2018S CMPE209 sample final

San José State University
Computer Engineering
CMPE 209 Sample FINAL
May 14, 2018
Name :
ID :
1) Duration is 2 hour 15 mins..
2) Closed books and closed notes.
3) no cell phones, computers or calculators.
Question 1 (4*5 = 20 pts) Indicate whether the statement is true or false.
____ 1. One advantage of a packet filtering firewall is its simplicity.
____ 2. One means of forming a MAC is to combine a cryptographic hash function in some fashion
with a secret key.
____ 3. It must be relatively difficult to recognize and verify the digital signature.
____ 4. Because certificates are forgeable they cannot be placed in a directory without the need for
the directory to make special efforts to protect them.
____ 5. The operating system cannot enforce access-control policies based on user identity.
Question 2 (4*5 = 20 pts)
Multiple Choice
1. Authentication applied to all of the packet except for the IP header is _________ .
A) tunnel mode
C) association mode
B) transport mode
D) security mode
The _________ prevents duplicate passwords from being visible in the password file.
If two users choose the same password, those passwords will be assigned at different times.
A) honeypot
B) salt
C) audit record D) rule based intrusion detection
A _________ firewall applies a set of rules to each incoming and outgoing IP packet
and then forwards or discards the packet.
A) host-based
C) distributed
B) packet filtering
D) stateful inspection
4. _________ is organized as three protocols that typically run on top of TCP for secure
network communications and are designed to be relatively simple and inexpensive to implement.
Kerberos relies exclusively on __________ .
A) symmetric encryption
C) private key encryption
B) asymmetric encryption
D) public key encryption
Question 3, (4*5 = 20 pts)
Complete each statement.
1. A _________ forms a barrier through which the traffic going in each direction must pass and
dictates which traffic is authorized to pass.
2. A _________ is defined as the set of hardware, software, people, policies, and procedures
needed to create, manage, store, distribute, and revoke digital certificates based on
asymmetric cryptography.
3. __________
mode is used when one or both ends of an SA are a security gateway, such as
a firewall or router that implements IPsec.
4. A message authentication code is also known as a HMAC
__________ hash function.
Denial of service
5. A __________ attack occurs when an attacker continually bombards a wireless access point
or some other accessible wireless port with various protocol messages designed to
consume system resources.
Question 4, (20+ 2*10 = 40 points)
1. Let Bob chooses 7 and 11 as p and q and calculates n = 7 · 11 = 77; picks e = 13 and
releases his RSA public key as <n, e> = < 77, 13>.
Assume Alice gets Bob’s public key and encrypts a message M by
M13 mod n = 26
and sends 26 to Bob. Find message M? (i.e. find Bob’s private key and decrypt 26).
2. What purpose does the MAC serve during the change cipher spec SSL exchange?
3. Draw and explain the man-in-the-middle attack?