MCQOPTIONS
Saved Bookmarks
MCQOPTIONS
This section includes 379 Mcqs, each offering curated multiple-choice questions to sharpen your Computer Science Engineering (CSE) knowledge and support exam preparation. Choose a topic below to get started.
| 1. |
This type of intrusion relies on the intruder's ability to trick people into breakingnormal security procedures. |
| A. | Shoulder surfing |
| B. | Hijacking |
| C. | Brain fingerprinting |
| D. | Social engineering |
| Answer» E. | |
| 2. |
In which of the following exploits does an attacker insert malicious coding into a link that appears to be from a trustworthy source? |
| A. | Cross-site scripting |
| B. | Command injection |
| C. | Path traversal attack |
| D. | Buffer overflow |
| Answer» B. Command injection | |
| 3. |
Today, many Internet businesses and users take advantage of cryptography based onthis approach. |
| A. | Public key infrastructure |
| B. | Output feedback |
| C. | Encrypting File System |
| D. | Single sign on |
| Answer» B. Output feedback | |
| 4. |
In what type of attack does an intruder manipulate a URL in such a way that the Web server executes or reveals the contents of a file anywhere on the server, including those lying outside the document root directory? |
| A. | Cross-site scripting |
| B. | Command injection |
| C. | SQL injection |
| D. | Path traversal attacks |
| Answer» E. | |
| 5. |
An intruder might install this on a networked computer to collect user ids andpasswords from other machines on the network. |
| A. | Passphrase |
| B. | Root kit |
| C. | Ownership tag |
| D. | Token |
| Answer» C. Ownership tag | |
| 6. |
This type of attack may cause additional damage by sending data containing codes designed to trigger specific actions - for example, changing data or disclosing confidential information. |
| A. | Buffer overflow |
| B. | Block cipher |
| C. | War dialing |
| D. | Distributed denial-of-service attack |
| Answer» B. Block cipher | |
| 7. |
One of the most obvious places to put an IDS sensor is near the firewall. Where exactlyin relation to the firewall is the most productive placement? |
| A. | Inside the firewall |
| B. | Outside the firewall |
| C. | Both |
| D. | None |
| Answer» B. Outside the firewall | |
| 8. |
This is a mechanism for ensuring that only authorized users can copy or use specific software applications. |
| A. | Authorized program analysis report |
| B. | Private key |
| C. | Service level agreement |
| D. | Dongle |
| Answer» E. | |
| 9. |
This was commonly used in cryptography during World War II. |
| A. | Tunneling |
| B. | Personalization |
| C. | Van Eck phreaking |
| D. | One-time pad |
| Answer» E. | |
| 10. |
What "layer" of an e-mail message should you consider when evaluating e-mailsecurity? |
| A. | TCP/IP |
| B. | SMTP |
| C. | Body |
| D. | All of the above |
| Answer» E. | |
| 11. |
___________is a form of eavesdropping used to pick up telecommunication signals bymonitoring the electromagnetic fields produced by the signals. |
| A. | Reverse engineering |
| B. | Magneto resistive head technology |
| C. | Van Eck phreaking |
| D. | Electronic data processing (EDP) |
| Answer» D. Electronic data processing (EDP) | |
| 12. |
In which of the following exploits does an attacker add SQL code to a Web form inputbox to gain access to resources or make changes to data? |
| A. | Cross-site scripting |
| B. | Command injection |
| C. | SQL injection |
| D. | Buffer overflow |
| Answer» D. Buffer overflow | |
| 13. |
This is a trial and error method used to decode encrypted data through exhaustiveeffort rather than employing intellectual strategies. |
| A. | Chaffing and winnowing |
| B. | Cryptanalysis |
| C. | Serendipity |
| D. | Brute force cracking |
| Answer» E. | |
| 14. |
This is the forging of an e-mail header so that the message appears to have originatedfrom someone or somewhere other than the actual source. |
| A. | Foot printing |
| B. | Non repudiation |
| C. | E-mail spoofing |
| D. | Finger |
| Answer» D. Finger | |
| 15. |
Developed by Philip R. Zimmermann, this is the most widely used privacy-ensuringprogram by individuals and is also used by many corporations. |
| A. | DS |
| B. | OCSP |
| C. | Secure HTTP |
| D. | Pretty Good Privacy |
| Answer» E. | |
| 16. |
This is the encryption algorithm that will begin to supplant the Data Encryption Standard (DES) - and later Triple DES - over the next few years as the new standard encryption algorithm. |
| A. | Rijndael |
| B. | Kerberos |
| C. | Blowfish |
| D. | IPsec |
| Answer» B. Kerberos | |
| 17. |
This technology is used to measure and analyze human body characteristics forauthentication purposes. |
| A. | Footprinting |
| B. | Biometrics |
| C. | JBOD |
| D. | Anthropomorphism |
| Answer» C. JBOD | |
| 18. |
Which of the following is NOT recommended for securing Web applications against authenticated users? |
| A. | Client-side data validation |
| B. | Filtering data with a default deny regular expression |
| C. | Running the application under least privileges necessary |
| D. | Using parameterized queries to access a database |
| Answer» B. Filtering data with a default deny regular expression | |
| 19. |
This is an encryption/decryption key known only to the party or parties that exchangesecret messages. |
| A. | E-signature |
| B. | Digital certificate |
| C. | Private key |
| D. | Security token |
| Answer» D. Security token | |
| 20. |
This is the name for the issuer of a PKI certificate. |
| A. | Man in the middle |
| B. | Certificate authority |
| C. | Resource Access Control Facility |
| D. | Script kiddy |
| Answer» C. Resource Access Control Facility | |
| 21. |
This is the name for a group of programmers who are hired to expose errors or securityholes in new software or to find out why a computer network's security is being broken. |
| A. | ERM group |
| B. | Computer emergency response tea |
| C. | Tiger team |
| D. | Silicone cockroach |
| Answer» D. Silicone cockroach | |
| 22. |
This is is the hiding of a secret message within an ordinary message and the extractionof it at its destination. |
| A. | Secret key algorithm |
| B. | Message queuing |
| C. | Spyware |
| D. | Steganography |
| Answer» E. | |
| 23. |
The developers of an operating system or vendor application might issue this to preventintruders from taking advantage of a weakness in their programming. |
| A. | Cookie |
| B. | Key fob |
| C. | Watermark |
| D. | Patch |
| Answer» E. | |
| 24. |
In password protection, this is a random string of data used to modify a password hash. |
| A. | Sheepdip |
| B. | Salt |
| C. | Bypass |
| D. | Dongle |
| Answer» C. Bypass | |
| 25. |
This is a Peripheral Component Interconnect (PCI) card that offloads SSL processing tospeed up secure transactions on e-commerce Web sites. |
| A. | PCMCIA card |
| B. | Smart card |
| C. | Server accelerator card |
| D. | Network interface card |
| Answer» D. Network interface card | |
| 26. |
This is the modification of personal information on a Web user's computer to gainunauthorized information with which to obtain access to the user's existing accounts. |
| A. | Identity theft |
| B. | Cookie poisoning |
| C. | Shoulder surfing |
| D. | Relative identifier |
| Answer» C. Shoulder surfing | |
| 27. |
Which of the following is true of improper error handling? |
| A. | Attackers can use error messages to extract specific information from a system. |
| B. | Attackers can use unexpected errors to knock an application off line, creating a denial-of- service attack. |
| C. | Unexpected errors can provide an attacker with a buffer or stack overflow condition that sets the stage for an arbitrary code execution. |
| D. | All of the above. |
| Answer» E. | |
| 28. |
__________ is an electronic or paper log used to track computer activity. |
| A. | Traceroute |
| B. | Cookie |
| C. | Weblog |
| D. | Audit trail |
| Answer» E. | |
| 29. |
This enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. |
| A. | Security Identifier (SID) |
| B. | Public key infrastructure (PKI) |
| C. | Internet Assigned Numbers Authority (IANA) |
| D. | Private Branch Exchange (PBX) |
| Answer» C. Internet Assigned Numbers Authority (IANA) | |
| 30. |
This is a mode of operation for a block cipher, with the characteristic that each possibleblock of plaintext has a defined corresponding cipher text value and vice versa. |
| A. | Foot printing |
| B. | Hash function |
| C. | Watermark |
| D. | Electronic Code Book |
| Answer» E. | |
| 31. |
This is an attack on a computer system that takes advantage of a particularvulnerability that the system offers to intruders. |
| A. | Port scan |
| B. | Denial of service |
| C. | Exploit |
| D. | Logic bomb |
| Answer» D. Logic bomb | |
| 32. |
This electronic "credit card" establishes a user's credentials when doing business orother transactions on the Web and is issued by a certification authority. |
| A. | Private key |
| B. | Digital certificate |
| C. | Smart card |
| D. | Ownership tag |
| Answer» C. Smart card | |
| 33. |
This is the inclusion of a secret message in otherwise unencrypted text or images. |
| A. | Masquerade |
| B. | Steganography |
| C. | Spoof |
| D. | Eye-in-hand system |
| Answer» C. Spoof | |
| 34. |
This is a program in which harmful code is contained inside apparently harmlessprogramming or data. |
| A. | Snort |
| B. | Honeypot |
| C. | Blue bomb |
| D. | Trojan horse |
| Answer» E. | |
| 35. |
This is an assault on the integrity of a security system in which the attacker substitutesa section of cipher text (encrypted text) with a different section that looks like (but is not the same as) the one removed. |
| A. | Trojan horse |
| B. | Hashing |
| C. | Switching fabric |
| D. | Cut and paste attack |
| Answer» E. | |
| 36. |
This is a series of messages sent by someone attempting to break into a computer to learn which computer network services the computer provides. |
| A. | Bit robbing |
| B. | Web services description language (WSDL) |
| C. | Jabber |
| D. | Port scan |
| Answer» E. | |
| 37. |
This is a compromised Web site that is being used as an attack launch point in a denialof-service attack. |
| A. | Bastion host |
| B. | Packet monkey |
| C. | Dongle |
| D. | Zombie |
| Answer» E. | |
| 38. |
"Semantics-aware" signatures automatically generated by Nemean are based on trafficat which two layers? |
| A. | Application layer |
| B. | Network layer |
| C. | Session layer |
| D. | Both a and c |
| Answer» E. | |
| 39. |
An IDS follows a two-step process consisting of a passive component and an activecomponent. Which of the following is part of the active component? |
| A. | Inspection of password files to detect inadvisable passwords |
| B. | Mechanisms put in place to reenact known methods of attack and record system responses |
| C. | Inspection of system to detect policy violations |
| D. | Inspection of configuration files to detect inadvisable settings |
| Answer» C. Inspection of system to detect policy violations | |
| 40. |
This is a type of network security attack in which the intruder takes control of acommunication between two entities and masquerades as one of them. |
| A. | Hijacking |
| B. | Identity theft |
| C. | Smurf attack |
| D. | Tunneling |
| Answer» B. Identity theft | |
| 41. |
Which of the following is characteristic of spyware? |
| A. | Blocking access to antivirus and antispyware updates |
| B. | Aggregating surfing habits across multiple users for advertising |
| C. | Customizing search results based on an advertiser's needs |
| D. | All of the above |
| Answer» C. Customizing search results based on an advertiser's needs | |
| 42. |
Investigators should not rely on one piece of digital evidence when examining an alibi – they should look for an associated _______. |
| A. | cybertrail |
| B. | piece of physical evidence |
| C. | statement |
| D. | none of the above |
| Answer» B. piece of physical evidence | |
| 43. |
The main difference in MACs and digital signatures is that, in digital signatures the hash value of the message is encrypted with a user’s public key. |
| A. | true |
| B. | false |
| Answer» C. | |
| 44. |
“Elliptic curve cryptography follows the associative property.” |
| A. | true |
| B. | false |
| Answer» B. false | |
| 45. |
is the art & science of cracking the cipher-text without knowing the key. |
| A. | cracking |
| B. | cryptanalysis |
| C. | cryptography |
| D. | crypto-hacking |
| Answer» C. cryptography | |
| 46. |
ATM pin while withdrawing money is an example of using: |
| A. | authentication |
| B. | authorization |
| C. | access control |
| D. | auditing |
| Answer» C. access control | |
| 47. |
Assurance that authentic user is taking part in communication is: |
| A. | authentication |
| B. | authorization |
| C. | access control |
| D. | auditing |
| Answer» B. authorization | |
| 48. |
Modification of Data is done in: |
| A. | both active and passive attacks |
| B. | neither active and passive attacks |
| C. | active attacks |
| D. | passive attacks |
| Answer» B. neither active and passive attacks | |
| 49. |
Which is the type of attack when Network is made unavailable for user |
| A. | masquerade |
| B. | replay |
| C. | modification |
| D. | denial of service |
| Answer» E. | |
| 50. |
When original data is changed to make it non-meaningful by attacker it is known as |
| A. | masquerade |
| B. | replay |
| C. | modification of messages |
| D. | traffic analysis |
| Answer» D. traffic analysis | |