You’re implementing an L2TP/IPsec VPN solution to support remote employees. Which of the following is not true? (Source: Wentz QOTD)
A. AH may not be available in IPsec
B. AH ensures integrity only, but not confidentiality through encryption
C. Implementation of ESP is a mandatory requirement of IPsec
D. ESP ensures both confidentiality and the same level of integrity as AH does
I added more information about the confusing C&A process into the post, Jargons: V&V and C&A. The newly added materials are included as follows.
Added on 2020/07/30:
There were various information system certification and accreditation processes across the US federal agencies, such as DITSCAP, DIACAP, NIACAP, NISCAP, and DCID 6/3. Those legacy C&A processes can be confusing because of the diversity and inconsistency across agencies. For example, the obsolete DITSCAP C&A process treated V&V as phases in its C&A process. Thanks to the NIST RMF (SP 800-37 R2), it becomes the latest and unified version of C&A.
The NIST RMF is integrated with the SDLC detailed in NIST SP 800-160 v1, which is aligned with the SDLC introduced in ISO 15288. In other words, terminologies certification and accreditation are not used in the NIST RMF any more. C&A (Certification and Accreditation) is replaced by A&A (Assessment and Authorization) in RMF and V&V (Verification and Validation) in ISO 15288.
Wired Equivalent Privacy (WEP), ratified in 1997, is the first generation security solution for 802.11 wireless networks. The 64-bit WEP uses the stream cipher RC4 with a 24-bit initialization vector (IV) and a 40-bit secret key. Hackers can use Aircrack-ng to sniff wireless traffic and crack the secret key by exploiting the short IV. Which of the following best describes the attack used to break WEP? (Source: Wentz QOTD)
Which of the following is least likely to ensure security through the application of cryptographic hash? (Source: Wentz QOTD)
A. Establish HTTP sessions by Digest Access Authentication
B. Persist passwords with pepper
C. Detect error using odd parity
D. Enforce accountability through digital signature