Question and Answer (2026/2027) | 100%
Verified Answers
• Which of the following actors are part of the cyber crime underground economy?
Exploit Developers
Botnet Masters
Spammers
All of the above -✓✓ All of the above
• Which of the following is/are NOT a potential network DoS mitigation? Select
multiple.
Client Puzzles
CAPTCHAs
Source Identification
Use only TCP
Increase UDP 3-way handshake -✓✓ CAPTCHAs
Use only TCP
Increase UDP 3-way handshake
• In 2015, GitHub was a victim of a distributed denial of service attack. The
attackers injected malicious JavaScript code in GitHub's web pages. -✓✓ False
• T/F: A website ""http://gatech.edu"" is able to set or overwrite cookies from the
website ""https://gatech.edu"". The server is not able to distinguish the overwritten
cookies from the original cookies. This is an example of violation of session
integrity. -✓✓ True
• Which is INCORRECT regarding the session token?
Tokens will expire, but there should still be mechanisms to revoke them if
necessary
Token size, like cookie size, is not a concern
The token must be stored somewhere
All of them -✓✓ Token size, like cookie size, is not a concern
, • T/F: The HTTPS lock icon on the webpage is only displayed after all elements on
a webpage are fetched using HTTPS, a valid HTTPS cert is issued by a trusted
certificate authority for all elements, and the domain in the URL matches
CommonName or SubjectAlternativeName in cert. -✓✓ True
• The following question is from the recommended reading "Exposing Private
Information by Timing Web Applications". Which of these are valid defenses by
web applications to resist timing attacks?
Adding random delay to the response
Both the answer choices are correct
Taking constant amount of time always for processing a request -✓✓ Taking
constant amount of time always for processing a request
• You are visiting a page that contains two iframes: http://example.com Links to an
external site. and https://example.com Links to an external site.. They can access
each other's content directly. -✓✓ False
• T/F: HTTPS encrypts the host address to protect the user's privacy. -✓✓ False
• T/F: Content Security Policy (CSP) is an HTTP header that instructs the web
browser to restrict the source of contents to load or execute. It prevents cross-site
scripting, clickjacking, and code injection attacks. -✓✓ True
• T/F: From the paper "A Look Back at "Security Problems in the TCP/IP Protocol
Suite," it's safe to rely on the IP source address for authentication. -✓✓ Flase
• T/F: In Steve Friedl's tech tips, he recommends people to run patched servers.
However, patched servers might still be vulnerable. -✓✓ True
• Which of these is a TCP security problem:
Eavesdropping
Denial of service
Packet sniffing
All of the above -✓✓ All of the above