Scribd
Upload
79 views9 pages

OSI Security Architecture Overview

This document presents a summary of a chapter from the book "Cryptography and Network Security: Principles and Practice", 6th edition by William Stallings. The chapter covers key security concepts such as attacks, mechanisms, services, OSI architecture, authentication, encryption, data integrity, availability, confidentiality, and more. It includes true/false questions and multiple-choice questions on these topics to assess the reader's understanding.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
79 views9 pages

OSI Security Architecture Overview

This document presents a summary of a chapter from the book "Cryptography and Network Security: Principles and Practice", 6th edition by William Stallings. The chapter covers key security concepts such as attacks, mechanisms, services, OSI architecture, authentication, encryption, data integrity, availability, confidentiality, and more. It includes true/false questions and multiple-choice questions on these topics to assess the reader's understanding.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Cryptography and Network Security: Principles and Practice, 6thEdition,

by William Stallings
THOSE THAT ARE FALSE WILL BE CORRECTED

CHAPTER 1: OVERVIEW

TRUE OR FALSE

T F 1. The OSI security architecture provides a systematic


framework for
defining security attacks, mechanisms, and services.

The OSI security architecture provides a systematic framework


to define attacks, mechanisms, and security services.

T F 2. Security attacks are classified as either passive or


aggressive.

The correct: security attacks are classified as passive or


assets.

T F 3. Authentication protocols and encryption algorithms are


examples
of security mechanisms.

Authentication protocols and encryption algorithms are


examples of security mechanisms.

T F The more critical a component or service, the higher the


level of
required availability.

The more critical a component or service is, the higher the level will be.
Required availability.

T F 5. Security services include access control, data


confidentiality and
data integrity, but do not include authentication.

The correct: Security services include access control,


confidentiality, data integrity, authentication, non-repudiation.
Cryptography and Network Security: Principles and Practice, 6thEdition
by William Stallings

T F 6. The field of network and Internet security consists of


measures to
deter, prevent, detect and correct security violations
that involve the transmission of information.

The field of network and Internet security consists of measures


to determine, prevent, detect, and correct security violations
that involve the transmission of information.

T F 7. Patient allergy information is an example of an asset


with a high
requirement for integrity.

The information about the patient's allergy is an example of an asset.


with a high requirement for integrity

T F 8. The OSI security architecture was not developed as an


international standard, therefore causing an obstacle for
computer and communication vendors when
developing security features.

The correct: The OSIFUE security architecture developed as


an international standard, computer and vendors of
communications have developed security features for
their products and services related to this definition.
Page 14

T F Data origin authentication does not provide protection


against the
modification of data units.

Data source authentication does not provide protection against


the modification of data units.

T F 10. The emphasis in dealing with active attacks is on


prevention
rather than detection.

The correct: The emphasis on the treatment of PASSIVE attacks is the


prevention more than detection.
Cryptography and Network Security: Principles and Practice, 6thEdition
by William Stallings

T F 11. The connection-oriented integrity service addresses


both
message stream modification and denial of service.

The connection-oriented integrity service corresponds to both the


modification of message content and denial of service.

T F 12. All the techniques for providing security have two


components: a
security-related transformation on the information to
be sent and some secret information shared by the two
principals.

All techniques for providing security have two


components: a transformation related to security in the
information to be sent and some secret information shared by
the two main ones.

T F 13. Information access threats intercept or modify data on


on behalf of
users who should not have access to that data.

The threats to access to information intercept or modify


data in the names of users who should not have access to that data.

T F 14. The data integrity service inserts bits into gaps in a


data stream to
frustrate traffic analysis attempts.

The data integrity service inserts bits into gaps in a stream


data to thwart traffic analysis attempts.

T F 15. Symmetric encryption is used to conceal the contents


of blocks or
streams of data of any size, including messages, files,
encryption keys, and passwords.

Symmetric encryption is used to hide the content of blocks or


data flows of any size, including messages, files,
encryption keys and passwords.
Cryptography and Network Security: Principles and Practice, 6thEdition,
by William Stallings

MULTIPLE CHOICE

1. __________ is the most common method used to conceal small


blocks of data, such as encryption keys and hash function values,
which are used in digital signatures.

A) Symmetric encryption B) Data integrity


algorithms

C) Asymmetric encryption D) Authentication


protocols

Asymmetric Encryption is the most common method used for hiding


small blocks of data, such as encrypted keys and function values
of hashes, used in digital signatures.

2. A common technique for masking contents of messages or other


information traffic so that opponents cannot extract the
information from the message is __________ .

A) integrity B) encryption

C) analysis D) masquerade

A common technique to mask the content of messages or others


traffic of information so that attackers cannot extract it
the message information is___encrypted

3. __________ involves the passive capture of a data unit and its


subsequent retransmission to produce an unauthorized effect.

A) Disruption B) Replay

C) Service denial D) Masquerade

Repetition implies the passive capture of a data unit and its


posterior retransmission to produce an unauthorized effect.

4. The three concepts that form what is often referred to as the CIA
triad are ________. These three concepts embody the
fundamental security objectives for both data and for information
and computing services.
Cryptography and Network Security: Principles and Practice, 6thEdition,
by William Stallings

A) confidentiality, integrity and availability

B) communication, integrity and authentication

C) confidentiality, integrity, access control

D) communication, information and authenticity

5.A loss of confidentiality is the unauthorized disclosure of information.

authenticity B) confidentiality

C) reliability D) integrity

A loss of _confidentiality_ is the unauthorized disclosure of


information

6. Verifying that users are who they say they are and that each
input arriving at the system came from a trusted source is
_________ .

A) authenticity B) credibility

C) accountability D) integrity
Verify that users are who they say they are and that each
data entry comes from a trusted source is Authenticity

7. A _________ level breach of security could cause a significant


degradation in mission capability to an extent and duration that
the organization is able to perform its primary functions, but the
The effectiveness of the functions is significantly reduced.

A) catastrophic B) moderate

C) low D) high

A moderate level of security breach could cause a


significant degradation in the mission's capacity in the measurement and
duration that the organization can perform its functions
primary, but the effectiveness of the functions is reduced
significantly.
Cryptography and Network Security: Principles and Practice, 6thEdition
by William Stallings

8. A __________ is any action that compromises the security of


information owned by an organization.

A) security attack B) security service

C) security alert D) security mechanism

A _security attack_ is any action that compromises the


information security of an organization

9. A __________ takes place when one entity pretends to be a


different entity.

A) replay masquerade

C) service denial D) passive attack

10. __________ is the protection of transmitted data from


passive attacks.

A) Access control B) Data control

C) Nonrepudiation D) Confidentiality

11. A(n) __________ service is one that protects a system to


ensure its availability and addresses the security concerns raised
by denial-of-service attacks.

A) replay B) availability

C) masquerade D) integrity

The _availability_ service is one that protects a system to


ensure their availability and address security concerns
posed by denial of service attacks.

12. __________ threats exploit service flaws in computers to


inhibit use by legitimate users.

Information access

Passive D) Service
Cryptography and Network Security: Principles and Practice, 6thEdition,
by William Stallings

Service threats exploit service failures in the


computers to inhibit use by legitimate users

13. A(n) __________ is a potential for violation of security, which


exists when there is a circumstance, capability, action or event
that could breach security and cause harm.

A) threat B) attack

C) risk D) attack vector

14. The protection of the information that might be derived


from observation of traffic flows is _________.

A) connectionless confidentiality B) connection


confidentiality

C) traffic-flow confidentiality D) selective-field


confidentiality

The protection of information that may arise from observation


the confidentiality of traffic flows is the confidentiality of traffic

15. Data appended to, or a cryptographic transformation of,


data unit that allows a recipient of the data unit to prove the
source and integrity of the data unit and protect against forgery
is a(n) ___________.

A) security audit trail B) digital signature

C) encipherment D) authentication exchange

The attached data or a cryptographic transformation of a data unit


that allows a data recipient to verify the source and integrity of the
data and protect against counterfeiting is a digital signature

SHORT ANSWER

1. A SECURITY MECHANISM___________ is any process, or a device


incorporating such a process, that is designed to detect, prevent, or
recover from a security attack. Examples are encryption algorithms,
digital signatures and authentication protocols.

A security mechanism is any process, or the incorporation


Cryptography and Network Security: Principles and Practice, 6thEdition
by William Stallings

from a device that is designed to detect, prevent or


recovering from a security breach. Examples are algorithms of
encryption, digital signatures, and authentication protocols.

2. An ACTIVE__________ attack attempts to alter system resources or


affect their operation.

The protection afforded to an automated information system in


in order to attain the applicable objectives of preserving the integrity,
availability and confidentiality of information system resources is the
definition of ____CIA_____.

A loss of AVAILABILITY is the disruption of access to or use


of information or an information system.

A loss of _AVAILABILITY_ is the interruption of access or use.


of information or an information system.

5. Irreversible encipherment mechanisms include


hash algorithms and message authentication codes, which are used in
digital signature and message authentication applications.

Irreversible encryption mechanisms include hash algorithms and codes


of message authentication, which is used in signature applications
digital and message authentication

6. In the United States, the release of student grade information is


regulated by the
__FERPA________ .

7. A loss of INTEGRITY is the unauthorized modification or


destruction of information.

A _PASSIVE________ attack attempts to learn or make use of


information from the system but does not affect system resources.

9. The AUTHENTICATION service is concerned with assuring


the recipient that the message is from the source that it claims to be
from. This service must also assure that the connection is not
interfered with in such a way that a third party can masquerade as one
of the two legitimate parties for the purposes of unauthorized
transmission or reception.

10. Two specific authentication services defined in X.800 are peer


Cryptography and Network Security: Principles and Practice, 6thEdition,
by William Stallings

entity authentication and data origin authentication.

11. In the context of network security, ACCESS CONTROL is


the ability to limit and control the access to host systems and
applications via communications links.

12. __NO REPUDIATION________ prevents either sender or receiver from


denying a transmitted message. Thus, when a message is sent, the
receiver can prove that the alleged sender in fact sent the message
and when a message is received, the sender can prove that the alleged
receiver in fact received the message.

13. Viruses and worms are two examples of SOFTWARE


attacks. Such attacks can be introduced into a system by means of a
disk that contains the unwanted logic concealed in otherwise useful
software. They can also be inserted into a system across a network.

14. An _ATTACK_________ is an assault on system security that derives


from an intelligent act that is a deliberate attempt to evade security
services and violate the security policy of a system.

15. ___NOTARIZATION (CERTIFYING ENTITY)_______ is the use of a


trusted third party to assure certain properties of a data
exchange.

You might also like