Major Quiz 1
Put the steps that an attacker would normally take to establish a full blown Distributed Denial of Service Attack. There is one step that does not belong. 1st = ? 2nd = ? 3rd = ? 4th = ? Final Step = ?
1st = Scan internet for vulnerable systems 2nd = Install Zombie agents on vulnerable systems 3rd = Have Zombies phone home (connect) to the Master Server 4th = Attacker sends signal to Master Server which sends signals to Zombies to attack a host Final Step = Targeted Systems feel the pain
Match the description on the LEFT with the correct term on the RIGHT. Malicious code that takes advantage of system or kernel level access = ? Technique for an attacker to return to a system later and ensures they have another way in = ? Used to carry out DDOS attacks = ? Social Engineering technique to gain access to a facility by taking advantage of a persons good manners = ?
Malicious code that takes advantage of system or kernel level access = rootkit Technique for an attacker to return to a system later and ensures they have another way in = backdoor Used to carry out DDOS attacks = Bots Social Engineering technique to gain access to a facility by taking advantage of a persons good manners = Tailgating
Match the description on the LEFT with the term on the RIGHT. Online CRL = ? Secure Key and Certificate Storage = ? Authority that verifies identity and passes registrations to CA = ? Has a list of CA's and their public keys (Pre loaded from manufacturer) = ?
Online CRL = OCSP Secure Key and Certificate Storage = HSM Authority that verifies identity and passes registrations to CA = RA Has a list of CA's and their public keys (Pre loaded from manufacturer) = Browser
Match the term on the LEFT with the description on the RIGHT. Passive = ? Active = ? Insider = ? Outsider = ?
Passive = Attacker established a foothold and installed a rootkit Active = DDOS attack Insider = Disgruntled Employee Outsider = Nation State
Match the term on the LEFT with the proper description on the RIGHT. Preventive Countermeasure = ? Detective Countermeasure = ? Recovery Countermeasure = ?
Preventive Countermeasure = Patches Detective Countermeasure = Logging Recovery Countermeasure = Business Continuity Plan (BCP)
Match the phrase on the LEFT with the correct terms(s) on the RIGHT. SHA 256 and MD5 = ? AES = ? Diffie Hellman = ?
SHA 256 and MD5 = Integrity AES = Confidentiality Diffie Hellman = Solves Key exchange
Match the description on the LEFT with the correct answer on the RIGHT. a) Script Kiddies = ? b) Elite Hackers = ? c) Phishing = ?
Script Kiddies = Lack Technical Expertise Elite Hackers = Comprise approx 1-2% of Hackers Phishing = Social Engineering
How many cryptographic keys are required to fully use a asymmetric algorithm with 10 participants? a) 20 b) 40 c) 10 d) 1
a) 20
Bill received a Confidential encrypted message sent to him from Sue. Which key should he use to decrypt the message? a) Bill's Private Key b) Bill's Public Key c) Sue's Public Key d) Sue's Private Key
a) Bill's Private Key
Blockchain relies on ________ to link blocks together. This cryptographic function provides for integrity (Immutability) of the Chain. a) Hashing b) Noncing c) Mining d) Asymmetric Encryption
a) Hashing
How does an operating system store a password so it cannot be seen in the clear? a) Hashing b) Symmetric Keys c) Transposition Ciphers d) ROT13
a) Hashing
What type of data do Healthcare Organizations deal with the most? a) PHI b) PCI c) HCI
a) PHI
What type of malware modifies sections of it's code to hide detection by anit-virus systems? It does not change it's entire structure. a) Polymorphic b) Singular c) Doubling Malware d) Metamorphic
a) Polymorphic
Individuals who do not have the technical expertise to develop scripts or discover new vulnerabilities in software, but who have just enough understanding of computer systems to be able to download and run scripts that others have developed. a) Script Kiddies b) Slammers c) Elite Hackers d) Sons of Anarchy
a) Script Kiddies
What function would a Certificate Authorities NOT perform? a) Signing of the Browsers Private Key b) Adding the Entity's Public Key to a Certificate c) Signing the Digital Certificate for the Entity d) Processing a CSR for an entity
a) Signing of the Browsers Private Key
A SMURF attack relies on the network broadcast to help aid in spreading it. a) True b) False
a) True
OCSP is a more efficient way of checking for Revoked Certs because it's basically an online Query? a) True b) False
a) True
One of the most difficult threats that security professionals will have to address is that of the insider. a) True b) False
a) True
Symmetric Crypto Algorithms are based on a Shared Key. (True/False) a) True b) False
a) True
TLS v1.2 is basically a newer version of SSL? a) True b) False
a) True
Today, the data stored and processed by computers is almost always more valuable than the hardware. a) True b) False
a) True
Given an assignment to encrypt a large amount of backup data (over 3 Petabytes), what would be the best method? Keep in mind this is "data at rest" and will not be going across the wire (network). a) MD5 b) AES c) SHA 256 d) Any Stream Cipher
b) AES
Choose the Block Ciphers from this list, there are three! a) SHA 256 b) AES c) 3DES d) RC2 e) MD5
b) AES c) 3DES d) RC2
Which security principle is characterized by the use of multiple, different mechanisms with a goal of improving the defensive response to an attack? a) Sandboxing b) Defense in Depth c) Least privilege d) Secure Posture
b) Defense in Depth
____________ is an algorithm that handles the key sharing challenges for Symmetric Encryption. a) http b) Diffie Hellman c) SHA 512 d) RDP
b) Diffie Hellman
Asymmetric Cryptography uses a single shared key (True or False)? a) True b) False
b) False
Browser manufacturers pre load the public keys of domains by processing the Certificate Reservation List or CRL. a) True b) False
b) False
Intrusion detection systems (IDS) are important components when designing the security of a single host. a) True b) False
b) False
The Heartbleed bug uncovered a flaw in the length of the Certificates issued by the CA's and attackers were able to overflow the buffer to certificates and take over browsers. a) True b) False
b) False
The NIST framework only applies to companies that are part of the Critical Infrastructure under the DHS. a) True b) False
b) False
The biggest change affecting computer security that has occurred over the last 30 years has been the transformation of the computing environment from a highly interconnected network of smaller systems to large mainframes. a) True b) False
b) False
The more complexity and programming code that is built into a Software System, the easier it is to secure. a) True b) False
b) False
The normal 3 way handshake between two systems involves the following packets: SYN: From System A to System B SYN/ACK/SYN/SYN: From System B back to System A ACK/SYN: Acknowledgement from System A a) True b) False
b) False
Unstructured Threats typically take a long time to develop. a) True b) False
b) False
We can say that it is very common that the algorithm is the weakness in cryptography. (True or False) a) True b) False
b) False
Recommended Counter Measures for Security Attacks are: Present Defect Reply a) True b) False
b) False (they are Prevent, Detect, Recover)
What part of the CIA triad deals with Hashing as the best form of protection? a) Availability b) Integrity c) Availability d) Confidentiality
b) Integrity
How does Walmart.com get it's Public Key to your browser? a) Walmart's Public Key is pre loaded in the browser b) It is part of the certificate they send to the browser c) It is not sent to the browser d) It is stored in their HSM and they send it to the browser via the HSM
b) It is part of the certificate that they send to the browser
What makes 3DES more secure than the original DES? a) Longer Key b) It uses 3 keys and multiple rounds of encryption c) It adds 3 hash functions
b) It uses 3 keys and multiple rounds of encryption
A One Time Pad is considered unbreakable if the following rules are followed, choose all that apply! a) Same Key is used every 16 times b) Key is only used once and destroyed after use c) Key is random d) Key is never compromised e) Key is public f) Key is Same Size of Larger than message
b) Key is only used once and destroyed after use c) Key is random d) Key is never compromised f) Key Same Size or Larger than message
The NIST Cybersecurity framework follows a ____________ based approach. a) Authentication b) Risk c) Response d) Industry
b) Risk
Frank has discovered a process that looks like a system driver is running commands on the server, the process has super user access. The commands appear to be coming from a scsi driver that interacts with the disk subsystem, but they are trying to open the password file which a scsi driver does not require. What is most likely type of malware that has infected Frank's system? a) Ransomware b) Rootkit c) Phishing d) Kernel Flood
b) Rootkit
You initiate a Secure Session over HTTPS to Amazon.com How will Amazon decrypt the shared master secret from the client (Browser)? a) It does not decrypt it because it hashes the secret b) With their Private Key c) With the Browser Manufacturers Public Key (ie. Chrome or Firefox) d) With their Public Key
b) With their Private Key
You have started a Secure Socket Layer session to Amazon.com and you see the Lock icon. What TCP port would this traffic be sent over? a) 22 b) 25 c) 443 d) 80
c) 443
Bill received a Confidential encrypted message sent to him from Sue. Which key should he use to decrypt the message? a) Bill's Public Key b) Sue's Public Key c) Bill's Private Key d) Sue's Private Key
c) Bill's Private Key
This term describes an array or a string where data is held. It is usually a predefined size and susceptible to attack when boundaries are exploited. a) Macro b) Boot Sector c) Buffer d) Matrix
c) Buffer
_____________ is the component of the CIA triad that comes into play when you implement encryption on your backup tapes. a) Availability b) Integrity c) Confidentiality
c) Confidentiality
A Layered Security Approach is called _______________? a) Company Dress Code - Dress in Layers b) Patching c) Defense in Depth d) Backups
c) Defense in Depth
How would an organization safeguard their keys internally? a) OCSP b) Internal CA c) HSM d) CSR
c) HSM
You want to build a fail safe into your firewall rules so that if one of your rules does not cover a specific port then no one can gain access to the network through that port. What is the common operation term for this Security Principle? a) Stop Safe Deny b) Lockout c) Implicit Deny or Default Deny d) Default lockout
c) Implicit Deny or Default Deny
Recently a Certificate authority was breached and had to alert all users that their certificates were no longer valid. What is the standard method to revoke certificates? a) OCSP b) CLSR c) LDAP d) IMAP
c) LDAP
What is one of the most fundamental principles in security? a) Intrusion Detection (IDS) b) Economy of Scale c) Least privilege d) Open design
c) Least privilege
Choose all Hashing Algorithms. (There can be multiple answers.) a) AES b) 3DES c) MD5 d) SHA256 e) ROT13
c) MD5 d) SHA256
What attack does a CA help to reduce? a) Key Escrow Attack b) Stuxnet c) MITM d) Heartbleed
c) MITM
Review the question scenario below, name two security tenants that the coach is trying to enforce? Keep in mind that some tenants might be a bit outside the CIA triad. There are two answers required. The Scenario: The Penn State Football coach wants to send a message to the quarterback about the play book for the upcoming game against Ohio State. He wants the quarterback to be assured that the message came from the coach and he wants to ensure that no one else can read that message. a) Availability b) Separation of Duties c) Non Repudiation d) Integrity e) Confidentiality
c) Non Repudiation d) Confidentialilty
Review the question scenario below, name two security tenants that the coach is trying to enforce? Keep in mind that some tenants might be a bit outside the CIA triad. There are two answers required. The Scenario: The Penn State Football coach wants to send a message to the quarterback about the play book for the upcoming game against Ohio State. He wants the quarterback to be assured that the message came from the coach and he wants to ensure that no one else can read that message. a) Availability b) Separation of Duties c) Non Repudiation d) Integrity e) Confidentiality
c) Non Repudiation e) Confidentiality
Your organization runs a very tight ship, you keep patches, have the latest virus definitions and scanning in place but you have discovered that a hacker has accessed your network through an exploit of an open SMTP service on a server. You have shutdown the service and setup a firewall rule to block SMTP traffic in and out bound on port 25. What should be the next step? Choose the best answer based on our lessons on attack types. a) Patch all systems immediately b) Run Virus Scans on all Systems c) Review system and network logs looking for a possible Backdoor that the Hacker left d) Unplug the system from the internet
c) Review system and network logs looking for a possible Backdoor that the Hacker left
One of the best ways to avoid an attack on your host systems (servers) is by the following? a) Have robust firewalls b) Provide Social Engineering education c) Routinely perform security patches from vendors d) Have backups
c) Routinely perform security patches from vendors
Which of the following is a secure email protocol? a) X.509 b) PKI c) S/MIME d) SMTP
c) S/MIME
A ____ flood is a technique used in a Denial of Service Attack. This 3 letter is commonly associated with TCP IP Handshakes. a) ACK b) FIN c) SYN d) Ping of Death
c) SYN
Your organization runs a very tight ship, you keep current patches, have the latest virus definitions and scanning in place but you have discovered that a hacker has accessed your network through an exploit of an open SMTP service on a server. You have shutdown the service and setup a firewall rule to block SMTP traffic in and out bound on port 25. What process did your organization fail at? a) Patching the Operation System b) Patching the Applications c) Securing unneeded Services on Servers d) Adding Firewall rules to stop Malware
c) Securing unneeded Services on Servers
What is a software or hardware device that can capture traffic as it traverses over a network or other communication device? a) Spoofing device b) War dialer c) Sniffer d) Firewall
c) Sniffer
A hacker sends network packets that seem to come from a legitimate IP address but they have been disguised to appear that way. This technique is known as? a) Sniffing b) Spyware c) Spoofing d) Man in the Middle Attack
c) Spoofing
Which of the following are not fundamental types of encryption algorithms? (Select all that apply) a) Hash Functions b) Asymmetric Ciphers c) Trusted Platform d) DNS
c) Trusted Platform d) DNS
A _________ overflow is an attack that exploits weaknesses in computer code where a malicious person can enter more characters than the program was designed to accept. This can give the user escalated privileges when the area of memory storing the characters overflows. a) DDOS b) Trojan Horse c) buffer d) SQL Injection
c) buffer
As a cryptographer working on a new encryption algorithm, John is concerned about what sort of attack? a) Pharming b) Rootkit c) Phishing d) Birthday
d) Birthday
What mechanism is used when an entity sends a request to a CA to acquire a Digital Certificate. a) CRL b) Hash c) OCSP d) CSR
d) CSR
You send an e-mail to your friend in class. A hacker manages to intercept your e-mail, he/she reads it (but does not modify it) and sends it to your friend on behalf of you. In this case, which security property is NOT preserved? a) Authentication b) Availability c) Integrity d) Confidentiality
d) Confidentiality
What process involves Tracking of Computer Assets, Patching and tracking software and versions of patches on systems? a) Systems administration b) Patch remediation c) Information Tracking d) Configuration Management
d) Configuration Management
____________ infrastructures are those whose loss would have severe repercussions on the nation. a) Unstructured b) Structured c) National d) Critical
d) Critical
The science of encrypting, or hiding, information is called: a) Stenography b) Cryptanalysis c) Key Management d) Cryptography
d) Cryptography
Bob wants to send a message to Alice using an Asymmetric Crypto Algorithm. He wants this message to be confidential so that no one else can read it. What should he do with his message? a) Encrypt it with his private key b) Encrypt it with his Public Key c) Encrypt it with Alice's Private Key d) Encrypt it with Alice's Public Key
d) Encrypt it with Alice's Public Key
The measurement of randomness or uncertainty in cryptography is referred to. a) Key Escrow b) Key Management c) Frequency Analysis d) Entropy
d) Entropy
Your company is designing software for the Federal Government, what Info Sec Compliance standards must be addressed in your product? (Choose the Best Answer) a) NITS-27005 b) X.509 c) GPA d) FIPS
d) FIPS
How would an organization safeguard their keys internally? a) Internal CA b) OCSP c) CSR d) HSM
d) HSM
Marco wants to digitally sign a message he's sending to Skyler so that Skyler can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest? a) Marco's Public Key b) Skyler's Public Key c) Skyler's Private Key d) Marco's Private Key
d) Marco's Private Key
A user sends a confidential email with a digital signature so that the identity of the user does not come into question. This is an example of which additional component of the CIA triad (outside of the CIA). a) Prevention b) Singularity c) Availability d) Non Repudiation
d) Non Repudiation
Alice recently received an email message from Bill. What cryptographic goal would need to be met to convince Alice that Bill was actually the sender of the message? a) Confidentiality b) Integrity c) Authorization d) Non Repudiation
d) Non Repudiation
Dwight has visited a site called "www.sportsstuff.com" (Links to an external site.)Links to an external site. to buy a new golf shirt. He receives a message that the site is not trusted. What could be the issue? a) All of these are valid reasons b) His browser's private key cannot decrypt the sites public key c) The sites private key is not valid d) The site does not have a valid Certificate
d) The site does not have a valid Certificate
_________ is a format that was adopted to standardize digital certificates. a) HTTPS b) XML c) PKIS d) X.509
d) X.509
