星期三, 5月 04, 2011

Test 10 Topic 11

COMPUTER CONTROL AUDITING AND SECURITY



Question 1
The ____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission. (21.1)

A. Standard HTTP
B. SFTP
C. S-HTTP
D. SSL Record Protocol

Correct answer is D

Refer to your text, page 653, Computer Security Principles and Practice, Stalling & Brown, 2008.


Question 2
Which of the follow are supported by S/MIME?

A. Enveloped data
B. Signed data
C. Clear-signed data
D. Signed and enveloped data
E. All of the above
F. None of the above

Correct answer is E

Enveloped data: This function consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients.

Signed data: A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer. The content plus signature are then encoded using base64 encoding. A signed data message can only be viewed by a recipient with S/MIME capability.

Clear-signed data: As with signed data, a digital signature of the content is formed. However, in this case, only the digital signature is encoded using base64. As a result, recipients without S/MIME capability can view the message content, although they cannot verify the signature.

Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted.

Question 3
Which of the following best describes the SSL Handshake Protocol?
A. The SSL Handshake Protocol is a four (4) phase process whereby messages are sent from the server to the client.
B. The SSL Handshake Protocol is a four (4) phase process whereby messages are sent to and from client and server.
C. The SSL Handshake Protocol is a four (4) phase process whereby messages are sent from the client to the server.
D. The SSL Handshake Protocol is a scalable transaction which enables as many (or as few) phases as required to enable transmissions of files of any size.

Correct answer is B

"The SSL Handshake protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptogaphic keys to be used to protect data sent in an SSL record. The Handshake Protocol is used before any application data are transmitted. "(from page 654, Stallings & Brown, 2008).

Question 4
Kerberos’ _______________ is an interacting application that validates clients and servers. (22.1)

A. Ticket Granting Service
B. Authentication Server
C. Authentication Client
D. Key Distribution Center

Correct answer is B

Client: wishes to authenticate itself to a server. Server: requires authentication before granting service to client: Authentication server: authenticates users to servers and servers to users. Ticket-granting server:  issues tickets to users who have been authenticated to the authentication server; the tickets are used to authenticate user to server. For further details see page 672 of the text, Stallings & Brown (2008).


Question 5
_________ digital certificates are issued by a CA or RA directly to individuals. (22.4)

A. Server
B. Software publisher
C. Anonymous
D. Personal

Correct answer is D

In essence, an X.509 certificate consists of a public key plus a User ID of the key owner, with the whole block signed by a trusted third party. Typically, the third party is a certificate authority (CA) that is trusted by the user community, such as a government agency or a financial institution. A user can present his or her public key to the authority in a secure manner and obtain a certificate. The user can then publish the certificate. Anyone needing this user's public key can obtain the certificate and verify that it is valid by way of the attached trusted signature.

Question 6
____ is an integrated system of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure of an organization.

A. SSL
B. PKI
C. PKC
D. SIS

Correct answer is B

A public-key infrastructure (PKI) is the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography. The principal objective for developing a PKI is to enable secure, convenient, and efficient acquisition of public keys.