100 Points - 25 Questions - 4 Points each
For each statement, select the most appropriate answer.
- _Generative AI_ has made spear phishing attacks easier to carry out by:
(a) Crafting exploits based on newly disclosed vulnerabilities.
(b) Correlating personal data from leaked databases and crafting custom messages.
(c) Creating scripts that enable sending the same message out to tens of thousands of users.
(d) Discovering new vulnerabilities. - Which of the following best describes a backdoor in the context of computer security?
(a) A program that records keystrokes and sends them to an attacker.
(b) A covert method for bypassing normal authentication or security mechanisms.
(c) A vulnerability in outdated software that allows code execution.
(d) A malicious web page that mimics a login form to steal passwords. - A signature in anti-malware software is:
(a) A cryptographic hash used to verify file integrity.
(b) An encrypted identifier used to track malware infection.
(c) A digital signature to detect if the anti-malware database has been corrupted.
(d) A byte sequence believed to be unique to a piece of malware. - What core lesson does Ken Thompson's Reflections on Trusting Trust illustrate?
(a) A program's source code must be inspected not only for malicious actions but also for vulnerabilities.
(b) Inspecting source code is sufficient only if the compiler source code has also been verified.
(c) A compiler can be malicious even if neither it nor the target program shows malicious code in source form.
(d) Virtualization layers can introduce undetectable changes in a program's execution environment. - A rootkit is:
(a) Software designed to hide certain processes or files from detection.
(b) Software that installs itself in a bootloader to run before the operating system boots.
(c) A framework for building viruses and worms.
(d) Software that exploits privilege escalation vulnerabilities. - Polymorphic malware:
(a) Contacts an external server for instructions on what actions to take.
(b) Infects a system with a small piece of software that then downloads the full malware package from a server.
(c) Is a technique used to evade detection by modifying the code before propagating it.
(d) Uses multiple exploits to attempt to infiltrate a system. - Why can a hypervisor rootkit be more difficult to detect than traditional kernel-mode rootkits?
(a) It runs at the same privilege level as the kernel but hides in encrypted memory regions.
(b) It runs beneath the operating system, making the OS unaware of its manipulation.
(c) It installs as a user-mode program and hides its actions through process injection.
(d) It subverts the boot process to hijack system calls from the BIOS. - In a CAM overflow attack, what is the attacker's goal?
(a) Crash a switch by flooding it with malformed packets.
(b) Exhaust the switch's ability to track device locations, causing it to broadcast traffic.
(c) Reconfigure switch ports to forward traffic to a specific port.
(d) Redirect traffic by overwhelming the router's ARP cache. - Which of the following best explains a common vulnerability in both ARP and DHCP protocols?
(a) Both are legacy protocols that encrypt messages using outdated algorithms.
(b) Both use a challenge-response mechanism that can be bypassed by attackers.
(c) Both produce responses without using cryptographic checks.
(d) Both accept responses without authenticating or validating the sender's identity. - What is the key mechanism behind a DNS rebinding attack?
(a) Tricking the user into visiting a malicious site that returns an incorrect IP address for a trusted domain.
(b) Modifying the victim's hosts file to change domain resolution permanently.
(c) Changing a domain's IP address after the initial resolution to bypass same-origin restrictions.
(d) Returning invalid DNS records to crash the resolver or cause denial of service. - Why was BGP vulnerable to prefix hijacking?
(a) It was built on trust with no authentication for route advertisements.
(b) It relied on DNS for authentication.
(c) It lacked path length validation.
(d) It encrypted advertisements using outdated algorithms. d - BGP does not rely on encryption by default - How can DNS spoofing via cache poisoning be avoided?
(a) Use longer DNS TTLs.
(b) Redirect all DNS requests to local routers.
(c) Validate the UDP checksums.
(d) Use randomized query IDs and source ports. c - UDP checksums don't protect against spoofing. - Why are reflection amplification attacks typically carried out over UDP rather than TCP?
(a) UDP allows services to respond only to encrypted traffic.
(b) UDP does not require a connection, so responses can be redirected to spoofed IP addresses.
(c) UDP services ignore malformed headers, making spoofing easier.
(d) TCP is incompatible with amplification due to smaller headers. - What is the primary purpose of the TLS handshake?
(a) To compress the application data before encryption.
(b) To verify firewall traversal capabilities.
(c) To establish a shared secret and authenticate the server.
(d) To encapsulate IP packets for tunneling. - How does TLS differ from a VPN in terms of protection scope?
(a)TLS protects only DNS traffic, while VPNs protect all network traffic.
(b) TLS encrypts at the network layer; VPNs encrypt at the application layer.
(c) TLS requires certificates, while VPNs do not.
(d) TLS protects individual application sessions; VPNs protect all traffic from the device. - What is a typical use case for VPN tunneling that TLS alone cannot handle?
(a) Providing access to a corporate network from a remote location.
(b) Sending encrypted email between clients.
(c) Securing file transfers between two specific applications.
(d) Encrypting credentials sent in a login form. - What is the primary security purpose of a DMZ (Demilitarized Zone)?
(a) To isolate internet-facing services from the internal network.
(b) To connect untrusted networks directly to internal systems.
(c) To block outbound traffic from internal users.
(d) To host backup and archival data. - Which of the following is a limitation of Deep Packet Inspection (DPI)?
(a) It can only filter based on IP addresses and ports.
(b) It cannot detect known attack signatures in unencrypted traffic.
(c) It can only monitor traffic entering the network, not leaving it.
(d) It cannot inspect the content of traffic protected by end-to-end encryption. - What is the primary security challenge posed by deperimeterization?
(a) Systems become more reliant on encrypted traffic, which firewalls cannot inspect.
(b) DNS and DHCP services are no longer functional in segmented networks.
(c) User authentication must be offloaded to cloud providers.
(d) Internal and external networks blend, making it harder to define trust boundaries. - Which is a core principle in a Zero Trust architecture?
(a) All internet-to-internal network traffic must pass through a firewall.
(b) Users are trusted once authenticated inside the internal network.
(c) No device or user is trusted by default, regardless of network location.
(d) Security products must be thoroughly tested and audited before they are deployed. - The same-origin policy enforces which of the following restrictions?
(a) Scripts can access data only if both pages share the same protocol, host, and port.
(b) Scripts can only manipulate elements on the same page.
(c) Scripts are not allowed to store data in the browser.
(d) Scripts must be served from the same server as the page. - What is a primary goal of Cross-Origin Resource Sharing (CORS)?
(a) Prevent mixed content from being loaded on secure pages.
(b) Enable browsers to reject tracking cookies.
(c) Allow JavaScript from one origin to access data from another with server consent.
(d) Isolate iFrame content from its parent. - Why is Cross-Site Request Forgery (CSRF) a security problem?
(a) It abuses the user's authenticated session to perform unwanted actions.
(b) It injects malicious scripts into a victim's browser.
(c) It tricks users into downloading malware via email links.
(d) It forces a site to execute system commands. - Why are tracking pixels considered a privacy concern?
(a) They encrypt user sessions.
(b) They inject malicious JavaScript into pages.
(c) They prevent users from opting out of data collection.
(d) They allow servers to log visits and send cookies invisibly. - Which condition would most likely enable a reflected XSS (Cross-Site Scripting) attack?
(a) A login form stores submitted usernames in a database and displays them on a profile page.
(b) A web application includes a user-provided value in a search results page without escaping it.
(c) A content delivery network serves JavaScript files from multiple domains.
(d) A browser extension injects a script that disables third-party cookies.
Week 10: Networks