CSIT460 Final Review
CSIT460 Final Review Quiz
Prepare yourself for the CSIT460 Final Exam with this comprehensive quiz designed to test your knowledge in computer security. This quiz covers a wide range of topics and provides you with an opportunity to review key concepts effectively.
Test your understanding of:
- Access Control Mechanisms
- Malware Types and Characteristics
- Network Security Protocols
- Data Integrity and Encryption
In computer security, C.I.A stands for
Confidentiality, intelligence, and availability
Confidentiality, integrity, and availability
Confidentiality, integrity, and assurance
Confidentiality, integrity, and authenticity
• In computer security, A.A.A stands for
Assurance, authenticity, and ability
Assurance, authenticity, and availability
Assurance, authenticity, and anonymity
Availability, authenticity, and anonymity
• Which of the following is not used as a way for authentication
Something you are
Something you know
Some you believe
Something you have
• Which of the following is not a data structure for access control
Access control matrices
Access control list
Capabilities
Binary tree
• Which of the following is not a tool for achieving integrity
Backups
Checksums
Data correcting codes
All above are correct tools for achieving integrity
• Which of the following statements is wrong?
The action of loading an operating system into hard drive from a powered-off state is known as booting
Initially, all OS’s code is stored in persistent storage, typically the hard drive.
When a computer is turned on, it first executes code stored in a firmware component known as BIOS
In order for the OS to execute, The OS code must be loaded into memory.
• Which of the following statements is wrong?
While going into hibernation, the OS deletes the entire contents of the machine’s memory.
Hibernation exposes a machine to potentially invasive forensic investigation without additional security precautions.
While going into hibernation, the OS stores the contents of machine’s memory into a hibernation file
• Which of the following statements is wrong?
If an attacker suddenly powered off the machine without properly shutting down and booted to another OS via external media, it may be possible to view these files and reconstruct portions of memory
A dictionary of 500,000 “words” is often enough to discover most passwords.
Password salt is to associate a random number with each userid.
By using Password salt, the system compare the hash of an entered password with a stored hash of a password
• Which of the following statements is wrong?
Discretionary Access Control allows the owner of a file to grant access to others
Inode is a database that describes the file/directory attributes such as metadata and the physical location on the hard drive
Hard link is a direct reference to a file via its inode
You can hardlink both files and directories
Based on closed policy in a file system, if we have
Give Tom read access to “foo”
Give Bob r/w access to “bar"
Then which of the following is wrong
Tom is allowed to read foo
Tom is allowed to write to foo
Bob is allowed to read bar
Bob is allowed to write to bar
• How many types of buffer-overflow attack are there?
2
4
5
3
Buffer-overflow may remain as a bug in apps if __________ are not done fully.
boundary hacks
memory checks
boundary checks
buffer checks
Why apps developed in languages like C, C++ is prone to Bufferoverflow?
No string boundary checks in predefined functions
No storage check in the external memory
No processing power check
No database check
• Which of the following is not malware
Backdoors
Logic Bombs
Computer Viruses
Buffer overflow
Which of the following statements about backdoors is wrong
Always created by one of the developers or administrators.
When used in a normal way, this program performs completely as expected and advertised
Once activated, the program does something unexpected, often in violation of security policies
A malicious action as a result of a certain logic condition.
Which of the following statements about computer viruses is wrong
One of the most important property of computer viruses is selfreplication
The replication of computer viruses requires some type of user assistance, such as clicking on an email attachment or sharing a USB drive.
Computer viruses will not modify other files or programs
Computer viruses share some properties with Biological viruses
• Which of the following statements about computer worms is wrong
computer worms are technically not computer viruses
Computer worms always need human interaction
Computer worms will not inject themselves in other programs
In most cases, a computer worm will carry a malicious payload, such as deleting files or installing a backdoor.
• The Referer header is to
indicate the URL from which the request originated
Provide information about the browser or other client software that generated the request
specify the hostname that appeared in the full URL being accessed.
submit additional parameters that the server has issued to the client
• Which of the following statements is wrong
In GET request, you can send parameters in the URL query string
When using GET request, the whole URL may appear in server logs and in Referer headers
When using POST request, request parameters can be sent in URL query string and in the body of the message
GET request is a better place for sensitive data
• Which of the following statements is wrong
HTTPS is essentially the same application-layer protocol as HTTP but is tunneled over the secure transport mechanism, Secure Sockets Layer (SSL)
The cookie mechanism enables the server to send items of data to the client, which the client stores and resubmits to the server.
Cookie is stored as a file in the directory of the browser. The info in the cookie will be auto added to each subsequent HTTP request header
HTTP provides built-in encryption
• Which of the following layers is not in TCP/IP model
DNS layer
Physical layer
Network layer
Application layer
• Which of the following statements is wrong
If two machines on the same network segment each transmit a frame at the same time, a collision can occur
Network interface controllers are typically identified by a hardwarespecific identifier know as its MAC address.
Every device that connects to a network has one
MAC addresses cannot be changed
• Which of the following statements is correct
ARP spoofing can be used for man-in-the middle attacks
ARP is used to find the IP address for a given host name
ARP provides authentication
Checking for multiple occurrences of the same MAC address on the LAN cannot defend against ARP spoofing
• Which of the following statements is wrong
After launching IP spoofing, an attacker is still able to receive the response from target server without using other techniques
IP spoofing can be used in denial-of-service attacks
IP traceback can be used to deal with IP spoofing
• Which of the following statements is wrong
Since most data payloads of IP packets are not encrypted, the packets can be sniffed
If a network interface is operating in promiscuous mode, it will retain all frames and read their contents
To defend against packet sniffing, the best choice is to stop using packet-sniffing tools such as Wireshark
To defend against packet sniffing, the encryption can be used
• Which of the following statements is wrong
The network devices in home network use the same public IP address
Network address translation allows all the machines on a local-area network to share a single public IP address
In NAT, the public IP address represents the point of contact with the Internet for the entire LAN, while machines on the network have private IP addresses that are only accessible from within the network
NAT can only be used for TCP packets
• Which of the following statements is wrong
ICMP can be use for denial-of-service attacks
In the basic ping flood attacks, the attacker can have mush less resources than the victim
The smurf attack can largely reduce the resources that are needed for denial-of-service attacks
To defend against smurf attacks, administrators should configure hosts and routers on their networks to ignore broadcast requests
• Which of the following statements is wrong
A stateless firewall doesn’t maintain any remembered context (or “state”) with respect to the packets it is processing
Stateless firewalls may have to be fairly restrictive in order to prevent most attacks
Stateful firewalls cannot tell when packets are part of legitimate sessions originating within a trusted network.
Stateful firewalls maintain tables containing information on each active connection
Which of the following statements about Electronic Code Book (ECB) mode is wrong
ECB mode allows for parallel encryptions of the blocks of a plaintext
ECB mode can tolerate the loss or damage of a block
ECB mode is widely used for encrypting documents and images
ECB mode is very simple
• Which of the following statements is wrong
Collisions are avoidable in hash functions
For a network with N users, N key pairs are needed for public key cryptosystem
Public-key encryption provides a method for doing digital signatures
Security of RSA based on difficulty of factoring
What is the encryption of “AEFSG” using the Vigenère Cipher with
the key “EFSWG
A | E | F | S | G |
0 | 4 | 5 | 18 | 6 |
E
|
F
|
S
|
W
|
G
|
4 | 5 | 18 | 22 | 6 |
HWMSN
EJXOM
KIDCK
LSXWX
Trusted Execution Environment
• Provides confidentiality and integrity even when the OS is
compromised
• Allows applications to execute, process, protect and store sensitive
data in an isolated, trusted environment
compromised
• Allows applications to execute, process, protect and store sensitive
data in an isolated, trusted environment
True
False
Principle of Least Privilege
• A privileged program should be given the power which is required
to perform it’s tasks.
to perform it’s tasks.
True
False
Please describe how the SYN flood attack works
• An attacker sends a large number of SYN packets to the server,
ignores the SYN/ACK replies, and never send the expected ACK
packets
• Attackers can also send packets with random IP addresses
• The server’s memory will fill up with sequence numbers that it is
remembering in order to match up TCP sessions with expected ACK
packets
• Since ACK packets never arrive, the memory is wasted and other
legitimate TCP sessions requests will be ignored
ignores the SYN/ACK replies, and never send the expected ACK
packets
• Attackers can also send packets with random IP addresses
• The server’s memory will fill up with sequence numbers that it is
remembering in order to match up TCP sessions with expected ACK
packets
• Since ACK packets never arrive, the memory is wasted and other
legitimate TCP sessions requests will be ignored
True
False
Countermeasure to the SYN flood attack?
• Leveraging SYN cookies, credited to Daniel Bernstein
• When SYN cookie are implemented, rather than dripping connections
because its memory is filled, the server sends a specially crafted
SYN/ACK packet without creating a corresponding memory entry
• In this response packet, the server encodes information in the TCP
sequence number as follows
▫ The first 5 bits are a timestamp realized as a counter incremented every
minute modulo 32
▫ The next 3 bits are an enc0ded value representing the maximum segment
size of transmission
▫ The final 24 bits are a MAC of the server and client IP addresses, the server
and client port numbers and the previously used timestamp, computed
using a secret key
• When SYN cookie are implemented, rather than dripping connections
because its memory is filled, the server sends a specially crafted
SYN/ACK packet without creating a corresponding memory entry
• In this response packet, the server encodes information in the TCP
sequence number as follows
▫ The first 5 bits are a timestamp realized as a counter incremented every
minute modulo 32
▫ The next 3 bits are an enc0ded value representing the maximum segment
size of transmission
▫ The final 24 bits are a MAC of the server and client IP addresses, the server
and client port numbers and the previously used timestamp, computed
using a secret key
True
False
Please describe the procedure of Smurf attack
• A clever variation: leveraging misconfigured network, which is
known as a smurf attack
• Many networks feature a broadcast address by which a user can
send a packet that is received by every IP address on the network
• Smurf attacks exploit this property by sending ICMP packets with
a source address set to the target and with a destination address
set to the broadcast address of a network
known as a smurf attack
• Many networks feature a broadcast address by which a user can
send a packet that is received by every IP address on the network
• Smurf attacks exploit this property by sending ICMP packets with
a source address set to the target and with a destination address
set to the broadcast address of a network
True
False
Please describe the procedure of ARP spoofing
• An attacker, Eve, simply sends an ARP reply to a target, who we
will call Alice, and Alice is trying to get the MAC address of another
person, who we will call Bob
▫ Bob is usually a LAN gateway
• Also, Eve sends an ARP reply to Bob who is also trying to get the
MAC address of Alice
will call Alice, and Alice is trying to get the MAC address of another
person, who we will call Bob
▫ Bob is usually a LAN gateway
• Also, Eve sends an ARP reply to Bob who is also trying to get the
MAC address of Alice
• After this ARP cache poisoning has taken place
▫ Bob thinks Alice’s IP address is associated with Eve’s MAC address, and
▫ Alice think Bob’s IP address is associated with Eve’s MAC address
• As a result, all traffic between Alice and Bob (who is the gateway
to the Internet) is routed through Eve
▫ Bob thinks Alice’s IP address is associated with Eve’s MAC address, and
▫ Alice think Bob’s IP address is associated with Eve’s MAC address
• As a result, all traffic between Alice and Bob (who is the gateway
to the Internet) is routed through Eve
• Once accomplished, this establishes a man-in-the-middle scenario,
where the attacker, Eve, has control over the traffic between the
gateway, Bob, and the target, Alice
• Eve can choose to passively observe this traffic, or she can even
tamper with the traffic, altering everything that goes between
Alice and Bob
where the attacker, Eve, has control over the traffic between the
gateway, Bob, and the target, Alice
• Eve can choose to passively observe this traffic, or she can even
tamper with the traffic, altering everything that goes between
Alice and Bob
True
False
For a system using RSA for encryption, we have e=3, n=55, and d=27.
Then, what is the ciphertext for M=4
Encryption: M3 mod 55
Me mod (n)
9
4
7
19
Compute the multiplicative inverse of 5 in Z21
17
9
18
20
{"name":"CSIT460 Final Review", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Prepare yourself for the CSIT460 Final Exam with this comprehensive quiz designed to test your knowledge in computer security. This quiz covers a wide range of topics and provides you with an opportunity to review key concepts effectively.Test your understanding of:Access Control MechanismsMalware Types and CharacteristicsNetwork Security ProtocolsData Integrity and Encryption","img":"https:/images/course7.png"}
More Quizzes
Security Plus
191025
Quiz 6
1587
Seguridad 7
1059
Ransomware Protection
10537
SSRF, impacts of SSRF, prevention of SSRF, SSRF attack scenarios, SSRF with metadata url in cloud systems
13626
Security Malware
105116
Entering the network
105313
Cyber
15823
DNS BY Yousif Essam
8465
Secrypt
251220
Information assurance 1
10532
Using Threat Intelligence
520