INFA 640 Homework 2
Choose the best answer (one) and give reason in a few sentences for your choice or not choosing others. Please give a reference. To get full credit the reason should be in your own words, not a copy from any reference. Without reason in your own words you will not get full credit. The questions 1 thru 7 weigh 5 pts each. The eighth Question carries 15 pts. Please name your file as [lastname firstname INFA640_ HW2] Due last day of the session Sunday 11:59 PM . pg. 1
1) If an attacker has a copy of the cipher text and its content yields no information at all with regard to the plain text message, the text is considered _____________.
a) cipher perfect
b) third-eye blind
c) perfectly secure
d) third-party secure
Reason:
2) Which is not a weakness of a shift cipher? _________________________
a) Once you have the code book you can decode the message.
b) Natural language letter frequency makes them easy to decode.
c) The number of letters in the alphabet makes them easy to decode.
d) Once the shift is determined the message is decoded almost instantly.
Reason:
3) Quantum cryptography is based on the physics of light. True/False,
Reason with details:
4) Claude Shannon presented the encryption design principles of _________________.
a) multiplication and factoring
b) exponentiation and Logarithms
c) confusion and diffusion
d) perplexion and reflection
Reason with how and why it helps encryption:
5) Two numbers are said to be congruent if _____________________.
a) one is a multiple of the other
b) they produce the same remainder after modulo division
c) they have the same prime number as a factor
d) they are quotients of the same number
Reason:
6) A good hash function creates _________ mapping between the source string and the output string.
a) complex
b) as many as needed
c) divisional
d) one to one
Reason why it is good:
7) A number is relatively prime to another if they _____________.
a) have only each other as factors
b) have no prime factors in common
c) only have one prime factor in common
d) are both divisible by 7
Reason :
8) (15 pts) The following is a ciphertext:
a) U GIRJ CFJ SWAY. SWAY UR JQW GUCB-TUDDWY. SWAY UR JQW DUJJDW-BWAJQ JQAJ LYUCPR JFJAD FLDUJWYAJUFC. U NUDD SAKW GM SWAY. U NUDD EWYGUJ UJ JF EARR FOWY GW ACB JQYFIPQ GW. ACB NQWC UJ QAR PFCW EARJ U NUDD JIYC JQW UCCWY WMW JF RWW UJR EAJQ. NQWYW JQW SWAY QAR PFCW JQWYW NUDD LW CFJQUCP. FCDM U NUDD YWGAUC – SYACT QWYLWY
b) What kind of cipher text is this? Mono- or Poly alphabetic; Hint: assume one and when that does not work look for the other
c) Describe your cryptanalysis process. Show all the steps you went through to decrypt the message. The steps should be in sufficient details so that a reader would be able to decrypt the encrypted text without needing any help from you.
d) State the plain text message.
e) List features of the cipher- text that hindered and helped your decryption process. mention of helpful and hindering features
Note:.
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
INFA 640 Homework 2 Choose the best answer (one) and give re.docx
1. INFA 640 Homework 2
Choose the best answer (one) and give reason in a few sentences
for your choice or not choosing others. Please give a reference.
To get full credit the reason should be in your own words, not a
copy from any reference. Without reason in your own words you
will not get full credit. The questions 1 thru 7 weigh 5 pts each.
The eighth Question carries 15 pts. Please name your file as
[lastname firstname INFA640_ HW2] Due last day of the
session Sunday 11:59 PM .
pg. 1
1) If an attacker has a copy of the cipher text and its content
yields no information at all with regard to the plain text
message, the text is considered _____________.
a) cipher perfect
b) third-eye blind
c) perfectly secure
d) third-party secure
Reason:
2) Which is not a weakness of a shift cipher?
_________________________
a) Once you have the code book you can decode the message.
b) Natural language letter frequency makes them easy to
decode.
c) The number of letters in the alphabet makes them easy to
decode.
d) Once the shift is determined the message is decoded almost
instantly.
Reason:
3) Quantum cryptography is based on the physics of light.
True/False,
Reason with details:
2. 4) Claude Shannon presented the encryption design principles of
_________________.
a) multiplication and factoring
b) exponentiation and Logarithms
c) confusion and diffusion
d) perplexion and reflection
Reason with how and why it helps encryption:
5) Two numbers are said to be congruent if
_____________________.
a) one is a multiple of the other
b) they produce the same remainder after modulo division
c) they have the same prime number as a factor
d) they are quotients of the same number
Reason:
6) A good hash function creates _________ mapping between
the source string and the output string.
a) complex
b) as many as needed
c) divisional
d) one to one
Reason why it is good:
7) A number is relatively prime to another if they
_____________.
a) have only each other as factors
b) have no prime factors in common
c) only have one prime factor in common
d) are both divisible by 7
Reason :
8) (15 pts) The following is a ciphertext:
a) U GIRJ CFJ SWAY. SWAY UR JQW GUCB-TUDDWY.
SWAY UR JQW DUJJDW-BWAJQ JQAJ LYUCPR JFJAD
FLDUJWYAJUFC. U NUDD SAKW GM SWAY. U NUDD
EWYGUJ UJ JF EARR FOWY GW ACB JQYFIPQ GW. ACB
NQWC UJ QAR PFCW EARJ U NUDD JIYC JQW UCCWY
WMW JF RWW UJR EAJQ. NQWYW JQW SWAY QAR PFCW
3. JQWYW NUDD LW CFJQUCP. FCDM U NUDD YWGAUC –
SYACT QWYLWY
b) What kind of cipher text is this? Mono- or Poly alphabetic;
Hint: assume one and when that does not work look for the
other
c) Describe your cryptanalysis process. Show all the steps you
went through to decrypt the message. The steps should be in
sufficient details so that a reader would be able to decrypt the
encrypted text without needing any help from you.
d) State the plain text message.
e) List features of the cipher- text that hindered and helped your
decryption process. mention of helpful and hindering features
Note: Only a decrypted message even if it is correct without the
methodology and the detailed description of the self-
explanatory steps used to decrypt, would not get points.
Last Name First Name
Page | 4
INFA 630- Cryptography and Data Protection
Midterm Exam Spring 2017 Due on Sunday 11:59 EST
INFA 630
Intrusion Detection and Intrusion PreventionMidterm Exam
Instructions
4. · You are to take this test during the week (with late submission
on Monday; a maximum of 15% penalty). The test is due no
later than 11:59 p.m. Eastern Daylight Time on Sunday. Work
alone. You may not confer with other class members, or anyone
else, directly or by e-mail or otherwise, regarding the questions,
issues, or your answers. You may use your notes, textbooks,
other published materials, and the Internet.
· The test scored on the basis of 100 points for the test. The
exam is intended to assess your understanding of key concepts
in the course, NOT your ability to look up concepts on the
internet. Make sure answers are stated in your own words, and
where applicable provide your own examples, rather than
repeating the ones used in the course materials.
· When composing your answers, be thorough. Do not simply
examine one alternative if two or more alternatives exist. The
more complete your answer, the higher your score will be. Be
sure to identify any assumptions you are making in developing
your answers, and describe how your answer would change if
the assumptions were different. For multiple choice question if
you think there are more than one correct answers choose the
best one and justify your answers
· While composing your answers, be VERY careful to cite your
sources. Remember, failure to cite sources constitutes an
academic integrity violation. Use APA style for citations and
references. References are not required for Part I, & II.
However, for Part III and IV please give references.
· Your answers should be contained in a Microsoft Word, RTF,
or compatible format document uploaded to the Assignments
folder. If you use some other word processor, please make sure
the numbering does not change. I may return files (ungraded) in
any other format if I cannot open them in one try. I may check
your part IV answers with Turnitin.
5. · Please be sure to put your name in the header on every page
including page #’s. Replace “Last Name” with your last name
and so on. Name your file “ Lastname first nameINFA630
Midterm”
· General or logistical questions about the exam or these
instructions should be posted in the Q&A Conference. Please
submit specific or detailed questions regarding the exam to your
instructor at [email protected]. If questions submitted via email
are applicable to all, your instructor, with your permission, may
post them in the LEO Q&A Conference area, without revealing
their source.
Exam Questions
Part 1: True or False Questions. (10 questions at 2 point each)
provide one or two sentences justification/explanation. Without
justification you will not get full points.
1. T F
Anomaly-based intrusion detection systems generate alerts
based on deviations from “normal” traffic. Answer: _____
2. T F
A host-based IDS only monitors network traffic destined for a
particular computer. Answer: ____
3. T F
When discussing IDS and IPS, a signature is a digital certificate
used to identify the author of a rule. Answer: _____
4. T F To comply with network communication standards,
software running on Internet hosts must implement both IP and
ICMP protocols. Answer: _____
5. T F Signature-based intrusion detection can identify
previously unknown attacks. Answer: _____
6. T F
The primary difference between network-based IDS and IPS is
that an IPS responds to suspected attacks by blocking network
traffic, while an IDS only provides notification that suspicious
traffic is observed. Answer: _____
7. T F
6. Snort requires the use of at least one preprocessor to be able to
analyze patterns in network traffic spanning multiple packets.
Answer: _____
8. T F
Snort generates an alert as soon as a detection rule is matched.
Answer: _____
9. T F
A network-based IDS that scans packet traffic to try to match
known attack patterns is called a signature-based NIDS.
Answer: _____
10. T F
An in-line IDS must have the processing power to handle traffic
at least as fast as the bandwidth of the network it monitors, or it
will lose packets and potentially fail to notify on packets
matching alert rules. Answer: _____
Part 2: Multiple Choice Questions. Print the correct answer in
the blank following the question. With justification for the
correct answer or reasons for others being not correct.(5
questions at 3 points each)
1. Which of the following is an advantage of anomaly-based
detection?
a. Rules are easy to define
b. The data it produces can be easily analyzed
c. It can detect “zero-day” or previously unknown attacks
d. Malicious activity that falls within normal usage patterns is
detected
e. Rules developed at one site can be shared with many other
users
Answer(s): ____
2. Most commercial IDSes generate alerts based on signatures at
the network layer and what other OSI model layer?
a. Application layer
b. Presentation layer
c. Data-link layer
7. d. Transport layer
e. Session layerAnswer(s): _____
3. Potentially troubling causes for network traffic with out-of-
order packet arrival include all of the following EXCEPT?
a. The network route for inbound packets is different than the
outbound route
b. The packets were routed through a network that uses small
packet size
c. The packets have been altered in transit before arriving
d. The packets sent from the source were split across multiple
interfaces
e. None of the above
Answer(s): _____
4. Which is/are true for intrusion protection systems (IPSes)?
a. An IPS detects network attacks and issues alerts
b. An IPS responds to network attacks by blocking traffic and
resetting connections
c. An IPS sits inline and monitors traffic
d. a and b only
e. a, b, and c
Answer(s): _____
5. Which of the following is a limitation of Snort?
a. Cannot centrally monitor sensors running on different OSes
b. Cannot protect against insider threats
c. Cannot inspect encrypted traffic for attack signatures
d. Cannot scale effectively to protect a large network
e. All of the above
Answer(s): _____
8. Part 3: Short Answers. Please answer briefly and completely,
and cite all sources of information. (5 questions at 9 points
each)
1. Compare and contrast signature-based and anomaly-based
intrusion detection systems. In your analysis, describe at least
three ways in which the two types of IDS are similar, and at
least three ways in which they differ.
2. Identify and briefly describe the two primary approaches to
writing signatures for network-based IDS tools. Is one
technique preferred over the other? Explain why.
3. Describe what a pre-processor does in a network-based IDS
tool such as Snort. Demonstrate your understanding of this
functionality by citing two examples of pre-processors and
explaining what they contribute to the process of network traffic
analysis and intrusion detection.
4. If an attacker knew a network-based IDS was running in a
targeted environment, how might the attacker try to evade
detection? Provide at least two examples of IDS evasion
techniques that might be used by an attacker, and suggest a
remedy or defense against the techniques you cite.
5. Describe how host-based intrusion detection works, briefly
contrasting it with network-based intrusion detection. Explain
three types of threats against which HIDS is particularly
effective.
Part 4: IDS Placement. (20 points) Please refer to the
accompanying network diagram as you consider and respond to
the following:
Global Corporation, Inc. (GCI) is a fictional company providing
business services to a variety of clients across many industries,
including commercial and government entities. GCI recently
finished construction of a new corporate headquarters, which
includes the network infrastructure for primary company
operations. You are a security analyst specializing in intrusion
detection brought in by GCI to help determine the most
appropriate kinds of IDS to use and most effective IDS
placements to protect their network.
9. GCI’s network uses a conventional three-zone architecture:
devices exposed to the Internet are part of an un-trusted outer
zone; Internet-accessible services such as the company website
and email are in a demilitarized zone; and major systems and
servers supporting both Internet-facing and internal applications
as well as internal computing resources such as the corporate
LAN are in a trusted zone. Each of these zones is segmented
from the others using hardware-based firewalls; the corporate
databases are further protected behind their own dedicated
firewall. GCI allows employees remote access to the corporate
LAN using either VPN or dial-up connections.
Identify the locations throughout the GCI network where you
would recommend IDS to be deployed. Each of the components
in the accompanying GCI-HQ Network diagram is lettered to
simplify your references to the diagram. For network
connections between devices and layers, you may assume for
the purposes of this exercise that all components in a given zone
share the same network segment. For each placement, you
recommend, please note the type of IDS to be deployed and any
specific considerations that should be taken into account to
ensure the effective monitoring of the location.
Page 4 of 5