1) Which of the following are volume-based attacks?
a. UDP Flood
b. HTTP Flood
c. DNS cache poisoning
d. All of these
Answer: a, b
Solution: A volume-based or volumetric attack sends a high amount of traffic or request packets to a target network/host in an effort to overwhelm its bandwidth capabilities. These attacks aim to flood the target with the hope to slowing or stopping their services. A UDP flood is a type of denial-of-service attack in which a large number of User Datagram Protocol (UDP) packets are sent to a targeted server with the aim of overwhelming that device’s ability to process and respond.
HTTP flood is a type of Distributed Denial-of -ervice attack in which the attacker exploits seemingly-legitimate HTTP GET or POST requests to attack a web server or application.
DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. This is not a volumetric attack. Hence the correct options are (a) and (b).
2) Which of the following is/are type of viruses?
a. Un-encrypted virus
b. File virus
c. Stealth virus
d. All of these
Answer: b, c
Solution: File virus and stealth virus are types of virus. A file-infecting virus is a type of malware that infects executable files with the intent to cause permanent damage or make them unusable. A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. There is nothing called un-encrypted virus. But encrypted virus is another type of virus, which encrypts its payload with the intention of making detection more difficult. The correct options are (b) and (c).
3) Which of the following is/are not a type of Malware?
a. Worms
b. Logic Bomb
c. Slowloris
d. Rootkit
Answer: c
Solution: A logic bomb is a malicious program that is triggered when a logical condition is met, such as after a number of transactions have been processed, or on a specific date (also called a time bomb). A computer worm is a type of malicious software program whose primary function is to infect other computers while remaining active on infected systems. A computer worm is self-replicating malware that duplicates itself to spread to uninfected computers. A rootkit is a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system. A malware is any software intentionally designed to cause damage to a computer, server or network. Worm, logic bomb, and rootkit are all examples of malware. Slowloris is a tool used for mounting DDoS attack. It is not exactly a malware. Thus correct option will be (c).
4) Which of the following is/are true for securing a PC from malware?
a. Use firewalls
b. Open all email attachments
c. Keep difficult passwords
d. Update security software infrequently
Answer: a, c
Solution: PC can be protected from malware using firewall, by keeping difficult passwords, etc. We should not open email attachments if we are not sure about the authenticity of the sender, and we should update security software frequently. Hence options (a) and (c) are correct.
5) Which of the following techniques can be used for password cracking?
a. phishing
b. salting
c. spidering
d. keylogger
Answer: a, c, d
Solution: In Phishing a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. Savvy hackers have realized that many corporate passwords are made up of words that are connected
to the business itself. Studying corporate literature, website sales material and even the websites of competitors and listed customers can provide the ammunition to build a custom word list to use in a brute force attack. This is known as spidering.
A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer’s keyboard. It can be used to track passwords entered by a user. Password salting is a form of password encryption that involves appending a password to a given username and then hashing the new string of characters. It is most commonly found within Linux operating systems, and it is generally considered a more secure password encryption model than any of the models used within the various Microsoft distributions. Thus the correct options are (a), (c) and (d).
6) Which of the following is/are true for Slowloris?
a. Send very large size packets to victim system
b. Send as many connection request but never complete the request
c. Use reflection of small packets to make the system busy
d. It is a kind of DDOS attack
Answer: b, d
Solution: Slowloris is a type of denial of service attack that allows a single machine to take down another machine’s web server with minimal bandwidth and side effects on unrelated services and ports. It is an application layer attack that operates by utilizing partial HTTP requests. The attack functions by opening connections to a targeted Web server and then keeping those connections open as long as it can. Option (a) is an example of ping to death, option (b) is an example of slowloris/SYN flood, and option (c) is an example of amplification technique to mount DDoS attack. Thus options (b) and (d) are correct.
7) Hydra is a password cracking tool?
a. Yes
b. No
Answer: a
Solution: Hydra is a password cracking tool, which has been used to demonstrate password cracking in the demonstration lectures.
8) Assume you are using salting technique, there are two user A and B, both of them have same password, which of the following is/are true?
a. Hashed password saved in database for A and B will be different.
b. Hashed password saved in database for A and B will be same.
c. Salt string used for A and B will be different.
d. Salt string used for A and B will be same.
Answer: a, c
Solution: When we use salting, a random salt string is added in pre/post position of the password, and then the hash function is applied. Due to this reason the hashed password becomes different even if the password for A and B are same. When salting is used then in addition to username and hashed password, salt string is also stored in the database. Thus options (a) and (c) are correct.
9) Which of the following is/are true for phishing?
a. Monitor and capture all the network packets
b. Create a webpage similar to one existing
c. Making communication by hiding the identity and acting as a trusted source
d. When user enters essential information to the fake website, it goes to attacker website
Answer: b and d
Solution: Option (a) is an example of sniffing, option (c) is an example of spoofing, whereas options (b) and (d) are examples of phishing.
10) Let us say your password is ABCD, and you are using salting with MD5 hashing algorithm. What will be stored in the password column of your database?
a. MD5(ABCD+Salt_String)
b. Salt_String+MD5(ABCD)
c. MD5(ABCD)+Salt_String
d. None of the above
Answer: a
Solution: When we apply salting, the salt string is appended as prefix or postfix to the normal password. After appending, ABCD+Salt_String is provided as input to the MD5 hashing algorithm to generate hash value. So the correct option will be (a).
