CSS 211 - Introduction to Network Security

Review for Third Test

The following questions are provided to help you study for the first test. Do not expect to see these exact questions on the test.

  1. If we were to use a Caesar cipher based on +4, what would the cipher text for the word "password" look like?

  2. What goal is met by an encryption scheme that satisfies each of these topics:
    • confidentiality
    • integrity
    • availability
    • authenticity
    • non-repudiation

  3. Why does a hash algorithm fail to meet the goal of confidentiality?

  4. Name three characteristics of a secure hashing algorithm.

  5. Which hash algorithm family was created by the NSA?

  6. Why is the NTLM hash algorithm preferred over the LM hash algorithm?

  7. What could you do to cause a password to be stored in both LM and NTLM hash algorithm files?

  8. What is the difference between symmetric and asymmetric encryption algorithms?
    Which are also called private key systems?
    Which are also called public key systems?

  9. Why does the phrase "public key system" only describe part of the system?

  10. Which kind of key would be used to encrypt a digital signature?

  11. Name the three symmetric encryption methods given in the text whose names all look very much alike.

  12. What are the six steps in using Pretty Good Privacy?

  13. Why is PGP a hybrid system?

  14. What is the name of the open source version of PGP?

  15. What Windows encryption system is good for encrypting particular files and folders?

  16. What fairly recent Windows encryption system can be used in some versions of Windows to encrypt an entire drive?

  17. What do you call a company that can create key pairs and digital certificates for Internet vendors?

  18. What are three things a digital certificate should contain?

  19. What is the difference between a CA's CR and its CRL?

  20. What format standard from the ITU should digital certificates meet?

  21. What are the three trust models the text discusses regarding Public Key Infrastructure?

  22. Name the four life events that that text lists for a digital certificate's life cycle.

  23. What are the three necessary ingredients for a fire? (No, the fire itself does not count.)

  24. Name the five discussed American classes of fire extinguishers, and what each class is used for.

  25. What is a faraday cage used for (other than capturing faradays)?

  26. What is the TEMPEST standard?

  27. What are two ways to reduce the probability of an electrostatic discharge?

  28. List four kinds of RAID and what is significant about each one.

  29. Name a reason that an IT manager might prefer 1) an on-line UPS and 2) an off-line UPS.

  30. What would be the advantage to a hot site that would make it preferable over a cold site? What would be its major disadvantage?

  31. Name the four major backup strategies. Which ones reset archive bits?

  32. What typically is written in a Windows page file?

  33. What is the upper limit to the amount of data that might be found in a single instance of RAM slack?

  34. What would determine how much information might be found in an instance of drive slack?

  35. What are some general differences between security guidelines, standards, and policies?

  36. What does the author mean when he says we must balance trust with control?

  37. What is an acceptable use policy?

  38. What would be some elements of a password policy?

  39. What is meant by each of these phrases?


    spear phishing


    Google phishing

  40. What is shoulder surfing?

  41. Of what use is snopes.com with regard to email scams?