COMP 424 Practice Final
COMP 424 Practice Final Quiz
Test your knowledge on essential concepts of cybersecurity with our COMP 424 Practice Final Quiz. This quiz covers a wide range of topics including cryptography, buffer overflow vulnerabilities, authentication, and network security.
Prepare for your final exam with questions that delve into:
- Encryption methods
- Common security threats
- System vulnerabilities
- Hash fun
ctions and their applications
What is a disadvantage of using Shift Cipher?
An attacker can find K by using brute force (key space is small)
It is vulnerable due to frequency analysis
Each letter in a ciphertext corresponds to only one letter in the plaintext letter
Adversary can have full control over the communication channel
Which is NOT a type of buffer overflow?
Stack
Heap
TOCTTOU
Return-to-libc
What is an advantage/disadvantage of using shift cipher?
Easy to use/Can be easily broken by attacker
Exhaustive search is difficult/Vulnerable to frequency analysis attacks
Secure if key length is equal to cipher text/ Can be broken by Kasisky test
Mathematically unbreakable encryption/Single use only
Which does NOT describe the Vignere Cipher?
Any message encrypted by a Vigenere cipher is a collection of as many shift ciphers as there are letters in the key.
It masks the frequency with which a character appears in a language
Should never be reused
Can find length through Kasisky test
Which rule can be broken for One-Time Pad to still be unbreakable?
The key is truly random
Each key is used only once (must be destroyed after use)
The key is at least as long as the message that must be encrypted
Key space size must be between [0-25]
In a Stream Cipher, what is the term that can be combined with the plaintext digits in a similar fashion to OTP
Which is NOT a relevant hash function?
MD5
SHA1
SHA2
SHA5
What is the name for the brute force attack that requires the length of hash outputs to be double the key length of block ciphers (Ex: If 128, then 256)
How long does it take to brute force the level of security (for collision resistance) of a hash function that outputs n bits?
Which is NOT true about Message Authentication Code (MAC)?
Is a hash family, used for message authentication
The sender and the receiver share secret K
To be secure, an adversary shouldn’t be able to come up with (X’,Y’) such that HK(X’)=Y’
Output known as the fingerprint or the message digest
Which is NOT true about cookies?
Validation shouldn't only be applied to fields that allow users to type in input
Is a name/value pair created by a website to store information on your computer
Used for authenticating, tracking, and maintaining specific information about users
Servers can use cookies to store state on client
Cross Site Scripting can occur when the web applications take user inputs that contain scripts and use them as part of the webpage
True
False
In an SQL Injection, queries intended by the programmer can be “changed” by untrusted user input
True
False
What is the name of the type of prevention where the process is aimed at verifying whether or not the type of input submitted by a user is allowed?
System Mode cannot execute some instructions, disable interrupts, or access memory management units
True
False
Which does NOT define a system call?
Changes processor state from user mode to kernel mode
Arguments are transferred from user space to kernel space
Default situation is lack of access
Guarded gates from user mode (space, land) into kernel mode (space, land)
Which is NOT a principle of fail-safe defaults?
Default situation is lack of access
Accessing a file identified by a path name requires execution to all directories along the path
Base access decisions on permission rather than exclusion
Protection scheme identifies conditions under which access is permitted
Every program and every user of the system should operate using the least set of privileges necessary to complete the job
True
False
Which is NOT a reason for why buffer overflow happens?
Misconfiguration of environment variables
Programming languages give users too much control
Users do not write safe code
Programming languages have unsafe functions
In a buffer overflow attack, suppose that the buffer that you will overflow starts at [rbp-0x10], which is 16 bytes. If the machine uses an x86-64 CPU, how many bytes do you need to fill up to and including a 48-bit return address in the called function's stack frame?
A virtual machine is less secure than a container
True
False
Which is NOT a Security Threat / Attack?
Normal Flow
Interception
Indentation
Fabrication
Which passive attack is described as the reading of messages from sender to receiver by an attacker?
Traffic analysis is a passive attack that observes patterns of a messages from sender to receiver
True
False
Which is NOT an active attack?
Masquerade
Replay
Denial of Service
Eavesdropping
Firewalls filter based on IP, TCP, and UDP information, among other things.
True
False
Which is NOT a way to protect yourself against packet sniffing?
SSH
HTTP over SSL
Telnet
IPSec
The purpose of a Denial of Service attack is to make a network service unusable, usually by overloading the server or network
True
False
What is the security at the Application Layer?
PGP, Kerberos, SSH
TLS
IPSec
Hardware Encryption
What is the security at the Transport Layer?
PGP, Kerberos, SSH
TLS
Hardware Encyption
IPSec
What is the security at the Network Layer
PGP, Kerberos, SSH
IPSec
TLS
Hardware Encryption
What is the security at the Data Link Layer?
Hardware Encryption
IPSec
TLS
PGP. Kerberos, SSH
Pretty Good Privacy (PGP) works by encrypting a message using a public key that's tied to a specific user; when that user receives the message, they use a private key that's known only to them to decrypt it.
True
False
{"name":"COMP 424 Practice Final", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on essential concepts of cybersecurity with our COMP 424 Practice Final Quiz. This quiz covers a wide range of topics including cryptography, buffer overflow vulnerabilities, authentication, and network security.Prepare for your final exam with questions that delve into:Encryption methodsCommon security threatsSystem vulnerabilitiesHash functions and their applications","img":"https:/images/course3.png"}
More Quizzes
COMP 424 Midterm 1
13671
Midterm Reviewer Part 6
10554
IAS MIDTERMS REVIEWER
402070
ICS133 Finals
24120
CIS103 Created by osama bani hamad
201026
Passwords Quiz 2nd
74163
IGCSE Computer Science MCQ
7434
Week 6 Quiz
211033
Chapter 2 :: Software Concepts (Online Test)
10567
Password Security For Middle School
11611
CMP 235 QUIZ 3 CHAPTER 7
15814
IS
11627