Question

In: Computer Science

1) SSL is used to A) Encrypt specific elements of data for application-specific purposes. B) Encrypt...

1) SSL is used to

A) Encrypt specific elements of data for application-specific purposes.
B) Encrypt files located on a Web server.
C) Encrypt data as it travels over a network.
D) Encrypt digital certificates used to authenticate a Web site.
E) Encrypt passwords for storage in a database.

2) What kind of attacks does SSL prevent? Select the best answer. Explain.

A) SQL Injection.
B) Sniffing.
C) Variable Manipulation.
D) Phishing Attacks.

3) Which of the following are not methods for minimizing a threat to a Web server? Indicate the two best answers from the following list, and explain your choice:

A) Disable all non-Web services.
B) Ensure telnet is running.
C) Disable nonessential services.
D) Enable logging.

4) _________ provides secure, remote logon and other secure client/server facilities.

A) SLP
B) HTTPS
C) TLS
D) SSH

Solutions

Expert Solution

1) SSL is used to
Answer C)

A) Encrypt specific elements of data for application-specific purposes. - Encryption of data for application-specific purposes isn't served by SSL.
B) Encrypt files located on a Web server. - SSL don't provide facility for file encryption and hence files located on a Web server aren't encrypted with SSL.
C) Encrypt data as it travels over a network. - SSL or Secure Sockets Layer protocol is used for encryption of data as its tranferred over a network.
D) Encrypt digital certificates used to authenticate a Web site. - Digital certificate is used to verify the identity of a user, maybe sender or receiver. It provides identification / authentication, confidentiality, integrity, non-repudiation, and access control. SSL is not used for encryption of digital certificates.
E) Encrypt passwords for storage in a database. - Encryption of passwords for storage in a database is not done using SSL though transfer of secure information over web traffic can and should happen over some encryption like using SSL.

2) What kind of attacks does SSL prevent? Select the best answer. Explain.
Answer B)

A) SQL Injection. - SQL injection works by placement of malicious code in SQL statements, via web page input. Encryption by SSL won't prevent such attacks.
B) Sniffing. - SSL encrypts web traffic and especially prevents sniffing by any 3rd person/device.
C) Variable Manipulation. - Encryption by SSL again can't prevent any intended variable manipulation.
D) Phishing Attacks. - Phishing is a type of social engineering attack and occurs when an attacker masquerades as a trusted entity and dupes a victim. SSL can't prevent such attacks.

3) Which of the following are not methods for minimizing a threat to a Web server? Indicate the two best answers from the following list, and explain your choice:
Answer A) and B) - Do note question states "are NOT methods", hence option A) and B)

A) Disable all non-Web services. - Non-web services could include services which are essential for the system hosting the environment and as such option A) is not one of the best option.
B) Ensure telnet is running. - Telnet is insecure since it works with non-encrypted data and can be easily sniffed. So telnet should be disabled on a web server. So option B) is not a good method to secure a web server.

C) Disable nonessential services. - Non essential service basically imply all services which are no going to be used or non-required services from a web server perspective like say VNC service. All such services as decided by the web admin should be disabled. So option C) is a good choice.
D) Enable logging. - Logging is an essential component of any online facing platform or service especially a web server as it captures details pertaining to web site diagnostics and security. It should always be enabled for a web server and hence option D) is a good choice.

4) _________ provides secure, remote logon and other secure client/server facilities.
Answer D)

A) SLP - SLP or Service Level Protocol provides a way for clients to dynamically discover network services.
B) HTTPS - HTTPS or Hyper Text Transfer Protocol Secure is a protocol for securing the communication between two systems e.g. the browser and the web server.
C) TLS - TLS or Transport Layer Security (also SSL) is a security/cryptographic protocol that provides privacy and data integrity over Internet communications using encryption.
D) SSH - SSH or Secure Shell provides secure, remote logon and other secure client/server facilities.


Related Solutions

A, B:    Design and Implement a C# windows form application to encrypt and decrypt text....
A, B:    Design and Implement a C# windows form application to encrypt and decrypt text. The application use to receive a string and display another encrypted string. The application also decrypt the encrypted string. The approach for encryption/decryption is simple one i.e. to encrypt we will add 1 to each character, so that "hello" would become "ifmmp", and to decrypt we would subtract 1 from each character.    C:   Test and evaluate application by applying different strings.      ...
Many radioactive isotopes are used in medicine for imaging and treatment purposes. The specific isotopes used...
Many radioactive isotopes are used in medicine for imaging and treatment purposes. The specific isotopes used depends on the particular organ or body system being studied (for example, Xe-133 is used to image lung function and blood flow.) For thyroid imaging, isotopes of iodine are used, commonly I-123 and I-131, which have half-lives of 13.2 hours and 8.0 days, respectively. Why is iodine used for thyroid imaging (as opposed to any other element)? I-129 is an extremely rare isotope of...
1. A Client-side digital signature can be used to authenticate to a web server through SSL,...
1. A Client-side digital signature can be used to authenticate to a web server through SSL, but confidentiality can still be vulnerable to attack. Identify a type of attack to which the use of SSL is vulnerable and justify your answer. 2. Discuss the benefits of MPLS LSP (multiprotocol label switching label switched path) to support high availability of service with illustration of use for Push, Swap and Pop. 3. The manager wishes to access confidential company data while travelling...
Some medical radioisotopes – nuclides that produce specific forms of radiation used for medical purposes
Some medical radioisotopes – nuclides that produce specific forms of radiation used for medical purposes – are obtained as fission products from thermal-neutron-induced fission of 235U. A particularly important example is technetium-99 m, 99 mTc, which is a meta stable nuclide with a half-life of only 6 h. Research the production and uses of 99mTc: how can be 99mTc produced, separated, transported and used when it has such a short half-life? Why is this particular nuclide well-suited to its application?  ...
Describe an application of exploratory factor analysis that is specific to research industry or to data...
Describe an application of exploratory factor analysis that is specific to research industry or to data science. Explain why this technique is suitable in terms of measurement scale of variables and their roles.
What is the method used to depreciate for tax purposes a GAAP b MACRS c MACRO...
What is the method used to depreciate for tax purposes a GAAP b MACRS c MACRO d Pro Forma
1. There are a number of different vectors that are used for different purposes in research...
1. There are a number of different vectors that are used for different purposes in research and for biotechnolgy. Compare the use of a Ti plasmid in gnerating a transgenic plant with the use of a BAC in sequencing the human genome.
1. Who the Users of financial statement information are and the different purposes they are used...
1. Who the Users of financial statement information are and the different purposes they are used for.
1. "Pervasive" financial misstatements are those that are confined to specific elements of the financial statements...
1. "Pervasive" financial misstatements are those that are confined to specific elements of the financial statements and do not represent a significant or substantial proportion of them. a. True b. False 2. The strength or weakness of internal controls is a critical concern for auditors because they can have an effect on the reliability of financial information. a. true b. false 3. For public companies, if a significant financial event occurs after the end of the audit client's accounting year...
5. Commonly used elements for wire strain gauges are __________ a) nickel and copper b) nickel...
5. Commonly used elements for wire strain gauges are __________ a) nickel and copper b) nickel and gold c) gold and brass d) silver and aluminum 6. Proper functioning of a strain gauge depends on __________ a) strain b) stress c) bonding d) length of wire 7. Semiconductor gauges are more sensitive than metal gauges--------- (a)True (b) False 8. A capacitive transducer works on the principle of ________ a) inductance b) capacitance c) resistance d) reluctance 9. Capacitance can be...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT