Question
please I need ansers for these help : Question 30 Mallory uses a hash collision to generate two X.509 certificates with identical hashes. A CA
please I need ansers for these help :
Question 30
"Mallory uses a hash collision to generate two X.509 certificates with identical hashes. A CA signs one digitial certificate, and Mallory copies the signature to the other certificate. Classify this as a violation of confidentiality, integrity, or availability."
| Confidentiality | ||
| Integrity | ||
| Availability |
10 points
Question 31
"For a cross-site request forgery (CSRF) attack to succeed, the victim must be logged into the target web application."
True
False
10 points
Question 32
A web application stores patient medical records in an encrypted database and uses TLS for all pages. What types of attacks may still be able to access patient data? You may choose more than one answer.
| Packet Sniffing | ||
| Cross Site Scripting | ||
| Network Scanning | ||
| SQL Injection |
10 points
Question 33
"Violations of which of confidentiality, integrity, or availability can be detected through the use of honeytokens. You may choose more than one answer."
| Availability | ||
| Confidentiality | ||
| Integrity |
10 points
Question 34
Yarrow and similar special purpose generators are cryptographically secure random number generators.
True
False
10 points
Question 35
"For a spoofed DNS response to be accepted and cached, the spoofed response must match the original DNS query in which of the following fields? You may select more than one answer."
| UDP source port | ||
| TCP sequence number | ||
| Query ID (QID) | ||
| Question |
10 points
Question 36
What type of malware uses different encryption code with each infection?
| Virus | ||
| Polymorphic | ||
| Metamorphic | ||
| Armored |
10 points
Question 37
A random nonce in an HTML hidden field with each form can mitigate CSRF attacks.
True
False
10 points
Question 38
"Identify which secure design principle is being followed or violated in the following situation. Two server processes, a web and a database server, run on the same physical server."
| Least Privilege | ||
| Fail-Safe Defaults | ||
| Economy of Mechanism | ||
| Complete Meditation | ||
| Open Design | ||
| Separation of Privilege | ||
| Least Common Mechanism | ||
| Psychological Acceptability |
10 points
Question 39
Which security control would best mitigate the dangers of a laptop stolen from a company?
| Anti-Virus | ||
| BIOS password | ||
| Disk encryption | ||
| OS password |
10 points
Question 40
"A 99% accurate network intrusion detection system generates 1,000,100 log entries. The base rate of malicious events is 100 per 1,000,100 events. How many false negatives will be reported by the NIDS?"
| 1 | ||
| 10 | ||
| 100 | ||
| "10,000" |
10 points
Question 41
Diffie-Hellman is secure against passive eavesdroppers who cannot forge or modify packets.
True
False
10 points
Question 42
"Classify honeypots as a security control as one of the following types: prevention, detection, recovery. Choose the answer that best fits."
| Detection | ||
| Prevention | ||
| Recovery |
10 points
Question 43
A linear congruential generator is a cryptographically secure random number generator.
True
False
10 points
Question 44
"A 99% accurate network intrusion detection system generates 1,000,100 log entries. The base rate of malicious events is 100 per 1,000,100 events. How many false positives will be reported by the NIDS?"
| 1 | ||
| 10 | ||
| 100 | ||
| "10,000" |
10 points
Question 45
SQL injection attacks are impossible if the web application uses TLS for all pages.
True
False
10 points
Question 46
SQL injection attacks can be prevented by JavaScript form validation.
True
False
10 points
Question 47
"When a web server accesses a database server using the MySQL protocol via an SSL tunnel, which protocol is the encapsulating protocol?"
| IP | ||
| TCP | ||
| SSL | ||
| MySQL |
10 points
Question 48
"Alice, Bob, Claire, and Dan communicate via public key cryptography. Each pair does not want the other persons to be able to see their private communications, i.e. Alice and Bob want to communicate without Claire or Dan being able to read their messages. How many different secret keys does this group need?"
| 1 | ||
| 4 | ||
| 6 | ||
| 8 |
10 points
Question 49
Which of the following is the most secure input validation technique?
| Indirect selection | ||
| Blacklist | ||
| Whitelist | ||
| White box |
10 points
Question 50
What are the two things that can be reduced to improve security when producing a system. Select exactly two answers.
| Exploits | ||
| Vulnerabilities | ||
| Attack surface | ||
| Malware |
10 points
Question 51
Certificate pinning was designed to protect TLS sessions against which types of attacks? You may choose more than one answer.
| Man-in-the-middle attacks | ||
| Forged digital signatures | ||
| Packet sniffing | ||
| Replay attacks |
10 points
Question 52
Identify which secure design principle is being followed or violated in the following situation. Modifying a web application to use an ordinary database user account instead of an administrative database user account.
| Least Privilege | ||
| Fail-Safe Defaults | ||
| Economy of Mechanism | ||
| Complete Meditation | ||
| Open Design | ||
| Separation of Privilege | ||
| Least Common Mechanism | ||
| Psychological Acceptability |
10 points
Question 53
Classify the following situation using our four-quadrant threat model: an organization finds a novel hash collision attack to bypass code signing so that their malware cannot be detected.
| Broad/Off-the-Shelf | ||
| Broad/Sophisticated | ||
| Targeted/Off-the-Shelf | ||
| Targeted/Sophisicated |
10 points
Question 54
Nessus can find zero day vulnerabilities.
True
False
10 points
Question 55
Increasing the sensitivity of a biometric authentication system will increase the false positive rate.
True
False
10 points
Question 56
Diffie-Hellman is secure against man-in-the-middle (MITM) attacks.
True
False
10 points
Question 57
Classify the following situation using our four-quadrant threat model: a hacker breaks WPA security using aircrack to sniff a local wireless network.
| Broad/Off-the-Shelf | ||
| Broad/Sophisticated | ||
| Targeted/Off-the-Shelf | ||
| Targeted/Sophisicated |
10 points
Question 58
Which of the following firewall technologies works primarily at the network layer? You may select more than one answer.
| Stateless packet filters | ||
| Proxy servers | ||
| Stateful firewalls | ||
| Application layer firewalls |
10 points
Question 59
A TLS certificate should be revoked when which of the following happens. You may choose more than one answer.
| The private key associated with the certificate is revealed to the world. | ||
| The public key associated with the certificate is revealed to the world. | ||
| A TLS certificate expires. | ||
| A TLS certificate is issued to the wrong person. |
10 points
Question 60
The SHA-1 hash algorithm is no longer considered secure against collision attacks.
True
False
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Ehs 2.0 Revolutionizing The Future Of Safety With Digital Technology
Authors: Tony Mudd
1st Edition
B0CN69B3HW, 979-8867463663
