CS6262 EXAM QUESTIONS AND
ANSWERS 2026 VERIFIED.
Everyone who frequents underground forums is cybercriminal or intends to be one. -
ANS False
For DDoS traceback (Savage et al. '00) a path can be reconstructed even if just one packet
through the path is obtained. - ANS False
If a botnet uses randomly generated domains each day for command-and-control (C&C), then
there is no way to detect and block the C&C domains. - ANS False
DoS attacks always use spoofed IP addresses. - ANS False
For DoS mitigation, a SYN Cookie ensures that a client is honest because it must ACK the SYN-
ACK cookie from the server, and cannot reuse an old one. - ANS True
If I click on a phishing link and end up on a site, but I don't provide valuable information such as
my credit card number to the site, nothing bad can happen. - ANS False
Cyber frauds and scams such as on-line "pharmacy" can only fool the victims once - that is, no
users will be their repeat "customers". - ANS False
Denial-of-Service attacks always involve sending a very large amount of traffic. - ANS False
@COPYRIGHT ALL RIGHTS RESERVED PAGE 1 OF 7
, A lot of cybercrime contents on the web remain invisible to even a very powerful search engine
like Google. - ANS True
Denial-of-Service attacks can only happen at the network layer. - ANS False
A penetration test is always launched from outside the enterprise network being tested. -
ANS False
A penetration test can combine physical as well as cyber/network access to the organization
being tested. - ANS True
A benefit of thorough penetration testing is the accurate accounting of network infrastructures
and applications. - ANS True
Penetration testing is limited to only the technological security controls. - ANS False
Fake news can be considered as a social engineering attack. - ANS True
The ads on a web page can be used to carry out malicious functions. - ANS True
Browser extensions and plugins available in an official store (e.g., the Chrome Web Store) can
always be trusted for not containing malicious logics. - ANS False
The Same Origin Policy (SOP) for DOM and the SOP for cookies have different definitions of
"origin". - ANS True
A content security policy (CSP) specifies the allowable sources of web page contents. This is
essentially a whitelist approach. - ANS True
HTTPS cookies are always secure and can be trusted. - ANS False
@COPYRIGHT ALL RIGHTS RESERVED PAGE 2 OF 7
ANSWERS 2026 VERIFIED.
Everyone who frequents underground forums is cybercriminal or intends to be one. -
ANS False
For DDoS traceback (Savage et al. '00) a path can be reconstructed even if just one packet
through the path is obtained. - ANS False
If a botnet uses randomly generated domains each day for command-and-control (C&C), then
there is no way to detect and block the C&C domains. - ANS False
DoS attacks always use spoofed IP addresses. - ANS False
For DoS mitigation, a SYN Cookie ensures that a client is honest because it must ACK the SYN-
ACK cookie from the server, and cannot reuse an old one. - ANS True
If I click on a phishing link and end up on a site, but I don't provide valuable information such as
my credit card number to the site, nothing bad can happen. - ANS False
Cyber frauds and scams such as on-line "pharmacy" can only fool the victims once - that is, no
users will be their repeat "customers". - ANS False
Denial-of-Service attacks always involve sending a very large amount of traffic. - ANS False
@COPYRIGHT ALL RIGHTS RESERVED PAGE 1 OF 7
, A lot of cybercrime contents on the web remain invisible to even a very powerful search engine
like Google. - ANS True
Denial-of-Service attacks can only happen at the network layer. - ANS False
A penetration test is always launched from outside the enterprise network being tested. -
ANS False
A penetration test can combine physical as well as cyber/network access to the organization
being tested. - ANS True
A benefit of thorough penetration testing is the accurate accounting of network infrastructures
and applications. - ANS True
Penetration testing is limited to only the technological security controls. - ANS False
Fake news can be considered as a social engineering attack. - ANS True
The ads on a web page can be used to carry out malicious functions. - ANS True
Browser extensions and plugins available in an official store (e.g., the Chrome Web Store) can
always be trusted for not containing malicious logics. - ANS False
The Same Origin Policy (SOP) for DOM and the SOP for cookies have different definitions of
"origin". - ANS True
A content security policy (CSP) specifies the allowable sources of web page contents. This is
essentially a whitelist approach. - ANS True
HTTPS cookies are always secure and can be trusted. - ANS False
@COPYRIGHT ALL RIGHTS RESERVED PAGE 2 OF 7