CS419 Exam 3
Fall 2019
Paul Krzyzanowski
December 9, 2019
100 Points - 25 Questions - 4 Points each
For each statement, select the most appropriate answer.
- A user's address in bitcoin is:
(a) A hash of their private key.
(b) Their X.509 digital certificate.
(c) A hash of their public key.
(d) The host IP address of the system that stores their wallet. - The change field in a bitcoin transaction:
(a) Provides a way for the receiver to return any excess money to the payer.
(b) Pays the bitcoin network for processing the transaction.
(c) Directs excess money in referenced past transactions back to the payer.
(d) Enables the bitcoin network to return money if the payer overpaid for processing the transaction. - The purpose of proof of work in bitcoin is to:
(a) Provide a bitcoin reward for nodes to participate in the bitcoin network.
(b) Achieve agreement on the next block in the blockchain.
(c) Validate past transactions to ensure there is no double spending.
(d) Generate a tamper-proof signature for a bitcoin transaction. - A bitcoin transaction is confirmed when:
(a) All the nodes in the bitcoin network acknowledge receiving it.
(b) A majority of nodes in the bitcoin network acknowledged it.
(c) The transaction is put into a block and added to the blockchain.
(d) A certain number of blocks have been added to the chain after the transaction.Part 2: Network security
- An attacker can see all traffic on an Ethernet local area network by:
(a) Masquerading as a cascaded (connected) switch.
(b) Sending false responses to ARP (address resolution protocol) queries.
(c) Configuring the operating system to listen on all ethernet MAC addresses.
(d) Sending a lot of Ethernet frames with random source addresses to the switch. - An ARP cache poisoning attack enables an attacker to:
(a) Install malware onto the attacked computer.
(b) Snoop on all Ethernet traffic originating from the attacked computer.
(c) Redirect traffic on the LAN that is targeted to a specific IP address.
(d) Snoop on all Ethernet traffic on the LAN. - A problem with the Dynamic Host Configuration Protocol (DCHP) is:
(a) A stream of requests can lead to a denial of service attack.
(b) A man-in-the-middle attack can modify the DHCP response.
(c) A system has no way of knowing whose reply is legitimate.
(d) It is too time consuming to validate signatures in DHCP responses. - VLAN (Virtual Local Area Network) hopping attacks take place when:
(a) A computer can forge an ethernet address that belongs to a different LAN.
(b) The switch is hacked with malware.
(c) A computer masquerades as an Ethernet switch.
(d) An attacker overflows the switch's CAM table. - TCP SYN cookies are used to:
(a) Avoid having to allocate TCP resources until the TCP handshake is complete.
(b) Authenticate that the sender's IP address is legitimate at the start of a TCP session.
(c) Add unique data to each TCP packet so that packets injected by an attacker can be detected.
(d) Overwhelm a system with TCP connection requests until it cannot accept any more. - BGP (Border Gateway Protocol) hijacking attacks take place by:
(a) An attacker modifying BGP messages in the network.
(b) Accepting messages without validating the source.
(c) Having a router incorrectly advertise a better route for a range of addresses.
(d) Attackers breaking into a border router and snooping on all traffic going through it.Part 3: Firewalls & VPNs
- Which algorithm is not supported in the IPsec Authentication Header (AH) protocol?
(a) AES-CBC encryption.
(b) HMAC-SHA2 message authentication code.
(c) Diffie-Hellman key exchange.
(d) RSA public key authentication. - A transport mode IPsec ESP VPN differs from tunnel mode because it:?
(a) Does not encrypt the application data.
(b) Allows a client to communicate with only one application.
(c) Sends data at the transport layer (TCP) instead of the network layer (IP).
(d) Does not change the IP header when the packet is routed to the Internet. - Packet filters cannot block traffic based on the:
(a) Source IP address.
(b) URL.
(c) TCP or UDP port number.
(d) Router interface. - A DMZ (demilitarized zone):
(a) Isolates Internet-facing services to another subnet.
(b) Provides a subnet where some traffic does not have to flow through a firewall.
(c) Is an internal network that can be used to test malware since it disallows any traffic to the Internet.
(d) Is a network that can be used by two or more organizations to share data securely. - Deep Packet Inspection (DPI) inspects:
(a) IP header fields such as time-to-live and checksum fields.
(b) Validity of packets with respect to the current TCP session state.
(c) Application-specific data.
(d) A combination of layer 2 (Ethernet), layer 3 (IP), and layer 4 (TCP & UDP) headers. - Deperimeterization is the problem of:
(a) Computers moving in and out of the internal network.
(b) Systems with Internet-facing and internal services on the same network.
(c) Internet-facing services sharing the same computer as internal services.
(d) Not monitoring traffic between the ISP and local network. - UDP-based protocols are easier to attack than TCP protocols because:
(a) TCP uses sequence numbers.
(b) The payload is not encrypted
(c) UDP datagrams are not signed.
(d) UDP does not guarantee reliable delivery.Part 4: Web and mobile security
- The SECURE flag for a web cookie means:
(a) The cookie's contents will be encrypted prior to placing it in an HTTP header.
(b) The cookie will be sent only if there is an HTTPS connection to the server.
(c) A digital signature is attached to the cookie to detect tampering.
(d) The cookie is not accessible to web scripts. - CORS (cross-origin resource sharing) enables a web:
(a) A web application to download data from another domain.
(b) A web page to include images and scripts from different places.
(c) A web server to redirect a URL to another domain.
(d) A web page to contain links to other domains. - DNS rebinding attacks are effective because:
(a) A hacked DNS server may return the wrong address for a domain name.
(b) Fake DNS replies coming from a malicious script can confuse a client doing a legitimate query.
(c) Origins are associated with domain names and not addresses.
(d) DNS queries that produce large responses can be used in DDoS attacks. - One way of defending against cross-site request forgery is to:
(a) Validate user input at the browser.
(b) Have the server to check the address of the web page that the request link came from.
(c) Make sure the web page does not use any third-party scripts.
(d) Enforce to the same-origin policy. - Extended Validation (EV) certificates differ from other X.509 digital certificates because they:
(a) Use stronger encryption.
(b) Prove the legal entity of the owner of the certificate.
(c) Require validating the entire chain of certificates up to the root certificate.
(d) Perform mutual authentication (the client authenticates the server & the server authenticates the client). - Unlike iOS, Android isolates app resources by:
(a) Running each app in a container.
(b) Using a kernel-level sandbox that filters allowable system calls and file access.
(c) Using per-app namespaces.
(d) Assigning a different user ID to each app. - Unlike Android, iOS isolates app resources by:
(a) Running each app in a container.
(b) Using a kernel-level sandbox that filters allowable system calls and file access.
(c) Using per-app namespaces.
(d) Assigning a different user ID to each app. - iOS's Secure Enclave is:
(a) A secure storage service provided by iOS to store keys and other sensitive information.
(b) A gatekeeper component that authorizes messages from one app to another.
(c) An encryption and signing library that is used by iOS apps for data security services.
(d) A separate processor running a different operating system to manage security-sensitive tasks.