cs6262 – quizzes exam with correct |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answers
T/F: an attacker that uses a large botnet to make requests to a server to flood is an example of an
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
amplification attack - correct answerstrue |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
T/F: unlike UDP, TCP has the necessary safeguards in place to prevent network DoS - correct
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answersfalse
which of the following actors are part of the cyber crime underground economy?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- exploit developers
|||\\\ |||\\\
- botnet masters
|||\\\ |||\\\
- spammers - correct answersall of the above
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
which of the following is/are not a potential network DoS mitigation?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- client puzzles
|||\\\ |||\\\
- captchas
|||\\\
- source identification
|||\\\ |||\\\
- use only TCP
|||\\\ |||\\\ |||\\\
- increase UDP 3-way handshake - correct answers- captchas
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- use only TCP
|||\\\ |||\\\ |||\\\
- increase UDP 3-way handshake
|||\\\ |||\\\ |||\\\ |||\\\
T/F: in 2015, github was a victim of a DDoS attack; the attackers injected malicious JS code in github's
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
web pages - correct answersfalse; the malicious JS was on infected popular sites that then targeted
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
github through the user visiting those sites
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
which of the following is not used for scanning in a penetration test?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
, - nmap |||\\\
- john the ripper
|||\\\ |||\\\ |||\\\
- icmpenum
|||\\\
- fping - correct answersjohn the ripper
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
a security company controls two websites: "goodsecurity.com" and "learnhacking.com"; a web page
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
from "goodsecurity.com" wants to access content from the server of "learnhacking.com" - which
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
mechanism can be used by the developers at "learnhacking.com" to allow the other site to access |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
their content? |||\\\
- - correct answerscross origin resource sharing; allows a server to indicate other origins from which a
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
browser should permit loading of resources - when a user from "goodsecurity.com" sends a request to
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
the other site, "learnhacking.com" will send a header called "Access-control-allow-origin:
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
goodsecurity.com", which will allow it so access the contents of the site from the user browser |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
which of the following is/are social engineering techniques?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- impersonation of help desk
|||\\\ |||\\\ |||\\\ |||\\\
- email attachments
|||\\\ |||\\\
- tailgating
|||\\\
- pop-up windows - correct answersall of the above
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
T/F: subresource integrity uses cryptographic hash to make sure that a web page subresources are
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
delivered without changes - correct answerstrue |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
cookie 1 information: 'name=cookie1; domain: cs6262.gatech.com; path= /canvas'
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
cookie 2 information: 'name=cookie2; domain: cs6262.gatech.edu; path: /'
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
which of the following is true? |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- since both cookies have the same path, the browser can send cookie1 to both domains
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- the browser can send cookie2 to mail.cs6262.gatech.edu host
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- cs6262.gatech.com can access the cookie2 since .com top-level domain takes higher precedence than
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
the .edu TLD - correct answersthe browser can send cookie2 to mail.cs6262.gatech.edu host -
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
cookie2 is available to all domains that end with cs6262.gatech.edu and all the paths as the cookie
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
does not have path restrictions |||\\\ |||\\\ |||\\\ |||\\\
answers
T/F: an attacker that uses a large botnet to make requests to a server to flood is an example of an
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
amplification attack - correct answerstrue |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
T/F: unlike UDP, TCP has the necessary safeguards in place to prevent network DoS - correct
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answersfalse
which of the following actors are part of the cyber crime underground economy?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- exploit developers
|||\\\ |||\\\
- botnet masters
|||\\\ |||\\\
- spammers - correct answersall of the above
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
which of the following is/are not a potential network DoS mitigation?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- client puzzles
|||\\\ |||\\\
- captchas
|||\\\
- source identification
|||\\\ |||\\\
- use only TCP
|||\\\ |||\\\ |||\\\
- increase UDP 3-way handshake - correct answers- captchas
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- use only TCP
|||\\\ |||\\\ |||\\\
- increase UDP 3-way handshake
|||\\\ |||\\\ |||\\\ |||\\\
T/F: in 2015, github was a victim of a DDoS attack; the attackers injected malicious JS code in github's
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
web pages - correct answersfalse; the malicious JS was on infected popular sites that then targeted
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
github through the user visiting those sites
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
which of the following is not used for scanning in a penetration test?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
, - nmap |||\\\
- john the ripper
|||\\\ |||\\\ |||\\\
- icmpenum
|||\\\
- fping - correct answersjohn the ripper
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
a security company controls two websites: "goodsecurity.com" and "learnhacking.com"; a web page
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
from "goodsecurity.com" wants to access content from the server of "learnhacking.com" - which
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
mechanism can be used by the developers at "learnhacking.com" to allow the other site to access |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
their content? |||\\\
- - correct answerscross origin resource sharing; allows a server to indicate other origins from which a
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
browser should permit loading of resources - when a user from "goodsecurity.com" sends a request to
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
the other site, "learnhacking.com" will send a header called "Access-control-allow-origin:
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
goodsecurity.com", which will allow it so access the contents of the site from the user browser |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
which of the following is/are social engineering techniques?
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- impersonation of help desk
|||\\\ |||\\\ |||\\\ |||\\\
- email attachments
|||\\\ |||\\\
- tailgating
|||\\\
- pop-up windows - correct answersall of the above
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
T/F: subresource integrity uses cryptographic hash to make sure that a web page subresources are
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
delivered without changes - correct answerstrue |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
cookie 1 information: 'name=cookie1; domain: cs6262.gatech.com; path= /canvas'
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
cookie 2 information: 'name=cookie2; domain: cs6262.gatech.edu; path: /'
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
which of the following is true? |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- since both cookies have the same path, the browser can send cookie1 to both domains
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- the browser can send cookie2 to mail.cs6262.gatech.edu host
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- cs6262.gatech.com can access the cookie2 since .com top-level domain takes higher precedence than
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
the .edu TLD - correct answersthe browser can send cookie2 to mail.cs6262.gatech.edu host -
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
cookie2 is available to all domains that end with cs6262.gatech.edu and all the paths as the cookie
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
does not have path restrictions |||\\\ |||\\\ |||\\\ |||\\\
