Random Questioning: network

Showing posts with label network. Show all posts

Wednesday, 5 May 2021

Network Security Quiz

Question 1: Which of the following statements about EAP authenticator is CORRECT?
Select one or more:
EAP authenticator may also play the role of an authentication server
EAP authenticator can communicate with supplicants using IEEE 802.1X
EAP authenticator is the device that grants access to the network
A WiFi access point is an example of an EAP authenticator

Solution: EAP authenticator may also play the role of an authentication server
EAP authenticator can communicate with supplicants using IEEE 802.1X
EAP authenticator is the device that grants access to the network
A WiFi access point is an example of an EAP authenticator

Question 2: Identify the methods that are commonly used to control network access in a corporate network.
Select one or more:
Assign users to specific VLAN based on their access level
Allow access to devices based on their MAC address
Control access between network segments using firewall
Use 802.11X authentication

Solution: Assign users to specific VLAN based on their access level
Control access between network segments using firewall
Use 802.11X authentication

Question 3: Which of the following statements about EAP over LAN (EAPOL) is CORRECT?
Select one or more:
EAPOL support the transmission of EAP authentication packets over IEEE 802 LAN standards such Ethernet or WiFi
EAPOL is a protocol defined as part of IEEE 802.1X
EAPOL defines an authentication method to be used with IEEE 802.1X authentication
EAPOL is used to carry data packets sent after authentication has been approved

Solution: EAPOL support the transmission of EAP authentication packets over IEEE 802 LAN standards such Ethernet or WiFi
EAPOL is a protocol defined as part of IEEE 802.1X

Question 4:When a mobile phone is made into a WiFi hotspot, it would play the role of:
Select one or more:
Authenticator
Authentication server
Supplicant
Wireless medium

Solution: Authenticator
Authentication server

Question 5: Choose the essential features of cloud computing from the list below.
Select one or more:
Computing resources can be increased or decreased based on the specified service requirement
Cloud users are charged based on the amount of computing resources used
Computing resources are shared among the cloud users.
Cloud users can provision for computing resources themselves without the need to interact with any employee from the cloud service provider

Solution: Computing resources can be increased or decreased based on the specified service requirement
Cloud users are charged based on the amount of computing resources used
Cloud users can provision for computing resources themselves without the need to interact with any employee from the cloud service provider

Question 6:What are the security risks related to the use of cloud computing?
Select one or more:
Cloud computing account may be compromised by attackers
Cloud computing resources may be used for malicious purposes
Data may be leaked to other cloud computing users
Data may be read by the employees of the cloud service provider

Solution: Cloud computing account may be compromised by attackers
Cloud computing resources may be used for malicious purposes
Data may be leaked to other cloud computing users
Data may be read by the employees of the cloud service provider

Question 7: The IEEE 802.11i standard provides confidentiality through which of the following protocols?
Select one or more:
EAP
CCMP
TKIP
IEEE 802.11X

Solution: CCMP
TKIP

Question 8: The IEEE 802.11i standard provides access control through which of the following mechanisms?
Select one or more:
PSK
TKIP
CCMP
IEEE 802.11X

Solution: PSK
IEEE 802.11X

Question 9: Among the reasons why mobile devices are more prone to security risks are:
Select one or more:
Mobile devices are equipped with Global Positioning System (GPS) receiver
Mobile devices run mobile operating systems where security features are not implemented
Mobile devices are easily lost or stolen
Mobile devices connect to various different networks

Solution: Mobile devices are equipped with Global Positioning System (GPS) receiver
Mobile devices are easily lost or stolen
Mobile devices connect to various different networks

Question 10: Which of the following should be done to secure a newly bought WiFi access point to be installed in your house?
Select one or more:
Change the default administration password
Change the default SSID name
Choose WPA3 for authentication even though it is not supported by the wireless devices that will use the access point
Use IEEE 802.1X instead of PSK as the authentication method

Solution: Change the default administration password
Change the default SSID name

Question 11: Choose the factors that contribute to the higher security risk of wireless networks as compared to wired networks.
Select one or more:
The fact that wireless devices are mobile and often connect to various different networks
Wireless network protocols have no security mechanisms implemented
Some mobile devices have limited capability to deal with security threats
The broadcast nature of wireless medium

Solution: The fact that wireless devices are mobile and often connect to various different networks
Some mobile devices have limited capability to deal with security threats
The broadcast nature of wireless medium

Question 12: Among the common threat(s) faced by devices when communicating over a wireless network are:
Select one or more:
Attacker can break into any TCP or UDP port even though it is not opened
Its MAC address could be sniffed by attacker
The access point that it connects to could be a rogue access point
Its HTTP cookies can be easily sniffed even if HTTPS is used

Solution: Its MAC address could be sniffed by attacker
The access point that it connects to could be a rogue access point

Question 13: Choose the CORRECT statement(s) about WiFi association.
Select one or more:
It is not possible for association to be done without having to enter a password
It is possible to permit association based on device MAC address
Association refers to the process of transferring data from a wireless device to a WiFi access point
WPA3 is an authentication protocol used during WiFi association

Solution: It is possible to permit association based on device MAC address
WPA3 is an authentication protocol used during WiFi association

Question 14:Which of the following statements are TRUE about open WiFi network?
Select one or more:
When WPA3 is used, data transmitted in open WiFi network is encrypted
When open WiFi network is used, data is transmitted in clear text
Open WiFi network is only available in access points that support WEP
In open WiFi network, association can be done without requiring a password

Solution: When WPA3 is used, data transmitted in open WiFi network is encrypted
When open WiFi network is used, data is transmitted in clear text
In open WiFi network, association can be done without requiring a password

Question 15: Which of the following statements are TRUE about WPA2-Personal and WPA2-Enterprise?
Select one or more:
In WPA2-Personal, a single password is shared between multiple users
In WPA2-Personal, a radius server is used for authentication
In WPA2-Enterprise, each user has is own password
In WPA2-Enterprise, the access point can verify user credentials

Solution: In WPA2-Personal, a single password is shared between multiple users
In WPA2-Enterprise, each user has is own password

Network Security Quiz

Question 1: Which of the following is the latest VPN protocol?
WireGuard
OpenVPN
IPSec
SSTP

Solution: WireGuard

Question 2: A firewall can be implemented in the following ways EXCEPT:
As a module in a router or a switch
As a specialized firewall hardware
As a software running on a PC operating system
As a module in a network interface card

Solution: As a module in a network interface card

Question 3: In what way is an IPS (intrusion prevention system) different from an IDS (intrusion detection system)?
An IPS can prevent an attack while an IDS can detect an attack
IDS is installed on a host while IPS is installed on a network
IPS is more intelligent than an IDS because it uses machine learning
Upon detecting a malicious activity, an IDS will only generate an alert while an IPS will attempt to take an appropriate action to mitigate the attack

Solution: Upon detecting a malicious activity, an IDS will only generate an alert while an IPS will attempt to take an appropriate action to mitigate the attack

Question 4: Why is stateful inspection firewall more secure than the packet filtering firewall?
Stateful inspection firewall will automatically block high-numbered ports without having to specify them in the rules
Stateful inspection firewall will only allow incoming packets to high-numbered ports if they are part of an active TCP connection
Stateful inspection firewall can filter packets based on the network application
Stateful inspection firewall can allow for more specific rules

Solution: Stateful inspection firewall will only allow incoming packets to high-numbered ports if they are part of an active TCP connection

Question 5: Which of the following security objectives are important when VPN is used for organizations?
Confidentiality and authenticity
Privacy and authenticity
Confidentiality and anonymity
Privacy and anonymity

Solution: Confidentiality and authenticity

Question 6: An online NIDS (Network-based intrusion detection system) is characterized by:
Its ability to perform traffic evaluation in real time
Its ability to utilize online resources in detecting malicious activities
Its ability to be online 24/7 and monitor traffic all the time
Its ability to search for vulnerability signature online

Solution: Its ability to perform traffic evaluation in real time

Question 7:Which of the following specifies the main difference between stateful inspection firewall and packet filtering firewall?
State inspection firewall is faster
Stateful inspection firewall maintains the list of active TCP connections
Stateful inspection firewall can identify to which network application the packet belongs to
State inspection firewall can detect a network attack

Solution: Stateful inspection firewall maintains the list of active TCP connections

Question 8: Which of the following security threats cannot be prevented by a firewall?
A DDoS attack coming from a specific IP address range
A staff who attempts to use BitTorrent application for downloading pirated software and movies
An external attacker who attempts to exploit an unused port on a server in the DMZ
A malware downloaded through Web browsing activity of staff within the organization

Solution: A malware downloaded through Web browsing activity of staff within the organization

Question 9: Choose the correct statement regarding signature-based and anomaly-based IDS detection methods
Anomaly-based detection can only detect both active and passive attacks while signature-based detection only detect passive attacks
Signature-based detection makes use of machine learning algorithms and therefore is more accurate than anomaly-based detection
Signature-based detection may suffer from false positives while anomaly-based detection is more accurate
Signature-based detection can only detect known attacks while anomaly-based detection can detect new attacks

Solution: Signature-based detection can only detect known attacks while anomaly-based detection can detect new attacks

Question 10: Which of the following statements are TRUE about the TCP SYN flood attack?
Select one or more:
It is a type of reflector DDoS attack
It works by having the attacker to pretend to establish TCP connection to the victim but never actually complete the connection
It causes the victim to use up its system resources
It attempts to saturate the bandwidth of the victim

Solution: It works by having the attacker to pretend to establish TCP connection to the victim but never actually complete the connection
It causes the victim to use up its system resources

Question 11: Which of the following statements are TRUE about the HTTP flood attack?
Select one or more:
It can be configured to cause the victim to use up its system resources
It can saturate the bandwidth of the victim
It works by having attackers send large number of HTTP GET or POST messages to the victim
It is a type of reflector DDoS attack

Solution: It can be configured to cause the victim to use up its system resources
It can saturate the bandwidth of the victim
It works by having attackers send large number of HTTP GET or POST messages to the victim

Question 12: An SQL injection attack may allow an attacker to:
Select one or more:
Insert new data in database
Cause the web browser to execute a script belonging to the attacker
Hijack session belonging to another user
Modify existing data in database
Execute administrative operations on the database
Read data from database

Solution: Insert new data in database
Modify existing data in database
Execute administrative operations on the database
Read data from database

Question 13: Which of the following statements are TRUE about the MAC flooding attack?Select one or more:It forces the switch to behave like a hubIt aims to congest the networkIt causes the switch to become slow and not responsiveIt causes the switch to forward packets to all outgoing portsSolution:

It forces the switch to behave like a hub
It causes the switch to forward packets to all outgoing ports

Question 14:The man-in-the-middle (MITM) attacks compromise which of the following security objectives?Select one or more:ConfidentialityAvailabilityIntegrityAuthenticity Solution:

Confidentiality
Integrity
Authenticity

Question 15: Say that PC_A is communicating with PC_B in a LAN. An attacker (PC_X) wants to read all the messages sent from PC_B to PC_A. This can be achieved by doing ARP cache poisoning on PC_B.The IP address and MAC address of the three PCs are as follows:PC_A: IP address = 172.18.20.15, MAC address = 28:2A:3C:D4:56:98PC_B: IP address = 172.18.20.20, MAC address = 97:12:AC:AB:8E:9CPC_X: IP address = 172.18.20.101, MAC address = CA:98:65:7A:D1:12What is the ARP entry that you need to insert into PC_B's ARP table?IP address: 172.18.20.101, MAC address: 28:2A:3C:D4:56:98IP address: 172.18.20.15, MAC address: 28:2A:3C:D4:56:98IP address: 172.18.20.15, MAC address: CA:98:65:7A:D1:12IP address: 172.18.20.20, MAC address: CA:98:65:7A:D1:12Solution:

IP address: 172.18.20.15, MAC address: CA:98:65:7A:D1:12

Wednesday, 17 March 2021

Network Security Quiz

Q1: The Multimedia Internet Mail Extension (MIME) is used to allow non-ASCII content such as an image to be sent using email. Which of the following is NOT performed in order to allow for non-ASCII content to be sent?

A. Encrypt the non-ASCII content
B. Encode the non-ASCII content to ASCII format
C. Specify the encoding method in the email header
D. Specify the type of non-ASCII content in the email header

Solution: TLS

Q2: When DomainKeys Identified Email (DKIM) is used, what is stored in the DNS server that needs to be retrieved by the receiving email server?
A. Email policy specified by the sending domain
B. List of email servers that are authorized to send email from the sending domain
C. Public key of the email sender domain
D. Public key of the DNS server

Solution: Public key of the email sender domain

Q3: Which of the following data transfer is NOT done using the SMTP protocol?
A. Send email from an email client application to sender's email server
B. Transfer email message from the receiver's mailbox to the receiver's user agent
C. Send email from the sender's email server to the receiver's email server
D. Forward email from one email server to another email server

Solution: Transfer email message from the receiver's mailbox to the receiver's user agent

Q4: Which of the following S/MIME service - mechanism pair is NOT correct?
A. Integrity - hashing
B. Integrity - digital signature
C. Confidentiality - symmetric cryptography
D. Authentication - public key infrastructure (PKI)

Solution: Integrity - digital signature

Q5: To send email to the address salman@uniten.edu.my, the sender's email server needs to find the IP address of the receiver's email server (i.e. uniten.edu.my). Which DNS resource record type contains this information?
A. MX
B. A
C. NS
D. MAIL

Solution: MX

Q6: Which security objective is compromised when a transmitted email is read by an attacker during its transmission?
A. Authenticity
B. Accountability
C. Integrity
D. Confidentiality

Solution: Confidentiality

Q7: When SPF (Sender Policy Framework) is used, what is stored in the DNS server?
A. Public key of the email receiver domain
B. Public key of the email sender domain
C. Email server(s) authorized to send email for particular domain
D. Policy specified by the email sender

Solution: Email server(s) authorized to send email for particular domain

Q8: Which of the following use of encryption keys in S/MIME is not correct?
A. Receiver's public key: encrypt the secret key
B. Sender's private key: encrypt the hash value
C. Secret key: encrypt the email content
D. Symmetric key: encrypt the email header

Solution: Symmetric key: encrypt the email header

Q9: The command STARTTLS is executed when this TLS mode is used:
A. Start TLS mode
B. Explicit TLS mode
C. Implicit TLS mode
D. Normal TLS mode

Solution: Explicit TLS mode

Q10: In which of the following situations it is more suitable to use AH instead of ESP?
A. When the main security concern is passive attack
B. When the packet carries authentication information such as login credential
C. When communication is done between two hosts instead of a host and a firewall/router
D. When the IP payload is TLS data

Solution: When the IP payload is TLS data

Q11: If IPSec is to be used to configure a VPN between a remote worker using a laptop and the main office, which of the following IPSec protocols and modes that should be used?
A. AH tunnel mode
B. ESP tunnel mode
C. ESP transport mode
D. AH transport mode

Solution: ESP tunnel mode

Q12: When two hosts are communicating using IPSec, the information regarding whether they are using AH or ESP is specified in:
A. IP header of the transmitted packets
B. The digital certificate used by the sender and receiver
C. IPSec policy configured on both the sender and receiver
D. Security association used by the communication

Solution: Security association used by the communication

Q13: The use of private IP provides security in which of the following ways?
A. It prevents hosts using private IP addresses from being directly accessed by attackers in the Internet
B. It prevents hosts with private IP addresses from accessing insecure websites in the Internet
C. It prevents other intranet hosts from directly accessing hosts using private IP addresses
D. It prevents malware from being downloaded into hosts using private IP addresses

Solution: It prevents hosts using private IP addresses from being directly accessed by attackers in the Internet

Q14: What is the main motivation behind the development of IPv6?
A. The realization that the IPv4 address space is going to be used up
B. To provide a more secure IP protocol
C. To improve the speed of the Internet traffic
D. To catch with the use of modern networking technology and equipment

Solution: The realization that the IPv4 address space is going to be used up

Q15: You are configuring a communication between two servers. You would like to use IPSec to ensure that the two servers are not replaced by a different server, and they should stop communicating if that happens. Which of the following IPSec protocols and modes that should be used?
A. AH in transport mode
B. AH in tunnel mode
C. ESP in tunnel mode
D. ESP in transport mode

Solution: AH in transport mode

Network Security Quiz

Q1: The use of HTTPS ensures the following EXCEPT

A. Confirms that the browser is a communicating with an authentic web server
B. Hides the IP address of the user's computer
C. The website content downloaded is encrypted and cannot be read
D. HTTP header is encrypted and cannot be read

Solution: Hides the IP address of the user's computer

Q2: What is the purpose of MIME extension in email application?
A. To authenticate the email sender
B. To encrypt the email content
C. To enable email to send attachments
D. To enable email to carry ASCII contents

Solution: To enable email to send attachments

Q3: The following are true about private IP addresses EXCEPT:
A. The address block 172.16.0.0/12 belongs to one of the private IP address blocks
B. Accessing the Internet requires the use of Network Address Translation (NAT)
C. A private IP address used in an organization may also be used in another organization
D. They can be directly accessed from the Internet

Solution: They can be directly accessed from the Internet

Q4: Given below are examples of network attack surface EXCEPT:
A. A corporate firewall that is configured to allow incoming connection on port 80
B. A corporate firewall that is configured to allow outgoing connection on port 80
C. A telnet service running on a public Web server
D. A login page on a website that does not use TLS

Solution: A corporate firewall that is configured to allow outgoing connection on port 80

Q5: Which of the following is a type of passive security attack?
A. Masquerade
B. Traffic analysis
C. Denial of service
D. Replay

Solution: Traffic analysis

Q6: The feature of SSH that enables any insecure TCP connection to be converted to a secure SSH connection is called ____________.
A. Port forwarding
B. Remote login
C. Channel conversion
D. Securing channel

Solution: Port forwarding

Q7: Which of the following email security threats can be prevented using DNSSEC?
A. Email sent is transmitted to the attackerʼs server
B. Email cannot be sent due to DoS attack
C. Email sent is sniffed during transmission
D. Email sending address is spoofed

Solution: Email sent is transmitted to the attackerʼs server

Q8: Which of the following is NOT a TLS record protocol payload?
A. Application data
B. Alert protocol
C. Hello protocol
D. Change cipher spec protocol

Solution: Hello protocol

Q9: Given below are security services offered by the Authentication Header (AH) protocol in IPSec EXCEPT:

A. Confidentiality
B. Integrity
C. Access control
D. Authentication

Solution: Confidentiality

Q10: DNSSEC ensures the following security objective(s):
A. Authenticity and confidentiality
B. Confidentiality, integrity and authenticity
C. Integrity and authenticity
D. Confidentiality and integrity

Solution: Integrity and authenticity

Q11: Given below are part of the Internetʼs network layer EXCEPT:
A. The TCP protocol
B. The IP protocol
C. The routing protocols
D. The ICMP protocol

Solution: The TCP protocol

Q12: Given below are ways by which we can secure email application EXCEPT:
A. Configure email client to run SMTP and IMAP over TLS
B. Configure email client to use S/MIME
C. Configure email client to use IPSec
D. Configure email server to use SPF, DKIM and DMARC

Solution: Configure email client to use IPSec

Q13: Which of the following protocols is used to set up a security association (SA)?
A. Security Association Connection (SAC)
B. Authentication Header (AH)
C. Encapsulating Security Payload (ESP)
D. Internet Key Exchange (IKE)

Solution: Internet Key Exchange (IKE)

Q14: Given below are among the security concerns to an Internet user EXCEPT:

A. An attacker may sniff your packets
B. You may not be communicating with the person that you think you are communicating with
C. Your Internet connection may not be fast enough that an attacker may capture your slow moving packet
D. Malware may be secretly installed on your computer

Solution: Your Internet connection may not be fast enough that an attacker may capture your slow moving packet

Q15: The security protocol used in HTTPS is _____________.
A. TLS
B. DNSSEC
C. IPSec
D. SSH

Solution: TLS

Q16: The use of HTTP proxy can prevent _____________.
A. the web server from knowing the IP address of the computer running the Web browser
B. an attacker from modifying an HTTP reply message
C. an attacker from sniffing the HTTP messages sent between the web browser and server
D. hijacking of an HTTP session

Solution: the web server from knowing the IP address of the computer running the Web browser

Q17: A security policy database (SPD) may contain the following information EXCEPT:
A. Security parameter index (SPI)
B. Remote IP address and port number
C. Local IP address and port number
D. Action to be taken

Solution: Security parameter index (SPI)

Q18: Which of the following fields is not encrypted in Encapsulating Security Payload (ESP) transport mode?
A. ESP trailer
B. TCP header
C. IP header
D. TCP data

Solution: IP header

Q19: The SSH protocol was initially developed for the purpose of:
A. File transfer
B. Remote program execution
C. Sending email
D. Remote login

Solution: Remote login

Q20: Which of the following is one of the differences between S/MIME and OpenPGP?
A. S/MIME uses certificates issued by Certificate Authority while OpenPGP generates their own public and private keys
B. S/MIME provides authenticity and confidentiality, while OpenPGP only provides confidentiality
C. S/MIME does not include the senderʼs public key with the message, while OpenPGP includes the senderʼs public key with the message
D. OpenPGP provides authenticity and confidentiality, while S/MIME only provides authenticity

Solution: S/MIME uses certificates issued by Certificate Authority while OpenPGP generates their own public and private keys

Q21: Given below are part of the Internet’s network layer EXCEPT

A. The IP protocol
B. The routing protocols
C. The TCP protocol
D. The ICMP protocol

Solution: The TCP protocol

Q22: Which of the following is NOT one of the reasons why TLS has become the most popular network security protocol?
A. TLS is independent of operating system platform
B. TLS is used to secure the Web application, which is the most used network application
C. TLS only needs to be configured once, and all network applications running on the host would then be protected
D. From a user point of view, using TLS is as easy as downloading and using a client application that implements TLS

Solution: TLS only needs to be configured once, and all network applications running on the host would then be protected

Q23: Which of the following email security mechanisms can be configured by an email user?
Select one:
A. DKIM
B. SPF
C. DANE
D. PGP

Solution: PGP

Q24: Which of the following is an advantage of using IPsec (which is network-layer security protocol) as compared to using TLS (which is a transport-layer security protocol)?
A. Configuration of IPsec is easier compared to TLS
B. IPsec uses more secure cryptographic protocols compared to TLS
C. Once IPsec is configured, communication will all Internet hosts will be protected
D. Once IPsec is configured, data transfer of all network applications with the specified receiving host will be protected

Solution: Once IPsec is configured, data transfer of all network applications with the specified receiving host will be protected

Q25: Which of the following is NOT true about the use of explicit TLS in email application?
A. Before secure connection is achieved, port 25 is used by SMTP client to connect to SMTP server
B. When explicit TLS is used, email message sent between an email client and an email server is encrypted
C. It requires an insecure SMTP connection to be upgraded to a secure connection using the STARTTLS command
D. Explicit TLS can be used not only by SMTP, but also by IMAP and POP3

Solution: Before secure connection is achieved, port 25 is used by SMTP client to connect to SMTP server

Q26: The use of https prevents the following attacks from being conducted EXCEPT:
A. Attacker replacing the Web server with a malicious server
B. Attacker sniffing the username and password transmitted by Web browser
C. Attacker stealing the HTTP cookie transmitted in an HTTP request message
D. Attacker spoofing the IP address of the host on which the Web browser is running

Solution: Attacker spoofing the IP address of the host on which the Web browser is running

Q27: What is contained in an HTTP cookie?
A. A string that specifies the type of Web browser used by the user
B. The username and password of the Web user in cleartext
C. A string that identifies the Web user
D. The username and password of the Web user in encrypted form

Solution: A string that identifies the Web user

Q28: Which of the following is NOT true about DNS-based Authentication of Named Entities (DANE)?
A. It solves security issues related to the use of STARTTLS
B. It encrypts the email data regardless of whether the email server supports TLS or not
C. It ensures the authenticity of an email server without verifying the server's digital certificate with a Certificate Authority (CA)
D. It makes use of a DNS record called TLSA

Solution: It encrypts the email data regardless of whether the email server supports TLS or not

Q29: In S/MIME, what is the use of the receiver's private key?
A. To encrypt the message digest
B. To decrypt the message content
C. To decrypt the message digest
D. To decrypt the secret key
E. To encrypt the message content
F. To encrypt the secret key

Solution: To decrypt the secret key

Q30: In S/MIME, what is the use of the receiver's public key?
A. To decrypt the secret key
B. To decrypt the message content
C. To encrypt the message digest
D. To encrypt the message content
E. To decrypt the message digest
F. To encrypt the secret key

Solution: To encrypt the secret key

Q31: Differentiate between active and passive security attacks.

Solution:

Passive security attack: In this attack the intruder or attacker just sniffs the information, he does not modify or change it. He only listens to the traffic and compromises the confidentiality of the data

Active Security attack: In this the attacker first listens to the information and then changes it and then forwards it to the receiving party which means the confidentiality and integrity both compromises.

Q32: If you perform a port scan, and see that a port is opened on the host, what does that tell you?

Solution: Open port tells that the port or the network is actively accepting packets and indicates that it is listening

Q33: Both Sender Policy Framework (SPF) and DomainKeys Identified Email (DKIM) are used to prevent the email sending address from being spoofed. However, the techniques used are different. Differentiate between the techniques used by these two mechanisms.

Solution: SPF makes use of a TXT DNS resource log in which the sending domain identifies all of the domain's senders. To authenticate the sender, the receiver will query a TXT DNS resource record about the sender's address domain and IP address. DKIM, on the other hand, uses a digital signature. The sender's private key will be used to sign the message. The receiver would then search the public key to see if the message is from the legitimate sender

Q34: HTTP cookie is a useful mechanism for Web application and can provide various functionalities to the Web application. However, it has a number of security issues.
(a) If you are logged in to a web application, HTTP cookie is used to maintain your login session. What could happen if an attacker manage to capture the cookie?
(b) What is the solution to the problem mentioned in (a) above?
(c) Explain ONE (1) more security issue related to the use of HTTP cookie.

Solution: a) Attacker could steal user session ID and perform session hijacking where attacker can later perform any action that the active user is authorized to do.
b) To solve the problem of unencrypted format for cookies the owner of the web application should use HTTPS with a digital certificate but for me, I should delete the cookies and log out after I finish using the session.
c) If an attacker steals the http cookie, the attacker can view user's browsing history and monitor user's activities. This compromises confidentiality.

Q35: For each of the following situation, identify the most suitable IPSec protocol (AH or ESP) and mode (transport or tunneling) to be used.
(a) A staff working from home during COVID-19 pandemic, and would like to establish a Virtual Private Network (VPN) to his corporate network.
(b) A system administrator configuring two servers that always send data to each other. The system administrator needs to ensure that the data transmitted between the two servers cannot be read by an attacker.
(c) A system administrator configuring firewall between two office branches. The data transmitted are all TLS data. The main aim of using IPSec would be to ensure the authenticity of the two firewalls.

Solution: a) ESP tunnel mode
b) ESP transport mode
c) AH tunnel mode

Saturday, 20 February 2021

Network Security Quiz

Q1: In order to allow for secure remote login using SSH, which of the following port number needs to be allowed by the firewall?
Select one:
A. 21
B. 80
C. 443
D. 22

Solution: 22

Q2: The following statements are true about port numbers EXCEPT:
Select one:
A. Port numbers can provide an indication on the network services running on a host
B. Scanning for open port numbers on a host is considered an active attack
C. Both client and server port numbers need to be set to a fixed number based on the specification in the RFC document
D. Port numbers are among the attack surfaces of a host

Solution: Both client and server port numbers need to be set to a fixed number based on the specification in the RFC document

Q3: Which of the following is the use of the Change Cipher Spec Protocol in TLS?
Select one:
A. To tell the receiver that subsequent data transfer will be protected using the negotiated cipher spec
B. To tell the receiver that the cipher spec need to be changed and re-negotiated
C. To tell the receiver that a new TLS session need to be established
D. To tell the receiver that a new encryption key need to be generated

Solution: To tell the receiver that subsequent data transfer will be protected using the negotiated cipher spec

Q4: Which of the following security objectives are NOT addressed by the SSH protocol?
Select one:
A. Confidentiality
B. Integrity
C. Availability
D. Authentication

Solution: Availability

Q5: As of the year 2020, which of the following TLS versions are still considered secure? Check all that apply.
Select one or more:
A. TLSv1.2
B. TLSv1.1
C. TLSv1.0
D. TLSv1.3

Solution: TLSv1.2
TLSv1.3

Q6: Assume that you have developed a new network application that uses its own application-layer protocol. As it is, the application-layer protocol sends data in clear text. Which of the following protocols can be used to ensure secure data transmission? Check all that apply.
Select one or more:
A. TLS
B. TCP
C. SSH
D. UDP

Solution: TLS
SSH

Network Security Quiz

Question 1: The TLS record protocol performs the following operations EXCEPT:
Select one:
A. Establishing TLS session
B. Appending a TLS header to the data
C. Fragmenting application data
D. Encrypting application data

Solution: Establishing TLS session

Question 2: Which of the following is NOT a characteristic of network application?
Select one:
A. The application must be assigned a port number
B. The application needs to implement a communication protocol
C. The application must be assigned an IP address
D. The application needs to communicate with another application over the network

Solution: The application must be assigned an IP address

Question 3: HTTP cookies allows a website to do the following EXCEPT:
Select one:
A. Keep track of user's activities on the website
B. Provide content based on user's identify
C. Identify the IP address of the user's machine
D. Maintain user login session

Solution: Identify the IP address of the user's machine

Question 4: What is the use of the Message Authentication Code (MAC) in TLS?
Select one:
A. To ensure the data is not modified during transit
B. To ensure the data is compressed to a smaller size
C. To ensure the data cannot be read during transit
D. To ensure an attacker cannot spoof the IP address of the sender

Solution: To ensure the data is not modified during transit

Question 5: Which of the following application protocols send its data in clear text?
Select one:
A. HTTPS
B. SCP
C. SFTP
D. FTP

Solution: FTP

Question 6: Which of the following statements best describe the port forwarding feature of SSH?
Select one:
A. It enables secure data transmission of any network application
B. It enables a port number of an application to be transferred to another application
C. It enables the port number on a host to be transferred to another host
D. It enables the forwarding of data from one host to another

Solution: It enables secure data transmission of any network application

Question 7: Which of the following is NOT true when HTTPS is used?
Select one:
A. HTTP cookies can no longer be sniffed
B. An HTTP header line indicating the use of HTTPS will be added to the header HTTP header
C. Password transmitted using form-based authentication can no longer be sniffed
D. HTTP header is encrypted

Solution: An HTTP header line indicating the use of HTTPS will be added to the header HTTP header

Question 8: HTTPS is the combination of which protocols?
Select one:
A. HTTP + TLS
B. HTTP + SSH
C. TLS + SSL
D. HTTP + TLS + SSH

Solution: HTTP + TLS

Question 9: Which of the following is NOT the function of a Web proxy?
Select one:
A. To enable faster Web browsing
B. To block illegal websites
C. To log browsing activities of users in an organization
D. To prevent malware from being downloaded during Web browsing

Solution: To prevent malware from being downloaded during Web browsing

Question 10: The use of digital certificate in HTTPS ensures which of the following security properties?
Select one:
A. Authenticity of the server
B. Confidentiality of the HTTP messages
C. Integrity of the HTTP messages
D. Availability of the server

Solution: Authenticity of the server

Question 11: Which of the following command line tools can be used to invoke DNS service to convert Internet hostname to IP address? Check all that apply.
Select one or more:
A. nslookup
B. netstat
C. dig
D. ifconfig

Solution: nslookup
dig

Question 12: What are the security services provided by HTTPS? Check all that apply.
Select one or more:
A. Confidentiality
B. Availability
C. Integrity
D. Authenticity

Solution: Confidentiality
Integrity
Authenticity

Question 13: Which of the following services cause data transmission in TCP to be slightly slower than in UDP? Check all that apply.
Select one or more:
A. Process-to-process delivery
B. Error detection
C. Reliable data transfer
D. Congestion control

Solution: Reliable data transfer
Congestion control

Question 14: In order to allow browsing of both HTTP and HTTPS websites, which of the following port number(s) need to be allowed by the firewall? Choose all that apply.
Select one or more:
A. 22
B. 21
C. 80
D. 443

Solution: 80
443

Question 15: Which of the following application-layer protocols utilize the SSH protocol? Check all that apply.
Select one or more:
A. SFTP
B. SHTTP
C. SMTP
D. SCP

Solution: SFTP
SCP