Network Security cps460
Which of the following statements are true for artificial intelligence (AI)? [Choose all that apply]`
A self-driving car is an example of AI Machine Learning or ML is a subset of AI AI focuses on the broad idea of making a system execute a task
directory listing
An application lists all the files and subdirectories in its web folder. This indicates which of the following weaknesses on the application?
Embedded system
Are devices that contain a central processing unit of their own. This CPU runs an operating system and some applications to perform certain specialized functions. Examples of embedded systems include: Automatic Teller Machine (ATM) Printers Digital watches
Man in the browser
At attack that infects vulnerable web browsers. It can allow the attacker to capture browser session data, including keystrokes. Usually begins with a trojan infecting the computer and installing an extension.
Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect?
Host table and external DNS server
Development
In which type of software environment are you most likely to find Microsoft Visual Studio and Eclipse?
Fork Bomb
Is a virus that goes into an infinite loop that does not stop.
Which of the following is NOT true about VBA?
It is being phased out and replaced by PowerShell.
Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use?
Only use compiled and not interpreted Python code.
Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack?
Operational Technology
What is the result of an ARP poisoning attack?
The ARP cache is compromised.
Capture and Replay tools
Wireshark - popular GUI packet capture and analysis tool Tcpdump- command line packet analyzer Tcpreplay- tool for editing packets and then replaying the packets back onto the network to observe their behavior
Check out the existing code
You have a version control system installed. Several developers work with this system. A new developer wants to work on the code. What is the first task that the developer must perform?
What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption? a. .P7B b. .cer c. .P12 d. .xdr
a. .P7B
Denial of service attack
attack is deliberate attempt to prevent authorized users from accessing a system by overwhelming it with requests. Distrubted denial of service (DDos)- Using hundreds or thousands of devices flooding the server with requests.
What is the name of the fields in an X.509 digital certificate that are used when the parties negotiate a secure connection? a. Electronic Code Book (ECB) repositories b. Certificate attributes c. CTR d. PFX
b. Certificate attributes
What entity calls in crypto modules to perform cryptographic tasks? a. Certificate Authority (CA) b. Crypto service provider c. Intermediate CA d. OCSP
b. Crypto service provider
Which refers to a situation in which keys are managed by a third party, such as a trusted CA? a. Key authorization b. Key escrow c. Remote key administration d. Trusted key authority
b. Key escrow
Who verifies the authenticity of a CSR? a. Certificate signatory b. Registration authority c. Certificate authority d. Signature authority
b. Registration authority
Which is a protocol for securely accessing a remote computer in order to issue a command? a. Transport Layer Security (TLS) b. Secure Shell (SSH) c. Secure Sockets Layer (SSL) d. Secure Hypertext Transport Protocol (SHTTP)
b. Secure Shell (SSH)
A USB can be used to drop which of the following types of malware? [Choose all that apply]
backdoor, trojan, keyboard loggers, worms
Which of the following type of attack is a pre-cursor to the collision attack?
birthday
Password spraying cyber-attack can be categorized as which of the following type of attack?
brute force
Which of the following is NOT a means by which a newly approved root digital certificate is distributed? a. Pinning b. OS updates c. Application updates d. Web browser updates
c. Application updates
Elton needs his application to perform a real-time lookup of a digital certificate's status. Which technology would he use? a. Certificate Revocation List (CRL) b. Real-Time CA Verification (RTCAV) c. Online Certificate Status Protocol (OCSP) d. Staple
c. Online Certificate Status Protocol (OCSP)
_________________ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. a. Digital digests b. Encrypted signatures c. Session keys d. Digital certificates
c. Session keys
Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say? a. The users' symmetric key with the public key b. The users' public key with their private key c. The users' identity with their public key d. A private key with a digital signature
c. The users' identity with their public key
Which is the first step in a key exchange? a. The browser generates a random value ("pre-master secret"). b. The web server sends a message ("ServerHello") to the client. c. The web browser verifies the server certificate. d. The web browser sends a message ("ClientHello") to the server.
d. The web browser sends a message ("ClientHello") to the server.
Which utility sends custom TCP/IP packets?
hping
Domain Name System
is a name system for matching computer names and ip addresses. A dns based attack subsitiutes a DNS address so that the computer is silently redirected to a different device. URL redirction and Domain reputation are two consequences.
Dns poisoning
modifies a local lookup table on a device to point to a different domain. Two locations for DNS poisoning local host table and external DNS server
PUP
potenially unwanted program or potentially unwanted application
Bash
programming language interpreter for linux/unix OS. Used to create BASH scripts
Python
programming language that can run on several platforms.
Which of the following malware does not harm the system but only targets the data?
ranomware
Which of the following is a third-party OS penetration testing tool?
sn1per
PowerShell
task automation tool from Microsoft. Administrative tasks are performed by cmdlets, which are specialized .NET classes that implement a specific operation PowerShell allows attackers to inject code from the Powershell environment into other processes without first storing any malicious code on the hard disk.
Keyloggers
tools that log user activity by capturing keystrokes, collecting screenshots, and recording application windows opened by a user.
Session Hijacking
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier which allows an attacker the opportunity to steal authenticated sessions, describes which of the following
Which of the following does NOT describe an area that separates threat actors from defenders?
Containment space
What is the difference between a DoS and a DDoS attack?
DoS attacks use fewer computers than DDoS attacks.
Which of the following sensors can detect an object that enters the sensor's field?
Proximity
Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior?
Tcpreplay
What is Bash?
The command-language interpreter for Linux/UNIX OSs
Which of the following is NOT a Microsoft defense against macros?
Trusted domain
Gregory wants to look at the details about the patch a packet takes from his Linux computer to another device. Which Linux command-line utility will he use?
traceroute
worm
Known as a network virus
What is the purpose of certificate chaining? a. To ensure that a web browser has the latest root certificate updates b. To look up the name of intermediate RA c. To group and verify digital certificates d. To hash the private key
c. To group and verify digital certificates
Which of the following can a digital certificate NOT be used for? a. To encrypt messages for secure email communications b. To encrypt channels to provide secure communication between clients and servers c. To verify the authenticity of the CA d. To verify the identity of clients and servers on the web
c. To verify the authenticity of the CA
Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need? a. Website validation b. Root c. Extended validation d. Domain validation
c.Domain validation
Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use?
cat
Visual Basic for
Is an event driven Microsoft programming language. refers to a programming language you can use to create macros. It is a descendant of the BASIC programming language that is used in all Office products, as well as some other types of software.
DNS hijacking
Is intended to infect an external DNS server with IP addresses that point to malicious sites. attacker sets up a rogue DNS server that responds to legitimate requests with IP addresses for malicious or non-existent websites
Which of the following is NOT a reason that threat actors use PowerShell for attacks?
It can be invoked prior to system boot.
Media Access Control (MAC) attacks
MAC cloning - threat actors discover a valid MAC address of a device connected to a switch. they spoof the address on the switch changes its MAC address
Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this?
MAC flooding attack
Session Replay
Makes a copy of legitimate transmission before sending it to the recipent. Attackers use the copy at a later time
Which attack intercepts communications between a web browser and the underlying OS?
Man-in-the-browser (MITB)
Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing?
Two-person integrity/control
6NF sixth normal form
What is the highest level of normalization that you can achieve with a database?
error based sql injection
Which of the following attack type confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker?
CSRF(Cross-Site Request Forgery)
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website?
Dynamic link library injection attack (DLL)
Which of the following attacks targets the external software component that is a repository of both code and data?
cross site scripting
Which of the following enables attackers to inject client-side scripts into web pages viewed by other users?
path traversal
Which of the following is also known as a "dot dot slash" attack?
horizontal privilege escalation
Which of the following provides unauthorized access to another user's system resources or application files at the same level/role within an organization?
You can add more resources to the system to gain optimal application performance
Which of the following statements is true for the scalability of a system?
buffer overflow
Which type of attack occurs if an application overruns the allocated buffer boundary and writes to adjacent memory locations?
fileless virus
Which type of malware relies on LOLBins?
What is the name of the device protected by a digital certificate? a. CN b. TLXS c. RCR d. V2X2
a. CN
Which of the following attacks is based on a website accepting user input without sanitizing it?
cross site scripting XSS
Which is an IPsec protocol that authenticates that packets received were sent from the source? a. PXP b. DER c. CER d. AH
d. AH (Authentication Header)
A centralized directory of digital certificates is called a(n) _________________. a. Digital signature permitted authorization (DSPA) b. Authorized digital signature (ADS) c. Digital signature approval list (DSAP) d. Certificate repository (CR)
d. Certificate repository (CR)
Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user?
DNS poisoning attack
Layer 2 attacks
Data Link Layer (transfers data frames b/n systems) A compromise at layer 2 can affect the entire communication - Address Resolution Protocol (ARP) poisoning - Media access control (MAC) flooding - MAC cloning
Until loop
Which of the following loop runs until a statement becomes true?
Server-side request forgery
Which of the following manipulates the trusting relationship between web servers?
field prgrammable gate array (FPGA)
a programmable chip that does not have any pre-programmed functions, unlike many other chips. It can be programmed as required. When FPGA needs to be used, it needs to be first programmed and configured as per need. For example, any chip that you find in a system or any device has a pre-defined function.
Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged? a. CTR b. CN c. CD d. CXL
a. CTR
What is the strongest technology that would assure Alice that Bob is the sender of a message? a. Digital signature b. Encrypted signature c. Digest d. Digital certificate
a. Digital certificate
How is confidentiality achieved through IPsec? a. ESP b. AHA c. ISAKMP d. AuthX
a. ESP
