The MD5 (Message-Digest Algorithm 5) is a cryptographic hash function designed to produce a 128-bit hash value, also known as a message digest. Regardless of the size of the input data, the MD5 algorithm processes it and generates a fixed-size output of 128 bits. This output is typically represented as a 32-digit hexadecimal number. Although MD5 is now considered cryptographically broken and unsuitable for security applications like digital signatures, its output size remains a fundamental characteristic.

B. 160 bits: This is the output size of the Secure Hash Algorithm 1 (SHA-1), a different and also deprecated hashing algorithm.

C. 256 bits: This is the output size for the SHA-256 algorithm, which is part of the more secure SHA-2 family of hash functions.

D. 128 bytes: This is incorrect as it equates to 1024 bits (128 bytes 8 bits/byte), which is not the standard output size for MD5.

1. Rivest

R. (1992). The MD5 Message-Digest Algorithm. RFC 1321. Internet Engineering Task Force (IETF). In Section 1

"MD5 Algorithm Description

" it states

"The algorithm takes as input a message of arbitrary length and produces as output a 128-bit 'fingerprint' or 'message digest' of the input." Available at: https://doi.org/10.17487/RFC1321

2. National Institute of Standards and Technology (NIST). (2023). Computer Security Resource Center (CSRC) Glossary: Message Digest 5 (MD5). The definition explicitly states

"A hash algorithm that produces a 128-bit hash value." Available at: https://csrc.nist.gov/glossary/term/messagedigest5

3. Katz

J.

& Lindell

Y. (2020). Introduction to Modern Cryptography (3rd ed.). CRC Press. In Chapter 5

"Hash Functions and Applications

" the text describes MD5 as a function that "outputs a 128-bit digest." (Specific reference: Section 5.1.1

"Constructions of Hash Functions").

4. Rivest

R. (2014). Lecture 9: Hash Functions. MIT OpenCourseWare

6.857 Network and Computer Security

Fall 2014. The lecture notes specify the output sizes for various hash functions

listing MD5 with a 128-bit output. Available at: https://ocw.mit.edu/courses/6-857-network-and-computer-security-fall-2014/resources/mit6857f14lec9/

Wireless Transport Layer Security (WTLS) is the security layer of the Wireless Application Protocol (WAP) stack. It is specifically designed to provide security services for wireless environments, which are characterized by low bandwidth and high latency. WTLS ensures confidentiality through encryption, data integrity through message authentication codes (MACs), and authentication through digital certificates. It is functionally analogous to the Transport Layer Security (TLS) protocol used in the standard internet protocol suite but is optimized for constrained mobile devices and networks. Its primary goal is to secure the connection between a mobile client and a WAP gateway.

A. S-WAP is not a standard protocol within the WAP architecture; it is a distractor. Security in WAP is handled by a specific layer, not a generic "Secure-WAP" protocol.

C. WSP (Wireless Session Protocol) operates at the session layer, managing the establishment and termination of sessions. It does not provide cryptographic security services like encryption or integrity.

D. WDP (Wireless Datagram Protocol) is the transport layer of the WAP stack, analogous to UDP. It provides a datagram service but lacks any inherent security mechanisms.

1. Schulzrinne

H. (2002). WAP - Wireless Application Protocol. Columbia University

Department of Computer Science. CSEE 4119

Network Protocols and Applications. Slide 21 describes the WAP protocol stack

identifying WTLS as the security layer responsible for "authentication

privacy

integrity". Retrieved from https://www.cs.columbia.edu/~hgs/teaching/4119/f02/lect/wap.pdf

2. WAP Forum. (2001

April 6). Wireless Transport Layer Security Specification

Version 06-Apr-2001 (WAP-261-WTLS-20010406-a). Open Mobile Alliance. Section 5

"Goals of the WTLS Layer

" p. 13

states

"The WTLS protocol is intended to provide privacy

data integrity and authentication between two communicating applications."

3. Penttinen

J. T. (2015). The Telecommunications Handbook: Engineering Guidelines for Fixed

Mobile and Satellite Systems. John Wiley & Sons. Chapter 10.2.2

"The WAP Protocol Stack

" p. 418

explicitly states

"The Wireless Transport Layer Security (WTLS) provides security functions similar to TLS... It provides data integrity

privacy

and authentication..."

A standard 48-bit Media Access Control (MAC) address is divided into two equal parts. The first 24 bits (or 3 bytes) constitute the Organizationally Unique Identifier (OUI). The Institute of Electrical and Electronics Engineers (IEEE) Registration Authority assigns this unique 24-bit block to a specific hardware vendor. The vendor then assigns the remaining 24 bits to each network interface card (NIC) they produce, ensuring a globally unique hardware address for the device.

A. 6 bits: This is an incorrect length and is insufficient to uniquely identify the vast number of hardware manufacturers globally.

B. 12 bits: This represents only half of the actual OUI length and does not align with the IEEE standard.

C. 16 bits: This value does not correspond to the standard byte-based (3 bytes x 8 bits) structure of the OUI.

1. IEEE Standards Association. "IEEE SA - OUI FAQ." The IEEE Registration Authority explicitly states

"An OUI is a 24-bit globally unique assigned number referenced by various standards." This is the vendor-identifying portion of a MAC address. (Accessed from the official IEEE-SA website under Registration Authority FAQs).

2. Kurose

J. F.

& Ross

K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson. In Chapter 6

Section 6.2

"Link-Layer Addressing and ARP

" the text explains that a MAC address consists of 6 bytes

with the first 3 bytes (24 bits) identifying the manufacturer

a value purchased from the IEEE.

3. Stallings

W. (2017). Data and Computer Communications (10th ed.). Pearson. Chapter 15

"Local Area Network Overview

" describes the format of the 48-bit MAC address

specifying that the first 24 bits are the OUI that identifies the vendor of the network adapter.

4. Comer

D. E. (2018). Computer Networks and Internets (6th ed.). Pearson. In Chapter 13

"LAN Wiring

Physical Topology

and Interface Hardware

" it is detailed that the IEEE assigns a unique 24-bit prefix

known as the OUI

to each manufacturer for use in the MAC addresses of their products.

A message digest is generated by a cryptographic hash function that processes the entire input file or message, not just a specific portion. The statement that the digest is calculated using "at least 128 bytes of the file" is incorrect. This confuses the size of the input data with the size of the output digest. A fundamental property of a hash function is to take a variable-length input and produce a fixed-length output. The entire input must be processed to ensure that any change to the original file, no matter how small, results in a different message digest, which is essential for integrity verification.

A. The original file cannot be created from the message digest.

This is a correct statement describing the one-way (pre-image resistance) property, a fundamental security requirement for any cryptographic hash function.

B. Two different files should not have the same message digest.

This is a correct statement describing the collision resistance property. It should be computationally infeasible to find two different inputs that produce the same hash output.

D. Messages digests are usually of fixed size.

This is a correct statement. A defining characteristic of a hash function is that it produces a fixed-length output (e.g., 256 bits for SHA-256) regardless of the input's size.

1. National Institute of Standards and Technology (NIST). (2015). FIPS PUB 180-4

Secure Hash Standard (SHS).

Section 5.1

"Padding the Message": This section details the process of taking the message of length l bits and padding it so that it can be processed. This confirms that the entire message is used as input

directly refuting option C.

Section 4

"PROPERTIES OF SECURE HASH ALGORITHMS": This section states

"For a given algorithm

the hash function is a one-way function; it is computationally infeasible to find a message that corresponds to a given message digest." This supports the correctness of option A. It also describes the goal of collision resistance

supporting option B.

Section 1

"INTRODUCTION": This section states that the secure hash algorithms "produce a condensed representation of a message called a message digest" and that this digest is a "fixed-size bit string." This supports the correctness of option D.

2. Katz

J.

& Lindell

Y. (2014). Introduction to Modern Cryptography (2nd ed.). CRC Press.

Chapter 5

Section 5.1

"Definitions": A hash function is formally defined as a function H that maps arbitrary-length inputs to a fixed-length output. This supports option D and refutes option C

which implies a partial or minimum input. The chapter further defines pre-image resistance (supporting A) and collision resistance (supporting B) as essential security properties.

3. Rivest

R. (1992). RFC 1321: The MD5 Message-Digest Algorithm. IETF.

Section 3

"MD5 Algorithm Description": The overview describes the algorithm operating on an "arbitrary-length message" to produce a "128-bit 'fingerprint' or 'message digest'." Step 1

"Append Padding Bits

" explicitly details how the original message is padded to a specific length for processing

confirming the entire message is the input. This supports options D and A

while refuting C.

A circuit-level proxy operates at the session layer (OSI Layer 5). It validates the TCP handshake and establishes a "circuit" for the session, then relays traffic between the two endpoints without inspecting the application-layer data payload. In contrast, an application-level proxy (Layer 7) acts as a full intermediary, terminating the client connection, deeply inspecting the application protocol's content (e.g., HTTP commands), and then initiating a separate connection to the server. This deep inspection requires significantly more computational resources, resulting in higher processing overhead and greater latency compared to the more lightweight circuit-level proxy.

B. more difficult to maintain.

Application-level proxies are more complex as they require specific proxy software and configuration for each application protocol, making them more difficult to maintain.

C. more secure.

Application-level proxies are more secure because they can inspect and filter application-layer content, preventing protocol-specific attacks that circuit-level proxies cannot see.

D. slower.

Due to its lower processing overhead from not inspecting application data, a circuit-level proxy is generally faster than an application-level proxy.

1. Stallings

W.

& Brown

L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson. In Chapter 21.2

"Firewall Characteristics

" the text explains that application-level gateways (proxies) add more processing overhead than circuit-level gateways.

2. National Institute of Standards and Technology (NIST). (2009). Special Publication 800-41 Revision 1: Guidelines on Firewalls and Firewall Policy. In Section 3.2

"Firewall Technologies

" it is noted that application-layer proxies "can be a performance bottleneck" due to the overhead of examining and forwarding all packets. In contrast

circuit-level proxies are described as simply relaying traffic without content examination

implying lower overhead.

3. Kurose

J. F.

& Ross

K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson. In Chapter 8

Section 8.7.2

"Firewalls

" the text contrasts application gateways with packet filters

noting that the deep inspection performed by application gateways "incurs a performance penalty." This principle directly applies to the comparison with circuit-level proxies

which perform less inspection and are therefore faster.

The Diffie-Hellman (DH) algorithm is a foundational cryptographic protocol used for key exchange or key agreement. Its primary function is to allow two parties, with no prior shared secret, to jointly establish a shared secret key over an insecure communication channel. This generated key can then be used for a symmetric encryption algorithm (like AES) to secure subsequent communications. The DH protocol itself does not perform encryption, integrity checks, or provide non-repudiation; its sole purpose is the secure establishment of a shared secret.

A. Confidentiality: DH enables confidentiality by creating a key for symmetric ciphers, but it does not provide confidentiality directly.

C. Integrity: DH offers no mechanism to verify that data has not been altered. This is the function of hashing algorithms like SHA-256.

D. Non-repudiation: DH does not provide proof of origin. This is achieved with digital signature algorithms like RSA or ECDSA.

1. National Institute of Standards and Technology (NIST) Special Publication 800-56A Revision 3

Recommendation for Pair-wise Key-Establishment Schemes Using Discrete Logarithm Cryptography

April 2018.

Page 1

Section 1 (Introduction): "This Recommendation specifies key-establishment schemes... Such a scheme is called a Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) key-agreement scheme

and the process is called key agreement."

2. Internet Engineering Task Force (IETF) RFC 2631

Diffie-Hellman Key Agreement Method

June 1999.

Page 1

Section 1 (Introduction): "The Diffie-Hellman method allows two parties to agree upon a shared secret value in a manner that is secure against eavesdroppers. This value can then be converted into cryptographic keying material."

3. Rivest

R. L.

Shamir

A.

& Adleman

L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM

21(2)

120–126.

Page 124

Section VI (Public-Key Schemes): The paper

while introducing RSA

references the work of Diffie and Hellman

stating

"Diffie and Hellman have proposed a scheme... in which user A can send a message to user B so that only B can read it." It clarifies this is achieved by first establishing a key

describing the DH protocol as a "public-key distribution system." DOI: https://doi.org/10.1145/359340.359342

4. Katz

J.

& Lindell

Y. (2014). Introduction to Modern Cryptography (2nd ed.). CRC Press.

Page 356

Section 10.3 (The Diffie-Hellman Protocols): "The Diffie-Hellman key-exchange protocol is a method by which two parties can compute a shared key... The protocol is secure against an eavesdropper who observes the entire interaction."

The ISO/OSI model is a conceptual framework that standardizes the functions of a network into seven logical layers. Its primary purpose is to guide product development and foster interoperability between different vendors and network technologies. It is a reference model, not an implementation or a protocol used for active network management. The task of querying network devices for operational statistics like packet counts and routing tables is performed by a network management protocol, such as the Simple Network Management Protocol (SNMP), which itself operates at the Application Layer (Layer 7) of the OSI model.

A. The OSI model is a fundamental standard reference model for network communications, designed to ensure interoperability.

C. A core objective of the OSI model is to provide a standardized framework that allows dissimilar systems to communicate effectively.

D. The model is explicitly defined by its structure of seven distinct layers, often referred to as the OSI protocol stack.

---

1. ISO/IEC 7498-1:1994

Information technology — Open Systems Interconnection — Basic Reference Model: The Basic Model. Section 1

"Scope

" states

"This Reference Model provides a common basis for the coordination of standards development for the purpose of systems interconnection..." It defines the model's purpose as a standard for interoperability

not an active management tool.

2. Kurose

J. F.

& Ross

K. W. (2017). Computer Networking: A Top-Down Approach (7th ed.). Pearson. In Chapter 1

Section 1.5

"Network Layers

" the text describes the OSI model as a conceptual and architectural framework with seven layers

contrasting it with the five-layer Internet protocol stack. It does not describe it as a tool for querying devices.

3. Stallings

W. (2014). Data and Computer Communications (10th ed.). Pearson. Chapter 2

"Protocol Architecture

TCP/IP

and Internet-Based Applications

" describes the OSI model as a "structured set of protocols in layers" and a "model for a computer network architecture." This confirms its role as a standard model (A

D) for enabling communication (C).

4. Case

J.

Mundy

R.

Partain

D.

& Stewart

B. (2002). RFC 3411: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks. IETF. The abstract clearly defines SNMP's purpose: "An SNMP management system contains... an agent

which has access to management instrumentation." This instrumentation includes data like packet counts

which is distinct from the OSI model's function.

Simple Network Management Protocol (SNMP) is designed for managing and monitoring devices on an internal network. Exposing SNMP to the internet presents a significant security risk, as it can reveal sensitive network configuration, device status, and performance data. Attackers can exploit this information for network reconnaissance or launch denial-of-service attacks. Best security practices dictate that SNMP traffic should be blocked at the perimeter firewall and only permitted on trusted, internal management networks.

B. SMTP: Simple Mail Transfer Protocol is essential for sending and receiving email from the internet. It is normally allowed through a firewall to a designated mail server.

C. HTTP: Hypertext Transfer Protocol is the primary protocol for web browsing. Outbound HTTP is required for users to access websites, and inbound is needed to host a public web server.

D. SSH: Secure Shell provides encrypted remote administration. While it must be carefully secured, it is often permitted through a firewall for authorized administrators to manage systems remotely.

1. National Institute of Standards and Technology (NIST). (2009). Guidelines on Firewalls and Firewall Policy (Special Publication 800-41 Revision 1).

Page 29

Section 4.3.2

"Service-Specific Issues": "SNMP is another protocol that organizations should usually block at their firewalls. SNMP is used to remotely manage network devices. Attackers can use SNMP to gain extensive information on a network’s configuration... Because of these risks

organizations should block SNMP at their firewalls."

2. Stallings

W.

& Brown

L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson.

Chapter 21

"Firewalls and Intrusion Prevention Systems

" Section 21.2

"Firewall Characteristics": This section discusses firewall filtering policies. It emphasizes that services intended only for local use

such as SNMP

should not be exposed externally. The principle is to deny all traffic by default and only permit services that are explicitly required for business with the external world.

3. Carnegie Mellon University

Software Engineering Institute. (2002). State of the Practice of Firewall Deployment and Management (CMU/SEI-2002-TN-013).

Page 16

Section 3.2.2

"Filtering Rules": The document advises filtering protocols that provide information about the internal network to outsiders. It lists SNMP as a protocol that is "often filtered" at the firewall boundary due to the valuable network information it can provide to an attacker.

The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link-layer address, such as a MAC address, associated with a given internet-layer address, typically an IPv4 address. When a host needs to send a packet to another host on the same local network, it knows the destination IP address but not the hardware (MAC) address. ARP sends a broadcast request packet to all devices on the local network asking which device is using that specific IP address. The device with the corresponding IP address replies with its MAC address, allowing the original host to encapsulate the IP packet in a Layer 2 frame and send it directly.

A. Routing tables: These are used by routers to determine the path and next-hop IP address for a packet, not to resolve a specific IP to a hardware address.

C. Reverse address resolution protocol (RARP): This protocol performs the opposite function of ARP; it maps a known hardware address to an IP address.

D. Internet Control Message Protocol (ICMP): This protocol is used for network diagnostics and to report errors in IP packet processing (e.g., ping, destination unreachable).

1. Plummer

D. C. (November 1982). RFC 826: An Ethernet Address Resolution Protocol. Internet Engineering Task Force (IETF). "Abstract: A protocol for mapping dynamically between a 32-bit Internet Address and a 48-bit Ethernet address is presented." Retrieved from https://datatracker.ietf.org/doc/html/rfc826

2. Kurose

J. F.

& Ross

K. W. (2017). Computer Networking: A Top-Down Approach (7th ed.). Pearson. In Chapter 5

Section 5.4.1

"The Link Layer: Links

Access Networks

and LANs

" the text states

"the Address Resolution Protocol (ARP)... The role of ARP is to translate IP addresses to link-layer addresses."

3. MIT OpenCourseWare. (Spring 2018). 6.033 Computer System Engineering

Lecture 15: The Network Layer. Massachusetts Institute of Technology. The lecture notes describe ARP's function: "How does a host A find out the Ethernet address for a host B on the same physical network

given B's IP address? Address Resolution Protocol (ARP)." (p. 5).

A packet-filtering firewall evaluates the network-layer headers (IP, TCP/UDP/ICMP) of each packet and applies rules that “permit” or “deny” traffic based on source/destination addresses, protocol type, and—critically—TCP or UDP port (service) numbers. Administrators therefore create rules that open only the port numbers explicitly authorized for business-necessary applications and block all others. By design, the firewall does not knowingly allow unauthorized or undefined ports, nor does it deal with vague “ex-service” or “integer” concepts; thus option A precisely states its selective-allow capability.

B. “Unauthorized” ports are explicitly blocked, not enabled, by packet-filtering policy.

C. “Ex-service numbers” is not a recognized networking term; statement is imprecise.

D. Although ports are integers, “service integers” is non-standard phrasing; answer is vague and less accurate than A.

1. NIST Special Publication 800-41 Rev.1

“Guidelines on Firewalls and Firewall Policy

” §3.1.2 Packet-Filtering Firewalls

pp. 19-20.

2. W. R. Cheswick

S. M. Bellovin & A. D. Rubin

“Firewalls and Internet Security

” 2nd ed.

Addison-Wesley

2003

Ch. 6

pp. 181-182.

3. Cisco Systems

“IP Access List Overview

” Cisco IOS 15 Configuration Guide

§“Standard vs. Extended ACLs

” 2021

para. 2.

4. Stanford University CS244E

“Firewalls and Packet Filtering” lecture notes

Slide 8

2020.