Who are you? I'm not sure everything is correct

School of Distance Education, China University of Petroleum (Beijing)

Review questions for "Fundamentals of Computer Network Applications"

Reference textbook "Computer Basic Network Security Tutorial"

1. Multiple choice questions

1. The characteristics of computer network security are (A)

A. Confidentiality and integrity , controllability B. Availability, controllability, optionality

C. Authenticity, confidentiality, confidentiality D. Integrity, authenticity, controllability

2. The PPDR model consists of four main parts: (C), protection, detection and response.

A. Security mechanism B. Identity authentication C. Security policy D. Encryption

3. The ISO/OSI reference model has (D) layer.

A.4 B.5 C.6 D.7

4. What is not a common method of data stream encryption is (D)

A. Link encryption B. Node encryption C. End-to-end encryption D. Network encryption

5. Which of the following options is a common form of identity authentication (A)

A. Dynamic Password token B. IP card C. Physical identification technology D. Single-factor authentication

6. Digital signatures use the public key cryptography mechanism of (A).

A. PKI B.SSL C.TCP D.IDS

7. (B) The essential feature of the mechanism is that the signature can only be generated using the signer's private information.

A. Mark B. Signature C. Integrity D. Detection

8. What does not belong to the general process of intrusion detection is (C)

A. Collecting information B. Information analysis C. Information classification D. Intrusion detection response

9. The (B) response of the intrusion detection response can effectively control the intruder and the invaded area.

A. Passive B. Active C. Information D. Control

10. What is not a common port scanning technology is (B)

A.TCP connect Request B.TCP SZN request

C. IP fragmentation request D.FTP reflection request

11. The host-based scanner is running on the detected (A).

A. Host B. Server C. Browser D. Monitor

12. Trojan horse (referred to as Trojan horse) is a network application with a (C) structure.

A. B/S B. Web C. C/S D. Server

13. Buffer overflow is achieved by using (A) in the system.

A. Stack B. Queue C. Protocol D. Port

14. A stack is a (A) queue.

A. Last in, first out B. Last in, last out C. First in, last out D. First in, first out

15. DOS is designed to stop (D) network services.

A. Target server B. Target browser C. Target protocol D. Target host

16. Under normal circumstances, establishing a TCP connection requires a three-party handshake process, that is, Perform (C) packet exchange.

A. One B. Two C. Three D. Four

17. The most effective way to deal with network monitoring is (B).

A. Decryption B. Encryption C. Scanning D. Detection

18.TCP sequence number spoofing is based on guessing the server's response sequence number through the TCP (C) handshake process. realized.

A.One B.Two C.Three D.Four

19. The host-based intrusion detection system is used to prevent intrusions to the (D) node.

A.Multiple machines B.Network C.Symmetry D.Single machine

20. Most of the current Firewalls are based on (C) technology.

A. Adaptive processing B. Encryption C. Intrusion detection D. PKI

21. What is not a function of Firewall is (C)

A. Barriers to network security B. Strengthen network security strategies

C. Accelerate network access and access D. Prevent the leakage of internal information

22. Currently, Firewall generally uses (B) NAT.

A. One-way B. Two-way C. Multi-directional D. Network

23. Packet filtering Firewall works on the (C) layer.

A.Physical B.Session C.Network D.Transmission

24. Proxy Firewall uses specialized software compiled to understand the information flow of the user (D) layer, and can Provide access control between user layer and application protocol layer.

A. Physical B. Session C. Network D. Application

25. Proxy Firewall works on (B), using proxy software to complete the detection and judgment of datagrams, and finally Determine whether it can pass through the Firewall.

A.Physical, application B. Session, application C. Network, session D. Application, transmission

26. The Web browser establishes TCP/IP with the server through (A) connect.

A. Three-way handshake B. Four-way handshake C. Three-way wave D. Four-way wave

27. SSL provides a data secure socket between (D) layer protocol mechanism.

A. Physical, application B. Session, application C. Network, session D. Application, transmission

28. A connection of the SSL handshake protocol requires (D) keys.

A. One B. Two C. Three D. Four

29. The tunnel protocol used by VPDN is not (D)

A. Layer 2 forwarding protocol B. Point-to-point tunneling protocol

C. Layer 2 Tunneling Protocol D. Network-to-Network Communication Protocol

30. Which of the following does the basic PKI system not include (B)

A. CA B. BA

C. SA D. KCA

31. Public key infrastructure is based on (C) cryptography.

A. Symmetric B. Asymmetric C. Convention D. Digital

32. What is not a basic security service that PKI can provide for users is (D)

C. Data confidentiality service D. Fair service

E. Non-repudiation service

33 .At present, the main protocols that use PKI technology to protect email security are (B) and S/MIME protocols.

A.PSP B.PGP C.BGB D.BSB

34. (A) refers to virtual private network.

A.VPN B.WPN C.WSN D.VSN

35. (D) Cryptography technology is used to initialize SSL connections.

A. Intrusion B. Detection C. Digital D. Public key

36. IMS is a (C) system.

A. Intrusion detection system B. Automatic encryption system

C. Intrusion management system D. Network security system

37. Identity authentication mechanism generally includes three items Contents: (B), Authorization and Auditing.

A. Login B. Authentication C. Detection D. Verification

38. The three mechanisms that do not belong to network security are (C)

A .Encryption mechanism B. Control mechanism C. Supervision mechanism D. Detection mechanism

39. The encryption technology commonly used for data encryption is ().

A. Symmetric encryption B. Peer-to-peer encryption C. Non-peer-to-peer encryption D. Digital encryption

40. Detection systems can be divided into three categories according to detection principles. Which of the following options is incorrect ()

A. Anomaly detection B. Abuse monitoring C. Mixed detection D. Intrusion detection

1. Fill in the blanks

1. Computer network security threats mainly include the following three types: (hardware threats), (software threats), (data threats).

2. Network security = beforehand (inspection) + during the incident (protection), (monitoring), (control) + after the incident (evidence collection).

3. The TBAC model is generally represented by a five-tuple (S, O, P, L, AS), where S represents (subject), O represents (object), P represents (permission), and L means (lifetime), AS means (authorization step).

4.RSA signature uses (encryption) key algorithm to generate a pair of (key) and (public key).

5. Commonly used scanning methods include utilization (network command), (port scanning) and (vulnerability scanning).

6. The process space is composed of (), (), (), (), ().

7. The stack has the characteristic that the last element pushed onto the stack will be the element popped off the stack (). Newly pushed elements will always be placed in the current(). Whenever you need to pop the stack, always take an element from the current ().

8. Common denial of service attack methods include (broadcast storm), (SYN flooding), (IP segmentation attack), (OoB attack), (distributed attack), (IIS upload attack), etc. .

9. Firewall is a (router) and a (computer) located between the intranet or Web site and the Internet.

10. Firewall includes: (Service Control), (Direction Control), (User Control), (Behavior Control), etc.

11. Firewall architecture: (simple packet filtering firewall), (stateful packet filtering firewall), (composite firewall).

12. Web is an open application system composed of three parts: (web server), (web browser), and (communication protocol).

13. Secure Sockets Layer Protocol (SSL) includes: (server authentication), (user authentication), (data integrity on the SSL link), (data confidentiality).

14. The security structure of the Web server includes: (Infrastructure Area), (Network Protocol Area), (Service Area), (Application Area), (Operating System Area).

15. There are currently four popular PKI trust models: (strict hierarchical structure model of certification authority), (distributed trust structure model), (web model), (user-centered trust model) ).

16. A typical PKI system should include (certificate issuing authority CA), (certificate registration authority RA), (certificate library), (key backup and recovery system), (certificate revocation processing system), (PKI-based applications), (Certificate Distribution System CDS) and other basic contents. Alternate answer: Certificate implementation statement CPS

17. In SSL, (symmetric cryptography), (public key cryptography), and (digital signature technology in public key cryptography) are used respectively.

18. Pushing and popping operations are implemented by () executing () and () instructions. Chapter 3 Section 2 P78

19. The server-side program of the Trojan horse can reside on the (target host) and run automatically in (background) mode.

20. According to the system structure, the detection system can be divided into: (), (), (). Chapter 3, Section 1, P70 (P68 3.1.5)

2. True or False Questions

1. Link encryption is encryption of the network layer. (Yes)

2. All identity authentication mechanisms must be two-way authentication. (True)

3. Characteristics or possessions of an entity can be used to exchange authentication. (Wrong)

4.UDP requests are not common port scanning technologies. (Wrong)

5. The scanner can only scan discovered vulnerabilities, and those undiscovered vulnerabilities cannot be found by the scanner. (Yes)

6. Buffer overflow is the result of copying a string that exceeds the buffer length to the buffer. A string that exceeds the buffer space overwrites the memory area adjacent to the buffer. (Yes)

7. Frequently checking the list of currently running programs, suspicious log files, and the working mode of the network card can prevent the network from being monitored. (Yes)

8. IP spoofing uses the IP address of a trusted server to launch an attack on the server. (Wrong)

9. The main intrusion detection methods include feature detection method, probability and statistical analysis method and expert knowledge base system. (Yes)

10. Static packet filtering determines and controls the address, port and other information of the packet on all communication layers.

(Yes)

11. SNAT is used to translate external network addresses and hide the structure of the internal network from the external network, making internal attacks more difficult; it can also save IP resources and help reduce costs. (False)

12. SSL has three sub-protocols: handshake protocol, recording protocol and alert protocol. (Yes)

13. The SSL/TLS protocol cannot be used to access web pages. (False)

14. Privilege Management Infrastructure (PMI) does not support full authorization services. (Yes)

15. The functions of CA include: certificate issuance, certificate update, certificate revocation and certificate verification. (Yes)

16. In the client software of the PKI authentication system, customers need to consider the expiration time of the certificate and update it manually in a timely manner. (Yes)

17. The main technologies of WAN VPN include link layer VPN, network layer VPN, session layer VPN, and application layer VPN technology. (Wrong)

18. The SSL record protocol includes provisions for the record header and record data format. (Yes)

19. According to the technical characteristics used by Firewall, it can be divided into three types: packet filtering technology Firewall, proxy technology Firewall and detection technology Firewall. (Yes)

20. The goal of IMS is to integrate multiple functions such as intrusion detection, vulnerability analysis, and intrusion prevention into one platform for unified management. (Yes)

21. When using the denial of service attack method, the attacker needs to obtain the operating permissions of the target host in order to attack the target host. (True)

22. If you find unusual programs, just delete them from the file. (Wrong)

23. Network-based scanners are used to detect other hosts. They detect vulnerabilities on other hosts through the network. (Yes)

24. Intrusion detection response is divided into active response and passive response. (Yes)

25. Authentication is mainly used to prove the identity of the operator when performing relevant operations. (Yes)

IV. Short answer questions

1. Briefly describe the five security requirements that a secure Web service needs to ensure.

Answer: Introduction As some key Web service standards have been formulated, more and more companies are adopting Web service technology for application development. Like other applications on the Internet, Web services also face security risks because information may be stolen, lost, and tampered with. Secure Web services are a necessary guarantee for application success. Therefore, the research on the security architecture of Web services has very practical significance. Secure Web services need to ensure the following five security requirements: ① Authentication: Provides guarantee of the identity of an entity (person or system); ② Authorization: Protects resources from illegal use and manipulation; ③ Confidentiality: Protection Information is not leaked or exposed to unauthorized entities; ④ Integrity: protects data to prevent unauthorized changes, deletions, or substitutions; ⑤ Non-repudiation: prevents a party participating in a communication exchange from later denying that this exchange has occurred . In response to the above five requirements, this paper proposes a Web service security architecture.

2. What are the characteristics that an ideal intrusion detection system should have?

Answer 1: An ideal intrusion detection system should have the following characteristics:

2) Reliability. A detection system should be transparent to administrators and be able to run correctly without human supervision. Only in this way can it run in the system environment being tested.

3) Fault tolerance. The detection system must have good fault tolerance. No matter what state the monitored system is in, the detection system itself must have integrity to ensure that the knowledge base system used for detection will not be interfered with and destroyed.

4) Availability. The overall performance of the detection system should not be subject to large fluctuations or serious degradation due to changes in system status.

5) Verifiability. Detection systems must allow administrators to monitor attacks in a timely manner.

6) Security. The detection system can protect its own security and has strong resistance to spoofing attacks.

7) Adaptability. The detection system can track changes in the system environment at any time and adjust detection strategies in a timely manner.

8) Flexibility. The detection system can customize different usage modes that are suitable for the defense mechanism according to the specific situation.

Answer 2: Able to monitor traffic in real time. Conduct in-depth inspection of the source and destination address of the traffic

Intercept illegal traffic and resist distributed attacks, ARP spoofing, DHCP spoofing and other common attacks.

3. Briefly describe the general functions of network monitoring software. Chapter 3 Section 2 P91

4. Briefly describe the function of access control. Chapter 3 Section 2 P47

5. Briefly describe the meaning of network security based on your own understanding. Chapter 1 Section 1 P4

Answer: Network security is essentially information security on the network.

Broadly speaking, all related technologies and theories involving the confidentiality, integrity, availability, authenticity and controllability of information on the network are the research fields of network security.

The purpose of network security is to ensure the smooth progress of users' businesses. Meeting users' business needs is the primary task of network security. Leaving this topic and talking about security technologies and products is tantamount to going in the wrong direction.

The specific meaning of network security will change with the change of "angle". For example: From the perspective of users (individuals, enterprises, etc.), they hope that information involving personal privacy or commercial interests will be protected by confidentiality, integrity and authenticity when transmitted on the network, so as to avoid other people or opponents from eavesdropping, Impersonation, tampering, denial and other means infringe on the interests and privacy of users, access and destroy it.

6. Contents of the integrity mechanism.

7. How the Hash algorithm works.

8. Briefly describe the management process of IMS technology.

9. What are the main functions implemented by Firewall.

10. Briefly describe the structure of the protocol stack of Web services.