Introduction to Networking
MSIT 458 Information Security and Assurance
Practice Exam
NAME:
Details: To be done individually
Closed book
Please do not discuss the exam with others until everyone has taken it
Show your work for partial credit.
|Question |Score |
|1 | |
|2 | |
|3 | |
|4 | |
|5 | |
|Total | |
1. Suppose we are using a three-message mutual authentication protocol, and Alice initiates contact with Bob. Suppose we wish Bob to be a stateless server, and therefore it is inconvenient to require him to remember the challenge he sent to Alice. R is the challenge, then is the following protocol secure? And why? Here Kbob is Bob’s private key and Kalice-bob is the private key between Alice and Bob. Assume that the crypto is safe that you cannot derive Kbob with R and Kbob(R ).
[pic]
Which kind of malware (Trojan, logic bomb, virus, worm, or botnet) has Command and Control (C&C)?
Then for C&C, there are two major models: ____________ and _____________. Please give one major advantage for each model.
There are also two major communication protocols for C&C, namely _____________________ and _________________.
In the class, we discussed the following real-world scenario. As shown in the graph below, during an audit, a Cross-Site Scripting (XSS) issue is raised: There is a free-form edit box which will post a message to the Customer Service board on an internal website. Please provide response on
1) Is it possible to have an XSS attack?
2) If so, how to fix it.
[pic]
Compare network-based IDS and packet filters. Both are deployed on the network devices such as routers and gateways. Please give a key difference for these two mechanisms.
Compare network- and host-based IDSes, please give an attack that can only be detected by host-based IDS but not network-based IDS, and then given an attack which can only be detected by network-based IDS but not host-based IDS. Briefly justify your answers.
-----------------------
R, Kbob(R )
I am alice
Bob
Alice
Kbob(R), Kalice-bob(R)
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- introduction to networking
- midterm exam umass amherst
- lents neighborhood association the official website of
- the official website of the state of indiana
- second network programming example two way chat
- computing in the modern world programming unit
- act2 men s marathon bridge
- communication log sheet family resource center
Related searches
- introduction to financial management pdf
- introduction to finance
- introduction to philosophy textbook
- introduction to philosophy pdf download
- introduction to philosophy ebook
- introduction to marketing student notes
- introduction to marketing notes
- introduction to information systems pdf
- introduction to business finance pdf
- introduction to finance 15th edition
- introduction to finance books
- introduction to finance online course