Network Security Assignments, NPTEL Course

Assignment 1 NPTEL Course on “Network Security” 1) (MCQ) Suppose users share a 2 Mbps link. Also suppose each user transmits continuously at 1 Mbps when transmitting, but each user transmits only 20 percent of the time. When circuit switching is used, how many users can be supported? a. 1 user b. 2 users c. 5 users d. 10 users Answer: 2 users 2) (MCQ) Suppose three users share a 2 Mbps link. Also suppose each user transmits continuously at 1 Mbps when transmitting, but each user transmits only 20 percent of the time. Packet switching is used. What is the fraction of time during which the queue of packets to be sent on the link grows? a. 0.2 b. 0.04 c. 0.008 d. 0.0016 Answer: 0.008 3) (MCQ) Suppose a packet of 1000 bytes is sent over a link of rate 10 Mbps and length 500 m. The speed of light on the link is 2 × 10 m/s. What is the transmission delay? a. 0.8 milliseconds b. 2.5 microseconds c. 2.5 milliseconds d. 0.1 milliseconds Answer: 0.8 milliseconds 4) (MCQ) Which of the following statements is true? a. Dijkstra’s algorithm and Bellman-Ford’s algorithm are both centralized algorithms. b. Dijkstra’s algorithm and Bellman-Ford’s algorithm are both distributed algorithms. c. Dijkstra’s algorithm is distributed and Bellman-Ford’s algorithm is centralized. d. Dijkstra’s algorithm is centralized and Bellman-Ford’s algorithm is distributed. Answer: Dijkstra’s algorithm is centralized and Bellman-Ford’s algorithm is distributed. 5) (MSQ) Which of the following are mechanisms used for reliable data transfer? a. Timeouts b. Retransmissions c. Spanning trees d. Sequence numbers Answers: Timeouts, Retransmissions, Sequence numbers 6) (MCQ) Which approach does TCP use for congestion control? a. Network-assisted congestion control b. End-to-end congestion control c. A combination of network-assisted and end-to-end congestion control d. Neither network-assisted nor end-to-end congestion control Answer: End-to-end congestion control 7) (MSQ) Which of the following are point-to-point links? a. Dial-up b. Wi-Fi c. Cable Internet d. DSL Answers: Dial-up, DSL 8) (MSQ) Which of the following statements are true? a. A Tier-1 ISP typically pays a Tier-2 ISP b. A Tier-3 ISP typically pays a Tier-2 ISP c. A Tier-1 ISP typically does not pay other Tier-1 ISPs d. A Tier-3 ISP typically pays a Tier-1 ISP Answers: A Tier-3 ISP typically pays a Tier-2 ISP, A Tier-1 ISP typically does not pay other Tier-1 ISPs 9) (MSQ) Which of the following statements are true? a. In the original version of Ethernet, each end system is connected to a shared cable. b. In modern Ethernet, each end system is connected to a shared cable. c. In the original version of Ethernet, switches are used. d. In modern Ethernet, switches are used. Answers: In the original version of Ethernet, each end system is connected to a shared cable, In modern Ethernet, switches are used. 10) (MSQ) Which of the following are transport-layer protocols? a. PPP b. IP c. TCP d. UDP Answers: TCP, UDP Assignment 2 NPTEL Course on “Network Security” 1) (MCQ) Which of the following mechanisms allows a user at one end of a connection to check whether the user at the other end is indeed who they claim to be? a. Message integrity b. End-point authentication c. Encryption d. Timing information Answer: End-point authentication 2) (MCQ) Consider the two equations 𝑥 mod 8 = 3 and 𝑥 mod 9 = 5. How many values of 𝑥 in the range {0,1, … ,71} satisfy both these equations? a. 3 b. 2 c. 1 d. 0 Answer: 1 3) (MCQ) Suppose a block cipher is used to encrypt a sequence of plaintext blocks 𝑚 , 𝑚 , … , 𝑚 , … , 𝑚 into the corresponding ciphertext blocks 𝐶 , 𝐶 , … , 𝐶 , … , 𝐶. If Cipher Block Chaining (CBC) is used and block 𝐶 is corrupted during transmission, which block(s) will not be decrypted successfully at the receiver? a. 𝐶 , 𝐶 , … , 𝐶 , … , 𝐶 b. 𝐶 , … , 𝐶 c. 𝐶 and 𝐶 d. Only 𝐶 Answer: 𝐶 and 𝐶 4) (MCQ) In a public-key system using RSA, you intercept the ciphertext 𝐶 = 10 sent to a user whose public key is 𝑒 = 5, 𝑛 = 35. What is the plaintext 𝑚? a. 5 b. 7 c. 10 d. 25 Answer: 5 5) (MCQ) A and B perform Diffie-Hellman key exchange using p = 53 and g = 2. If A chooses her secret to be 10 and B chooses his secret to be 33, then what is the common secret that they agree upon? a. 31 b. 17 c. 10 d. 6 Answer: 6 6) (MSQ) Which of the following are safe primes? a. 11 b. 13 c. 23 d. 29 Answers: 11, 23 7) (MSQ) Which of the following schemes use an Initialization Vector? a. ECB b. CBC c. OFB d. CTR Answers: CBC, OFB, CTR 8) (MSQ) Which of the following are block ciphers? a. 3DES b. RSA c. AES d. Diffie-Hellman Answers: 3DES, AES 9) (MCQ) Which of the following techniques can be used to efficiently break a monoalphabetic cipher? a. Exhaustive search b. Frequency analysis c. Traffic analysis d. Pohlig-Hellman algorithm Answer: Frequency analysis 10) (MSQ) Which of the following are types of malware? a. Trapdoor b. Buffer overflow c. Logic bomb d. Rootkit Answers: Trapdoor, Logic bomb, Rootkit Assignment 3 NPTEL Course on “Network Security” 1) (MSQ) Which of the following, when appended to a message, ensures the integrity of the message? a. Message Authentication Code b. Checksum c. Digital Signature d. Cyclic Redundancy Check Answer: Message Authentication Code, Digital Signature 2) (MSQ) Which of the following statements about a cryptographic hash function are true? a. Its output is a variable length string b. It is computationally expensive to compute the hash of a given input c. It is computationally infeasible to find a message that has a pre-specified hash d. it is computationally infeasible to find two messages whose hash value is the same Answers: It is computationally infeasible to find a message that has a pre-specified hash, It is computationally infeasible to find two messages whose hash value is the same 3) (MSQ) Which of the following are cryptographic hash functions? a. SHA-3 b. Hamming code c. Cyclic redundancy check d. MD5 Answers: SHA-3, MD5 4) (MCQ) Recall that SHA-1 pads the input message before computing its hash value. What are the minimum and maximum possible lengths of the padding? a. 64 and 512 b. 65 and 576 c. 1 and 511 d. 256 and 448 Answer: 65 and 576 5) (MCQ) Suppose Alice has a message that she is ready to send to anyone who asks. Thousands of people want to obtain Alice’s message, but each wants to be sure of the integrity of the message. Which of the following techniques can be used to efficiently achieve the integrity of the message? a. Message Authentication Code b. Checksum c. Digital Signature d. Cyclic Redundancy Check Answer: Digital Signature 6) (MCQ) Consider a cryptographic hash function whose output is 256 bits in length. There is a target hash value ℎ desired by an intruder. Suppose the intruder finds out the hash values of 𝑛 different randomly chosen inputs. What is the expected number of inputs whose hash value equals ℎ? a. b. c. d. Answer: 7) (MCQ) Consider an attack on a cryptographic hash function, in which an intruder tries 𝑛 inputs to find two different inputs with the same hash value. What is such an attack called? a. Birthday attack b. Collision attack c. Pre-image attack d. Sybil attack Answer: Birthday attack 8) (MSQ) Which of the following are properties that must be satisfied by a digital signature? a. Verifiability b. Confidentiality c. Nonforgeability d. Availability Answers: Verifiability, Nonforgeability 9) (MSQ) Which of the following statements is true for the SHA-1 cryptographic hash function? a. Its output is 128 bits in length b. Its output is 160 bits in length c. It processes the input data in 512-bit blocks d. It processes the input data in 480-bit blocks Answers: Its output is 160 bits in length, It processes the input data in 512-bit blocks 10) (MSQ) Which of the following are cryptographic hash functions that are vulnerable to the length extension attack? a. SHA-1 b. SHA-2 c. SHA-3 d. AES Answers: SHA-1, SHA-2 Assignment 4 NPTEL Course on “Network Security” 1) (MSQ) Suppose Alice and Bob share a secret symmetric key K. Alice authenticates to Bob using protocol ap4.0, which we discussed in the video lectures. Let R denote the nonce used in the protocol and X(Y ) denote Y encrypted using the key X. After executing protocol ap4.0, which of the following would be secure as a session key? a. 𝐾(3𝑅) b. 𝐾(𝑅 + 𝐾) c. 𝐾(𝐾) d. (𝑅 + 𝐾)(𝑅) Answers: 𝐾(𝑅 + 𝐾), (𝑅 + 𝐾)(𝑅) 2) (MSQ) Which of the following protocols, which we discussed in the video lectures, defends against IP spoofing? a. ap1.0 b. ap2.0 c. ap3.0 d. ap4.0 Answers: ap3.0, ap4.0 3) (MSQ) Which of the following statements about a nonce are true? a. It is used by a protocol only once during its operation b. It can be reused once the two communicating parties restart their computers c. It can be used to check the liveness of the party at the other end of a connection d. It acts as a substitute for a password Answers: It is used by a protocol only once during its operation, It can be used to check the liveness of the party at the other end of a connection 4) (MSQ) Which of the following protocols, which we discussed in the video lectures, defend against the eavesdropping attack? a. ap3.0 b. ap4.0 c. Lamport’s hash d. Public key-based authentication Answers: ap4.0, Lamport’s hash, Public key-based authentication 5) (MCQ) How many nonces are used in the Expanded Needham-Schroeder protocol? a. One b. Two c. Three d. Four Answer: Four 6) (MSQ) Which of the following are used in the Needham-Schroeder protocol? a. Public key cryptography b. Nonce c. Key Distribution Center d. Cryptographic hash function Answers: Nonce, Key Distribution Center 7) (MSQ) Consider a sequence of packets being sent from Alice to Bob. An intruder on the path between Alice and Bob can delete some of the packets. Which of the following techniques can be used to defend against this attack? a. Encryption of the packets b. Addition of sequence numbers to packets c. Addition of a MAC computed over a packet to that packet d. Addition, to a packet, of a MAC computed over all the packets from the beginning of a session to the current packet Answers: Addition of sequence numbers to packets, Addition, to a packet, of a MAC computed over all the packets from the beginning of a session to the current packet 8) (MSQ) Which of the following statements about the Lamport’s Hash protocol are true? a. It defends against eavesdropping b. It uses public key cryptography c. It uses cryptographic hash functions d. It defends against the server database reading attack Answers: It defends against eavesdropping, It uses cryptographic hash functions, It defends against the server database reading attack 9) (MCQ) Which of the following is an attack on Lamport’s Hash? a. Birthday attack b. Sybil attack c. Small n attack d. Length extension attack Answer: Small n attack 10) (MSQ) Which of the following statements are true for the ap4.0 protocol, which we discussed in the video lectures? a. It provides mutual authentication b. It provides one-way authentication c. It uses public key cryptography d. It uses symmetric key cryptography Answers: It provides one-way authentication, It uses symmetric key cryptography Assignment 5 NPTEL Course on “Network Security” 1) (MSQ) Which of the following are fields in an ITU X.509 certificate? a. Serial number b. Issuer public key c. Subject public key d. Version Answers: Serial number, Subject public key, Version 2) (MSQ) Which of the following statements about certificates are true? a. A user, Bob, typically displays his encrypted certificate on his website b. The subject and issuer of a certificate may be the same c. A certificate is typically used in conjunction with a Key Distribution Center d. Certificates are often issued by Certification Authorities Answers: The subject and issuer of a certificate may be the same, Certificates are often issued by Certification Authorities 3) (MCQ) Which of the following models is commonly used in web browsers? a. Monopoly model b. Monopoly and Registration Authorities (RA) model c. Oligarchy model d. Anarchy model Answer: Oligarchy model 4) (MSQ) Which of the following statements about delta CRLs are true? a. Delta CRLs are intended for making CRL distribution more efficient b. Delta CRLs are successors of gamma CRLs c. If a verifier has a copy of the latest delta CRL, then he/ she does not need to consult any full CRL d. Delta CRLs are typically posted more frequently than full CRLs Answers: Delta CRLs are intended for making CRL distribution more efficient, Delta CRLs are typically posted more frequently than full CRLs 5) (MSQ) Which of the following are systems for securing email? a. IPsec b. VPN c. PGP d. S/MIME Answers: PGP, S/MIME 6) (MSQ) Which of the following does PGP provide? a. Confidentiality b. Message Integrity c. Compression d. Spam detection Answers: Confidentiality, Message Integrity, Compression 7) (MCQ) Which of the following formats does PGP use? a. Base128 b. Base64 c. Base32 d. Base16 Answer: Base64 8) (MSQ) Which of the following are phases of SSL? a. Synchronization b. Handshake c. Data Transfer d. Key derivation Answers: Handshake, Data Transfer, Key derivation 9) (MSQ) Which of the following are fields in an SSL record? a. Type b. Length c. Sequence number d. Version Answers: Type, Length, Version 10) (MCQ) Which of the following statements is true? a. Server authentication is mandatory, but client authentication is optional in the SSL handshake b. Client authentication is mandatory, but server authentication is optional in the SSL handshake c. Server and client authentication are both mandatory in the SSL handshake d. Server and client authentication are both optional in the SSL handshake Answer: Server authentication is mandatory, but client authentication is optional in the SSL handshake Assignment 6 NPTEL Course on “Network Security” 1) (MSQ) Which of the following statements are true? a. Consider sending a stream of packets from Host A to Host B using IPsec. Typically, a new SA will be established for each packet sent in the stream. b. Suppose that the headquarters and the branch office of a company, which are in different cities, are connected via a VPN deployed over the Internet. TCP is being run between a host in the headquarters and a host in the branch office. If the TCP flow from the host in the headquarters to the host in the branch office retransmits the same packet, then the two corresponding packets sent by the headquarters gateway router to the branch office gateway router will have the same sequence number in the ESP header. c. An IKE SA and an IPsec SA are the same thing. d. ESP provides confidentiality and message integrity. Answers: ESP provides confidentiality and message integrity. 2) (MCQ) Which of the following statements is true? a. An IKE SA is unidirectional and an IPsec SA is bidirectional. b. An IKE SA is bidirectional and an IPsec SA is unidirectional. c. An IKE SA and an IPsec SA are both unidirectional. d. An IKE SA and an IPsec SA are both bidirectional. Answer: An IKE SA is bidirectional and an IPsec SA is unidirectional. 3) (MSQ) Which of the following are included in the Security Association Database? a. SPI b. Current sequence number c. Encryption key d. Authentication key Answers: SPI, Encryption key, Authentication key 4) (MSQ) When tunnel mode is used, which of the following fields in an ESP packet are encrypted? a. Sequence number b. Original IP header c. SPI d. Original IP datagram payload Answers: Original IP header, Original IP datagram payload 5) (MSQ) Which of the following statements about Wi-Fi are true? a. It typically operates on licensed spectrum. b. It uses a binary exponential backoff based MAC protocol. c. It is based on the IEEE 802.11 standard. d. It does not use link-layer acknowledgment packets. Answers: It uses a binary exponential backoff based MAC protocol, It is based on the IEEE 802.11 standard 6) (MSQ) Which of the following provides security mechanisms for Wi-Fi? a. 802.11i b. 802.11w c. 802.11b d. 802.11g Answers: 802.11i, 802.11w 7) (MCQ) Which of the following ciphers is used in WEP? a. AES b. DES c. RC4 d. IDEA Answer: RC4 8) (MSQ) Which of the following statements are true? a. WEP provides mutual authentication between the AP and mobile device. b. WEP authentication is similar to the ap4.0 protocol. c. Message integrity in WEP is based on a CRC. d. Message integrity in WEP is based on a message authentication code. Answers: WEP authentication is similar to the ap4.0 protocol, Message integrity in WEP is based on a CRC 9) (MSQ) Which of the following statements are true? a. During WEP authentication, the two parties agree on a session key. b. During WEP authentication, no session keys are agreed upon. c. WEP uses different keys for authentication and encryption. d. WEP uses the same key for authentication and encryption. Answers: During WEP authentication, no session keys are agreed upon, WEP uses the same key for authentication and encryption 10) (MSQ) Which of the following are modes supported by IPsec? a. Transport mode b. Verbose mode c. Lightweight mode d. Tunnel mode Answers: Transport mode, Tunnel mode Assignment 7 NPTEL Course on “Network Security” 1) (MSQ) Which of the following are true of EAP authentication protocols? a. EAP-TLS requires both station and authentication server to have digital certificates. b. EAP-TTLS requires both station and authentication server to have digital certificates. c. EAP-MD5 is vulnerable to a replay attack. d. Under EAP-MD5, the station sends its password to the authentication server. Answers: EAP-TLS requires both station and authentication server to have digital certificates, EAP-MD5 is vulnerable to a replay attack 2) (MSQ) For which of the following tasks is the Key Confirmation Key (KCK) used? a. To integrity-protect data between the station and the AP. b. To integrity-protect messages in the four-way handshake. c. To encrypt data between the station and the AP. d. To encrypt the message containing the Group Key. Answers: To integrity-protect messages in the four-way handshake 3) (MSQ) For which of the following tasks is the four-way handshake used? a. To authenticate the station to the AP. b. To authenticate the AP to the station. c. To agree on a Pairwise Master Key (PMK). d. To agree on a Pairwise Transient Key (PTK). Answers: To agree on a Pairwise Transient Key (PTK) 4) (MSQ) Which of the following are standards for authentication servers? a. Tangent b. RADIUS c. Chord d. Diameter Answers: RADIUS, Diameter 5) (MCQ) What is the length of the Pairwise Transient Key (PTK)? a. 128 bits b. 256 bits c. 384 bits d. 512 bits Answer: 384 bits 6) (MSQ) Which of the following are inputs to the pseudo-random function used to compute the Pairwise Transient Key (PTK)? a. PMK b. KCK c. KEK d. MAC address of the AP Answers: PMK, MAC address of the AP 7) (MSQ) Which of the following are extracted from the Pairwise Transient Key (PTK)? a. GTK b. TK c. KEK d. KCK Answers: TK, KEK, KCK 8) (MSQ) Which of the following statements are true? a. TKIP uses RC4 for encryption b. TKIP uses AES for encryption c. CCMP uses RC4 for encryption d. CCMP uses AES for encryption Answers: TKIP uses RC4 for encryption, CCMP uses AES for encryption 9) (MCQ) Which of the following is used for message integrity in CCMP? a. HMAC b. CBC-MAC c. CRC d. TURBO-MAC Answer: CBC-MAC 10) (MSQ) Which of the following management frames are not protected under 802.11w? a. Probe response frame b. Disassociate frame c. Association response frame d. Deauthenticate frame Answers: Probe response frame, Association response frame Assignment 8 NPTEL Course on “Network Security” 1) (MSQ) In GSM, which of the following is/ are included in the secret(s) stored on the SIM card? a. the IMSI. b. a long-term key shared with the MSC/ HLR. c. the key used for encrypting user messages. d. the key used for integrity-protecting all messages. Answers: the IMSI, a long-term key shared with the MSC/HLR 2) (MSQ) In UMTS, using which of the following does the SIM authenticate itself to the MSC/ HLR? a. a user password. b. a digital certificate. c. a response to a challenge. d. an encrypted signalling message. Answer: a response to a challenge 3) (MSQ) In UMTS, the key used for message integrity protection is a function of which of the following? a. the IMSI. b. the TMSI. c. a random number generated by the MSC/ HLR. d. the long-term key shared between the SIM and the MSC/ HLR. Answers: a random number generated by the MSC/HLR, the long-term key shared between the SIM and the MSC/HLR 4) (MSQ) Which of the following is/ are true of encryption/ integrity protection in UMTS? a. KASUMI is used in OFB mode for encryption. b. KASUMI is used in CFB mode for encryption. c. A keyed hash (SHA-1) is used for integrity protection. d. KASUMI is used in CBC mode for integrity protection. Answers: KASUMI is used in OFB mode for encryption, KASUMI is used in CBC mode for integrity protection 5) (MSQ) Which of the following statements are true? a. In an LTE network, the key 𝐾𝐴𝑆𝑀𝐸 is known to an eNodeB. b. In an LTE network, the key 𝐾𝐴𝑆𝑀𝐸 is not known to an eNodeB. c. In an LTE network, the key 𝐾𝑁𝐴𝑆𝑒𝑛𝑐 is known to an eNodeB. d. In an LTE network, the key 𝐾𝑁𝐴𝑆𝑒𝑛𝑐 is not known to an eNodeB. Answers: In an LTE network, the key KASME is not known to an eNodeB, In an LTE network, the key KNASenc is not known to an eNodeB 6) (MSQ) In GSM, using which of the following techniques is user identity confidentiality provided? a. encrypting the ID of the subscriber. b. use of the TMSI. c. using the public key of the subscriber. d. using the hash of the subscriber’s ID. Answers: use of the TMSI 7) (MSQ) For which of the following purposes is the MAC computed in UMTS used? a. To authenticate the base station to the SIM card. b. To authenticate the SIM card to the base station. c. To authenticate the MSC/HLR to the SIM card. d. To authenticate the SIM card to the MSC/HLR. Answers: To authenticate the MSC/HLR to the SIM card 8) (MSQ) Which of the following variables generated/ computed by the MSC during the authentication procedure in UMTS is conveyed to the SIM card? a. the random number generated by the MSC. b. the cipher (encryption) key. c. the integrity check key. d. the expected response, XRES. Answers: the random number generated by the MSC 9) (MSQ) Which of the following are security features in 5G? a. Home Control b. KASUMI c. SEAF d. COMP-128 Answers: Home Control, SEAF 10) (MSQ) When 𝐾𝑒𝑁𝐵 is changed, which of the following keys also need to be changed? a. 𝐾𝐴𝑆𝑀𝐸 b. 𝐾𝑈𝑃𝑒𝑛𝑐 c. 𝐾𝑅𝑅𝐶𝐼𝑛𝑡 d. 𝐾𝑁𝐴𝑆𝑒𝑛𝑐 Answers: KUPenc, KRRCInt Assignment 9 NPTEL Course on “Network Security” 1) (MSQ) Which of the following statements are true? a. A packet filter can be configured to defend against DDoS attacks. b. A packet filter cannot be configured to defend against DDoS attacks. c. A packet filter can be configured to defend against worm attacks. d. A packet filter cannot be configured to defend against worm attacks. Answers: A packet filter cannot be configured to defend against DDoS attacks, A packet filter cannot be configured to defend against worm attacks 2) (MSQ) Which of the following is/ are performed by a web proxy (HTTP gateway)? a. webpage caching. b. authentication. c. spam filtering. d. malware signature detection. Answers: webpage caching, authentication, malware signature detection 3) (MSQ) Which of the following is/ are task(s) performed by firewalls? a. access control. b. defense against DDoS attacks. c. IP address spoofing detection. d. detection of malware. Answers: access control 4) (MSQ) Which of the following are types of firewalls? a. Malware blockers b. Application gateways c. Traditional packet filters d. Stateful packet filters Answers: Application gateways, Traditional packet filters, Stateful packet filters 5) (MSQ) Which of the following are ICMP packets? a. Ping packet b. SYNACK packet c. Redirect packet d. FIN packet Answers: Ping packet, Redirect packet 6) (MSQ) Which of the following statements are true for the traceroute program? a. It can be used to find a shortest path from one node to another. b. It sends a series of TCP packets. c. It is implemented using ICMP messages. d. It can be used to map the internal configuration of an organization’s network. Answers: It is implemented using ICMP messages, It can be used to map the internal configuration of an organization’s network 7) (MSQ) Which of the following can be used to defend against SYN flood attacks? a. Biscuits b. Cookies c. Firewalls d. Intrusion Detection Systems Answers: Cookies, Intrusion Detection Systems 8) (MCQ) Which port does DNS use? a. 51 b. 52 c. 53 d. 54 Answer: 53 9) (MSQ) On which of the following are the filtering decisions of a traditional packet filter typically based? a. IP destination address b. User name c. ICMP message type d. TCP flag bits Answers: IP destination address, ICMP message type, TCP flag bits 10) (MSQ) For which of the following can organizations have application gateways? a. FTP b. ICMP c. IP d. HTTP Answers: FTP, HTTP Assignment 10 NPTEL Course on “Network Security” 1) (MSQ) Which of the following is/ are preventive measure(s) against a DDoS attack? a. packet logging. b. distributed route filtering. c. use of TLS. d. egress filtering. Answers: distributed route filtering, egress filtering 2) (MSQ) Which of the following make(s) filtering decisions based on application payload? a. packet filter. b. stateful packet inspection firewall. c. anomaly-based IDS. d. signature-based IDS. Answers: anomaly-based IDS, signature-based IDS 3) (MCQ) The probability of false positives in Algorithm 3, which we studied for SYN flood detection, can be reduced by which of the following? a. increasing the length of each observation interval. b. decreasing the length of each observation interval. c. increasing the threshold. d. decreasing the threshold. Answer: increasing the threshold 4) (MSQ) Which of the following statements are true? a. A network-based IDS would be preferable to a host-based IDS for detecting network scanning. b. A host-based IDS would be preferable to a network-based IDS for detecting network scanning. c. A network-based IDS would be preferable to a host-based IDS for detecting attempts to break into a server. d. A host-based IDS would be preferable to a network-based IDS for detecting attempts to break into a server. Answers: A network-based IDS would be preferable to a host-based IDS for detecting network scanning, A host-based IDS would be preferable to a network-based IDS for detecting attempts to break into a server 5) (MSQ) Which of the following are examples of network scanning? a. Port scanning b. SYN flood attack c. Operating System detection d. Host discovery Answers: Port scanning, Operating System detection, Host discovery 6) (MSQ) Which of the following statements are true for a Demilitarized Zone (DMZ)? a. A DMZ is a high-security region in an organization’s network b. A DMZ is a low-security region in an organization’s network c. Machines in a DMZ can communicate with external users d. Machines in a DMZ cannot communicate with external users Answers: A DMZ is a low-security region in an organization’s network, Machines in a DMZ can communicate with external users 7) (MSQ) Which of the following can be the number of relays through which Tor routes traffic between a given source and a given destination? a. One b. Two c. Three d. Four Answers: Three, Four 8) (MSQ) Suppose traffic is exchanged between a source, Alice, and a destination, Bob, using Tor. Which of the following nodes know(s) the IP address of the source Alice? a. Guard relay b. Middle relay c. Exit relay d. Bob Answer: Guard relay 9) (MSQ) Which of the following is/ are type(s) of Intrusion Detection System (IDS)? a. Signature-based system b. Application gateway c. Anomaly-based system d. Packet filter Answers: Signature-based system, Anomaly-based system 10) (MSQ) Which of the following statements are true? a. A host-based IDS is typically a standalone appliance b. A host-based IDS typically runs as an application on a host c. A network-based IDS is typically a standalone appliance d. A network-based IDS typically runs as an application on a host Answers: A host-based IDS typically runs as an application on a host, A network-based IDS is typically a standalone appliance Assignment 11 NPTEL Course on “Network Security” 1) (MCQ) Suppose the value of the nBits field in Bitcoin block headers at a given time is 0x181BC330. What is the average number of trials required until a miner succeeds in mining a valid block? a. 1.7 × 1018 b. 1.7 × 1019 c. 1.7 × 1020 d. 1.7 × 1021 Answer: 1.7 × 1020 2) (MCQ) What is the maximum size of a block in the Bitcoin blockchain? a. 2 MB b. 4 MB c. 8 MB d. 16 MB Answer: 4 MB 3) (MSQ) Which of the following are received by a node that adds a new block to the Bitcoin blockchain? a. Block subsidy b. Payment equal to expected electricity cost c. Payment equal to expected cooling cost d. Transaction fees Answers: Block subsidy, Transaction fees 4) (MCQ) What is the smallest indivisible unit of the Bitcoin currency? a. bitcoin b. satoshi c. micro-bitcoin d. merkle Answer: satoshi 5) (MSQ) Which of the following are fields in the block header of a block in the Bitcoin blockchain? a. nTime b. hashPrevBlock c. nNonce d. nSubsidy Answers: nTime, hashPrevBlock, nNonce 6) (MSQ) Which of the following statements are true for the hashMerkleRoot field? a. It is a 16-byte value b. It is used for tamper resistance c. It enables efficient membership proofs of transactions within a block d. It is a 32-byte value Answers: It is used for tamper resistance, It enables efficient membership proofs of transactions within a block, It is a 32-byte value 7) (MSQ) Which of the following are types of nodes in the Bitcoin network? a. Full nodes b. Child nodes c. SPV nodes d. Parent nodes Answers: Full nodes, SPV nodes 8) (MSQ) Which of the following statements are true about blocks in the Bitcoin blockchain? a. A block can contain multiple coinbase transactions b. A block must contain a single coinbase transaction c. A block can contain multiple regular transactions d. A block must contain a single regular transaction Answers: A block must contain a single coinbase transaction, A block can contain multiple regular transactions 9) (MSQ) Which of the following are specified by an input of a regular transaction? a. Amount of bitcoins b. A challenge script c. A response script d. The transaction identifier of a previous transaction Answers: A response script, The transaction identifier of a previous transaction 10) (MSQ) Which of the following actions can a 51 % attacker perform? a. Launch double spending attacks b. Raise the price of bitcoins c. Delete transactions from old blocks d. Decide which transactions get recorded on the blockchain Answers: Launch double spending attacks, Delete transactions from old blocks, Decide which transactions get recorded on the blockchain Assignment 12 NPTEL Course on “Network Security” 1) (MSQ) Which of the following are cloud service models? a. SaaS b. IaaS c. CaaS d. PaaS Answers: SaaS, IaaS, PaaS 2) (MSQ) Which of the following statements are true for a private cloud? a. It is not possible to connect to a private cloud from outside the premises of the enterprise it serves b. It is possible to connect to a private cloud from outside the premises of the enterprise it serves c. A private cloud may be situated within the premises of the enterprise it serves d. A private cloud may be situated outside the premises of the enterprise it serves Answers: It is possible to connect to a private cloud from outside the premises of the enterprise it serves, A private cloud may be situated within the premises of the enterprise it serves, A private cloud may be situated outside the premises of the enterprise it serves 3) (MSQ) Which of the following are actors in the cloud computing reference architecture? a. Cloud Auditor b. Cloud Hardware Manufacturer c. Cloud Broker d. Cloud Carrier Answers: Cloud Auditor, Cloud Broker, Cloud Carrier 4) (MSQ) Which of the following statements are true for the Fully Homomorphic Encryption Scheme that we discussed in the lecture videos? a. The scheme divides the plaintext into blocks of 𝑘 bits each, where 𝑘 > 1, and encrypts each block independently b. The private key is a large even integer c. The private key is a large odd integer d. The scheme encrypts each bit of the plaintext separately Answers: The private key is a large odd integer, The scheme encrypts each bit of the plaintext separately 5) (MSQ) Which of the following are short-range wireless access technologies? a. IEEE 802.15.4 b. SigFox c. LTE-Advanced d. Wi-Fi Answers: IEEE 802.15.4, Wi-Fi 6) (MSQ) Which of the following are examples of fog nodes? a. Data center b. Industrial controller c. Router d. IoT gateway Answers: Industrial controller, Router, IoT gateway 7) (MCQ) Which of the following is a lightweight block cipher? a. SEA b. AES c. PHOTON d. HMAC Answer: SEA 8) (MCQ) Which one of the following statements is true? a. Short keys in cryptographic algorithms result in low cost and low performance b. Short keys in cryptographic algorithms result in low cost and high performance c. Short keys in cryptographic algorithms result in high cost and low performance d. Short keys in cryptographic algorithms result in high cost and high performance Answer: Short keys in cryptographic algorithms result in low cost and high performance 9) (MSQ) Which of the following tasks can Shor’s algorithm perform? a. It can efficiently factor products of large prime numbers b. It can efficiently perform brute-force search c. It can efficiently calculate discrete logarithms d. It can efficiently break several currently used symmetric key ciphers Answers: It can efficiently factor products of large prime numbers, It can efficiently calculate discrete logarithms 10) (MSQ) Which of the following are families of post-quantum cryptographic algorithms? a. Multivariate cryptography b. Univariate cryptography c. Lattice-based cryptography d. Code-based cryptography Answers: Multivariate cryptography, Lattice-based cryptography, Code-based cryptography

Network Security Assignments, NPTEL Course

Document Details

Tags

Related

Summary

Full Transcript