Any body can answer these questions ,pls help me out : post it here
Question 1
Usually, the capacity of a local attacker to achieve full privileges on a system is:
Lower to that of a remote attacker.
Lower because a local attacker can't do remote attacks.
Equal to that of a remote attacker.
Higher because a local attacker can do both local and remote attacks.
None of the above.
Question 2
What of the following facts would you related with TEMPEST?
Denial of Service attack.
Impersonation.
Information leak.
Brute Force attack.
None of the above.
Question 3
How many bytes do you need to be written to fully overwrite the RET (and nothing past it) in this vulnerable program on Linux IA32?
int num;
char buf[1024];
strcpy(buf,argv[1]);
...
1040 bytes
1024 bytes
1032 bytes
1028 bytes
1036 bytes
Question 4
How many bytes do you need to be written to fully overwrite the RET (and nothing past it) in this vulnerable program on Linux IA32?
int num;
char *aux;
char buf[1024];
aux = malloc(128);
strcpy(buf,argv[1]);
...
1040 bytes
1160 bytes
1164 bytes
1036 bytes
1032 bytes
Question 5
When trying to inject SQL, on a MySQL 3.* server, through a bad developed web program:
You can use sub-SELECTS to display data.
You can use UNION to display data.
You can use stored procedures to display data.
Sub-SELECTS, UNIONS and stored procedures are not supported in the 3.0 branch.
None of the above.
Question 6
What is a "fail-open" switch?
A switch allowing all packets to all ports.
A switch that is dropping some packets.
Not working switch.
A switch not allowing any traffic.
None of the above.
Question 7
Which of the following protocols is not easily vulnerable to sniffing?
IMAP
SNMPv3
NNTP
SNMP
All of the above are vulnerable.
Question 8
Since Microsoft Windows NT 4 Service Pack 3 and Windows 98, a newer, more secure version of SMB(Server Message Block) that employs packet signing has been available. One of the improvements is message integrity checks, which closes a well know attack. What is this attack?
Password sniffing.
Man-in-the-middle attacks.
Data tampering attacks.
Session hijacking.
None of the above.
Question 9
You are programming a LKM for Solaris. How would you hide it to a modinfo command?
Changing the name of the kernel module to an empty string in the modlmisc struct.
This is not possible, modinfo command will show all loaded modules.
Setting "visible" variable to 1 in the mod_info struct.
Redirecting syscalls.
None of the above.
Question 10
What is reverse ident scanning technique?
Request the IDENT or AUTH service, to identify the server.
It the same as TPC RPC scanning technique.
It can be achieved by installing a fake IDENT service in the attacker computer.
This is not a scanning technique.
None of the above.
TCP/IP
Question 1
A DNS server has been queried. The authors.bind CHAOS TXT response status code is SERVFAIL.
The DNS server can not be an unpatched ISC Bind 9.*
The DNS server is an unpatched ISC Bind 9.*
The DNS server must be the Microsoft DNS server.
There is no DNS server available.
None of the above.
Question 2
A network MAC address can be spoofed:
Yes, only on Unix OSs.
There is no way to spoof it.
Yes, only in Win32 OSs.
Yes, in all OSs that allow direct raw write.
None of the above.
Question 3
The ISO/OSI Model defines seven layers of communication types and the interfaces among them. The seven layers are, in order:
Application, Presentation, Interface, Session, Transport, Network, Physical
Application, Presentation, Session, TCP / IP, Transport, Network, Physical
Application, Presentation, Session, Transport, Network, Data Link, Physical
Application, Presentation, Session, Transport, Data Link, Network, Physical
None of the above.
Question 4
Sniffing a network many strange packets with an undefined TCP flag (bit 7 or 8, counting from the left) in the TCP header of a SYN packet. What is the reason and where they come from?
It is a part of a DOS attack.
It is the result of a failing network device.
This traffic is generated from a busy web server.
An attacker is fingerprinting a host.
None of the above.
Question 5
You received a ICMP Echo Request. The data payload content is composed of the alphabet, which OS is likely to come from?
Linux operating system.
OpenBSD operating system.
Windows-based operating system.
AIX operating system.
None of the above.
Question 6
While a ACK Scanning, a ACK is sent to a port specified, but nothing comes back, what does it mean?
The packet was filtered by a firewall.
The packet was not filtered by a firewall.
It means that the port is open.
It means that the port is open, but the server is busy.
None of the above.
Question 7
What is the best security practice when an invalid packet is received?
Reply an ICMP packet.
Reply a FIN packet.
Drop the packet.
Reply a IGMP packet.
None of the above.
Question 8
Monitoring a network, malformed TCP packets to port number 515 are discovered, what could be the purpose of this?
A computer is trying to print a document.
A printer server is connecting to that computer.
Someone is fingerprinting that computer.
Someone is exploiting a buffer overflow vulnerability.
None of the above.
Question 9
What indicates UDP packets directed at port 22?
Scannig looking for SSH daemons.
It is a fingerprinting scannig.
This is a DoS attack.
Scanning looking for pcAnywhere host.
None of the above.
Question 10
What is the normal router behaviour with a fragmented datagram?
Although a router will fragment a datagram, it will not reassemble it.
A router will fragment a datagram and it will reassemble it.
A router will not fragment a datagram and it will not reassemble it.
Although a router will reassemble a datagram, it will not fragment it.
A router can not detect fragmented datagrams.
AUDIT/SECURITY
Question 1
Does this PHP code have any vulnerability?
1 <?php
2
3 //web tool just to show the traceroute to a host
4 //variable $host is read from QUERY_STRING
5
6echo system('traceroute '. $host);
7 ?>
No, PHP was developed with security in mind.
Yes, but only when the PHP option "register_globals" is set to on.
Yes, but only when the PHP option "register_globals" is set to off.
Yes, it could me exploitable, independently of the "register_globals" value.
None of the above.
Question 2
This ASP code is used in a web phorum. User data has no validation, is it prone to be exploitable?
<%
Response.Write(Body)
%>
No, it is save.
Yes, it can be exploitable.
Yes, but only if session support is available in the server.
Yes, but only if session support is not available in the server.
None of the above.
Question 3
Does this PHP code have any vulnerability?
<HTML>
<HEAD>
<TITLE>A page</TITLE>
</HEAD>
Content Data
</HTML>
Yes, If the server does not support SSI (Server Side Includes).
Yes, If the server supports SSI (Server Side Includes).
No, it is not vulnerable.
Yes, If the server supports SSI (Server Side Includes ) and PHP option "register_globals" is set to on.
None of the above.
Question 4
Is this code vulnerable on Linux IA32?
char buf[MAXBUF];
for(i=1; i<=MAXBUF; i++) {
buf[i-1] = getchar();
}
buf[i-1]=0x00;
Yes, because getchar() is a non-security-friendly function and we'll be able to overwrite the ret pointer.
Yes, there's an off-by-one in the code.
Yes, there's an off-by-two in the code.
No, because getchar() is insecure but it's being used with security in mind in the loop.
None of the above.
Question 5
Is main.php vulnerable? (using php with magic_quotes on, allow_url_fopen on and register_globals on).
main.php:
$langpath = "/usr/lib/php-soft/";
include_once("lang.php");
lang.php:
include_once($langpath."default.php");
Yes, because we can define the $langpath variable on a request and make it load another file.
Yes, and lang.php can be tricked to do anything we want.
No, both scripts are secure.
No, only main.php is secure.
None of the above.
Question 6
The .NET common language runtime offers a method, that allows your code, and downstream callers, to perform actions that your code has permission to do but its callers might not have permission to do. What is this method?
assert.
Assert.
rely.
Trust.
None of the above.
Question 7
Is this code vulnerable on Linux IA32?
for(i=0; i<MAXBUF; i++) {
buf = getchar();
}
buf[MAXBUF-1] = 0x00;
Yes, because getchar is a non-security-friendly function and we'll be able to overwrite the ret pointer.
Yes, there's an off-by-one in the code.
Yes, there's an off-by-two in the code.
No, because the last instruction will always NUL-terminate the buffer.
None of the above.
Question 8
In Microsoft Windows NT 4 Service Pack 4 was firt introduced the SO_EXCLUSIVEADDRUSE socket option. This new feature is closely related with a hacking technique, what is it?
Traffic sniffing.
DNS Poisoning.
ARP Poisoning.
Man in the middle.
None of the above.
Question 9
What is the /robust MIDL compiler switch used for?
This is useful to make application more stable.
This is useful to mitigate several malformed data issues.
This is not a MIDL compiler switch.
This switch inserts validation code to prevent buffer overflow attacks.
None of the above.
Question 10
Is this C program exploitable on a Linux PA-RISC system? In which line number does the vulnerability reside?
1 int main(int argc, char **argv) {
2 char buffer[64];
3
4 if (argc==2) strcpy(buffer,argv[1]);
5 exit(0);
6
7 }
Yes, it is exploitable on a Linux PA-RISC system. The vulnerability is on line 4.
Yes, it is exploitable on a Linux PA-RISC system. The vulnerability is on line 5.
No, this program is not exploitable because main()'s saved rp is never overwritten.
No, it is not exploitable, because main() never returns due to the exit(0).
None of the above.
BUFFER OVERFLOW
Question 1
A C function prone to buffer overflow exploitation (in the return address) ends with an exit(1) sentence. Does it make any difference?
No, the program is still exploitable.
Yes, now the function is not vulnerable.
It depens on the architecture.
Only if the binary was compiled with bounds-check.
None of the above.
Question 2
Which of these Standar C functions is unsafe?
strcpy (char *dest, const char *src)
strcat (char *dest, const char *src)
gets (char *s)
getwd (char *buf)
All of the above.
Question 3
Dos OpenBSD default installation has a no-exec user stack?
No, due to stack low addresses it can not be implemented.
Yes, but only since 3.2 release and few arquitectures.
Yes, OpenBSD had no-exec user stack since its beginnings.
No, there is no port yet.
None of the above.
Question 4
Rebasing WIN32 PE executable files:
Will make WIN32 cracking harder.
Will make common buffer overflows harder to exploit.
Will make common integer overflows harder to exploit.
Will prevent the infection of virus.
None of the above.
Question 5
Stack growing (up or down) is architecture dependent. In what of the following stack grows up?
Intel.
Motorola.
SPARC.
MIPS.
None of the above.
Question 6
For a successfull explotation of a frame pointer overwriting overflow (the overflow not as big to overwrite the saved eip) in a IA32 system, need at least:
The return of one function.
The return of two functions.
The return of the function with the fake frame stack pointed by the overwritten frame pointer.
The return of two functions from the one with the fake frame stack pointed by the overwritten frame pointer.
None of the above.
Question 7
How could you mark the user stack as non-executable on Solaris X86, in order to prevent common exploitation of stack based buffer overflows?
Insert "set noexec_user_stack=1" into /etc/system and reboot the system.
Insert "set noexec_user_stack=1" into /etc/system and reboot the system. Only for Solaris 2.6 or higher.
Insert "set noexec_user_stack=1" into /etc/system and reboot the system. Only for Solaris 2.7 or higher.
There is no official way to set this feature on Solaris X86.
None of the above.
Question 8
Trying to exploit a format string vulnerability you can see that GNU C library results in a crash if you use parameters like this: %nd, when n is greater than 1000. How can you circumvent this?
It is not possible, this is a known bug.
It is possible by using arithmetic operations like %512*4d
It is possible writting the expresion like %.nd
It depends on the system architecture.
None of the above.
Question 9
The common PA-RISC stack buffer overflows need at least:
The return of one function.
The return of two functions.
The return of the strcpy(), sprintf(), or alike function that causes the overflow.
The return of three functions.
None of the above.
Question 10
Rebasing Linux executable files:
Will make Linux cracking harder.
Will make common buffer overflows harder to exploit.
Will make common integer overflows harder to exploit.
Will prevent the infection of virus.
None of the above.
CRYPTOGRAPHY
Question 1
Whis is the latest AES (Advance Encription Standard)?
DES
DESX
Blowfish
Rjindael
IDEA
Question 2
MD5 hash algorithm:
Produces a 160 bits message digest.
Produces a 64 bits message digest.
Produces a 32 bits message digest.
Produces a 256 bits message digest.
Produces a 128 bits message digest.
Question 3
The DES (Data Encryption Standard) algorithm:
Uses fixed 64 bit blocks and 64 bits keys.
Uses fixed 56 bit blocks and 64 bits keys.
Uses fixed 128 bit blocks and 64 bits keys.
Uses fixed 128 bit blocks and 128 bits keys.
None of the above.
Question 4
The Blowfish algorithm:
Ciphers blocks of 64 bits with a variable key length (up to 512 bits).
Ciphers blocks of 128 bits with a variable key length (up to 512 bits).
Ciphers blocks of 128 bits with a variable key length (up to 128 bits).
Ciphers blocks of 64 bits with a variable key length (up to 448 bits).
None of the above.
Question 5
What is a Feistel cipher?
A cipher with a block length higher than 128.
A cipher that operate on one half of the ciphertext at each round.
A cipher whose number of rounds is 16.
A cipher whose number of rounds is 36.
None of the above.
Question 6
What is steganography?
A cryptography algorithm.
A message digest algorithm.
A way to protect data, without cryptography.
It is a well know process in DES encryption.
None of the above.
Question 7
How many posible keys DES algorithm has?
2^16
2^32
2^64
2^56
None of the above
Question 8
Which mathematical concept uses the RSA algorithm uses as the basis of its encryption?
Large prime numbers.
Geometry
PI
Irrationality
None of the above.
Question 9
Which of the following is not provided by a public key infrastructure (PKI)?
Integrity
Authentication
Non-repudation
Access control
Reliability
Question 10
Which of the following protocols provides nonrepudiation in IPSEC?
Secure Shell (SSH).
Secure Sockets Layer (SSL).
Encapsulating Security Payload (ESP).
Authentication Header (AH).
None of the above.
Question 1
Usually, the capacity of a local attacker to achieve full privileges on a system is:
Lower to that of a remote attacker.
Lower because a local attacker can't do remote attacks.
Equal to that of a remote attacker.
Higher because a local attacker can do both local and remote attacks.
None of the above.
Question 2
What of the following facts would you related with TEMPEST?
Denial of Service attack.
Impersonation.
Information leak.
Brute Force attack.
None of the above.
Question 3
How many bytes do you need to be written to fully overwrite the RET (and nothing past it) in this vulnerable program on Linux IA32?
int num;
char buf[1024];
strcpy(buf,argv[1]);
...
1040 bytes
1024 bytes
1032 bytes
1028 bytes
1036 bytes
Question 4
How many bytes do you need to be written to fully overwrite the RET (and nothing past it) in this vulnerable program on Linux IA32?
int num;
char *aux;
char buf[1024];
aux = malloc(128);
strcpy(buf,argv[1]);
...
1040 bytes
1160 bytes
1164 bytes
1036 bytes
1032 bytes
Question 5
When trying to inject SQL, on a MySQL 3.* server, through a bad developed web program:
You can use sub-SELECTS to display data.
You can use UNION to display data.
You can use stored procedures to display data.
Sub-SELECTS, UNIONS and stored procedures are not supported in the 3.0 branch.
None of the above.
Question 6
What is a "fail-open" switch?
A switch allowing all packets to all ports.
A switch that is dropping some packets.
Not working switch.
A switch not allowing any traffic.
None of the above.
Question 7
Which of the following protocols is not easily vulnerable to sniffing?
IMAP
SNMPv3
NNTP
SNMP
All of the above are vulnerable.
Question 8
Since Microsoft Windows NT 4 Service Pack 3 and Windows 98, a newer, more secure version of SMB(Server Message Block) that employs packet signing has been available. One of the improvements is message integrity checks, which closes a well know attack. What is this attack?
Password sniffing.
Man-in-the-middle attacks.
Data tampering attacks.
Session hijacking.
None of the above.
Question 9
You are programming a LKM for Solaris. How would you hide it to a modinfo command?
Changing the name of the kernel module to an empty string in the modlmisc struct.
This is not possible, modinfo command will show all loaded modules.
Setting "visible" variable to 1 in the mod_info struct.
Redirecting syscalls.
None of the above.
Question 10
What is reverse ident scanning technique?
Request the IDENT or AUTH service, to identify the server.
It the same as TPC RPC scanning technique.
It can be achieved by installing a fake IDENT service in the attacker computer.
This is not a scanning technique.
None of the above.
TCP/IP
Question 1
A DNS server has been queried. The authors.bind CHAOS TXT response status code is SERVFAIL.
The DNS server can not be an unpatched ISC Bind 9.*
The DNS server is an unpatched ISC Bind 9.*
The DNS server must be the Microsoft DNS server.
There is no DNS server available.
None of the above.
Question 2
A network MAC address can be spoofed:
Yes, only on Unix OSs.
There is no way to spoof it.
Yes, only in Win32 OSs.
Yes, in all OSs that allow direct raw write.
None of the above.
Question 3
The ISO/OSI Model defines seven layers of communication types and the interfaces among them. The seven layers are, in order:
Application, Presentation, Interface, Session, Transport, Network, Physical
Application, Presentation, Session, TCP / IP, Transport, Network, Physical
Application, Presentation, Session, Transport, Network, Data Link, Physical
Application, Presentation, Session, Transport, Data Link, Network, Physical
None of the above.
Question 4
Sniffing a network many strange packets with an undefined TCP flag (bit 7 or 8, counting from the left) in the TCP header of a SYN packet. What is the reason and where they come from?
It is a part of a DOS attack.
It is the result of a failing network device.
This traffic is generated from a busy web server.
An attacker is fingerprinting a host.
None of the above.
Question 5
You received a ICMP Echo Request. The data payload content is composed of the alphabet, which OS is likely to come from?
Linux operating system.
OpenBSD operating system.
Windows-based operating system.
AIX operating system.
None of the above.
Question 6
While a ACK Scanning, a ACK is sent to a port specified, but nothing comes back, what does it mean?
The packet was filtered by a firewall.
The packet was not filtered by a firewall.
It means that the port is open.
It means that the port is open, but the server is busy.
None of the above.
Question 7
What is the best security practice when an invalid packet is received?
Reply an ICMP packet.
Reply a FIN packet.
Drop the packet.
Reply a IGMP packet.
None of the above.
Question 8
Monitoring a network, malformed TCP packets to port number 515 are discovered, what could be the purpose of this?
A computer is trying to print a document.
A printer server is connecting to that computer.
Someone is fingerprinting that computer.
Someone is exploiting a buffer overflow vulnerability.
None of the above.
Question 9
What indicates UDP packets directed at port 22?
Scannig looking for SSH daemons.
It is a fingerprinting scannig.
This is a DoS attack.
Scanning looking for pcAnywhere host.
None of the above.
Question 10
What is the normal router behaviour with a fragmented datagram?
Although a router will fragment a datagram, it will not reassemble it.
A router will fragment a datagram and it will reassemble it.
A router will not fragment a datagram and it will not reassemble it.
Although a router will reassemble a datagram, it will not fragment it.
A router can not detect fragmented datagrams.
AUDIT/SECURITY
Question 1
Does this PHP code have any vulnerability?
1 <?php
2
3 //web tool just to show the traceroute to a host
4 //variable $host is read from QUERY_STRING
5
6echo system('traceroute '. $host);
7 ?>
No, PHP was developed with security in mind.
Yes, but only when the PHP option "register_globals" is set to on.
Yes, but only when the PHP option "register_globals" is set to off.
Yes, it could me exploitable, independently of the "register_globals" value.
None of the above.
Question 2
This ASP code is used in a web phorum. User data has no validation, is it prone to be exploitable?
<%
Response.Write(Body)
%>
No, it is save.
Yes, it can be exploitable.
Yes, but only if session support is available in the server.
Yes, but only if session support is not available in the server.
None of the above.
Question 3
Does this PHP code have any vulnerability?
<HTML>
<HEAD>
<TITLE>A page</TITLE>
</HEAD>
Content Data
</HTML>
Yes, If the server does not support SSI (Server Side Includes).
Yes, If the server supports SSI (Server Side Includes).
No, it is not vulnerable.
Yes, If the server supports SSI (Server Side Includes ) and PHP option "register_globals" is set to on.
None of the above.
Question 4
Is this code vulnerable on Linux IA32?
char buf[MAXBUF];
for(i=1; i<=MAXBUF; i++) {
buf[i-1] = getchar();
}
buf[i-1]=0x00;
Yes, because getchar() is a non-security-friendly function and we'll be able to overwrite the ret pointer.
Yes, there's an off-by-one in the code.
Yes, there's an off-by-two in the code.
No, because getchar() is insecure but it's being used with security in mind in the loop.
None of the above.
Question 5
Is main.php vulnerable? (using php with magic_quotes on, allow_url_fopen on and register_globals on).
main.php:
$langpath = "/usr/lib/php-soft/";
include_once("lang.php");
lang.php:
include_once($langpath."default.php");
Yes, because we can define the $langpath variable on a request and make it load another file.
Yes, and lang.php can be tricked to do anything we want.
No, both scripts are secure.
No, only main.php is secure.
None of the above.
Question 6
The .NET common language runtime offers a method, that allows your code, and downstream callers, to perform actions that your code has permission to do but its callers might not have permission to do. What is this method?
assert.
Assert.
rely.
Trust.
None of the above.
Question 7
Is this code vulnerable on Linux IA32?
for(i=0; i<MAXBUF; i++) {
buf = getchar();
}
buf[MAXBUF-1] = 0x00;
Yes, because getchar is a non-security-friendly function and we'll be able to overwrite the ret pointer.
Yes, there's an off-by-one in the code.
Yes, there's an off-by-two in the code.
No, because the last instruction will always NUL-terminate the buffer.
None of the above.
Question 8
In Microsoft Windows NT 4 Service Pack 4 was firt introduced the SO_EXCLUSIVEADDRUSE socket option. This new feature is closely related with a hacking technique, what is it?
Traffic sniffing.
DNS Poisoning.
ARP Poisoning.
Man in the middle.
None of the above.
Question 9
What is the /robust MIDL compiler switch used for?
This is useful to make application more stable.
This is useful to mitigate several malformed data issues.
This is not a MIDL compiler switch.
This switch inserts validation code to prevent buffer overflow attacks.
None of the above.
Question 10
Is this C program exploitable on a Linux PA-RISC system? In which line number does the vulnerability reside?
1 int main(int argc, char **argv) {
2 char buffer[64];
3
4 if (argc==2) strcpy(buffer,argv[1]);
5 exit(0);
6
7 }
Yes, it is exploitable on a Linux PA-RISC system. The vulnerability is on line 4.
Yes, it is exploitable on a Linux PA-RISC system. The vulnerability is on line 5.
No, this program is not exploitable because main()'s saved rp is never overwritten.
No, it is not exploitable, because main() never returns due to the exit(0).
None of the above.
BUFFER OVERFLOW
Question 1
A C function prone to buffer overflow exploitation (in the return address) ends with an exit(1) sentence. Does it make any difference?
No, the program is still exploitable.
Yes, now the function is not vulnerable.
It depens on the architecture.
Only if the binary was compiled with bounds-check.
None of the above.
Question 2
Which of these Standar C functions is unsafe?
strcpy (char *dest, const char *src)
strcat (char *dest, const char *src)
gets (char *s)
getwd (char *buf)
All of the above.
Question 3
Dos OpenBSD default installation has a no-exec user stack?
No, due to stack low addresses it can not be implemented.
Yes, but only since 3.2 release and few arquitectures.
Yes, OpenBSD had no-exec user stack since its beginnings.
No, there is no port yet.
None of the above.
Question 4
Rebasing WIN32 PE executable files:
Will make WIN32 cracking harder.
Will make common buffer overflows harder to exploit.
Will make common integer overflows harder to exploit.
Will prevent the infection of virus.
None of the above.
Question 5
Stack growing (up or down) is architecture dependent. In what of the following stack grows up?
Intel.
Motorola.
SPARC.
MIPS.
None of the above.
Question 6
For a successfull explotation of a frame pointer overwriting overflow (the overflow not as big to overwrite the saved eip) in a IA32 system, need at least:
The return of one function.
The return of two functions.
The return of the function with the fake frame stack pointed by the overwritten frame pointer.
The return of two functions from the one with the fake frame stack pointed by the overwritten frame pointer.
None of the above.
Question 7
How could you mark the user stack as non-executable on Solaris X86, in order to prevent common exploitation of stack based buffer overflows?
Insert "set noexec_user_stack=1" into /etc/system and reboot the system.
Insert "set noexec_user_stack=1" into /etc/system and reboot the system. Only for Solaris 2.6 or higher.
Insert "set noexec_user_stack=1" into /etc/system and reboot the system. Only for Solaris 2.7 or higher.
There is no official way to set this feature on Solaris X86.
None of the above.
Question 8
Trying to exploit a format string vulnerability you can see that GNU C library results in a crash if you use parameters like this: %nd, when n is greater than 1000. How can you circumvent this?
It is not possible, this is a known bug.
It is possible by using arithmetic operations like %512*4d
It is possible writting the expresion like %.nd
It depends on the system architecture.
None of the above.
Question 9
The common PA-RISC stack buffer overflows need at least:
The return of one function.
The return of two functions.
The return of the strcpy(), sprintf(), or alike function that causes the overflow.
The return of three functions.
None of the above.
Question 10
Rebasing Linux executable files:
Will make Linux cracking harder.
Will make common buffer overflows harder to exploit.
Will make common integer overflows harder to exploit.
Will prevent the infection of virus.
None of the above.
CRYPTOGRAPHY
Question 1
Whis is the latest AES (Advance Encription Standard)?
DES
DESX
Blowfish
Rjindael
IDEA
Question 2
MD5 hash algorithm:
Produces a 160 bits message digest.
Produces a 64 bits message digest.
Produces a 32 bits message digest.
Produces a 256 bits message digest.
Produces a 128 bits message digest.
Question 3
The DES (Data Encryption Standard) algorithm:
Uses fixed 64 bit blocks and 64 bits keys.
Uses fixed 56 bit blocks and 64 bits keys.
Uses fixed 128 bit blocks and 64 bits keys.
Uses fixed 128 bit blocks and 128 bits keys.
None of the above.
Question 4
The Blowfish algorithm:
Ciphers blocks of 64 bits with a variable key length (up to 512 bits).
Ciphers blocks of 128 bits with a variable key length (up to 512 bits).
Ciphers blocks of 128 bits with a variable key length (up to 128 bits).
Ciphers blocks of 64 bits with a variable key length (up to 448 bits).
None of the above.
Question 5
What is a Feistel cipher?
A cipher with a block length higher than 128.
A cipher that operate on one half of the ciphertext at each round.
A cipher whose number of rounds is 16.
A cipher whose number of rounds is 36.
None of the above.
Question 6
What is steganography?
A cryptography algorithm.
A message digest algorithm.
A way to protect data, without cryptography.
It is a well know process in DES encryption.
None of the above.
Question 7
How many posible keys DES algorithm has?
2^16
2^32
2^64
2^56
None of the above
Question 8
Which mathematical concept uses the RSA algorithm uses as the basis of its encryption?
Large prime numbers.
Geometry
PI
Irrationality
None of the above.
Question 9
Which of the following is not provided by a public key infrastructure (PKI)?
Integrity
Authentication
Non-repudation
Access control
Reliability
Question 10
Which of the following protocols provides nonrepudiation in IPSEC?
Secure Shell (SSH).
Secure Sockets Layer (SSL).
Encapsulating Security Payload (ESP).
Authentication Header (AH).
None of the above.
