CS 6262 Exam Questions and Answers
Everyone who frequents underground forums is cybercriminal or intends to be one. -
Correct Answers -False
For DDoS traceback (Savage et al. '00) a path can be reconstructed even if just one
packet through the path is obtained. - Correct Answers -False
If a botnet uses randomly generated domains each day for command-and-control
(C&C), then there is no way to detect and block the C&C domains. - Correct Answers -
False
DoS attacks always use spoofed IP addresses. - Correct Answers -False
For DoS mitigation, a SYN Cookie ensures that a client is honest because it must ACK
the SYN-ACK cookie from the server, and cannot reuse an old one. - Correct Answers –
True
In the Byzantine Fault-Tolerance model discussed in the lecture, it is assumed that a
replica can be faulty (e.g., gives a wrong answer) or simply not responding (e.g., has
crashed). - Correct Answers -True
To improve the tolerance against cyberattacks, we can use several replicated systems
(with the same hardware and software) instead of just one. - Correct Answers -False
A main challenge in virtual machine monitoring is the need to understand the memory
layouts of data structures of the operating system and applications in the guest virtual
machine. - Correct Answers -True
A drawback of virtual machine monitoring is the high time overhead. - Correct Answers -
True
The use of property-preserving encryption can lead to privacy leakage (e.g., revealing a
user's gender and even identity). - Correct Answers -True
The use of machine learning (ML) in security is a very recent development (i.e., only
started in the last few years). - Correct Answers -False
If I click on a phishing link and end up on a site, but I don't provide valuable information
such as my credit card number to the site, nothing bad can happen. - Correct Answers -
False
, Cyber frauds and scams such as on-line "pharmacy" can only fool the victims once -
that is, no users will be their repeat "customers". - Correct Answers -False
Denial-of-Service attacks always involve sending a very large amount of traffic. -
Correct Answers -False
A lot of cybercrime contents on the web remain invisible to even a very powerful search
engine like Google. - Correct Answers -True
Denial-of-Service attacks can only happen at the network layer. - Correct Answers -
False
A penetration test is always launched from outside the enterprise network being tested.
- Correct Answers -False
A penetration test can combine physical as well as cyber/network access to the
organization being tested. - Correct Answers -True
A benefit of thorough penetration testing is the accurate accounting of network
infrastructures and applications. - Correct Answers -True
Penetration testing is limited to only the technological security controls. - Correct
Answers -False
Fake news can be considered as a social engineering attack. - Correct Answers -True
The ads on a web page can be used to carry out malicious functions. - Correct Answers
-True
Browser extensions and plugins available in an official store (e.g., the Chrome Web
Store) can always be trusted for not containing malicious logics. - Correct Answers -
False
The Same Origin Policy (SOP) for DOM and the SOP for cookies have different
definitions of "origin". - Correct Answers -True
A content security policy (CSP) specifies the allowable sources of web page contents.
This is essentially a whitelist approach. - Correct Answers -True
HTTPS cookies are always secure and can be trusted. - Correct Answers -False
When you connect to Gmail, the SSL/TLS handshake takes place after you have
successfully logged in. - Correct Answers -False
To securely log out a user, it is sufficient to delete the SessionToken on the client
browser. - Correct Answers -False
Everyone who frequents underground forums is cybercriminal or intends to be one. -
Correct Answers -False
For DDoS traceback (Savage et al. '00) a path can be reconstructed even if just one
packet through the path is obtained. - Correct Answers -False
If a botnet uses randomly generated domains each day for command-and-control
(C&C), then there is no way to detect and block the C&C domains. - Correct Answers -
False
DoS attacks always use spoofed IP addresses. - Correct Answers -False
For DoS mitigation, a SYN Cookie ensures that a client is honest because it must ACK
the SYN-ACK cookie from the server, and cannot reuse an old one. - Correct Answers –
True
In the Byzantine Fault-Tolerance model discussed in the lecture, it is assumed that a
replica can be faulty (e.g., gives a wrong answer) or simply not responding (e.g., has
crashed). - Correct Answers -True
To improve the tolerance against cyberattacks, we can use several replicated systems
(with the same hardware and software) instead of just one. - Correct Answers -False
A main challenge in virtual machine monitoring is the need to understand the memory
layouts of data structures of the operating system and applications in the guest virtual
machine. - Correct Answers -True
A drawback of virtual machine monitoring is the high time overhead. - Correct Answers -
True
The use of property-preserving encryption can lead to privacy leakage (e.g., revealing a
user's gender and even identity). - Correct Answers -True
The use of machine learning (ML) in security is a very recent development (i.e., only
started in the last few years). - Correct Answers -False
If I click on a phishing link and end up on a site, but I don't provide valuable information
such as my credit card number to the site, nothing bad can happen. - Correct Answers -
False
, Cyber frauds and scams such as on-line "pharmacy" can only fool the victims once -
that is, no users will be their repeat "customers". - Correct Answers -False
Denial-of-Service attacks always involve sending a very large amount of traffic. -
Correct Answers -False
A lot of cybercrime contents on the web remain invisible to even a very powerful search
engine like Google. - Correct Answers -True
Denial-of-Service attacks can only happen at the network layer. - Correct Answers -
False
A penetration test is always launched from outside the enterprise network being tested.
- Correct Answers -False
A penetration test can combine physical as well as cyber/network access to the
organization being tested. - Correct Answers -True
A benefit of thorough penetration testing is the accurate accounting of network
infrastructures and applications. - Correct Answers -True
Penetration testing is limited to only the technological security controls. - Correct
Answers -False
Fake news can be considered as a social engineering attack. - Correct Answers -True
The ads on a web page can be used to carry out malicious functions. - Correct Answers
-True
Browser extensions and plugins available in an official store (e.g., the Chrome Web
Store) can always be trusted for not containing malicious logics. - Correct Answers -
False
The Same Origin Policy (SOP) for DOM and the SOP for cookies have different
definitions of "origin". - Correct Answers -True
A content security policy (CSP) specifies the allowable sources of web page contents.
This is essentially a whitelist approach. - Correct Answers -True
HTTPS cookies are always secure and can be trusted. - Correct Answers -False
When you connect to Gmail, the SSL/TLS handshake takes place after you have
successfully logged in. - Correct Answers -False
To securely log out a user, it is sufficient to delete the SessionToken on the client
browser. - Correct Answers -False
