CST8247 Mid-Term
CST8247 Mid-Term Quiz
Test your knowledge on key networking protocols, security concepts, and penetration testing methodologies with our CST8247 Mid-Term Quiz. This comprehensive quiz is designed for students who want to evaluate their understanding of critical topics in cybersecurity and networking.
- 50 carefully crafted questions
- Multiple choice format
- Instant feedback on your answers
Based on the highlighted portion of the captured packet below, what protocol is being carried as payload within this IP packet? 4500 0064 0000 4000 4011 b755 c0a8 0101
IP
UDP
TCP
ICMP
None of the above
The ICMP protocol is specifically designed to:
Check & report on network error conditions
Generate networking stats
Control traffic flow across networks
Track end-to-end connectivity
None of the above
It is possible to capture packets from the network that are not destined for your machine
True
False
In security environments, Authorization means
Confirming your identity with an element unique to the person
Supplying your identity
Using your confirmed identity to assign access rights
Tracking what users are doing while accessing the systems
None of the above
During a packet capture, you notice a couple of TCP packets with the “F” flag and some “A” flags. What is most likely going on?
A TCP/IP session setup process
An ICMP Request / Reply process
An ARP process
A UDP-based FTP session
A TCP/IP session shutdown process
The loss or omission of any one of the security goals is known as:
A risk
A compromise
A hole
A fault
A vulnerability
. If you run password crackers or packet sniffers at work, which of the following is true?
You must encrypt or destroy cracked passwords
E-mail any users using inappropriate software on the network to inform them you know
Don't crack passwords that meet the company's password policy
You must have permission from management before proceeding
All of the above
Packet sniffing is considered to be a form of:
Passive reconnaissance
Active reconnaissance
Countermeasure
Denial of Service
Preliminary reconnaissance
The Data ____ is the person having responsibility and authority for data, while the Data ___ is the entity temporarily accessing and/or modifying the data.
Custodian, Owner
Owner, Manager
Owner, Custodian
Manager, Custodian
Administrator, Manager
Based on the highlighted portion of packet code below, what protocol is being used? 4500 0064 0000 4000 4001 b755 c0a8 0101
TCP
ICMP
UDP
ARP
None of the above
Which of the following statements about session hijacking is false?
Most computers are vulnerable to this form of attack
Hijacking is preventable
- Hijacking is very dangerous
Hijacking is quite simple with the proper tools at hand
It is very hard to detect that hijacking has taken place
Which of the following is an example of e-mail phishing?
An e-mail about products for “male insufficiency”
A link to a site about “free” phones
When someone uses your e-mail address when sending out spam
An e-mail from your provider asking for you to confirm you password back in e-mail
None of the above
The term No-Tech Hacking refers to:
The hacker’s ability to make the attack process look easy
A way for non-technically oriented people to learn how to hack
Methods used by a hacker to obtain information without the use of technology
A hack that’s so simple can be done without using a lot of technology
None of the above
When using a packet sniffer, such as TCPDump, what parts of the packet can you examine through the software?
IP header content
Protocol header (TCP, UDP, ICMP, etc) content
Payload
A and B only
A, B & C
Which of the following is not one of the Security Goals?
Security
Accountability
Ease of Use
Functionality
They are all Security Goals
Your system receives a few packets, but no connection seems to be established. When you look at the logs, you notice you received a few SYN packets, immediately followed by RST packets, but no ACK packets. What’s could be happening?
SYN Stealth Open Port scan from Nmap
XMAS Open Port scan from Nmap
Hacker trying to identify the service running on a port
TCP/IP stack has failed
None of the above
Security policies should be written while keeping in mind the protection of: (Select all that apply)
Information
People
Bandwidth
Assets
Connectivity
Which of the following is considered typical reasons why hackers attack systems?
Profit
Religious / political / ethical reasons
Mount Everest” syndrome
Revenge
All of the above
In the CIA Triad, ____ is responsible for ensuring that legitimate users maintain access to information and resources they need access to.
Accountability
Authentication
Integrity
Confidentiality
Availability
In terms of security, Social Engineering is considered to be a form of:
Cracking
Illegal information warfare activity
Non-Technical hacking
Technical hacking
All of the above
In terms of security, Social Engineering is considered to be a form of:
Cracking
Illegal information warfare activity
Non-Technical hacking
Technical hacking
All of the above
A ___ attaches itself to a program or file so it can spread from one computer to another with the file as it travels, leaving infections as it travels.
Worm
Virus
Trojan
Rootkit
None of the above
How did Vince, the Physical Security Expert mentioned in the “No Tech Hacking” movie, manage to enter the secure building ... What specifically did he do and what did he use to do it?
Watched smokers for in/out patterns
Used a wet washcloth and a coat-hanger to trigger the fire-door contact bar after hours
He broke in through a window
He took pictures of corporate badges, created a fake and used it to enter the building
None of the above
A typical Man-in-the-Middle attack attempts to exploit a ___ between computers.
Session captures
Connection control flags
UDP packets
TCP/IP shutdown session
Trust relationship
. In security environments, Authentication refers to:
Confirming your identify with an element unique to the individual
Supplying your identity
Using your identity to assign access rights
Tracking what users are doing while accessing the systems
None of the above
The TCP three-way handshake used to open a TCP connection uses 3 packets. What 2 flags are required to be set across these 3 packets? (Select all that apply)
SYN Flag
Payload Flag
FIN Flag
ACK Flag
RST Flag
Which one of the tools below can be used as an effective vulnerability scanner?
Nmap
Snort
Nessus
Tcpdump
A closed port will respond to a SYN Packet with a(n) RST packet
True
False
Computer A wishes to open a TCP session with Computer B. If Computer A's initial sequence number is 145678913, then Computer B will respond with:
- A randomly generated initial sequence number of its own and an acknowledgement number of 145678914
A randomly generated initial sequence number of its own and no acknowledgement number since no data was received
Only an acknowledgment number of 145678914
Only an acknowledgement number of 145678913
A randomly generated initial sequence number of its own and a randomly generated acknowledgement number
From the perspective of Risk Management, security can be defined as:
Ensuring the company so that security incidents don’t cost the organization a lot.
Reducing / minimizing the risks to the organization and its assets to an acceptable level.
Protecting the organization’s assets
All of the above
None of the above
The loss of one of the goals of security through an incident is known as a:
Hole
Vulnerability
Risk
Compromise
Threat
A fragmented IP datagram will only be reassembled by:
The router closest to the destination
Any router along the path when the MTU changes to permit a larger datagram
By the host it is destined for
By the application processing the information datagram
None of the above
____ is designed as a connectionless protocol
IGRP
TCP
UDP
FTP
None of the above
Each TCP connection on a given system can be uniquely identified by:
Source and Destination IP
Source and Destination port
Sequence Number
Connection Number
A & B only
___ spread from computer to computer, but unlike other malware, it has the ability to travel and replicate itself without any user intervention.
Worm
Trojan
Virus
Rootkit
None of the above
Which one of the following is NOT a fundamental principle of the Computer Security Triad?
Confidentiality
Ease of Use
Availability
Integrity
Accountability
Security policies should be written while keeping in mind the protection of: (Select all that apply)
Information, People and Assets
Information, People and Processes
Bandwidth, Equipment and Data
Financials, Intellectual Property and Hardware
None of the above
A fragmented IP datagram will only be reassembled by:
The router closest to the destination
Any router along the path when the MTU changes to permit a larger datagram
By the host it is destined for
By the application processing the information datagram
None of the above
Privacy and Security work hand-in-hand since both have the same basic needs.
False
True
In Canada, who is in charge of overseeing security for corporate entities and corporations?
Governments and associated agencies
Law Enforcement Agencies
Each individual corporation, organization and individual’s shoulders
The Internet Service Providers (ISP)
The companies making security products
TCP protocol is the
A control fanatic designed to manage IP communication
Layer 2 protocol in the OSI model
A connectionless protocol, simply dropping the packet on the wire and forgetting it
All of the above
None of the above
Why has Information Security become such a big deal?
Because so many people using technology to store their personal data
Technology has embedded itself into virtually all aspects of our daily lives
The criminals have realized how cost effective hacking is compared to traditional crime
Industrial espionage is at an all-time high
All of the above
What is the biggest obstacle to achieving security?
Lack of ongoing security awareness training for management & staff
Lack of well trained, qualified security personnel available
Lack of strong ROI (Return On Investment) for security equipment
Cost of purchase, implementation, maintenance and support of security solutions
All of the above
Which one of the following is a port scanner?
Nmap
Snort
Nessus
Wireshark
Tcpdump
If ICMP encounters an error, which protocol does it use to help it out?
UDP
None
TCP
DHCP
DNS
When comparing security for Linux & Windows, which statement is true?
Linux is more secure
Windows is more secure
Neither is capable of much security
They are both secure by default
They both have the ability to increase security, but in slightly different ways
What are the 3 main goals of security?
Confidentiality, Integrity, Availability
Security, Ease of Use, Functionality
Availability, Ease of Use, Functionality
Confidentiality, Security, Ease of Use
Security, Integrity, Functionality
A fragmented IP datagram will only be reassembled by:
The router closest to the destination
Any router along the path when the MTU changes to permit a larger datagram
By the host it is destined for
By the application processing the information datagram
None of the above
One of the catalysts for the growth of Information Security was the growth of internetworks and the Internet. What was the stimulus for this growth?
Government and Universities started sharing more and more information
Hacktivists starting using the Internet
The military started to realise the importance of this technology for weapons deployment
Modems appeared on the market
The availability and number of computers in users’ hands grew at a fantastic rate
Which of the following software tools is not effective for security purposes?
Ping
Traceroute / Tracert
Route
Nmap
None of the above, they’re all useful
{"name":"CST8247 Mid-Term", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on key networking protocols, security concepts, and penetration testing methodologies with our CST8247 Mid-Term Quiz. This comprehensive quiz is designed for students who want to evaluate their understanding of critical topics in cybersecurity and networking.50 carefully crafted questionsMultiple choice formatInstant feedback on your answers","img":"https:/images/course3.png"}
More Quizzes
COMP 424 Midterm 1
13673
IAS MIDTERMS REVIEWER
402072
COMP 424 Practice Final
4020101
Midterm Reviewer Part 6
10555
Week 6 Quiz
211034
Student Workbook Exam
251219
CIS103 Created by osama bani hamad
201026
Passwords Quiz 2nd
74165
IGCSE Computer Science MCQ
7435
ICS133 Finals
24120
Soltiamon Christian School System
ICT First Quiz - Topic Information and Computer Security
Direction: Answer all questions (Multiple Choice)
Class: 10th Grade A
10555
Quiz1: Data Communication and Data Network by Sirajuddin Ahmed Kalwar
1059