Finals
A company has a conventional firewall in place on its network. Which (if any) if these situations requires an additional personal firewall. a. An employee uses a laptop on the company network at home. b. An employee uses a desktop on the company network to access websites worldwide. c. A remote employee uses a desktop to create a VPN on the company's secure network. d. None of the above, in each case the employee's computer is protected by the company firewall.
A & C. A - In this case a personal firewall is required because when the employee takes the laptop to his home it needs protection. That is when the laptop is at home it is not protected by the conventional network firewall at a company, so it requires a personal firewall. C - The third case, a remote employee uses a desktop to create a VPN on the company's secure network. In this case, a personal firewall is required. In fact, a personal firewall on a desktop is typically used to create a VPN, so that the remote desktop can access the company's secure network.
Select all correct answers to complete this statement. A block cipher should a. use substitution to achieve confusion. b. use permutation to achieve diffusion. c. use a few rounds, each with a combination of substitution and permutation. d.keep the algorithm secret.
A, B, C
Select all statements that are true: a. To decrypt using DES, the same algorithm is used but with per-round keys used in the reversed order. b. With Triple DES the effective key length can be 56, 112, and 168. c. Each round of DES contains both substitution and permutation operations. d. the logics behind the S-boxes are well-known and verified.
A, B, C
For general-purpose block-oriented transmission you would typically use _____ mode. A. CBC B. CTR C. CFB D. OFB
A. CBC
When using sensors which of the following is considered good practice? a. Set the IDS level to the highest sensitivity to detect every attack. b. Monitor both outbound and inbound traffic. c. Use a shared network resource to gather NIDS data. d. NIDS sensors are not turnkey solutions. System admins must interpret alerts.
B & D The first statement, set the IDS level to the highest sensitivity to detect every attack. This may appear to be a good idea, but in practice, this may lead to a large number of false alarms. Second, monitor both outbound and inbound traffic. This is a good idea. Because there will be a tech traffic in both directions. Third, use a shared network resource to gather NIDS data. This is not a good idea, because an attacker can disable the IDS or modify the alerts that sent. Fourth, NIDS sensors are not turnkey solutions. System admins must interpret alerts. This is true, because network IDS can produce false positives. Therefore, the system admins must interpret the alerts and take the appropriate actions.
Select all statements that are true: a. To decrypt using AES, just run the same algorithm in the same order of operations. b. Each operation or stage in AES is reversible. c. AES can support key length of 128, 192 and 256. d. AES is much more efficient than triple DES.
B, C, D
SHA-1 produces a hash value of _________ bits. A. 256 B. 160 C. 384 D. 180
B. 160
Public-key encryption was developed in the late _______. A. 1950s B. 1970s C. 1960s D. 1980s
B. 1970s
Which is the better way to prevent SQL injection? a. Use blacklisting to filter out "bad" input. b. Use whitelisting to allow only well-defined set of safe values.
B. Blacklisting is very hard to implement, because there can be many, many possible ways to inject malicious strings. That is, it's very hard to have a complete blacklist.
__________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder. A. Profile based detection B. Signature detection C. Threshold detection D. Anomaly detection
B. Signature detection
A _________ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control. a. packet filtering firewall b. distributed firewall c. boundary firewall d. VPN
B. Typically, a distributed firewall includes stand-alone network firewall, host-based firewalls, plus personal firewalls.
________ attacks have several approaches, all equivalent in effort to factoring the product of two primes. A. Mathematical B. Brute-force C. Chosen ciphertext D. Timing
A. Mathematical
________ is the original message or data that is fed into the encryption process as input. A. Plaintext B. Encryption algorithm C. Decryption algorithm D. Ciphertext
A. Plaintext
The ________ attack is designed to circumvent filtering rules that depend on TCP header information. A. tiny fragment B. address spoofing C. source routing D. bastion host
A. tiny fragment
A company is considering two possible IDS solutions to reduce its exposure to attacks on its network. The first one costs $100K and reduces risk exposure by $150K. The second one costs $250K but reduces risk exposure by $500K. Which solution would you recommend? a. Cheaper solution that costs $100K b. More expensive solution that costs $250K
B
An example of proactive security measure is... a. Making sure the company complies with all regulatory requirements b.Chief risk officer (CRO) of the company addressing cyber risk regularly at highest level (e.g., board) when other risks are discussed
B
Choose all tasks which asymmetric encryption is better: a. provide confidentiality of a message b. securely distribute a session key c. scalability
B & C
Select the statements that are true: a. The one-way hash function is important not only in message authentication, but also in digital signatures. b. SHA processes the input one block at a time, but each block goes through the same processing. c. HMAC is secure, provided that the embedded hash function has good cryptographic strengths, such as one-way and collision resistant.
B & C
This backdoor can only be used by the person who created it, even if it is discovered by others. A. Compiler backdoors B. Object backdoors C. Asymmetric backdoors
C. Asymmetric backdoors
What is the additive inverse of 8 MOD 20?
12 The inverse of 8 is a number that when we add to 8 MOD 20 will result in 0. So obviously the answer is 12, because 8 + 12 MOD 20 is 0, because 8 plus 12 is 20, 20 MOD 20 is 0. Therefore, the additive inverse of 8 is 12.
If n is 21, what is totient(n)?
12. We know that 21 equals to 3 times 7. And 3 and 7 are prime numbers. Therefore, totient 21 should be 2 times 6. And the result is then 12. So 12 is the answer.
What is the multiplicative inverse of 3 MOD 17?
6. Three times six equals to 18 equal to one mod 17.
A botnet operator compromises a number of computers in a company. The malware executed by the bots only sends large amounts of spam email but does not exfiltrate sensitive data or interfere with legitimate activities. Select the appropriate action by the company in this situation: a. the company should detect and prevent abuse of its resources by unauthorized parties b. Since it posed no risk to company's sensitive data or normal operations, it can be ignored.
A
Select all statements that are true: A. CBC is more secure than ECB. B. We can have both confidentiality and integrity protection with CBC by using just one key.
A
Check any item that is true. To improve detection performance, an IDS should: a. reduce false alarm rate, while detecting as many intrusions as possible. b. apply detection models at all unfiltered packet data directly. c. apply detection models at processed event data that has higher base rate.
A & C
Firewalls can stop/control: a. Pings b. Packet Sniffing c. Outbound network traffic
A & C
Malware can disable: a. Software firewalls b. Hardware firewalls c. Antivirus checkers
A & C
What weaknesses can be exploited in the Vigenere Cipher? a. It uses a repeating key letters b. It requires security for the key, not the message c. The length of the key can be determined using frequency
A & C
Which of the following characteristics would improve password security? a. Use a one-way hash function b. Should not use the avalanche effect c. Should only check to see that the hash function output is the same as stored output
A & C
The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms. True or false.
True
The additive constant numbers used in SHA-512 random-looking and are hardcoded in the algorithm. True or False
True
The authentication messages can be captured and replayed by an adversary. True or False.
True
The ciphertext-only attack is the easiest to defend against. True or false.
True
The firewall may be a single computer system or a set of two or more systems that cooperate to perform the firewall function. True or False.
True
The identity of the responder and receiver and the messages they have exchanged need to be authenticated. True or False.
True
The purpose of the privacy functions is to provide a user protection against discovery and misuse of identity by other users. True or false
True
The relative lack of success in bringing cybercriminals to justice has led to an increase in their numbers, boldness, and the global scale of their operations. True or false
True
The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm. True or False.
True
The strong collision resistance property subsumes the weak collision resistance property.
True
The use synchronized token pattern, where a token for each request is embedded by the web application in all HTML forms and verified on a server site can prevent XSRF.
True
Timing attacks are only applicable to RSA. True or false.
True
To avoid over exposure of a user's master key, Kerberos uses a per-day key and a ticket granting ticket. True or False.
True
To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level. True or False.
True
To defeat a reflection attack, we can use an odd number as challenge from the initiator and even number from the responder. True or False.
True
To protect the confidentiality and integrity of the whole original IP packet, we can use ESP with authentication option in tunnel mode. True or False.
True
Two of the most important applications of public-key encryption are digital signatures and key management. True or False.
True
Using PKCS (public-key cryptography standard), when RSA encrypts the same message twice, different ciphertexts will be produced. True or false.
True
We can use signing with public keys to achieve mutual authentication. True or False.
True
XSRF is possible when a user has a connection to a malicious site while a connection to a legitimate site is still alive. True or False.
True
XSS can perform many types of malicious actions because a malicious script is executed at user's browser. True or False.
True
XSS is possible when a web site does not check user input properly and use the input in an outgoing html page. True or False.
True
signing the message exchanges in Diffie-Hellman eliminates the man-in-the-middle attack. True or False.
True
Each fragment must say what it's place or offset it is in the original un-fragmented packet. True or False
True because otherwise we cannot correctly reassemble the fragments into the original IP packet.
A network IDS sensor monitors a copy of network traffic. The actual traffic does not pass through the device. True or False.
True, because a network ID typically performs passive monitoring by copying the network traffic.
The longer the system is in use, the more it learns about network activity. True or false.
True, because anomaly detection involves first learning or profiling what is normal. The longer the system is in use, the better it can learn what is normal.
If malicious activity looks like normal traffic to the system, it will not detect an attack. True or false.
True, because anomaly detection, detects what looks not like normal. Therefore, if an attack managed to look like normal, then the anomaly detection system will not be able to detect this attack.
The primary purpose of an IDS is to detect intrusions, log suspicious events and send alerts. True or False.
True, because these are the basic functions of an IDS.
Cookies are created by ads that run on websites. True or False
True, cookies are created by ads, widgets, and elements on the web page the user is visiting.
Cookies are created by websites a user is visiting. True or False.
True, cookies are created by ads, widgets, and elements on the web page the user is visiting.
Cookies can be used as a form of spyware. True or False.
True, cookies store user preferences and browsing history, and therefore they can be used as spyware.
Public-key encryption can be used to create digital signatures. True or False.
True, given a message we can first hash the message and then encrypt the message using our public-key. The encrypted hash value becomes the digital signature of this message.
Web servers can be compromised because of the exploits on web applications. True or False.
True, the security vulnerabilities of web applications can lead to attacks that deface websites or the backend servers can be compromised as well. For example, credit card information can be stolen from the backend servers.
To prevent XSS, any user input must be checked and preprocessed before it is used inside html. True or False.
True, the website can check that the name of a user should not be a script.
Each fragment must tell the length of the data carried in the fragment. True or False
True, this has the correct assembly of the fragments into the original packet.
A common location for a network intrusion detection system sensor is just inside the external firewall. True or False.
True, this is a very typical deployment strategy of network IDS.
Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified. True or False.
True, this is the primary assumption of IDS.
Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion. True or false.
True, unless such packet sniffing is done with proper authorization.
Web browser can be attacked by any web site that it visits. True or False.
True, we can not authenticate all websites, and even if a website is authenticated, it may still have vulnerabilities.
An intruder can also be referred to as a hacker or cracker. True or false.
True, we sometimes use hacker to refer to an intruder.
When a user's browser visits a compromised or malicious site, a malicious script is returned. True or False.
True,this a required step in the cross-site scripting attack.
A stateful inspection firewall needs to keep track of information of an active connection in order to decide on the current packet.
True.
Firewalls can stop hackers breaking into your system. True or False.
True.
Firewalls can stop viruses and worms that spread through the internet. True or False.
True.
The secret key is input to the encryption algorithm. True or False.
True. An encryption algorithm takes as its input, the plain text and a key.
When a new virus is identified, it must be added to the signature database. True or false.
True. Because a misused detection system detects attacks based on signatures of known intrusions, therefore when a new attack is discovered, its signature needs to be added to the signature database.
False positive can become a problem, normal usage can be mistaken for an attack. True or false.
True. Because the definition of false positive is that, a normal activity is mistaken as an attack. At the minimum, false positives can waste systems time, because the system needs to investigate whether there's truly an intrusion or not.
Can only detect an intrusion attempt if it matches a pattern that is in the database. True or false.
True. This is essentially the definition of a signature-based detection system.
Network-based intrusion detection makes use of signature detection and anomaly detection. True or False.
True. You can indeed use both approaches.
Select three operating systems with the most vulnerabilities in 2014. Is it Max OS X, iOS, Linux, Microsoft Windows Server, Microsoft Windows Vista, Microsoft Windows 7, or Microsoft Windows 8?
Max OS X, iOS, Linux
Chief Information Security Officer, or CISO sometimes also called CSO, Chief Security Officer, is the executive who is responsible for information security in a company. If you think Target had a CISO when the leaks happened, say yes. Otherwise you say no.
No
Several people have argued about the overly general and vague language of the CFAA. For example, how exactly is unauthorized access defined? In one case, a company sued its competitor because the competitor's employees created a trial subscription and downloaded data that was available to its subscribers. Do you think this is violation of unauthorized access? Choose the best answer. No, the data was publicly available Yes, because it potentially can cause financial loss to the company that sued its competition.
No, the data was publicly available
Cyber crime is a big problem. According to a recent report, what is an estimate of the cost of cybercrime for the United States? Ten billion dollars Over hundred billion dollars
Over hundred billion dollars
Technology and other safeguards for cyber security are largely defensive in nature. The only way they can impact a threat source is by increasing the work factor for an attacker. Can laws be used to reduce the magnitude of threats? Choose the best answer: Yes, laws can provide criminal sanctions against those who commit cyber crime No, cyber crime has increased even as new laws have been put in place.
Yes, laws can provide criminal sanctions against those who commit cyber crime Clearly whether it is to do with theft of data, identify theft, or theft of intellectual property, somebody invading your privacy, we need laws against those.
A company stores sensitive customer data. The impact a breach of such data must include... a. cost of purchasing identity theft protection for your customers. b. Loss of business due to reduced customer confidence. c. Compensation for new cyber security personnel the company hires to better manage cyber security in the future.
a & B
Select all answers there correct. a. each app runs in a sandbox and has its own home directory for its files. b. all iOS apps must be reviewed and approved by Apple. c. iOS apps can be self-signed by app developers.
a & b
The DMCA includes exclusions for researchers but companies have threatened to sue researchers who wanted to publish work related to circumvention of anti-piracy technologies. Which of these is an example of such a threat under DMCA? Prof. Ed Felten's research on audio watermarking removal by RIAA A research project done by MIT students that found vulnerabilities in the Boston Massachusetts Bay Transit Authority (MBTA).
Prof. Ed Felten's research on audio watermarking removal by RIAA
US_CERT follows a responsible disclosure process for vulnerabilities reported to it. Such a process must... a. Make the vulnerability information available to everyone who may be affected by it immediately, b. Provide a certain period of time for the vendor of the vulnerable system to develop a patch.
Provide a certain period of time for the vendor of the vulnerable system to develop a patch.
The purposes of a security protocol include: ________. A. Authentication B. Key-exchange C. Negotiate crypto algorithms and parameters D. All the above
D. All the above
A news story in 2014 reported that an inspector general's report gave Veteran Affairs (VA) failing grade for 16th year. The CIO of VA discussed a number of challenges that could explain this grade. Select the ones that you think could be the possible reasons a. The need to manage cyber security for over a million devices each running many services b. Lack of sense of urgency in fixing cyber vulnerabilities c. Choosing to support key functions even when this could introduce vulnerabilities.
a & c
By mistake, a friend sends sensitive health data in an email to you (wrong attachment). You should not read the information in the attached document because... a, Professional code of ethics requires you to respect privacy of others. b. You can be liable under CFAA
a, Professional code of ethics requires you to respect privacy of others.
Issued as RFC 2104, _________ has been chosen as the mandatory-to-implement MAC for IP Security. A. RSA B. SHA-3 C. DSS D. HMAC
D. HMAC
The _________ defines the transport protocol. A. destination IP address B. source IP address C. interface D. IP protocol field
D. IP protocol field
Select the statements that are true: a. RSA is a block cipher in which the plaintext and ciphertext are integers between zero and n-1 for some n. b. If someone invents a very efficient method to factor large integers, then RSA becomes insecure. c. the Diffie-Hellman algorithm depends, for its effectiveness, on the difficulty of computing discrete logarithms. d. the Diffie-Hellman key exchange protocol is vulnerable to a man-in-the-middle attack, because it does not authenticate the participants. e. RSA and Diffie-Hellman are the only public-key algorithms.
a,b,c,d
In 2014, the European Court of Justice ruled that EU citizens have the "right to be forgotten" on the Internet. For example, Google must not return links to information that can be shown to be "inaccurate, inadequate, irrelevant or excessive". Which one of the following is an example of information that Google decided not to return as a search result to meet the ECJ ruling? Choose the best answer. a. Story about criminal conviction that was quashed on an appeal b. A doctor requesting removal of links to newspaper stories about botched procedures performed by him
Story about criminal conviction that was quashed on an appeal
_________ is a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key. A. Session key B. Subkey C. Key distribution technique D. Ciphertext key
C. Key distribution technique
_________ is a procedure that allows communicating parties to verify that received or stored messages are authentic. A. Cryptanalysis B. Decryption C. Message authentication D. Collision resistance
C. Message authentication
An attacker gains an unauthorized control of a system A. Scanning attack B. DOS C. Penetration Attack
C. Penetration Attack the attacker has penetrated into the system.
A brute-force approach involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained. True or false.
True
A common location for a NIDS sensor is just inside the external firewall. True or False.
True
A cookie can be used to authenticate a user to a web site so that the user does not have to type in his password for each connection to the site. True or False.
True
A firewall can serve as the platform for IPSec. True or False.
True
A hash function such as SHA-1 was not designed for use as a MAC and cannot be used directly for that purpose because it does not rely on a secret key.
True
A key benefit of using KDC is for scalability. True or False.
True
A key exchange protocol is vulnerable to a man-in-the-middle attack if it does not authenticate the participants. True or false.
True
A packet filtering firewall is typically configured to filter packets going in both directions. True or False
True
A packet filtering firewall is typically configured to filter packets going in both directions. True or False.
True
A prime disadvantage of an application-level gateway is the additional processing overhead on each connection. True or False.
True
A reflection attack is a form of man-in-the-middle attack. True or False.
True
A session key should be a secret and unique to the session. True or False.
True
Access to any network resource requires a ticket issued by the KDC. True or False.
True
An ISA needs to be established before IPSec SAs can be negotiated. True or False.
True
Authentication can be one-way, for example, only authenticating Alice to Bob. True or False.
True
Authentication should be accomplished before key exchange. True or False.
True
The DSS makes use of the _______ and presents a new digital signature technique, the Digital Signature Algorithm (DSA). A. HMAC B. XOR C. RSA D. SHA-1
D. SHA-1
Checking the http Referer header to see if the request comes from an authorized page can prevent can prevent XSRF. True or False.
True
Compared with WEP, WPA2 has more flexible authentication and stronger encryption schemes. True or false
True
Cryptographic hash functions generally execute faster in software than conventional encryption algorithms such as DES.
True
_______ are analogous to a burglar guessing a safe combination by observing how long it takes to turn the dial from number to number. A. Digital standards B. Mathematical attacks C. Ciphers D. Timing attacks
D. Timing attacks
The Computer Fraud and Abuse Act was used to prosecute the creator of the Melissa virus and he was sentenced in federal prison and fined by using its provisions. What abuse was perpetrated by the Melissa virus? Choose the best answer. Data stored on computers was destroyed. Denial-of-service attacks that made computers unusable
Denial-of-service attacks that made computers unusable
Which of the following could be considered an anomaly to typical network traffic? A. An IP address B. A port address C. Packet length D. Flag setting E. All of the above.
E. All of the above. First, an IP address. Can this be an anomaly? If the IP address is not the one that normally accessed by users or is not well known, it can be anomaly. So this is anomaly. Second, a port address. Similar to the IP address, if the port address is not normally accessed, then this is an anomaly. How about packet length? Again, if the length is unusually long, for example, then this is an anomaly. How about flag setting on a packet? Again, if these flags are not normally seen under the same traffic conditions, then this is an anomaly. That is, all of these can be anomalies if they are not normally seen in normal operations of the network.
"Each block of 64 plaintext bits is encoded independently using the same key" is a description of the CBC mode of operation. True or false.
False
A DMZ is one of the internal firewalls protecting the bulk of the enterprise network. True or False.
False
A packet filtering firewall can decide if the current packet is allowed based on another packet that it has just examined.
False
AES uses a Feistel structure. True or false.
False
An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device. True or False.
False
Assuming that Alice and Bob have each other's public key. In order to establish a shared session key, Alice just needs to generate a random k, encrypt k using Bob's public key, and send the encrypted k to Bob and then Bob will know he has a key shared with Alice. True or False.
False
Firewalls can stop spyware being put on your system. True or False.
False
If the authentication option of ESP is chosen, message integrity code is computed before encryption. True or False.
False
If the sequence number in the IPsec header is greater than the largest number of the current anti-replay window the packet is rejected. True or False.
False
In 2014 MS Windows (all versions combined) had more reported vulnerabilities than iOS. True or false
False
In Andoid, all apps have to be reviewed and signed by Google.
False
In Android, an app will never be able to get more permission than what the user has approved.
False
In IPSec, packets can be protected using ESP or AH but not both at the same time. True or False.
False
In iOS, an app can run its own dynamic, run-time generated code. True or false
False
It is a good idea to use sequentially increasing numbers as challenges in security protocols. True or False.
False
It is easy for the legitimate site to know if a request is really from the (human) user. True or False.
False
Just like RSA can be used for signature as well as encryption, Digital Signature Standard can also be used for encryption. True or false.
False
Kerberos does not support interrealm authentication. True or False.
False
Public-key algorithms are based on simple operations on bit patterns. True or False.
False
SHA-1 is considered to be very secure. True or False.
False
SQL injection attacks only lead to information disclosure. True or False.
False
Since Android is open-source, each handset vendor can customize it, and this is good for security (hint: consider security updates).
False
Since TLS is for the transport layer, it relies on IPsec which is for the IP layer. True or False.
False
The App Store review process can guarantee that no malicious iOS app is allowed into the store for download. True or false
False
The Diffie-Hellman key exchange is restricted to two party communication only. True or False.
False
The IT security management process ends with the implementation of controls and the training of personnel. True or false
False
The authenticators use the new quest to KDC and application servers can be omitted. True or False.
False
The security association specifies a two-way security arrangements between the sender and receiver. True or False.
False
The ticket-granting ticket is never expired. True or False.
False
Using an input filter to block certain characters is an effective way to prevent SQL injection attacks. True or False.
False
With perfect forward secrecy, the IPSec SA keys are based on the IKE shared secret established in Phase I. True or False.
False
In order for Bob to verify Alice's public key, the certificate authority must be online. True or False.
False because as long as the users have the CA's public key, they can verify the certificate.
ESP can provide both confidentiality and integrity protection. True or False.
True
Even web searches are often in HTTPS. True or False.
True
HMAC can be proven secure provided that the embedded hash function has some reasonable cryptographic strengths. True or False.
True
If the sequence number in the IPSec header is smaller than the smallest number of the current anti-replay window the packet is rejected. True or False.
True
New threats can be detected immediately. True or false.
False because a misuse detection of signature-based detection system can only detect attacks that match patterns or rules of known intrusions.
In AH, the integrity hash covers the IP header. True or False.
True
In IPSec, the sequence number is used for prevent replay attacks. True or False.
True
A Honeypot can be a workstation that a user uses for work. True or False.
False, because a Honeypot is not a real system used by any real user.
Signature-based approaches attempt to define normal, or expected, behavior, whereas anomaly approaches attempt to define proper behavior. True or False.
False, because a signature based approach is typically used to represent known intrusion patterns.
Each fragment must not share a common fragment identification number. True or False.
False, because each fragment of the same IP packet must share the same identification number.
Even if the browser is compromised, the rest of the computer is still secure. True or False.
False, because if a browser is compromised, it can lead to malware installation on the computer.
Those who hack into computers do so for the thrill of it or for status. True or false.
False, because it only describes some attackers. But there are many attackers who attack computers for other reasons, for example, for illicit financial gains.
In Kerberos, each human user has a master key shared with the authentication server, and the key is derived from the user's password. True or False.
True
Cryptanalysis attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. True or False.
False, because what's described here is actually the brute force attack, or the spy research all possible keys until the ciphertext is translated into a plain text. Well as cryptanalytic attacks would use knowledge of the algorithm or the plain text such as the frequency of letters in order to break a scheme. In other words a cryptanalytic attack typically does not need to try every possible key.
Cookies are compiled pieces of code. True or False
False, cookies are plain text, they are not compiled code.
Activists are either individuals or members of an organized crime group with a goal of financial reward. True or false.
False, instead of financial motives, activists typically have a social or political cause.
Cookies can be used as a form of virus. True or False.
False, since cookies are not compiled code, they cannot be used as a virus.
In Kerberos, the authentication server shares a unique secret key with each server. True or False.
True
In Kerberos, the purpose of using ticket-granting-ticket (TGT) is to minimize the exposure of a user's master key. True or False.
True
Symmetric encryption can only be used to provide confidentiality. True or False.
False, symmetric encryption can be used for other security services. For example it can be used for authentication. Suppose Alice and Bob share a secret. Then Alice can use the shared secret as the key and encrypt message using symmetric encryption algorithm and send the message to Bob to prove that she's Alice.
Firewalls can stop internet traffic that appears from a legitimate source. True or False.
False.
Firewalls can stop viruses and worms that are spread through email. True or False.
False.
The challenge values used in an authentication protocol can be repeatedly used in multiple sessions. True or False.
False.
In XSRF, the malicious site can send malicious script to execute in the user's browser by embedding the script in a hidden iframe. True or False.
True
There's no benefit of deploying a network IDS or Honeypot outside of the external firewall. True or False.
False. Using a network IDS or Honeypot outside of the external firewall will allow us to see what attacks are coming from Internet to the enterprise network. In the case of Honeypot, because attacks are trapped in the Honeypot, it reduces the amount of traffic that the firewall has to process. In other words, the firewall does not need to produce as many alerts.
The fragment does not need to know whether more fragments follow this one. True or False
False. Because each fragment must know whether there are more fragments to follow.
In a wireless network, traffic is broadcasted into the air, and so it is much easier to sniff wireless traffic compared with wired traffic. True or false
True
In iOS, each file is encrypted using a unique, per-file key. True or false
True
In most applications of TLS or SSL, public keys are used for authentication and key exchange. True or False.
True
In security protocol, an obvious security risk is that of impersonation. True or False.
True
Intruders typically use steps from a common attack methodology. True or false.
True
Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified. True or False.
True
It is likely that an organization will not have the resources to implement all the recommended controls. True or false
True
Kerberos also distributes session keys. True or False.
True
Kerberos provides authentication and access control. True or False.
True
Legal and regulatory constraints may require specific approaches to risk assessment. True or false
True
Logging off immediately after using a web application. can prevent XSRF. True or False.
True
Malicious JavaScripts is a major threat to browser security. True or False.
True
Most browsers come equipped with SSL and most Web servers have implemented the protocol. True or False.
True
Network-based intrusion detection makes use of signature detection and anomaly detection. True or False.
True
Not allowing the browser to save username/password, and do not allow web sites to remember user login can prevent XSRF. True or False.
True
Not using the same browser to access sensitive web sites and to surf the web freely can prevent XSRF. True or False.
True
One asset may have multiple threats and a single threat may target multiple assets. True or false
True
Organizational security objectives identify what IT security outcomes should be achieved. True or false
True
Cyber insurance is still not very popular. Based on a 2014 survey, what percentage of customers of major insurance brokers were interested in buying cyber insurance? (see the instructor notes for a link to the survey) Less than 25% Over 50%
Less than 25%
SHA is perhaps the most widely used family of hash functions. True or False.
True
SPI is used to help receiver identify the SA to un-process the IPsec packet. True or False.
True
SQL injection is yet another example that illustrates the importance of input validation. True or False.
True
Since the responsibility for IT security is shared across the organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control. True or false
True
Symmetric encryption is also referred to as secret-key or single-key encryption. True or false.
True
Symmetric encryption is used primarily to provide confidentiality. True or False.
True
Which of these characteristics describes the statistical approach? a. any action that does not fit the normal behavior profile is considered an attack. b. any action that's not classified as one of the normal behaviors according to set of rules is considered to be an attack.
a. any action that does not fit the normal behavior profile is considered an attack.
A method where a specific known plaintext is compared to its ciphertext a. known-Plaintext attacks b. chosen-Plaintext attacks c. differential cryptanalysis d. linear cryptanalysis
a. known-Plaintext attacks
If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to.. a. use a longer key length b. use a shorter key length c. use a more complex algorithm d. use a harder to guess key
a. use a longer key length Because a longer key length means more keys, which means the attacker has to search a lot more keys.
IP Spoofing is useful for.. a. Bidirectional communication b. Unidirectional communication
b. Unidirectional communication The second statement is correct because IP spoofing only works for unidirectional communication. For bidirectional communication, the server will not reply to the attacker, but to the spoofed IP address, which will not respond appropriately.
Which security standard should be used for WiFi? a. WEP b. WPA2
b. WPA2
Which of these characteristics describes the knowledge based approach? a. any action that does not fit the normal behavior profile is considered an attack. b. any action that's not classified as one of the normal behaviors according to set of rules is considered to be an attack.
b. any action that's not classified as one of the normal behaviors according to set of rules is considered to be an attack.
Compare the ciphertexts with its known plaintext a. known-Plaintext attacks b. chosen-Plaintext attacks c. differential cryptanalysis d. linear cryptanalysis
b. chosen-Plaintext attacks
Which description best describes the Machine Learning approach for Intruder Detection: a. detects new and novel attacks b. detects attacks similar to past attacks
b. detects attacks similar to past attacks
Select all the answers that are true. a. all cryptographic keys are stored in flash memory. b. trusted boot can verify the kernel before it is run. c. all file of an app are encrypted using the same key. d. all of the above
b. trusted boot can verify the kernel before it is run.
In 2013, researchers were able to bypass Apple's app store security. What method did they use? a. uploaded malware disguised as an app without authorization, bypassing the review and check process. b. uploaded an app that after it passed the review process morphed into malware. c. uploaded an app that led users to a site that contained malware.
b. uploaded an app that after it passed the review process morphed into malware.
When implementing RSA is it best to use a. your own custom software to ensure a secure system b. use the standard libraries for RSA
b. use the standard libraries for RSA The reason is that the standard libraries have been reviewed and tested by the security committee and therefore are more likely to be more secure.
Use the totient technique to compute the result of raise 7 to the power of 27 mod 30. Write your result in this box.
c = 7^27 = 7^27 mod totient(30) mod 30 = 7^27 mod [ totient(3) * totient(10) ] mod 30 = 7^27 mod [ 2 * 4 ] mod 30 = 7^27 mod 8 mod 30 = 7^3 mod 30 = 343 mod 30 = 13
Select all the answers that are true. a. Android apps can be self signed. b. Android apps can have more powerful permissions than iOS apps. c. all of the above
c. all of the above
Analyzing the effect of changes in input on the encrypted output a. known-Plaintext attacks b. chosen-Plaintext attacks c. differential cryptanalysis d. linear cryptanalysis
c. differential cryptanalysis
If the length of hash is 128 bits, then how many messages does an attacker need to search in order to find two that share the same hash value? a. 128 b. 2^128 c. 2^217 d. 2^64
d. 2^64 Because the length of hash is 128 bits. That means there are 128 possible hash values. Using the birthday paradox, the attacker needs to search a square root of 2 to the 128th, that many possible messages in order to find two that share the same hash. Therefore, the answer is 2 to 64.
Cyber security planning and management in an enterprise must define allowed computer and network use by employees. Georgia Tech's computer and network use policy strives to do this for students, faculty and staff. Select all that you think are required by this policy: a. Georgia Tech account passwords should be changed periodically b. A compromise of a computer should be reported to someone responsible for cyber security at Georgia Tech c. Georgia Tech computers cannot be used to download illegal content (e.g. child pornography) d. all of the above
d. all of the above
Select all answers that are correct. ESP can be securely used in a. encryption only mode b. authentication only mode c. encryption and authentication mode d. all of the above
d. all of the above All of these are correct. However, although ESP can be used in encryption only and authentication only modes, it is strongly discouraged, because only using the full encryption and authentication mode is secure.
Check all those who can write rules for SNORT: a. Users of SNORT b. The SNORT Community c. Talos Security Intelligence and Research Team d. all of the above.
d. all of the above. As an open source software, everyone can write rules for SNORT. The rules can then be submitted and improved by security experts, and shared with the community.
What iOS security weaknesses were exploited by researches in the 2015? a. the malware was uploaded to the Apple App store. b. the malware was able to bypass Sandbox security. c. the malware was able to hijack browser extensions and collect passwords. d. all the above.
d. all the above.
A method to determine the encryption function by analyzing known phrases and their encryption a. known-Plaintext attacks b. chosen-Plaintext attacks c. differential cryptanalysis d. linear cryptanalysis
d. linear cryptanalysis
This backdoor is hard to detect because it modifies the machine code. A. Compiler backdoors B. Object backdoors C. Asymmetric backdoors
B. Object backdoors
5. The _______ field in the outer IP header indicates whether the association is an AH or ESP security association. A. protocol identifier B. security parameter index C. IP destination address D. sequence path counter
A. protocol identifier
A _________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key. A. digital signature B. keystream C. one way hash function D. secret key
A. digital signature
_______ is a function that removes specific identifying information from query results, such as last name and telephone number, but creates some sort of unique identifier so that analysts can detect connections between queries. A. Anonymization B. Data transformation C. Immutable audit D. Selective revelation
A. Anonymization
This backdoor inserts backdoors into other programs during compilation. A. Compiler backdoors B. Object backdoors C. Asymmetric backdoors
A. Compiler backdoors
Typically the systems in the _________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server. A. DMZ B. IP protocol field C. boundary firewall D. VPN
A. DMZ
The principal attraction of _________ compared to RSA is that it appears to offer equal security for a far smaller bit size, thereby reducing processing overhead. A. ECC B. MD5 C. Diffie-Hellman D. none of the above
A. ECC
Georgia Tech systems store student data such as grades. The institute must protect such data due to a. Regulatory reasons b. Because the data is sensitive it can only be disclosed to the student and his/her family
A. Regulatory reasons - FERPA
An attacker sends various kinds of packets to probe a system or network for vulnerability that can be exploited. A. Scanning attack B. DOS C. Penetration Attack
A. Scanning attack This is scanning the network in order to find weaknesses for attacks.
A ________ monitors the characteristics of a single host and the events occurring within that host for suspicious activity. A. host-based IDS B. security intrusion C. network-based IDS D. intrusion detection
A. host-based IDS
Typically the systems in the __________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server. A. DMZ B. IP protocol field C. Boundary firewall D. VPN
A. We typically put these public facing servers in a DMZ, but also protect the internal network from these servers.
Attempts to slow down or completely shut down a target so as to disrupt the service for legitimate users. A. Scanning attack B. DOS C. Penetration Attack
B. DOS Disrupting the service is the same as Denial of Service.
___________ was the first published public-key algorithm. A. NIST B. Diffie-Hellman C. RC4 D. RSA
B. Diffie-Hellman
A ________ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control. A. packet filtering firewall B. distributed firewall C. personal firewall D. stateful inspection firewall
B. distributed firewall
On average, _________ of all possible keys must be tried in order to achieve success with a brute-force attack. A. one-fourth B. half C. two-thirds D. three-fourths
B. half
ESP supports two modes of use: transport and ________. A. padding B. tunnel C. payload D. sequence
B. tunnel
Which of the following scenario requires a security protocol: _________. A. log in to mail.google.com B. connecting to work from home using a VPN C. Both A and B
C. Both A and B
_______ is a list that contains the combinations of cryptographic algorithms supported by the client. A. Compression method B. Session ID C. CipherSuite D. All of the above
C. CipherSuite
_______ involves the collection of data relating to the behavior of legitimate users over a period of time. A. Profile based detection B. Signature detection C. Threshold detection D. Anomaly detection
D. Anomaly detection
A benefit of IPsec is _________. A. that it is below the transport layer and transparent to applications B. there is no need to revoke keying material when users leave the organization C. it can provide security for individual users if needed D. all of the above
D. all of the above
An IT security plan should include details of ________. A. risks B. recommended controls C. responsible personnel D. all of the above
D. all of the above
Cryptographic systems are generically classified by ________. A. the type of operations used for transforming plaintext to ciphertext B. the number of keys used C. the way in which the plaintext is processed D. all of the above
D. all of the above
IPSec can assure that. A. a router advertisement comes from an authorized router. B. a routing update is not forged. C. a redirect message comes from the router to which the initial packet was sent. D. all of the above.
D. all of the above.
The ______ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator. A. data source B. sensor C. operator D. analyzer
D. analyzer
A __________ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. A. packet filtering B. stateful inspection C. application-level D. circuit-level
D. circuit-level
The most complex part of TLS is the _________. A. signature B. message header C. payload D. handshake protocol
D. handshake protocol
The purpose of a ________ is to produce a "fingerprint" of a file, message, or other block of data. A. secret key B. digital signature C. keystream D. hash function
D. hash function
A(n) _______ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor. A. passive sensor B. analysis sensor C. LAN sensor D. inline sensor
D. inline sensor
Which of the following can only be accomplished using public key cryptography. A. Authentication B. encryption C. key-exchange D. non-repudiation
D. non-repudiation
To defeat an IDS, attackers can: a. Send a huge amount of traffic. b. Embed attack in packets that cause non-uniform processing by different operating systems, for example, bad checksum and overlapping fragments. c. Send traffic that purposely matches detection rules. d. send a packet that would trigger a buffer-overflow in the IDS code. e. all of the above
e. all of the above First, send a huge amount of traffic. This is true. This can cause denial of service of the IDS and cause it to not be able to analyze traffic that contains attacks. Second, embed attack in packets that cause non-uniform processing by different operating systems, for example, bad checksum and overlapping fragments. This is true because the result of this is that the IDS is seeing different traffic as the end host, and as a result, the end host may be attacked by the traffic, yet the IDS will miss it. Third, this is true because this will result in a lot of alerts that need to be analyzed by the sysadmins. And when the sysadmins are overwhelmed, then the attacker can send his attack that although the attack is detected and an alert is produced, the sysadmin will not have time to look at the alert until it's too late. Fourth, send a packet that would trigger a buffer-overflow in the IDS code. This is true because the buffer-overflow is a typical exploit method used to attack a program. For example, the attacker can inject his own code using buffer-overflow into a program. In other words, if the attacker can buffer-overflow an IDS, that means the attacker can now control the IDS.
In the thriving zero day attack marketplace hackers sell information on software vulnerabilities. Can you guess some of the buyers? a/ Apple b. Google c. Microsoft d. US government e. all of the above
e. all of the above The answer is, that they're all buyers of zero day attack information. For example, a zero day vulnerability in the Linux operating system was sold for $50,000.
Which of the following are security threats to WiFi? Select all that apply. a. Eavesdropping. This means attacker listening to communications. b. injecting bogus messages. c. replaying previously recorded messages. d. illegitimate access to the network & its services. e. denial of service. f. all the above.
f. all the above.