ICT EXAM QUESTIONS & ANSWERS 2024 UPDATE | 100% CORRECT

ICT EXAM QUESTIONS & ANSWERS 2024 UPDATE | 100% CORRECT Select one: a. Install endpoint protection software on the client machine b. Implement bounds checking on the input string c. Compile the program with stack canaries d. Prevent the user from specifying the length of the input string e. Enable address space layout randomisation Question text Which of the following doesn’t attach to a file but can replicate itself? Select one: a. Virus b. Buffer overflow c. Trojan d. Worm Select one: a. Using a type-safe language. b. Using a firewall. c. Using encryption. d. Using passwords to authenticate users. Question text People exaggerate risks that are: Select one: a. Non-existent b. Well understood c. Unfamiliar d. Common Question text Which of the following is a limitation of dictionary attacks? Select one: a. Ineffective against complex passwords b. Requires the password to be stored as plaintext c. Must wait for password to be transmitted d. Relies on lack of input validation in login field e. Ineffective against salted passwords Brute force attack Question 8. A network admin has noticed a high level of TCP traffic in and out of the network. After investigating the traffic with Wireshark, he discovered malformed TCP ACK packets with unauthorized data. What has he discovered? Select one: a. TCP port scanning b. Buffer overflow c. DoS attack d. Covert channel Two commonly used methods for request and response between client and server are: GET and POST • GET method -Client ends HTTP Requests data from specified resource to server. • POST - Server submits data to be processed to client specified resource. HTTP Common Request Methods The Attacker can attack by modifying ‘acct’ parameter in their browser to send whatever account number they want. In the java code below, String query = "SELECT * FROM accts WHERE account = ?"; PreparedStatement pstmt = reStatement(query, … ); String(1, Parameter("acct")); ResultSet results = teQuery(); If not verified, attacker can access any user’s account 1. it is a 2 factor authentication. 2, yes it is 2 factor authentication because it uses pin and key fob to authenticate. And both pin and key fobs must be valid in order to work. 3. It can be further strengthen by using biometric recognition technology as the fingerprint can only be found on the individual user itself. Finger print is unique for every person and cannot be replicated. Not yet answered Cannot provide digital signatures that cannot be repudiated In an asymmetric cryptography system, there are two different keys used for the encryption and decryption of data. The key used for encryption is kept public and so as called public key, and the decryption key is kept secret and called private key. The sender and the receiver have two keys in an asymmetric system. However, the private key is kept private and not sent over with the message to the receiver, although the public key is. A symmetric cryptography system, has only one key for both encryption and decryption. The key used for encryption and decryption is called the private key and only people who are authorized for the encryption/decryption would know it. In a symmetric cryptography system, the encrypted message is sent over without any public keys attached to it. ADVANTAGES of symmetric crypto system - Encryption is faster. - Encrypted data can be transferred on the link even if there is a possibility that the data will be intercepted. - It uses password authentication to verify the receiver’s identity. • - decrypting a message is done only using secret key. Disadvantages of symmetric crypto system: - Cannot provide digital signatures that cannot be repudiated. Design flaws: flaws that exist during the design of software, during the development of the software . Implementation flaws: flaws that exist when a software is being implemented as part of testing procedures and processes before the software is being deployed. The first encryption technique flaw is design flaws as the encryption is related to the software of the system. the second buffer overflow is implementation flaw as it deals with Inappropriate checking/sanitation of user input. 3 main entities are bot master, command and control and bot. Not yet answered Cannot provide digital signatures that cannot be repudiated In an asymmetric cryptography system, there are two different keys used for the encryption and decryption of data. The key used for encryption is kept public and so as called public key, and the decryption key is kept secret and called private key. The sender and the receiver have two keys in an asymmetric system. However, the private key is kept private and not sent over with the message to the receiver, although the public key is. A symmetric cryptography system, has only one key for both encryption and decryption. The key used for encryption and decryption is called the private key and only people who are authorized for the encryption/decryption would know it. In a symmetric cryptography system, the encrypted message is sent over without any public keys attached to it. ADVANTAGES of symmetric crypto system - Encryption is faster. - Encrypted data can be transferred on the link even if there is a possibility that the data will be intercepted. - It uses password authentication to verify the receiver’s identity. • - decrypting a message is done only using secret key. Disadvantages of symmetric crypto system: - Cannot provide digital signatures that cannot be repudiated. Design flaws: flaws that exist during the design of software, during the development of the software . Implementation flaws: flaws that exist when a software is being implemented as part of testing procedures and processes before the software is being deployed. The first encryption technique flaw is design flaws as the encryption is related to the software of the system. the second buffer overflow is implementation flaw as it deals with Inappropriate checking/sanitation of user input. 3 main entities are bot master, command and control and bot.