final2005

final2005 - 1.264 Final Exam Solutions Fall, 2005 Name: _...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 of 9 1.264 Final Exam Solutions Fall, 2005 Name: ______________________________________________ Exam guidelines: 1. 3 hours are allowed to complete the exam. 2. Open notes, open book. 3. No laptop computers or calculators are allowed. You have some arithmetic to do by hand in one question. You may approximate to within 20%. 4. No cell phones or messaging devices are allowed. Please turn off any that you have brought. 5. Short answer questions: Your answers are limited to a maximum of 2-4 sentences or phrases. Demonstrate that you understand the principles and key points. You will receive full credit for an answer if you make the principal observation(s) that the question is asking for. Details are not necessary.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 of 9 1. Security (20 points) In public key encryption, a digital certificate is stored on computers that must communicate securely. You are in charge of security for a transportation or supply chain application to manage purchases of retail items from suppliers. It was bought from a third party vendor and configured for your company’s or agency’s use. You decide to use SSL to protect the network connections between your computers and those of the merchandise vendors. You use a variety of other measures to protect the clients and servers in the system. (If you’re an MST student, imagine this is a system in which you purchase spare parts for bus and rail vehicles from a variety of vendors, similar to the aircraft parts vendors.) For the SSL portion of security, you make a presentation to your management and they ask you a series of questions as you go along. Please answer them below: a. Does the certificate contain the computer’s public key? If not, where is the public key kept? Suggest a good place if it is not in the certificate. Yes. It is sent to other computers that send secure information to this computer. b. Does the certificate contain the computer’s private key? If not, where is the private key kept? Suggest a good place if it is not in the certificate. No. The private key is not in the certificate, since the certificate is sent to other computers ‘in the clear’. The private key can be kept in an encrypted file on your computer, protected by a password (your Windows password on Internet Explorer and by browser-specific passwords for other browsers). c. Must the certificate be protected from attackers? No. It is sent on request to any computer that requests it. d. How is the private key protected from attackers? Through a password, as mentioned above. e. If a public key is obtained by an attacker, what is the risk? What measures should be taken to eliminate the risk if the public key is thought to be compromised? No risk; no measures needed. f. If a private key is obtained by an attacker, what is the risk?
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 9

final2005 - 1.264 Final Exam Solutions Fall, 2005 Name: _...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online