What does IP mean?
Instant Protocol
Intellectual Property
Instance Principle
Internet
Protocol
When cookies are used as session identifiers, how are they then used as a potential security hazard?
Attackers
emulate users by stealing their cookies.
User's cookies are altered to a virus-like state.
They emulate user's by downloading all the victims
information onto a virtual machine.
They emulate user's by stealing their personal
identity.
Which of the following is a VALID type of Key Management System?
Dynamic Key Management System
Integrated Key Management System
Third-Party Key Management System
Both Integrated
Key Management System and Third-Party Key Management System
What are TLS and SSL?
Internet layers
Internet protocols.
Network layers.
Cryptographic
protocols.
What is a computer worm?
It is malware
designed to infect other computers.
It is software designed to exploit networks.
It is software designed to analyze and search for
open ports.
It is a software utilized to scan packets on open
networks.
Is a Unix-based system vulnerable to viruses?
Yes. The split is approximately 50/50 when it comes
to attacks on Windows vs. Unix based systems.
No. Linux systems are totally impervious to
attacks.
Yes, the majority of viruses attack Unix-based systems.
Yes, however the
majority are coded to attack Windows-based systems.
There are two types of firewall. What are they?
Hardware and
software.
Internet-based and home-based.
Digital and electronic.
Remote and local
Which of the following refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user's consent?
Spyware
Trojan horse
Malware
Botnet
What does cross-site scripting allow for attackers?
A phishing attack that automatically downloads the
victims personal information.
The introduction of worm viruses into the victims
website.
Injection of
client-side scripts into web pages.
Direct introduction of viruses into a victims
computer.
Which of the following is a means to access a computer program or entire computer system bypassing all security mechanisms?
Backdoor
Trojan Horse
Phishing
Masquerading
Which of the following protocol used Port 443 and Port 80 respectively
HTTPS and HTTP
DHTML
HTTP and HTTPS
XHTML
What happens to your data when it is encrypted?
It is compressed, renamed, and archived.
It is transferred to a third party, encoded, then
sent back.
It is scrambled
to retain privacy from third-parties.
It is sent through a series of supercomputers to be
compressed multiple times.
Which of the following is collection of Internet-connected programs communicating with other similar programs in order to perform tasks?
Malware
Trojan horse
Spyware
Botnet
If cookies with non-random sequence numbers are issued upon authentication, which of the following attack types can occur?
Session
hijacking
Cross-site scripting
SQL injection
Directory traversal
Modern secure password storage should implement:
Salted plain-text values of the password
Hashed values of the password
Plain-text passwords stored in an encrypted
database
Salted and
hashed values of the password
What two main categories of network topologies are there?
Close and Distant
Direct and Indirect
Physical and
logical.
Digital and Topological
What is one way that a web browser is vulnerable to breaching?
A virus can be sent through the monitor.
A browser plugin
can be exploited.
Web browsers are impervious to exploitation.
A browser can be infected by closing it.
What is another name for an insecure plugin?
Software
Firmware
Malware
Hardware
True of False? Malware exists which affects both Windows and Linux systems.
True
False
In which of the following fraud methods is a legitimate/legal-looking email sent in an attempt to gather personal and financial information from recipients?
Masquerading
Malware
Virus
Phishing
Can a proxy be used as a firewall? If so, how?
No. All a proxy does is re-rout Internet traffic,
and thus all the malicious signals that go with it.
No. Proxies are firewalls that are maintained at
locations other than that of the user.
No. Proxies are data encryption stations whose sole
purpose is to encrypt and re-rout data.
Yes. A proxy
acts as a network intermediary for the user that serves to control the flow of
incomming and outgoing traffic.
A digital signature scheme consists of which of the following typical algorithms ?
Signature verifying algorithm
Key generation algorithm
Signing algorithm
Key generation,
Signing and Signature verifying algorithm
Which of the following is TRUE about TLS?
The message that ends the handshake sends a hash of
all the exchanged handshake messages seen by both parties
The HMAC construction used by most TLS cipher
suites is specified in RFC 2104
All of the given
options are correct
Provides protection against a downgrade of the
protocol to a previous (less secure) version or a weaker cipher suite
Which of the following are the basic functionalities of the IPsec Protocol ?
Security protocols for AH and ESP
Manual and automatic key management for the
internet key exchange
All of the given
options are correct
Security association for policy management and
traffic processing
Which of the following involves submitting as many requests as possible to a single Internet computer or service, overloading it and preventing it from servicing legitimate requests?
Masquerading
Distributed
denial-of-service attacks
Phishing
Backdoor
Which is the best way a system can be hardened?
Installing a commercial security suite.
Virus scanning only.
White-list ad filtering only.
Total disk
encryption coupled with strong network security protocols.
Why is it crucial to encrypt data in transit?
So you can increase your chances of testing your
encryption capabilities.
To assure that all of your information cannot be
decrypted.
To decrease your resources.
To prevent
unauthorized access to private networks and sensitive information during its
most vulnerable state.
Is true that HTTP is an insecure protocol?
True
False
Which of the following is TRUE about SSL 3.0?
SSL 3.0 improved
upon SSL 2.0 by adding SHA-1 based ciphers and support for certificate
authentication
It has a weak MAC construction that uses the MD5
hash function with a secret prefix
It assumes a single service and a fixed domain
certificate, which clashes with the standard feature of virtual hosting in Web
servers
Identical cryptographic keys are used for message
authentication and encryption
What is a computer virus?
A virus is the same as a cookie in that it is
stored on your computer against your permission.
A virus is friendly software that is simply
mislabled.
Malicious software that merely stays dormant on
your computer.
Malicious
software that inserts itself into other programs.
Which of the following symmetric keys can be derived from Symmetric master key?
Data encryption keys
Key wrapping keys
All of the given
options are correct
Authentication keys
What is a firewall?
A firewall is a program that encrypts all the
programs that access the Internet.
Firewalls are
network-based security measures that control the flow of incoming and outgoing
traffic.
Firewalls are interrupts that automatically disconnect
from the internet when a threat appears.
A firewall is a program that keeps other programs
from using the network.
Which of the following is valid difference between a Virus and a Spyware ?
Virus damages
data, Spyware steals sensitive private information
Virus damages data and also steals sensitive
private information
Spyware damages data, Virus steals sensitive
private information
Spyware damages data and also steals sensitive
private information
Which of the following are valid Cryptographic key types?
Private signature key
All of the given
options are correct
Public authentication key
Public signature verification key
Digital signatures provide which of the following ?
Non-repudiation
authentication
integrity protection
All of the given
options are correct
Which of the following are possible security threats?
All of the given
options are correct
Masquerading
Backdoors
Illegitimate use
What happens during the TCP attack; Denial of Service?
A worm is loaded onto the victims computer to
disable their keyboard.
A virus is sent to disable their dos prompt.
Viruses are sent to their ISP to deny them tech
support.
Information is
repeatedly sent to the victim to consume their system resources, causing them
to shut down.
Which of the following is the collective name for Trojan horses, spyware, and worms?
Spware
Botnets
Virus
Malware
In which of the following protocols does a website (if accessed using the protocol) encrypt the session with a Digital Certificate?
TCP
XHTTP
HTTPS
SHTTP
Who was TLS defined by?
NSA
Internet
Engineering Task Force
OSHA
The DEA
How to avoid Man-in-the-middle attacks?
Use HTTPS
connections and verify the SSL certificate
Use connections without SSL
Accept every SSL certificate, even the broken ones
What is network topology?
It is the inner networkings of a single computer.
It is the top layer of a computer network.
It is the entirety of the data of a computer
network.
It is the
framework of the components of a computer network.
What is Internet Protocol Security?
Ways to disconnect your router in an emergency.
Methods to secure a disconnected computer.
Methods to secure your documents from physical
breaches.
Methods to
secure Internet Protocol (IP) communication.
What does TCP mean?
Total Content Positioning
Technical Control Panel
Transmittable Constant Protocol
Transmission
Control Protocol
Which of the following is a valid Internet Security requirement?
All of the given
options are correct
Integrity
Authentication
Confidentiality
What is another name for Internet Layer?
TCP layer
IP layer
SSL layer
Interwebs
Trojan Horse programs operate with what intent?
To do a series of brute force attacks within the
system itself and a series of external attacks from other servers.
To masquerade as
non-malicious software while exploiting a system's weaknesses.
To slowly but surely infect and become your
operating system until the system crashes.
To openly exploit a systems weaknesses until the
user discovers it.
Which of the following is a general term for malicious software that pretends to be harmless so that a user willingly allows it to be downloaded onto the computer?
Virus
Spware
Botnets
Trojan Horse
Which of the following is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI)?
X.507
X.519
X.508
X.509
If you set up a BUS network, what is the major disadvantage?
It is connected in a star pattern and can be
disabled by disrupting one data center.
It is entirely wireless and open to wifi-based
attacks.
It is linked
with a single cable which can be a major vulnerability.
It is daisy-chained together with several cables.
What does the acronym BEAST mean in Beast Attack?
Browser Exploit
Against SSL/TLS
Breach Entering Against SSL/TLS
Browser Extension And SSL/TLS
Breaking and Entering Against SSL/TLS
Why is a virtual machine considered a sandboxing method?
Virtual machines all have firewalls, virus
scanners, and proxy connetions.
Virtual machines all have sandbox features
installed on them.
All host
resources are channeled through the emulator.
Virtual machines take the brunt of the attack, so
the user is always safe.
Which of the following is a valid flaw of SSL 2.0 ?
Identical cryptographic keys are used for message
authentication and encryption
All of the given
options are correct
It has a weak MAC construction that uses the MD5
hash function with a secret prefix
It does not have any protection for the handshake
Which of the following is true about Public Key Encryption?
Only one person can encrypt with the public key and
anyone can decrypt with the private key
Anyone can
encrypt with the public key, only one person can decrypt with the private key
Anyone can encrypt with the private key, only one
person can decrypt with the public key
Anyone can encrypt with the public key and anyone
can decrypt with the private key
An SQL injection is often used to attack what?
Servers running SQL databases similar to Hadoop or
Hive.
Small scale machines such as diebold ATMs.
Servers built on NoSQL
Large-scale SQL
databases such as those containing credit card information.
Which of the following type of attack can actively modify communications or data?
Neither Active nor Passive attack
Passive attack
Both Active and Passive attack
Active attack
How are port numbers categorized?
Unknown, unregistered, invalid
Well-known,
registered, and static/dynamic.
Static, dynamic, enigmatic
Known, well-known, unknown
Which of the following keys are used to generate random numbers?
Asymmetric random number generation keys
Public signature verification key
Symmetric random number generation keys
Symmetric and
asymmetric random number generation keys
When is encrypted data the safest?
When it is being transferred via usb stick.
When it is at
rest.
When it is being written.
When it is in transit.
What is largely considered the most advanced computer virus?
agent.biz
Conficker Virus
Stuxnet.
Zeus
Secure Sockets Layer is a predecessor of which cryptographic protocol?
HTTPS
IPSec
Transport Layer
Security
SSL 3.0
What are the two primary classifications of cross-site scripting?
non-persistent
and persistent.
traditional and non-persistent
traditional and DOM-based
DOM-based and persistent
According to OWASP what is the most dangerous web vulnerability?
Security Misconfiguration
Cross-site-scripting (XSS)
Sensitive Data Exposure
Cross-Site Request Forgery (CSRF)
Injections (SQL,
LDAP, etc)
Which version of TLS is vulnerable to BEAST exploit?
TLS 1.0
TLS 0.5
TLS 2.0
TLS 3.0
TLS 1.1
Sandboxing does what to computer programs?
Sandboxes protect your programs by isolating all
the other programs except the one you are using at the time.
Sandboxing protects your system by trapping all the
viruses.
It separates and
isolates them.
Sandboxing doesn't protect your system.
Which of the following is a VALID authorization key?
Public
authorization key
Symmetric authorization keys
Public ephemeral key authorization key
Asymmetric authorization keys
Which of the following threats corresponds with an attacker targeting specific employees of a company?
Spear phishing
Phishing
Man-in-the-middle
Pharming
How can cookies be used to mitigate cross-site scripting?
Cookies store an exact mirror copy of all a users
web activity.
Cookies can be coded like a program to intercept
script attacks.
They can't. Cookies only store user information.
Cookies allow
for cookie-based user authentication.
What does a cryptographic key do within the Internet Layer?
It specifies how encrypted data is transferred and
to whom.
It is the specialized dataset that is able to
decrypt cyphertext.
It specifies how
transferred information is converted into cyphertext.
It converts it into encrypted language.
Which of the following keys are the private keys of asymmetric (public) key pairs that are used only once to establish one or more keys ?
Asymmetric random number generation keys
Public ephemeral key agreement key
Symmetric random number generation keys
Private
ephemeral key agreement key
Which of the following is a VALID digital signature key?
Private
signature key
Private signature authentication key
Public signature authentication key
Symmetric signature authentication key
Which of the following represents a cryptographic key that is generated for each execution of a key establishment process ?
Public authentication key
Private key transport key
Private
ephemeral key agreement key
Public signature verification key
What is the less secure AES encryption mode?
OCB
ECB
CTR
CBC
CFB
Which of the following keys are used to encrypt other keys using symmetric key algorithms ?
Symmetric random number generation keys
Asymmetric random number generation keys
Public signature verification key
Symmetric key
wrapping key
Which of the following represents a cryptographic key that is intended to be used for a long period of time?
Private key transport key
Public signature verification key
Public authentication key
Private static key
agreement key
What is a method to fend off a Sockstress attack?
White-listing
access to TCP services on critical systems.
Prepare a retaliatory DDOS attack.
Do nothing. It will pass on its own.
Black-listing access to TCP services on critical
systems.
Which of the following enables secure and private data exchange/transfer on an unsecure public network ?
All of the given options are correct
Private Key Infrastructure
Virtual Key Infrastructure
Public Key
Infrastructure
Which of the following is a VALID ephemeral key?
Public ephemeral
key agreement key
Public ephemeral verification key
Symmetric ephemeral random number generation keys
Asymmetric ephemeral random number generation keys
Which of the following HTTP method is considered insecure ?
POST
DELETE
GET
TRACE
What does the Linux kernal use to sandbox running programs?
Linux doesn't sandbox because it is impervious to
any and all cyber attacks.
seccomp, or
Secure Computing Mode
Linux uses a layered system of user authentication
to perform sandbox-like functions.
Linux drives are fully encrypted, thus they don't
need sandboxing.
Which of the following is not a VALID type of firewall?
Circuit-level gateways
Application-level gateways
Proxy Server
Gateways
Packet filters
Which of the following are the public keys of asymmetric key pairs that are used to encrypt keys using a public key algorithm ?
Private signature key
Public authentication key
Public signature verification key
Private key
transport key
Which of the following are the public keys of asymmetric (public) key pairs that are used to encrypt keys using a public key algorithm?
Private key transport key
Private signature key
Public signature verification key
Public key
transport key
In the sublayer of which of the following does TLS and SSL performs the data encryption of network connections?
application
layer
session layer
Both session and presentation layer
presentation layer
All of the following are valid cryptographic hash functions EXCEPT:
RC4
RIPEMD
SHA-512
MD4
Which of the following is a standalone computer program that pretends to be a well-known program in order to steal confidential data ?
Fraudtool
Malware
SPWare
Spyware
Virus
