{ "metadata": { "model_name": "llama-3.3-70b-instruct", "ntrain": 0, "ntest": -1, "timestamp": "20241212-025549" }, "subject": "computer_security", "category": "STEM", "correct_rate": 84.0, "evaluation_results": [ { "question": "Which of the following styles of fuzzer is more likely to explore paths covering every line of code in the following program?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 33.4507839679718 }, { "question": "Assume that a TLS connection has been established successfully between a client and a server. Establishing the session included checking the server certificate and executing a DiffieHelmann exchange, but the client did not provide a client certificate. Further, assume that the client and server are honest, that the client and server don’t leak their keys, and that the cryptography is good. Which of the following attacks does TLS protect against?\n1. An attacker replaying bytes that a client sent earlier.\n2. An attacker impersonating the server.", "model_answer": "A", "correct_answer": 0, "is_correct": true, "response_time": 33.45110607147217 }, { "question": "MIT’s Kerberos KDC server has a maximum ticket lifetime of 24 hours (for most user principals). What ensures that an expired Kerberos ticket can no longer be used?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 33.45138597488403 }, { "question": "In Message Condentiality, the transmitted message must make sense to only intended", "model_answer": "A", "correct_answer": 0, "is_correct": true, "response_time": 33.45165181159973 }, { "question": "Which of the following is a remote Trojan?", "model_answer": "A", "correct_answer": 0, "is_correct": true, "response_time": 33.45191192626953 }, { "question": "______________ is a widespread app’s coding mistake made by developers which could be exploited by an attacker for gaining access or malfunctioning your system.", "model_answer": "B.", "correct_answer": 1, "is_correct": true, "response_time": 33.452171087265015 }, { "question": "Consider the paper Native Client: A Sandbox for Portable, Untrusted x86 Native Code by Yee et al. Ben Bitdiddle notes that NaCl uses Intel x86 segmentation to ensure that the sandboxed module does not read or write memory outside its own data area, and does not execute instructions outside its own code. Ben thinks that with these restrictions alone, executing the sandboxed module must be safe; that is, he thinks validation is not needed. Ben is wrong. Circle the types of x86 machine instructions that the validator always forbids in sandboxed code. Please ignore trampoline and springboard code.", "model_answer": "D", "correct_answer": 0, "is_correct": false, "response_time": 33.45243287086487 }, { "question": "____________ is also a part of darknet that is employed for transferring files anonymously.", "model_answer": "A", "correct_answer": 0, "is_correct": true, "response_time": 33.452691078186035 }, { "question": "Why apps developed in languages like C, C++ is prone to Buffer-overflow?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 33.452942848205566 }, { "question": "Man in the middle attack can endanger the security of Diffie Hellman method if two parties are not", "model_answer": "B", "correct_answer": 1, "is_correct": true, "response_time": 33.453192949295044 }, { "question": "An integer overflow occurs when", "model_answer": "A.", "correct_answer": 3, "is_correct": false, "response_time": 30.67797613143921 }, { "question": "Let HH be a Merkle-Damgard hash function is H:X^{\\leq L} \\to TH:X^≤L →T. Construct a MAC from this HH as follows: \\ \\ S(k,m) = H(k \\| m) S(k,m)=H(k∥m). This mac is insecure because:", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 30.67810893058777 }, { "question": "Suppose that Alice and Bob sent confidential text messages to one another last month through an encrypted messaging system. Alice and Bob are worried that an adversary might compromise one of their computers today, while they are taking the 6.858 final exam, and would then be able to decrypt those messages. Which of the following security properties can address Alice and Bob’s concern?", "model_answer": "C.", "correct_answer": 2, "is_correct": true, "response_time": 30.678229093551636 }, { "question": "The AH Protocol provides source authentication and data integrity, but not", "model_answer": "B", "correct_answer": 1, "is_correct": true, "response_time": 30.678343057632446 }, { "question": "Which of the following is not a security exploit?", "model_answer": "C.", "correct_answer": 2, "is_correct": true, "response_time": 30.678454160690308 }, { "question": "_______________ is the central node of 802.11 wireless operations.", "model_answer": "B.", "correct_answer": 1, "is_correct": true, "response_time": 30.678563833236694 }, { "question": "In MD-5 the length of the message digest is", "model_answer": "A", "correct_answer": 1, "is_correct": false, "response_time": 30.678674936294556 }, { "question": "What is Nmap?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 30.67878794670105 }, { "question": "How do you prevent SQL injection?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 30.6788969039917 }, { "question": "What does it mean to \"be stealthy\" during a penetration test?", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 30.679006099700928 }, { "question": "Which of the following is not a transport layer vulnerability?", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 30.227657079696655 }, { "question": "In Brumley and Boneh’s paper on side-channel attacks, why does blinding prevent the timing attack from working?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 30.228380918502808 }, { "question": "The openSSL implementation described in “Remote Timing Attacks are Practical” (by Brumley and Boneh) uses the following performance optimizations: Chinese Remainder (CR), Montgomery Representation (MR), Karatsuba Multiplication (KM), and Repeated squaring and Sliding windows (RS). Which of the following options would close the timing channel attack described in the paper if you turned the listed optimizations off?\n1. RS and KM\n2. RS and MR", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 30.228814840316772 }, { "question": "Public key encryption is advantageous over Symmetric key Cryptography because of", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 30.229167938232422 }, { "question": "The __________ was a huge marketplace of Dark Web specifically famous for selling of illegal drugs & narcotics as well as you can find a wide range of other goods for sale.", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 30.23656678199768 }, { "question": "The ______________ is categorized as an unknown segment of the Deep Web which has been purposely kept hidden & is inaccessible using standard web browsers.", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 30.23695993423462 }, { "question": "What does EXE do when the STP solver times out on a constraint query for a particular path?", "model_answer": "B", "correct_answer": 1, "is_correct": true, "response_time": 30.237311124801636 }, { "question": "To verify a digital signature we need the", "model_answer": "B", "correct_answer": 1, "is_correct": true, "response_time": 30.23777174949646 }, { "question": "Suppose you want to use fuzzing on a program to try to find memory errors; which of the following statements is true?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 30.240700006484985 }, { "question": "Based on the paper “SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificates trust model enhancements”, which of the following statements are false?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 30.240930795669556 }, { "question": "What tool can be used to perform SNMP enumeration?", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 24.25366497039795 }, { "question": "Which among them has the strongest wireless security?", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 24.25411891937256 }, { "question": "Suppose Unix did not provide a way of passing file descriptors between processes, but still allowed inheriting file descriptors from a parent on fork and exec. What aspects of the OKWS design would break without file descriptor passing?\n1. It would be impossible for services to get a TCP connection to the client web browser.\n2. It would be impossible for okd to run as a non-root user.", "model_answer": "A", "correct_answer": 2, "is_correct": false, "response_time": 24.25461196899414 }, { "question": "Failed sessions allow brute-force attacks on access credentials. This type of attacks are done in which layer of the OSI model?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 24.255229949951172 }, { "question": "Which of the following is an authentication method?", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 24.256065845489502 }, { "question": "When does a buffer overflow occur, generally speaking?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 24.257073879241943 }, { "question": "A digital signature needs a", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 24.257606983184814 }, { "question": "A packet filter firewall filters at the", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 24.258739948272705 }, { "question": "Let I = (S,V)I=(S,V) be a MAC. Suppose S(k,m)S(k,m) is always 5 bits long. Can this MAC be secure?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 24.25909996032715 }, { "question": "Which of the following deals with network intrusion detection and real-time traffic analysis?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 24.26095175743103 }, { "question": "The Message condentiality or privacy means that the sender and the receiver expect", "model_answer": "B", "correct_answer": 1, "is_correct": true, "response_time": 24.09500002861023 }, { "question": "When a wireless user authenticates to any AP, both of them go in the course of four-step authentication progression which is called _____________", "model_answer": "B", "correct_answer": 1, "is_correct": true, "response_time": 24.096105813980103 }, { "question": "Message authentication is a service beyond", "model_answer": "B.", "correct_answer": 1, "is_correct": true, "response_time": 24.103800058364868 }, { "question": "Which of the following are most vulnerable to injection attacks?", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 24.104370832443237 }, { "question": "Assume that a TLS connection has been established successfully between a client and a server. Establishing the session included checking the server certificate and executing a DiffieHelmann exchange, but the client did not provide a client certificate. Further, assume that the client and server are honest, that the client and server don’t leak their keys, and that the cryptography is good. Which of the following attacks does TLS protect against?\n1. An attacker replacing bytes sent by a client with bytes of the attacker’s own choosing.\n2. An attacker reading the plaintext bytes sent by a client.", "model_answer": "A", "correct_answer": 0, "is_correct": true, "response_time": 24.104745864868164 }, { "question": "Which of the following is a Wireless traffic Sniffing tool?", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 24.105140924453735 }, { "question": "A ___________ is a method in which a computer security mechanism is bypassed untraceable for accessing the computer or its information.", "model_answer": "B", "correct_answer": 1, "is_correct": true, "response_time": 24.105618953704834 }, { "question": "Which of the following is not a block cipher operating mode?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 24.105984926223755 }, { "question": "What is a web proxy?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 24.10632300376892 }, { "question": "Buffer-overflow may remain as a bug in apps if __________ are not done fully.", "model_answer": "C.", "correct_answer": 2, "is_correct": true, "response_time": 24.106746912002563 }, { "question": "Applications developed by programming languages like ____ and ______ have this common buffer-overflow error.", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 21.947738885879517 }, { "question": "Encryption and decryption provide secrecy, or condentiality, but not", "model_answer": "D", "correct_answer": 1, "is_correct": false, "response_time": 21.948174715042114 }, { "question": "A/an ___________ is a program that steals your logins & passwords for instant messaging applications.", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 21.948628902435303 }, { "question": "The sub key length at each round of DES is__________", "model_answer": "B.", "correct_answer": 1, "is_correct": true, "response_time": 21.94903564453125 }, { "question": "Which of the following is true of mutation-based fuzzing?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 21.94960379600525 }, { "question": "What are the types of scanning?", "model_answer": "B.", "correct_answer": 1, "is_correct": true, "response_time": 21.949988842010498 }, { "question": "A sender must not be able to deny sending a message that was sent, is known as", "model_answer": "A", "correct_answer": 0, "is_correct": true, "response_time": 21.95032572746277 }, { "question": "A proxy rewall lters at the", "model_answer": "B", "correct_answer": 1, "is_correct": true, "response_time": 21.950655937194824 }, { "question": "Encapsulating Security Payload (ESP) belongs to which Internet Security Protocol?", "model_answer": "B.", "correct_answer": 1, "is_correct": true, "response_time": 21.951029777526855 }, { "question": "A special tool is necessary for entering the network which is _______________ that helps the anonymous internet users to access into the Tor’s network and use various Tor services.", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 21.951546907424927 }, { "question": "How does a buffer overflow on the stack facilitate running attacker-injected code?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 29.794721126556396 }, { "question": "The digest created by a hash function is normally called a", "model_answer": "A", "correct_answer": 0, "is_correct": true, "response_time": 29.79554033279419 }, { "question": "Let F: K \\times R \\to MF:K×R→M be a secure PRF. For m \\in Mm∈M define E(k,m) = \\big[ r \\gets R,\\ \\text{output } \\big(r,\\ F(k,r) \\oplus m\\big)\\ \\big]E(k,m)=[r←R, output (r, F(k,r)⊕m) ] Is EE symantically secure under CPA?", "model_answer": "A", "correct_answer": 2, "is_correct": false, "response_time": 29.795961141586304 }, { "question": "Old operating systems like _______ and NT-based systems have buffer-overflow attack a common vulnerability.", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 29.796375036239624 }, { "question": "What is a replay attack?", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 29.7971613407135 }, { "question": "Statement 1| A U2F USB dongle prevents malware on the user’s computer from stealing the user’s second factor to authenticate as that user even when the user’s computer is turned off. Statement 2| A server using U2F can reliably determine that the user who is attempting to login is indeed behind the computer that sent the login request.", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 29.79824209213257 }, { "question": "____________________ is the anticipation of unauthorized access or break to computers or data by means of wireless networks.", "model_answer": "B.", "correct_answer": 1, "is_correct": true, "response_time": 29.79861807823181 }, { "question": "Which of the following are benefits of penetration testing?", "model_answer": "A", "correct_answer": 0, "is_correct": true, "response_time": 29.799047231674194 }, { "question": "1. _________ framework made cracking of vulnerabilities easy like point and click.", "model_answer": "B", "correct_answer": 1, "is_correct": true, "response_time": 29.79974603652954 }, { "question": "You are given a message (m) and its OTP encryption (c). Can you compute the OTP key from m and c ?", "model_answer": "B.", "correct_answer": 1, "is_correct": true, "response_time": 29.800194025039673 }, { "question": "The openSSL implementation described in “Remote Timing Attacks are Practical” (by Brumley and Boneh) uses the following performance optimizations: Chinese Remainder (CR), Montgomery Representation (MR), Karatsuba Multiplication (KM), and Repeated squaring and Sliding windows (RS). Which of the following options would close the timing channel attack described in the paper if you turned the listed optimizations off?\n1. CR and MR\n2. CR", "model_answer": "D", "correct_answer": 0, "is_correct": false, "response_time": 26.896705150604248 }, { "question": "When the data must arrive at the receiver exactly as they were sent, its called", "model_answer": "B", "correct_answer": 1, "is_correct": true, "response_time": 26.897369146347046 }, { "question": "What is the difference between a direct leak and a side channel?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 26.898292064666748 }, { "question": "A session symmetric key between two parties is used", "model_answer": "A", "correct_answer": 0, "is_correct": true, "response_time": 26.89897918701172 }, { "question": "What is a nop sled", "model_answer": "B", "correct_answer": 1, "is_correct": true, "response_time": 26.899511098861694 }, { "question": "Which Nmap scan is does not completely open a TCP connection?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 26.900341033935547 }, { "question": "Based on the paper “Click Trajectories: End-to-End Analysis of the Spam Value Chain”, which of the following statements are true? “Spammers” here refer to operators of various parts of the “spam value chain.”", "model_answer": "D", "correct_answer": 3, "is_correct": true, "response_time": 26.900910139083862 }, { "question": "In a _____________ attack, the extra data that holds some specific instructions in the memory for actions is projected by a cyber-criminal or penetration tester to crack the system.", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 26.90147829055786 }, { "question": "_______________ is a popular tool used for network analysis in multiprotocol diverse network.", "model_answer": "A.", "correct_answer": 3, "is_correct": false, "response_time": 26.902312994003296 }, { "question": "___________________ is alike as that of Access Point (AP) from 802.11, & the mobile operators uses it for offering signal coverage.", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 26.911902904510498 }, { "question": "A __________ is a sequential segment of the memory location that is allocated for containing some data such as a character string or an array of integers.", "model_answer": "A", "correct_answer": 3, "is_correct": false, "response_time": 22.568212032318115 }, { "question": "Which form of encryption does WPA use?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 22.568522930145264 }, { "question": "Let suppose a search box of an application can take at most 200 words, and you’ve inserted more than that and pressed the search button; the system crashes. Usually this is because of limited __________", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 22.56879210472107 }, { "question": "___________________ began to show up few years back on wireless access points as a new way of adding or connecting new devices.", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 22.569061994552612 }, { "question": "What are the port states determined by Nmap?", "model_answer": "B", "correct_answer": 2, "is_correct": false, "response_time": 22.569326162338257 }, { "question": "Which among the following is the least strong security encryption standard?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 22.569586038589478 }, { "question": "Why is it that the compiler does not know the absolute address of a local variable?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 22.56985306739807 }, { "question": "The stack is memory for storing", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 22.570110082626343 }, { "question": "Can a stream cipher have perfect secrecy?", "model_answer": "A", "correct_answer": 3, "is_correct": false, "response_time": 22.570327043533325 }, { "question": "Which of the following does authorization aim to accomplish?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 22.570533990859985 }, { "question": "The message must be encrypted at the sender site and decrypted at the", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 25.59943199157715 }, { "question": "A _________________ may be a hidden part of a program, a separate infected program a Trojan in disguise of an executable or code in the firmware of any system’s hardware.", "model_answer": "B.", "correct_answer": 2, "is_correct": false, "response_time": 25.599844932556152 }, { "question": "How is IP address spoofing detected?", "model_answer": "A.", "correct_answer": 1, "is_correct": false, "response_time": 25.600476026535034 }, { "question": "Which of the following is not an example of presentation layer issues?", "model_answer": "C.", "correct_answer": 3, "is_correct": false, "response_time": 25.600978136062622 }, { "question": "Suppose Unix did not provide a way of passing file descriptors between processes, but still allowed inheriting file descriptors from a parent on fork and exec. What aspects of the OKWS design would break without file descriptor passing?\n1. It would be impossible for services to send messages to oklogd.\n2. It would be impossible for services to get a TCP connection to a database proxy.", "model_answer": "A", "correct_answer": 1, "is_correct": false, "response_time": 25.60161304473877 }, { "question": "Why would a ping sweep be used?", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 25.602034091949463 }, { "question": "The four Primary Security Principles related to messages are", "model_answer": "A.", "correct_answer": 0, "is_correct": true, "response_time": 25.602517127990723 }, { "question": "What was the first buffer overflow attack?", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 25.602976083755493 }, { "question": "The ______________ can cost you money, by sending text messages from your mobile phone numbers.", "model_answer": "C", "correct_answer": 2, "is_correct": true, "response_time": 25.60373306274414 }, { "question": "Three of the following are classic security properties; which one is not?", "model_answer": "C.", "correct_answer": 1, "is_correct": false, "response_time": 25.604313850402832 } ] }