notes-ig

questions

15 min read

Exam 01 Questions

1. Which files of a UNIX system are needed for a brute force attack with password cracker software like John the Ripper?

  • A. /etc/users
  • B. /etc/shadow
  • C. /etc/passwd
  • D. /home/users

2. In the ABAC model, which are the types of attributes for defining the policy rules?

  • A. Time attributes
  • B. Environment attributes
  • C. Subject attributes
  • D. Custom attributes

3. Which of the following is a property for a hash function aimed at authentication?

  • A. It should be computationally infeasible to be inverted without using the symmetric key
  • B. It can be applied to a block of data of any size
  • C. It produces a fixed-length output
  • D. Given any x, it should be relatively easy to compute its image

4. Which cipher can encrypt/decrypt with keys of different lengths?

  • A. DES
  • B. AES
  • C. Caesar
  • D. 3DES

5. What is the result of the encryption of the plaintext GOOFY with a Vigenère code using the password FT?

  • A. LTTKD
  • B. LHTYD
  • C. NVJMT
  • D. BJVAF

6. When considering the typical sequence of phases of a virus, which of the temporal relationships hold?

  • A. Triggering phase happens before the execution phase
  • B. Dormant phase happens before the propagation phase
  • C. Propagation phase follows the triggering phase
  • D. Propagation phase happens after the execution phase

7. When considering a biometric system, which operation is analogous to a user logging on to a system using a memory card or smart card coupled with a password or PIN?

  • A. Verification
  • B. Identification
  • C. Enrollment
  • D. Detection

8. When considering IDS, which classification approach performs the analysis of the observed behavior using univariate, multivariate, or time-series models of observed metrics?

  • A. Knowledge-based approach
  • B. Statistical approach
  • C. Machine-learning approach
  • D. Rule-based heuristic approach

9. When using the Tor network, who is able to know the source of a packet that reaches a server?

  • A. The server in any case
  • B. None of the other mentioned
  • C. The exit node, only if the source does not use HTTPS
  • D. The exit node, even if the source uses HTTPS

10. Which is the typical payload of ransomware?

  • A. Keylogging
  • B. Spreading new malware
  • C. Denial of service
  • D. Spamming

11. Which properties must be provided when considering a MAC model with Multi-Level Security?

  • A. No write down
  • B. Mutual authentication
  • C. Append and execute
  • D. No disclosure

12. Which of the following is considered a secondary security property?

  • A. Authenticity
  • B. Availability
  • C. Accountability
  • D. Authorization

13. Which are the main entities in the RBAC model?

  • A. Roles
  • B. Objects
  • C. Sessions
  • D. Users

14. Which attack is characterized by sending HTTP requests that never complete?

  • A. Reflection attack
  • B. Slowloris attack
  • C. SYN spoofing attack
  • D. Flooding attack

15. Which of the following statements is false?

  • A. The Elliptic curve algorithms can be used for both digital signature and encryption of secret keys
  • B. The Diffie-Hellman algorithm can be used for creating digital signatures
  • C. The RSA algorithm can be used for the encryption of secret keys
  • D. The DSS algorithm can be used for symmetric key distribution

16. Which type of attack exploits the server’s trust in the client’s input?

  • A. Session stealing
  • B. Cross-site request forgery
  • C. Cross-site scripting
  • D. SQL injection

17. Which of the following is considered a valid countermeasure against SQL injections?

  • A. Parameterized query
  • B. Strict access control policy
  • C. Input sanitization
  • D. Manually crafted regular expressions

18. Mark the most common types of applications an Electronic Identity Card can provide:

  • A. ePass
  • B. eSign
  • C. eEncrypt
  • D. eDecrypt

19. What is true about IPSec?

  • A. It only works with IPv6
  • B. It is supposed to only use symmetric encryption
  • C. It can only encrypt with the ESP
  • D. It can be used to build a network-layer VPN

20. Which is a main goal of a VPN?

  • A. Confidentiality
  • B. Integrity
  • C. Availability
  • D. Authentication

Exam 02 Questions

1. Mark the correct associations when considering the following figure (Owner, Value, Threat agents, etc.):

Note: 3 is the entity arising from Threat Agents; 4 is the entity increased by 3 and minimized by Owner.

  • A. 3 Risks, 4 Threat
  • B. 2 Assets
  • C. 1 Permissions
  • D. 3 Threats, 4 Risk

2. In which type of Cross-Site Scripting (XSS) does the injection happen in a parameter used by the page to display information to the user dynamically?

  • A. DOM-based Cross-Site Scripting
  • B. Reflected Cross-Site Scripting
  • C. Stored Cross-Site Scripting
  • D. Cross-Site Request Forgery

3. What is true about the Diffie-Hellman algorithm?

  • A. It makes use of SHA-1 and the Digital Signature Algorithm (DSA)
  • B. It relies on the notion that a product of two large prime numbers cannot be easily factored to determine the two prime numbers
  • C. It is a practical method to exchange a secret key securely that can then be used for subsequent encryption of messages
  • D. It cannot be used for encryption and decryption

4. When considering a biometric system, identification is the process…

  • A. …of checking that the biometric template of a user presenting her identity matches the one stored for that user.
  • B. …of digitizing the biometric input presented by an individual, extracting a set of features that can be stored as her template.
  • C. …of looking for a match of a biometric template of an individual by comparing it with the set of stored templates.
  • D. …analogous to a user logging on to a system using a memory card or smart card coupled with a password or PIN.

5. Which is the ability to determine that statements, policies, and permissions issued by persons or systems are genuine?

  • A. De-anonymization
  • B. Authenticity
  • C. Non-repudiation
  • D. Verification

6. In what stream and block ciphers generally differ?

  • A. Only stream ciphers can encrypt messages of any size
  • B. Only block ciphers need padding
  • C. Stream ciphers use longer keys
  • D. Block ciphers are faster than stream ciphers

7. Which wireless security protocol is deprecated?

  • A. WPA2
  • B. WEP
  • C. WPA
  • D. All the other mentioned

8. Which access control model is based on comparing security labels with security clearances?

  • A. ABAC
  • B. RBAC
  • C. MAC
  • D. DAC

9. What is true when considering SQL injection attacks?

  • A. They rely on sending some input to the database server that is interpreted as part of an SQL command
  • B. They can rely on data already present in the system or database
  • C. They generally target the web application server
  • D. They are usually ineffective when there is no actual transfer of data between the database and the web application server

10. What is true when considering the problem of remote user authentication?

  • A. It has to face problems like an adversary replaying an authentication sequence that has been observed.
  • B. It can only work by adopting some form of encryption of the communications link.
  • C. It is typically a simpler case than the case of local user authentication.
  • D. It generally relies on some form of challenge-response protocol.

11. If you fix the length of a password, what does make a password strong?

  • A. If it includes special characters
  • B. If it is chosen from a large dictionary
  • C. If its characters are taken from a large alphabet
  • D. If it is stored hashed with a salt

12. Which is a countermeasure against SQL injections?

  • A. Random canary
  • B. Parameterized query insertion
  • C. Stackshield and Return Address Defender (RAD)
  • D. SQL DOM

13. In what viruses and worms generally differ?

  • A. Only viruses require the user to do some triggering action on an infected file.
  • B. Only worms exploits software vulnerabilities in client or server programs.
  • C. Both of them are platform independent.
  • D. Both can do anything that the infected program is permitted to do.

14. In order to exploit a buffer overflow in a running function, what piece of information should the adversary overwrite?

  • A. The return address of the called function
  • B. The return address to the calling function
  • C. The old frame pointer of the calling function
  • D. The frame pointer of the called function

15. Which piece of information can not be generally found in a Digital Certificate?

  • A. A symmetric-key
  • B. A digital signature
  • C. A private-key
  • D. A public-key

16. Which of the following protocols is specifically conceived for the electronic mail service?

  • A. S/MIME
  • B. TLS
  • C. IPSec
  • D. DKIM

17. Which resource category could be the target of a DoS attack?

  • A. User resources
  • B. Network bandwidth
  • C. Application resources
  • D. System resources

18. The following figure (backup /u/roberto: r,x; /admin/: rx) is an example of…

  • A. Security clearance
  • B. Access control matrix
  • C. Capability list
  • D. Access control list

19. How is called the property of a secure hash function that states: “For any given block x, it is computationally infeasible to find y != x with H(y)=H(x)“?

  • A. Collision resistant
  • B. One-way preimage resistant
  • C. Strong collision resistant
  • D. Second preimage resistant

20. During a typical intrusion, which of the following timing relation hold?

  • A. Initial access happens after system exploit
  • B. Privilege escalation happens after target acquisition
  • C. Covering tracks happens after maintaining access
  • D. Maintaining access happens before privilege escalation

Exam 03 Questions

1. Which of the following is the correct definition of a secure hash function’s “Collision resistant” property?

  • A. is relatively easy to compute for any given x
  • B. For any given block x, it is computationally infeasible to find with
  • C. For any given code h, it is computationally infeasible to find x such that
  • D. It is computationally infeasible to find any pair (x, y) such that

2. Which architecture is represented in the following picture? (Attacker Handler Agent Target)

  • A. A botnet
  • B. A SYN spoofing
  • C. An amplification attack
  • D. A DDoS attack

3. Considering the relation as “happens before”, mark the correct equations about virus phases:

  • A. dormant < execution
  • B. propagation < dormant
  • C. triggering < propagation
  • D. triggering < dormant

4. What is true about Smart Cards?

  • A. They contain a processor and some I/O ports
  • B. They typically include three types of memories
  • C. They are vulnerable to eavesdropping attacks
  • D. They can not be used for user authentication without a card reader

5. Which IDS type monitors a single host’s characteristics for suspicious activity?

  • A. NIDS
  • B. Hybrid IDS
  • C. HIDS
  • D. Distributed IDS

6. What is true about the John the Ripper password cracker?

  • A. Using the wordlist mode, it implements a rainbow table attack
  • B. It can brute-force using both the CPU and the video card
  • C. It can only crack system passwords
  • D. Using the single crack mode, it implements a dictionary attack

7. What is true when considering IEEE 802.11 (WiFi) Services?

  • A. A single ESS can be composed of several BSS
  • B. The initial association between a station and an AP is called Connection Establishment
  • C. Access points (APs) provide integration between a wireless (IEEE 802.11) and a wired (IEEE 802.x) LAN
  • D. A single BSS can be composed of several ESS

8. Which HTTP method can send parameters in the body of their request?

  • A. Only GET
  • B. Neither GET nor POST
  • C. Only POST
  • D. Both GET and POST

9. Which of the following is a mode that can be used with IPSec for building a site-to-site VPN?

  • A. Transport mode
  • B. Security Policy
  • C. Security Association
  • D. Tunnel mode

10. Mark the correct definitions:

  • A. Threat agent - Who conducts or has the intent to conduct detrimental activities
  • B. Threat - A measure of the extent to which an entity is threatened by a potential circumstance or event
  • C. Vulnerability - A device or technique that has as its objective the impairment of undesirable or adversarial activity
  • D. Risk - Any circumstance or event with the potential to adversely impact organizational operations

11. What is false about worms?

  • A. They exploit software vulnerabilities in client or server programs
  • B. They can spread through shared media (USB pen drives, CD, DVD, Blue-Ray data disks, external disks drives)
  • C. They usually carry some form of payload
  • D. They make use of a wide variety of intrusion technologies and malware, including the development of custom malware if required

Exam 04 Questions

1. Mark the correct definitions (Viruses):

  • A. Metamorphic virus: A virus that mutates with every infection
  • B. Polymorphic virus: A virus that mutates and rewrites itself completely at each iteration and may change behavior as well as appearance
  • C. Encrypted virus: A portion of the virus creates a random encryption key and encrypts the remainder of the virus
  • D. Stealth virus: Program that actively seeks out more machines to infect and each infected machine serves as an automated launching pad for attacks on other machines

2. What is an advantage of symmetric encryption with respect to asymmetric encryption?

  • A. It simplifies secret key management
  • B. It is less computationally intensive
  • C. It makes simple the distribution of shared keys
  • D. It allows to provide authentication

3. What is true about the Secure Hashing Algorithm (SHA)?

  • A. Its security depends on the length of the produced hash value
  • B. It is computationally infeasible to find h such that
  • C. There are different versions that have different limitations in the maximum message size
  • D. It is computationally infeasible to find any pair (x, y) such that

4. Which mechanism combination protects a client user from revealing its location to the ISP of the destination server?

  • A. None of the others
  • B. HTTPS
  • C. VPN+HTTPS
  • D. Tor+HTTPS

5. Mark the correct mode types available in the tool John the Ripper:

  • A. Single crack: Tries all possible character combinations as passwords
  • B. Wordlist mode: Use the login names and other strings from the system as candidate passwords, with some predefined modification rules
  • C. Incremental mode: Tries a list of passwords for each hash entry, possibly with modification rules
  • D. External mode: Customizable mode, manually crafted functions that John will use to generate the candidate passwords to try

6. Considering the file permissions shown in the picture below:

  • ./ drwxrwxr-x (root:root)
  • ../ drwxrwxr-x (angelo:angelo)
  • file1 -rw-rw--- (angelo:root)
  • File2 -rw-rw--- (root:angelo)
  • file3 ------- (root:root)
  • A. User angelo can rename file1, but not file3
  • B. User root can read and write file1
  • C. User angelo can read and write file2
  • D. User root can not read nor write file0

7. What is true about passwords?

  • A. They are generally stored applying the same function multiple times to increase the time it takes to verify any single entry
  • B. They are generally stored adding a value called salt to make dictionary attacks slower
  • C. They are generally stored using symmetric encryption so that they can be recovered when lost
  • D. They are generally stored using functions that can be inverted efficiently

8. Which of the following functions of modern cryptography (like AES) can be considered examples of a transposition?

  • A. Addition of the key
  • B. Matrix multiplications
  • C. Substitution boxes
  • D. Shifts of the rows

Exam 06 Questions

1. In which type of attack does the attacker make an authenticated user submit a malicious, unintentional request?

  • A. Denial of Service
  • B. Cross-Site Request Forgery
  • C. Reflected Cross-Site Scripting
  • D. SQL-injection

2. What are the implications of the Same Origin Policy?

  • A. A website can process the data received from another website
  • B. Content coming from website A can only read and modify content coming from A, but cannot access content coming from website B
  • C. A malicious website can not run scripts that access data and functionalities of other websites
  • D. A website can not request a resource from another website

3. Mark the correct associations when considering authenticating factors:

  • A. Voice pattern - something the individual does
  • B. PIN - something the individual possesses
  • C. Iris - something the individual is
  • D. Gait - something the individual is

4. Mark the correct associations between threat and violated security properties:

  • A. Usurpation is a threat to system availability
  • B. Deception is a threat to either system integrity or data integrity
  • C. Disruption is a threat to confidentiality or system integrity
  • D. Unauthorized disclosure is a threat to confidentiality

5. What is false about buffer overflow attacks?

  • A. They perform an unexpected transfer of control
  • B. They corrupt the program code
  • C. They generate memory access violations
  • D. They execute code chosen by the attacker

6. Mark the correct statements (about Cryptography algorithms):

  • A. The RSA algorithm can realize digital signatures, but it cannot be used for symmetric key distribution
  • B. The DSS algorithm can realize digital signatures, but it cannot be used for encryption of secret keys
  • C. The DSS algorithm uses the SHA function to realize digital signatures
  • D. The RSA algorithm is an asymmetric cryptosystem since it makes use of two different public keys

7. When considering SQL injection attacks, where can an adversary exploit an improper use of the user input?

  • A. Cookies
  • B. Headers
  • C. IP addresses
  • D. Website content