J10: PKI Security Protocols (PE)

Question 1

84h4

XSS is an attack that uses third-party Web resources to run script(s) within the victim’s Web browser or scriptable application. Occurs predominately when a browser visits a malicious Web site or clicks a malicious link.

• TRUE
• FALSE

Answer 1

True

Question 2

84j3

Nick needs to send critical information to Daniel. Due to regulations the document he wants to send contains senstive information that should not be viewed by external parties. Daniel decides to solve this problem by encrypting the document utilizing asymmetric encryption so it is safe to transfer. Nick md5 hashes the document and writes down the last eight characters of its hash for safe keeping.

If Daniel wants to make adjustments to the document and send it back to Nick which would he need to utilize to encrypt the file before sending it?

• Daniel must utilize Nick’s Private Key
• Nick must utilize Daniel’s Public Key
• Nick must utilize Daniel’s Private Key
• Daniel must utilize Nick’s Public Key

Answer 2

Danile must utilize Nick’s Public Key ?

Question 3

84j4

Which of the following assist in preventing injection vulnerabilites

• Input Validation
• Cyber Awareness Training
• Fuzzing
• Limitting maximum queries

Answer 3

Input Validation

Question 4

84jj

The act of providing input into something that results in something not intially intended for is what type of vulnerablitiy?

• Injection
• Tampering
• Service Manipulation
• Input Malformance

Answer 4

injection

Question 5

84nh

An unknown entity obtained access to a jump box that serves as centralized entry point between the public network and network2. Upon further investigation they maintained a persistent presence on the public network and have begun logging into as many machines they can touch in network2.

Which of the following best describes the entitiy’s overall intent when moving around

• Network Domminance
• Lateral Movement
• Stealth Exploitation
• Network Scanning

Answer 5

Lateral Movement

Question 6

84uu

The act of providing input into something that results in something not intially intended for is what type of vulnerablitiy?

• Injection
• Tampering
• Service Manipulation
• Input Malformance

Answer 6

Injection

Question 7

8447

Which of the following is not an effective way to prevent malicious code injection, which will be executed in the victim’s browser.

• Data Validation
• Password Complexity
• Input Sanitation
• Output Escaping

Answer 7

Password Complexity

Question 8

8448

_____ is the collection of vetted encryption keys utilizing digital certificates. Primarily to assist in verifying authenticity of ownership

Answer 8

pki

Question 9

8484

Which of the following defines PKI

• Public Key-altherimic Installment
• Public Key Infrastructure
• Priority Kept Installment
• Possible Knowledge Inferment

Answer 9

Public Key Infrastructure

Question 10

8488

Nick needs to send critical information to Daniel. Due to regulations the document he wants to send contains senstive information that should not be viewed by external parties. Daniel decides to solve this problem by encrypting the document utilizing asymmetric encryption so it is safe to transfer. Nick md5 hashes the document and writes down the last eight characters of its hash for safe keeping.

• Which of the following based on the scenario is most true.
• Asymmetric encryption will require the use of a passphrase
• Nick must write the entirety of the hash for safe keeping
• The originator has to encrypt the file
• Daniel will need to encrypt the file using Nick’s public key