SCS: Laboratory Final Exam

Started on	Tuesday, 8 January 2013, 2:03 PM
State	Finished
Completed on	Tuesday, 8 January 2013, 2:56 PM
Time taken	52 mins 48 secs
Grade	29.35 out of a maximum of 40.00 (73%)
Feedback	The test is passed

Question 1

Correct

Mark 1.00 out of 1.00

Flag question

Question text

Which phase of penetration tests engage the following methods of penetration?

Gathering general information from WWW, press, blogs, mailing lists, the usage of Web search engines, querying WHOIS databases, querying DNS, host reachability.

Select one:

a.

DNS scanning.

b.

Reconaissance.

c.

DoS attack.

d.

Enumeration.

Feedback

The correct answer is:

Reconaissance.

Question 2

Correct

Mark 1.00 out of 1.00

Flag question

Question text

Your personal firewall has the following active rule defined:

direction: incomming,
protocol: tcp,
port: 80.
action: block.

You can not download any website usign http. Is that true?

Select one:

True

False

Feedback

The correct answer is 'False'.

Question 3

Correct

Mark 1.00 out of 1.00

Flag question

Question text

In which layer of TCP/IP suite you can find the Domain Name System?

Feedback

The correct answer is:

Application layer.

Question 4

Correct

Mark 1.00 out of 1.00

Flag question

Feedback

The correct answer is:

VPN

Question 5

Correct

Mark 1.00 out of 1.00

Flag question

Question text

The positive feature of IPSec is that its deployment is transparent to the user.

Select one:

True

False

Feedback

The correct answer is 'True'.

Question 6

Correct

Mark 1.00 out of 1.00

Flag question

Question text

Resolve the abbreviation VPN.

Select one:

a.

Virtual Public Network.

b.

ViP Networking.

c.

Very Private Network.

d.

Vital Privacy and Network security.

e.

Virtual Private Network.

Feedback

The correct answer is:

Virtual Private Network.

Question 7

Correct

Mark 1.00 out of 1.00

Flag question

Question text

The purpose of Security Parameter Index is to:

Select one:

a.

count IPSec packets.

b.

tag traffic streams inside IPSec tunnel.

c.

secure IPSec traffic - the higher the value the better communication security.

d.

order IP packets inside IPSec tunnel.

Feedback

The correct answer is:

tag traffic streams inside IPSec tunnel.

Question 8

Partially correct

Mark 0.60 out of 1.00

Flag question

Question text

How to resist DoS attacks?

Select one or more:

a.

Design and implement the network topology so that servers do not interfere one another.

b.

Configure disk space quotas, network bandwidth quotas, as well as limiting the number of service users, etc.

c.

Use monitors with alerting mechanisms to trace services availability, and resources usage.

d.

Use ACLs to restrict access to resources.

e.

Switch off all unnecessary services and protocols.

Feedback

The correct answer is:

Use ACLs to restrict access to resources.

,

Switch off all unnecessary services and protocols.

,

Configure disk space quotas, network bandwidth quotas, as well as limiting the number of service users, etc.

,

Use monitors with alerting mechanisms to trace services availability, and resources usage.

,

Design and implement the network topology so that servers do not interfere one another.

Question 9

Incorrect

Mark 0.00 out of 1.00

Flag question

Question text

How does Stealth FIN scanning method work?

Select one:

a.

A scanner sends crafted packet with FIN flag enabled. Closed ports reply with the appropriate ACK packet, whereas opened ports ignore the packet.

b.

A scanner sends crafted packet with FIN flag enabled. Closed ports reply with the appropriate RST packet, whereas opened ports ignore the packet.

c.

A scanner sends crafted packet with FIN flag enabled. Opened ports reply with the appropriate RST packet, whereas closed ports ignore the packet.

d.

A scanner sends crafted packet with FIN flag enabled. Opened ports reply with the appropriate ACK packet, whereas closed ports ignore the packet.

Feedback

The correct answer is:

A scanner sends crafted packet with FIN flag enabled. Closed ports reply with the appropriate RST packet, whereas opened ports ignore the packet.

Question 10

Partially correct

Mark 0.75 out of 1.00

Flag question

Feedback

The correct answer is:

DES

,

3DES

,

AES

Question 11

Correct

Mark 1.00 out of 1.00

Flag question

Question text

Indicate the false sentence:
(Two answers are correct)

Select one or more:

a.

CA does not confirm users public keys.

b.

CA uses its own private key to sign public keys of communication sides.

c.

Main root CA's public keys are in most modern operating systems.

d.

CA hasn't got its own asymmetric key pair.

e.

CA is usually called "trusted side".

Feedback

The correct answer is:

CA hasn't got its own asymmetric key pair.

,

CA does not confirm users public keys.

Question 12

Correct

Mark 1.00 out of 1.00

Flag question

Question text

What type of encryption is considered more secure: symmetric or asymmetric?

Select one:

a.

the mixture of the two is the most secure.

b.

asymmetric.

c.

symmetric.

Feedback

The correct answer is:

asymmetric.

Question 13

Correct

Mark 1.00 out of 1.00

Flag question

Question text

In this attack the offender is sending ICMP Echo Request&nbsp; malformed packets with the spoofed source IP address set to the network broadcast address and the destination IP address pointing to the victim. This could lead to: 

-network bandwidth exhaustion (usually temporal),
-blockade of the victim's machine (which is flooded by ICMP Echo Reply).

This attack is called:

Feedback

The correct answer is:

SMURF attack.

Question 14

Incorrect

Mark 0.00 out of 1.00

Flag question

Feedback

The correct answer is:

SYN

,

PSH

,

RST

Question 15

Correct

Mark 1.00 out of 1.00

Flag question

Question text

To assure confidentially of the message contents one should:

Feedback

The correct answer is:

encrypt the message.

Question 16

Correct

Mark 1.00 out of 1.00

Flag question

Question text

Indicate the false sentence:
(Two answers are correct)

Select one or more:

a.

CA is usually called "trusted side".

b.

CA hasn't got its own asymmetric key pair.

c.

Main root CA's public keys are in most modern operating systems.

d.

CA uses its own private key to sign public keys of communication sides.

e.

CA does not confirm users public keys.

Feedback

The correct answer is:

CA hasn't got its own asymmetric key pair.

,

CA does not confirm users public keys.

Question 17

Incorrect

Mark 0.00 out of 1.00

Flag question

Question text

Your personal firewall has the following active rule defined:

direction: outgoing,
protocol: udp,
port: 80.
action: block.

You can normally download websites using http. Is that true?

Select one:

True

False

Feedback

The correct answer is 'True'.

Question 18

Correct

Mark 1.00 out of 1.00

Flag question

Question text

The purpose of message encrypting is to assure confidentially of the message sender, isn't it?

Select one:

True

False

Feedback

The correct answer is 'False'.

Question 19

Incorrect

Mark 0.00 out of 1.00

Flag question

Question text

In Virtual Private Networks concept, before virtual connection establishment, a client does not have to have physical (real) connection to the server.

Select one:

True

False

Feedback

The correct answer is 'False'.

Question 20

Correct

Mark 1.00 out of 1.00

Flag question

Feedback

The correct answer is:

CNAME

Question 21

Incorrect

Mark 0.00 out of 1.00

Flag question

Question text

Indicate the true sentence regarding cryptographic key.

Select one:

a.

Cryptographic key opens every door.

b.

Usually cryptographic key and cryptographic algorithm stay in secret.

c.

Cryptographic key and private key are synonyms.

d.

Cryptographic key is usually known before cryptanalysis.

e.

Cryptographic key decides about the result of cryptographic transformation.

Feedback

The correct answer is:

Cryptographic key decides about the result of cryptographic transformation.

Question 22

Correct

Mark 1.00 out of 1.00

Flag question

Question text

Select proper types of firewall.
(Two answers are correct)

Feedback

The correct answer is:

Application layer filter.

,

proxy.

Question 23

Correct

Mark 1.00 out of 1.00

Flag question

Question text

Explain what the NSLOOKUP tool enables?

Select one or more:

a.

NSLOOKUP tool enables broadcasting over local area network.

b.

NSLOOKUP tool enables gathering information from DNS servers.

c.

NSLOOKUP tool enables querying Domain Name System for DNS records.

d.

NSLOOKUP tool enables sending short messages over local area network.

Feedback

The correct answer is:

NSLOOKUP tool enables gathering information from DNS servers.

,

NSLOOKUP tool enables querying Domain Name System for DNS records.

Question 24

Incorrect

Mark 0.00 out of 1.00

Flag question

Question text

The network protocol that encapsulates a different protocol is called?

Feedback

The correct answer is:

Tunnelling protocol.

Question 25

Correct

Mark 1.00 out of 1.00

Flag question

Question text

The authentication approach that assumes of presentation of two different kinds of evidence to prove one's identity is called:

Select one:

a.

Multi-factor authentication.

b.

Authentication variation.

c.

Mega authentication.

d.

Biometrics authentication.

e.

Top security authentication.

f.

Authorization.

Feedback

The correct answer is:

Multi-factor authentication.

Question 26

Incorrect

Mark 0.00 out of 1.00

Flag question

Question text

The purpose of message signing is to assure confidentially of the message contents.

Select one:

True

False

Feedback

The correct answer is 'False'.

Question 27

Correct

Mark 1.00 out of 1.00

Flag question

Question text

To verify the sender by the recipient one is using:

Select one:

a.

message signing.

b.

return receipt.

c.

message encrypting.

d.

message encapsulating.

Feedback

The correct answer is:

message signing.

Question 28

Correct

Mark 1.00 out of 1.00

Flag question

Question text

During this attack the victim is bombarded with SYN requests which consume enough resources to make the system unresponsive to legitimate users and services. This attack is called:

Feedback

The correct answer is:

SYN flood.

Question 29

Correct

Mark 1.00 out of 1.00

Flag question

Question text

What functions does a typical firewall have?
(Three answers are correct)

Feedback

The correct answer is:

packets filtering.

,

user authentication.

,

application monitoring and securing.

Question 30

Incorrect

Mark 0.00 out of 1.00

Flag question

Question text

Is the following sentence true or false?

The ESP (Encapsulation Security Payload) protocol is a member of IPSec suite. Its purpose is to guarantee payload's (message) integrity, data origin authentication of IP packets and confidentially of the payload.

It does provide protection for the entire packet, not only to the payload.

Select one:

True

False

Feedback

The correct answer is 'False'.

Question 31

Correct

Mark 1.00 out of 1.00

Flag question

Question text

A public key can be simply generated from a private key.

Select one:

True

False

Feedback

The correct answer is 'False'.

Question 32

Correct

Mark 1.00 out of 1.00

Flag question

Question text

What is the difference between symmetric and asymmetric cryptographic algorithms?

Select one:

a.

Symmetric cryptographic algorithms use one key for coding and decoding, while symmetric algorithms use a pair of keys – one for coding and second for decoding.

b.

Asymmetric cryptographic algorithms use one key for coding and decoding, while symmetric algorithms use a pair of keys – one for coding and second for decoding.

c.

Symmetric cryptographic algorithms use one key for coding and decoding, while asymmetric algorithms use a pair of keys – one for coding and second for decoding.

d.

 The difference does not depend on the number of keys.

Feedback

The correct answer is:

Symmetric cryptographic algorithms use one key for coding and decoding, while asymmetric algorithms use a pair of keys – one for coding and second for decoding.

Question 33

Correct

Mark 1.00 out of 1.00

Flag question

Question text

During a DoS attack one is gathering information about:

Feedback

The correct answer is:

None of the answers is correct

Question 34

Correct

Mark 1.00 out of 1.00

Flag question

Question text

 What does IPSec provide?

Select one or more:

a.

confidentiality.

b.

message integrity.

c.

secure e-mails.

d.

data origin authentication.

Feedback

The correct answer is:

confidentiality.

,

data origin authentication.

,

message integrity.

Question 35

Correct

Mark 1.00 out of 1.00

Flag question

Question text

It is a very bad habbit of administrators that they change their passwords frequently.

Select one:

True

False

Feedback

The correct answer is 'False'.

Question 36

Correct

Mark 1.00 out of 1.00

Flag question

Question text

A private key can be simply generated from a public key.

Select one:

True

False

Feedback

The correct answer is 'False'.

Question 37

Correct

Mark 1.00 out of 1.00

Flag question

Feedback

The correct answer is:

Authentication.

Question 38

Correct

Mark 1.00 out of 1.00

Flag question

Question text

What is the name of the following port scanning method?

A scanner initiates TCP handshaking (SYN) and hangs up (RST). Closed ports reply with the appropriate RST packet, whereas open ports reply with the SYN-ACK packet.

Feedback

The correct answer is:

half-open.

Question 39

Incorrect

Mark 0.00 out of 1.00

Flag question

Question text

In the initial phase of penetration tests (the reconnaissance) which of the following examination is not performed:

Select one or more:

a.

Hosts reachability

b.

Port scanning

c.

Mail servers addresses of the domain

d.

DNS server addresses of the domain

Feedback

The correct answer is:

Port scanning

Question 40

Incorrect

Mark 0.00 out of 1.00

Flag question

Question text

Explain the purpose of penetration tests

Select one:

a.

The purpose of penetration tests is to examine all gates to access a computer system.

b.

The purpose of penetration tests is to verify if a computer system is fault-tolerant.

c.

None of the above is correct

d.

The purpose of penetration tests is to define empirically the resistance (tolerance) of a computer system to attacks.

e.

The purpose of penetration tests is to check if a computer system is properly configured (hardened).

Feedback

The correct answer is:

The purpose of penetration tests is to define empirically the resistance (tolerance) of a computer system to attacks.

Security of Computer Systems

Question 1

Question text

Feedback

Question 2

Question text

Feedback

Question 3

Question text

Feedback

Question 4

Question text

Feedback

Question 5

Question text

Feedback

Question 6

Question text

Feedback

Question 7

Question text

Feedback

Question 8

Question text

Feedback

Question 9

Question text

Feedback

Question 10

Question text

Feedback

Question 11

Question text

Feedback

Question 12

Question text

Feedback

Question 13

Question text

Feedback

Question 14

Question text

Feedback

Question 15

Question text

Feedback

Question 16

Question text

Feedback

Question 17

Question text

Feedback

Question 18

Question text

Feedback

Question 19

Question text

Feedback

Question 20

Question text

Feedback

Question 21

Question text

Feedback

Question 22

Question text

Feedback

Question 23

Question text

Feedback

Question 24

Question text

Feedback

Question 25

Question text

Feedback

Question 26

Question text

Feedback

Question 27