Scribd
Upload
167 views5 pages

Chapter 20: Ip Security: Cryptography and Network Security: Principles and Practice, 6 Edition, by William Stallings

The document discusses IP security (IPsec) and covers topics like encryption, authentication, and key management as they relate to securing traffic at the IP layer. True/false and multiple choice questions are provided about IPsec concepts like transport mode, tunnel mode, security associations, and the Internet Key Exchange (IKE) protocol.

Uploaded by

التعزي
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
167 views5 pages

Chapter 20: Ip Security: Cryptography and Network Security: Principles and Practice, 6 Edition, by William Stallings

The document discusses IP security (IPsec) and covers topics like encryption, authentication, and key management as they relate to securing traffic at the IP layer. True/false and multiple choice questions are provided about IPsec concepts like transport mode, tunnel mode, security associations, and the Internet Key Exchange (IKE) protocol.

Uploaded by

التعزي
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Cryptography and Network Security: Principles and Practice, 6th Edition, by William

Stallings

CHAPTER 20: IP SECURITY

TRUE OR FALSE

T F 1. IP security is a capability that can be added to either current


version of the Internet Protocol by means of additional headers.

T F 2. The principal feature of IPsec is that it can encrypt and/or


authenticate all traffic at the IP level.

T F 3. Transport mode provides protection to the entire IP packet.

T F 4. Additional padding may be added to provide partial traffic flow


confidentiality by concealing the actual length of the payload.

T F 5. Authentication must be applied to the entire original IP packet.

T F 6. An end user whose system is equipped with IP security protocols


can make a local call to an ISP and gain secure access to a company
network.

T F 7. Both tunnel and transport modes can be accommodated by the


encapsulating security payload encryption format.

T F 8. An individual SA can implement both the AH and the ESP protocol.

T F 9. By implementing security at the IP level an organization can ensure


secure networking not only for applications that have security
mechanisms but also for the many security ignorant applications.

T F 10. IPSec can guarantee that all traffic designated by the network
administrator is authenticated but cannot guarantee that it is
encrypted.

T F 11. Any traffic from the local host to a remote host for purposes of an
IKE exchange bypasses the IPsec processing.

T F 12. IPsec is executed on a packet-by-packet basis.

T F 13. The Payload Data Field is designed to deter replay attacks.


Cryptography and Network Security: Principles and Practice, 6th Edition, by William
Stallings

T F 14. The Security Parameters Index identifies a security association.

T F 15. The default automated key management protocol for IPsec is


referred to as ISAKMP/Oakley.

MULTIPLE CHOICE

1. Authentication applied to the entire original IP packet is _________ .

A) security mode B) cipher mode

C) tunnel mode D) transport mode

2. _________ defines a number of techniques for key management.

A) KEP B) KMP

C) SKE D) IKE

3. Authentication applied to all of the packet except for the IP header is _________ .

A) tunnel mode B) transport mode

C) association mode D) security mode

4. The __________ mechanism assures that a received packet was in fact transmitted
by the party identified as the source in the packet header and assures that the
packet has not been altered in transit.

A) confidentiality B) authentication

C) security D) key management

5. __________ provides the capability to secure communications across a LAN, across


private and public WANs, and across the Internet.

A) IKE B) ISA

C) IAB D) IPsec
Cryptography and Network Security: Principles and Practice, 6th Edition, by William
Stallings
6. The _________ facility enables communicating nodes to encrypt messages to
prevent eavesdropping by third parties.

A) security B) key management

C) authentication D) confidentiality

7. The key management mechanism that is used to distribute keys is coupled to the
authentication and privacy mechanisms only by way of the _________ .

A) IAB B) SPI

C) ESP D) SPD

8. A _________ is a one way relationship between a sender and a receiver that affords
security services to the traffic carried on it.

A) SAD B) SPD

C) SA D) SPI

9. The means by which IP traffic is related to specific SAs is the _________ .

A) TRS B) SPD

C) SAD D) SPI

10. _________ consists of an encapsulating header and trailer used to provide


encryption or combined encryption/authentication. The current specification is
RFC 4303.

A) SPI B) ESP

C) ISA D) IPsec

11. _________ identifies the type of data contained in the payload data field by
identifying the first header in that payload.

A) Security Parameters Index B) Next Header

C) Sequence Header D) Payload Data


Cryptography and Network Security: Principles and Practice, 6th Edition, by William
Stallings
12. A value chosen by the responder to identify a unique IKE SA is a _________ .

A) Initiator SPI B) Responder Cookie

C) Flag D) Message ID

13. IKE key determination employs __________ to ensure against replay attacks.

A) cookies B) groups

C) flags D) nonces

14. The __________ payload contains either error or status information associated
with this SA or this SA negotiation.

A) Encrypted B) Notify

C) Configuration D) Nonce

15. The _________ payload allows peers to identify packet flows for processing by
IPsec services.

A) Configuration B) Vendor ID

C) Traffic Selector D) Extensible Authentication Protocol

SHORT ANSWER

1. IPsec encompasses three functional areas: authentication, key management, and


__________ .

2. _________ mode is used when one or both ends of an SA are a security gateway,
such as a firewall or router that implements IPsec.

3. IPsec policy is determined primarily by the interaction of two databases: The


security policy database and the __________ .

4. Confidentiality is provided by an encryption format known as __________ .


Cryptography and Network Security: Principles and Practice, 6th Edition, by William
Stallings
5. A __________ attack is one in which an attacker obtains a copy of an authenticated
packet and later transmits it to the intended destination.

6. Authentication makes use of the _________ message authentication code.

7. A security association is uniquely identified by three parameters: Security


Protocol Identifier, IP Destination Address, and ________ .

8. The __________ facility is concerned with the secure exchange of keys.

9. _________ can be used to provide confidentiality, data origin authentication,


connectionless integrity, an anti-replay service, and traffic flow confidentiality.

10. IPsec provides security services at the ________ layer by enabling a system to
select required security protocols, determine the algorithms to use for the
services and put in place any cryptographic keys required to provide the
requested services.

11. The selectors that determine a Security Policy Database are: Name, Local and
Remote Ports, Next Layer Protocol, Remote IP Address, and _________ .

12. The term _________ refers to a sequence of SAs through which traffic must be
processed to provide a desired set of IPsec services.

13. Generic in that it does not dictate specific formats, the _________ is a key exchange
protocol based on the Diffie-Hellman algorithm with added security.

14. Three different authentication methods can be used with IKE key determination:
Public key encryption, symmetric key encryption, and _________ .

15. At any point in an IKE exchange the sender may include a _________ payload to
request the certificate of the other communicating entity.

You might also like