Elance Internet Security Test Answers 2015
·
What does IP mean?
Instant
Protocol
Intellectual
Property
Instance
Principle
Internet
Protocol
When cookies are used as session identifiers, how are they then used as a potential security hazard?
Attackers
emulate users by stealing their cookies.
User's cookies
are altered to a virus-like state.
They
emulate user's by downloading all the victims information onto a virtual
machine.
They
emulate user's by stealing their personal identity.
Which of the following is a VALID type of Key Management System?
Dynamic Key
Management System
Integrated
Key Management System
Third-Party
Key Management System
Both
Integrated Key Management System and Third-Party Key Management System
What are TLS and SSL?
Internet
layers
Internet
protocols.
Network
layers.
Cryptographic
protocols.
What is a computer worm?
It
is malware designed to infect other computers.
It is
software designed to exploit networks.
It is
software designed to analyze and search for open ports.
It is a
software utilized to scan packets on open networks.
Is a Unix-based system vulnerable to viruses?
Yes. The
split is approximately 50/50 when it comes to attacks on Windows vs. Unix based
systems.
No. Linux
systems are totally impervious to attacks.
Yes, the
majority of viruses attack Unix-based systems.
Yes,
however the majority are coded to attack Windows-based systems.
There are two types of firewall. What are they?
Hardware
and software.
Internet-based
and home-based.
Digital and
electronic.
Remote and
local
Which of the following refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user's consent?
Spyware
Trojan
horse
Malware
Botnet
What does cross-site scripting allow for attackers?
A phishing
attack that automatically downloads the victims personal information.
The
introduction of worm viruses into the victims website.
Injection
of client-side scripts into web pages.
Direct
introduction of viruses into a victims computer.
Which of the following is a means to access a computer program or entire computer system bypassing all security mechanisms?
Backdoor
Trojan
Horse
Phishing
Masquerading
Which of the following protocol used Port 443 and Port 80 respectively
HTTPS
and HTTP
DHTML
HTTP and
HTTPS
XHTML
What happens to your data when it is encrypted?
It is
compressed, renamed, and archived.
It is
transferred to a third party, encoded, then sent back.
It
is scrambled to retain privacy from third-parties.
It is sent
through a series of supercomputers to be compressed multiple times.
Which of the following is collection of Internet-connected programs communicating with other similar programs in order to perform tasks?
Malware
Trojan
horse
Spyware
Botnet
If cookies with non-random sequence numbers are issued upon authentication, which of the following attack types can occur?
Session
hijacking
Cross-site
scripting
SQL
injection
Directory
traversal
Modern secure password storage should implement:
Salted
plain-text values of the password
Hashed
values of the password
Plain-text
passwords stored in an encrypted database
Salted
and hashed values of the password
What two main categories of network topologies are there?
Close and
Distant
Direct and
Indirect
Physical
and logical.
Digital and
Topological
What is one way that a web browser is vulnerable to breaching?
A virus can
be sent through the monitor.
A
browser plugin can be exploited.
Web
browsers are impervious to exploitation.
A browser
can be infected by closing it.
What is another name for an insecure plugin?
Software
Firmware
Malware
Hardware
True of False? Malware exists which affects both Windows and Linux systems.
True
False
In which of the following fraud methods is a legitimate/legal-looking email sent in an attempt to gather personal and financial information from recipients?
Masquerading
Malware
Virus
Phishing
Can a proxy be used as a firewall? If so, how?
No. All a
proxy does is re-rout Internet traffic, and thus all the malicious signals that
go with it.
No. Proxies
are firewalls that are maintained at locations other than that of the user.
No. Proxies
are data encryption stations whose sole purpose is to encrypt and re-rout data.
Yes.
A proxy acts as a network intermediary for the user that serves to control the
flow of incomming and outgoing traffic.
A digital signature scheme consists of which of the following typical algorithms ?
Signature
verifying algorithm
Key
generation algorithm
Signing
algorithm
Key
generation, Signing and Signature verifying algorithm
Which of the following is TRUE about TLS?
The message
that ends the handshake sends a hash of all the exchanged handshake messages
seen by both parties
The HMAC
construction used by most TLS cipher suites is specified in RFC 2104
All
of the given options are correct
Provides
protection against a downgrade of the protocol to a previous (less secure)
version or a weaker cipher suite
Which of the following are the basic functionalities of the IPsec Protocol ?
Security
protocols for AH and ESP
Manual and
automatic key management for the internet key exchange
All
of the given options are correct
Security
association for policy management and traffic processing
Which of the following involves submitting as many requests as possible to a single Internet computer or service, overloading it and preventing it from servicing legitimate requests?
Masquerading
Distributed
denial-of-service attacks
Phishing
Backdoor
Which is the best way a system can be hardened?
Installing
a commercial security suite.
Virus
scanning only.
White-list
ad filtering only.
Total
disk encryption coupled with strong network security protocols.
Why is it crucial to encrypt data in transit?
So you can
increase your chances of testing your encryption capabilities.
To assure
that all of your information cannot be decrypted.
To decrease
your resources.
To
prevent unauthorized access to private networks and sensitive information
during its most vulnerable state.
Is true that HTTP is an insecure protocol?
True
False
Which of the following is TRUE about SSL 3.0?
SSL
3.0 improved upon SSL 2.0 by adding SHA-1 based ciphers and support for
certificate authentication
It has a
weak MAC construction that uses the MD5 hash function with a secret prefix
It assumes
a single service and a fixed domain certificate, which clashes with the standard
feature of virtual hosting in Web servers
Identical
cryptographic keys are used for message authentication and encryption
What is a computer virus?
A virus is
the same as a cookie in that it is stored on your computer against your
permission.
A virus is
friendly software that is simply mislabled.
Malicious
software that merely stays dormant on your computer.
Malicious
software that inserts itself into other programs.
Which of the following symmetric keys can be derived from Symmetric master key?
Data
encryption keys
Key
wrapping keys
All
of the given options are correct
Authentication
keys
What is a firewall?
A firewall
is a program that encrypts all the programs that access the Internet.
Firewalls
are network-based security measures that control the flow of incoming and
outgoing traffic.
Firewalls
are interrupts that automatically disconnect from the internet when a threat
appears.
A firewall
is a program that keeps other programs from using the network.
Which of the following is valid difference between a Virus and a Spyware ?
Virus
damages data, Spyware steals sensitive private information
Virus
damages data and also steals sensitive private information
Spyware
damages data, Virus steals sensitive private information
Spyware
damages data and also steals sensitive private information
Which of the following are valid Cryptographic key types?
Private
signature key
All
of the given options are correct
Public
authentication key
Public
signature verification key
Digital signatures provide which of the following ?
Non-repudiation
authentication
integrity
protection
All
of the given options are correct
Which of the following are possible security threats?
All
of the given options are correct
Masquerading
Backdoors
Illegitimate
use
What happens during the TCP attack; Denial of Service?
A worm is
loaded onto the victims computer to disable their keyboard.
A virus is
sent to disable their dos prompt.
Viruses are
sent to their ISP to deny them tech support.
Information
is repeatedly sent to the victim to consume their system resources, causing
them to shut down.
Which of the following is the collective name for Trojan horses, spyware, and worms?
Spware
Botnets
Virus
Malware
In which of the following protocols does a website (if accessed using the protocol) encrypt the session with a Digital Certificate?
TCP
XHTTP
HTTPS
SHTTP
Who was TLS defined by?
NSA
Internet
Engineering Task Force
OSHA
The DEA
How to avoid Man-in-the-middle attacks?
Use
HTTPS connections and verify the SSL certificate
Use connections
without SSL
Accept
every SSL certificate, even the broken ones
What is network topology?
It is the
inner networkings of a single computer.
It is the
top layer of a computer network.
It is the
entirety of the data of a computer network.
It
is the framework of the components of a computer network.
What is Internet Protocol Security?
Ways to
disconnect your router in an emergency.
Methods to
secure a disconnected computer.
Methods to
secure your documents from physical breaches.
Methods
to secure Internet Protocol (IP) communication.
What does TCP mean?
Total
Content Positioning
Technical
Control Panel
Transmittable
Constant Protocol
Transmission
Control Protocol
Which of the following is a valid Internet Security requirement?
All
of the given options are correct
Integrity
Authentication
Confidentiality
What is another name for Internet Layer?
TCP layer
IP
layer
SSL layer
Interwebs
Trojan Horse programs operate with what intent?
To do a
series of brute force attacks within the system itself and a series of external
attacks from other servers.
To
masquerade as non-malicious software while exploiting a system's weaknesses.
To slowly
but surely infect and become your operating system until the system crashes.
To openly
exploit a systems weaknesses until the user discovers it.
Which of the following is a general term for malicious software that pretends to be harmless so that a user willingly allows it to be downloaded onto the computer?
Virus
Spware
Botnets
Trojan
Horse
Which of the following is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI)?
X.507
X.519
X.508
X.509
If you set up a BUS network, what is the major disadvantage?
It is
connected in a star pattern and can be disabled by disrupting one data center.
It is
entirely wireless and open to wifi-based attacks.
It
is linked with a single cable which can be a major vulnerability.
It is
daisy-chained together with several cables.
What does the acronym BEAST mean in Beast Attack?
Browser
Exploit Against SSL/TLS
Breach
Entering Against SSL/TLS
Browser
Extension And SSL/TLS
Breaking
and Entering Against SSL/TLS
Why is a virtual machine considered a sandboxing method?
Virtual
machines all have firewalls, virus scanners, and proxy connetions.
Virtual
machines all have sandbox features installed on them.
All
host resources are channeled through the emulator.
Virtual
machines take the brunt of the attack, so the user is always safe.
Which of the following is a valid flaw of SSL 2.0 ?
Identical
cryptographic keys are used for message authentication and encryption
All
of the given options are correct
It has a
weak MAC construction that uses the MD5 hash function with a secret prefix
It does not
have any protection for the handshake
Which of the following is true about Public Key Encryption?
Only one
person can encrypt with the public key and anyone can decrypt with the private
key
Anyone
can encrypt with the public key, only one person can decrypt with the private
key
Anyone can
encrypt with the private key, only one person can decrypt with the public key
Anyone can
encrypt with the public key and anyone can decrypt with the private key
An SQL injection is often used to attack what?
Servers
running SQL databases similar to Hadoop or Hive.
Small scale
machines such as diebold ATMs.
Servers
built on NoSQL
Large-scale
SQL databases such as those containing credit card information.
Which of the following type of attack can actively modify communications or data?
Neither
Active nor Passive attack
Passive
attack
Both Active
and Passive attack
Active
attack
How are port numbers categorized?
Unknown,
unregistered, invalid
Well-known,
registered, and static/dynamic.
Static,
dynamic, enigmatic
Known,
well-known, unknown
Which of the following keys are used to generate random numbers?
Asymmetric
random number generation keys
Public
signature verification key
Symmetric
random number generation keys
Symmetric
and asymmetric random number generation keys
When is encrypted data the safest?
When it is being
transferred via usb stick.
When
it is at rest.
When it is
being written.
When it is
in transit.
What is largely considered the most advanced computer virus?
agent.biz
Conficker
Virus
Stuxnet.
Zeus
Secure Sockets Layer is a predecessor of which cryptographic protocol?
HTTPS
IPSec
Transport
Layer Security
SSL 3.0
What are the two primary classifications of cross-site scripting?
non-persistent
and persistent.
traditional
and non-persistent
traditional
and DOM-based
DOM-based
and persistent
According to OWASP what is the most dangerous web vulnerability?
Security
Misconfiguration
Cross-site-scripting
(XSS)
Sensitive
Data Exposure
Cross-Site
Request Forgery (CSRF)
Injections
(SQL, LDAP, etc)
Which version of TLS is vulnerable to BEAST exploit?
TLS
1.0
TLS 0.5
TLS 2.0
TLS 3.0
TLS 1.1
Sandboxing does what to computer programs?
Sandboxes
protect your programs by isolating all the other programs except the one you
are using at the time.
Sandboxing
protects your system by trapping all the viruses.
It
separates and isolates them.
Sandboxing
doesn't protect your system.
Which of the following is a VALID authorization key?
Public
authorization key
Symmetric
authorization keys
Public
ephemeral key authorization key
Asymmetric
authorization keys
Which of the following threats corresponds with an attacker targeting specific employees of a company?
Spear
phishing
Phishing
Man-in-the-middle
Pharming
How can cookies be used to mitigate cross-site scripting?
Cookies
store an exact mirror copy of all a users web activity.
Cookies can
be coded like a program to intercept script attacks.
They can't.
Cookies only store user information.
Cookies
allow for cookie-based user authentication.
What does a cryptographic key do within the Internet Layer?
It
specifies how encrypted data is transferred and to whom.
It is the
specialized dataset that is able to decrypt cyphertext.
It
specifies how transferred information is converted into cyphertext.
It converts
it into encrypted language.
Which of the following keys are the private keys of asymmetric (public) key pairs that are used only once to establish one or more keys ?
Asymmetric
random number generation keys
Public
ephemeral key agreement key
Symmetric
random number generation keys
Private
ephemeral key agreement key
Which of the following is a VALID digital signature key?
Private
signature key
Private
signature authentication key
Public
signature authentication key
Symmetric
signature authentication key
Which of the following represents a cryptographic key that is generated for each execution of a key establishment process ?
Public
authentication key
Private key
transport key
Private
ephemeral key agreement key
Public
signature verification key
What is the less secure AES encryption mode?
OCB
ECB
CTR
CBC
CFB
Which of the following keys are used to encrypt other keys using symmetric key algorithms ?
Symmetric
random number generation keys
Asymmetric
random number generation keys
Public
signature verification key
Symmetric
key wrapping key
Which of the following represents a cryptographic key that is intended to be used for a long period of time?
Private key
transport key
Public
signature verification key
Public
authentication key
Private
static key agreement key
What is a method to fend off a Sockstress attack?
White-listing
access to TCP services on critical systems.
Prepare a
retaliatory DDOS attack.
Do nothing.
It will pass on its own.
Black-listing
access to TCP services on critical systems.
Which of the following enables secure and private data exchange/transfer on an unsecure public network ?
All of the
given options are correct
Private Key
Infrastructure
Virtual Key
Infrastructure
Public
Key Infrastructure
Which of the following is a VALID ephemeral key?
Public
ephemeral key agreement key
Public ephemeral
verification key
Symmetric
ephemeral random number generation keys
Asymmetric
ephemeral random number generation keys
Which of the following HTTP method is considered insecure ?
POST
DELETE
GET
TRACE
What does the Linux kernal use to sandbox running programs?
Linux
doesn't sandbox because it is impervious to any and all cyber attacks.
seccomp,
or Secure Computing Mode
Linux uses
a layered system of user authentication to perform sandbox-like functions.
Linux
drives are fully encrypted, thus they don't need sandboxing.
Which of the following is not a VALID type of firewall?
Circuit-level
gateways
Application-level
gateways
Proxy
Server Gateways
Packet
filters
Which of the following are the public keys of asymmetric key pairs that are used to encrypt keys using a public key algorithm ?
Private
signature key
Public
authentication key
Public
signature verification key
Private
key transport key
Which of the following are the public keys of asymmetric (public) key pairs that are used to encrypt keys using a public key algorithm?
Private key
transport key
Private
signature key
Public
signature verification key
Public
key transport key
In the sublayer of which of the following does TLS and SSL performs the data encryption of network connections?
application
layer
session
layer
Both
session and presentation layer
presentation
layer
All of the following are valid cryptographic hash functions EXCEPT:
RC4
RIPEMD
SHA-512
MD4
Which of the following is a standalone computer program that pretends to be a well-known program in order to steal confidential data ?
Fraudtool
Malware
SPWare
Spyware
Virus
Subscribe to:
Posts (Atom)
