CS 6262 Network Security Quizzes with
100% Correct Verified Answers
The following question is from the recommended reading "Exposing Private
Information by Timing Web Applications". Which of these are valid defense(s) by web
applications to resist timing attacks?
- Both the answer choices are correct
- Taking constant amount of time always for processing a request
- Adding random delay to the response - ANSWER Taking constant amount of time
always for processing a request
T/F: You are visiting a page that contains two iframes: http://example.com/ and
https://example.com/. They can access each other's content directly. - ANSWER False
T/F: HTTPS encrypts the host address to protect the user's privacy. - ANSWER False
T/F: From the paper "A Look Back at "Security Problems in the TCP/IP Protocol
Suite," it's safe to rely on the IP source address for authentication. - ANSWER False
T/F: In Steve Friedl's tech tips, he recommends people to run patched
servers. However, patched servers might still be vulnerable. - ANSWER True
Which of these is a TCP security problem:
- Eavesdropping
- Denial of service
, - Packet sniffing
- All of the above - ANSWER All of the above
T/F: TCP/IP packets are signed and not able to be forged or spoofed by the client -
ANSWER False
T/F: Randomizing just the initial sequence number completely prevents an attacker from
guessing the right sequence number. - ANSWER False
What is the purpose of BGP in the context of autonomous systems?
- To exchange routing information between autonomous systems
- To determine the routing policy within a domain
- To authenticate ARP requests in a network
- To secure routing protocols from hijacking - ANSWER To exchange
routing information between autonomous systems
T/F: A downside of using DNS Pinning as a defense against DNS Rebinding attacks is
that it makes the interaction with VPNs and proxies difficult. - ANSWER True
What are some of the things to consider when trying to meet the transparency
requirement for malware analysis?
Answers:
- Identical exception handling
- Identical notion of time
- Higher privilege than the malware
- All of the above - ANSWER All of the above
Which of the following is NOT an area of the C based toolchain where hardening can
occur.
- Assembler
- Compiler
100% Correct Verified Answers
The following question is from the recommended reading "Exposing Private
Information by Timing Web Applications". Which of these are valid defense(s) by web
applications to resist timing attacks?
- Both the answer choices are correct
- Taking constant amount of time always for processing a request
- Adding random delay to the response - ANSWER Taking constant amount of time
always for processing a request
T/F: You are visiting a page that contains two iframes: http://example.com/ and
https://example.com/. They can access each other's content directly. - ANSWER False
T/F: HTTPS encrypts the host address to protect the user's privacy. - ANSWER False
T/F: From the paper "A Look Back at "Security Problems in the TCP/IP Protocol
Suite," it's safe to rely on the IP source address for authentication. - ANSWER False
T/F: In Steve Friedl's tech tips, he recommends people to run patched
servers. However, patched servers might still be vulnerable. - ANSWER True
Which of these is a TCP security problem:
- Eavesdropping
- Denial of service
, - Packet sniffing
- All of the above - ANSWER All of the above
T/F: TCP/IP packets are signed and not able to be forged or spoofed by the client -
ANSWER False
T/F: Randomizing just the initial sequence number completely prevents an attacker from
guessing the right sequence number. - ANSWER False
What is the purpose of BGP in the context of autonomous systems?
- To exchange routing information between autonomous systems
- To determine the routing policy within a domain
- To authenticate ARP requests in a network
- To secure routing protocols from hijacking - ANSWER To exchange
routing information between autonomous systems
T/F: A downside of using DNS Pinning as a defense against DNS Rebinding attacks is
that it makes the interaction with VPNs and proxies difficult. - ANSWER True
What are some of the things to consider when trying to meet the transparency
requirement for malware analysis?
Answers:
- Identical exception handling
- Identical notion of time
- Higher privilege than the malware
- All of the above - ANSWER All of the above
Which of the following is NOT an area of the C based toolchain where hardening can
occur.
- Assembler
- Compiler
