CS419 Exam 3

100 Points - 25 Questions - 4 Points each

For each statement, select the most appropriate answer.

1. Hashed passwords:
   (a) Slow down the login validation process, making guessing more time-consuming.
   (b) Make it difficult to crack a password even when presented with its hash.
   (c) Ensure that an attacker will not be able to tell if two users have identical passwords.
   (d) Speed up the login validation process, since only hashed values need to be compared.
2. Salt in a password:
   (a) Will ensure that an attacker will not be able to tell if two users have identical passwords.
   (b) Slows down the login validation process, making guessing more time-consuming.
   (c) Makes it essentially impossible to decrypt the password.
   (d) Serves an encryption key to create combined encryption and hashing.
3. Which is NOT a form of two-factor authentication?
   (a) Password + Time-based One-time Password (TOTP)
   (b) User name + Fingerprint scan
   (c) Password + SMS code
   (d) Access card + Iris scan
4. The Time-based One-Time Password (TOTP) relies on:
   (a) Both sides having a shared secret value.
   (b) Having the client encrypt a challenge sent by the server using a time-based function.
   (c) The server controlling the time of day during which a user is allowed to log in.
   (d) Providing authentication for services that a user will use only one time.
5. Universal Second Factor (U2F) authentication is best described as:
   (a) A combined authentication and key exchange protocol.
   (b) A one-time password generating device that generates a password based on the server address and time.
   (c) A USB-based biometric authentication device that sends encoded biometric data to the server.
   (d) A challenge-response protocol based on public keys and digital signatures.
6. A man-in-the-middle (MITM) attack can best be avoided by:
   (a) Exchanging Diffie-Hellman keys to create a common key to encrypt a session.
   (b) Using a time-based one-time password.
   (c) Using a public key from the server certificate to send an encrypted session key.
   (d) Using hashed passwords.
7. CAPTCHA works on the principle that:
   (a) Certain image recognition problems are much more difficult for computers than humans.
   (b) Image recognition tasks cannot be scripted to automate the authentication process.
   (c) Even if image recognition is automated, the web interaction still requires a human.
   (d) The delay of solving CAPTCHA puzzles is long enough to slow down any botnet-based attacks.
8. This attack on the link layer allows an attacker to see traffic on all machines on a local area network:
   (a) DHCP (dynamic host configuration protocol) spoofing.
   (b) ARP (address resolution protocol) cache poisoning.
   (c) DNS (domain name system) rebinding.
   (d) CAM (content addressable memory) table overflow.
9. In which attack does a system impersonate a network switch?
   (a) ARP cache poisoning.
   (b) DHCP spoofing.
   (c) VLAN hopping.
   (d) CAM table overflow.
10. The purpose of SYN cookies is to:
    (a) Create a shared key for a connection so that the server will accept only properly-signed messages.
    (b) Allow the client to authenticate that the server is not an imposter.
    (c) Avoid allocating memory for TCP connections until the server gets a response from the client.
    (d) Provide a simple way for a client and server to set up an encrypted link.
11. A DNS rebinding attack can:
    (a) Cause a client to contact a different DNS server.
    (b) Make network traffic visible to all systems on the local area network.
    (c) Cause a browser to unknowingly violate the same-origin policy.
    (d) Enable network messages to bypass firewall filters.
12. The IPSec Authentication Header (AH) protocol ensures that:
    (a) Packets are not forged.
    (b) Packets are encrypted.
    (c) Packets are compressed.
    (d) All of the above.
13. Blocking all TCP traffic from any systems whose IP address is in the range 128.8/16 requires, at a minimum:
    (a) A screening router with stateful inspection (SPI).
    (b) A packet filter.
    (c) An Intrusion Prevention System (IPS).
    (d) An application proxy.
14. A DMZ (demilitarized zone) is best described as:
    (a) A network link that has no systems on it and separates internal and external firewalls.
    (b) A network between the Internet and local network that hosts unprotected systems.
    (c) A protected subnet hosting systems that provide Internet-facing services.
    (d) A highly-secure subnet that is not accessible from the Internet.
15. Amplification attacks are the result of:
    (a) Viruses and worms that propagate at an exponential rate.
    (b) A high frequency of packets that overwhelm a firewall, forcing it to pass remaining traffic uninspected.
    (c) Messages with spoofed source addresses sent to services that provide large responses.
    (d) Social engineering that relies on humans to propagate malware into internal networks.
16. Which technique is most likely to detect port scanning attacks?
    (a) Protocol-based IDS.
    (b) Signature-based IDS.
    (c) Anomaly-based IDS.
    (d) Packet filter.
17. Clickjacking occurs when:
    (a) Malicious JavaScript on a page generates fake mouse click events.
    (b) A user is misled into clicking on a page element she did not intend to click.
    (c) Mouse clicks are intercepted by a script and their action is changed.
    (d) Malware impersonates a browser and sends simulated click events on ads.
18. Cross-Site Scripting (XSS) occurs when:
    (a) JavaScript on a page is permitted to access content on a server different from the origin.
    (b) A web page loads JavaScript from a site different from the origin.
    (c) User input is not validated and contains a script that is later presented as page content.
    (d) A single web page loads multiple JavaScript files from different origins.
19. You can reduce the likelihood of Cross-Site Request Forgery (XSRF) by:
    (a) Ensuring that commands are not present as parameters in the link.
    (b) Validating that the domain in a link is referencing a legitimate service rather than a spoofed one.
    (c) Making HTTPS instead of HTTP requests.
    (d) Making sure that user input does not contain any JavaScript.
20. A bitcoin wallet needs to store your:
    (a) Your list of transactions.
    (b) Your public & private keys.
    (c) Your account balance.
    (d) All of the above.
21. Bitcoin does NOT use:
    (a) Digital signatures.
    (b) Merkle trees.
    (c) Encryption.
    (d) Hash functions.
22. A proof of work ensures that:
    (a) The integrity of each transaction is rigorously validated by the network of peers.
    (b) A majority of systems in the bitcoin network approves each transaction.
    (c) Each transaction created by a user is properly signed.
    (d) An attacker cannot modify data in a block quickly in a way that yields valid block hashes.
23. A 51% attack means that an attacker:
    (a) Modified transactions on over 50% of the nodes.
    (b) Caused over 50% of the systems denied transaction.
    (c) Harnessed over 50% of the total hashing power.
    (d) Took down over 50% of the systems in the bitcoin network by a DoS attack.
24. Android keeps applications from accessing each other's data by:
    (a) Running each process under a different user ID.
    (b) Placing each application in a separate container.
    (c) Running a process in its own chroot jail.
    (d) Running each app in a separate TrustZone instance.
25. TrustZone on Android and Secure Enclave on Apple:
    (a) Perform run-time validation of executing software.
    (b) Runs each app in its own sandbox.
    (c) Enable sections of an application to be tagged as security-critical and run at a high priority.
    (d) Run security-critical services under a separate operating system.