COMP 424 Practice Final

A realistic and engaging image of a student taking an online cybersecurity quiz, surrounded by digital elements representing cybersecurity concepts like encryption, firewalls, and secure coding practices.

COMP 424 Practice Final Quiz

Test your knowledge on essential concepts of cybersecurity with our COMP 424 Practice Final Quiz. This quiz covers a wide range of topics including cryptography, buffer overflow vulnerabilities, authentication, and network security.

Prepare for your final exam with questions that delve into:

  • Encryption methods
  • Common security threats
  • System vulnerabilities
  • Hash functions and their applications
40 Questions10 MinutesCreated by TestingKnight57
What is a disadvantage of using Shift Cipher?
An attacker can find K by using brute force (key space is small)
It is vulnerable due to frequency analysis
Each letter in a ciphertext corresponds to only one letter in the plaintext letter
Adversary can have full control over the communication channel
Which is NOT a type of buffer overflow?
Stack
Heap
TOCTTOU
Return-to-libc
What security goal/property is violated when it comes to email phishing/malware attacks?
How do you break a Mono-alphabetic Substitution Cipher?
What is an advantage/disadvantage of using shift cipher?
Easy to use/Can be easily broken by attacker
Exhaustive search is difficult/Vulnerable to frequency analysis attacks
Secure if key length is equal to cipher text/ Can be broken by Kasisky test
Mathematically unbreakable encryption/Single use only
Which does NOT describe the Vignere Cipher?
Any message encrypted by a Vigenere cipher is a collection of as many shift ciphers as there are letters in the key.
It masks the frequency with which a character appears in a language
Should never be reused
Can find length through Kasisky test
Which rule can be broken for One-Time Pad to still be unbreakable?
The key is truly random
Each key is used only once (must be destroyed after use)
The key is at least as long as the message that must be encrypted
Key space size must be between [0-25]
In a Stream Cipher, what is the term that can be combined with the plaintext digits in a similar fashion to OTP
Which is NOT a relevant hash function?
MD5
SHA1
SHA2
SHA5
What is the name for the brute force attack that requires the length of hash outputs to be double the key length of block ciphers (Ex: If 128, then 256)
How long does it take to brute force the level of security (for collision resistance) of a hash function that outputs n bits?
Which is NOT true about Message Authentication Code (MAC)?
Is a hash family, used for message authentication
The sender and the receiver share secret K
To be secure, an adversary shouldn’t be able to come up with (X’,Y’) such that HK(X’)=Y’
Output known as the fingerprint or the message digest
Which public key encryption algorithm is based on the hardness of factoring large numbers?
Which is NOT true about cookies?
Validation shouldn't only be applied to fields that allow users to type in input
Is a name/value pair created by a website to store information on your computer
Used for authenticating, tracking, and maintaining specific information about users
Servers can use cookies to store state on client
Cross Site Scripting can occur when the web applications take user inputs that contain scripts and use them as part of the webpage
True
False
In an SQL Injection, queries intended by the programmer can be “changed” by untrusted user input
True
False
What is the name of the type of prevention where the process is aimed at verifying whether or not the type of input submitted by a user is allowed?
System Mode cannot execute some instructions, disable interrupts, or access memory management units
True
False
Which does NOT define a system call?
Changes processor state from user mode to kernel mode
Arguments are transferred from user space to kernel space
Default situation is lack of access
Guarded gates from user mode (space, land) into kernel mode (space, land)
Which is NOT a principle of fail-safe defaults?
Default situation is lack of access
Accessing a file identified by a path name requires execution to all directories along the path
Base access decisions on permission rather than exclusion
Protection scheme identifies conditions under which access is permitted
Every program and every user of the system should operate using the least set of privileges necessary to complete the job
True
False
Which is NOT a reason for why buffer overflow happens?
Misconfiguration of environment variables
Programming languages give users too much control
Users do not write safe code
Programming languages have unsafe functions
In a buffer overflow attack, suppose that the buffer that you will overflow starts at [rbp-0x10], which is 16 bytes. If the machine uses an x86-64 CPU, how many bytes do you need to fill up to and including a 48-bit return address in the called function's stack frame?
What countermeasure must be deactivated to perform a buffer overflow attack?
A virtual machine is less secure than a container
True
False
Which is NOT a Security Threat / Attack?
Normal Flow
Interception
Indentation
Fabrication
Which passive attack is described as the reading of messages from sender to receiver by an attacker?
Traffic analysis is a passive attack that observes patterns of a messages from sender to receiver
True
False
Which is NOT an active attack?
Masquerade
Replay
Denial of Service
Eavesdropping
Fill in the blank: Firewalls may be used to create multiple ___ ___ ___, such as a hierarchy .
Firewalls filter based on IP, TCP, and UDP information, among other things.
True
False
Packet Sniffing: What kind of information would be most useful to a malicious user?
Which is NOT a way to protect yourself against packet sniffing?
SSH
HTTP over SSL
Telnet
IPSec
The purpose of a Denial of Service attack is to make a network service unusable, usually by overloading the server or network
True
False
What is the security at the Application Layer?
PGP, Kerberos, SSH
TLS
IPSec
Hardware Encryption
What is the security at the Transport Layer?
PGP, Kerberos, SSH
TLS
Hardware Encyption
IPSec
What is the security at the Network Layer
PGP, Kerberos, SSH
IPSec
TLS
Hardware Encryption
What is the security at the Data Link Layer?
Hardware Encryption
IPSec
TLS
PGP. Kerberos, SSH
Pretty Good Privacy (PGP) works by encrypting a message using a public key that's tied to a specific user; when that user receives the message, they use a private key that's known only to them to decrypt it.
True
False
This IPSec member achieves data confidentiality by using symmetric key encryption algorithms to encrypt packets
{"name":"COMP 424 Practice Final", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on essential concepts of cybersecurity with our COMP 424 Practice Final Quiz. This quiz covers a wide range of topics including cryptography, buffer overflow vulnerabilities, authentication, and network security.Prepare for your final exam with questions that delve into:Encryption methodsCommon security threatsSystem vulnerabilitiesHash functions and their applications","img":"https:/images/course3.png"}
Powered by: Quiz Maker