Elance Internet Security Test Answers 2015



What does IP mean?

Instant Protocol
Intellectual Property
Instance Principle
Internet Protocol

 

 

When cookies are used as session identifiers, how are they then used as a potential security hazard?

Attackers emulate users by stealing their cookies.
User's cookies are altered to a virus-like state.
They emulate user's by downloading all the victims information onto a virtual machine.
They emulate user's by stealing their personal identity.

 

 

Which of the following is a VALID type of Key Management System?

Dynamic Key Management System
Integrated Key Management System
Third-Party Key Management System
Both Integrated Key Management System and Third-Party Key Management System

 

 

What are TLS and SSL?

Internet layers
Internet protocols.
Network layers.
Cryptographic protocols.

 

 

What is a computer worm?

It is malware designed to infect other computers.
It is software designed to exploit networks.
It is software designed to analyze and search for open ports.
It is a software utilized to scan packets on open networks.

 

 

Is a Unix-based system vulnerable to viruses?

Yes. The split is approximately 50/50 when it comes to attacks on Windows vs. Unix based systems.
No. Linux systems are totally impervious to attacks.
Yes, the majority of viruses attack Unix-based systems.
Yes, however the majority are coded to attack Windows-based systems.

 

 

There are two types of firewall. What are they?

Hardware and software.
Internet-based and home-based.
Digital and electronic.
Remote and local

 

 

Which of the following refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user's consent?

Spyware
Trojan horse
Malware
Botnet

 

 

What does cross-site scripting allow for attackers?

A phishing attack that automatically downloads the victims personal information.
The introduction of worm viruses into the victims website.
Injection of client-side scripts into web pages.
Direct introduction of viruses into a victims computer.

 

 

Which of the following is a means to access a computer program or entire computer system bypassing all security mechanisms?

Backdoor
Trojan Horse
Phishing
Masquerading

 

 

Which of the following protocol used Port 443 and Port 80 respectively

HTTPS and HTTP
DHTML
HTTP and HTTPS
XHTML

 

 

What happens to your data when it is encrypted?

It is compressed, renamed, and archived.
It is transferred to a third party, encoded, then sent back.
It is scrambled to retain privacy from third-parties.
It is sent through a series of supercomputers to be compressed multiple times.

 

 

Which of the following is collection of Internet-connected programs communicating with other similar programs in order to perform tasks?

Malware
Trojan horse
Spyware
Botnet

 

 

If cookies with non-random sequence numbers are issued upon authentication, which of the following attack types can occur?

Session hijacking
Cross-site scripting
SQL injection
Directory traversal

 

 

Modern secure password storage should implement:

Salted plain-text values of the password
Hashed values of the password
Plain-text passwords stored in an encrypted database
Salted and hashed values of the password

 

 

What two main categories of network topologies are there?

Close and Distant
Direct and Indirect
Physical and logical.
Digital and Topological

 

 

What is one way that a web browser is vulnerable to breaching?

A virus can be sent through the monitor.
A browser plugin can be exploited.
Web browsers are impervious to exploitation.
A browser can be infected by closing it.

 

 

What is another name for an insecure plugin?

Software
Firmware
Malware
Hardware

 

 

True of False? Malware exists which affects both Windows and Linux systems.

True
False

 

 

In which of the following fraud methods is a legitimate/legal-looking email sent in an attempt to gather personal and financial information from recipients?

Masquerading
Malware
Virus
Phishing

 

 

Can a proxy be used as a firewall? If so, how?

No. All a proxy does is re-rout Internet traffic, and thus all the malicious signals that go with it.
No. Proxies are firewalls that are maintained at locations other than that of the user.
No. Proxies are data encryption stations whose sole purpose is to encrypt and re-rout data.
Yes. A proxy acts as a network intermediary for the user that serves to control the flow of incomming and outgoing traffic.

 

 

A digital signature scheme consists of which of the following typical algorithms ?

Signature verifying algorithm
Key generation algorithm
Signing algorithm
Key generation, Signing and Signature verifying algorithm

 

 

Which of the following is TRUE about TLS?

The message that ends the handshake sends a hash of all the exchanged handshake messages seen by both parties
The HMAC construction used by most TLS cipher suites is specified in RFC 2104
All of the given options are correct
Provides protection against a downgrade of the protocol to a previous (less secure) version or a weaker cipher suite

 

 

Which of the following are the basic functionalities of the IPsec Protocol ?

Security protocols for AH and ESP
Manual and automatic key management for the internet key exchange
All of the given options are correct
Security association for policy management and traffic processing

 

 

Which of the following involves submitting as many requests as possible to a single Internet computer or service, overloading it and preventing it from servicing legitimate requests?

Masquerading
Distributed denial-of-service attacks
Phishing
Backdoor

 

 

Which is the best way a system can be hardened?

Installing a commercial security suite.
Virus scanning only.
White-list ad filtering only.
Total disk encryption coupled with strong network security protocols.

 

 

Why is it crucial to encrypt data in transit?

So you can increase your chances of testing your encryption capabilities.
To assure that all of your information cannot be decrypted.
To decrease your resources.
To prevent unauthorized access to private networks and sensitive information during its most vulnerable state.

 

 

Is true that HTTP is an insecure protocol?

True
False

 

 

Which of the following is TRUE about SSL 3.0?

SSL 3.0 improved upon SSL 2.0 by adding SHA-1 based ciphers and support for certificate authentication
It has a weak MAC construction that uses the MD5 hash function with a secret prefix
It assumes a single service and a fixed domain certificate, which clashes with the standard feature of virtual hosting in Web servers
Identical cryptographic keys are used for message authentication and encryption

 

 

What is a computer virus?

A virus is the same as a cookie in that it is stored on your computer against your permission.
A virus is friendly software that is simply mislabled.
Malicious software that merely stays dormant on your computer.
Malicious software that inserts itself into other programs.

 

 

Which of the following symmetric keys can be derived from Symmetric master key?

Data encryption keys
Key wrapping keys
All of the given options are correct
Authentication keys

 

 

What is a firewall?

A firewall is a program that encrypts all the programs that access the Internet.
Firewalls are network-based security measures that control the flow of incoming and outgoing traffic.
Firewalls are interrupts that automatically disconnect from the internet when a threat appears.
A firewall is a program that keeps other programs from using the network.

 

 

Which of the following is valid difference between a Virus and a Spyware ?

Virus damages data, Spyware steals sensitive private information
Virus damages data and also steals sensitive private information
Spyware damages data, Virus steals sensitive private information
Spyware damages data and also steals sensitive private information

 

 

Which of the following are valid Cryptographic key types?

Private signature key
All of the given options are correct
Public authentication key
Public signature verification key

 

 

Digital signatures provide which of the following ?

Non-repudiation
authentication
integrity protection
All of the given options are correct

 

 

Which of the following are possible security threats?

All of the given options are correct
Masquerading
Backdoors
Illegitimate use

 

 

What happens during the TCP attack; Denial of Service?

A worm is loaded onto the victims computer to disable their keyboard.
A virus is sent to disable their dos prompt.
Viruses are sent to their ISP to deny them tech support.
Information is repeatedly sent to the victim to consume their system resources, causing them to shut down.

 

 

Which of the following is the collective name for Trojan horses, spyware, and worms?

Spware
Botnets
Virus
Malware

 

 

In which of the following protocols does a website (if accessed using the protocol) encrypt the session with a Digital Certificate?

TCP
XHTTP
HTTPS
SHTTP

 

 

Who was TLS defined by?

NSA
Internet Engineering Task Force
OSHA
The DEA

 

 

How to avoid Man-in-the-middle attacks?

Use HTTPS connections and verify the SSL certificate
Use connections without SSL
Accept every SSL certificate, even the broken ones

 

 

What is network topology?

It is the inner networkings of a single computer.
It is the top layer of a computer network.
It is the entirety of the data of a computer network.
It is the framework of the components of a computer network.

 

 

What is Internet Protocol Security?

Ways to disconnect your router in an emergency.
Methods to secure a disconnected computer.
Methods to secure your documents from physical breaches.
Methods to secure Internet Protocol (IP) communication.

 

 

What does TCP mean?

Total Content Positioning
Technical Control Panel
Transmittable Constant Protocol
Transmission Control Protocol

 

 

Which of the following is a valid Internet Security requirement?

All of the given options are correct
Integrity
Authentication
Confidentiality

 

 

What is another name for Internet Layer?

TCP layer
IP layer
SSL layer
Interwebs

 

 

Trojan Horse programs operate with what intent?

To do a series of brute force attacks within the system itself and a series of external attacks from other servers.
To masquerade as non-malicious software while exploiting a system's weaknesses.
To slowly but surely infect and become your operating system until the system crashes.
To openly exploit a systems weaknesses until the user discovers it.

 

 

Which of the following is a general term for malicious software that pretends to be harmless so that a user willingly allows it to be downloaded onto the computer?

Virus
Spware
Botnets
Trojan Horse

 

 

Which of the following is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI)?

X.507
X.519
X.508
X.509

 

 

If you set up a BUS network, what is the major disadvantage?

It is connected in a star pattern and can be disabled by disrupting one data center.
It is entirely wireless and open to wifi-based attacks.
It is linked with a single cable which can be a major vulnerability.
It is daisy-chained together with several cables.

 

 

What does the acronym BEAST mean in Beast Attack?

Browser Exploit Against SSL/TLS
Breach Entering Against SSL/TLS
Browser Extension And SSL/TLS
Breaking and Entering Against SSL/TLS

 

 

Why is a virtual machine considered a sandboxing method?

Virtual machines all have firewalls, virus scanners, and proxy connetions.
Virtual machines all have sandbox features installed on them.
All host resources are channeled through the emulator.
Virtual machines take the brunt of the attack, so the user is always safe.

 

 

Which of the following is a valid flaw of SSL 2.0 ?

Identical cryptographic keys are used for message authentication and encryption
All of the given options are correct
It has a weak MAC construction that uses the MD5 hash function with a secret prefix
It does not have any protection for the handshake

 

 

Which of the following is true about Public Key Encryption?

Only one person can encrypt with the public key and anyone can decrypt with the private key
Anyone can encrypt with the public key, only one person can decrypt with the private key
Anyone can encrypt with the private key, only one person can decrypt with the public key
Anyone can encrypt with the public key and anyone can decrypt with the private key

 

 

An SQL injection is often used to attack what?

Servers running SQL databases similar to Hadoop or Hive.
Small scale machines such as diebold ATMs.
Servers built on NoSQL
Large-scale SQL databases such as those containing credit card information.

 

 

Which of the following type of attack can actively modify communications or data?

Neither Active nor Passive attack
Passive attack
Both Active and Passive attack
Active attack

 

 

How are port numbers categorized?

Unknown, unregistered, invalid
Well-known, registered, and static/dynamic.
Static, dynamic, enigmatic
Known, well-known, unknown

 

 

Which of the following keys are used to generate random numbers?

Asymmetric random number generation keys
Public signature verification key
Symmetric random number generation keys
Symmetric and asymmetric random number generation keys

 

 

When is encrypted data the safest?

When it is being transferred via usb stick.
When it is at rest.
When it is being written.
When it is in transit.

 

 

What is largely considered the most advanced computer virus?

agent.biz
Conficker Virus
Stuxnet.
Zeus

 

 

Secure Sockets Layer is a predecessor of which cryptographic protocol?

HTTPS
IPSec
Transport Layer Security
SSL 3.0

 

 

What are the two primary classifications of cross-site scripting?

non-persistent and persistent.
traditional and non-persistent
traditional and DOM-based
DOM-based and persistent

 

 

According to OWASP what is the most dangerous web vulnerability?

Security Misconfiguration
Cross-site-scripting (XSS)
Sensitive Data Exposure
Cross-Site Request Forgery (CSRF)
Injections (SQL, LDAP, etc)

 

 

Which version of TLS is vulnerable to BEAST exploit?

TLS 1.0
TLS 0.5
TLS 2.0
TLS 3.0
TLS 1.1

 

 

Sandboxing does what to computer programs?

Sandboxes protect your programs by isolating all the other programs except the one you are using at the time.
Sandboxing protects your system by trapping all the viruses.
It separates and isolates them.
Sandboxing doesn't protect your system.

 

 

Which of the following is a VALID authorization key?

Public authorization key
Symmetric authorization keys
Public ephemeral key authorization key
Asymmetric authorization keys

 

 

Which of the following threats corresponds with an attacker targeting specific employees of a company?

Spear phishing
Phishing
Man-in-the-middle
Pharming

 

 

How can cookies be used to mitigate cross-site scripting?

Cookies store an exact mirror copy of all a users web activity.
Cookies can be coded like a program to intercept script attacks.
They can't. Cookies only store user information.
Cookies allow for cookie-based user authentication.

 

 

What does a cryptographic key do within the Internet Layer?

It specifies how encrypted data is transferred and to whom.
It is the specialized dataset that is able to decrypt cyphertext.
It specifies how transferred information is converted into cyphertext.
It converts it into encrypted language.

 

 

Which of the following keys are the private keys of asymmetric (public) key pairs that are used only once to establish one or more keys ?

Asymmetric random number generation keys
Public ephemeral key agreement key
Symmetric random number generation keys
Private ephemeral key agreement key

 

 

Which of the following is a VALID digital signature key?

Private signature key
Private signature authentication key
Public signature authentication key
Symmetric signature authentication key

 

 

Which of the following represents a cryptographic key that is generated for each execution of a key establishment process ?

Public authentication key
Private key transport key
Private ephemeral key agreement key
Public signature verification key

 

 

What is the less secure AES encryption mode?

OCB
ECB
CTR
CBC
CFB

 

 

Which of the following keys are used to encrypt other keys using symmetric key algorithms ?

Symmetric random number generation keys
Asymmetric random number generation keys
Public signature verification key
Symmetric key wrapping key

 

 

Which of the following represents a cryptographic key that is intended to be used for a long period of time?

Private key transport key
Public signature verification key
Public authentication key
Private static key agreement key

 

 

What is a method to fend off a Sockstress attack?

White-listing access to TCP services on critical systems.
Prepare a retaliatory DDOS attack.
Do nothing. It will pass on its own.
Black-listing access to TCP services on critical systems.

 

 

Which of the following enables secure and private data exchange/transfer on an unsecure public network ?

All of the given options are correct
Private Key Infrastructure
Virtual Key Infrastructure
Public Key Infrastructure

 

 

Which of the following is a VALID ephemeral key?

Public ephemeral key agreement key
Public ephemeral verification key
Symmetric ephemeral random number generation keys
Asymmetric ephemeral random number generation keys

 

 

Which of the following HTTP method is considered insecure ?

POST
DELETE
GET
TRACE

 

 

What does the Linux kernal use to sandbox running programs?

Linux doesn't sandbox because it is impervious to any and all cyber attacks.
seccomp, or Secure Computing Mode
Linux uses a layered system of user authentication to perform sandbox-like functions.
Linux drives are fully encrypted, thus they don't need sandboxing.

 

 

Which of the following is not a VALID type of firewall?

Circuit-level gateways
Application-level gateways
Proxy Server Gateways
Packet filters

 

 

Which of the following are the public keys of asymmetric key pairs that are used to encrypt keys using a public key algorithm ?

Private signature key
Public authentication key
Public signature verification key
Private key transport key

 

 

Which of the following are the public keys of asymmetric (public) key pairs that are used to encrypt keys using a public key algorithm?

Private key transport key
Private signature key
Public signature verification key
Public key transport key

 

 

In the sublayer of which of the following does TLS and SSL performs the data encryption of network connections?

application layer
session layer
Both session and presentation layer
presentation layer

 

 

All of the following are valid cryptographic hash functions EXCEPT:

RC4
RIPEMD
SHA-512
MD4

 

 

Which of the following is a standalone computer program that pretends to be a well-known program in order to steal confidential data ?

Fraudtool
Malware
SPWare
Spyware
Virus

No comments:

Post a Comment