cs6262 quizzes exam with correct answers |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
T/F: An amplification attack occurs when an attacker sends a small number of packets to elicit a
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
much larger response from a server or service, overwhelming the intended target. - correct
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answerstrue
T/F: TCP has the necessary safeguards in place to prevent network DoS - correct answersfalse
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Which of the following actors are part of the cyber crime underground economy?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- exploit developers
|||\\\ |||\\\
- botnet masters
|||\\\ |||\\\
- spammers
|||\\\
- all of the above - correct answersall of the above
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Which of the following is/are NOT a potential network level DoS mitigation?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
(hints: Which method is not for mitigating Dos? Which method is used for mitigating DoS attacks at
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
the application level instead? Notice the difference between application level and network level!)
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- client puzzles
|||\\\ |||\\\
- CAPTCHAs
|||\\\
- source id
|||\\\ |||\\\
- use only TCP
|||\\\ |||\\\ |||\\\
- increase UDP 3-way handshake - correct answersCAPTCHAs, use only TCP, increase UDP 3-way
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
handshake
In 2015, GitHub was a victim of a distributed denial of service attack. The attackers injected
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
malicious JavaScript code in GitHub's web pages. - correct answerstrue |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Select tools used for scanning in the Penetration methodology.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- nmap
|||\\\
, -john the ripper |||\\\ |||\\\
-siphon
-fping - correct answersnmap, siphon, fping
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Suppose that a company owns two websites: A.com and B.com. Where a website of A.com
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
dynamically gets resources from B.com via AJAX requests depending on the user's input, which of
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
the following mechanisms can be adopted by the developers of B.com to allow A.com to gain
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
access to their resources? - correct answerscross origin resource sharing
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Which of the following is/are social engineering techniques:
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- impersonation
|||\\\
- email attachments
|||\\\ |||\\\
- tailgating
|||\\\
- pop-up windows - correct answersall
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
[T/F] Subresource integrity uses a cryptographic hash to ensure that webpage subresources have
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
not changed on the way. - correct answerstrue
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Which of the following is true for modern browsers that meet RFC6265Links to an external site.,
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
assuming the following cookie information? |||\\\ |||\\\ |||\\\ |||\\\
Cookie 1 information: name=cookie1; domain: cs6262.gatech.com; path: /canvas
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Cookie 2 information: name=cookie2; domain: cs6262.gatech.edu; path: / - correct answersthe
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
browser can send cookie2 to mail.cs6262.gatech.edu host |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Which of the following URLs is accessible from http://goodsecurity.com under the Same Origin
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Policy in modern browsers that meet RFC 6454Links to an external site., assuming the website uses
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
the standard/default ports for HTTP and HTTPS? - correct
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answershttp://goodsecurity.com:80/admin
Cookies have integrity because a user cannot change and cannot delete cookie values. - correct
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answersfalse
T/F: An amplification attack occurs when an attacker sends a small number of packets to elicit a
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
much larger response from a server or service, overwhelming the intended target. - correct
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answerstrue
T/F: TCP has the necessary safeguards in place to prevent network DoS - correct answersfalse
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Which of the following actors are part of the cyber crime underground economy?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- exploit developers
|||\\\ |||\\\
- botnet masters
|||\\\ |||\\\
- spammers
|||\\\
- all of the above - correct answersall of the above
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Which of the following is/are NOT a potential network level DoS mitigation?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
(hints: Which method is not for mitigating Dos? Which method is used for mitigating DoS attacks at
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
the application level instead? Notice the difference between application level and network level!)
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- client puzzles
|||\\\ |||\\\
- CAPTCHAs
|||\\\
- source id
|||\\\ |||\\\
- use only TCP
|||\\\ |||\\\ |||\\\
- increase UDP 3-way handshake - correct answersCAPTCHAs, use only TCP, increase UDP 3-way
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
handshake
In 2015, GitHub was a victim of a distributed denial of service attack. The attackers injected
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
malicious JavaScript code in GitHub's web pages. - correct answerstrue |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Select tools used for scanning in the Penetration methodology.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- nmap
|||\\\
, -john the ripper |||\\\ |||\\\
-siphon
-fping - correct answersnmap, siphon, fping
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Suppose that a company owns two websites: A.com and B.com. Where a website of A.com
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
dynamically gets resources from B.com via AJAX requests depending on the user's input, which of
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
the following mechanisms can be adopted by the developers of B.com to allow A.com to gain
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
access to their resources? - correct answerscross origin resource sharing
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Which of the following is/are social engineering techniques:
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- impersonation
|||\\\
- email attachments
|||\\\ |||\\\
- tailgating
|||\\\
- pop-up windows - correct answersall
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
[T/F] Subresource integrity uses a cryptographic hash to ensure that webpage subresources have
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
not changed on the way. - correct answerstrue
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Which of the following is true for modern browsers that meet RFC6265Links to an external site.,
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
assuming the following cookie information? |||\\\ |||\\\ |||\\\ |||\\\
Cookie 1 information: name=cookie1; domain: cs6262.gatech.com; path: /canvas
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Cookie 2 information: name=cookie2; domain: cs6262.gatech.edu; path: / - correct answersthe
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
browser can send cookie2 to mail.cs6262.gatech.edu host |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Which of the following URLs is accessible from http://goodsecurity.com under the Same Origin
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Policy in modern browsers that meet RFC 6454Links to an external site., assuming the website uses
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
the standard/default ports for HTTP and HTTPS? - correct
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answershttp://goodsecurity.com:80/admin
Cookies have integrity because a user cannot change and cannot delete cookie values. - correct
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answersfalse
