Network-Security
Question 1 |
A sender is employing public key cryptography to send a secret message to a receiver. Which one of the following statements is TRUE?
Sender encrypts using receiver’s public key | |
Sender encrypts using his own public key | |
Receiver decrypts using sender’s public key | |
Receiver decrypts using his own public key |
Question 1 Explanation:
Sender can encrypts using the receiver public key and receiver decrypts it using his own private key.
Question 2 |
Which of the following statement(s) is TRUE?
1. A hash function takes a message of arbitrary length and generates a fixed length code.
2. A hash function takes a message of fixed length and generates a code of variable length.
3. A hash function may give the same hash value for distinct messages.
1 only | |
2 and 3 only | |
1 and 3 only | |
2 only |
Question 2 Explanation:
(1) A hash function takes a message of arbitrary length and generates a fixed length code. So this is correct.
(2) Statement-2 is wrong, refer statement-1.
(3) Statement-3 is correct, for example hash function N%10, this will generate same values for 1 as well as 2!
(2) Statement-2 is wrong, refer statement-1.
(3) Statement-3 is correct, for example hash function N%10, this will generate same values for 1 as well as 2!
Question 3 |
Your are given the following four bytes :
10100011 00110111 11101001 10101011Which of the following are substrings of the base 64 encoding of the above four bytes?
zdp | |
fpq | |
qwA | |
oze |
Question 3 Explanation:
You are given the following four bytes:
10100011 00110111 11101001 10101011
So, in total we have 32 bits. And for base 64 we need 6 digits of binary no. to represent one digit of base 64 no.
So lets padd 4 bits on RHS, so that total digits will become 36 and we can separate then as group of 6 digits each.
Now, the longest substring will be from checking option is 'fpq'.
10100011 00110111 11101001 10101011
So, in total we have 32 bits. And for base 64 we need 6 digits of binary no. to represent one digit of base 64 no.
So lets padd 4 bits on RHS, so that total digits will become 36 and we can separate then as group of 6 digits each.
Now, the longest substring will be from checking option is 'fpq'.
Question 4 |
Consider the following two statements:
(i) A hash function (these are often used for computing digital signatures) is an injective function.
(ii) An encryption technique such as DES performs a permutation on the elements of its input alphabet.
Which one of the following options is valid for the above two statements?
Both are false | |
Statement (i) is true and the other is false | |
Statement (ii) is true and the other is false | |
Both are true |
Question 4 Explanation:
i) Hash function is many to one function. It is not one-one (or) injective.
ii) It uses the P-Box permutation.
Statement-I is false, II is true.
ii) It uses the P-Box permutation.
Statement-I is false, II is true.
Question 5 |
The total number of keys required for a set of n individuals to be able to communicate with each other using secret key and public key crypto-systems, respectively are:
n(n-1) and 2n | |
2n and n(n-1)/2 | |
n(n-1)/2 and 2n | |
n(n-1)/2 and n |
Question 5 Explanation:
For private key crypto, a key used for encryption as well as decryption. So, no. of keys required for n individuals is same as no. of communication link between any two individuals which is
nC2 = n(n-1)/2
In case of public key, each sender has its own public key as well as private key. So, no. of keys are 2n.
nC2 = n(n-1)/2
In case of public key, each sender has its own public key as well as private key. So, no. of keys are 2n.
Question 6 |
In an RSA cryptosystem, the value of the public modulus parameter n is 3007. If it is also known that Φ(n) = 2880, where Φ() denotes Euler's Quotient Function, then the prime factor of n which is greater than 50 is ______.
107 | |
97 | |
45 | |
92 |
Question 6 Explanation:
It can be solved by Hit and trial method in less time.
n = 3007, fi(n) = 2880 → fi(n) = (p – 1) (q – 1),
where p, q are prime factor of n.
The unit place of n is 7, it is a prime number and factor will be
1.7=7
11*17
21*37
31*47
….
31*97 =>3007
n = 3007 => 31*97
Therefore, 31 & 97 are the two prime numbers, which is satisfying the condition and 97 is greater than 50.
So, 97 is the correct answer.
Other methods:
When ϕ(n) is given when n=pq where p and q are prime numbers, then we have
ϕ(n) = (p−1)(q−1) = pq−(p+q)+1
But pq=n,
therefore, ϕ(n) = n−(p+q)+1 and p+q = n+1−ϕ(n).
Now, p and q are the roots of the equation,
x2 − (p+q)x + pq = (x-p)(x-q)
Substituting for p+q and pq in the above equation
x2 - (n+1-ϕ(n))x + n
n = 3007, fi(n) = 2880 → fi(n) = (p – 1) (q – 1),
where p, q are prime factor of n.
The unit place of n is 7, it is a prime number and factor will be
1.7=7
11*17
21*37
31*47
….
31*97 =>3007
n = 3007 => 31*97
Therefore, 31 & 97 are the two prime numbers, which is satisfying the condition and 97 is greater than 50.
So, 97 is the correct answer.
Other methods:
When ϕ(n) is given when n=pq where p and q are prime numbers, then we have
ϕ(n) = (p−1)(q−1) = pq−(p+q)+1
But pq=n,
therefore, ϕ(n) = n−(p+q)+1 and p+q = n+1−ϕ(n).
Now, p and q are the roots of the equation,
x2 − (p+q)x + pq = (x-p)(x-q)
Substituting for p+q and pq in the above equation
x2 - (n+1-ϕ(n))x + n
Question 7 |
The value of 351 mod 5 is ______.
3 | |
5 | |
2 | |
1 |
Question 7 Explanation:
351 mod 5
⇒ 31 = 3 ⇒ 3 mod 5 = 3
32 ⇒ 9 mod 5 = 4
33 ⇒ 27 mod 5 = 2
34 ⇒ 81 mod 5 = 1
35 ⇒ 243 mod 5 = 3
For every four numbers sequence is repeating.
So, (51 % 4) = 3
⇒ 33 = 27
⇒ 27 mod 5 = 2
⇒ 31 = 3 ⇒ 3 mod 5 = 3
32 ⇒ 9 mod 5 = 4
33 ⇒ 27 mod 5 = 2
34 ⇒ 81 mod 5 = 1
35 ⇒ 243 mod 5 = 3
For every four numbers sequence is repeating.
So, (51 % 4) = 3
⇒ 33 = 27
⇒ 27 mod 5 = 2
Question 8 |
In the RSA public key cryptosystem, the private and public keys are (e, n) and (d, n) respectively, where n = p*q and p and q are large primes. Besides, n is public and p and q are private. Let M be an integer such that 0 < M < n and f(n) = (p- 1)(q-1). Now consider the following equations.
I. M’= Me mod n
M = (M’)d mod n
II. ed ≡ 1 mod n
III. ed ≡ 1 mod f(n)
IV. M’= Me mod f(n)
M = (M’)d mod f(n)
Which of the above equations correctly represent RSA cryptosystem?
I and II | |
I and III | |
II and IV | |
III and IV |
Question 8 Explanation:
To generate the encryption and decryption keys, we can proceed as follows.
1. Generate randomly two “large” primes p and q.
2. Compute n=pq and ∅=(p-1)(q-1).
3. Choose a number e so that
gcd(e,∅)=1
4. Find the multiplicative inverse of e modulo ∅, i.e., find d so that
ed≡1 (mod ∅)
This can be done efficiently using Euclid’s Extended Algorithm.
The encryption public key is KE=(n,e) and the decryption private key is KD=(n,d).
The encryption function is
E(M)=Me mod n
The decryption function is
D(M)=Md mod n
1. Generate randomly two “large” primes p and q.
2. Compute n=pq and ∅=(p-1)(q-1).
3. Choose a number e so that
gcd(e,∅)=1
4. Find the multiplicative inverse of e modulo ∅, i.e., find d so that
ed≡1 (mod ∅)
This can be done efficiently using Euclid’s Extended Algorithm.
The encryption public key is KE=(n,e) and the decryption private key is KD=(n,d).
The encryption function is
E(M)=Me mod n
The decryption function is
D(M)=Md mod n
Question 9 |
A layer-4 firewall (a device that can look at all protocol headers up to the transport layer) CANNOT
block entire HTTP traffic during 9:00PM and 5:00AM | |
block all ICMP traffic | |
stop incoming traffic from a specific IP address but allow outgoing traffic to the same IP address | |
block TCP traffic from a specific user on a multi-user system during 9:00PM and 5:00AM |
Question 9 Explanation:
(A) It is possible to block entire HTTP traffic by blocking port no.80.
(B) Possible because it is network layer protocol.
(C) Possible because SP address is present in Network layer.
(D) Not possible, because to block specific user, we need user id which is present in Application layer.
(B) Possible because it is network layer protocol.
(C) Possible because SP address is present in Network layer.
(D) Not possible, because to block specific user, we need user id which is present in Application layer.
Question 10 |
Using public key cryptography, X adds a digital signature to message M, encrypts <M, σ>, and sends it to Y, where it is decrypted. Which one of the following sequences of keys is used for the operations?
Encryption: X’s private key followed by Y’s private key; Decryption: X’s public key followed by Y’s public key | |
Encryption: X’s private key followed by Y’s public key; Decryption: X’s public key followed by Y’s private key | |
Encryption: X’s public key followed by Y’s private key; Decryption: Y’s public key followed by X’s private key | |
Encryption: X’s private key followed by Y’s public key; Decryption: Y’s private key followed by X’s public key |
Question 10 Explanation:
Encryption: Source has to encrypt with its private key for forming Digital signature for Authentication. Source has to encrypt the (M, σ) with Y’s public key to send it confidentially.
Decryption: Destination Y has to decrypt first with its private key, then decrypt using source public key.
Question 11 |
Which of the following make(s) filtering decisions based on application payload?
packet filter | |
deep inspection firewall | |
reverse proxy | |
stateful packet inspection firewall |
Question 11 Explanation:
Filtering decisions based on application payload requires all the five layers till application layer .And deep inspection firewall have all the five layers.
Question 12 |
Match the terms with the definition.
(a) Masquerading (i) Session is intercepted
(b) Phishing (ii) One pretends to be someone else
(c) Hijacking (iii) A email misleads a user into entering
confidential information
Codes:
(a) (b) (c)
(i) (ii) (iii)
| |
(i) (iii) (ii)
| |
(iii) (ii) (i) | |
(ii) (iii) (i) |
Question 12 Explanation:
Masquerading-One pretends to be someone else.
Phishing-Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Hijacking-Hijacking is a type of network security attack in which the attacker takes control of a communication - just as an airplane hijacker takes control of a flight - between two entities and masquerades as one of them. So interception between two entities is done.
Phishing-Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Hijacking-Hijacking is a type of network security attack in which the attacker takes control of a communication - just as an airplane hijacker takes control of a flight - between two entities and masquerades as one of them. So interception between two entities is done.
Question 13 |
A cryptographic system that uses only symmetric key cryptography cannot provide digital signature because :
Symmetric key cryptography is computationally infeasible. | |
Symmetric key cryptography involves key distribution. | |
Symmetric key cryptography is unreliable. | |
Digital signature requires a pair of private – public keys. |
Question 13 Explanation:
Digital signature requires a pair of private-public keys, due to which symmetric key cryptography cannot provide digital signature.
Question 14 |
If a message “CONGRATS” is encoded as “AMLEPYRQ”, the encryption key is :
+ 3 | |
+ 2 | |
– 3 | |
– 2 |
Question 14 Explanation:
C-2 = A
O-2 = M
N - 2 = L
G-2 = E
R-2 = P
A-2 = Y
T-2 = R
S-2 = Q
O-2 = M
N - 2 = L
G-2 = E
R-2 = P
A-2 = Y
T-2 = R
S-2 = Q
Question 15 |
Consider an information exchange scenario where Anthony is the sender and Bond is the intended recipient of the data.
Match the following appropriately.
I-C, II-B, III-D, IV-A | |
I-C, II-D, III-A, IV-B | |
I-C, II-D, III-B, IV-A | |
I-A, II-D, III-B, IV-C |
Question 15 Explanation:
Message Authentication: Bond needs to be sure of anthony’s identity and that an imposter has not sent the message.
Message confidentiality: The transmitted message must make sense to only bond and to all others it must be garbage.
Message Integrity: The message must arrive at the bond’s side exactly as it was sent. Message Non Repudiation: Anthony must not be able to deny sending a message that he or she in fact, did send
Options C is correct.
Message confidentiality: The transmitted message must make sense to only bond and to all others it must be garbage.
Message Integrity: The message must arrive at the bond’s side exactly as it was sent. Message Non Repudiation: Anthony must not be able to deny sending a message that he or she in fact, did send
Options C is correct.
Question 16 |
Considering the following key using a block of five characters, encryption of the message "NETWORKING" using the Transposition Cipher is:
Plaintext : 5 4 3 2 1
Ciphertext 1 2 3 4 5
GNIKROWTEN | |
OGWNTIEKNR | |
OWTENGNIKR | |
NREKTIWNOG |
Question 16 Explanation:
→A transposition cipher is a method of encryption by which the positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. That is, the order of the units is changed (the plaintext is reordered).
→According to given question ,
→Plaintext : 5 4 3 2 1
→Ciphertext 1 2 3 4 5
→Given message "NETWO RKING".
→The message is divided into two equal messages of 5 characters length.
→According to cipher text, The reverse of 5 characters of message is OWTEN GNIKR
→According to given question ,
→Plaintext : 5 4 3 2 1
→Ciphertext 1 2 3 4 5
→Given message "NETWO RKING".
→The message is divided into two equal messages of 5 characters length.
→According to cipher text, The reverse of 5 characters of message is OWTEN GNIKR
Question 17 |
Expansion for DES, a most widely used encryption algorithm, is
Digital Encryption Standard
| |
Digital Encryption Specification
| |
Data Encryption Standard | |
Data Encryption Specification |
Question 17 Explanation:
Full form of DES is Data Encryption Standard.
Question 18 |
The main purpose of encryption is to provide
Data Security | |
Data Integrity | |
Data Redundancy | |
(1) and (2) |
Question 18 Explanation:
The main purpose of encryption is to provide data confidentiality or data security.
Question 19 |
Which of the following is false?
Public-key cryptography is also known as asymmetric cryptography | |
Asymmetric cryptography uses a pair of cryptographic keys
| |
A message encrypted with the private key can be decrypted only with the corresponding public key | |
The private key is kept secret, while the public key is widely distributed |
Question 19 Explanation:
3 is false because a message encrypted with the private key can be decrypted only with the corresponding public key in asymmetric key cryptography but in symmetric key cryptography a message encrypted with the private key can be decrypted only with the same private key.
Question 20 |
The RSA algorithm is names after _________ who invented it
John Richradson, John Smith and Len Adleman | |
Ron Rivest, John Smith and L Hospital | |
Ron Rivest, Adi Shamir and Len Adleman | |
None of the above |
Question 20 Explanation:
The RSA algorithm is named after Ron Rivest, Adi Shamir and Len Adleman, who invented it in 1977. The RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers.
Question 21 |
Which of the following is a security requirement?
Confidentiality and Integrity | |
Authentication
| |
Non-repudiation
| |
All the above |
Question 21 Explanation:
Confidentiality-No other person can look into the information.Only for whom it is intended can look into it.
Integrity-No one can change the information. Authentication-It guarantees the identity of the sender. Non-repudiation-Nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. To repudiate means to deny.
Hence all are the security requirement.
Integrity-No one can change the information. Authentication-It guarantees the identity of the sender. Non-repudiation-Nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. To repudiate means to deny.
Hence all are the security requirement.
Question 22 |
Which of the following is a symmetric key algorithm?
Blowfish | |
IDEA | |
AES | |
All the above |
Question 22 Explanation:
Blowfish,IDEA,AES all are private key or symmetric key encryption algorithms.
Question 23 |
A message "COMPUTERNETWORK" encrypted (ignore quotes) using columnar transposition cipher with a key "LAYER". The encrypted message is :
CTTOEWMROPNRUEK | |
MROUEKCTTPNROEW | |
OEWPNRCTTUEKMRO | |
UEKPNRMROOEWCTT |
Question 23 Explanation:
Question 24 |
Avalanche effect in cryptography refers
Large changes in cipher text when the keyword is changed minimally | |
Large changes in cipher text when the plain text is changed | |
Large impact of keyword change to the length of the cipher text | |
None of the above |
Question 24 Explanation:
Avalanche effect describes a concept in cryptography, where a small change in the input value (keyword) causes a significant change in the output (hash value/ cipher text)
Question 25 |
In a columnar transposition cipher, the plain text is “the tomato is a plant in the night shade family”, keyword is “TOMATO”. The ciphertext is
“TINESAX / EOAHTFX / HTLTHEY / MAIIAIX / TAPNGDL / OSTNHMX” | |
“TINESAX / EOAHTFX / MAIIAIX / HTLTHEY / TAPNGDL / OS TN HMX” | |
“TINESAX / EOAHTFX / HTLTHEY / MAIIAIX / OSTNHMX / TAPNGDL” | |
“EOAHTFX / TINESAX / HTLTHEY / MIIAIX / TAPNGDL / OSTNHMX” |
Question 25 Explanation:
We first pick a keyword for our encryption. We write the plaintext out in a grid where the number of columns is the number of letters in the keyword. We then title each column with the respective letter from the keyword. We take the letters in the keyword in alphabetical order, and read down the columns in this order. If a letter is repeated, we do the one that appears first, then the next and so on.
encrypt the message "The tomato is a plant in the nightshade family" using the keyword tomato. We get the grid given below.
We have written the keyword above the grid of the plaintext, and also the numbers telling us which order to read the columns in. Notice that the first "O" is 3 and the second "O" is 4, and the same thing for the two "T"s.
The plaintext is written in a grid beneath the keyword. The numbers represent the alphabetical order of the keyword, and so the order in which the columns will be read.
Starting with the column headed by "A", our ciphertext begins "TINESAX" from this column. We now move to the column headed by "M", and so on through the letters of the keyword in alphabetical order to get the ciphertext "TINESAX / EOAHTFX / HTLTHEY / MAIIAIX / TAPNGDL / OSTNHMX" (where the / tells you where a new column starts). The final ciphertext is thus "TINESAX EOAHTFX HTLTHEY MAIIAIX TAPNGDL OSTNHMX".
encrypt the message "The tomato is a plant in the nightshade family" using the keyword tomato. We get the grid given below.
We have written the keyword above the grid of the plaintext, and also the numbers telling us which order to read the columns in. Notice that the first "O" is 3 and the second "O" is 4, and the same thing for the two "T"s.
The plaintext is written in a grid beneath the keyword. The numbers represent the alphabetical order of the keyword, and so the order in which the columns will be read.
Starting with the column headed by "A", our ciphertext begins "TINESAX" from this column. We now move to the column headed by "M", and so on through the letters of the keyword in alphabetical order to get the ciphertext "TINESAX / EOAHTFX / HTLTHEY / MAIIAIX / TAPNGDL / OSTNHMX" (where the / tells you where a new column starts). The final ciphertext is thus "TINESAX EOAHTFX HTLTHEY MAIIAIX TAPNGDL OSTNHMX".
Question 26 |
Which of the following is NOT a type of firewall for network security?
Circuit level gateways | |
Application level gateways | |
Packet filters | |
Digital Immune System |
Question 26 Explanation:
A circuit-level gateway is a type of firewall. Circuit-level gateways work at the session layer of the OSI model, or as a "shim-layer" between the application layer and the transport layer of the TCP/IP stack. They monitor TCP handshaking between packets to determine whether a requested session is legitimate.
Application level gateways is also a type of firewall. Packet filtering is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports.
The Digital Immune system is a comprehensive approach to virus protection, and is not a type of firewall.
Application level gateways is also a type of firewall. Packet filtering is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports.
The Digital Immune system is a comprehensive approach to virus protection, and is not a type of firewall.
There are 26 questions to complete.