Tentamen 08/05 2024 Flashcards
Which of the following is the advantage of using a passive sensor for NIDS? (select 1 correct answer)
A. A passive sensor is equivalent to firewall; thus, it filters all malicious traffic on the network.
B. A passive sensor does not add extra processing that delay the packet since a copy of the packet is used for analysis.
C. A passive sensor enables the network traffic to be routed back to the source address.
D. None of the above.
B.
A passive sensor in a Network Intrusion Detection System (NIDS) operates by making a copy of the network traffic for analysis without interfering with the original packets. This means it does not introduce latency or delay in the network, as it does not process or modify the actual traffic.
Which of the following is a measure to safeguard availability of a system? (select 1 correct answer)
A. Log file
B. Redundancy
C. Encryption
D. Syslog file
B.
Redundancy is a measure to safeguard the availability of a system. It involves having backup components, systems, or resources that can take over in case of a failure, ensuring that the system remains operational and accessible.
A weakness in a system that can be triggered by a threat source is called? (select 1 correct answer)
A. Threat
B. Risk
C. Vulnerability
D. Attack
C
A vulnerability is a weakness or flaw in a system, process, or design that can be exploited by a threat source (e.g., an attacker) to compromise the security of the system.
Which of the following are examples of dynamic biometrics traits? (select 2 correct answers)
A. Fingerprint
B. Voice pattern
C. Retina
D. Handwriting
B and D
Which of the following is an example of a challenge-response protocol? (select 1 correct answer)
A. Password cracker
B. CAPTCHA
C. IDS/IDPS
D. Digital certificate
B
What is a challenge-response protocol?
A challenge-response protocol involves one party presenting a challenge (e.g., a question or task) and the other party providing a valid response to prove their identity or legitimacy.
What are dynamic biometrics?
Dynamic biometrics are traits that involve behavioral or movement-based characteristics, which can change over time or with each use. These traits are based on how a person performs an action.
What is the purpose of using salt when generating password hash? (select 1 correct answer)
A. To enforce two users to choose the same password that will be saved in the password file.
B. To accelerate dictionary attack against password file.
C. To ensure that two users with the same password have different entries in the password file.
D. To modify the properties of the hashing algorithm used to generate the password hash.
C
In the context of password hashing, what is a salt?
A salt is a random value added to a password before hashing it. Its primary purpose is to ensure that even if two users have the same password, their hashed passwords will be different due to the unique salt value.
Which of the following are examples of countermeasures against threat to authorization?
(select 2 correct answers)
A. Use strong access control list
B. Set cookies to expire
C. Enforce least privilege
D. Encrypt cookies
A and C
What is the principle of enforcing least privilege?
The principle of least privilege ensures that users or systems have only the minimum permissions necessary to perform their tasks, reducing the risk of unauthorized access or actions.
What is the benefit of using a strong access control list?
A strong access control list (ACL) ensures that only authorized users or systems have access to specific resources, which directly counters threats to authorization.
What is the name of a malware that can penetrate networks and computer systems? (select 1 correct answer)
A. Virus
B. Logic bomb
C. Worm
D. None of the above
C
In context, what is a worm?
A worm is a type of malware that can self-replicate and spread across networks and computer systems without requiring user interaction. It is specifically designed to penetrate and propagate through networks.
Which of the following is an attack that can be caused due to careless programming? (select 1 correct answer)
A. Virus attack
B. Ransomware attack
C. Buffer overflow attack
D. Eavesdropping attack
C
When does a buffer overflow attack occur and why?
A buffer overflow attack occurs when a program writes more data to a buffer (a fixed-size block of memory) than it can hold, leading to overwriting adjacent memory. This is often caused by careless programming, such as failing to validate input sizes or properly manage memory.
What is a virus attack?
A virus is a type of malware that attaches itself to a legitimate program or file and spreads when the infected file is executed. It often requires user interaction (e.g., opening an email attachment or downloading a file) to activate and propagate.
Example: A virus might infect a Word document and spread to other documents when the file is opened.
What is a ransomware attack?
Ransomware is a type of malware that encrypts a victim’s files or locks their system, demanding payment (a ransom) in exchange for restoring access. It is often delivered through phishing emails, malicious downloads, or exploiting vulnerabilities.
What is an eavesdropping attack?
An eavesdropping attack (also known as a sniffing or snooping attack) involves intercepting and monitoring network traffic to steal sensitive information, such as passwords, credit card numbers, or confidential data. This is often done on unencrypted or poorly secured networks.
What is the name given to a document that is signed by an issuer and contained the subject’s identity and public key? (select 1 correct answer)
A. Digital letter
B. Digital signature
C. Digital certificate
D. None of the above
C
What is a digital certificate and what does it typically contain?
A digital certificate is an electronic document that binds a public key to the identity of its owner (the subject). It is issued by a trusted Certificate Authority (CA) and contains:
-The subject’s identity (e.g., name, organization).
-The subject’s public key.
-The issuer’s (CA’s) digital signature to verify the certificate’s authenticity.
Which of the following security goals does SSL/TLS protect? (select 2 correct answers)
A. Confidentiality
B. Availability
C. Integrity
D. Authorization
A and C
What is SSL/TLS?
SSL/TLS (Secure Sockets Layer/Transport Layer Security) is a cryptographic protocol designed to secure communication over a network.
What is the name of a security protocol that can protect your IP address from being discovered on the Internet during communication? (select 1 correct answer)
A. Kerberos
B. SSH
C. Telnet
D. VPN
D
What is a VPN?
A VPN (Virtual Private Network) is a security protocol that encrypts your internet traffic and routes it through a remote server, masking your IP address and making it difficult for others to discover your real IP address during communication.
What is Kerberos?
Kerberos is an authentication protocol used to verify the identity of users and services in a network, but it does not hide IP addresses.
What is Telnet?
Telnet is an unencrypted protocol for remote access.
Given the file permission rw- r- - r- - in a UNIX system, which of the following is correct about the group permission? (select 1 correct answer)
A. User that belongs to the group can read and write to the file.
B. User that belongs to the group can read and write but cannot execute the file.
C. User that belongs to the group can read and execute the file but cannot write to the file.
D. User that belongs to the group can read only but cannot write into the file or execute the file.
D
Which of the following access control models focuses on the objects? (select 1 correct answer)
A. Access control list.
B. Capability list.
C. Authorization table
D. Cryptographic hash table
A
What is a capability list?
A capability list is a subject-focused access control model. It lists the permissions that a specific user or process has for various objects.
What is an authorization table?
An authorization table is a matrix that maps subjects (users) to objects (resources) and their permissions.
What is a cryptographic hash table?
A cryptographic hash table is used for data integrity and verification.
What is an asset?
An asset is anything of value that needs to be protected to ensure the organization’s operations, reputation, and success.
What is a vulnerability?
A vulnerability is a weakness, flaw, or gap in a system, process, or design that can be exploited by a threat source (e.g., an attacker, malware, or natural disaster) to compromise the security, integrity, or availability of an asset. Vulnerabilities can exist in hardware, software, networks, or even human behavior.
The process of performing qualitative risk analysis involves judgement, intuition, and experience, list any four techniques that can be used to conduct qualitative risk analysis.
- Risk Probability and Impact Assessment: Evaluate risks based on their likelihood and potential impact, often categorized as Low, Medium, or High.
- Risk Matrix: Plot risks on a grid to prioritize them by probability and impact.
- SWOT Analysis: Identify internal (Strengths, Weaknesses) and external (Opportunities, Threats) factors affecting risk.
- Expert Judgment: Use insights from experienced professionals to assess and prioritize risks.
