CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?
A) Use security tokens for authentication
B) Connect through an IPSec VPN
C) Use https with a server-side certificate
D) Enforce static media access control (MAC) addresses
2. Which of the following features is normally missing when using Secure Sockets Layer (SSL) in a web browser?
A) Certificate-based authentication of web client
B) Certificate-based authentication of web server
C) Data confidentiality between client and web server
D) Multiple encryption algorithms
3. The BEST protocol to ensure confidentiality of transmissions in a business-to-customer (B2C) financial web application is:
A) Secure Sockets Layer (SSL).
B) Secure Shell (SSH).
C) IP Security (IPSec).
D) Secure/Multipurpose Internet Mail Extensions (S/MIME ).
4. A message* that has been encrypted by the sender's private key and again by the receiver's public key achieves:
A) authentication and authorization.
B) confidentiality and integrity.
C) confidentiality and nonrepudiation.
D) authentication and nonrepudiation.
5. When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSL), confidentiality is MOST vulnerable to which of the following?
A) IP spoofing
B) Man-in-the-middle attack
C) Repudiation
D) Trojan
A) Use security tokens for authentication
B) Connect through an IPSec VPN
C) Use https with a server-side certificate
D) Enforce static media access control (MAC) addresses
2. Which of the following features is normally missing when using Secure Sockets Layer (SSL) in a web browser?
A) Certificate-based authentication of web client
B) Certificate-based authentication of web server
C) Data confidentiality between client and web server
D) Multiple encryption algorithms
3. The BEST protocol to ensure confidentiality of transmissions in a business-to-customer (B2C) financial web application is:
A) Secure Sockets Layer (SSL).
B) Secure Shell (SSH).
C) IP Security (IPSec).
D) Secure/Multipurpose Internet Mail Extensions (S/MIME ).
4. A message* that has been encrypted by the sender's private key and again by the receiver's public key achieves:
A) authentication and authorization.
B) confidentiality and integrity.
C) confidentiality and nonrepudiation.
D) authentication and nonrepudiation.
5. When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSL), confidentiality is MOST vulnerable to which of the following?
A) IP spoofing
B) Man-in-the-middle attack
C) Repudiation
D) Trojan
1. Right Answer: B
Explanation: IPSec effectively prevents man-in-the-middle (MitM) attacks by including source and destination IPs within the encrypted portion of the packet. The protocol is resilient to MitM attacks. Using token-based authentication does not prevent a MitM attack; however, it may help eliminate reusability of stolen cleartext credentials. An https session can be intercepted through Domain Name Server (DNS) or Address Resolution Protocol (ARP) poisoning. ARP poisoning '' a specific kind of MitM attack '' may be prevented by setting static media access control (MAC) addresses. Nevertheless, DNS and NetBIOS resolution can still be attacked to deviate traffic.
2. Right Answer: A
Explanation: Web browsers have the capability of authenticating through client-based certificates; nevertheless, it is not commonly used. When using https, servers always authenticate with a certificate and, once the connection is established, confidentiality will be maintained between client and server. By default, web browsers and servers support multiple encryption algorithms and negotiate the best option upon connection.
3. Right Answer: A
Explanation: Secure Sockets Layer (SSL) is a cryptographic protocol that provides secure communications providing end point authentication and communications privacy over the Internet. In typical use, all data transmitted between the customer and the business are, therefore, encrypted by the business's web server and remain confidential. SSH File Transfer Protocol (SFTP) is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with the SSH-2 protocol to provide secure file transfer. IP Security (IPSec) is a standardized framework for securing Internet Protocol (IP) communications by encrypting and/or authenticating each IP packet in a data stream. There are two modes of IPSec operation: transport mode and tunnel mode.Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for public key encryption and signing of e-mail encapsulated in MIME; it is not a web transaction protocol.
4. Right Answer: C
Explanation: Encryption by the private key of the sender will guarantee authentication and nonrepudiation. Encryption by the public key of the receiver will guarantee confidentiality.
5. Right Answer: D
Explanation: A Trojan is a program that gives the attacker full control over the infected computer, thus allowing the attacker to hijack, copy or alter information after authentication by the user. IP spoofing will not work because IP is not used as an authentication mechanism. Man-in-the-middle attacks are not possible if usingSSL with client-side certificates. Repudiation is unlikely because client-side certificates authenticate the user.
Explanation: IPSec effectively prevents man-in-the-middle (MitM) attacks by including source and destination IPs within the encrypted portion of the packet. The protocol is resilient to MitM attacks. Using token-based authentication does not prevent a MitM attack; however, it may help eliminate reusability of stolen cleartext credentials. An https session can be intercepted through Domain Name Server (DNS) or Address Resolution Protocol (ARP) poisoning. ARP poisoning '' a specific kind of MitM attack '' may be prevented by setting static media access control (MAC) addresses. Nevertheless, DNS and NetBIOS resolution can still be attacked to deviate traffic.
2. Right Answer: A
Explanation: Web browsers have the capability of authenticating through client-based certificates; nevertheless, it is not commonly used. When using https, servers always authenticate with a certificate and, once the connection is established, confidentiality will be maintained between client and server. By default, web browsers and servers support multiple encryption algorithms and negotiate the best option upon connection.
3. Right Answer: A
Explanation: Secure Sockets Layer (SSL) is a cryptographic protocol that provides secure communications providing end point authentication and communications privacy over the Internet. In typical use, all data transmitted between the customer and the business are, therefore, encrypted by the business's web server and remain confidential. SSH File Transfer Protocol (SFTP) is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with the SSH-2 protocol to provide secure file transfer. IP Security (IPSec) is a standardized framework for securing Internet Protocol (IP) communications by encrypting and/or authenticating each IP packet in a data stream. There are two modes of IPSec operation: transport mode and tunnel mode.Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for public key encryption and signing of e-mail encapsulated in MIME; it is not a web transaction protocol.
4. Right Answer: C
Explanation: Encryption by the private key of the sender will guarantee authentication and nonrepudiation. Encryption by the public key of the receiver will guarantee confidentiality.
5. Right Answer: D
Explanation: A Trojan is a program that gives the attacker full control over the infected computer, thus allowing the attacker to hijack, copy or alter information after authentication by the user. IP spoofing will not work because IP is not used as an authentication mechanism. Man-in-the-middle attacks are not possible if usingSSL with client-side certificates. Repudiation is unlikely because client-side certificates authenticate the user.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
