a. Freshness feature
b. Algorithm independence feature
c. Syntax compatibility feature
d. Recursive feature
66. d. In the recursive feature, the message is parsed one protection at a time until it yields a standard HTTP content type. Here, protections are applied in layers, one layer after another to achieve higher levels of protection. S-HTTP uses a simple challenge-response to ensure that data being returned to the server is “fresh.” Algorithm independence means new cryptographic methods can be easily implemented. Syntax compatibility means that the standard HTTP messages are syntactically the same as secure HTTP messages.
67. The Secure Sockets Layer (SSL) transport protocol provides all the following services except:
a. Mutual authentication
b. Message privacy
c. Message integrity
d. Mutual handshake
67. d. The Secure Sockets Layer (SSL) is an open and nonproprietary protocol that provides services such as mutual authentication, message privacy, and message integrity. Mutual handshake is not done by SSL.
68. Which of the following can be used with traffic padding security mechanisms?
a. Passwords
b. Smart tokens
c. Encryption
d. Memory tokens
68. c. Traffic padding is a function that generates a continuous stream of random data or ciphertext. True data is mixed with extraneous data thus making it difficult to deduce the amount of traffic, that is, traffic analysis. Encryption is good with traffic padding because it can disguise the true data very well and requires a key to decipher the encrypted data.
Passwords are incorrect because they are most often associated with user authentication, not with traffic padding. Smart tokens and memory tokens are incorrect because they are also used to authenticate users. Memory tokens store, but do not process, information, whereas smart tokens both store and process information.
69. Effective controls to ensure data integrity of messages does not include:
a. Encryption algorithms
b. Hashing algorithms
c. File seals
d. File labels
69. d. File labels are used in computer job runs to process application systems data to ensure that the right file is used. Encryption algorithms, due to their encryption and decryption mechanisms and by keeping the encryption keys secure, provide integrity to the message transmitted or stored. Hashing algorithms are a form of authentication that provides data integrity. File seal is adding a separate signature to software and partly works with virus checking software. When the file seal and virus checking software signatures do not match, it is an indication that data integrity has been compromised.
70. During the design of data communication networks, a functional capability of providing link encryption and end-to-end encryption is addressed by which of the following?
a. Administrative control
b. Access control
c. Cost control
d. Technical control
70. b. Functional capabilities can be placed inside network components to control access and protect information from misuse. Automated access control systems can require users and systems to log on to a network by identifying themselves and providing an automated password or similar control. Link and end-to-end encryption devices can protect information from misuse during transmission over a circuit or through a network. Link encryption is the application of online crypto-operation to a link of a communications system so that all information passing over the link is encrypted in its entirety. End-to-end encryption is the encryption of information at its origin and decryption at its intended destination without any intermediate decryption.
Administrative control is incorrect because it deals with handling the paperwork associated with operating a network. The scope includes receiving requests for service from prospective users, notifying operations personnel of dates that devices should be connected and disconnected, maintaining a directory of network users and services, authorizing users to access the network and, issuing passwords.
Cost control is incorrect because it deals with cost recovery and avoidance. It includes price setting for network services and billing the users. The price of network services is often a function of the volume of information exchanged, the duration of usage, the distance between parties, and the time of day of usage.
