Quiz Questions Flashcards
- Denial-of-Service attacks can only happen at the network layer.
False
2.For DDoS traceback (Savage et al. ’00) a path can be reconstructed even if just one packet through the path is obtained.
False
- Denial-of-Service attacks always involve sending a very large amount of traffic.
False
- For DoS mitigation, a SYN Cookie ensures that a client is honest because it must ACK the SYN-ACK cookie from the server, and cannot reuse an old one.
True
- DoS attacks always use spoofed IP addresses.
False
- Everyone who frequents underground forums is cybercriminal or intends to be one.
False
- A lot of cybercrime contents on the web remain invisible to even a very powerful search engine like Google.
True
- If a botnet uses randomly generated domains each day for command-and-control (C&C), then there is no way to detect and block the C&C domains.
False
- Cyber frauds and scams such as on-line “pharmacy” can only fool the victims once - that is, no users will be their repeat “customers”.
False
- If I click on a phishing link and end up on a site, but I don’t provide valuable information such as my credit card number to the site, nothing bad can happen.
False
Penetration testing is limited to only the technological security controls.
False
A benefit of thorough penetration testing is the accurate accounting of network infrastructures and applications.
True
A penetration test is always launched from outside the enterprise network being tested.
False
Fake news can be considered as a social engineering attack.
True
A penetration test can combine physical as well as cyber/network access to the organization being tested.
True
The ads on a web page can be used to carry out malicious functions.
True
Browser extensions and plugins available in an official store (e.g., the Chrome Web Store) can always be trusted for not containing malicious logics.
False
The Same Origin Policy (SOP) for DOM and the SOP for cookies have different definitions of “origin”.
True
A content security policy (CSP) specifies the allowable sources of web page contents. This is essentially a whitelist approach.
True
HTTPS cookies are always secure and can be trusted
False
When you connect to Gmail, the SSL/TLS handshake takes place after you have successfully logged in
False
To securely log out a user, it is sufficient to delete the SessionToken on the client browser
False
Suppose Georgia Tech owns both the www.gatech.edu and www.gatech.edu.uk domains, it must use two different certificates.
False
Browsers typically accept certificates from only a handful of CAs.
False
The random sequence number in the SYN/ACK packet can prevent an attacker from establishing a TCP session but cannot prevent him from launching a DoS
True
Using ARP spoofing an attacker can cause traffic to a gateway to instead be sent to his machine (on the same LAN).
True
Incorrect BGP advertisements by a node can be detected by other nodes and therefore the incorrect advertisements will not be propagated.
False
In Kaminsky’s Poisoning attack, the attacker floods the local resolver with responses that point the name server of a domain (e.g., www.gatech.edu) to his machine.
True
DNSSEC relies on a public-key infrastructure (PKI).
True
If a program is packed (i.e., encrypted and compressed), it must be malware.
False
It is impossible to achieve absolute, complete transparency in malware analysis because, e.g., malware can use network timing to detect the analyzer (because traffic goes through the analyzer, which can cause additional delay).
True
If emulator-based obfuscation is in use, the system calls produced by running the “malware” are from the emulator program and cannot be easily analyzed to reveal the original malware logic.
True
If you download apps from only the official app store, your phone will be free of mobile malware.
False
In malware analysis, dynamic fuzzing is useful when symbolic execution fails to yield results quickly.
True
All data privacy issues in cloud computing can be solved by just encrypting data in transmission (over the Internet) and at rest (storage in the Cloud).
False
A main challenge in virtual machine monitoring is the need to understand the memory layouts of data structures of the operating system and applications in the guest virtual machine.
True
A drawback of virtual machine monitoring is the high time overhead.
True
The use of property-preserving encryption can lead to privacy leakage (e.g., revealing a user’s gender and even identity).
True
If we don’t trust the cloud provider, e.g., we believe it will observe our data access patterns to find out what we are doing, then there is nothing we can do other than not using the cloud provider.
False
If a computer sends a heartbeat message to an Internet site and receives some command and data from the site every day, it must be a (malicious) bot (of a botnet).
False
If a computer sends out scanning traffic, it must be a (malicious) bot (of a botnet).
False
If a domain name is random looking (e.g., we can’t find any part of it in a dictionary), it must be the domain name of a botnet C&C server.
False
An important benefit of directing botnet C&C traffic to a DNS sinkhole is the capturing of bot IP addresses.
True
BotMiner can detect botnets that use centralized C&C servers as well as botnets that use P2P for C&C.
True
When scanning the IPv4 space using a tool such as Zmap, every scan (with the same parameters) should return the same results.
False
Zmap uses widely (and randomly) dispersed scanning targets to achieve high speed.
True
The goal of a domain reputation system such as Notos is to identify newly created or previously unclassified malicious domains.
True
If an IP address (i.e., an Internet host) is known to have hosted malicious domains, then the reputation of any domain that is resolved to (i.e., hosted by) this IP address is also tainted (i.e., more likely than others to be malicious).
True
Before we attempt a botnet takedown, we need to first investigate its infrastructure, and so all we need to do is to run the bot malware in a sandbox environment for a few minutes and observe the domain(s) that it uses.
False
The use of machine learning (ML) in security is a very recent development (i.e., only started in the last few years).
False
A bot sends spam only during the day because the attacker has learned that sending spam during the night results in an anomaly by a ML-based detection system. This is called an evasion attack on machine learning.
True
To make a causative (or, poisoning) attack on machine learning successful, an attacker just needs to inject random noise into the training data.
False
One of the reasons why PAYL can be evaded is that it is very simple: the features are very simple and the anomaly detection model is also very simple.
True
It is very hard to prevent poisoning attack when we don’t have complete control of the process of generating or collecting training data (and hence can’t ascertain the authenticity and integrity of training data).
True
If we replicate our valuable data and store the copies in multiple servers, we can improve (or, at the least, not weaken) its availability, integrity, and confidentiality.
False
In Secret Sharing, one can create as many shares as he desires (i.e., n can be arbitrarily large), but having too many shares increases the chance of an attacker acquiring enough (i.e., at least k) shares to obtain the original secret.
True
In the Byzantine Fault-Tolerance model discussed in the lecture, it is assumed that a replica can be faulty (e.g., gives a wrong answer) or simply not responding (e.g., has crashed).
True
To improve the tolerance against cyberattacks, we can use several replicated systems (with the same hardware and software) instead of just one.
False
