1.In the following description of the Kerberos authentication protocol, the correct one is ( ).
a. The key distribution center consists of three parts: the authentication server, the bill authorization server and the client.
b. The interaction of the protocol uses a public key encryption algorithm to encrypt the message.
c. There is no need to share long-term keys between users and servers.
d. The purpose of the agreement is to allow the user to obtain a service license to access the application server.
2.In the network shown in the following figure, if a PC obtains the IP address of the router through the tracert command, the characteristics of the IP packet sent by the PC encapsulating ICMP messages are ( ).
a. type=11 , code=0 of the ICMP message; The TTL field of an IP packet is 3
b. type=8 and code=0 of the ICMP message; The TTL field of an IP packet is 3
c. type=11 , code=0 of the ICMP message; The TTL field of an IP packet is 128
d. type=8 and code=0 of the ICMP message; The TTL field of an IP packet is 128
3.In fiber access technology, the ONU of the EPON system sends data to the OTL using ( ) technology.
a、 tdm
b、 fdm
c、 tdma
d. Broadcasting. 4.In the dual-link hot-standby radio access network shown in the following figure, STA goes online through portal authentication, the AP is currently connected to the primary AC is AC1, and the STA is connected to AC1 through AP
A. There is information about the AP on AC2, and the status of the AP on AC2 is standby
b. There is AP information on AC2, and the AP's status on AC2 is normal
c. There is information about the STA on AC2 and the status of the STA is not authenticated
d. There is information about the STA on AC2 and the status of the STA is Certified
5.During the TCP connection release process, the party (client) requesting the release of the connection sends a connection release message segment, which should be set with ( ).
a, fin set 1
b. fin set to 0
c. ACK set 1
d. ack set 0 2 months ** dynamic incentive plan
Cf. ***1 d
The Kerberos protocol body consists of three parts: the client, the key distribution center (KDC), and the application server, while the key distribution center (KDC) is mainly composed of two parts: the authentication server (AS) and the ticket-granting server (TGS), and the client does not belong to the KDC.
The Kerberos protocol uses a private key cryptography (symmetric cryptography) for interactions.
If the server refers to the application server, the user and the application server do not need to share the long-term key, but use KDC to distribute the shared key, but the long-term session key needs to be shared between the user and the AC server, so the C option is controversial.
The main purpose of the Kerberos authentication protocol is to provide a shared key distribution service for users and application servers, that is, to allow users to obtain a service license ticket (the ticket contains the shared key) to access the application server.
2.B tracert is a traceroute command under the Windows operating system, which is the abbreviation of the trace route function. The PC side wants to obtain the IP address of the router, so the ICMP packet sent should be an "echo request" packet, that is, the type field should be set to 8, and the code field should be set to 0.
3.A During the transmission of Ethernet passive optical network (EPON) signals, the uplink data is sent from multiple optical network units (ONU) to optical line terminals (OLT) using time division multiplexing (TDM) technology. Each ONU is assigned a transmission time slot that is synchronized so that when packets are coupled into a single fiber, the different ONUs do not interfere.
4.A AC1 If there is no problem, AC2 can see that the status of the AP is standby.
When the link between AP and AC1 is interrupted after AC1 is restarted (or when AC1 fails), AC1 switches to AC2, and the AP status in AC2 changes from standby to normal. When using the portal authentication method, a separate portal server is often used, and there is no user authentication information on the AC.
5.A TCP release connection can be broken down in four steps, as follows (both parties were in an established state before the communication):
Step 1: The source host sends a release packet (fin=1, seq=x) and the source host enters the fin-wait state.
Step 2: After receiving the packet, the destination host sends an acknowledgement packet (ack=1, ack=x+1, seq=y), and the destination host enters the close-wait state. At this point, the source host stops sending data, but the destination host can still send data, and the TCP connection is half-closed. The source host receives the ACK packet and waits for the destination host to send the FIN packet, which may continue for a period of time.
Step 3: After the destination host confirms that no data is being sent to the source host, it sends a release packet (fin=1, ack=1, ack=x+1, and seq=z). The target host enters the last-ack state.
Step 4: After receiving the release packet, the source host sends an acknowledgement packet (ack=1, ack=z+1, seq=x+1), and waits for a period of time to confirm the arrival of the acknowledgement packet, and then enters the closed state. After receiving the acknowledgement packet, the destination host enters the closed state.