Which type of malicious attack not only affects the bandwidth of your connection but also interferes with your mailbox's capability to handle normal email?

Which type of malicious attack not only affects the bandwidth of your connection but also interferes with your mailbox's capability to handle normal email?

• TCP Syn Scan
• Mail bombing
• Spam
• Flood pings 

 

EXPLANATION

 A mail bomb attack sends massive amounts of email to a specific person or system.
A huge amount of mail may simply fill up the recipient's disk space on the server or, in some cases, may be too much for a server to handle and cause the server to stop functioning.

Read More

Which of the following is not a tool in Kali Linux?

Which of the following is not a tool in Kali Linux?

• Sqlmap
• MBSA
• Armitage
• Beef 

 

EXPLANATION

MBSA (Microsoft Baseline Security Analyzer) is a security
testing tool for Microsoft Windows Operating systems to identify vulnerabilities.

Read More

What is one of the primary weaknesses of symmetric cryptography?

What is one of the primary weaknesses of symmetric cryptography?

• Hard disk storage
• RAM memory requirement
• CPU processing speed
• Key Management 

EXPLANATION

Symmetric cryptography is usually fast and easy to implement. This is because encryption and decryption with a private key requires less complex computation than other types of cryptography. The significant disadvantage of symmetric encryption relate to the difficulties of managing the private key.
 

Read More

What's a stealthy and continuous computer hacking process often targeted at a specific entity?

What's a stealthy and continuous computer hacking process often targeted at a specific entity?

• Shadow ninja attack
• Advanced persistent threat
• Advanced malware attack
• Silent and deadly attack 

 

EXPLANATION

An advanced persistent threat (APT) uses multiple phases to break into a network, avoid detection, and harvest valuable information over the long term. The intention of an APT attack is to steal data rather than to cause damage to the network or organization. APTs require a high degree of covertness over an extended period of time.

Read More

What type of malware replicates itself from PC to PC throughout the network?

What type of malware replicates itself from PC to PC throughout the network?

• Spyware
• Scareware/ransomware
• Trojan
• Worm

EXPLANATION

Computer worms use the network to send copies of themselves to other PCs, usually exploiting a security hole to travel from one host to the next without user intervention. Because they can spread so rapidly across a network infecting every PC in their path, they tend to be the most well-known type of malware, although many users still mistakenly refer to them as viruses.
Trojan horses are applications that look like they are doing something innocuous, but secretly have malicious code that does something else. In many cases, trojans will create a backdoor that allows your PC to be remotely controlled, either directly or as part of a botnet—a network of computers also infected with a trojan or other malicious software. The major difference between a virus and a trojan is that trojans don't replicate themselves—they must be installed by an unwitting user.

Scareware is a relatively new type of attack, where a user is tricked into downloading what appears to be an antivirus application, which then proceeds to tell you that your PC is infected with hundreds of viruses that can only be cleaned if you pay for a full license. Of course, these scareware applications are nothing more than malware that hold your PC hostage until you pay the ransom—in most cases, you can't uninstall them or even use the PC.



Spyware is any software installed on your PC that collects your information without your knowledge, and sends that information back to the creator so they can use it in some nefarious way. This could include keylogging to learn your passwords, watching your searching habits, changing out your browser home and search pages, adding obnoxious browser toolbars, or just stealing your passwords and credit card numbers.

Read More

What is the term for a rogue access point that serves as a man in the middle from which further attacks can be carried out?

What is the term for a rogue access point that serves as a man in the middle from which further attacks can be carried out?

• War driving
• Twin driving
• War twinning
• Evil twin 

EXPLANATION

An evil twin is a rogue access point used for malicious purposes. The attacker acts as a man in the middle.

Read More

Two organizations are partnering and sharing systems. Which of the following would outline how the shared systems interface?

Two organizations are partnering and sharing systems. Which of the following would outline how the shared systems interface?

• BPA
• SLA
• ISA
• ROA 

 

EXPLANATION

An interconnection security agreement (ISA) documents the technical requirements of a connection between organizations,
such as the basic components, methods and levels of interconnectivity, and potential security risks.

Read More

What is the non-linear function that made DES cryptography so strong?

What is the non-linear function that made DES cryptography so strong?

• Trick question, DES is fully linear
• Swapping 4 bytes (left and right) after every round
• Expansion & Contraction algorithms
• 16 rounds of S-Box lookups 

 

EXPLANATION

The genius of Horst Feisel's cipher was in the use S-Boxes for a non-linear lookup function based on the bit values of the ciphertext within each round. Operating on only 1/2 the ciphertext per round, the 48 expanded bits are chopped into 6-bit inputs across the 8 S-Boxes, with each 6-bit input performing a row/table lookup to yield 4 bits of output.  Without this non-linear function, DES would have been linear, and thus very weak.
This design is even more impressive when you consider that the process ran the same forwards and backwards for encrypt/decrypt, and was optimized for hardware.  While met with great suspicion when introduced, the Data Encryption Standard proved worthy of the trust provided it, weathering every attack except Moore's Law and time, which ultimately led to its obsolescence due to brute force attacks.  40 years later, the field of cryptography, and the fabric of the Internet and digital commerce, owes much to the knowledge we gained regarding cryptanalysis and ciphers from this legacy

SOURCE

https://en.wikipedia.org/wiki/Data_Encryption_Standard#The_Feistel_.28F.29_function

Read More

Which of the following is another term for a botnet?

Which of the following is another term for a botnet?

• Dead Spiceheads
• Research Honeypot
• Corpse Cluster
• Zombie Army 

 

EXPLANATION

The more popular term for a Zombie Army is a botnet. Botnet is a number of Internet computers (zombie computers) that have been compromised (unknown to owners) by hackers to forward transmissions to other computers that are connected to the internet.
http://searchsecurity.techtarget.com/definition/botnet
https://en.wikipedia.org/wiki/Zombie_(computer_science)
https://en.wikipedia.org/wiki/Botnet

 

Read More

Which of the following would provide secure communications if your organization uses an application that authenticates with Active Directory Domain Services (AD DS) through simple BIND?

Which of the following would provide secure communications if your organization uses an application that authenticates with Active Directory Domain Services (AD DS) through simple BIND?

• SAML
• XTACACS
• TACACS+
• Secure LDAP 

EXPLANATION

Secure LDAP, or LDAPS, protects authentication sessions when an application authenticates with AD DS through simple BIND.

Read More

Which of the following is not a primary biometric authentication?

Which of the following is not a primary biometric authentication?

• Body scanner
• Voice
• Fingerprint
• Iris pattern 

 

EXPLANATION

Body scanners are soft biometrics. Soft biometrics traits are physical, behavioral or human characteristics that have been derived from the way human beings normally distinguish their peers (such as height, gender, and hair color). They are used to complement the identity information provided by the primary biometric identifiers .
https://en.wikipedia.org/wiki/Biometrics#Soft_biometrics 

Read More

What type of attack occurs when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a third party?

What type of attack occurs when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a third party?

• Protocol manipulation
• Cross-site scripting
• Sniffing
• Spoofing 

 EXPLANATION

A cross-site scripting attack occurs when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a third party.

SOURCE

https://en.wikipedia.org/wiki/Cross-site_scripting

Read More

In a Windows security log, which of the following logon type codes is produced by someone logging on from a local keyboard?

In a Windows security log, which of the following logon type codes is produced by someone logging on from a local keyboard?

• 10
• 3
• 2
• 5 

 

EXPLANATION

The correct answer is 2. While Event ID 4624 shows a successful logon, you need to look at the event code to see the specific nature of that logon. You’ll see type 2 logons when a user attempts to log on at the local keyboard and screen, whether with a domain account or a local account from the computer’s local SAM.  Code 10 is for remote access, code 3 is from the network (for things such as accessing shares), and code 5 is used when a service starts up. For more information, See the source

SOURCE

http://www.windowsecurity.com/articles-tutorials/misc_network_security/Logon-Types.html

Read More

Which of the following best describes a network-based intruder prevention system (NIPS)?

Which of the following best describes a network-based intruder prevention system (NIPS)?

• Detects and takes actions against threats
• Provides a sweet diversion from life's little irri
• Identifies zero-day vulnerabilities
• Detects and eliminates threats 

 

EXPLANATION

A network-based intruder prevention system attempts to detect and mitigate threats by taking action to block them. While it may be able to identify a zero-day vulnerability using anomaly-based signatures, this is not its primary function.

Read More

What part of the IPsec protocol provides authentication and integrity but not privacy?

What part of the IPsec protocol provides authentication and integrity but not privacy?

• Sans-privacy protocol
• Encapsulating security payload
• Virtual private network
• Authentication header 

EXPLANATION

In computing, Internet Protocol Security is a secure network protocol suite of IPv4 that authenticates and encrypts the packets of data sent over an IPv4 network. Because of the complexity or immaturity of the IP security protocols, the initial IPv4 was developed without or barely with security protocols such that the IP version was incomplete, open or left for further research development.
The authentication header provides authentication so that the receiver can be confident of the data source. It does not use encryption, so it does not provide privacy.  

Read More

An initialization vector should be which of the following?

An initialization vector should be which of the following?

• Unique and predictable
• Repeatable and random
• Unique and unpredicatable
• Repeatable and unique 

 

 EXPLANATION

An initialization vector (IV) should be unique and unpredictable. To prevent an attack, an IV must not be repeated with a given key and should appear random.

SOURCE

https://en.wikipedia.org/wiki/Initialization_vector

Read More

Which of these is NOT a type of intrusion detection system (IDS)?

Which of these is NOT a type of intrusion detection system (IDS)?

• Host-based
• Tunnel-based
• Network-based
• Behavior-based 

 

EXPLANATION

Behavior-based IDS looks for variations in behavior, like unusually high traffic, policy violations, things like that. Deviations in behavior help it recognize potential threats. A network-based IDS examines all network traffic going to and from network systems. A host-based IDS refers to applications like spyware or virus applications that are installed on individual network systems and monitor for things like system file modifications or registry changes.

Read More

AES Encryption uses which cipher?

AES Encryption uses which cipher?

• Serpent
• Rijndael
• Twofish
• RC6 

 

EXPLANATION

AES (Advanced Encryption Standard) is a NIST standard for encryption using the Rijndael cipher. The cipher selected for AES was determined through an open call for new algorithms in 1997. The finalists for selection were Rijndael, Serpent, Twofish, RC6, and MARS, with Rijndael being the winning algorithm.

Read More

Your company's external firewall starts sending you alerts about receiving bad traffic from the Internet, packets that it says are coming from a host with the IP address 10.12.25.205. What is the term for these bad packets?

Your company's external firewall starts sending you alerts about receiving bad traffic from the Internet, packets that it says are coming from a host with the IP address 10.12.25.205. What is the term for these bad packets?

• Ketchup packets
• Multicast packets
• Xmas tree packet
• Martian packet. 

EXPLANATION

A martian packet is an IP packet that specifies a source or destination address that is reserved for special-use by the Internet Assigned Numbers Authority (IANA). If seen on the public internet, these packets cannot actually originate as claimed, or be delivered.  (All IPv4 addresses with "10" in the first octet are considered private internal addresses and should never be seen on Internet traffic.)
Martian packets commonly arise from IP address spoofing in denial-of-service attacks, but can also arise from network equipment malfunction or misconfiguration of a host.
The name is derived from the idea of receiving packets from Mars, a place from which packets clearly cannot originate.
https://en.wikipedia.org/wiki/Martian_packet



A Xmas tree packet is a packet with every single option set for whatever protocol is in use. The term derives from a fanciful image of each little option bit in a header being represented by a different-colored light bulb, all turned on, as in, "the packet was lit up like a Christmas tree."  (These are also used in denial-of-service attacks.)


https://en.wikipedia.org/wiki/Christmas_tree_packet
 

Read More

Which of the following techniques was ultimately used as the basis of RSA encryption?

Which of the following techniques was ultimately used as the basis of RSA encryption?

• Knapsack-based
• Product of primes
• Permutation polynomials
• Group of unknown size 

EXPLANATION

Ron Rivest, Adi Shamir, and Leonard Adleman ("R.S.A.") at the Massachusetts Institute of Technology made several attempts, over the course of a year, to create a one-way function that was hard to invert. Rivest and Shamir, as computer scientists, proposed many potential functions, while Adleman, as a mathematician, was responsible for finding their weaknesses. They tried many approaches including "knapsack-based" and "permutation polynomials".
The keys for the RSA algorithm are generated the following way:

• Choose two distinct prime numbers p and q.
  
  • For security purposes, the integers p and q should be chosen at random, and should be similar in magnitude but 'differ in length by a few digits' to make factoring harder. Prime integers can be efficiently found using a primality test.
• Compute n = pq.
  
  • n is used as the modulus for both the public and private keys. Its length, usually expressed in bits, is the key length.
• Compute λ(n) = lcm(λ(p), λ(q)) = lcm(p − 1, q − 1), where λ is Carmichael's totient function. This value is kept private.
• Choose an integer e such that 1 < e < λ(n) and gcd(e, λ(n)) = 1; i.e., e and λ(n) are coprime.
• Determine d as d ≡ e−1 (mod λ(n)); i.e., d is the modular multiplicative inverse of e (modulo λ(n)).
  
  • This is more clearly stated as: solve for d given d⋅e ≡ 1 (mod λ(n)).
  • e having a short bit-length and small Hamming weight results in more efficient encryption – most commonly e = 216 + 1 = 65,537. However, much smaller values of e (such as 3) have been shown to be less secure in some settings. 
  • e is released as the public key exponent.
  • d is kept as the private key exponent.

The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d, which must be kept secret. p, q, and λ(n) must also be kept secret because they can be used to calculate d.

SOURCE

https://people.csail.mit.edu/rivest/pubs/ARS03.rivest-slides.pdf

Read More