Quiz Questions Flashcards Preview

CS6262 Final > Quiz Questions > Flashcards

Flashcards in Quiz Questions Deck (58):
1

1. Denial-of-Service attacks can only happen at the network layer.

False

2

2.For DDoS traceback (Savage et al. ’00) a path can be reconstructed even if just one packet through the path is obtained.

False

3

3. Denial-of-Service attacks always involve sending a very large amount of traffic.

False

4

4. For DoS mitigation, a SYN Cookie ensures that a client is honest because it must ACK the SYN-ACK cookie from the server, and cannot reuse an old one.

True

5

5. DoS attacks always use spoofed IP addresses.

False

6

6. Everyone who frequents underground forums is cybercriminal or intends to be one.

False

7

7. A lot of cybercrime contents on the web remain invisible to even a very powerful search engine like Google.

True

8

8. If a botnet uses randomly generated domains each day for command-and-control (C&C), then there is no way to detect and block the C&C domains.

False

9

9. Cyber frauds and scams such as on-line “pharmacy” can only fool the victims once - that is, no users will be their repeat “customers”.

False

10

10. If I click on a phishing link and end up on a site, but I don’t provide valuable information such as my credit card number to the site, nothing bad can happen.

False

11

Penetration testing is limited to only the technological security controls.

False

12

A benefit of thorough penetration testing is the accurate accounting of network infrastructures and applications.

True

13

A penetration test is always launched from outside the enterprise network being tested.

False

14

Fake news can be considered as a social engineering attack.

True

15

A penetration test can combine physical as well as cyber/network access to the organization being tested.

True

16

The ads on a web page can be used to carry out malicious functions.

True

17

Browser extensions and plugins available in an official store (e.g., the Chrome Web Store) can always be trusted for not containing malicious logics.

False

18

The Same Origin Policy (SOP) for DOM and the SOP for cookies have different definitions of “origin”.

True

19

A content security policy (CSP) specifies the allowable sources of web page contents. This is essentially a whitelist approach.

True

20

HTTPS cookies are always secure and can be trusted

False

21

When you connect to Gmail, the SSL/TLS handshake takes place after you have successfully logged in

False

22

To securely log out a user, it is sufficient to delete the SessionToken on the client browser

False

23

Suppose Georgia Tech owns both the www.gatech.edu and www.gatech.edu.uk domains, it must use two different certificates.

False

24

Browsers typically accept certificates from only a handful of CAs.

False

25

The random sequence number in the SYN/ACK packet can prevent an attacker from establishing a TCP session but cannot prevent him from launching a DoS

True

26

Using ARP spoofing an attacker can cause traffic to a gateway to instead be sent to his machine (on the same LAN).

True

27

Incorrect BGP advertisements by a node can be detected by other nodes and therefore the incorrect advertisements will not be propagated.

False

28

In Kaminsky’s Poisoning attack, the attacker floods the local resolver with responses that point the name server of a domain (e.g., www.gatech.edu) to his machine.

True

29

DNSSEC relies on a public-key infrastructure (PKI).

True

30

If a program is packed (i.e., encrypted and compressed), it must be malware.

False

31

It is impossible to achieve absolute, complete transparency in malware analysis because, e.g., malware can use network timing to detect the analyzer (because traffic goes through the analyzer, which can cause additional delay).

True

32

If emulator-based obfuscation is in use, the system calls produced by running the “malware” are from the emulator program and cannot be easily analyzed to reveal the original malware logic.

True

33

If you download apps from only the official app store, your phone will be free of mobile malware.

False

34

In malware analysis, dynamic fuzzing is useful when symbolic execution fails to yield results quickly.

True

35

All data privacy issues in cloud computing can be solved by just encrypting data in transmission (over the Internet) and at rest (storage in the Cloud).

False

36

A main challenge in virtual machine monitoring is the need to understand the memory layouts of data structures of the operating system and applications in the guest virtual machine.

True

37

A drawback of virtual machine monitoring is the high time overhead.

True

38

The use of property-preserving encryption can lead to privacy leakage (e.g., revealing a user’s gender and even identity).

True

39

If we don’t trust the cloud provider, e.g., we believe it will observe our data access patterns to find out what we are doing, then there is nothing we can do other than not using the cloud provider.

False

40

If a computer sends a heartbeat message to an Internet site and receives some command and data from the site every day, it must be a (malicious) bot (of a botnet).

False

41

If a computer sends out scanning traffic, it must be a (malicious) bot (of a botnet).

False

42

If a domain name is random looking (e.g., we can’t find any part of it in a dictionary), it must be the domain name of a botnet C&C server.

False

43

An important benefit of directing botnet C&C traffic to a DNS sinkhole is the capturing of bot IP addresses.

True

44

BotMiner can detect botnets that use centralized C&C servers as well as botnets that use P2P for C&C.

True

45

When scanning the IPv4 space using a tool such as Zmap, every scan (with the same parameters) should return the same results.

False

46

Zmap uses widely (and randomly) dispersed scanning targets to achieve high speed.

True

47

The goal of a domain reputation system such as Notos is to identify newly created or previously unclassified malicious domains.

True

48

If an IP address (i.e., an Internet host) is known to have hosted malicious domains, then the reputation of any domain that is resolved to (i.e., hosted by) this IP address is also tainted (i.e., more likely than others to be malicious).

True

49

Before we attempt a botnet takedown, we need to first investigate its infrastructure, and so all we need to do is to run the bot malware in a sandbox environment for a few minutes and observe the domain(s) that it uses.

False

50

The use of machine learning (ML) in security is a very recent development (i.e., only started in the last few years).

False

51

A bot sends spam only during the day because the attacker has learned that sending spam during the night results in an anomaly by a ML-based detection system. This is called an evasion attack on machine learning.

True

52

To make a causative (or, poisoning) attack on machine learning successful, an attacker just needs to inject random noise into the training data.

False

53

One of the reasons why PAYL can be evaded is that it is very simple: the features are very simple and the anomaly detection model is also very simple.

True

54

It is very hard to prevent poisoning attack when we don’t have complete control of the process of generating or collecting training data (and hence can’t ascertain the authenticity and integrity of training data).

True

55

If we replicate our valuable data and store the copies in multiple servers, we can improve (or, at the least, not weaken) its availability, integrity, and confidentiality.

False

56

In Secret Sharing, one can create as many shares as he desires (i.e., n can be arbitrarily large), but having too many shares increases the chance of an attacker acquiring enough (i.e., at least k) shares to obtain the original secret.

True

57

In the Byzantine Fault-Tolerance model discussed in the lecture, it is assumed that a replica can be faulty (e.g., gives a wrong answer) or simply not responding (e.g., has crashed).

True

58

To improve the tolerance against cyberattacks, we can use several replicated systems (with the same hardware and software) instead of just one.

False