0,1,2,3,4,5,correct,choiceA_probs,choiceB_probs,choiceC_probs,choiceD_probs Which of the following styles of fuzzer is more likely to explore paths covering every line of code in the following program?,Generational,Blackbox,Whitebox,Mutation-based,C,False,0.46214741468429565,0.21830299496650696,0.15003730356693268,0.11684916913509369 "Assume that a TLS connection has been established successfully between a client and a server. Establishing the session included checking the server certificate and executing a DiffieHelmann exchange, but the client did not provide a client certificate. Further, assume that the client and server are honest, that the client and server don’t leak their keys, and that the cryptography is good. Which of the following attacks does TLS protect against? 1. An attacker replaying bytes that a client sent earlier. 2. An attacker impersonating the server.","True, True","False, False","True, False","False, True",A,True,0.2596377432346344,0.1574782431125641,0.1574782431125641,0.12264418601989746 MIT’s Kerberos KDC server has a maximum ticket lifetime of 24 hours (for most user principals). What ensures that an expired Kerberos ticket can no longer be used?,The Kerberos server (KDC) refuses to establish new connections between clients and servers for expired tickets.,"When a client connects to a server, the server sets a 24-hour timer to terminate the connection, which ensures a client cannot remain connected past the ticket’s maximum lifetime.","When a client connects to a server, the server compares the ticket’s expiration time to the server’s current clock, and refuses to authenticate the user if the ticket expiration time is in the past.","When a client connects to a server, the server sends a query to the KDC to check if the ticket is still valid with respect to the KDC’s clock, and refuses to authenticate the user if the KDC reports that the ticket is expired.",C,False,0.657682478427887,0.14674881100654602,0.10085888206958771,0.07854897528886795 "In Message Condentiality, the transmitted message must make sense to only intended",Receiver,Sender,Modulor,Translator,A,True,0.5990774035453796,0.15147048234939575,0.11796532571315765,0.04339702054858208 Which of the following is a remote Trojan?,Troya,DaCryptic,BankerA,Game-Troj,A,True,0.3317006230354309,0.29272475838661194,0.2279742956161499,0.12202585488557816 ______________ is a widespread app’s coding mistake made by developers which could be exploited by an attacker for gaining access or malfunctioning your system.,Memory leakage,Buffer-overrun,Less processing power,Inefficient programming,B,True,0.01741066947579384,0.21210536360740662,0.003884845180436969,0.0007649713661521673 "Consider the paper Native Client: A Sandbox for Portable, Untrusted x86 Native Code by Yee et al. Ben Bitdiddle notes that NaCl uses Intel x86 segmentation to ensure that the sandboxed module does not read or write memory outside its own data area, and does not execute instructions outside its own code. Ben thinks that with these restrictions alone, executing the sandboxed module must be safe; that is, he thinks validation is not needed. Ben is wrong. Circle the types of x86 machine instructions that the validator always forbids in sandboxed code. Please ignore trampoline and springboard code.",all instructions that modify segment state,all loads or stores to addresses that are not 0 mod 32,all indirect loads or stores (via an address in a register or variable),all indirect jumps (via an address in a register or variable),A,False,0.14075766503810883,0.06648921221494675,0.18073640763759613,0.23207014799118042 ____________ is also a part of darknet that is employed for transferring files anonymously.,Freenet,ARPANET,Stuxnet,Internet,A,True,0.33324867486953735,0.20212553441524506,0.17837516963481903,0.22903823852539062 "Why apps developed in languages like C, C++ is prone to Buffer-overflow?",No string boundary checks in predefined functions,No storage check in the external memory,No processing power check,No database check,A,True,0.8198938965797424,0.06730099022388458,0.017016353085637093,0.01169515773653984 Man in the middle attack can endanger the security of Diffie Hellman method if two parties are not,Joined,Authenticated,Submitted,Shared,B,False,0.397469162940979,0.3095493018627167,0.1138768196105957,0.12903934717178345 An integer overflow occurs when,"an integer expression's result ""wraps around""; instead of creating a very large number, a very small (or negative) number ends up getting created",an integer is used as if it was a pointer,an integer is used to access a buffer outside of the buffer's bounds,there is no more space to hold integers in the program,D,False,0.6676530241966248,0.11602068692445755,0.13146866858005524,0.042681626975536346 "Let HH be a Merkle-Damgard hash function is H:X^{\leq L} \to TH:X^≤L →T. Construct a MAC from this HH as follows: \ \ S(k,m) = H(k \| m) S(k,m)=H(k∥m). This mac is insecure because:",Given H(k \| m)H(k∥m) anyone can compute H(w \| k \| m \| \text{PB})H(w∥k∥m∥PB) for any ww,Given H(k \| m)H(k∥m) anyone can compute H(k \| m \| w)H(k∥m∥w) for any ww,Given H(k \| m)H(k∥m) anyone can compute H(k \| m \| \text{PB} \| w)H(k∥m∥PB∥w) for any ww,Anyone can compute H( k \| m )H(k∥m) for any mm,C,False,0.3167315721511841,0.24667079746723175,0.24667079746723175,0.1496134102344513 "Suppose that Alice and Bob sent confidential text messages to one another last month through an encrypted messaging system. Alice and Bob are worried that an adversary might compromise one of their computers today, while they are taking the 6.858 final exam, and would then be able to decrypt those messages. Which of the following security properties can address Alice and Bob’s concern?",Authentication.,Deniability.,Forward secrecy,Backward secrecy.,C,True,0.14648550748825073,0.2736709713935852,0.3514004647731781,0.18809112906455994 "The AH Protocol provides source authentication and data integrity, but not",Integrity,Privacy,Nonrepudiation,Both A & C,B,False,0.3006684482097626,0.16093622148036957,0.16093622148036957,0.34070196747779846 Which of the following is not a security exploit?,Eavesdropping,Cross-site scripting,Authentication,SQL Injection,C,False,0.3566749691963196,0.1909143626689911,0.1909143626689911,0.1909143626689911 _______________ is the central node of 802.11 wireless operations.,WPA,Access Point,WAP,Access Port,B,True,0.19659806787967682,0.686194658279419,0.020721282809972763,0.004623543005436659 In MD-5 the length of the message digest is,160,128,64,54,B,False,0.3838174343109131,0.29891732335090637,0.10996554046869278,0.031505655497312546 What is Nmap?,"It is a scanner which works by injecting packets to a range of addresses, and inferring what hosts and services might be at those addresses, based on the responses",It is a network fuzz testing tool,It is a map of the Internet,"It is a suite of tools for scripting attacks: probe, construct, encode, inject, wait for response",A,False,0.23884733021259308,0.04703182727098465,0.09956637024879456,0.5729649662971497 How do you prevent SQL injection?,Escape queries,Interrupt requests,Merge tables,All of the above,A,True,0.3639454245567322,0.07166510075330734,0.11815577745437622,0.2834409773349762 "What does it mean to ""be stealthy"" during a penetration test?",Performing the tests from an undisclosed location,Using encryption during tests to make the source of attacks impossible to determine,Performing penetration testing without the target organization knowing,"Taking care to avoid activities during a penetration test that might attract attention, e.g., by operators or IDS services",D,True,0.018881691619753838,0.05132575333118439,0.1086566224694252,0.8028699159622192 Which of the following is not a transport layer vulnerability?,"Mishandling of undefined, poorly defined variables",The Vulnerability that allows “fingerprinting” & other enumeration of host information,Overloading of transport-layer mechanisms,Unauthorized network access,D,False,0.32944387197494507,0.19981780648231506,0.2264232486486435,0.17633859813213348 "In Brumley and Boneh’s paper on side-channel attacks, why does blinding prevent the timing attack from working?","Blinding prevents the server from using the CRT optimization, which is essential to the timing attack.","Blinding changes the p and q primes that are used, so an adversary cannot learn the server’s true p and q values.","Blinding randomizes the ciphertext being decrypted, thus obscuring the correlation between an adversary’s input and the timing differences.","Blinding adds a random amount of time to the decryption due to the multiplication and division by the blinding random value r, which obscures the timing differences used in the attack.",C,True,0.037800583988428116,0.10275262594223022,0.5218209028244019,0.16941045224666595 "The openSSL implementation described in “Remote Timing Attacks are Practical” (by Brumley and Boneh) uses the following performance optimizations: Chinese Remainder (CR), Montgomery Representation (MR), Karatsuba Multiplication (KM), and Repeated squaring and Sliding windows (RS). Which of the following options would close the timing channel attack described in the paper if you turned the listed optimizations off? 1. RS and KM 2. RS and MR","True, True","False, False","True, False","False, True",D,False,0.23890039324760437,0.18605580925941467,0.2707096040248871,0.14490041136741638 Public key encryption is advantageous over Symmetric key Cryptography because of,Speed,Space,Key exchange,Key length,C,True,0.19298198819160461,0.15029452741146088,0.40854284167289734,0.19298198819160461 The __________ was a huge marketplace of Dark Web specifically famous for selling of illegal drugs & narcotics as well as you can find a wide range of other goods for sale.,Silk Road,Cotton Road,Dark Road,Drug Road,A,True,0.951560378074646,0.025358224287629128,0.008232610300183296,0.004406599327921867 The ______________ is categorized as an unknown segment of the Deep Web which has been purposely kept hidden & is inaccessible using standard web browsers.,Haunted web,World Wide Web,Dark web,Surface web,C,True,0.00876239500939846,0.05042410269379616,0.8937885761260986,0.01637030951678753 What does EXE do when the STP solver times out on a constraint query for a particular path?,Assume that the query is satisfiable and continue executing the path.,Assume that the query is not satisfiable and stop executing the path,"Restart STP and retry the query, up to a limited number of retries.",Remove a subset of the constraints and retry the query.,B,False,0.15689359605312347,0.22827881574630737,0.5476124286651611,0.03500768914818764 To verify a digital signature we need the,Sender’s Private key,Sender’s Public key,Receiver’s Private key,Receiver’s Public key,B,False,0.4831949770450592,0.29307258129119873,0.07410035282373428,0.039663057774305344 Suppose you want to use fuzzing on a program to try to find memory errors; which of the following statements is true?,"You should not use a grammar-based fuzzer, because its adherence to the grammar means it will not find memory errors",Compiling the program with address sanitizer (ASAN) will make errors harder to reproduce,Compiling the program with address sanitizer (ASAN) will make the source of a memory error easier to find,"Fuzzing doesn't find memory errors, it finds crashes and hangs",C,True,0.21158969402313232,0.21158969402313232,0.39530158042907715,0.1647862195968628 "Based on the paper “SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificates trust model enhancements”, which of the following statements are false?",Valid DV certificates provide more confidence to a user that she is connecting to the intended party than valid EV certificates.,OCSP stapling allows a server to prove to a browser that its certificate hasn’t been revoked.,DANE makes it difficult for an adversary to launch a SSL stripping attack.,Server key-pinning makes it harder for an adversary to convince a CA to mint a certificate for a site and launch an MITM attack on that site.,A,False,0.1983475685119629,0.1544732302427292,0.25468331575393677,0.37056201696395874 What tool can be used to perform SNMP enumeration?,DNSlookup,Whois,Nslookup,IP Network Browser,D,False,0.2740936577320099,0.3105888068675995,0.21346436440944672,0.14671176671981812 Which among them has the strongest wireless security?,WEP,WPA,WPA2,WPA3,D,False,0.12056940048933029,0.19878533482551575,0.37137988209724426,0.22525329887866974 "Suppose Unix did not provide a way of passing file descriptors between processes, but still allowed inheriting file descriptors from a parent on fork and exec. What aspects of the OKWS design would break without file descriptor passing? 1. It would be impossible for services to get a TCP connection to the client web browser. 2. It would be impossible for okd to run as a non-root user.","True, True","False, False","True, False","False, True",C,False,0.3177836835384369,0.28044313192367554,0.21840932965278625,0.1031692624092102 Failed sessions allow brute-force attacks on access credentials. This type of attacks are done in which layer of the OSI model?,Physical layer,Data-link Layer,Session layer,Presentation layer,C,True,0.03182714805006981,0.059460945427417755,0.8208330273628235,0.05247409641742706 Which of the following is an authentication method?,Secret question,Biometric,SMS code,All of the above,D,True,0.11046003550291061,0.18211781978607178,0.11046003550291061,0.49504750967025757 "When does a buffer overflow occur, generally speaking?",when writing to a pointer that has been freed,when copying a buffer from the stack to the heap,when a pointer is used to access memory not allocated to it,"when the program notices a buffer has filled up, and so starts to reject requests",C,False,0.11306769400835037,0.44719141721725464,0.21123827993869781,0.0534094013273716 A digital signature needs a,Private-key system,Shared-key system,Public-key system,All of them,C,True,0.20635220408439636,0.1607072651386261,0.4950132369995117,0.0974738746881485 A packet filter firewall filters at the,Application or transport,Data link layer,Physical Layer,Network or transport layer,D,False,0.2266979068517685,0.13749921321868896,0.3298434913158417,0.2266979068517685 "Let I = (S,V)I=(S,V) be a MAC. Suppose S(k,m)S(k,m) is always 5 bits long. Can this MAC be secure?","No, an attacker can simply guess the tag for messages",It depends on the details of the MAC,"Yes, the attacker cannot generate a valid tag for any message","Yes, the PRG is pseudorandom",A,False,0.11153019964694977,0.11153019964694977,0.5663971304893494,0.1432076096534729 Which of the following deals with network intrusion detection and real-time traffic analysis?,John the Ripper,L0phtCrack,Snort,Nessus,C,True,0.08451346307992935,0.22973141074180603,0.55109703540802,0.08451346307992935 The Message condentiality or privacy means that the sender and the receiver expect,Integrity,Condentiality,Authentication,Nonrepudiation,B,True,0.21265146136283875,0.5780465602874756,0.10044942051172256,0.01745549403131008 "When a wireless user authenticates to any AP, both of them go in the course of four-step authentication progression which is called _____________",AP-handshaking,4-way handshake,4-way connection,wireless handshaking,B,True,0.07685534656047821,0.8262728452682495,0.010401240549981594,0.046615127474069595 Message authentication is a service beyond,Message Condentiality,Message Integrity,Message Splashing,Message Sending,B,True,0.30348271131515503,0.389679491519928,0.059759289026260376,0.05273738503456116 Which of the following are most vulnerable to injection attacks?,Session IDs,Registry keys,Network communications,SQL queries based on user input,D,True,0.04848257079720497,0.033321548253297806,0.21728378534317017,0.6692811846733093 "Assume that a TLS connection has been established successfully between a client and a server. Establishing the session included checking the server certificate and executing a DiffieHelmann exchange, but the client did not provide a client certificate. Further, assume that the client and server are honest, that the client and server don’t leak their keys, and that the cryptography is good. Which of the following attacks does TLS protect against? 1. An attacker replacing bytes sent by a client with bytes of the attacker’s own choosing. 2. An attacker reading the plaintext bytes sent by a client.","True, True","False, False","True, False","False, True",A,True,0.25686708092689514,0.15579776465892792,0.1765419989824295,0.12133542448282242 Which of the following is a Wireless traffic Sniffing tool?,Maltego,BurpSuit,Nessus,Wireshark,D,True,0.08858633041381836,0.3091966509819031,0.047416843473911285,0.39701637625694275 A ___________ is a method in which a computer security mechanism is bypassed untraceable for accessing the computer or its information.,front-door,backdoor,clickjacking,key-logging,B,True,0.07707403600215912,0.7312581539154053,0.0038372904527932405,0.0009702189709059894 Which of the following is not a block cipher operating mode?,ECB,CFB,CBF,CBC,C,False,0.2228369116783142,0.1192760020494461,0.2228369116783142,0.36739596724510193 What is a web proxy?,A piece of software that intercepts and possibly modifies requests (and responses) between a web browser and web server,An agent that makes decisions on the client's behalf when interacting with web applications,"A piece of software that makes a web application look like a standalone application, making it easier to test","A simulator for the web, for use when off-line",A,True,0.9666846394538879,0.013789014890789986,0.0021146140061318874,0.0003674648469313979 Buffer-overflow may remain as a bug in apps if __________ are not done fully.,boundary hacks,memory checks,boundary checks,buffer checks,C,False,0.14740942418575287,0.40070030093193054,0.3120657205581665,0.061449386179447174 Applications developed by programming languages like ____ and ______ have this common buffer-overflow error.,"C, Ruby","Python, Ruby","C, C++","Tcl, C#",C,True,0.26108112931251526,0.23040327429771423,0.37987077236175537,0.09604637324810028 "Encryption and decryption provide secrecy, or condentiality, but not",Authentication,Integrity,Privacy,All of the above,B,False,0.14225423336029053,0.14225423336029053,0.30115219950675964,0.34125015139579773 A/an ___________ is a program that steals your logins & passwords for instant messaging applications.,IM – Trojans,Backdoor Trojans,Trojan-Downloader,Ransom Trojan,A,True,0.49370139837265015,0.2994450330734253,0.12482726573944092,0.035763610154390335 The sub key length at each round of DES is__________,32,56,48,64,B,False,0.24111369252204895,0.1877795308828354,0.35081833600997925,0.07827815413475037 Which of the following is true of mutation-based fuzzing?,It generates each different input by modifying a prior input,It works by making small mutations to the target program to induce faults,Each input is mutation that follows a given grammar,"It only makes sense for file-based fuzzing, not network-based fuzzing",A,False,0.19109167158603668,0.7557821869850159,0.02586144395172596,0.007409428246319294 What are the types of scanning?,"Port, network, and services","Network, vulnerability, and port ","Passive, active, and interactive","Server, client, and network",B,False,0.36413517594337463,0.15179412066936493,0.36413517594337463,0.06327719986438751 "A sender must not be able to deny sending a message that was sent, is known as",Message Nonrepudiation,Message Integrity,Message Condentiality,Message Sending,A,True,0.7632809281349182,0.03353622555732727,0.038001518696546555,0.00960828922688961 A proxy rewall lters at the,Physical layer,Application layer,Data link layer,Network layer,B,False,0.1842755526304245,0.14351396262645721,0.39011135697364807,0.20881156623363495 Encapsulating Security Payload (ESP) belongs to which Internet Security Protocol?,Secure Socket Layer Protocol,Secure IP Protocol,Secure Http Protocol,Transport Layer Security Protocol,B,False,0.20060725510120392,0.15623310208320618,0.09476015716791153,0.424685537815094 A special tool is necessary for entering the network which is _______________ that helps the anonymous internet users to access into the Tor’s network and use various Tor services.,Opera browser,Firefox,Chrome,Tor browser,D,True,0.01308407261967659,0.014826196245849133,0.03556619584560394,0.7143661379814148 How does a buffer overflow on the stack facilitate running attacker-injected code?,By overwriting the return address to point to the location of that code,By writing directly to the instruction pointer register the address of the code,By writing directly to %eax the address of the code,"By changing the name of the running executable, stored on the stack",A,True,0.6212456226348877,0.13861863315105438,0.012893540784716606,0.0053748274222016335 The digest created by a hash function is normally called a,Modication detection code (MDC),Modify authentication connection,Message authentication control,Message authentication cipher,A,False,0.15298697352409363,0.10514631122350693,0.4712330400943756,0.2225947380065918 "Let F: K \times R \to MF:K×R→M be a secure PRF. For m \in Mm∈M define E(k,m) = \big[ r \gets R,\ \text{output } \big(r,\ F(k,r) \oplus m\big)\ \big]E(k,m)=[r←R, output (r, F(k,r)⊕m) ] Is EE symantically secure under CPA?","Yes, whenever F is a secure PRF","No, there is always a CPA attack on this system","Yes, but only if R is large enough so r never repeats (w.h.p)",It depends on what F is used,C,False,0.3235839903354645,0.415490061044693,0.15285027027130127,0.049623213708400726 Old operating systems like _______ and NT-based systems have buffer-overflow attack a common vulnerability.,Windows 7,Chrome,IOS12,UNIX,D,True,0.20252364873886108,0.20252364873886108,0.17872649431228638,0.3783639967441559 What is a replay attack?,When the attacker replies to a message sent to it by the system,"An attack that continuously repeats, probing for a weakness",An attack that uses the system's own messages and so cannot be defended against,"The attacker resends a captured message, and the site accept its and responds in the attacker's favor",D,True,0.11084480583667755,0.12560361623764038,0.08632602542638779,0.6378678679466248 Statement 1| A U2F USB dongle prevents malware on the user’s computer from stealing the user’s second factor to authenticate as that user even when the user’s computer is turned off. Statement 2| A server using U2F can reliably determine that the user who is attempting to login is indeed behind the computer that sent the login request.,"True, True","False, False","True, False","False, True",C,False,0.3926776349544525,0.2101851999759674,0.1854877769947052,0.14445804059505463 ____________________ is the anticipation of unauthorized access or break to computers or data by means of wireless networks.,Wireless access,Wireless security,Wired Security,Wired device apps,B,True,0.13600704073905945,0.3697054982185364,0.01840655319392681,0.011164138093590736 Which of the following are benefits of penetration testing?,Results are often reproducible,Full evidence of security: a clean test means a secure system,Compositionality of security properties means tested components are secure even if others change,Makes an adversarial neural network converge more quickly,A,True,0.5989454388618469,0.13364280760288239,0.07153383642435074,0.15143713355064392 1. _________ framework made cracking of vulnerabilities easy like point and click.,.Net,Metasploit,Zeus,Ettercap,B,True,0.14434722065925598,0.7330557107925415,0.046862684190273285,0.015214085578918457 You are given a message (m) and its OTP encryption (c). Can you compute the OTP key from m and c ?,"No, I cannot compute the key.","Yes, the key is k = m xor c.",I can only compute half the bits of the key.,"Yes, the key is k = m xor m.",B,True,0.030497519299387932,0.8912681937217712,0.0077109807170927525,0.04437362775206566 "The openSSL implementation described in “Remote Timing Attacks are Practical” (by Brumley and Boneh) uses the following performance optimizations: Chinese Remainder (CR), Montgomery Representation (MR), Karatsuba Multiplication (KM), and Repeated squaring and Sliding windows (RS). Which of the following options would close the timing channel attack described in the paper if you turned the listed optimizations off? 1. CR and MR 2. CR","True, True","False, False","True, False","False, True",A,False,0.17428936064243317,0.2237919569015503,0.2237919569015503,0.1538098156452179 "When the data must arrive at the receiver exactly as they were sent, its called",Message Condentiality,Message Integrity,Message Splashing,Message Sending,B,False,0.39437922835350037,0.27105262875556946,0.05337342619895935,0.04156726226210594 What is the difference between a direct leak and a side channel?,"A direct leak creates a denial of service by failing to free memory, while a channel frees memory as a side effect","A direct leak is one that is intentional, rather than by unintentional","A direct leak comes via the software system's intended interaction mechanism, where as a side channel leak comes from measurements of other system features, like timing, power usage, or space usage",There is no difference,C,True,0.2608770728111267,0.04000679403543472,0.6258115768432617,0.021414093673229218 A session symmetric key between two parties is used,Only once,Twice,Multiple times,Conditions dependant,A,False,0.24929766356945038,0.19415321946144104,0.4110223650932312,0.10392272472381592 What is a nop sled,It is an anonymous version of a mop sled,"It is a sequence of nops preceding injected shellcode, useful when the return address is unknown",It is a method of removing zero bytes from shellcode,It is another name for a branch instruction at the end of sequence of nops,B,True,0.2355552762746811,0.6403055787086487,0.046383582055568695,0.01706356555223465 Which Nmap scan is does not completely open a TCP connection?,SYN stealth scan,TCP connect,XMAS tree scan,ACK scan,A,True,0.5037081241607666,0.18530388176441193,0.11239247769117355,0.07724614441394806 "Based on the paper “Click Trajectories: End-to-End Analysis of the Spam Value Chain”, which of the following statements are true? “Spammers” here refer to operators of various parts of the “spam value chain.”",Spammers run their spam-advertised web sites on compromised user machines that are part of a botnet.,Spammers need to register domain names in order for their spam-based advertisements to be effective.,There is a high cost for spammers to switch acquiring banks.,B and C,D,True,0.03077859804034233,0.13794009387493134,0.09480475634336472,0.7005176544189453 "In a _____________ attack, the extra data that holds some specific instructions in the memory for actions is projected by a cyber-criminal or penetration tester to crack the system.",Phishing,MiTM,Buffer-overflow,Clickjacking,C,False,0.10915965586900711,0.3810046315193176,0.3810046315193176,0.027599884197115898 _______________ is a popular tool used for network analysis in multiprotocol diverse network.,Snort,SuperScan,Burp Suit,EtterPeak,D,False,0.6358125805854797,0.18216335773468018,0.07593698799610138,0.021756310015916824 "___________________ is alike as that of Access Point (AP) from 802.11, & the mobile operators uses it for offering signal coverage.",Base Signal Station,Base Transmitter Station,Base Transceiver Station,Transceiver Station,C,False,0.119893878698349,0.36929914355278015,0.2876104712486267,0.016225872561335564 A __________ is a sequential segment of the memory location that is allocated for containing some data such as a character string or an array of integers.,stack,queue,external storage,buffer,D,True,0.2849496901035309,0.07204655557870865,0.030033474788069725,0.36588263511657715 Which form of encryption does WPA use?,Shared key,LEAP,TKIP,AES,C,True,0.17499296367168427,0.056811895221471786,0.4197863042354584,0.32692989706993103 "Let suppose a search box of an application can take at most 200 words, and you’ve inserted more than that and pressed the search button; the system crashes. Usually this is because of limited __________",buffer,external storage,processing power,local storage,A,True,0.4265346825122833,0.17780610918998718,0.15691335499286652,0.08398965001106262 ___________________ began to show up few years back on wireless access points as a new way of adding or connecting new devices.,WPA2,WPA,WPS,WEP,C,True,0.16422723233699799,0.30681684613227844,0.3476690351963043,0.12790030241012573 What are the port states determined by Nmap?,"Active, inactive, standby","Open, half-open, closed ","Open, filtered, unfiltered","Active, closed, unused",C,False,0.08353251218795776,0.7925344705581665,0.02711903676390648,0.007769735064357519 Which among the following is the least strong security encryption standard?,WEP,WPA,WPA2,WPA3,A,False,0.1821901500225067,0.1821901500225067,0.2064484804868698,0.30038076639175415 Why is it that the compiler does not know the absolute address of a local variable?,Programs are not allowed to reference memory using absolute addresses,The size of the address depends on the architecture the program will run on,"As a stack-allocated variable, it could have different addresses depending on when its containing function is called",Compiler writers are not very good at that sort of thing,C,True,0.1609499305486679,0.2066638022661209,0.4957606792449951,0.05921017378568649 The stack is memory for storing,Local variables,Program code,Dynamically linked libraries,Global variables,A,True,0.405953586101532,0.405953586101532,0.10264114290475845,0.022902335971593857 Can a stream cipher have perfect secrecy?,"Yes, if the PRG is really “secure”","No, there are no ciphers with perfect secrecy","Yes, every cipher has perfect secrecy","No, since the key is shorter than the message",D,False,0.3898621201515198,0.1841578334569931,0.3036249279975891,0.06774787604808807 Which of the following does authorization aim to accomplish?,Restrict what operations/data the user can access,Determine if the user is an attacker,Flag the user if he/she misbehaves,Determine who the user is,A,True,0.7708757519721985,0.04928043484687805,0.038379643112421036,0.10432668030261993 The message must be encrypted at the sender site and decrypted at the,Sender Site,Site,Receiver site,Conferencing,C,False,0.40651935338974,0.14955012500286102,0.21759413182735443,0.13197751343250275 "A _________________ may be a hidden part of a program, a separate infected program a Trojan in disguise of an executable or code in the firmware of any system’s hardware.",crypter,virus,backdoor,key-logger,C,False,0.28042203187942505,0.31775981187820435,0.31775981187820435,0.026083312928676605 How is IP address spoofing detected?,Installing and configuring a IDS that can read the IP header,Comparing the TTL values of the actual and spoofed addresses,Implementing a firewall to the network,Identify all TCP sessions that are initiated but does not complete successfully,B,False,0.29357337951660156,0.22863517701625824,0.29357337951660156,0.13867424428462982 Which of the following is not an example of presentation layer issues?,Poor handling of unexpected input can lead to the execution of arbitrary instructions,Unintentional or ill-directed use of superficially supplied input,Cryptographic flaws in the system may get exploited to evade privacy,Weak or non-existent authentication mechanisms,D,True,0.1263856738805771,0.16228242218494415,0.1115349531173706,0.5664212703704834 "Suppose Unix did not provide a way of passing file descriptors between processes, but still allowed inheriting file descriptors from a parent on fork and exec. What aspects of the OKWS design would break without file descriptor passing? 1. It would be impossible for services to send messages to oklogd. 2. It would be impossible for services to get a TCP connection to a database proxy.","True, True","False, False","True, False","False, True",B,False,0.32298338413238525,0.28503185510635376,0.1958993375301361,0.11881896108388901 Why would a ping sweep be used?,To identify live systems,To locate live systems,To identify open ports,To locate firewalls,A,True,0.6917325258255005,0.07290807366371155,0.03902488201856613,0.008707627654075623 The four Primary Security Principles related to messages are,"Confidentiality, Integrity, Non repudiation and Authentication","Confidentiality, Access Control, Integrity, Non repudiation","Authentication, Authorization, Availability, Integrity","Availability, Authorization, Confidentiality, Integrity",A,True,0.45287811756134033,0.14702799916267395,0.11450552195310593,0.24240820109844208 What was the first buffer overflow attack?,Love Bug,SQL Slammer,Morris Worm,Code Red,C,False,0.4697181284427643,0.2514220178127289,0.11876334249973297,0.08162476867437363 "The ______________ can cost you money, by sending text messages from your mobile phone numbers.",IM – Trojans,Backdoor Trojans,SMS Trojan,Ransom Trojan,C,True,0.23319405317306519,0.1248197928071022,0.5594034790992737,0.03576146438717842 Three of the following are classic security properties; which one is not?,Confidentiality,Availability,Correctness,Integrity,B,True,0.20746318995952606,0.2663879990577698,0.2663879990577698,0.183085635304451