Question 1

Unlike traditional publishing environments, the Internet is three- way and vulnerable to attacks on the Web servers.

Accepted Answer

False

Question 2

Sessions are used to avoid the expensive negotiation of new security parameters for each connection that shares security parameters.

Accepted Answer

Sessions are used to maintain security parameters across multiple connections, avoiding the need for expensive renegotiation of these parameters for each new connection. This improves efficiency and performance in secure communication protocols.

Question 3

The Change Cipher Spec Protocol is one of the three SSL-specific protocols that use the SSL Record Protocol.

Accepted Answer

The Change Cipher Spec Protocol is indeed one of the three SSL-specific protocols that use the SSL Record Protocol, along with the Handshake Protocol and the Alert Protocol.

Question 4

One way to classify Web security threats is in terms of the location of the threat: Web server, Web browser, and network traffic between browser and server.

Accepted Answer

This statement is true. Web security threats can be categorized based on where the threat is originating from - the Web server, Web browser, or the network traffic between the browser and server. This classification helps in identifying and addressing specific vulnerabilities and risks associated with each location.

Question 5

The TLS Record Format is the same as that of the SSL Record Format.

Accepted Answer

The TLS Record Format is indeed the same as that of the SSL Record Format as TLS is the successor of SSL and the record format was carried forward from SSL to TLS.

Question 6

The shared master secret is a one-time 48-byte value generated for a session by means of secure key exchange.

Accepted Answer

The shared master secret is a one-time 48-byte value that is generated for a session to establish a secure connection between two endpoints through secure key exchange protocols such as Diffie-Hellman key exchange.

Question 7

The _________ Protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm along with cryptographic keys to be used to protect data sent in an SSL Record.

Accepted Answer

The answer of The _________ Protocol allows the server and...

Question 8

The first element of the CipherSuite parameter is the key exchange method.

Accepted Answer

The first element of the CipherSuite parameter specifies the key exchange method.

Question 9

Server authentication occurs at the transport layer, based on the server possessing a public/private key pair.

Accepted Answer

Server authentication typically involves the use of SSL/TLS protocols at the transport layer, where the server proves its identity to the client using a digital certificate containing a public key, the matching private key of which is securely held by the server.

Question 10

The encryption of the compressed message plus the MAC must increase the content length by more than 1024 bytes.

Accepted Answer

The increase in content length due to encryption and MAC (Message Authentication Code) depends on the encryption algorithm, mode of operation, compression efficiency, and the size of the MAC itself. It is not necessarily true that it will increase by more than 1024 bytes; this value can be significantly less depending on the specific parameters and methods used.

Question 11

The _________ takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment.

Accepted Answer

The answer of The _________ takes an application message to...

Question 12

The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets.

Accepted Answer

The World Wide Web is a client/server application that runs over the Internet and TCP/IP intranets.

Question 13

__________ provides security services between Transport Layer Protocol and applications that use TCP.

Accepted Answer

The answer of __________ provides security services between Transport Layer...

Question 14

The certificate message is required for any agreed on key exchange method except fixed Diffie-Hellman.

Accepted Answer

The certificate message is not required for some key exchange methods, such as anonymous Diffie-Hellman, where certificates are not used to authenticate the parties.

Question 15

The SSL Record Protocol is used before any application data is transmitted.

Accepted Answer

The answer of The SSL Record Protocol is used before...

Question 16

Phase 3 completes the setting up of a secure connection of the Handshake Protocol.

Accepted Answer

The answer of Phase 3 completes the setting up of...

Question 17

Microsoft Explorer originated SSL.

Accepted Answer

SSL (Secure Sockets Layer) was originally developed by Netscape Communications Corporation, not Microsoft.

Question 18

__________ provides confidentiality using symmetric encryption and message integrity using a message authentication code.

Accepted Answer

The answer of __________ provides confidentiality using symmetric encryption and...

Question 19

ISSl/TLS includes protocol mechanisms to enable two TCP users to determine the security mechanisms and services they will use.

Accepted Answer

Yes, ISSl/TLS includes protocol mechanisms to enable two TCP users to determine the security mechanisms and services they will use.

Question 20

_________ attacks include eavesdropping on network traffic between browser and server and gaining access to information on a Web site that is supposed to be restricted.

Accepted Answer

The answer of _________ attacks include eavesdropping on network traffic...

Quiz 6: Transport-Level Security