1. What does IP mean?
Answers:
• Instance Principle
•
Internet Protocol
• Instant Protocol
• Intellectual Property
2. What happens to your data when it is encrypted?
Answers:
• It is transferred to a third party,
encoded, then sent back.
• It is compressed, renamed, and archived.
• It is sent through a series of
supercomputers to be compressed multiple times.
• It is
recoded to retain privacy from third-parties.
3. What is a computer virus?
Answers:
• A virus is the same as a cookie in that
it is stored on your computer against your permission.
• A virus is friendly software that is
simply mislabled.
• Malicious software that merely stays
dormant on your computer.
•
Malicious software that inserts itself into other programs.
4. Which of the following is valid difference between a Virus and a Spyware ?
Answers:
• Spyware damages data and also steals
sensitive private information
• Virus
damages data, Spyware steals sensitive private information
• Spyware damages data, Virus steals
sensitive private information
• Virus damages data and also steals
sensitive private information
5. How to avoid Man-in-the-middle attacks?
Answers:
• Accept every SSL certificate, even the
broken ones
• Use connections without SSL
• Use
HTTPS connections and verify the SSL certificate
6. What happens during the TCP attack; Denial of Service?
Answers:
• A virus is sent to disable their dos
prompt.
• Viruses are sent to their ISP to deny
them tech support.
• A worm is loaded onto the victims
computer to disable their keyboard.
•
Information is repeatedly sent to the victim to consume their system resources,
causing them to shut down.
7. What is Internet Protocol Security?
Answers:
• Methods
to secure Internet Protocol (IP) communication.
• Ways to disconnect your router in an
emergency.
• Methods to secure a disconnected
computer.
• Methods to secure your documents from
physical breaches.
8. Which of the following is a valid Internet Security requirement?
Answers:
• Authentication
• All of
the given options are correct
• Integrity
• Confidentiality
9. Digital signatures provide which of the following ?
Answers:
• authentication
• Non-repudiation
• All of
the given options are correct
• integrity protection
10. In which of the following protocols does a website (if accessed using the protocol) encrypt the session with a Digital Certificate?
Answers:
• TCP
• SHTTP
• HTTPS
• XHTTP
11. Which of the following are possible security threats?
Answers:
• Illegitimate use
• All of
the given options are correct
• Backdoors
• Masquerading
12. What is a firewall?
Answers:
•
Firewalls are network-based security measures that control the flow of incoming
and outgoing traffic.
• A firewall is a program that encrypts
all the programs that access the Internet.
• A firewall is a program that keeps other
programs from using the network.
• Firewalls are interrupts that
automatically disconnect from the internet when a threat appears.
13. Which of the following involves submitting as many requests as possible to a single Internet computer or service, overloading it and preventing it from servicing legitimate requests?
Answers:
•
Distributed denial-of-service attacks
• Backdoor
• Masquerading
• Phishing
14. Which of the following symmetric keys can be derived from Symmetric master key?
Answers:
• Authentication keys
• Key wrapping keys
• All of
the given options are correct
• Data encryption keys
15. Which of the following are valid Cryptographic key types?
Answers:
• Public authentication key
• All of
the given options are correct
• Public signature verification key
• Private signature key
16. Is true that HTTP is an insecure protocol?
Answers:
• True
• False
17. Which is the best way a system can be hardened?
Answers:
• Total
disk encryption coupled with strong network security protocols.
• White-list ad filtering only.
• Installing a commercial security suite.
• Virus scanning only.
18. Why is it crucial to encrypt data in transit?
Answers:
• To assure that all of your information
cannot be decrypted.
• To decrease your resources.
• So you can increase your chances of
testing your encryption capabilities.
• To
prevent unauthorized access to private networks and sensitive information
during its most vulnerable state.
19. Which of the following are the basic functionalities of the IPsec Protocol ?
Answers:
• Security association for policy
management and traffic processing
• Security protocols for AH and ESP
• Manual and automatic key management for
the internet key exchange
• All of
the given options are correct
20. Can a proxy be used as a firewall? If so, how?
Answers:
• No. Proxies are data encryption stations
whose sole purpose is to encrypt and re-rout data.
• No. Proxies are firewalls that are
maintained at locations other than that of the user.
• No. All a proxy does is re-rout Internet
traffic, and thus all the malicious signals that go with it.
• Yes. A
proxy acts as a network intermediary for the user that serves to control the
flow of incomming and outgoing traffic.
21. In which of the following fraud methods is a legitimate/legal-looking email sent in an attempt to gather personal and financial information from recipients?
Answers:
• Virus
• Masquerading
• Phishing
• Malware
22. Which of the following is TRUE about TLS?
Answers:
• The HMAC construction used by most TLS
cipher suites is specified in RFC 2104
• Provides protection against a downgrade
of the protocol to a previous (less secure) version or a weaker cipher suite
• The message that ends the handshake
sends a hash of all the exchanged handshake messages seen by both parties
• All of
the given options are correct
23. Which of the following is a VALID type of Key Management System?
Answers:
• Third-Party Key Management System
• Dynamic Key Management System
• Integrated Key Management System
• Both
Integrated Key Management System and Third-Party Key Management System
24. What is one way that a web browser is vulnerable to breaching?
Answers:
• A browser can be infected by closing it.
• A virus can be sent through the monitor.
• A
browser plugin can be exploited.
• Web browsers are impervious to
exploitation.
25. What two main categories of network topologies are there?
Answers:
• Digital and Topological
• Direct and Indirect
• Close and Distant
•
Physical and logical.
26. What is another name for an insecure plugin?
Answers:
• Hardware
• Software
• Firmware
• Malware
27. A digital signature scheme consists of which of the following typical algorithms ?
Answers:
• Key
generation, Signing and Signature verifying algorithm
• Signature verifying algorithm
• Key generation algorithm
• Signing algorithm
28. Which of the following is TRUE about SSL 3.0?
Answers:
• It has a weak MAC construction that uses
the MD5 hash function with a secret prefix
• Identical cryptographic keys are used
for message authentication and encryption
• SSL 3.0
improved upon SSL 2.0 by adding SHA-1 based ciphers and support for certificate
authentication
• It assumes a single service and a fixed
domain certificate, which clashes with the standard feature of virtual hosting
in Web servers
29. There are two types of firewall. What are they?
Answers:
• Internet-based and home-based.
•
Hardware and software.
• Remote and local
• Digital and electronic.
30. True of False? Malware exists which affects both Windows and Linux systems.
Answers:
• True
• False
31. Which of the following refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user's consent?
Answers:
• Malware
• Botnet
• Trojan horse
• Spyware
32. What is a computer worm?
Answers:
• It is software designed to exploit
networks.
• It is software designed to analyze and
search for open ports.
• It is a software utilized to scan
packets on open networks.
• It is
malware designed to infect other computers.
33. Is a Unix-based system vulnerable to viruses?
Answers:
• Yes. The split is approximately 50/50
when it comes to attacks on Windows vs. Unix based systems.
• Yes, the majority of viruses attack
Unix-based systems.
• No. Linux systems are totally impervious
to attacks.
• Yes,
however the majority are coded to attack Windows-based systems.
34. Which of the following protocol used Port 443 and Port 80 respectively
Answers:
• HTTPS
and HTTP
• XHTML
• HTTP and HTTPS
• DHTML
35. Which of the following is a means to access a computer program or entire computer system bypassing all security mechanisms?
Answers:
• Backdoor
• Masquerading
• Phishing
• Trojan Horse
36. What does TCP mean?
Answers:
• Total Content Positioning
•
Transmission Control Protocol
• Transmittable Constant Protocol
• Technical Control Panel
37. What does cross-site scripting allow for attackers?
Answers:
• Direct introduction of viruses into a
victims computer.
• The introduction of worm viruses into
the victims website.
• A phishing attack that automatically
downloads the victims personal information.
•
Injection of client-side scripts into web pages.
38. Which of the following is collection of Internet-connected programs communicating with other similar programs in order to perform tasks?
Answers:
• Botnet
• Spyware
• Trojan horse
• Malware
39. What are TLS and SSL?
Answers:
• Internet protocols.
• Network layers.
• Internet layers
•
Cryptographic protocols.
40. Who was TLS defined by?
Answers:
• The DEA
• OSHA
•
Internet Engineering Task Force
• NSA
41. Modern secure password storage should implement:
Answers:
• Salted plain-text values of the password
• Hashed values of the password
• Plain-text passwords stored in an
encrypted database
• Salted
and hashed values of the password
42. What is network topology?
Answers:
• It is the inner networkings of a single
computer.
• It is the top layer of a computer
network.
• It is
the framework of the components of a computer network.
• It is the entirety of the data of a
computer network.
43. Which of the following is a general term for malicious software that pretends to be harmless so that a user willingly allows it to be downloaded onto the computer?
Answers:
• Spware
• Virus
• Trojan
Horse
• Botnets
44. What is another name for Internet Layer?
Answers:
• TCP layer
• Interwebs
• IP layer
• SSL layer
45. Which of the following is the collective name for Trojan horses, spyware, and worms?
Answers:
• Spware
• Botnets
• Virus
• Malware
46. When cookies are used as session identifiers, how are they then used as a potential security hazard?
Answers:
• They emulate user's by downloading all
the victims information onto a virtual machine.
• User's cookies are altered to a
virus-like state.
• They emulate user's by stealing their
personal identity.
•
Attackers emulate users by stealing their cookies.
47. Which of the following is a valid flaw of SSL 2.0 ?
Answers:
• It does not have any protection for the
handshake
• Identical cryptographic keys are used
for message authentication and encryption
• It has a weak MAC construction that uses
the MD5 hash function with a secret prefix
• All of
the given options are correct
48. Which of the following is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI)?
Answers:
• X.507
• X.519
• X.508
• X.509
49. Trojan Horse programs operate with what intent?
Answers:
• To slowly but surely infect and become
your operating system until the system crashes.
• To openly exploit a systems weaknesses
until the user discovers it.
• To
masquerade as non-malicious software while exploiting a system's weaknesses.
• To do a series of brute force attacks
within the system itself and a series of external attacks from other servers.
50. Why is a virtual machine considered a sandboxing method?
Answers:
• Virtual machines all have firewalls,
virus scanners, and proxy connetions.
• Virtual machines all have sandbox
features installed on them.
• Virtual machines take the brunt of the
attack, so the user is always safe.
• All
host resources are channeled through the emulator.
51. When is encrypted data the safest?
Answers:
• When it is being transferred via usb
stick.
• When it is in transit.
• When it is being written.
• When it
is at rest.
52. Which of the following keys are used to generate random numbers?
Answers:
• Symmetric random number generation keys
•
Symmetric and asymmetric random number generation keys
• Public signature verification key
• Asymmetric random number generation keys
53. Which of the following is true about Public Key Encryption?
Answers:
• Anyone can encrypt with the public key
and anyone can decrypt with the private key
• Anyone
can encrypt with the public key, only one person can decrypt with the private
key
• Anyone can encrypt with the private key,
only one person can decrypt with the public key
• Only one person can encrypt with the
public key and anyone can decrypt with the private key
54. If you set up a BUS network, what is the major disadvantage?
Answers:
• It is entirely wireless and open to
wifi-based attacks.
• It is daisy-chained together with
several cables.
• It is
linked with a single cable which can be a major vulnerability.
• It is connected in a star pattern and
can be disabled by disrupting one data center.
55. What does the acronym BEAST mean in Beast Attack?
Answers:
• Breaking and Entering Against SSL/TLS
• Browser Extension And SSL/TLS
• Browser
Exploit Against SSL/TLS
• Breach Entering Against SSL/TLS
56. TCP is used for what three main functions?
Answers:
• Connect
to the Web, deliver email, and transfer files.
• Connect to the Web, compress data,
encrypt mail.
• Connect to the web, conceal data,
transfer files.
• Connect to the Web, encrypt data,
transmit information.
57. Secure cookies have which feature?
Answers:
• They are not encrypted, just sent via
secure server.
• They
are encrypted.
• Secure cookies are passed along via
encrypted programs.
• Cookies are always traded between
trusted users.
58. How are port numbers categorized?
Answers:
• Static, dynamic, enigmatic
• Known, well-known, unknown
•
Well-known, registered, and static/dynamic.
• Unknown, unregistered, invalid
59. Which of the following type of attack can actively modify communications or data?
Answers:
• Both Active and Passive attack
• Neither Active nor Passive attack
• Active
attack
• Passive attack
60. What is the top method an attacker might infect a target?
Answers:
• Social
engineering, or psychological manipulation.
• SQL injection.
• Buffer overflow.
• Hacking via the Internet.
61. Secure Sockets Layer is a predecessor of which cryptographic protocol?
Answers:
• IPSec
•
Transport Layer Security
• SSL 3.0
• HTTPS
62. An SQL injection is often used to attack what?
Answers:
• Small scale machines such as diebold
ATMs.
•
Large-scale sequel databases such as those containing credit card information.
• Servers running SQL databases similar to
Hadoop or Hive.
• Servers built on NoSQL
63. Which version of TLS is vulnerable to BEAST exploit?
Answers:
• TLS 1.1
• TLS 3.0
• TLS 0.5
• TLS 2.0
• TLS 1.0
64. According to OWASP what is the most dangerous web vulnerability?
Answers:
•
Injections (SQL, LDAP, etc)
• Cross-site-scripting (XSS)
• Security Misconfiguration
• Cross-Site Request Forgery (CSRF)
• Sensitive Data Exposure
65. Sandboxing does what to computer programs?
Answers:
• Sandboxing protects your system by
trapping all the viruses.
• It
separates and isolates them.
• Sandboxing doesn't protect your system.
• Sandboxes protect your programs by
isolating all the other programs except the one you are using at the time.
66. What is largely considered the most advanced computer virus?
Answers:
• Conficker Virus
• Zeus
• Stuxnet.
• agent.biz
67. What is necessary for a cross-site script attack with cookies to be thwarted?
Answers:
• CAPTCHAs
• Virtual machines
• Proxies
• Firewalls
68. What are the two primary classifications of cross-site scripting?
Answers:
• DOM-based and persistent
• traditional and DOM-based
• traditional and non-persistent
•
non-persistent and persistent.
69. Which of the following is a VALID authorization key?
Answers:
• Public
authorization key
• Public ephemeral key authorization key
• Asymmetric authorization keys
• Symmetric authorization keys
70. Which of the following is a VALID digital signature key?
Answers:
• Public signature authentication key
• Private signature authentication key
• Symmetric signature authentication key
• Private
signature key
71. How can cookies be used to mitigate cross-site scripting?
Answers:
• Cookies can be coded like a program to
intercept script attacks.
• Cookies store an exact mirror copy of
all a users web activity.
• Cookies
allow for cookie-based user authentication.
• They can't. Cookies only store user
information.
72. Which of the following uses asymmetric cryptography ?
Answers:
• (none of these)
• VoIP
• Both
VoIP and SSL
• SSL
73. Which of the following is not a VALID type of firewall?
Answers:
• Application-level gateways
• Circuit-level gateways
• Proxy
Server Gateways
• Packet filters
74. What is the less secure AES encryption mode?
Answers:
• CFB
• OCB
• ECB
• CTR
• CBC
75. What is a method to fend off a Sockstress attack?
Answers:
• Do nothing. It will pass on its own.
• Prepare a retaliatory DDOS attack.
• Black-listing access to TCP services on
critical systems.
•
White-listing access to TCP services on critical systems.
76. Which of the following HTTP method is considered insecure ?
Answers:
• POST
• DELETE
• TRACE
• GET
77. Which of the following represents a cryptographic key that is generated for each execution of a key establishment process ?
Answers:
• Private key transport key
• Public signature verification key
• Private
ephemeral key agreement key
• Public authentication key
78. What does the Linux kernal use to sandbox running programs?
Answers:
• Linux doesn't sandbox because it is
impervious to any and all cyber attacks.
• Linux uses a layered system of user
authentication to perform sandbox-like functions.
•
seccomp, or Secure Computing Mode
• Linux drives are fully encrypted, thus
they don't need sandboxing.
79. Which of the following keys are the private keys of asymmetric (public) key pairs that are used only once to establish one or more keys ?
Answers:
• Public ephemeral key agreement key
• Asymmetric random number generation keys
• Symmetric random number generation keys
• Private
ephemeral key agreement key
80. What does a cryptographic key do within the Internet Layer?
Answers:
• It specifies how encrypted data is
transferred and to whom.
• It
specifies how transferred information is converted into cyphertext.
• It converts it into encrypted language.
• It is the specialized dataset that is
able to decrypt cyphertext.
81. Which of the following represents a cryptographic key that is intended to be used for a long period of time?
Answers:
• Private key transport key
• Public authentication key
• Public signature verification key
• Private
static key agreement key
82. Which of the following is a VALID ephemeral key?
Answers:
• Asymmetric ephemeral random number
generation keys
• Public ephemeral verification key
• Symmetric ephemeral random number
generation keys
• Public
ephemeral key agreement key
83. Which of the following enables secure and private data exchange/transfer on an unsecure public network ?
Answers:
• Public
Key Infrastructure
• Virtual Key Infrastructure
• Private Key Infrastructure
• All of the given options are correct
84. Which of the following keys are used to encrypt other keys using symmetric key algorithms ?
Answers:
• Symmetric random number generation keys
• Asymmetric random number generation keys
•
Symmetric key wrapping key
• Public signature verification key
85. Which of the following is a standalone computer program that pretends to be a well-known program in order to steal confidential data ?
Answers:
• SPWare
• Spyware
•
Fraudtool
• Malware
• Virus
86. In the sublayer of which of the following does TLS and SSL performs the data encryption of network connections?
Answers:
• presentation layer
• Both session and presentation layer
• session layer
•
application layer
87. Which of the following are the public keys of asymmetric (public) key pairs that are used to encrypt keys using a public key algorithm?
Answers:
• Public signature verification key
• Private signature key
• Public
key transport key
• Private key transport key
88. Which of the following are the public keys of asymmetric key pairs that are used to encrypt keys using a public key algorithm ?
Answers:
• Private signature key
• Private
key transport key
• Public signature verification key
• Public authentication key
No comments:
Post a Comment