2022年网络安全期末复习题 .pdf

网络安全期末复习题一、填空题：1、The three key objectives of computer security are confidentiality,，Integrity andAvailability（计算机安全的三个关键目标，保密性，完整性和可用性）2、Active Attack attempts to alter system resources or affect their operation.（主动攻击试图改变或影响其操作系统资源）3、Passive Attack attempts to learn or make use of information from the system but dose not affect system resources.（被动 攻击试图学习或者从系统中而不影响系统资源利用信息。）4、The process of attempting to discover the plaintext or key is known as cryptanalysis（试图发现明文或密钥的过程称为密码分析）5、0Two types of passive attacks are the release of message contents and traffic analysis.（被动攻击的两种类型是消息分析和流量分析）6、A symmetric encryption scheme has five ingredients,they are plaintext,encryption algorithm,decryption algorithm,secret key and ciphertext.（对称加密方案有五种成分，它们是明文，加密算法，解密算法，密钥和密文）7、The two general approaches to attacking a cipher are cryptanalysis and brute-force attack。（一般攻击密码的两种方法：密码分析和蛮力攻击）8、）If the encryption algorithm of 3DES is C=E(K3,D(K2,E(K1,P),then the decryption algorithm is P=D(K1(E(K2、D(K3、C).（如果 3DES 加密算法是C=E（K3，D（E（K1，K2，P），然后解密算法是P=D(K1(E(K2、D(K3、C)）9、With RSA algorithm,if the n is easily factored into its two prime factors,then the algorithm will be obsolete.（对于 RSA 算法，如果n 是容易分解成它的两个主要因素，那么算法将被淘汰）10、A Public key certificateconsists of a public key plus a User ID of the key owner,with the whole block signed by a trusted third party.（一个公钥证书由公钥加上所有者的用户ID 以及可信的第三方签名的整个数据块组成。）11、The SSL Record Protocol provides two services for SSL connections:Confidentialityand Message Integrity.（SSl 记录协议提供SSl 连接的两种服务：保密和消息完整性）12、To store the public private key pairs owned by the node and the public keys of other users known at this node,PGP provides a pair of data structures at each node.These data structures are referred to respectively,as the private-key ring and public key ring.（存储的公共密钥对由节点和其他用户在这个节点已知公钥拥有，PGP 在每个节点提供了一种数据结构。这些数据结构被分别称为，私钥环和公钥环。）13、IPSec support two modes of use:transport mode and tunnel mode.（存储的公共密钥对由节点和IPSec支持两种使用方式：传输模式和隧道模式。0 14、The tunnel mode of IPSec provides protection to the entire IP packet.（IPSec 隧道模式对整个IP 数据包提供保护）二、判断题:1、(对)The emphasis in dealing with passive attack is on prevention rather than detection.2、(错)Denial of service is a type of passive attack.3、(对)In DES,the plaintext is 64 bits in length and the key is 56 bits in length.4、(错)RC4 is block cipher.5、(错)Block cipher are almost always faster and use far less code than do stream cipher.6、(对)For lengthy message,the ECB mode may not be secure.名师资料总结-精品资料欢迎下载-名师精心整理-第 1 页，共 5 页 -7、(对)Symmetric encryption can be used to authenticate message.8、(对)Unlike the MAC,a hash function does not take a secret key as 9、(对)Compared to the encryption algorithm,the MAC authentication algorithm needs not be reversible.10、(错)Public-key encryption is general-purpose technique that conventional encryption obsolete.11、(错)All public-key algorithms can encrypt/decrypt message.12、(对)RES is a block cipher.13、(对)The principal objective for developing a PKI is to convenient,and efficient acquisition of public keys.14、(对)SSL/TLS provides confidentiality using symmetric encryption and message integrity using a message authentication code.15、(错)The smallest building block of a wireless LAN is an independent and service set(IBSS).16、(对)The principal feature of IPSec is that it can encrypt and/or authenticate all traffic at the IP level.三、选择题：1.Of all the following options _doesn t belong to the security services A.Confidenticality（不属于安全服务）B.Integrity C.Secret key D.Authentication 2.A _attack involves trying every possible key until an intelligible translation of the cipertext into plaintext is obtained.A.Brute-force（什么攻击涉及尝试每个可能的密钥直到得到的密文变成明文易懂的翻译。）B.ciphertext only C.known plaintext D.chosen text 3.For DES,which of following is false?_（对于 DES，下列哪种说法是错误的）A.DES is a block cipher B.the plaintext is processed in 80-bit blocks C.the key size is 56-bits D.plaintext goes through 16 iterations 4.All of following are symmetric block ciphers except for_（不是对称分组密码）A.IDEA B.AES C.3DES D.RC4 5.In_ mode,the input to the encryption algorithms is the XOR of the current plaintext block and the preceding ciphertext block,the same key is used for each blocks.A.ECB（哪种 模式，输入到异或加密算法是当前和前面的ciphertext 明文块的块.）B.CBC C.CFB D OFB 6._is not the requirement of hash function H.（_什么不是散列函数的一个要求。）名师资料总结-精品资料欢迎下载-名师精心整理-第 2 页，共 5 页 -A.H can be applied to a block of data of any size B.H produces a fixed length output C.H(x)is relatively easy to compute for any given x D.H must be shared secretly by both parties 7.For approaches to message authentication,the approach of_ doesn t need a secret key.A.Using conventional encryption（消息认证 的方法，什么方法不需要密钥。）B.MAC C.one-way hash code D.HMAC 8.The purpose of_ algorithm is to enable two users to exchange.A.DSS B.Diffie-Hellman key（哪种算法的目的是使两个用户交换）C.RSA D.ECC 9.Which of following is right about Kerberos?_（关于 Kerberos 下列哪一项是正确的）A.User must enter a password each time to access a server.B.A full-service Kerberos environment consist of a Kerberos number of clients,and a number of application servers.C.Kerberos also relies on public-key encryption.D.The ticket message transmitted is in clear.10.Which of following is not right about X.509 certificate?_（关于 X.509 证书，哪一个是错的)A.X.509 certificate must contains the public key of a user B.X.509 certificate format is used in IPSec and SSL C.X.509 certificate can be revoked before it expires D.X.509 certificate is signed with the public key of a trusted CA 11.operation of SSL record protocol is_（P145）（SSL 记录协议是 _操作）A.FragmentCompressAdd MACEncryptAppend SSL record header B.CompressFragment Add MACEncryptAppend SSL record header C.Fragment Encrypt Add MAC Compress Append SSL record header D.Add MACCompress Fragment EncryptAppend SSL record header 12.PGP makes use of four types of keys,the_ is used to protect private key A.One-time session conventional key B.Public key（PGP 使用了四种类型的密钥，_用于保护私钥）C.Private key D.Passphrase-based conventional key 13.In IPSec,a SA is uniquely identified by three parameters.The_ is not the one of the parameters.（在 IPSec 中，一个SA 由三个参数唯一确定。_不是一个参数。）A.SPI B.IP Destination C.IPSec Protocol Mode D.Security Protocol 14.In IPSec,AH provides all following security services except for_ A.Confidentiality（在 IPSec 安全服务，AH 提供的服务不包括）B.access control 名师资料总结-精品资料欢迎下载-名师精心整理-第 3 页，共 5 页 -C.connectionless integrity D.data origin authentication E.rejection of replayed packets 四、计算题：2、If the length of the message is 1921 bits.What are the value of the padding field and the length in SHA-512.答 Suppose the value of the padding field is x so 1921+x=896(mod1024)1921+x-896=0(mod1024)1025+x=0(mod1024)X=1023 The value of the padding field is 1023 bits In the second step of SHA-512 algorithm.a block of 128 bits is appended to the message.This block contains the lengh of the original message(before the padding),so the value of the length field is 19213、Perform encryption and decryption using the RSA algorithm for the following:p=3;q=11;e=7;m=5.答 p=3;q=11,e=7;M=5.n=P*q=3*11=33;o(n)=(p-1)*(q-1)=2*10=20;ed mod o(n)=1 d=3;C=Me mod n=57mod33=14;M=Cd mod n=143mod33=5 5、Consider a Diffie-Hellman scheme with a common prime q=11 and a primitive root a=2 a.If user A has public key YA=9,what is A s private key XA?b.If user B has public key YB=3,what is the shared secret key K?答 YA=aXA mod q K=YBXA mod q 五、简答题：1、Why is the middle portion od 3DES a decryption rather than an encryption?答 There is no cryptographic significance to the use of decryption for the second stage.Its only advantage is that it allows users of 3DES to decrypt data encrypted by users of the older single DES by repeating the key.2、Suppose an error occurs in a block of ciphertext on transmission using CBC.What effect is produced on the recovered plaintext blocks.答 If an error occurs in transmission of ciphertext block Ci,then this error propagates to the recovered plaintext blocks Pi and Pi-1.3、When Bob wishes to communicate with Alice securely,how can he do it wihr the help of public-key certificate to distribute a secret key to Alice?答 1、产生会话秘钥，2、让 A 公钥加密会话秘钥，3、让会话秘钥加密消息，4、将加密的消息与加密的会话秘钥发送出去4、What is Message authentication?答：消息认证是指通过对消息或者消息有关的信息进行加密或签名变换进行的认证，目的是为了防止传输和存储的消息被有意无意的篡改，包括消息内容认证（即消息完整性认证）、消息的源和宿认证（即身份认证 0)、及消息的序号和操作时间认证等。5、What is Digital signature?答 A digital signature is an authentication mechanism that enables the enables the creator of a message to attach a code that acts as a signature.The signature is formed by taking the hash of the message and encrypting the message with the creator s private key.The signature guarantees the source and integrity of the message.名师资料总结-精品资料欢迎下载-名师精心整理-第 4 页，共 5 页 -6、Please compare the similarities and differences of network security protocols:IPSec,SSL/TLS,Kerberos.答相同点：安全服务相似；不同点：所在位置不同，网络层、传输层、应用层7、What is the purpose of HTTPS?答 HTTPS(HTTP over SSL)refers to the combination of HTTP and SSL to implement secure communication between a Web browser and a Web server.8、What security areas are addressed by IEEE 802.11i?答 IEEE802.11i addresses three main security areas authentication:key management,and data transfer privacy.9、Briefly describe the five IEEE 802.11i phases of operation.(P185)答 1、发现；2、认证；3、密钥管理；4、保护数据传输；5、连接终止10、Why does PGP generate a signature before applying compression?（1）PGP 压缩算法不确定（2）如果对压缩文件签名，则需要对解压的文件在进行加密之后才能认证答 a.It is preferable to sign an uncompressed messages so that one can store only the uncompressed message together with the signature for future verification.b.Even if one were willing to generate dynamically a recompressed message for verification.PGP s compression algorithm presents a difficulty.The algorithm is not deterministic 11、What is the basic difference between X.509 and PGP in terms of key hierarchies and key trust?答 In X_509 there is a hierarchy of Certificate Authorities.Another difference is that in X_509 users will only trust Certificate Authorities while in PGP users can trust other users.12、List and briefly define three classes of intruders.冒充者：没有通过验证，使用计算机资源违法者：通过验证，窃取用户的数据和资源潜入者：控制用户计算机答 Masquerader:An individual who is not authorized to use the computer and who penetrates a system s access controls to exploit a legitimate user s account.Misfeasor:A legitimate user who accesses data,programs,or resources for which such access is not authorized,or who is authorized for such access but misuses his or her privileges.Clandestine user:An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection 13、What are two common techniques used to protect a password file?答(1)One-way function:Only the value of a function based on the user s password is stored;(2)Access Control:Access to the password file is limited to one or a very few accounts.14、List four techniques used to avoid guessable passwords?答(1)User education(2)Computer-generated psswords.(3)reactive password checking(4)proactive password checking 名师资料总结-精品资料欢迎下载-名师精心整理-第 5 页，共 5 页 -