Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Cybersecurity Concepts and Techniques, Exams of Business Economics

A wide range of cybersecurity topics, including network security protocols, intrusion detection and prevention, firewall configurations, buffer overflow attacks, and authentication mechanisms like kerberos and pki. It provides a comprehensive overview of fundamental cybersecurity principles and techniques used to protect computer systems and networks from various threats and vulnerabilities. The document delves into the technical details of how these security mechanisms work, the types of attacks they aim to mitigate, and the best practices for implementing effective cybersecurity measures. It serves as a valuable resource for students, researchers, and professionals in the field of information security, offering insights into the evolving landscape of cybersecurity and the strategies employed to safeguard digital assets.

Typology: Exams

2023/2024

Available from 07/31/2024

paul-kamau-2
paul-kamau-2 🇺🇸

2.7

(3)

3.2K documents

Partial preview of the text

Download Cybersecurity Concepts and Techniques and more Exams Business Economics in PDF only on Docsity! CS356 Final Exam 174 Questions with Verified Answers The most complex part of SSL is the __________ . -message header -payload -handshake protocol -TLS - CORRECT ANSWER Handshake Protocol A benefit of IPsec is __________. A. that it is below the transport layer and transparentto applications B. there is no need to revoke keying material whenusers leave the organization C. it can provide security for individual users if needed D. all of the above - CORRECT ANSWER All of the above The _______ field in the outer IP header indicates whether the association is an AH or ESP security association. A. protocol identifier B. security parameter index C. IP destination address D. sequence path counter - CORRECT ANSWER protocol identifier In the case of ________ only the digital signature is encoded using base64. A. enveloped data B. signed and enveloped data C. signed data D. clear-signed data - CORRECT ANSWER D. clear-signed data IPsec can assure that _________. A. a router advertisement comes from an authorizedrouter B. a routing update is not forged C. a redirect message comes from the router to whichthe initial packet was sent D. all of the above - CORRECT ANSWER D. all of the above In S/MIME each conventional key is used a total of three times. - CORRECT ANSWER False DKIM has been widely adopted by a range of e-mail providers and many Internet service providers. - CORRECT ANSWER True A message store cannot be located on the same machine as the MUA - CORRECT ANSWER False An ADMD is an Internet e-mail provider. - CORRECT ANSWER True MIME is an extension to the old RFC 822 specification of an Internet mail format. - CORRECT ANSWER True _______ is a list that contains the combinations of cryptographic algorithms supported by the client. A. Compression method B. Session ID C. CipherSuite D. All of the above - CORRECT ANSWER C. CipherSuite To protect the data, either the signature alone or the signature plus the message are mapped into printable ASCII characters using a scheme known as ________ or base64mapping. A. radix-64 B. ASCII-64 C. ESP-64 D. safe mapping - CORRECT ANSWER A. radix-64 Recipients without S/MIME capability can view the message content, although they cannot verify the signature - CORRECT ANSWER True C. worm D. Trojan horse - CORRECT ANSWER A. logic bomb Keyware captures keystrokes on a compromised system. - CORRECT ANSWER False A bot propagates itself and activates itself, whereas a worm is initially controlled from some central facility. - CORRECT ANSWER False Every bot has a distinct IP address. - CORRECT ANSWER True A virus that attaches to an executable program can do anything that the program is permitted to do. - CORRECT ANSWER True E-mail is a common method for spreading macro viruses. - CORRECT ANSWER True A __________ attack is a bot attack on a computer system or network that causes a loss of service to users. A. spam B. phishing C. DDoS D. sniff - CORRECT ANSWER C. DDoS __________ is malware that encrypts the user's data and demands payment in order to access the key needed to recover the information. A. Trojan Horse B. Crimeware C. Ransomware D. Polymorphic - CORRECT ANSWER C. Ransomware Many forms of infection can be blocked by denying normal users the right to modify programs on the system. - CORRECT ANSWER True In addition to propagating, a worm usually carries some form of payload. - CORRECT ANSWER True Metamorphic code is software that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics. - CORRECT ANSWER False It is not possible to spread a virus via an USB stick - CORRECT ANSWER False __________ are used to send large volumes of unwanted e-mail. A. Rootkits B. Spammer programs C. Downloaders D. Auto-rooter - CORRECT ANSWER B. Spammer programs A program that is covertly inserted into a system with the intent of compromising the integrity or confidentiality of the victim's data is __________. A. Adobe B. Animoto C. malware D. Prezi - CORRECT ANSWER C. malware Unsolicited bulk e-mail is referred to as __________. A. spam B. propagating C. phishing D. crimeware - CORRECT ANSWER A. spam Malicious software aims to trick users into revealing sensitive personal data. - CORRECT ANSWER True A macro virus infects executable portions of code. - CORRECT ANSWER False Programmers use backdoors to debug and test programs. - CORRECT ANSWER True _______ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server. A. Application-based B. System-based C. Random D. Amplification - CORRECT ANSWER A. Application-based It is possible to specifically defend against the ______ by using a modified version of the TCP connection handling code. A. three-way handshake B. UDP flood C. SYN spoofing attack D. flash crowd - CORRECT ANSWER C. SYN spoofing attack A characteristic of reflection attacks is the lack of _______ traffic. A. backscatter B. network C. three-way D. botnet - CORRECT ANSWER A. backscatter The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections. A. DNS amplification attack B. SYN spoofing attack C. basic flooding attack D. poison packet attack - CORRECT ANSWER B. SYN spoofing attack ______ relates to the capacity of the network links connecting a server to the wider Internet. A. State-sponsored organizations B. Activists C. Cyber criminals D. Others - CORRECT ANSWER B. Activists A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so. A. intrusion detection B. IDS C. criminal enterprise D. security intrusion - CORRECT ANSWER D. security intrusion A _________ monitors the characteristics of a single host and the events occurring within that host for suspicious activity. A. host-based IDS B. security intrusion C. network-based IDS D. intrusion detection - CORRECT ANSWER A. host-based IDS A ________ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity. A. host-based IDS B. security intrusion C. network-based IDS D. intrusion detection - CORRECT ANSWER C. network-based IDS The ________ is responsible for determining if an intrusion has occurred. A. analyzer B. host C. user interface D. sensor - CORRECT ANSWER A. analyzer __________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder. A. Profile based detection B. Signature detection C. Threshold detection D. Anomaly detection - CORRECT ANSWER B. Signature detection _________ involves the collection of data relating to the behavior of legitimate users over a period of time. A. Profile based detection B. Signature detection C. Threshold detection D. Anomaly detection - CORRECT ANSWER D. Anomaly detection A (n) __________ is a hacker with minimal technical skill who primarily uses existing attack toolkits. A. Master B. Apprentice C. Journeyman D. Activist - CORRECT ANSWER B. Apprentice The _________ module analyzes LAN traffic and reports the results to the central manager. A. LAN monitor agent B. host agent C. central manager agent D. architecture agent - CORRECT ANSWER A. LAN monitor agent The purpose of the ________ module is to collect data on security related events on the host and transmit these to the central manager. A. central manager agent B. LAN monitor agent C. host agent D. architecture agent - CORRECT ANSWER C. host agent A(n) ________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor. A. passive sensor B. analysis sensor C. LAN sensor D. inline sensor - CORRECT ANSWER D. inline sensor A(n) ________ event is an alert that is generated when the gossip traffic enables a platform to conclude that an attack is under way. A. PEP B. DDI C. IDEP D. IDME - CORRECT ANSWER B. DDI The _______ is the ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator. A. data source B. sensor C. operator D. analyzer - CORRECT ANSWER D. analyzer Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified. - CORRECT ANSWER True An intruder can also be referred to as a hacker or cracker. - CORRECT ANSWER True The firewall can protect against attacks that bypass the firewall. - CORRECT ANSWER False A traditional packet filter makes filtering decisions on an individual packet basis and does not take into consideration any higher layer context. - CORRECT ANSWER True _________ control determines the direction in which particular service requests may be initiated and allowed to flow through the firewall. A. Behavior B. User C. Direction D. Service - CORRECT ANSWER C. Direction A _________ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control. A. packet filtering firewall B. distributed firewall C. personal firewall D. stateful inspection firewall - CORRECT ANSWER B. distributed firewall _________ control determines the types of Internet services that can be accessed, inbound or outbound. A. Behavior B. Direction C. Service D. User - CORRECT ANSWER C. Service The countermeasure to tiny fragment attacks is to discard packets with an inside source address if the packet arrives on an external interface. - CORRECT ANSWER False One disadvantage of a packet filtering firewall is its simplicity. - CORRECT ANSWER False The primary role of the personal firewall is to deny unauthorized remote access to the computer. - CORRECT ANSWER True A firewall can serve as the platform for IPSec. - CORRECT ANSWER True Distributed firewalls protect against internal attacks and provide protection tailored to specific machines and applications. - CORRECT ANSWER True Unlike a firewall, an IPS does not block traffic. - CORRECT ANSWER False The firewall may be a single computer system or a set of two or more systems that cooperate to perform the firewall function. - CORRECT ANSWER True Typically the systems in the _________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server. A. DMZ B. IP protocol field C. boundary firewall D. VPN - CORRECT ANSWER A. DMZ A __________ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. A. packet filtering B. stateful inspection C. application-level D. circuit-level - CORRECT ANSWER D. circuit-level _________ control controls how particular services are used. A. Service B. Behavior C. User D. Direction - CORRECT ANSWER B. Behavior _________ is a form of overflow attack. A. Heap overflows B. replacement stack frame C. return to system call D. all of the above - CORRECT ANSWER D. all of the above _________ can prevent buffer overflow attacks, typically of global data, which attempt to overwrite adjacent regions in the processes address space, such as the global offset table. Heaps Guard Pages All of these options MMUs - CORRECT ANSWER Guard Pages ________ involve buffers located in the program's global (or static) data area. Heap overflows Stack buffer overflows Global Data Area Overflows Position overflows - CORRECT ANSWER Global Data Area Overflows The buffer overflow type of attack has been known since it was first widely used by the _______ Worm in 1988. Code Red Worm Morris Internet Worm Slammer Worm Alpha One - CORRECT ANSWER Morris Internet Worm The Packet Storm web site includes a large collection of packaged shellcode, including code that can: -flush firewall rules that currently block other attacks -all of these options -set up a listening service to launch a remote shell when connected to An attacker can generally determine in advance exactly where the targeted buffer will be located in the stack frame of the function in which it is defined. - CORRECT ANSWER False The function of ___________ was to transfer control to a user command-line interpreter, which gave access to any program available on the system with the privileges of the attacked program. shellcode stacking memory management no-execute - CORRECT ANSWER shellcode A stack buffer overflow attack is also referred to as ______. stack smashing stack framing heap overflowing buffer overrunning - CORRECT ANSWER stack smashing There are several generic restrictions on the content of shellcode. - CORRECT ANSWER True To exploit any type of buffer overflow, the attacker needs to identify a buffer overflow vulnerability in some program that can be triggered using externally sourced data under the attacker's control. - CORRECT ANSWER True The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _________ vulnerability. A. XSS reflection B. chroot jail C. atomic bomb D. PHP file inclusion - CORRECT ANSWER A. XSS reflection __________ attacks are vulnerabilities involving the inclusion of script code in the HTML content of a Web page displayed by a user's browser. A. PHP file inclusion B. Mail injection C. Code injection D. Cross-site scripting - CORRECT ANSWER D. Cross-site scripting Defensive programming is sometimes referred to as _________. A. variable programming B. secure programming C. interpretive programming D. chroot programming - CORRECT ANSWER B. secure programming A ________ is a pattern composed of a sequence of characters that describe allowable input variants. A. canonicalization B. race condition C. regular expression D. shell script - CORRECT ANSWER C. regular expression "Incorrect Calculation of Buffer Size" is in the __________ software error category. A. Porous Defenses B. Allocation of Resources C. Risky Resource Management D. Insecure Interaction Between Components - CORRECT ANSWER C. Risky Resource Management "Improper Access Control (Authorization)" is in the _________ software errorcategory. A. Porous Defenses B. Allocation of Resources C. Risky Resource Management D. Insecure Interaction Between Components - CORRECT ANSWER A. Porous Defenses Incorrect handling of program _______ is one of the most common failings insoftware security. A. lines B. input C. output D. disciplines - CORRECT ANSWER B. input _________ is a program flaw that occurs when program input data can accidentally or deliberately influence the flow of execution of the program. A. PHP attack B. Format string injection attack C. XSS attack D. Injection attack - CORRECT ANSWER D. Injection attack A _________ attack occurs when the input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server. A. command injection B. SQL injection C. code injection D. PHP remote code injection - CORRECT ANSWER A. command injection A _______ attack is where the input includes code that is then executed by the attacked system. A. SQL injection B. cross-site scripting C. code injection D. interpreter injection - CORRECT ANSWER C. code injection The _______ consists of two dates: the first and last on which the certificate is valid. A. version B. period of validity C. extension D. unique identifier - CORRECT ANSWER B. period of validity An integer value unique within the issuing CA that is unambiguously associated with the certificate is the ________. A. issuer name B. subject's public-key information C. issuer unique identifier D. serial number - CORRECT ANSWER D. serial number ________ requires that a user prove his or her identity for each service invoked and, optionally, requires servers to prove their identity to clients. A. FIM B. Kerberos C. X.509 D. PKI - CORRECT ANSWER B. Kerberos _______ is the process in which a CA issues a certificate for a user's public key and returns that certificate to the user's client system and/or posts that certificate in a repository. A. Certification B. Registration C. Initialization D. Authorization - CORRECT ANSWER A. Certification _______ is important as part of the directory service that it supports and is also a basic building block used in other standards. A. PKI B. X.509 C. Kerberos D. FIM - CORRECT ANSWER B. X.509 The overall scheme of Kerberos is that of a trusted third-party authentication service. - CORRECT ANSWER True Initialization begins the process of enrolling in a PKI. - CORRECT ANSWER False Kerberos does not support interrealm authentication. - CORRECT ANSWER False The authentication server shares a unique secret key with each server. - CORRECT ANSWER True The approach taken by Kerberos is using authentication software tied to a secure authentication server. - CORRECT ANSWER True _______ is the process whereby a user first makes itself known to a CA prior to that CA issuing a certificate or certificates for that user. A. Authorization B. Registration C. Certification D. Initialization - CORRECT ANSWER B. Registration A _______ is a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities. A. RA B. registration C. repository D. CA - CORRECT ANSWER C. repository One of the earliest and most widely used services is _________. A. Kerbero B. FIM C. PKI D. X.509 - CORRECT ANSWER A. Kerbero Update is not required when the certificate lifetime expires or as a result of certificate revocation. - CORRECT ANSWER False Kerberos is designed to counter only one specific threat to the security of a client/server dialogue. - CORRECT ANSWER False _______ certificates are used in most network security applications, including IP security, secure sockets layer, secure electronic transactions, and S/MIME. A. X.509 B. PKI C. FIM D. SCA - CORRECT ANSWER A. X.509 X.509 provides a format for use in revoking a key before it expires. - CORRECT ANSWER True The principal objective for developing a PKI is to enable secure, convenient, and efficient acquisition of private keys. - CORRECT ANSWER False The ticket-granting ticket is not reusable. - CORRECT ANSWER False