Systems and Usable Security Assignment: Week-3
1. What services does the SSL Record Protocol provide for SSL connections?
A. Confidentiality and Message Availability
B. Integrity and Non-repudiation
C. Confidentiality and Message Integrity
D. Authentication and Message Availability
Ans. C (Confidentiality and Message Integrity)
2. What role does DKIM play in the email communication process?
A. DKIM establishes a secure channel for real-time communication between email servers.
B. DKIM is an email authentication method designed to verify the authenticity of the
sender.
C. DKIM ensures secure login practices for email accounts.
D. DKIM ensures the secure storage of email messages to prevent data breaches.
Ans. B (DKIM is an email authentication method designed to verify the authenticity of the
sender.)
3. What is the key vulnerability addressed by using pseudorandom number generators in
modern TCP stack implementations?
A. Denial-of-service attacks
B. Spoofed TCP sessions
C. Simple sequence number counters
D. Complicated three-way handshake processes
Ans. B (Spoofed TCP Sessions)
4. Following cryptographic technique uses discrete logarithmic arithmetic for encryption and
decryption.
A. Asymmetric key encryption scheme
B. Symmetric key encryption scheme
C. Both symmetric and asymmetric encryption schemes
D. Secrete key encryption scheme
Ans. A. Asymmetric key encryption scheme
5. In a blind injection attack, why is it challenging for the attacker to receive responses from the
server?
A. The server's firewall prevents incoming communications.
B. IP spoofing is used, making it difficult to establish a two-way connection.
C. The attacker lacks the necessary encryption keys for server responses.
D. The server's response time is intentionally delayed to thwart attackers.
Ans. B (IP spoofing is used, making it difficult to establish a two-way connection.)
6. Which of the following statements is/are true about email protocols?
A. The MIME protocol only supports sending ASCII text via email.
B. The MIME protocol can send multiple attachments with a single message.
C. The POP3 protocol does not support offline email access, while IMAP allows offline
access.
D. The IMAP protocol does not support multiple client connections to the same mailbox.
Ans. B (The MIME protocol can send multiple attachments with a single message.)
7. In a complete session-stealing attack with attacker positioned between the two end points of
a TCP session, what additional capability does the attacker gain?
A. The ability to physically access the server.
B. Intercepting responses from both the client and the server.
C. Initiating a SYN flood attack for session disruption.
D. Ability to send random data to either of the end points.
Ans:
B. (Intercepting responses from both the client and the server.) and
D. (Ability to send random data to either of the end points.)
8. Which mode of operation in IPsec involves encapsulating the entire original IP packet as the
payload of a new packet?
A. Transport mode
B. IKE mode
C. Tunnel mode
D. Authentication Header mode
Ans. C (Tunnel mode)
9. A proficient hacker, John is attempting to exploit vulnerabilities in SSL/TLS protocols to
intercept and decrypt secure communication between a client and a server. Consider the
following actions taken by John: Firstly, he successfully performs a man-in-the-middle attack
(MITM) in a public Wi-Fi environment, intercepting communication between a user's
browser and a secure server. To facilitate eavesdropping, John employs a technique that
convinces the server to downgrade the TLS connection to SSL 3.0, thus causing the client and
server to communicate using SSL 3.0. After downgrading to SSL 3.0, John can launch an
attack to decrypt selected parts of the communication without disturbing the message
delivery. Based on the described actions, which security principle compromised in this case?
A. Confidentiality
B. Integrity
C. Availability
D. Both confidentiality and Integrity
Ans. A. (Confidentiality)
10. In IPsec, what is the role of the Authentication Header (AH) protocol?
A. To encrypt the entire IP packet
B. To negotiate security associations (SAs) using IKE
C. To establish a shared secret key between parties
D. To authenticate the origin and ensure data integrity of IPsec packets
Ans. D (To authenticate the origin and ensure data integrity of IPsec packets)