Which of the following styles of fuzzer is more likely to explore paths covering every line of code in the following program?A.GenerationalB.BlackboxC.WhiteboxD.Mutation-based[SEP]C Assume that a TLS connection has been established successfully between a client and a server. Establishing the session included checking the server certificate and executing a DiffieHelmann exchange, but the client did not provide a client certificate. Further, assume that the client and server are honest, that the client and server don’t leak their keys, and that the cryptography is good. Which of the following attacks does TLS protect against?1. An attacker replaying bytes that a client sent earlier.2. An attacker impersonating the server.A.True, TrueB.False, FalseC.True, FalseD.False, True[SEP]A MIT’s Kerberos KDC server has a maximum ticket lifetime of 24 hours (for most user principals). What ensures that an expired Kerberos ticket can no longer be used?A.The Kerberos server (KDC) refuses to establish new connections between clients and servers for expired tickets.B.When a client connects to a server, the server sets a 24-hour timer to terminate the connection, which ensures a client cannot remain connected past the ticket’s maximum lifetime.C.When a client connects to a server, the server compares the ticket’s expiration time to the server’s current clock, and refuses to authenticate the user if the ticket expiration time is in the past.D.When a client connects to a server, the server sends a query to the KDC to check if the ticket is still valid with respect to the KDC’s clock, and refuses to authenticate the user if the KDC reports that the ticket is expired.[SEP]C In Message Condentiality, the transmitted message must make sense to only intendedA.ReceiverB.SenderC.ModulorD.Translator[SEP]A Which of the following is a remote Trojan?A.TroyaB.DaCrypticC.BankerAD.Game-Troj[SEP]A ______________ is a widespread app’s coding mistake made by developers which could be exploited by an attacker for gaining access or malfunctioning your system.A.Memory leakageB.Buffer-overrunC.Less processing powerD.Inefficient programming[SEP]B Consider the paper Native Client: A Sandbox for Portable, Untrusted x86 Native Code by Yee et al. Ben Bitdiddle notes that NaCl uses Intel x86 segmentation to ensure that the sandboxed module does not read or write memory outside its own data area, and does not execute instructions outside its own code. Ben thinks that with these restrictions alone, executing the sandboxed module must be safe; that is, he thinks validation is not needed. Ben is wrong. Circle the types of x86 machine instructions that the validator always forbids in sandboxed code. Please ignore trampoline and springboard code.A.all instructions that modify segment stateB.all loads or stores to addresses that are not 0 mod 32C.all indirect loads or stores (via an address in a register or variable)D.all indirect jumps (via an address in a register or variable)[SEP]A ____________ is also a part of darknet that is employed for transferring files anonymously.A.FreenetB.ARPANETC.StuxnetD.Internet[SEP]A Why apps developed in languages like C, C++ is prone to Buffer-overflow?A.No string boundary checks in predefined functionsB.No storage check in the external memoryC.No processing power checkD.No database check[SEP]A Man in the middle attack can endanger the security of Diffie Hellman method if two parties are notA.JoinedB.AuthenticatedC.SubmittedD.Shared[SEP]B An integer overflow occurs whenA.an integer expression's result "wraps around"; instead of creating a very large number, a very small (or negative) number ends up getting createdB.an integer is used as if it was a pointerC.an integer is used to access a buffer outside of the buffer's boundsD.there is no more space to hold integers in the program[SEP]D Let HH be a Merkle-Damgard hash function is H:X^{\leq L} \to TH:X^≤L →T. Construct a MAC from this HH as follows: \ \ S(k,m) = H(k \| m) S(k,m)=H(k∥m). This mac is insecure because:A.Given H(k \| m)H(k∥m) anyone can compute H(w \| k \| m \| \text{PB})H(w∥k∥m∥PB) for any wwB.Given H(k \| m)H(k∥m) anyone can compute H(k \| m \| w)H(k∥m∥w) for any wwC.Given H(k \| m)H(k∥m) anyone can compute H(k \| m \| \text{PB} \| w)H(k∥m∥PB∥w) for any wwD.Anyone can compute H( k \| m )H(k∥m) for any mm[SEP]C Suppose that Alice and Bob sent confidential text messages to one another last month through an encrypted messaging system. Alice and Bob are worried that an adversary might compromise one of their computers today, while they are taking the 6.858 final exam, and would then be able to decrypt those messages. Which of the following security properties can address Alice and Bob’s concern?A.Authentication.B.Deniability.C.Forward secrecyD.Backward secrecy.[SEP]C The AH Protocol provides source authentication and data integrity, but notA.IntegrityB.PrivacyC.NonrepudiationD.Both A & C[SEP]B Which of the following is not a security exploit?A.EavesdroppingB.Cross-site scriptingC.AuthenticationD.SQL Injection[SEP]C _______________ is the central node of 802.11 wireless operations.A.WPAB.Access PointC.WAPD.Access Port[SEP]B In MD-5 the length of the message digest isA.160B.128C.64D.54[SEP]B What is Nmap?A.It is a scanner which works by injecting packets to a range of addresses, and inferring what hosts and services might be at those addresses, based on the responsesB.It is a network fuzz testing toolC.It is a map of the InternetD.It is a suite of tools for scripting attacks: probe, construct, encode, inject, wait for response[SEP]A How do you prevent SQL injection?A.Escape queriesB.Interrupt requestsC.Merge tablesD.All of the above[SEP]A What does it mean to "be stealthy" during a penetration test?A.Performing the tests from an undisclosed locationB.Using encryption during tests to make the source of attacks impossible to determineC.Performing penetration testing without the target organization knowingD.Taking care to avoid activities during a penetration test that might attract attention, e.g., by operators or IDS services[SEP]D Which of the following is not a transport layer vulnerability?A.Mishandling of undefined, poorly defined variablesB.The Vulnerability that allows “fingerprinting” & other enumeration of host informationC.Overloading of transport-layer mechanismsD.Unauthorized network access[SEP]D In Brumley and Boneh’s paper on side-channel attacks, why does blinding prevent the timing attack from working?A.Blinding prevents the server from using the CRT optimization, which is essential to the timing attack.B.Blinding changes the p and q primes that are used, so an adversary cannot learn the server’s true p and q values.C.Blinding randomizes the ciphertext being decrypted, thus obscuring the correlation between an adversary’s input and the timing differences.D.Blinding adds a random amount of time to the decryption due to the multiplication and division by the blinding random value r, which obscures the timing differences used in the attack.[SEP]C The openSSL implementation described in “Remote Timing Attacks are Practical” (by Brumley and Boneh) uses the following performance optimizations: Chinese Remainder (CR), Montgomery Representation (MR), Karatsuba Multiplication (KM), and Repeated squaring and Sliding windows (RS). Which of the following options would close the timing channel attack described in the paper if you turned the listed optimizations off?1. RS and KM2. RS and MRA.True, TrueB.False, FalseC.True, FalseD.False, True[SEP]D Public key encryption is advantageous over Symmetric key Cryptography because ofA.SpeedB.SpaceC.Key exchangeD.Key length[SEP]C The __________ was a huge marketplace of Dark Web specifically famous for selling of illegal drugs & narcotics as well as you can find a wide range of other goods for sale.A.Silk RoadB.Cotton RoadC.Dark RoadD.Drug Road[SEP]A The ______________ is categorized as an unknown segment of the Deep Web which has been purposely kept hidden & is inaccessible using standard web browsers.A.Haunted webB.World Wide WebC.Dark webD.Surface web[SEP]C What does EXE do when the STP solver times out on a constraint query for a particular path?A.Assume that the query is satisfiable and continue executing the path.B.Assume that the query is not satisfiable and stop executing the pathC.Restart STP and retry the query, up to a limited number of retries.D.Remove a subset of the constraints and retry the query.[SEP]B To verify a digital signature we need theA.Sender’s Private keyB.Sender’s Public keyC.Receiver’s Private keyD.Receiver’s Public key[SEP]B Suppose you want to use fuzzing on a program to try to find memory errors; which of the following statements is true?A.You should not use a grammar-based fuzzer, because its adherence to the grammar means it will not find memory errorsB.Compiling the program with address sanitizer (ASAN) will make errors harder to reproduceC.Compiling the program with address sanitizer (ASAN) will make the source of a memory error easier to findD.Fuzzing doesn't find memory errors, it finds crashes and hangs[SEP]C Based on the paper “SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificates trust model enhancements”, which of the following statements are false?A.Valid DV certificates provide more confidence to a user that she is connecting to the intended party than valid EV certificates.B.OCSP stapling allows a server to prove to a browser that its certificate hasn’t been revoked.C.DANE makes it difficult for an adversary to launch a SSL stripping attack.D.Server key-pinning makes it harder for an adversary to convince a CA to mint a certificate for a site and launch an MITM attack on that site.[SEP]A What tool can be used to perform SNMP enumeration?A.DNSlookupB.WhoisC.NslookupD.IP Network Browser[SEP]D Which among them has the strongest wireless security?A.WEPB.WPAC.WPA2D.WPA3[SEP]D Suppose Unix did not provide a way of passing file descriptors between processes, but still allowed inheriting file descriptors from a parent on fork and exec. What aspects of the OKWS design would break without file descriptor passing?1. It would be impossible for services to get a TCP connection to the client web browser.2. It would be impossible for okd to run as a non-root user.A.True, TrueB.False, FalseC.True, FalseD.False, True[SEP]C Failed sessions allow brute-force attacks on access credentials. This type of attacks are done in which layer of the OSI model?A.Physical layerB.Data-link LayerC.Session layerD.Presentation layer[SEP]C Which of the following is an authentication method?A.Secret questionB.BiometricC.SMS codeD.All of the above[SEP]D When does a buffer overflow occur, generally speaking?A.when writing to a pointer that has been freedB.when copying a buffer from the stack to the heapC.when a pointer is used to access memory not allocated to itD.when the program notices a buffer has filled up, and so starts to reject requests[SEP]C A digital signature needs aA.Private-key systemB.Shared-key systemC.Public-key systemD.All of them[SEP]C A packet filter firewall filters at theA.Application or transportB.Data link layerC.Physical LayerD.Network or transport layer[SEP]D Let I = (S,V)I=(S,V) be a MAC. Suppose S(k,m)S(k,m) is always 5 bits long. Can this MAC be secure?A.No, an attacker can simply guess the tag for messagesB.It depends on the details of the MACC.Yes, the attacker cannot generate a valid tag for any messageD.Yes, the PRG is pseudorandom[SEP]A Which of the following deals with network intrusion detection and real-time traffic analysis?A.John the RipperB.L0phtCrackC.SnortD.Nessus[SEP]C The Message condentiality or privacy means that the sender and the receiver expectA.IntegrityB.CondentialityC.AuthenticationD.Nonrepudiation[SEP]B When a wireless user authenticates to any AP, both of them go in the course of four-step authentication progression which is called _____________A.AP-handshakingB.4-way handshakeC.4-way connectionD.wireless handshaking[SEP]B Message authentication is a service beyondA.Message CondentialityB.Message IntegrityC.Message SplashingD.Message Sending[SEP]B Which of the following are most vulnerable to injection attacks?A.Session IDsB.Registry keysC.Network communicationsD.SQL queries based on user input[SEP]D Assume that a TLS connection has been established successfully between a client and a server. Establishing the session included checking the server certificate and executing a DiffieHelmann exchange, but the client did not provide a client certificate. Further, assume that the client and server are honest, that the client and server don’t leak their keys, and that the cryptography is good. Which of the following attacks does TLS protect against?1. An attacker replacing bytes sent by a client with bytes of the attacker’s own choosing.2. An attacker reading the plaintext bytes sent by a client.A.True, TrueB.False, FalseC.True, FalseD.False, True[SEP]A Which of the following is a Wireless traffic Sniffing tool?A.MaltegoB.BurpSuitC.NessusD.Wireshark[SEP]D A ___________ is a method in which a computer security mechanism is bypassed untraceable for accessing the computer or its information.A.front-doorB.backdoorC.clickjackingD.key-logging[SEP]B Which of the following is not a block cipher operating mode?A.ECBB.CFBC.CBFD.CBC[SEP]C What is a web proxy?A.A piece of software that intercepts and possibly modifies requests (and responses) between a web browser and web serverB.An agent that makes decisions on the client's behalf when interacting with web applicationsC.A piece of software that makes a web application look like a standalone application, making it easier to testD.A simulator for the web, for use when off-line[SEP]A Buffer-overflow may remain as a bug in apps if __________ are not done fully.A.boundary hacksB.memory checksC.boundary checksD.buffer checks[SEP]C Applications developed by programming languages like ____ and ______ have this common buffer-overflow error.A.C, RubyB.Python, RubyC.C, C++D.Tcl, C#[SEP]C Encryption and decryption provide secrecy, or condentiality, but notA.AuthenticationB.IntegrityC.PrivacyD.All of the above[SEP]B A/an ___________ is a program that steals your logins & passwords for instant messaging applications.A.IM – TrojansB.Backdoor TrojansC.Trojan-DownloaderD.Ransom Trojan[SEP]A The sub key length at each round of DES is__________A.32B.56C.48D.64[SEP]B Which of the following is true of mutation-based fuzzing?A.It generates each different input by modifying a prior inputB.It works by making small mutations to the target program to induce faultsC.Each input is mutation that follows a given grammarD.It only makes sense for file-based fuzzing, not network-based fuzzing[SEP]A What are the types of scanning?A.Port, network, and servicesB.Network, vulnerability, and port C.Passive, active, and interactiveD.Server, client, and network[SEP]B A sender must not be able to deny sending a message that was sent, is known asA.Message NonrepudiationB.Message IntegrityC.Message CondentialityD.Message Sending[SEP]A A proxy rewall lters at theA.Physical layerB.Application layerC.Data link layerD.Network layer[SEP]B Encapsulating Security Payload (ESP) belongs to which Internet Security Protocol?A.Secure Socket Layer ProtocolB.Secure IP ProtocolC.Secure Http ProtocolD.Transport Layer Security Protocol[SEP]B A special tool is necessary for entering the network which is _______________ that helps the anonymous internet users to access into the Tor’s network and use various Tor services.A.Opera browserB.FirefoxC.ChromeD.Tor browser[SEP]D How does a buffer overflow on the stack facilitate running attacker-injected code?A.By overwriting the return address to point to the location of that codeB.By writing directly to the instruction pointer register the address of the codeC.By writing directly to %eax the address of the codeD.By changing the name of the running executable, stored on the stack[SEP]A The digest created by a hash function is normally called aA.Modication detection code (MDC)B.Modify authentication connectionC.Message authentication controlD.Message authentication cipher[SEP]A Let F: K \times R \to MF:K×R→M be a secure PRF. For m \in Mm∈M define E(k,m) = \big[ r \gets R,\ \text{output } \big(r,\ F(k,r) \oplus m\big)\ \big]E(k,m)=[r←R, output (r, F(k,r)⊕m) ] Is EE symantically secure under CPA?A.Yes, whenever F is a secure PRFB.No, there is always a CPA attack on this systemC.Yes, but only if R is large enough so r never repeats (w.h.p)D.It depends on what F is used[SEP]C Old operating systems like _______ and NT-based systems have buffer-overflow attack a common vulnerability.A.Windows 7B.ChromeC.IOS12D.UNIX[SEP]D What is a replay attack?A.When the attacker replies to a message sent to it by the systemB.An attack that continuously repeats, probing for a weaknessC.An attack that uses the system's own messages and so cannot be defended againstD.The attacker resends a captured message, and the site accept its and responds in the attacker's favor[SEP]D Statement 1| A U2F USB dongle prevents malware on the user’s computer from stealing the user’s second factor to authenticate as that user even when the user’s computer is turned off. Statement 2| A server using U2F can reliably determine that the user who is attempting to login is indeed behind the computer that sent the login request.A.True, TrueB.False, FalseC.True, FalseD.False, True[SEP]C ____________________ is the anticipation of unauthorized access or break to computers or data by means of wireless networks.A.Wireless accessB.Wireless securityC.Wired SecurityD.Wired device apps[SEP]B Which of the following are benefits of penetration testing?A.Results are often reproducibleB.Full evidence of security: a clean test means a secure systemC.Compositionality of security properties means tested components are secure even if others changeD.Makes an adversarial neural network converge more quickly[SEP]A 1. _________ framework made cracking of vulnerabilities easy like point and click.A..NetB.MetasploitC.ZeusD.Ettercap[SEP]B You are given a message (m) and its OTP encryption (c). Can you compute the OTP key from m and c ?A.No, I cannot compute the key.B.Yes, the key is k = m xor c.C.I can only compute half the bits of the key.D.Yes, the key is k = m xor m.[SEP]B The openSSL implementation described in “Remote Timing Attacks are Practical” (by Brumley and Boneh) uses the following performance optimizations: Chinese Remainder (CR), Montgomery Representation (MR), Karatsuba Multiplication (KM), and Repeated squaring and Sliding windows (RS). Which of the following options would close the timing channel attack described in the paper if you turned the listed optimizations off?1. CR and MR2. CRA.True, TrueB.False, FalseC.True, FalseD.False, True[SEP]A When the data must arrive at the receiver exactly as they were sent, its calledA.Message CondentialityB.Message IntegrityC.Message SplashingD.Message Sending[SEP]B What is the difference between a direct leak and a side channel?A.A direct leak creates a denial of service by failing to free memory, while a channel frees memory as a side effectB.A direct leak is one that is intentional, rather than by unintentionalC.A direct leak comes via the software system's intended interaction mechanism, where as a side channel leak comes from measurements of other system features, like timing, power usage, or space usageD.There is no difference[SEP]C A session symmetric key between two parties is usedA.Only onceB.TwiceC.Multiple timesD.Conditions dependant[SEP]A What is a nop sledA.It is an anonymous version of a mop sledB.It is a sequence of nops preceding injected shellcode, useful when the return address is unknownC.It is a method of removing zero bytes from shellcodeD.It is another name for a branch instruction at the end of sequence of nops[SEP]B Which Nmap scan is does not completely open a TCP connection?A.SYN stealth scanB.TCP connectC.XMAS tree scanD.ACK scan[SEP]A Based on the paper “Click Trajectories: End-to-End Analysis of the Spam Value Chain”, which of the following statements are true? “Spammers” here refer to operators of various parts of the “spam value chain.”A.Spammers run their spam-advertised web sites on compromised user machines that are part of a botnet.B.Spammers need to register domain names in order for their spam-based advertisements to be effective.C.There is a high cost for spammers to switch acquiring banks.D.B and C[SEP]D In a _____________ attack, the extra data that holds some specific instructions in the memory for actions is projected by a cyber-criminal or penetration tester to crack the system.A.PhishingB.MiTMC.Buffer-overflowD.Clickjacking[SEP]C _______________ is a popular tool used for network analysis in multiprotocol diverse network.A.SnortB.SuperScanC.Burp SuitD.EtterPeak[SEP]D ___________________ is alike as that of Access Point (AP) from 802.11, & the mobile operators uses it for offering signal coverage.A.Base Signal StationB.Base Transmitter StationC.Base Transceiver StationD.Transceiver Station[SEP]C A __________ is a sequential segment of the memory location that is allocated for containing some data such as a character string or an array of integers.A.stackB.queueC.external storageD.buffer[SEP]D Which form of encryption does WPA use?A.Shared keyB.LEAPC.TKIPD.AES[SEP]C Let suppose a search box of an application can take at most 200 words, and you’ve inserted more than that and pressed the search button; the system crashes. Usually this is because of limited __________A.bufferB.external storageC.processing powerD.local storage[SEP]A ___________________ began to show up few years back on wireless access points as a new way of adding or connecting new devices.A.WPA2B.WPAC.WPSD.WEP[SEP]C What are the port states determined by Nmap?A.Active, inactive, standbyB.Open, half-open, closed C.Open, filtered, unfilteredD.Active, closed, unused[SEP]C Which among the following is the least strong security encryption standard?A.WEPB.WPAC.WPA2D.WPA3[SEP]A Why is it that the compiler does not know the absolute address of a local variable?A.Programs are not allowed to reference memory using absolute addressesB.The size of the address depends on the architecture the program will run onC.As a stack-allocated variable, it could have different addresses depending on when its containing function is calledD.Compiler writers are not very good at that sort of thing[SEP]C The stack is memory for storingA.Local variablesB.Program codeC.Dynamically linked librariesD.Global variables[SEP]A Can a stream cipher have perfect secrecy?A.Yes, if the PRG is really “secure”B.No, there are no ciphers with perfect secrecyC.Yes, every cipher has perfect secrecyD.No, since the key is shorter than the message[SEP]D Which of the following does authorization aim to accomplish?A.Restrict what operations/data the user can accessB.Determine if the user is an attackerC.Flag the user if he/she misbehavesD.Determine who the user is[SEP]A The message must be encrypted at the sender site and decrypted at theA.Sender SiteB.SiteC.Receiver siteD.Conferencing[SEP]C A _________________ may be a hidden part of a program, a separate infected program a Trojan in disguise of an executable or code in the firmware of any system’s hardware.A.crypterB.virusC.backdoorD.key-logger[SEP]C How is IP address spoofing detected?A.Installing and configuring a IDS that can read the IP headerB.Comparing the TTL values of the actual and spoofed addressesC.Implementing a firewall to the networkD.Identify all TCP sessions that are initiated but does not complete successfully[SEP]B Which of the following is not an example of presentation layer issues?A.Poor handling of unexpected input can lead to the execution of arbitrary instructionsB.Unintentional or ill-directed use of superficially supplied inputC.Cryptographic flaws in the system may get exploited to evade privacyD.Weak or non-existent authentication mechanisms[SEP]D Suppose Unix did not provide a way of passing file descriptors between processes, but still allowed inheriting file descriptors from a parent on fork and exec. What aspects of the OKWS design would break without file descriptor passing?1. It would be impossible for services to send messages to oklogd.2. It would be impossible for services to get a TCP connection to a database proxy.A.True, TrueB.False, FalseC.True, FalseD.False, True[SEP]B Why would a ping sweep be used?A.To identify live systemsB.To locate live systemsC.To identify open portsD.To locate firewalls[SEP]A The four Primary Security Principles related to messages areA.Confidentiality, Integrity, Non repudiation and AuthenticationB.Confidentiality, Access Control, Integrity, Non repudiationC.Authentication, Authorization, Availability, IntegrityD.Availability, Authorization, Confidentiality, Integrity[SEP]A What was the first buffer overflow attack?A.Love BugB.SQL SlammerC.Morris WormD.Code Red[SEP]C The ______________ can cost you money, by sending text messages from your mobile phone numbers.A.IM – TrojansB.Backdoor TrojansC.SMS TrojanD.Ransom Trojan[SEP]C Three of the following are classic security properties; which one is not?A.ConfidentialityB.AvailabilityC.CorrectnessD.Integrity[SEP]B