Which of the following cryptographic algorithms is classified as symmetric

Which of the following cryptographic algorithms is classified as symmetric? (Choose Two.)

DSA

ECC

AES

DES

2.Which attack method is MOST likely to be used by a malicious employee or insider trying to obtain another user’s passwords?

Shoulder surfing

Man-in-the-middle attack

Phishing

Tailgating

3.Which type of method is used to collect information during the passive reconnaissance?

Reviewing public repositories

API requests and responses

Network Traffic Sniffing

Social Engineering

4.List any TWO requirements that MiniSec is designed to meet.

5.

Which of the following type of access control model provides the strongest level of protection?

ABAC

RBAC

MAC

DAC

6.What control provides the best protection against both SQL injection and cross-site scripting attacks?

CSRF

Firewalls

Hypervisors

Input Validation

The Correct Answer and Explanation is :

1. Which of the following cryptographic algorithms is classified as symmetric? (Choose Two.)

• AES
• DES Explanation:
  Symmetric cryptographic algorithms use the same key for both encryption and decryption. Both AES (Advanced Encryption Standard) and DES (Data Encryption Standard) are symmetric algorithms. AES is a more modern and secure standard, while DES is an older and less secure algorithm that has been largely replaced. DSA (Digital Signature Algorithm) and ECC (Elliptic Curve Cryptography), on the other hand, are asymmetric algorithms that use a public and private key pair for encryption and decryption.

1. Which attack method is MOST likely to be used by a malicious employee or insider trying to obtain another user’s passwords?

• Shoulder surfing Explanation:
  Shoulder surfing is the act of observing someone from a close distance to gain access to their sensitive information, such as passwords. A malicious insider might engage in shoulder surfing in a physical office setting to steal another employee’s password without needing to use more advanced techniques. Other methods like Man-in-the-middle attacks, Phishing, and Tailgating could also be used but are more commonly associated with external attacks or network-based threats.

1. Which type of method is used to collect information during passive reconnaissance?

• Reviewing public repositories Explanation:
  During passive reconnaissance, an attacker gathers information about the target without directly interacting with their systems. This can include reviewing publicly available resources like public repositories, domain name information, social media profiles, or public documents. Other methods such as API requests, network traffic sniffing, and social engineering might involve more active engagement or interaction with the target system or individuals.

1. List any TWO requirements that MiniSec is designed to meet.

• Confidentiality
• Integrity Explanation:
  MiniSec is a security framework that focuses on providing security in constrained environments, such as embedded systems or wireless sensor networks. Two fundamental requirements it aims to meet are confidentiality (ensuring that only authorized parties can access sensitive data) and integrity (ensuring that data is not tampered with during transmission).

1. Which of the following type of access control model provides the strongest level of protection?

• MAC (Mandatory Access Control) Explanation:
  MAC is considered the most secure type of access control because it enforces strict policies that cannot be altered by the user. In MAC, the system defines access levels based on classifications and labels, and users cannot change their access permissions. RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) are also secure but provide more flexibility compared to MAC. DAC (Discretionary Access Control) is the least restrictive model, allowing owners to control access, which can introduce potential security risks.

1. What control provides the best protection against both SQL injection and cross-site scripting attacks?

• Input Validation Explanation:
  Input validation is one of the most effective security controls for preventing both SQL injection and cross-site scripting (XSS) attacks. By ensuring that only properly sanitized and validated data is accepted, systems can block malicious inputs that attempt to exploit vulnerabilities in applications. SQL injection attacks manipulate backend databases, while XSS attacks involve injecting malicious scripts into web pages. Proper input validation ensures that user-supplied data cannot be used to compromise the system in either case.