Tough Questions 51-60

Posted byChrisPosted inUncategorized
  1. You have just learned that several of your developer’s notebooks are infected with information-stealing malware. The infection vector appears to be malicious banner ads on a third-party website populate with the developers in your business. Which of the following attacks has most likely occurred?
     
    (a) Spear phishing
    (b) Social engineering
    (c) Watering hole
    (d) Buffer overflow
    (e) Rootkit
     
    Answer:
    (c)
     
    Explanation:
    A watering hole attack is a method of compromise in which malicious actors infect a website with malware that targets users accessing the website (e.g. by purchasing ad space on a popular website and using that ad space to spawn malicious code)
     
  2. You work for a small business that has implemented WPA-PSK for its WLAN. You want to defend against an attacker capturing the authentication exchange and attacking it offline. Your passphrase is currently 10 characters long and uses only upper- and lower-case letters. Which of the following will provide you the BEST defence against an offline attack?
     
    (a) Switch from AES-128 to AES-256
    (b) Leave the passphrase length at 10, but use lower-case, upper-case, numbers & special characters in the PSK
    (c) Configure WPA-PSK to use bcrypt rather than PBKDF2
    (d) Change to a 14-character passphrase while continuing to use just upper- and lower-case letters
    (e) Use WPA2 rather than WPA version 1
    (f) None of the above: the encryption keys are ephemeral, therefore the authentication is not attackable
     
    Answer:
    (d)
     
    Explanation:
    (b)/(d) A 14-character passphrase composed of only upper- and lower-case letters has higher entropy than a 10-character passphrase also including numbers & special characters (approx 78 bits vs 65 bits, which is many orders of magnitude greater)
    (e) Everyone should be using WPA2, but upgrading from WPA1 to WPA2 won’t specifically solve the problem.
    (f) The keys are ephemeral but this doesn’t mean the authentication is not attackable.
     
  3. Which of the following are not characteristics of Discretionary Access Control? (Choose three)
     
    (a) Object access is based on sensitivity
    (b) It is difficult & expensive to implement
    (c) Object owner defines access rights
    (d) Easy to administer & use
    (e) It is closely aligned with Bell-LaPadula
    (f) It is less restrictive than role-based access control (RBAC)
     
    Answers:
    (a), (b), (e)
     
  4. A race condition has been identified in a multi-threaded application running on your server. Which of the following is the common concern associated with this?
     
    (a) Covert storage channels
    (b) Covert timing channels
    (c) Time-of- check/time-of-use (TOC/TOU) errors
    (d) Polyinstantiation
    (e) Buffer overflows
     
    Answer:
    (c)
     
  5. Which of the following are characteristics of the Brewer & Nash security model? (Choose three)
     
    (a) No read up (Simple Security Rule)
    (b) No write down (* Property Rule)
    (c) Also called “Chinese Wall”
    (d) Calls for dynamically-changing permissions
    (e) Designed to prevent conflicts of interest
    (f) No write up (* Integrity Axiom)
    (g) No read down (Simple Integrity Axiom)
     
    Answers:
    (c), (d), (e)
     
  6. Which of the following methods of data removal will leave data remanence concerns? (Select all that apply)
     
    (a) Holding Shift key while deleting a file in Windows
    (b) Formatting a hard drive before selling it on eBay
    (c) Using dd to overwrite a disk with random bits
    (d) Using a crypto-shredding technique
    (e) Degaussing
     
    Answers:
    (a), (b)
     
  7. Which of these is the best definition of a Recovery Point Objective (RPO)?
     
    (a) Maximum amount of time a business process can be unavailable
    (b) Maximum amount to time to recover a business process
    (c) The amount of time need to verify a system/data after recovery
    (d) Measure of time indicating the maximum amount of data that can be lost
     
    Answer:
    (d)
     
  8. Which of the following hashing algorithms produces output less than 200 bits?
     
    (a) SHA2
    (b) Whirlpool
    (c) SHA1
    (d) AES-CCMP
    (e) RC5
    (f) MD5
     
    Answers:
    (c), (f)
     
    Explanation:
    SHA2 is a collection of algorithms, but all produce hashes longer than 200 bits: SHA-224, SHA-256, SHA-384 etc. Whirlpool is 512-bit. SHA1 produces a 160-bit hash. MD5 is 128-bit. AES-CCMP & RC5 are not hashing algorithms.
     
  9. You are sending an email encrypted with a symmetric key. The symmetric key is encrypted using the recipient’s public key. What is the common term used to describe the encrypted message structure?
     
    (a) Digital signature
    (b) Hashed Message Authentication Code (HMAC)
    (c) Message Integrity Check (MIC)
    (d) Digital envelope
     
    Answer:
    (d)
     
    Explanation:
    (b) HMAC is simply hashing with a secret (such as a password) thrown into the mix to provide authentication as well as integrity
     
  10. Which of the following memory addressing types is used by programs on your system?
     
    (a) Physical addressing
    (b) Logical addressing
    (c) Relative addressing
    (d) Indirect addressing
     
    Answer:
    (b)
     
    Explanation
    (d) Some texts refer to “indirect addressing” which means the same as “logical addressing” (and “direct addressing” which means the same as “physical addressing”, so this could be a valid answer too.

Leave a comment

Design a site like this with WordPress.com
Get started