort or service

provider interaction.


  1. NIST defines three service models, which can be viewed as nested service alternatives: software as a service, platform as a service, and _________ as a service.


  1. With a ________ infrastructure, the cloud infrastructure is a composition of two or more clouds that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.


  1. A _________ in an intermediary that provides connectivity and transport of cloud services from CP’s to cloud consumers.


  1. ___________ includes people, processes, and systems that are used to manage access to enterprise resources by assuring that the identity of an entity is verified, and then granting the correct level of access based on this assured identity.


  1. __________ are third party audits of cloud services.


  1. _________ defines how the TLS protocol can be encapsulated in EAP messages.


  1. ____________ is an EAP method for mutual authentication and session key derivation using a Pre-Shared Key.


  1. An _________ is an access point or NAS that requires EAP authentication prior to granting access to a network.


  1. The Cloud Security Alliance defines _______ as the provision of security applications and services via the cloud either to cloud-based infrastructure and software or from the cloud to the customers’ on-premise systems.





Chapter 7:  Wireless Network Security



TRUE OR FALSE                                                                      


T          F          1.  IEEE 802.11 is a standard for wireless LANs.


T          F          2.   Wireless networks, and the wireless devices that use them,

introduce a host of security problems over and above those found

in wired networks.


T          F          3.   Sensors and robots, are not vulnerable to physical attacks.


T          F          4.  The integration service enables transfer of data between a station

on an IEEE 802.11 LAN and a station on an integrated IEEE 802.x



T          F          5.  MAC spoofing occurs when an attacker is able to eavesdrop on

network traffic and identify the MAC address of a computer with

network privileges.


T          F          6.  The DS can be a switch, a wired network, or a wireless network.


T          F          7.  The pairwise master key is derived from the group key.


T          F          8.  IEEE 802.11 defines seven services that need to be provided by the

wireless LAN to achieve functionality equivalent to that which is

inherent to wired LANs.


T          F          9.  Handheld PDAs pose a security risk in terms of both eavesdropping

and spoofing.


T          F          10.  The actual method of key generation depends on the details of the

authentication protocol used.


T          F          11.  The use of 802.1X cannot prevent rogue access points and other

unauthorized devices from becoming insecure backdoors.


T          F          12.  The principal threats to wireless transmission are eavesdropping,

altering or inserting messages, and disruption.


T          F          13.  The use of encryption and authentication protocols is the

standard method of countering attempts to alter or insert



T          F          14.  You should allow only specific computers to access your wireless



T          F          15.  Security policies for mobile devices should assume that any

mobile device will not be stolen or accessed by a malicious party.






  1. The term used for certified 802.11b products is ___________ .


  1. WAP B.  Wi-Fi


  1. WEP D.  WPA



  1. The layer of the IEEE 802 reference model that includes such functions as encoding/decoding of signals and bit transmission/reception is the _________ .


  1. physical layer B.  control layer


  1. logical link layer D.  media access layer



  1. In a(n) __________ situation, a wireless device is configured to appear

to be a legitimate access point, enabling the operator to steal passwords

from legitimate users and then penetrate a wired network through a legitimate wireless access point.


  1. malicious association B.  identiy theft


  1. network injection D.  ad hoc network



  1. ___________ and links, such as personal network Bluetooth devices, barcode readers, and handheld PDAs, pose a security risk in terms of both eavesdropping and spoofing.


  1. DoS B.  Accidental association


  1. Nontraditional networks D.  Ad hoc networks