Q1: The use of HTTPS ensures the following EXCEPT
A. Confirms that the browser is a communicating with an authentic web server
B. Hides the IP address of the user's computer
C. The website content downloaded is encrypted and cannot be read
D. HTTP header is encrypted and cannot be read
Solution: Hides the IP address of the user's computer
Q2: What is the purpose of MIME extension in email application?
A. To authenticate the email sender
B. To encrypt the email content
C. To enable email to send attachments
D. To enable email to carry ASCII contents
Solution: To enable email to send attachments
Q3: The following are true about private IP addresses EXCEPT:
A. The address block 172.16.0.0/12 belongs to one of the private IP address blocks
B. Accessing the Internet requires the use of Network Address Translation (NAT)
C. A private IP address used in an organization may also be used in another organization
D. They can be directly accessed from the Internet
Solution: They can be directly accessed from the Internet
Q4: Given below are examples of network attack surface EXCEPT:
A. A corporate firewall that is configured to allow incoming connection on port 80
B. A corporate firewall that is configured to allow outgoing connection on port 80
C. A telnet service running on a public Web server
D. A login page on a website that does not use TLS
Solution: A corporate firewall that is configured to allow outgoing connection on port 80
Q5: Which of the following is a type of passive security attack?
A. Masquerade
B. Traffic analysis
C. Denial of service
D. Replay
Solution: Traffic analysis
Q6: The feature of SSH that enables any insecure TCP connection to be converted to a secure SSH connection is called ____________.
A. Port forwarding
B. Remote login
C. Channel conversion
D. Securing channel
Solution: Port forwarding
Q7: Which of the following email security threats can be prevented using DNSSEC?
A. Email sent is transmitted to the attackerʼs server
B. Email cannot be sent due to DoS attack
C. Email sent is sniffed during transmission
D. Email sending address is spoofed
Solution: Email sent is transmitted to the attackerʼs server
Q8: Which of the following is NOT a TLS record protocol payload?
A. Application data
B. Alert protocol
C. Hello protocol
D. Change cipher spec protocol
Solution: Hello protocol
Q9: Given below are security services offered by the Authentication Header (AH) protocol in IPSec EXCEPT:
A. Confidentiality
B. Integrity
C. Access control
D. Authentication
Solution: Confidentiality
Q10: DNSSEC ensures the following security objective(s):
A. Authenticity and confidentiality
B. Confidentiality, integrity and authenticity
C. Integrity and authenticity
D. Confidentiality and integrity
Solution: Integrity and authenticity
Q11: Given below are part of the Internetʼs network layer EXCEPT:
A. The TCP protocol
B. The IP protocol
C. The routing protocols
D. The ICMP protocol
Solution: The TCP protocol
Q12: Given below are ways by which we can secure email application EXCEPT:
A. Configure email client to run SMTP and IMAP over TLS
B. Configure email client to use S/MIME
C. Configure email client to use IPSec
D. Configure email server to use SPF, DKIM and DMARC
Solution: Configure email client to use IPSec
Q13: Which of the following protocols is used to set up a security association (SA)?
A. Security Association Connection (SAC)
B. Authentication Header (AH)
C. Encapsulating Security Payload (ESP)
D. Internet Key Exchange (IKE)
Solution: Internet Key Exchange (IKE)
Q14: Given below are among the security concerns to an Internet user EXCEPT:
A. An attacker may sniff your packets
B. You may not be communicating with the person that you think you are communicating with
C. Your Internet connection may not be fast enough that an attacker may capture your slow moving packet
D. Malware may be secretly installed on your computer
Solution: Your Internet connection may not be fast enough that an attacker may capture your slow moving packet
Q15: The security protocol used in HTTPS is _____________.
A. TLS
B. DNSSEC
C. IPSec
D. SSH
Solution: TLS
Q16: The use of HTTP proxy can prevent _____________.
A. the web server from knowing the IP address of the computer running the Web browser
B. an attacker from modifying an HTTP reply message
C. an attacker from sniffing the HTTP messages sent between the web browser and server
D. hijacking of an HTTP session
Solution: the web server from knowing the IP address of the computer running the Web browser
Q17: A security policy database (SPD) may contain the following information EXCEPT:
A. Security parameter index (SPI)
B. Remote IP address and port number
C. Local IP address and port number
D. Action to be taken
Solution: Security parameter index (SPI)
Q18: Which of the following fields is not encrypted in Encapsulating Security Payload (ESP) transport mode?
A. ESP trailer
B. TCP header
C. IP header
D. TCP data
Solution: IP header
Q19: The SSH protocol was initially developed for the purpose of:
A. File transfer
B. Remote program execution
C. Sending email
D. Remote login
Solution: Remote login
Q20: Which of the following is one of the differences between S/MIME and OpenPGP?
A. S/MIME uses certificates issued by Certificate Authority while OpenPGP generates their own public and private keys
B. S/MIME provides authenticity and confidentiality, while OpenPGP only provides confidentiality
C. S/MIME does not include the senderʼs public key with the message, while OpenPGP includes the senderʼs public key with the message
D. OpenPGP provides authenticity and confidentiality, while S/MIME only provides authenticity
Solution: S/MIME uses certificates issued by Certificate Authority while OpenPGP generates their own public and private keys
Q21: Given below are part of the Internet’s network layer EXCEPT
A. The IP protocol
B. The routing protocols
C. The TCP protocol
D. The ICMP protocol
Solution: The TCP protocol
Q22: Which of the following is NOT one of the reasons why TLS has become the most popular network security protocol?
A. TLS is independent of operating system platform
B. TLS is used to secure the Web application, which is the most used network application
C. TLS only needs to be configured once, and all network applications running on the host would then be protected
D. From a user point of view, using TLS is as easy as downloading and using a client application that implements TLS
Solution: TLS only needs to be configured once, and all network applications running on the host would then be protected
Q23: Which of the following email security mechanisms can be configured by an email user?
Select one:
A. DKIM
B. SPF
C. DANE
D. PGP
Solution: PGP
Q24: Which of the following is an advantage of using IPsec (which is network-layer security protocol) as compared to using TLS (which is a transport-layer security protocol)?
A. Configuration of IPsec is easier compared to TLS
B. IPsec uses more secure cryptographic protocols compared to TLS
C. Once IPsec is configured, communication will all Internet hosts will be protected
D. Once IPsec is configured, data transfer of all network applications with the specified receiving host will be protected
Solution: Once IPsec is configured, data transfer of all network applications with the specified receiving host will be protected
Q25: Which of the following is NOT true about the use of explicit TLS in email application?
A. Before secure connection is achieved, port 25 is used by SMTP client to connect to SMTP server
B. When explicit TLS is used, email message sent between an email client and an email server is encrypted
C. It requires an insecure SMTP connection to be upgraded to a secure connection using the STARTTLS command
D. Explicit TLS can be used not only by SMTP, but also by IMAP and POP3
Solution: Before secure connection is achieved, port 25 is used by SMTP client to connect to SMTP server
Q26: The use of https prevents the following attacks from being conducted EXCEPT:
A. Attacker replacing the Web server with a malicious server
B. Attacker sniffing the username and password transmitted by Web browser
C. Attacker stealing the HTTP cookie transmitted in an HTTP request message
D. Attacker spoofing the IP address of the host on which the Web browser is running
Solution: Attacker spoofing the IP address of the host on which the Web browser is running
Q27: What is contained in an HTTP cookie?
A. A string that specifies the type of Web browser used by the user
B. The username and password of the Web user in cleartext
C. A string that identifies the Web user
D. The username and password of the Web user in encrypted form
Solution: A string that identifies the Web user
Q28: Which of the following is NOT true about DNS-based Authentication of Named Entities (DANE)?
A. It solves security issues related to the use of STARTTLS
B. It encrypts the email data regardless of whether the email server supports TLS or not
C. It ensures the authenticity of an email server without verifying the server's digital certificate with a Certificate Authority (CA)
D. It makes use of a DNS record called TLSA
Solution: It encrypts the email data regardless of whether the email server supports TLS or not
Q29: In S/MIME, what is the use of the receiver's private key?
A. To encrypt the message digest
B. To decrypt the message content
C. To decrypt the message digest
D. To decrypt the secret key
E. To encrypt the message content
F. To encrypt the secret key
Solution: To decrypt the secret key
Q30: In S/MIME, what is the use of the receiver's public key?
A. To decrypt the secret key
B. To decrypt the message content
C. To encrypt the message digest
D. To encrypt the message content
E. To decrypt the message digest
F. To encrypt the secret key
Solution: To encrypt the secret key
Q31: Differentiate between active and passive security attacks.
Solution:
Passive security attack: In this attack the intruder or attacker just sniffs the information, he does not modify or change it. He only listens to the traffic and compromises the confidentiality of the data
Active Security attack: In this the attacker first listens to the information and then changes it and then forwards it to the receiving party which means the confidentiality and integrity both compromises.
Q32: If you perform a port scan, and see that a port is opened on the host, what does that tell you?
Solution: Open port tells that the port or the network is actively accepting packets and indicates that it is listening
Q33: Both Sender Policy Framework (SPF) and DomainKeys Identified Email (DKIM) are used to prevent the email sending address from being spoofed. However, the techniques used are different. Differentiate between the techniques used by these two mechanisms.
Solution: SPF makes use of a TXT DNS resource log in which the sending domain identifies all of the domain's senders. To authenticate the sender, the receiver will query a TXT DNS resource record about the sender's address domain and IP address. DKIM, on the other hand, uses a digital signature. The sender's private key will be used to sign the message. The receiver would then search the public key to see if the message is from the legitimate sender
Q34: HTTP cookie is a useful mechanism for Web application and can provide various functionalities to the Web application. However, it has a number of security issues.
(a) If you are logged in to a web application, HTTP cookie is used to maintain your login session. What could happen if an attacker manage to capture the cookie?
(b) What is the solution to the problem mentioned in (a) above?
(c) Explain ONE (1) more security issue related to the use of HTTP cookie.
Solution: a) Attacker could steal user session ID and perform session hijacking where attacker can later perform any action that the active user is authorized to do.
b) To solve the problem of unencrypted format for cookies the owner of the web application should use HTTPS with a digital certificate but for me, I should delete the cookies and log out after I finish using the session.
c) If an attacker steals the http cookie, the attacker can view user's browsing history and monitor user's activities. This compromises confidentiality.
Q35: For each of the following situation, identify the most suitable IPSec protocol (AH or ESP) and mode (transport or tunneling) to be used.
(a) A staff working from home during COVID-19 pandemic, and would like to establish a Virtual Private Network (VPN) to his corporate network.
(b) A system administrator configuring two servers that always send data to each other. The system administrator needs to ensure that the data transmitted between the two servers cannot be read by an attacker.
(c) A system administrator configuring firewall between two office branches. The data transmitted are all TLS data. The main aim of using IPSec would be to ensure the authenticity of the two firewalls.
Solution: a) ESP tunnel mode
b) ESP transport mode
c) AH tunnel mode
No comments:
Post a Comment