Quiz Questions Flashcards Preview

CS6262 Final > Quiz Questions > Flashcards

Flashcards in Quiz Questions Deck (58)
Loading flashcards...
1

1. Denial-of-Service attacks can only happen at the network layer.

False

2

2.For DDoS traceback (Savage et al. ’00) a path can be reconstructed even if just one packet through the path is obtained.

False

3

3. Denial-of-Service attacks always involve sending a very large amount of traffic.

False

4

4. For DoS mitigation, a SYN Cookie ensures that a client is honest because it must ACK the SYN-ACK cookie from the server, and cannot reuse an old one.

True

5

5. DoS attacks always use spoofed IP addresses.

False

6

6. Everyone who frequents underground forums is cybercriminal or intends to be one.

False

7

7. A lot of cybercrime contents on the web remain invisible to even a very powerful search engine like Google.

True

8

8. If a botnet uses randomly generated domains each day for command-and-control (C&C), then there is no way to detect and block the C&C domains.

False

9

9. Cyber frauds and scams such as on-line “pharmacy” can only fool the victims once - that is, no users will be their repeat “customers”.

False

10

10. If I click on a phishing link and end up on a site, but I don’t provide valuable information such as my credit card number to the site, nothing bad can happen.

False

11

Penetration testing is limited to only the technological security controls.

False

12

A benefit of thorough penetration testing is the accurate accounting of network infrastructures and applications.

True

13

A penetration test is always launched from outside the enterprise network being tested.

False

14

Fake news can be considered as a social engineering attack.

True

15

A penetration test can combine physical as well as cyber/network access to the organization being tested.

True

16

The ads on a web page can be used to carry out malicious functions.

True

17

Browser extensions and plugins available in an official store (e.g., the Chrome Web Store) can always be trusted for not containing malicious logics.

False

18

The Same Origin Policy (SOP) for DOM and the SOP for cookies have different definitions of “origin”.

True

19

A content security policy (CSP) specifies the allowable sources of web page contents. This is essentially a whitelist approach.

True

20

HTTPS cookies are always secure and can be trusted

False

21

When you connect to Gmail, the SSL/TLS handshake takes place after you have successfully logged in

False

22

To securely log out a user, it is sufficient to delete the SessionToken on the client browser

False

23

Suppose Georgia Tech owns both the www.gatech.edu and www.gatech.edu.uk domains, it must use two different certificates.

False

24

Browsers typically accept certificates from only a handful of CAs.

False

25

The random sequence number in the SYN/ACK packet can prevent an attacker from establishing a TCP session but cannot prevent him from launching a DoS

True

26

Using ARP spoofing an attacker can cause traffic to a gateway to instead be sent to his machine (on the same LAN).

True

27

Incorrect BGP advertisements by a node can be detected by other nodes and therefore the incorrect advertisements will not be propagated.

False

28

In Kaminsky’s Poisoning attack, the attacker floods the local resolver with responses that point the name server of a domain (e.g., www.gatech.edu) to his machine.

True

29

DNSSEC relies on a public-key infrastructure (PKI).

True

30

If a program is packed (i.e., encrypted and compressed), it must be malware.

False