Final
How many introduction points does a hidden service node select for clients to be able to initiate communication with the service? 1 2 3 4
1
Which 3 of the following are true with respect to the Internet of Things? 1. IoT devices collect various amount of potentially personal information that can be linked to other public datasets that may reveal your identity and/or habits. 2. When you install or use an IoT device, your personal data is only sent to the manufacturer of your device (Google, Sonos, Apple, etc.) 3. IoT devices are secure out-of-the-box and usually implement strong crypto to enhance user privacy. 4. IoT networks, due to their frequent transmissions of small amounts of data, have given rise to a large number of new protocols such as ZigBee, White-fi, NFC, and more. 5. Large numbers of IoT devices have been recruited to into botnets and used to takedown major service providers such as Amazon.
1, 4, 5
Which 2 of the following are security best practices for containers? 1. Mapping all network ports from the container to the host OS to enable security scanning on all ports. 2. Automate container security scanning with tools like Anchore. 3. Enabling a default username and password so all users can login to perform security analysis of your containers. 4. Make sure images are signed and downloaded from trusted sources.
2,4
How many symmetric keys must a ToR client negotiate to build a circuit. 4 3 2 1
3 https://robertheaton.com/2019/04/06/how-does-tor-work/ symmetric keys; seems asking number of keys 'to build' bc you can have many middle relays
How is a container different than a virtual machine? 1. A container provides resource isolation but a hypervisor does not. 2. Many containers can be run on a single piece of hardware while a virtual machine must be run on its own physical device. 3. A hypervisor virtualizes at the hardware level while a container virtualizes at the OS level. 4. A hypervisor provides resource isolation but a container does not.
A hypervisor virtualizes at the hardware level while a container virtualizes at the OS level https://www.electronicdesign.com/technologies/dev-tools/article/21801722/whats-the-difference-between-containers-and-virtual-machines
Why does a lack of physical access to cloud infrastructure present a security risk to individuals and organizations hosting their system within a cloud?
A lack of physical access to cloud infrastructure presents a security risk because it makes it difficult to ensure who is having or not having access to the physical servers. There is no way to really know if there are malicious cloud service provider's employees or unauthorized people gaining access. Being unable to monitor the physical security of the systems and devices, there is no way to know for certain if, for example, data is being removed out of the server and taken, or damaged, etc.
Which of the following are security risks associated with IoT devices? Administrative interfaces with weak passwords or lack of encryption Removal of storage media All of these Obtaining physical access to distributed sensors
All of these
Which of the following are NOT a wireless protocol for IoT devices? NFC ZigBee BART Bluetooth
BART
Describe how Bitcoin uses a blockchain and ledger to prevent a double-spending attack.
Double-spending attacks occur when the same digital token in a digital currency scheme is spent more than once, which occurs when the digital token is duplcated or falsified. Bitcoin, a decentralized cryptocurrency system, prevents this by using a blockchain and ledger. The ledger is public and has a record of all the transactions. The most current copies of this public ledger are stored on many servers. As transactions (requests to spend) are broadcast, they arrive at each server at different times. These transactions are collected together in blocks, and the blockchain is made up of these blocks chained together. Each block commits to the entire history of blockchain transactions including the new transactions that arrive, and eventually a single chain will continue on whereas others do not. The longest chain is considered to be the true or valid data set. With blockchain and the ledger, as blocks of transactions are built on top of previous ones, it becomes increasingly prevents with each transaction for 'double-spending' to occur.
The government currently has a well-documented strategy for the rapid increase of IoT devices. True False
False
The quick time-to-market of IoT devices ensures security is built-in to the product from its inception. True False
False
A neural network can only be used to output discrete-valued probabilities, there it can only solve regression problems. True False
False Discrete is either 0 or 1, but regression is about ranges Classification problems solve discrete probabilities
Virtualizing mobile apps makes it impossible for attackers to breakout of the application sandbox and infect other processes' memory. True False
False It's not impossible
One key concept with containers is they should be immutable. IE don't update a container in runtime, build and configure a newer container image and redeploy. Given this understanding would you should store datafiles inside the container. True False
False Containers are ephemeral; use volumes to persist data
Scalability refers to the ability to automatically increase cloud resources and subsequently reduce them in the event of an increase/decrease in computing volume. True False
False Elasticity fulfills real-time demands
Cross-origin Resource Sharing (CORS) is one method to help guard against XSS attacks. True False
False escaping, validating and sanitizing input is the way
Why is guard pinning important in ToR networks and what kind of attacks become more feasible if a ToR client were to select a new entry guard for each stream?
Guard pinning is when one first installs the Tor client and the guard nodes are selected at random, the same guard nodes are kept for 2-3 months. This means that with the creation of a new circuit for each website session, the same guard relay is used for 2-3 months. Since the first IP in the relay circuit would remain the same because the packets are sent to the same entry guard for 2-3 months, this prevents predecessor attacks. Assuming that there are malicious nodes, the ones to be most concerned about are the malicious entry and exit noes. Without guard pinning, with the creation of a new circuit, randomly selecting a new entry guard each time would increase the probability that one would select both a malicious entry and exit node. Guard pinning increases the chances that none of the circuits will be compromised because good guard nodes are pinned. https://robertheaton.com/2019/04/06/how-does-tor-work/
Which 3 of the following are characteristics of hash functions? 1. Hash functions provide fixed-length outputs. 2. Hash functions can produce different hashes for the same value on consecutive runs. 3. Hash functions makes it hard to find two inputs that map to the same output. 4. Hash functions are one-way functions and thus not invertible. 5. A hash value can be reversed using the server's private key.
Hash functions provide fixed-length outputs. Hash functions makes it hard to find two inputs that map to the same output. Hash functions are one-way functions and thus not invertible.
Which of the following cryptographic methods are used to implements a bitcoin transaction? 1. Hash functions 2. HMAC's 3. Symmetric key crypto 4. Asymmetric key crypto
Hash, Asymmetric Private and public keys are asymmetric see https://bitcoin.org/bitcoin.pdf ('Transactions') Tor uses symmetric keys
Which of the following services are valid AWS offerings? IAM OCR S3 VPC APS
IAM OCR S3 VPC APS
What is an IoT sink-hole attack?
In an IoT sink-hole attack, attackers compromise nodes then use to nodes to attract network traffic from the neighboring nodes. The node becomes a sinkhole, and starts receiving all packets that it attracts that was heading for the true destination. As the traffic of the network passes through the node, the attackers then launch attacks such like selectively forwarding, acknowledge spoofing attack and, alter or drop traffic leading to data confidentiality issues or denial service of service of the network. https://arxiv.org/pdf/1910.13312.pdf Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures Ismail Butun, Member, IEEE, Patrik Osterberg, ¨ Member, IEEE, and Houbing Song, Senior Member, IEEE
Which of the following provides the LEAST amount of security out-of-the-box? Software-as-a-Service Infrastructure-as-a-Service None of these provide security from the onset. Platform-as-a-Service
Infrastructure-as-a-Service
Which of the following does a ToR node communicate with when connecting or communicating with a hidden (Onion) service? 1. Introduction point 2. Entry guard 3. Rendezvous point 4. Middle relay
Introduction point Rendezvous point
Which of the following is true with respect to jJust-in-time compiling.? (related to mobile devices e.g. Android) 1. JIT compiling requires a greater amount of storage space on the device. 2. JIT compiling requires less overall storage space on a device and the application is executed more slowly than the traditional compilation process. 3. JIT compiling requires less overall storage space on a device and the application is executed more quickly than the traditional compilation process.
JIT compiling requires less overall storage space on a device and the application is executed more quickly than the traditional compilation process.
Which 3 of the following are ways containers may help reduce the cost of software development for an organization? Accelerated developer efficiency, increased application deployment speed, lower developer/testing costs, lower dev/test/prod environment costs, better support for legacy software, & more consistent deployment processe 1. Containers perform faster than virtual machines. 2. Containers provide more security than virtual machines. 3. Lower cost of cloud infrastructure for DEV/TEST/PROD environments. 4. Faster application deployments. 5. Easier deployments across different OS platforms.
Lower cost of cloud infrastructure for DEV/TEST/PROD environments. Faster application deployments. Easier deployments across different OS platforms. Question is in terms of software development cost.
Which of the following is a safeguard against a "juice-jacking" attack? Only plug into USB 3.0 interfaces. Only use a USB C-type connector when plugging into a foreign USB source. Asking for permission before mounting a drive to an external device. Marking the removable storage as read-only.
Marking the removable storage as read-only.
Describe, in a few sentences, how Bitcoin mining works. and why it is now "hard" (and of less value) for amateurs to mine bitcoins.
Miners (servers) process each Bitcoin transaction to produce a block, i.e. chain together the blocks of transactions, by solving a difficult computational problem. Miners are rewarded newly created Bitcoins and transaction fees for this service. It is now 'hard' for amateurs to mine bitcoins because Bitcoin is designed so that the mining difficulty and reward is adjusted based on compute power. This means that when there are more computers racing to solve the computational puzzles to earn the bitcoins, the difficulty to mine increases, and when there are less machines, it is not as 'hard' to mine Bitcoins. The rewards become smaller and smaller over time. Now, the compute power has increased making it far harder for mining Bitcoins than the past, and also less rewarding.
Which of the following present a serious security concern to cloud computing platforms? Scalability Multi-tenancy Elasticity Data durability
Multi-tenancy
Which of the following is NOT a valid HTTP verb? 1. GET 2. PUSH 3. POST 4. PUT
PUSH
Which SQL command is used to read data from a database table? 1. SELECT 2. GET 3. QUERY 4. RETRIEVE
SELECT
Which 3 of the following provide unique security challenges for the Internet of Things? The distributed nature of IoT sensors. The large amounts of private data IoT sensors may reveal. The low costs of IoT sensors and devices. The convenience provided by IoT devices. A lack of security controls for IoT devices as they are hastily placed into the marketplace.
The distributed nature of IoT sensors. The large amounts of private data IoT sensors may reveal. A lack of security controls for IoT devices as they are hastily placed into the marketplace.
All P2P transactions or interactions with a contract in Ethereum require a gas fee. T or F
True
Linear regression can be used to make accurate predictions about non-linear data. True False
True
Neural networks can have up to millions of input nodes and use perceptrons to compute some meaningful threshold function to make decisions. True False
True
Smart egg trays currently exist. True False
True
The title of this class is WWW Security. True False
True
The virtualization layer (hypervisor) sits between the VM Operating System and the physical hardware. True False
True
Using a docker image such as "ubuntu:latest" it can still be common to find critical/high/medium vulnerabilities for which there is no current patch? True False
True
With Android 6.0 (Marshmallow), applications began asking for permission from the user at run-time rather than install-time. True or false: this method is more secure for enforcing the principle of least privilege. T or F
True
log_data.txt has grading data for 20 assignments in the following format: fname, lname, score (assume last names are distinct) data_rdd = sc.textFile("log_data.txt") grades_rdd = data_rdd.split(',').map(lambda grade: tup(str(grade[1]), int(grade[2]))).reduceByKey(lambda grade1, grade2: grade1 + grade2).map(lambda average: (average[0], average[1]/20)) True or false: the code above will calculate the average score for each student based on their last name. Note: I didn't actually run this code, so you may assume the syntax is correct without running it.
True
According to the bitcoin protocol, bitcoin production and mining will eventually cease. True False
True But it will be more difficult to mine over time; will be 122 more years until it ceases; there are 21 million bitcoins total https://cointelegraph.com/news/a-glimpse-into-the-future-what-happens-when-there-are-no-more-bitcoin-to-mine https://www.investopedia.com/tech/what-happens-bitcoin-after-21-million-mined/
A Docker container is a running instance of a Docker image. True False
True https://stackify.com/docker-image-vs-container-everything-you-need-to-know/
Big data presents unique security challenges because... a single repository with large amounts of data is attractive to an attacker. no frameworks exist for processing large amounts of data. large amounts of data cannot be encrypted. large amounts of data cannot be hashed.
a single repository with large amounts of data is attractive to an attacker.
____allows you to deploy your services globally and distribute it throughout the world to avoid single points-of-failure
cloud computing
An application sandbox is sometimes referred to as a... thread container. container. virtual container. process sandbox.
process sandbox
Which 3 of the following are valid Apache Spark transformations? 1. reduceByKey() 2. take() 3. map() 4. collect() 5. distinct()
reduceByKey(), take(), map()
Cookies are generated on the __________ and stored on the ___________.
server, client