0,1,2,3,4,5,correct,choiceA_probs,choiceB_probs,choiceC_probs,choiceD_probs Which of the following styles of fuzzer is more likely to explore paths covering every line of code in the following program?,Generational,Blackbox,Whitebox,Mutation-based,C,False,0.32743462920188904,0.17526313662528992,0.08278843760490417,0.17526313662528992 "Assume that a TLS connection has been established successfully between a client and a server. Establishing the session included checking the server certificate and executing a DiffieHelmann exchange, but the client did not provide a client certificate. Further, assume that the client and server are honest, that the client and server don’t leak their keys, and that the cryptography is good. Which of the following attacks does TLS protect against? 1. An attacker replaying bytes that a client sent earlier. 2. An attacker impersonating the server.","True, True","False, False","True, False","False, True",A,True,0.22231881320476532,0.17314206063747406,0.06369540840387344,0.15279734134674072 MIT’s Kerberos KDC server has a maximum ticket lifetime of 24 hours (for most user principals). What ensures that an expired Kerberos ticket can no longer be used?,The Kerberos server (KDC) refuses to establish new connections between clients and servers for expired tickets.,"When a client connects to a server, the server sets a 24-hour timer to terminate the connection, which ensures a client cannot remain connected past the ticket’s maximum lifetime.","When a client connects to a server, the server compares the ticket’s expiration time to the server’s current clock, and refuses to authenticate the user if the ticket expiration time is in the past.","When a client connects to a server, the server sends a query to the KDC to check if the ticket is still valid with respect to the KDC’s clock, and refuses to authenticate the user if the KDC reports that the ticket is expired.",C,False,0.4367417097091675,0.20630218088626862,0.06697650998830795,0.16066831350326538 "In Message Condentiality, the transmitted message must make sense to only intended",Receiver,Sender,Modulor,Translator,A,True,0.3820381760597229,0.1804620623588562,0.10945577174425125,0.12402963638305664 Which of the following is a remote Trojan?,Troya,DaCryptic,BankerA,Game-Troj,A,False,0.22169151902198792,0.25120940804481506,0.17265354096889496,0.17265354096889496 ______________ is a widespread app’s coding mistake made by developers which could be exploited by an attacker for gaining access or malfunctioning your system.,Memory leakage,Buffer-overrun,Less processing power,Inefficient programming,B,True,0.06403291970491409,0.2869756519794464,0.01619005762040615,0.011127253994345665 "Consider the paper Native Client: A Sandbox for Portable, Untrusted x86 Native Code by Yee et al. Ben Bitdiddle notes that NaCl uses Intel x86 segmentation to ensure that the sandboxed module does not read or write memory outside its own data area, and does not execute instructions outside its own code. Ben thinks that with these restrictions alone, executing the sandboxed module must be safe; that is, he thinks validation is not needed. Ben is wrong. Circle the types of x86 machine instructions that the validator always forbids in sandboxed code. Please ignore trampoline and springboard code.",all instructions that modify segment state,all loads or stores to addresses that are not 0 mod 32,all indirect loads or stores (via an address in a register or variable),all indirect jumps (via an address in a register or variable),A,False,0.09923281520605087,0.09923281520605087,0.11244549602270126,0.2697427272796631 ____________ is also a part of darknet that is employed for transferring files anonymously.,Freenet,ARPANET,Stuxnet,Internet,A,False,0.18212665617465973,0.16072620451450348,0.110465407371521,0.3002760708332062 "Why apps developed in languages like C, C++ is prone to Buffer-overflow?",No string boundary checks in predefined functions,No storage check in the external memory,No processing power check,No database check,A,True,0.5555493235588074,0.15916754305362701,0.03551507741212845,0.05855446681380272 Man in the middle attack can endanger the security of Diffie Hellman method if two parties are not,Joined,Authenticated,Submitted,Shared,B,True,0.20670683681964874,0.26541683077812195,0.12537404894828796,0.26541683077812195 An integer overflow occurs when,"an integer expression's result ""wraps around""; instead of creating a very large number, a very small (or negative) number ends up getting created",an integer is used as if it was a pointer,an integer is used to access a buffer outside of the buffer's bounds,there is no more space to hold integers in the program,D,False,0.4387093484401703,0.16139216721057892,0.07623624801635742,0.11092309653759003 "Let HH be a Merkle-Damgard hash function is H:X^{\leq L} \to TH:X^≤L →T. Construct a MAC from this HH as follows: \ \ S(k,m) = H(k \| m) S(k,m)=H(k∥m). This mac is insecure because:",Given H(k \| m)H(k∥m) anyone can compute H(w \| k \| m \| \text{PB})H(w∥k∥m∥PB) for any ww,Given H(k \| m)H(k∥m) anyone can compute H(k \| m \| w)H(k∥m∥w) for any ww,Given H(k \| m)H(k∥m) anyone can compute H(k \| m \| \text{PB} \| w)H(k∥m∥PB∥w) for any ww,Anyone can compute H( k \| m )H(k∥m) for any mm,C,False,0.20746134221553802,0.20746134221553802,0.16157105565071106,0.26638564467430115 "Suppose that Alice and Bob sent confidential text messages to one another last month through an encrypted messaging system. Alice and Bob are worried that an adversary might compromise one of their computers today, while they are taking the 6.858 final exam, and would then be able to decrypt those messages. Which of the following security properties can address Alice and Bob’s concern?",Authentication.,Deniability.,Forward secrecy,Backward secrecy.,C,False,0.11154977977275848,0.23615087568759918,0.23615087568759918,0.14323274791240692 "The AH Protocol provides source authentication and data integrity, but not",Integrity,Privacy,Nonrepudiation,Both A & C,B,False,0.19845309853553772,0.19845309853553772,0.10622428357601166,0.37075918912887573 Which of the following is not a security exploit?,Eavesdropping,Cross-site scripting,Authentication,SQL Injection,C,False,0.12436619400978088,0.1409253627061844,0.10975278168916702,0.43408066034317017 _______________ is the central node of 802.11 wireless operations.,WPA,Access Point,WAP,Access Port,B,True,0.20072606205940247,0.4815167784690857,0.03488096222281456,0.030782338231801987 In MD-5 the length of the message digest is,160,128,64,54,B,False,0.2830379009246826,0.24978007376194,0.07156319171190262,0.1179877519607544 What is Nmap?,"It is a scanner which works by injecting packets to a range of addresses, and inferring what hosts and services might be at those addresses, based on the responses",It is a network fuzz testing tool,It is a map of the Internet,"It is a suite of tools for scripting attacks: probe, construct, encode, inject, wait for response",A,True,0.33442422747612,0.09581415355205536,0.05811421573162079,0.33442422747612 How do you prevent SQL injection?,Escape queries,Interrupt requests,Merge tables,All of the above,A,False,0.14066755771636963,0.10955200344324112,0.08531919121742249,0.3374439477920532 "What does it mean to ""be stealthy"" during a penetration test?",Performing the tests from an undisclosed location,Using encryption during tests to make the source of attacks impossible to determine,Performing penetration testing without the target organization knowing,"Taking care to avoid activities during a penetration test that might attract attention, e.g., by operators or IDS services",D,True,0.03359866514801979,0.13288529217243195,0.0913306400179863,0.5955505967140198 Which of the following is not a transport layer vulnerability?,"Mishandling of undefined, poorly defined variables",The Vulnerability that allows “fingerprinting” & other enumeration of host information,Overloading of transport-layer mechanisms,Unauthorized network access,D,True,0.1283964216709137,0.21168991923332214,0.16486428678035736,0.30800700187683105 "In Brumley and Boneh’s paper on side-channel attacks, why does blinding prevent the timing attack from working?","Blinding prevents the server from using the CRT optimization, which is essential to the timing attack.","Blinding changes the p and q primes that are used, so an adversary cannot learn the server’s true p and q values.","Blinding randomizes the ciphertext being decrypted, thus obscuring the correlation between an adversary’s input and the timing differences.","Blinding adds a random amount of time to the decryption due to the multiplication and division by the blinding random value r, which obscures the timing differences used in the attack.",C,False,0.04647212475538254,0.16220365464687347,0.20827361941337585,0.3891063332557678 "The openSSL implementation described in “Remote Timing Attacks are Practical” (by Brumley and Boneh) uses the following performance optimizations: Chinese Remainder (CR), Montgomery Representation (MR), Karatsuba Multiplication (KM), and Repeated squaring and Sliding windows (RS). Which of the following options would close the timing channel attack described in the paper if you turned the listed optimizations off? 1. RS and KM 2. RS and MR","True, True","False, False","True, False","False, True",D,False,0.2648814916610718,0.16065874695777893,0.07588981837034225,0.1820502132177353 Public key encryption is advantageous over Symmetric key Cryptography because of,Speed,Space,Key exchange,Key length,C,True,0.16488449275493622,0.21171587705612183,0.27184855937957764,0.21171587705612183 The __________ was a huge marketplace of Dark Web specifically famous for selling of illegal drugs & narcotics as well as you can find a wide range of other goods for sale.,Silk Road,Cotton Road,Dark Road,Drug Road,A,True,0.672062337398529,0.06251153349876404,0.012309251353144646,0.029528358951210976 The ______________ is categorized as an unknown segment of the Deep Web which has been purposely kept hidden & is inaccessible using standard web browsers.,Haunted web,World Wide Web,Dark web,Surface web,C,True,0.019050735980272293,0.09674762189388275,0.6308737397193909,0.03559146076440811 What does EXE do when the STP solver times out on a constraint query for a particular path?,Assume that the query is satisfiable and continue executing the path.,Assume that the query is not satisfiable and stop executing the path,"Restart STP and retry the query, up to a limited number of retries.",Remove a subset of the constraints and retry the query.,B,False,0.17626219987869263,0.2564599812030792,0.2906072437763214,0.10690844058990479 To verify a digital signature we need the,Sender’s Private key,Sender’s Public key,Receiver’s Private key,Receiver’s Public key,B,False,0.2818228304386139,0.2818228304386139,0.09149447083473206,0.13312368094921112 Suppose you want to use fuzzing on a program to try to find memory errors; which of the following statements is true?,"You should not use a grammar-based fuzzer, because its adherence to the grammar means it will not find memory errors",Compiling the program with address sanitizer (ASAN) will make errors harder to reproduce,Compiling the program with address sanitizer (ASAN) will make the source of a memory error easier to find,"Fuzzing doesn't find memory errors, it finds crashes and hangs",C,False,0.18505647778511047,0.2692555785179138,0.23761720955371857,0.18505647778511047 "Based on the paper “SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificates trust model enhancements”, which of the following statements are false?",Valid DV certificates provide more confidence to a user that she is connecting to the intended party than valid EV certificates.,OCSP stapling allows a server to prove to a browser that its certificate hasn’t been revoked.,DANE makes it difficult for an adversary to launch a SSL stripping attack.,Server key-pinning makes it harder for an adversary to convince a CA to mint a certificate for a site and launch an MITM attack on that site.,A,False,0.15273703634738922,0.15273703634738922,0.13478994369506836,0.32334429025650024 What tool can be used to perform SNMP enumeration?,DNSlookup,Whois,Nslookup,IP Network Browser,D,False,0.15298350155353546,0.25222712755203247,0.13500747084617615,0.25222712755203247 Which among them has the strongest wireless security?,WEP,WPA,WPA2,WPA3,D,True,0.11167687922716141,0.18412403762340546,0.1624888926744461,0.3035691976547241 "Suppose Unix did not provide a way of passing file descriptors between processes, but still allowed inheriting file descriptors from a parent on fork and exec. What aspects of the OKWS design would break without file descriptor passing? 1. It would be impossible for services to get a TCP connection to the client web browser. 2. It would be impossible for okd to run as a non-root user.","True, True","False, False","True, False","False, True",C,False,0.2819976508617401,0.1938139647245407,0.05552862584590912,0.11755411326885223 Failed sessions allow brute-force attacks on access credentials. This type of attacks are done in which layer of the OSI model?,Physical layer,Data-link Layer,Session layer,Presentation layer,C,True,0.05560827627778053,0.11772271245718002,0.4656023681163788,0.15115895867347717 Which of the following is an authentication method?,Secret question,Biometric,SMS code,All of the above,D,True,0.06814491748809814,0.12731146812438965,0.060137681663036346,0.5035266280174255 "When does a buffer overflow occur, generally speaking?",when writing to a pointer that has been freed,when copying a buffer from the stack to the heap,when a pointer is used to access memory not allocated to it,"when the program notices a buffer has filled up, and so starts to reject requests",C,False,0.1529620885848999,0.32382073998451233,0.13498856127262115,0.13498856127262115 A digital signature needs a,Private-key system,Shared-key system,Public-key system,All of them,C,True,0.2215006798505783,0.2215006798505783,0.25099316239356995,0.17250491678714752 A packet filter firewall filters at the,Application or transport,Data link layer,Physical Layer,Network or transport layer,D,True,0.18832476437091827,0.16619601845741272,0.18832476437091827,0.21339991688728333 "Let I = (S,V)I=(S,V) be a MAC. Suppose S(k,m)S(k,m) is always 5 bits long. Can this MAC be secure?","No, an attacker can simply guess the tag for messages",It depends on the details of the MAC,"Yes, the attacker cannot generate a valid tag for any message","Yes, the PRG is pseudorandom",A,False,0.12282994389533997,0.20251233875751495,0.26003098487854004,0.1787165105342865 Which of the following deals with network intrusion detection and real-time traffic analysis?,John the Ripper,L0phtCrack,Snort,Nessus,C,False,0.07290267944335938,0.2883356809616089,0.2544553577899933,0.17488443851470947 The Message condentiality or privacy means that the sender and the receiver expect,Integrity,Condentiality,Authentication,Nonrepudiation,B,True,0.20274747908115387,0.37878215312957764,0.07458662241697311,0.06582245975732803 "When a wireless user authenticates to any AP, both of them go in the course of four-step authentication progression which is called _____________",AP-handshaking,4-way handshake,4-way connection,wireless handshaking,B,True,0.11626295000314713,0.4598288834095001,0.022893531247973442,0.1317431926727295 Message authentication is a service beyond,Message Condentiality,Message Integrity,Message Splashing,Message Sending,B,True,0.28327375650405884,0.3209912180900574,0.04344143718481064,0.09196552634239197 Which of the following are most vulnerable to injection attacks?,Session IDs,Registry keys,Network communications,SQL queries based on user input,D,True,0.07490131258964539,0.0961751788854599,0.13993407785892487,0.5534499883651733 "Assume that a TLS connection has been established successfully between a client and a server. Establishing the session included checking the server certificate and executing a DiffieHelmann exchange, but the client did not provide a client certificate. Further, assume that the client and server are honest, that the client and server don’t leak their keys, and that the cryptography is good. Which of the following attacks does TLS protect against? 1. An attacker replacing bytes sent by a client with bytes of the attacker’s own choosing. 2. An attacker reading the plaintext bytes sent by a client.","True, True","False, False","True, False","False, True",A,True,0.22137793898582458,0.1724093109369278,0.07187089323997498,0.1342725157737732 Which of the following is a Wireless traffic Sniffing tool?,Maltego,BurpSuit,Nessus,Wireshark,D,True,0.08599448204040527,0.2648816406726837,0.040620915591716766,0.30015021562576294 A ___________ is a method in which a computer security mechanism is bypassed untraceable for accessing the computer or its information.,front-door,backdoor,clickjacking,key-logging,B,True,0.16723144054412842,0.515109121799469,0.0121142053976655,0.008325963281095028 Which of the following is not a block cipher operating mode?,ECB,CFB,CBF,CBC,C,False,0.07484280318021774,0.09610006958246231,0.20344385504722595,0.4306906461715698 What is a web proxy?,A piece of software that intercepts and possibly modifies requests (and responses) between a web browser and web server,An agent that makes decisions on the client's behalf when interacting with web applications,"A piece of software that makes a web application look like a standalone application, making it easier to test","A simulator for the web, for use when off-line",A,True,0.8204866051673889,0.031813718378543854,0.004878791514784098,0.0033531412482261658 Buffer-overflow may remain as a bug in apps if __________ are not done fully.,boundary hacks,memory checks,boundary checks,buffer checks,C,False,0.1141938641667366,0.27393683791160583,0.16615109145641327,0.21334223449230194 Applications developed by programming languages like ____ and ______ have this common buffer-overflow error.,"C, Ruby","Python, Ruby","C, C++","Tcl, C#",C,True,0.21337667107582092,0.18830424547195435,0.2739810645580292,0.1466515064239502 "Encryption and decryption provide secrecy, or condentiality, but not",Authentication,Integrity,Privacy,All of the above,B,False,0.09671689569950104,0.1594592183828354,0.1594592183828354,0.43345504999160767 A/an ___________ is a program that steals your logins & passwords for instant messaging applications.,IM – Trojans,Backdoor Trojans,Trojan-Downloader,Ransom Trojan,A,True,0.339694082736969,0.23346810042858124,0.07579599320888519,0.05902997404336929 The sub key length at each round of DES is__________,32,56,48,64,B,False,0.22430872917175293,0.22430872917175293,0.12006381154060364,0.15416498482227325 Which of the following is true of mutation-based fuzzing?,It generates each different input by modifying a prior input,It works by making small mutations to the target program to induce faults,Each input is mutation that follows a given grammar,"It only makes sense for file-based fuzzing, not network-based fuzzing",A,False,0.3096603751182556,0.3976117968559265,0.06097574904561043,0.07829440385103226 What are the types of scanning?,"Port, network, and services","Network, vulnerability, and port ","Passive, active, and interactive","Server, client, and network",B,False,0.3548521399497986,0.18993866443634033,0.1305428147315979,0.1152036190032959 "A sender must not be able to deny sending a message that was sent, is known as",Message Nonrepudiation,Message Integrity,Message Condentiality,Message Sending,A,True,0.5859923958778381,0.07930544018745422,0.03305942937731743,0.03305942937731743 A proxy rewall lters at the,Physical layer,Application layer,Data link layer,Network layer,B,False,0.1826329231262207,0.1611730009317398,0.20695021748542786,0.20695021748542786 Encapsulating Security Payload (ESP) belongs to which Internet Security Protocol?,Secure Socket Layer Protocol,Secure IP Protocol,Secure Http Protocol,Transport Layer Security Protocol,B,False,0.1076083555817604,0.1565692275762558,0.09496404230594635,0.375590056180954 A special tool is necessary for entering the network which is _______________ that helps the anonymous internet users to access into the Tor’s network and use various Tor services.,Opera browser,Firefox,Chrome,Tor browser,D,True,0.03091604821383953,0.05775878578424454,0.044982586055994034,0.4836083650588989 How does a buffer overflow on the stack facilitate running attacker-injected code?,By overwriting the return address to point to the location of that code,By writing directly to the instruction pointer register the address of the code,By writing directly to %eax the address of the code,"By changing the name of the running executable, stored on the stack",A,True,0.49710965156555176,0.1613878756761551,0.0360105037689209,0.04080524295568466 The digest created by a hash function is normally called a,Modication detection code (MDC),Modify authentication connection,Message authentication control,Message authentication cipher,A,False,0.10774895548820496,0.17764800786972046,0.2584763169288635,0.2584763169288635 "Let F: K \times R \to MF:K×R→M be a secure PRF. For m \in Mm∈M define E(k,m) = \big[ r \gets R,\ \text{output } \big(r,\ F(k,r) \oplus m\big)\ \big]E(k,m)=[r←R, output (r, F(k,r)⊕m) ] Is EE symantically secure under CPA?","Yes, whenever F is a secure PRF","No, there is always a CPA attack on this system","Yes, but only if R is large enough so r never repeats (w.h.p)",It depends on what F is used,C,False,0.2864518463611603,0.2527928650379181,0.11941088736057281,0.13531027734279633 Old operating systems like _______ and NT-based systems have buffer-overflow attack a common vulnerability.,Windows 7,Chrome,IOS12,UNIX,D,True,0.14829185605049133,0.1904105246067047,0.11548981815576553,0.3557336926460266 What is a replay attack?,When the attacker replies to a message sent to it by the system,"An attack that continuously repeats, probing for a weakness",An attack that uses the system's own messages and so cannot be defended against,"The attacker resends a captured message, and the site accept its and responds in the attacker's favor",D,True,0.12120871245861053,0.19983938336372375,0.08330544084310532,0.42305997014045715 Statement 1| A U2F USB dongle prevents malware on the user’s computer from stealing the user’s second factor to authenticate as that user even when the user’s computer is turned off. Statement 2| A server using U2F can reliably determine that the user who is attempting to login is indeed behind the computer that sent the login request.,"True, True","False, False","True, False","False, True",C,False,0.3049430847167969,0.1849573403596878,0.08736766129732132,0.16322427988052368 ____________________ is the anticipation of unauthorized access or break to computers or data by means of wireless networks.,Wireless access,Wireless security,Wired Security,Wired device apps,B,True,0.21871496737003326,0.3606000244617462,0.03800696134567261,0.029599852859973907 Which of the following are benefits of penetration testing?,Results are often reproducible,Full evidence of security: a clean test means a secure system,Compositionality of security properties means tested components are secure even if others change,Makes an adversarial neural network converge more quickly,A,True,0.3449721038341522,0.14380577206611633,0.06792902946472168,0.1846502721309662 1. _________ framework made cracking of vulnerabilities easy like point and click.,.Net,Metasploit,Zeus,Ettercap,B,True,0.21628938615322113,0.4040817618370056,0.07021887600421906,0.09016282856464386 You are given a message (m) and its OTP encryption (c). Can you compute the OTP key from m and c ?,"No, I cannot compute the key.","Yes, the key is k = m xor c.",I can only compute half the bits of the key.,"Yes, the key is k = m xor m.",B,True,0.04488207772374153,0.702073872089386,0.01285893190652132,0.04488207772374153 "The openSSL implementation described in “Remote Timing Attacks are Practical” (by Brumley and Boneh) uses the following performance optimizations: Chinese Remainder (CR), Montgomery Representation (MR), Karatsuba Multiplication (KM), and Repeated squaring and Sliding windows (RS). Which of the following options would close the timing channel attack described in the paper if you turned the listed optimizations off? 1. CR and MR 2. CR","True, True","False, False","True, False","False, True",A,True,0.2028626948595047,0.2028626948595047,0.06585987657308578,0.17902570962905884 "When the data must arrive at the receiver exactly as they were sent, its called",Message Condentiality,Message Integrity,Message Splashing,Message Sending,B,False,0.3840284049510956,0.20555560290813446,0.03572020307183266,0.05197259038686752 What is the difference between a direct leak and a side channel?,"A direct leak creates a denial of service by failing to free memory, while a channel frees memory as a side effect","A direct leak is one that is intentional, rather than by unintentional","A direct leak comes via the software system's intended interaction mechanism, where as a side channel leak comes from measurements of other system features, like timing, power usage, or space usage",There is no difference,C,False,0.27874755859375,0.11619926244020462,0.24599383771419525,0.09049607813358307 A session symmetric key between two parties is used,Only once,Twice,Multiple times,Conditions dependant,A,False,0.19607535004615784,0.2221824824810028,0.19607535004615784,0.19607535004615784 What is a nop sled,It is an anonymous version of a mop sled,"It is a sequence of nops preceding injected shellcode, useful when the return address is unknown",It is a method of removing zero bytes from shellcode,It is another name for a branch instruction at the end of sequence of nops,B,True,0.2402946799993515,0.34962669014930725,0.08839946985244751,0.12862049043178558 Which Nmap scan is does not completely open a TCP connection?,SYN stealth scan,TCP connect,XMAS tree scan,ACK scan,A,True,0.34272488951683044,0.18344742059707642,0.06748653203248978,0.1260814517736435 "Based on the paper “Click Trajectories: End-to-End Analysis of the Spam Value Chain”, which of the following statements are true? “Spammers” here refer to operators of various parts of the “spam value chain.”",Spammers run their spam-advertised web sites on compromised user machines that are part of a botnet.,Spammers need to register domain names in order for their spam-based advertisements to be effective.,There is a high cost for spammers to switch acquiring banks.,B and C,D,True,0.07459979504346848,0.20278330147266388,0.08453264832496643,0.5512220859527588 "In a _____________ attack, the extra data that holds some specific instructions in the memory for actions is projected by a cyber-criminal or penetration tester to crack the system.",Phishing,MiTM,Buffer-overflow,Clickjacking,C,False,0.1035744771361351,0.31903183460235596,0.15069997310638428,0.09140415489673615 _______________ is a popular tool used for network analysis in multiprotocol diverse network.,Snort,SuperScan,Burp Suit,EtterPeak,D,False,0.3387671411037445,0.23283103108406067,0.07558916509151459,0.09705840796232224 "___________________ is alike as that of Access Point (AP) from 802.11, & the mobile operators uses it for offering signal coverage.",Base Signal Station,Base Transmitter Station,Base Transceiver Station,Transceiver Station,C,False,0.07327213883399963,0.15511715412139893,0.09408330172300339,0.05035915970802307 A __________ is a sequential segment of the memory location that is allocated for containing some data such as a character string or an array of integers.,stack,queue,external storage,buffer,D,False,0.3369779884815216,0.15917713940143585,0.021542280912399292,0.20438748598098755 Which form of encryption does WPA use?,Shared key,LEAP,TKIP,AES,C,False,0.2050538957118988,0.1243714764714241,0.1097574383020401,0.43409907817840576 "Let suppose a search box of an application can take at most 200 words, and you’ve inserted more than that and pressed the search button; the system crashes. Usually this is because of limited __________",buffer,external storage,processing power,local storage,A,True,0.31039944291114807,0.18826676905155182,0.06925947964191437,0.18826676905155182 ___________________ began to show up few years back on wireless access points as a new way of adding or connecting new devices.,WPA2,WPA,WPS,WEP,C,False,0.1619739830493927,0.26704996824264526,0.14294154942035675,0.26704996824264526 What are the port states determined by Nmap?,"Active, inactive, standby","Open, half-open, closed ","Open, filtered, unfiltered","Active, closed, unused",C,False,0.0881657749414444,0.5749130249023438,0.036752961575984955,0.06059538573026657 Which among the following is the least strong security encryption standard?,WEP,WPA,WPA2,WPA3,A,False,0.12150374054908752,0.17678691446781158,0.10722668468952179,0.374257892370224 Why is it that the compiler does not know the absolute address of a local variable?,Programs are not allowed to reference memory using absolute addresses,The size of the address depends on the architecture the program will run on,"As a stack-allocated variable, it could have different addresses depending on when its containing function is called",Compiler writers are not very good at that sort of thing,C,True,0.16933903098106384,0.19188624620437622,0.2463868260383606,0.1494411677122116 The stack is memory for storing,Local variables,Program code,Dynamically linked libraries,Global variables,A,True,0.32066455483436584,0.32066455483436584,0.10410454124212265,0.07154993712902069 Can a stream cipher have perfect secrecy?,"Yes, if the PRG is really “secure”","No, there are no ciphers with perfect secrecy","Yes, every cipher has perfect secrecy","No, since the key is shorter than the message",D,False,0.2381785660982132,0.2381785660982132,0.21019184589385986,0.14446260035037994 Which of the following does authorization aim to accomplish?,Restrict what operations/data the user can access,Determine if the user is an attacker,Flag the user if he/she misbehaves,Determine who the user is,A,True,0.47382670640945435,0.10572502762079239,0.049940966069698334,0.17431111633777618 The message must be encrypted at the sender site and decrypted at the,Sender Site,Site,Receiver site,Conferencing,C,False,0.2899281680583954,0.1992645263671875,0.13695237040519714,0.15518736839294434 "A _________________ may be a hidden part of a program, a separate infected program a Trojan in disguise of an executable or code in the firmware of any system’s hardware.",crypter,virus,backdoor,key-logger,C,False,0.22782069444656372,0.29252755641937256,0.20105105638504028,0.06527172029018402 How is IP address spoofing detected?,Installing and configuring a IDS that can read the IP header,Comparing the TTL values of the actual and spoofed addresses,Implementing a firewall to the network,Identify all TCP sessions that are initiated but does not complete successfully,B,False,0.24493730068206787,0.21615640819072723,0.1907573640346527,0.16834278404712677 Which of the following is not an example of presentation layer issues?,Poor handling of unexpected input can lead to the execution of arbitrary instructions,Unintentional or ill-directed use of superficially supplied input,Cryptographic flaws in the system may get exploited to evade privacy,Weak or non-existent authentication mechanisms,D,True,0.1044018566608429,0.1721295714378357,0.11830279231071472,0.46789664030075073 "Suppose Unix did not provide a way of passing file descriptors between processes, but still allowed inheriting file descriptors from a parent on fork and exec. What aspects of the OKWS design would break without file descriptor passing? 1. It would be impossible for services to send messages to oklogd. 2. It would be impossible for services to get a TCP connection to a database proxy.","True, True","False, False","True, False","False, True",B,False,0.2702321708202362,0.18572768568992615,0.053211867809295654,0.12764865159988403 Why would a ping sweep be used?,To identify live systems,To locate live systems,To identify open ports,To locate firewalls,A,True,0.44851353764533997,0.1285012811422348,0.0535673052072525,0.0417182557284832 The four Primary Security Principles related to messages are,"Confidentiality, Integrity, Non repudiation and Authentication","Confidentiality, Access Control, Integrity, Non repudiation","Authentication, Authorization, Availability, Integrity","Availability, Authorization, Confidentiality, Integrity",A,True,0.3048108220100403,0.16315346956253052,0.0600208044052124,0.26899459958076477 What was the first buffer overflow attack?,Love Bug,SQL Slammer,Morris Worm,Code Red,C,False,0.3486030399799347,0.2714923322200775,0.06864400207996368,0.09987644851207733 "The ______________ can cost you money, by sending text messages from your mobile phone numbers.",IM – Trojans,Backdoor Trojans,SMS Trojan,Ransom Trojan,C,True,0.18120373785495758,0.18120373785495758,0.2987544536590576,0.08559458702802658 Three of the following are classic security properties; which one is not?,Confidentiality,Availability,Correctness,Integrity,B,False,0.07227086275815964,0.13501976430416107,0.13501976430416107,0.36702173948287964