China Youshi University (Beijing) Distance Education College

Review of Computer Network Application Basis

Reference textbook "Basic Course of Computer Network Security"

First, multiple choice questions

1. belongs to the characteristics of computer network security is (a)

A.b. Availability, controllability and selectivity

C. Authenticity, confidentiality and confidentiality D. Integrity, authenticity and controllability

2.PPDR model consists of four main parts: (c), protection, detection and response.

A. Security mechanism B. Identity authentication C. Security policy D. Encryption

3.ISO/OSI reference model * * * has layer (d).

a4 b . 5 c . 6d . 7

4. Does not belong to the common method of data stream encryption is (d)

A. Link encryption B. Node encryption C. End-to-end encryption D. Network encryption

5. The following options belong to the common form of identity authentication is (a)

A. dynamic password card B.IP card C. physical identification technology D. single factor authentication

6. Digital signature uses the public key encryption mechanism in (a).

A.PKI B.SSL C.TCP D.IDS

7.(B) The essential feature of this mechanism is that the signature can only be generated by using the private information of the signer.

A. Marking B. Signature C. Integrity D. Detection

8. Does not belong to the general process of intrusion detection is (c)

A. information collection B. information analysis C. information classification D. intrusion detection response

9. The (b) response of intrusion detection response can effectively control intruders and intrusion areas.

A. Passive B. Active C. Information D. Control

10. What does not belong to the common port scanning technology is (b)

A.TCP connection request B.TCP SZN request

C.IP segmentation request D.FTP reflection request

1 1. The host-based scanner runs on the detected (a).

A. Host B. Server C. Browser D. Monitor

12. Trojan Horse is a network application with (C) structure.

A.b/sb.webc.c/sd.server

13. Buffer overflow is realized by (a) in the system.

A. stack B. queue C. protocol D. port

14. The stack is the queue of (a).

A. LIFO method.

15. DOS is the network service that stops (D).

A. target server B. target browser C. target protocol D. target host

16. Under normal circumstances, establishing TCP connection requires three-way handshake process, that is, (c) packet exchange is required.

A. 1 B.2 C.3 D.4

17. The most effective way to deal with network monitoring is (b).

A. Decryption B. Encryption C. Scanning D. Detection

18.TCP serial number spoofing is realized by guessing the response serial number of the server through the (c) handshake process of TCP.

A. 1 B.2 C.3 D.4

19. The host-based intrusion detection system is used to prevent the intrusion of the node (D).

A. Multi-machine B. Network C. Symmetry D. Single machine

20. Most current firewalls are based on (c) technology.

A. adaptive processing B. encryption C. intrusion detection D.PKI

2 1. What does not belong to the firewall function is (c)

A. Barriers to network security B. Strengthening network security strategies

C, accelerate network access and access d, prevent internal information leakage.

22. At present, the firewall generally adopts (B)NAT.

A. unidirectional B. bidirectional C. multidirectional D. network

23. The packet filtering firewall works on the third floor.

A. physical B. session C. network D. transmission

24. The proxy firewall can find out the information flow of the user (D) layer by writing special software, and can provide access control between the user layer and the application protocol layer.

A. physics B. conversation C. network D. application

25. The proxy firewall works on (b), using proxy software to detect and judge the datagram, and finally decide whether it can pass through the firewall.

A. physics, application B. session, application C. network, session D. application, transmission

26. The web browser establishes a TCP/IP connection with the server through (a).

A. three-way handshake B. Four handshakes C. Three waves D. Four waves

27.SSL provides a data security socket layer protocol mechanism between (d).

A. physics, application B. session, application C. network, session D. application, transmission

28.SSL handshake protocol connection requires (d) keys.

A. 1 B.2 C.3 D.4

29. What does not belong to the tunnel protocol used by VPDN is (D).

A. Layer 2 forwarding protocol B. Point-to-point tunneling protocol

C. Layer 2 tunneling protocol D. Network-to-network communication protocol

30. The basic PKI system does not include which of the following (b)

A.cab.ba

C. Said ·KCA

3 1. Public key infrastructure is based on (c) encryption technology.

A. Symmetry B. Asymmetry C. Convention D. Numbers

32. What does not belong to the basic security service that PKI can provide for users is (D)

A. Authentication services B. Data integrity services

C. Data confidentiality service D. Fair service

E. undeniable service

33. At present, the protocols that use PKI technology to protect e-mail security mainly include (B) and S/MIME protocol.

A.BGB BSB

34. (a) refers to the virtual private network.

A.WPN WSN VSN

35.(D) Encryption technology is used to initialize SSL connections.

A. intrusion B. detection C. digital D. public key

36.IMS is (c) system.

A. Intrusion detection system B. Automatic encryption system

C.d. network security system

37. Identity authentication mechanism generally includes three elements: (b), authorization and audit.

A. Login B. Authentication C. Detection D. Verification

38. Does not belong to the three mechanisms of network security is (c).

A. Encryption mechanism B. Control mechanism C. Supervision mechanism D. Detection mechanism

39. Belong to the data encryption commonly used encryption technology is ().

A. symmetric encryption B. peer-to-peer encryption C. non-peer encryption D. digital encryption

40. According to the detection principle, detection systems can be divided into three categories. The following option is incorrect ().

A. anomaly detection B. abuse monitoring C. mixed detection D. intrusion detection

Fill in the blanks

1. There are three main threats to computer network security: (hardware threat), (software threat) and (data threat).

2. Network security = before (inspection)+during (protection), (monitoring), (control)+after (evidence collection).

3.TBAC model is generally represented by five elements (S, O, P, L, AS), in which S represents (subject), O represents (object), P represents (authority), L represents (lifetime) and AS represents (authorization step).

4.RSA signature uses (encryption) key algorithm to generate a pair of (key) and (public key).

5. There are three common scanning methods: utilization (network command), port scanning and vulnerability scanning.

6. The process space consists of (), (), (), () and ().

7. The characteristic of the stack is that the last element put on the stack will be the element that () pops up. The newly stacked elements will always be placed in the current (). Whenever you need to exit the stack, always get an element from the current ().

8. Common denial of service attack methods include (broadcast storm), (SYN flooding), (IP segmentation attack), (OoB attack), (distributed attack), (IIS upload attack) and so on.

9. The firewall is a (router) and a (computer), which is located between the intranet or website and the Internet.

10. Firewalls include: (service control), (direction control), (user control), (behavior control) and so on.

1 1. Firewall architecture: (simple packet filtering firewall), (state packet filtering firewall), (composite firewall).

12.web is an open application system consisting of (web server), (web browser) and (communication protocol).

13. Secure Sockets Layer Protocol (SSL) includes: (server authentication), (user authentication), (data integrity on SSL link) and (data confidentiality).

14. The security structure of the Web server includes: (infrastructure area), (network protocol area), (service area), (application area) and (operating system area).

15. At present, there are four popular PKI trust models: (strict hierarchy model of certification authority), (distributed trust structure model), (web model) and (user-centered trust model).

16. A typical PKI system should include (certificate issuing authority CA), (certificate registration authority RA), (certificate repository), (key backup and recovery system), (certificate revocation processing system), (PKI-based application), (certificate distribution system CDS) and other basic contents. Alternative answer: Certificate Implementation Statement CPS

17. In SSL, (symmetric cryptosystem), (public key cryptosystem) and (digital signature technology in public key cryptosystem) are adopted respectively.

18. Stacking and pop-up operations are realized by () executing () and () instructions. The third chapter in the second quarter P78

19. Trojan server-side programs can reside on (target host) and run automatically in (background) mode.

20. According to the architecture, the detection system can be divided into (), () and (). P70 Chapter III Section 1 (P68 3. 1.5)

Second, the judgment question

1. Link encryption encrypts the network layer. (right)

2. All authentication mechanisms must be two-way authentication. (right)

3. Features or possessions of user entities can be used for exchange authentication. (error)

4.UDP request does not belong to the commonly used port scanning technology. (error)

5. The scanner can only scan the discovered vulnerabilities, and those that have not been discovered cannot be discovered by the scanner. (right)

6. Buffer overflow is the result of copying a string that exceeds the length of the buffer to the buffer. A string that exceeds the buffer space will overwrite the memory area adjacent to the buffer. (right)

7. Regularly check the list of currently running programs, suspicious log files and network card working mode to prevent the network from being monitored. (right)

8.IP spoofing uses the IP address of a trusted server to attack the server. (error)

9. The main intrusion detection methods are feature detection, probability statistical analysis and expert knowledge base system. (right)

10. Static packet filtering determines and controls the address, port and other information of packets on all communication layers. (right)

1 1.SNAT is used to convert the address of the external network, which hides the structure of the internal network from the external network and increases the difficulty of attacking the internal network. And IP resources can be saved, which is beneficial to reducing the cost. (error)

12.SSL has three sub-protocols: handshake protocol, recording protocol and alarm protocol. (right)

13.SSL/TLS protocol cannot be used to access web pages. (error)

14. Privileged Management Infrastructure (PMI) does not support fully authorized services. (right)

15 function. Certificate issuance, certificate renewal, certificate revocation and certificate verification. (right)

In the client software of 16. In PKI authentication system, customers need to consider the expiration time of certificates and update them manually in time. (right)

17. The main technologies of WAN VPN include link layer VPN, network layer VPN, session layer VPN and application layer VPN. (error)

18.SSL recording protocol includes the provisions of recording header and recording data format. (right)

19. According to the technical characteristics adopted by firewalls, they can be divided into three types: packet filtering firewall, proxy firewall and detection firewall. (right)

20. The goal of IMS is to integrate multiple functions such as intrusion detection, vulnerability analysis and intrusion prevention into one platform for unified management. (right)

2 1. When using the denial-of-service attack method, the attacker needs the operation permission of the target host to attack the target host. (right)

22. If an abnormal program is found, it will be deleted from the file. (error)

23. Network-based scanners are used to detect other hosts. It detects vulnerabilities on other hosts through the network. (right)

24. Intrusion detection response can be divided into active response and passive response. (right)

25. Authentication is mainly used to prove the identity of the operator when performing related operations. (right)

Fourth, short answer questions

1. Briefly describe five security requirements that a secure Web service needs to ensure.

A: With the development of some key Web service standards, more and more enterprises adopt Web service technology for application development. Like other applications on the Internet, Web services also face security risks, because information may be stolen, lost and tampered with. Secure Web service is a necessary guarantee for successful application. Therefore, it is of great practical significance to study the security architecture of Web services. A secure Web service needs to ensure the following five security requirements: ① authentication: providing the guarantee for the identity of an entity (person or system); (2) Authorization: to protect resources from illegal use and manipulation; (3) confidentiality: protect information from being leaked or exposed to unauthorized entities; ④ Integrity: protect data from unauthorized change, deletion or replacement; ⑤ Non-repudiation: prevent the party involved in the communication exchange from denying that this exchange ever happened afterwards. Aiming at the above five requirements, this paper proposes a Web service security architecture.

2. What are the characteristics of an ideal intrusion detection system?

Answer 1: An ideal intrusion detection system should have the following characteristics:

1) accuracy. The detection system should not misreport or miss the detected attacks.

2) Reliability. The detection system should be transparent to the administrator and can operate correctly without supervision. Only in this way can it run in the detected system environment.

3) Fault tolerance. The detection system must have good fault tolerance. No matter what state the monitored system is in, the detection system itself must be complete to ensure that the knowledge base system used for detection will not be disturbed and destroyed.

4) usability. The overall performance of the detection system should not fluctuate greatly or be seriously reduced due to the change of system state.

5) Verifiability. The detection system must allow administrators to monitor attacks in time.

6) security. The detection system can protect its own security and has a strong ability to resist cheating attacks.

7) adaptability. The detection system can track the changes of the system environment at any time and adjust the detection strategy in time.

8) flexibility. The detection system can customize different usage modes according to the specific situation and adapt to the defense mechanism.

Answer 2: Traffic can be monitored in real time. And deeply detect the source address and destination address of the traffic.

Intercept illegal traffic and resist common attacks such as distributed attacks, ARP spoofing and DHCP spoofing.

3. Briefly describe the general functions of network monitoring software. The third chapter in the second quarter P9 1

4. Briefly describe the function of access control. Chapter III Section II P47

5. Briefly describe the meaning of network security according to your own understanding. The first chapter in the first quarter P4

A: Network security is essentially information security on the network. Broadly speaking, all technologies and theories related to the confidentiality, integrity, availability, authenticity and controllability of information on the network are the research fields of network security.

The purpose of network security is to ensure the smooth progress of users' business, and meeting users' business needs is the primary task of network security. Without this theme, it is tantamount to talking about safety technology and products.

The specific meaning of network security will change with the change of "angle". For example, from the perspective of users (individuals, enterprises, etc.). ), they hope that information related to personal privacy or business interests will be protected by confidentiality, integrity and authenticity when transmitted on the network, so as to prevent others or opponents from using eavesdropping, impersonation, tampering, denial and other means to infringe on users' interests and privacy and access and destroy them.

6. The content of credit mechanism.

7. how to 7. Hash algorithm is valid.

8. Briefly describe the management process of IMS technology.

9. What are the main functions of a firewall?

10. Briefly describe the structure of Web service protocol stack.