Guide to Network Defense and Countermeasures 3rd Edition Randy Weaver Dawn Weaver Dean Farwood- Test Bank
To Purchase this Complete Test Bank with Answers Click the link Below
If face any problem or
Further information contact us At tbzuiqe@gmail.com
Sample Test
Chapter 3 – Network Traffic Signatures
TRUE/FALSE
1. All
devices interpret attack signatures uniformly.
ANS:
F
PTS:
1
REF: 80
2. An
atomic attack is a barrage of hundreds of packets directed at a host.
ANS:
F
PTS:
1
REF: 85
3. The
signature of a normal FTP connection includes a three-way handshake.
ANS:
T
PTS:
1
REF: 91
4. Newer
Trojans listen at a predetermined port on the target computer so that detection
is more difficult.
ANS:
F
PTS:
1
REF: 99
5. Packet
fragmentation is not normal, and can only occur if an attack has been
initiated.
ANS:
T
PTS:
1
REF: 103
MULTIPLE CHOICE
1. How
does the CVE standard make network security devices and tools more effective?
|
a. |
the layered approach makes attacks
nearly impossible |
c. |
it requires you to use compatible
devices from one vendor |
|
b. |
they can share information about attack
signatures |
d. |
it warns an attacker that your site is
being monitored |
ANS:
B
PTS:
1
REF: 80
2. Which
of the following is NOT among the items of information that a CVE reference
reports?
|
a. |
attack signature |
c. |
description of vulnerability |
|
b. |
name of the vulnerability |
d. |
reference in other databases |
ANS:
A
PTS:
1
REF: 82
3. Which
of the following is an accurate set of characteristics you would find in an
attack signature?
|
a. |
IP address, attacker’s alias, UDP
options |
c. |
IP address, TCP flags, port numbers |
|
b. |
protocol options, TCP ports, region of
origin |
d. |
IP number, MAC address, TCP options |
ANS:
C
PTS:
1
REF: 83
4. What
is the term used when an IDPS doesn’t recognize that an attack is underway?
|
a. |
false negative |
c. |
negative activity |
|
b. |
true positive |
d. |
positive signature |
ANS:
A
PTS:
1
REF: 83
5. Which
of the following is NOT a category of suspicious TCP/IP packet?
|
a. |
bad header information |
c. |
suspicious data payload |
|
b. |
single-packet attacks |
d. |
suspicious CRC value |
ANS:
D
PTS:
1
REF: 83
6. What
can an IDPS check to try to determine whether a packet has been tampered with
or damaged in transit?
|
a. |
parity bit |
c. |
checksum |
|
b. |
CRC value |
d. |
fragment offset |
ANS:
C
PTS:
1
REF: 84
7. What
type of attack does a remote-access Trojan attempt to perpetrate?
|
a. |
worm |
c. |
remote denial of service |
|
b. |
back door |
d. |
composite attack |
ANS:
B
PTS:
1
REF: 84
8. Under
which attack category does a UNIX Sendmail exploitation fall?
|
a. |
bad header information |
c. |
multiple-packet attack |
|
b. |
single-packet attack |
d. |
suspicious data payload |
ANS:
D
PTS:
1
REF: 84
9. Of
what category of attack is a DoS attack an example?
|
a. |
bad header information |
c. |
multiple-packet attack |
|
b. |
single-packet attack |
d. |
suspicious data payload |
ANS:
C
PTS:
1
REF: 85
10.
Which element of an ICMP header would indicate that the packet
is an ICMP echo request message.
|
a. |
Code |
c. |
Identifier |
|
b. |
Type |
d. |
Data |
ANS:
B
PTS:
1
REF: 86
11.
Which of the following is an element of the TCP header that can
indicate that a connection has been established?
|
a. |
Flags |
c. |
SEQ/ACK analysis |
|
b. |
Stream index |
d. |
Sequence number |
ANS:
A
PTS:
1
REF: 88
12.
Which TCP flag can be the default response to a probe on a
closed port?
|
a. |
RST |
c. |
PSH |
|
b. |
URG |
d. |
SYN |
ANS:
A
PTS:
1
REF: 89
13.
What is the typical packet sequence for closing a TCP session?
|
a. |
FIN, FIN ACK, RST |
c. |
FIN ACK, FIN, ACK, RST |
|
b. |
FIN, ACK, FIN ACK, ACK |
d. |
FIN, FIN ACK |
ANS: B
PTS:
1
REF: 91
14.
What is the sequence of packets for a successful three-way
handshake?
|
a. |
SYN, ACK, ACK |
c. |
SYN, SYN ACK, ACK |
|
b. |
SYN, SYN ACK, RST |
d. |
SYN, ACK, FIN |
ANS: C
PTS:
1
REF: 90-91
15.
Which of the following correctly represents the port used by FTP
control traffic and FTP file transfer traffic respectively?
|
a. |
20, 25 |
c. |
20, 23 |
|
b. |
21, 23 |
d. |
21, 20 |
ANS: D
PTS:
1
REF: 93
16.
What is the packet called where a Web browser sends a request to
the Web server for Web page data?
|
a. |
HTML SEND |
c. |
HTTP GET |
|
b. |
HTTP XFER |
d. |
HTML RELAY |
ANS: C
PTS:
1
REF: 95
17.
Under which suspicious traffic signature category would a port
scan fall?
|
a. |
informational |
c. |
denial of service |
|
b. |
reconnaissance |
d. |
unauthorized access |
ANS: B
PTS:
1
REF: 96
18.
In which type of scan does an attacker scan only ports that are
commonly used by specific programs?
|
a. |
random scan |
c. |
ping sweep |
|
b. |
vanilla scan |
d. |
strobe scan |
ANS: D
PTS:
1
REF: 98
19.
Which type of scan has the FIN, PSH, and URG flags set?
|
a. |
Xmas scan |
c. |
FIN scan |
|
b. |
Null scan |
d. |
SYN Scan |
ANS:
A
PTS:
1
REF: 100
20.
Which of the following is the description of a land attack?
|
a. |
the local host source address occurs in
the packet |
c. |
an illegal TCP flag is found in the
segment header |
|
b. |
source and destination IP address/port
are the same |
d. |
the attacker uses an undefined protocol
number |
ANS:
B
PTS:
1
REF: 101
COMPLETION
1. A
______________ is made up of IP numbers and options, TCP flags, and port number
that define a type of network activity.
ANS: signature
PTS: 1
REF: 83
2. The
_______________ part of a packet is the actual data sent from an application on
one computer to an application on another.
ANS: payload
PTS:
1
REF: 84
3. In
the three-way handshake, the first packet in the sequence has the ________ flag
set.
ANS: SYN
PTS:
1
REF: 95
4. A TCP
packet with no flags set is referred to as a _________ packet.
ANS: null
PTS:
1
REF: 103
5. In an
RPC _________, a targeted host receives an RPC set request from a source IP
address of 127.0.0.1.
ANS: set spoof
PTS:
1
REF: 105
MATCHING
|
a. |
back door |
f. |
signature |
|
b. |
MTU |
g. |
vanilla scan |
|
c. |
ping sweep |
h. |
RPC |
|
d. |
scan throttling |
i. |
FIN packet |
|
e. |
packet injection |
j. |
RST packet |
1. crafted
packets that are inserted into network traffic
2. lets
the other computer know it is finished sending data
3. an
undocumented hidden opening through which an attacker can access a computer
4. a set
of characteristics that define a type of network activity
5. used
by attackers to delay the progression of a scan
6. a
standard set of communications rules that allows one computer to request a
service from another computer
7. sent
when one computer want to stop and restart the connection
8. the
maximum packet size that can be transmitted
9. all
ports from 0 to 65,535 are probed one after another
10.
a series of ICMP echo request packets in a range of IP addresses
1. ANS:
E
PTS:
1
REF: 104
2. ANS:
I
PTS:
1
REF: 90
3. ANS:
A
PTS:
1
REF: 97
4. ANS:
F
PTS:
1
REF: 83
5. ANS:
D
PTS:
1
REF: 101
6. ANS:
H
PTS:
1
REF: 105
7. ANS:
J
PTS:
1
REF: 89
8. ANS:
B
PTS:
1
REF: 103
9. ANS:
G
PTS:
1
REF: 98
10.
ANS:
C
PTS:
1
REF: 96
SHORT ANSWER
1. Describe
the purpose of the CVE and how it works.
ANS:
The Common Vulnerabilities and Exposures (CVE) standard enables
devices to share information about attack signatures and other vulnerabilities
so that they can work together. CVE enables hardware and security devices
that support it to draw from the same databases of vulnerabilities, which are
presented in a standard format. For instance, a scanner is a device that scans
a network for open ports or other potential vulnerabilities. If the scanner
supports CVE, you can use it to compile a report that lists weak points in the
system. When an alarm message is transmitted by an IDPS that also supports CVE,
the attack signature can be compared to the report of current vulnerabilities
to see whether an attack has actually occurred.
PTS:
1
REF: 80
2. What
is signature analysis?
ANS:
Signature analysis is the practice of analyzing and
understanding TCP/IP communications to
determine whether they are legitimate or suspicious.
PTS:
1
REF: 83
3. What
is a multiple-packet attack and what is needed by an IDPS to detect one?
Provide an example.
ANS:
Multiple-packet attacks (also called “composite attacks”)
require a series of packets to be received and executed. These attacks are
especially difficult to detect. They require an IDPS to have multiple attack
signatures on hand for reference. In addition,the IDPS sensor needs to maintain
state information about a connection after it has been established,and it needs
to keep that state information on hand for the entire length of an attack.
Denial of service (DoS) attacks are obvious examples of
multiple-packet attacks. A type of DoS attack called an ICMP flood occurs when
multiple ICMP packets are sent to a single host on a network. The result of this
flood is that the server becomes so busy responding to the ICMP requests that
it cannot process other traffic.
PTS:
1
REF: 85
4. Describe
the SYN flag and how it is used in the three-way handshake.
ANS:
The SYN flag is sent from one computer to another when a
connection is initiated; the two computers are attempting to synchronize a
connection. In the TCP three-way handshake, the initiator of the communication
sends a packet with the SYN flag set. The normal response is a TCP packet with
the SYN and ACK flags set. The initiator then responds with an ACK flag set.
PTS:
1
REF: 89
5. What
is a selective acknowledgement and how does it affect transmissions?
ANS:
Selective acknowledgements speed up transmissions by allowing a
receiver to send acknowledgements for specific packets so that the sender can
resend only those packets that were lost.
PTS:
1
REF: 90
6. Describe
in detail the first three packets you would see in an FTP session between
client 192.168.1.132 and server 192.168.1.110; include port numbers, flags, and
any other pertinent options that would be set.
ANS:
1. In
the first packet, the computer at IP address 192.168.1.132:50580 attempts to
connect to the FTP server at 192.168.1.110:21. The packet has the SYN flag set
because a synchronization request is being made to the remote server. The
sequence number of the packet is set at 0 with a window size of 8192.
There is no acknowledgement number because this is the first
packet of the session; in other words, there is no previous packet to
acknowledge.
2. In
the second packet, the FTP server responds to the client by sending a packet
from its port 21 with the ACK and SYN flags set. The server uses the same
initial sequence number as the client used in packet 1, but the server
increments the client’s initial sequence number by one to create an
acknowledgement number. This number is sent back to the client to acknowledge
that the server received the first packet.
3. In
the third packet, the client responds with a packet that has the ACK flag set.
This concludes the three-way handshake.
PTS:
1
REF: 92
7. List
the four categories of suspicious traffic categories.
ANS:
Informational
Reconnaissance
Unauthorized access
Denial of service
PTS:
1
REF: 96
8. What
is the difference between a vanilla port scan and a strobe port scan?
ANS:
In a vanilla scan, all ports from 0 to 65,535 are probed one
after another. In a strobe scan, an attacker scans only ports that are commonly
used by specific programs in an attempt to see whether the program is present
and can be used.
PTS:
1
REF: 98
9. What
are the signatures of malformed packets that misuse the SYN and FIN
flags? Briefly describe each.
ANS:
SYN FIN is probably the best-known illegal combination. Because
SYN is used to start a connection and FIN is used to end one, it does not make
sense to include both flags together in a packet.
Other variants of SYN FIN exist, including SYN FIN PSH, SYN FIN
RST, and SYN FIN RST PSH. Their use is sometimes called an Xmas attack. These
packets can be used by attackers who know that IDPSs might be looking for
packets with just the SYN and FIN flags set.
Packets should never contain a FIN flag by itself. FIN packets
are frequently used for port scans, network mapping, and other stealth
activities.
A SYN-only packet, which should occur only when a new connection
is being initiated, should not contain any data.
PTS:
1
REF: 103
10.
What is the result of packets that are created which exceed the
MTU of the network? How can this process be exploited?
ANS:
Packets that are larger than the MTU must be fragmented, or
broken into multiple segments that are small enough for the network to handle.
After a packet is broken into fragments, each fragment receives
its own IP header. However, in IPv4, only the initial packet in a set includes
a header for higher-level protocols. Most filters need the information in the
higher-level protocol header to make the decision to allow or deny the packet.
Accordingly, attackers send only secondary fragments, which are any fragments
other than the initial one. These packets are often allowed past the IDPS
because filter rules are applied to first fragments only.
PTS:
1
REF: 103
Chapter 5 – Cryptography
TRUE/FALSE
1. Encrypted
files can be transmitted in both electronic form and as written messages.
ANS: T
PTS:
1
REF: 158
2. A
hash value is a variable-length string of symbols and numbers representing the
original input’s contents.
ANS:
F
PTS:
1
REF: 162
3. The
standardization of cryptographic protocols discourages attackers from trying to
break them.
ANS:
F
PTS:
1
REF: 173
4. Because
IPsec Security Associations are bidirectional, only one need be established
between two parties.
ANS:
F
PTS:
1
REF: 176
5. In a
passive attack, cryptanalysts eavesdrop on transmissions but don’t interact
with parties exchanging information.
ANS:
T
PTS:
1
REF: 180
MULTIPLE CHOICE
1. Which
of the following is NOT a critical goal of information security?
|
a. |
confidentiality |
c. |
authentication |
|
b. |
scalability |
d. |
nonrepudiation |
ANS:
B
PTS:
1
REF: 158
2. Which
of the following is true about cryptographic primitives?
|
a. |
each performs several tasks |
c. |
primitives are usually not the source
of security failures |
|
b. |
a single primitive makes up an entire
cryptographic protocol |
d. |
a primitive that provides confidentiality
usually also provides authentication |
ANS:
C
PTS:
1
REF: 159
3. Which
type of function is used in cryptography?
|
a. |
Not AND |
c. |
NOR |
|
b. |
permutation |
d. |
X-box |
ANS: B
PTS:
1
REF: 160
4. Which
of the following best describes a one-way function?
|
a. |
a bit string that prevents generation
of the same ciphertext |
c. |
generates secret keys from a secret
value |
|
b. |
random bits used as input for key
derivation functions |
d. |
easy to compute but difficult and time
consuming to reverse |
ANS:
D
PTS:
1
REF: 160-161
5. Which
of the following is true about PRNGs?
|
a. |
they are not completely random |
c. |
the shorter the state, the longer the
period |
|
b. |
their state is measured in bytes |
d. |
they can never produce the same value |
ANS:
A
PTS:
1
REF: 162
6. Which
of the following is commonly used for verifying message integrity?
|
a. |
registration authority |
c. |
pseudorandom number generator |
|
b. |
CRL |
d. |
hashing function |
ANS:
D
PTS:
1
REF: 162
7. Which
of the following is true about encryption algorithms?
|
a. |
their strength is tied to their key
length |
c. |
block ciphers encrypt one bit at a time |
|
b. |
not vulnerable to brute force attacks |
d. |
asymmetric algorithms use a single key |
ANS:
A
PTS: 1
REF: 163
8. Which
of the following is described as a 64-bit block cipher composed of a 16-round
Feistel network and key-dependent S-box functions?
|
a. |
Twofish |
c. |
Blowfish |
|
b. |
RC4 |
d. |
Rijndael |
ANS: C
PTS:
1
REF: 164
9. Which
of the following makes a single pass on data and generates a 128-bit hash value
displayed as a 32-character hexadecimal number and is used in VPNs?
|
a. |
RSA |
c. |
RC4 |
|
b. |
Message Digest 5 |
d. |
Twofish |
ANS:
B
PTS:
1
REF: 166
10.
Which of the following is true about Message Authentication
Code.
|
a. |
it uses asymmetric encryption |
c. |
is uses PKI and certificates |
|
b. |
the key is sent to the receiver securely |
d. |
it uses a private and public key |
ANS:
B
PTS:
1
REF: 167
11.
Which of the following is the first step in the digital
signature process where Mike sends a message to Sophie?
|
a. |
a message digest of Mike’s message is
calculated using a hashing algorithm |
c. |
Sophie encrypts Mike’s message with
Mike’s public key |
|
b. |
Sophie compares the message digest she
calculated to Mikes’s message |
d. |
the message digest is encrypted by
Mike’s private key |
ANS:
A
PTS:
1
REF: 168-169
12.
What is the most likely weak link when using asymmetric
encryption for verifying message integrity and nonrepudiation?
|
a. |
the use of the sender’s private key |
c. |
the source of the public keys |
|
b. |
the hashing algorithm used to generate
a message digest |
d. |
the integrity of the private keys |
ANS:
C
PTS:
1
REF: 169
13.
Which of the following is true about asymmetric cryptography?
|
a. |
the private key can be used to encrypt
and decrypt a message |
c. |
a single key is used and is transferred
using a key management system |
|
b. |
a shared key is used to encrypt all
messages and the private key decrypts them |
d. |
the public key is used to encrypt a message
sent to the private key owner |
ANS:
D
PTS:
1
REF: 170
14.
Which of the following best describes a CRL?
|
a. |
a published listing of invalid
certificates |
c. |
a file that contains information about
the user and public key |
|
b. |
serve as a front end to users for
revoking certificates |
d. |
keeps track of issued credentials and
manages revocation of certificates |
ANS:
A
PTS:
1
REF: 171
15.
Which of the following is a current standard for PKI that
specifies a strict hierarchical system for CAs issuing certificates?
|
a. |
PKCS #2 |
c. |
DES |
|
b. |
X.509 |
d. |
SHA-1 |
ANS:
B
PTS:
1
REF: 173-174
16.
What is a downside to using Triple DES?
|
a. |
uses only a 56-bit key |
c. |
using three keys decreases security |
|
b. |
goes through three rounds of encryption |
d. |
requires more processing time |
ANS:
D
PTS:
1
REF: 174
17.
Which of the following was developed as a way of enabling Web
servers and browsers to exchange encrypted information and uses a hashed
message authentication code to increase security?
|
a. |
SSH |
c. |
TLS |
|
b. |
SSL |
d. |
IPsec |
ANS:
C
PTS: 1
REF: 175
18.
At which layer of the OSI model does IPsec work?
|
a. |
Two |
c. |
Four |
|
b. |
Three |
d. |
Six |
ANS:
B
PTS:
1
REF: 175
19.
Which component of IPsec enables computers to exchange keys to make
an SA?
|
a. |
IKE |
c. |
Oakley |
|
b. |
ISAKMP |
d. |
IPsec driver |
ANS:
A
PTS:
1
REF: 176
20.
Which of the following is a type of cryptanalysis that applies
primarily to block ciphers but can also be used against stream ciphers and
hashing functions and works by examining how differences in input affect the
output?
|
a. |
integral |
c. |
related key |
|
b. |
differential |
d. |
XSL |
ANS:
B
PTS:
1
REF: 182
COMPLETION
1. ______________________
is achieved when neither party can plausibly deny its participation in message
exchanges.
ANS: Nonrepudiation
PTS:
1
REF: 158
2. A
______________ value is a fixed-size string representing the original input’s
contents.
ANS: hash
PTS:
1
REF: 162
3. A
________________ occurs when computing the MD5 algorithm with two different
initialization vectors produces the same hash value.
ANS: collision
PTS: 1
REF: 165
4. Digital
____________________ security vulnerabilities are mostly associated with the IT
infrastructure required to support interoperability.
ANS: signature
PTS:
1
REF: 169
5. ______________
cryptanalysis is applicable to block ciphers that use a
substitution-permutation network including Rijndael, Twofish, and IDEA.
ANS: Integral
PTS:
1
REF: 182
MATCHING
|
a. |
AES |
f. |
XOR function |
|
b. |
block cipher |
g. |
IPsec |
|
c. |
ciphertext |
h. |
key management |
|
d. |
cryptanalysis |
i. |
plaintext |
|
e. |
DES |
j. |
stream cipher |
1. the
study of breaking encryption methods
2. unreadable
text, programs that do not execute, and graphics you cannot view
3. A set
of standard procedures that the Internet Engineering Task Force (IETF)
developed for enabling secure communication on the Internet
4. a
type of encryption algorithm that encrypts one bit at a time
5. the
current U.S. government standard for cryptographic protocols
6. readable
text, programs that execute, and graphics you can view
7. an
older protocol composed of a 16-round Feistel network with XOR functions,
permutation functions, 64 S-box functions, and fixed key schedules
8. a way
to prevent keys from being discovered and used to decipher encrypted messages
9. a
cryptographic primitive based on binary bit logic and used as a linear mixing
function, combining values for use in further computations
10.
a type of encryption algorithm that encrypts groups of cleartext
characters
1. ANS:
D
PTS:
1
REF: 184,179
2. ANS:
C
PTS:
1
REF: 184,158
3. ANS:
G
PTS:
1
REF: 184,175
4. ANS:
J
PTS: 1
REF: 185,163
5. ANS:
A
PTS:
1
REF: 184,174
6. ANS:
I
PTS:
1
REF: 185,158
7. ANS:
E
PTS:
1
REF: 184,173
8. ANS:
H
PTS:
1
REF: 185,169
9. ANS:
F
PTS:
1
REF: 184,159
10.
ANS:
B
PTS:
1
REF: 184,163
SHORT ANSWER
1. Describe
the exclusive OR function.
ANS:
The exclusive OR (XOR) function is used in cryptography as a
linear mixing function to combine values. For example, the output of other
primitive ciphers can be combined with an XOR function to produce a
pseudorandom value on which another cipher performs additional operations. An
XOR function is based on binary bit logic and results in a logical value of
true if only one of the operands has a value of true. So, for example, if x and
y are the same (both true or both false), the XOR output is 0 (false). If x and
y are different, the XOR output is 1 (true).
PTS:
1
REF: 159
2. What
is a Feistel network and what is its purpose?
ANS:
A Feistel network is a symmetric block cipher that is the basis
of several symmetric encryption algorithms. A Feistel network’s purpose is to
obscure the relationship between ciphertext and keys (a shortcoming of
symmetric algorithms).
PTS:
1
REF: 160
3. What
does a key derivation do?
ANS:
A key derivation function generates secret keys from a secret
value (usually a randomly generated value) and another piece of information
such as a password.
PTS:
1
REF: 161
4. What
is a hash value and how does it verify message integrity?
ANS:
A hash value is a fixed-size string representing the original
input’s contents. If the input changes in any way, even by adding a period at
the end of a sentence, the resulting output
has a different hash value.
PTS:
1
REF: 162
5. How
does the key size affect the strength of an encryption algorithm?
ANS:
An encryption algorithm’s strength is often tied to its key
length. The longer the key, the harder it is to break the encryption. Longer
keys offer more protection against brute-force attacks, in which every possible
key is tried to decrypt a message.
PTS:
1
REF: 163
6. Compare
and contrast block cipher with stream cipher.
ANS:
The two major types of encryption algorithms are block ciphers
and stream ciphers. A block cipher encrypts groups of text at a time. For
example, a block cipher encrypts the whole word cat instead of encrypting each
letter. A stream cipher encrypts cleartext one bit at a time to produce a
stream of encrypted ciphertext, so the letters c, a, and t in cat are encrypted
separately.
PTS:
1
REF: 163
7. How
does an asymmetric algorithm differ from a symmetric algorithm?
ANS:
Symmetric algorithms use the same key to encrypt and decrypt a
message. Asymmetric algorithms use a specially generated key pair. One
key encrypts cleartext into ciphertext, and the other key decrypts ciphertext
into cleartext. Either of the generated pair can be used to encrypt, but the
other key must be used to decrypt. Asymmetric encryption and decryption are
about 10,000 times slower than symmetric encryption.
PTS:
1
REF: 163
8. What
three conditions must be true to make a hashing algorithm secure?
ANS:
1. No
hash should be usable to determine the original input. 2. No hashing algorithm
should
be run on the same input and produce different hashes. 3.
A hashing algorithm should not be
run on two different inputs and produce the same hash
(collision).
PTS:
1
REF: 165
9. What
is a MAC tag and how does it work?
ANS:
Message Authentication Code (MAC), also known as Message
Integrity Check (MIC), uses a shared secret key that is agreed on by the sender
and receiver in the verification process to
generate a MAC tag for a message. A MAC tag is like an enhanced
message digest. The shared secret key adds a measure of security to the hashing
algorithm. The message and MAC tag are sent to the receiver. The key is
also sent to the receiver securely; this key is usually sent separately from
the message. The receiver goes through the same process of using the
transmitted message and key to generate a MAC tag, and compares this tag with
the one received in the message to confirm the message’s integrity and
authenticity. The verification process is protected by secure communication of
the key, which ensures that the sender and receiver generate the same MAC tag
from the message.
PTS:
1
REF: 167
10.
What is a digital signature and for what purpose is one used?
ANS:
A digital signature is a method of verifying nonrepudiation and
integrity in messages. Digital signatures use hashing algorithms with
asymmetric encryption.
PTS:
1
REF: 168
Comments
Post a Comment