.png){kind=logo}
CS6262 Final Study Set Students also studied Science Computer Science Computer Security and Reliability Save IS 2000 Exam 2 82 terms austinpatnode Preview CSE 494 Notes 12-18 99 terms SHIMMERBOOTYCAT Preview Technology flash cards 21 terms skylar_busbyPreview Cybers Teacher mir
T/F: An attacker that uses large botnet to
make requests to a server to flood is an example of amplification attack.True
T/F: Unlike UDP, TCP has the necessary
safeguards in place to prevent network DoS.False Which of the following actors are part of the cyber crime underground economy?Exploit Developers Botnet Masters Spammers All of the above All of the above Which of the following is/are NOT a potential network DoS mitigation? Select multiple.Client Puzzles CAPTCHAs Source Identification Use only TCP Increase UDP 3-way handshake CAPTCHAs Use only TCP Increase UDP 3-way handshake In 2015, GitHub was a victim of a distributed denial of service attack. The attackers injected malicious JavaScript code in GitHub's web pages.False
T/F: A website ""http://gatech.edu"" is able to set or overwrite cookies from the
website ""https://gatech.edu"". The server is
not able to distinguish the overwritten cookies from the original cookies. This is an example of violation of session integrity.True Which is INCORRECT regarding the session token?Tokens will expire, but there should still be mechanisms to revoke them if necessary Token size, like cookie size, is not a concern The token must be stored somewhere All of them Token size, like cookie size, is not a concern
T/F: The HTTPS lock icon on the webpage
is only displayed after all elements on a webpage are fetched using HTTPS, a valid HTTPS cert is issued by a trusted certificate authority for all elements, and the domain in the URL matches CommonName or SubjectAlternativeName in cert.True The following question is from the recommended reading "Exposing Private Information by Timing Web Applications".Which of these are valid defenses by web applications to resist timing attacks?Adding random delay to the response Both the answer choices are correct Taking constant amount of time always for processing a request Taking constant amount of time always for processing a request You are visiting a page that contains two iframes: http://example.com Links to an
external site. and https://example.com
Links to an external site.. They can access each other's content directly.False
T/F: HTTPS encrypts the host address to
protect the user's privacy.False
T/F: Content Security Policy (CSP) is an
HTTP header that instructs the web browser to restrict the source of contents to load or execute. It prevents cross-site scripting, clickjacking, and code injection attacks.True
T/F: From the paper "A Look Back at
"Security Problems in the TCP/IP Protocol Suite," it's safe to rely on the IP source address for authentication.Flase
T/F: In Steve Friedl's tech tips, he
recommends people to run patched servers. However, patched servers might still be vulnerable.True
Which of these is a TCP security problem:
Eavesdropping Denial of service Packet sniffing All of the above All of the above
T/F: TCP/IP packets are signed and not able
to be forged or spoofed by the client False
T/F: Randomizing just the initial sequence
number completely prevents an attacker from guessing the right sequence number.False
T/F: Address attestation is used to protect
BGP from incorrect updates.True
T/F: A downside of using DNS Pinning as a
defense against DNS Rebinding attacks is that it makes the interaction with VPNs and proxies difficult.True What are some of the things to consider when trying to meet the transparency requirement for malware analysis?Identical exception handling Identical notion of time Higher privilege than the malware All of the above All of the above Which of the following is NOT an area of the C based toolchain where hardening can occur.Compiler Linker Assembler Preprocessor Assembler
T/F: Malwares which specially encode or
encrypt their payloads while communicating to the C2 can evade IDS that analyze the traffic's payload.True DNSSEC allows DNS to be more secure against attackers. Which one of these is NOT a guarantee provided by DNSSEC?Authenticated denial of existence Verification of physical location Integrity of the response Authenticity of the DNS answer origin Verification of physical location
Which of the following is NOT a reason why emulator-based obfuscation is attractive to attackers?t makes traditional pure static analysis techniques useless.It makes the obfuscated program's control flow graph (CFG) impossible to recover.It can be easily adopted.The security experts' knowledge on x86 ISA is mostly useless for analyzing the obfuscated program.It makes the obfuscated program's control flow graph (CFG) impossible to recover.A challenge for data flow analysis for mobile apps is that it may involve analysis of the complex code of an operating system. How does the STAMP approach overcome this difficulty?It uses neural language processing (NLP) techniques to analyze the operating system's code.It utilizes the huge computation power of cloud computing platforms.It skips the missing data flow to accelerate the analysis.It uses simplified models to represent the operating system.It uses simplified models to represent the operating system.A company is planning to move its web infrastructure to the cloud. Which of the following security challenges will the company have to deal with?Possible proprietary implementation of security defenses Trusting vendor's security model Inadequate support for security investigations All of the above All of the above Property-Preserving Encryption (PPE) is popular in cloud computing. Which of the follow is the PRIMARY weakness of PPE?Extremely inefficient Requires major change to application and database servers By design the encryption leaks information Does not support SQL queries By design the encryption leaks information
T/F: Once data is encrypted and stored in
the cloud, it is impossible for the cloud server to perform computation over the encrypted data.False
.png)