INT244: Securing Computing Systems Quiz

Questions and Answers

What is the primary focus of ethical hacking?

To find vulnerabilities for malicious purposes

To improve system security by identifying weaknesses (correct)

To develop new hacking software

To gather personal data illegally

Which type of cryptography uses the same key for both encryption and decryption?

Symmetric cryptography (correct)

Asymmetric cryptography

Hashing

Public key infrastructure

What purpose does footprinting serve in ethical hacking?

Identify potential vulnerabilities in a system

Gather information about a target system prior to an attack (correct)

Implement security measures on network devices

Prevent unauthorized access to a system

What is a common method used for vulnerability scanning?

Employing automated scanning tools

Which of the following is NOT a category of malware?

Social engineering

Session hijacking typically targets which aspect of a user’s online activity?

Active sessions with a server

What does ARP poisoning typically target in a network?

The physical addresses of devices within the network

What does the term 'enumeration' refer to in the context of ethical hacking?

Extracting detailed information about network resources

In ethical hacking, what is the significance of using sniffers?

To capture and analyze network traffic

Which phase is NOT part of the social engineering process?

Incident Response

What type of attack does a Denial of Service (DoS) aim to accomplish?

To overwhelm a system and render it unavailable

Which of the following best describes session hijacking?

Intercepting and taking control of a user's active session

What is a core vulnerability of web servers?

The lack of encryption during data transmission

Which of the following is NOT a typical countermeasure for SQL injection attacks?

Implementation of multi-factor authentication

What does MAC flooding attack primarily exploit?

The limited memory of a network switch

Which of the following describes a characteristic of cloud computing attacks?

Exploiting shared resources across a network

Study Notes

Course Overview

• Course code: INT244, focusing on Securing Computing Systems, includes lectures and practical sessions.
• Credits awarded: 3, designed to provide in-depth knowledge of system security.

Course Outcomes

• CO1: Understand basic concepts of operating systems, cryptography, and ethical hacking.
• CO2: Discuss methods for footprinting and scanning target systems.
• CO3: Illustrate enumeration and compromising processes of target systems.
• CO4: Examine sniffers, social engineering techniques, and denial of service attacks.
• CO5: Analyze session hijacking, web applications, and SQL injection for security testing.
• CO6: Identify threats to WiFi, Bluetooth, mobile devices, cloud services, and SIEM solutions.

Unit I: Introduction to Ethical Hacking

• Evolution of hacking: transition from malicious attacks to ethical hacking for security.
• Ethical hackers perform penetration testing using defined methodologies.
• Fundamentals of computer networks: focus on TCP/IP, network devices, and security tools such as proxies and firewalls.
• Cryptography basics: symmetric and asymmetric methods, hashing, and application issues with technologies like IPsec and SSL.

Unit II: Footprinting and Scanning

• Footprinting: process of gathering information to identify potential vulnerabilities.
• Threats from footprinting: includes revealing sensitive information through social networks and other sources.
• Scanning: identifies live systems and open ports, differentiating between various scan types and OS fingerprinting.
• Tools for vulnerability scanning; the significance of employing proxies for anonymity.

Unit III: Enumeration and System Hacking

• Enumeration: the process of extracting detailed information from a system or network.
• Techniques vary for different systems (e.g., Windows, SNMP, LDAP).
• System hacking involves password cracking and security authentication methods, particularly on Microsoft platforms.
• Malware classifications: differentiate between viruses, worms, and ransomware while acknowledging legal implications.

Unit IV: Sniffers, Social Engineering, and DoS Attacks

• Sniffers: tools used to monitor network traffic; methods to employ them and countermeasures against sniffing attacks.
• Social engineering: psychological tactics employed to deceive individuals into revealing confidential information.
• Denial of Service (DoS): methods of subverting services, emphasizing the distinctiveness of DoS and Distributed Denial of Service (DDoS).

Unit V: Session Hijacking, Web Security, and SQL Injection

• Session hijacking: understanding its mechanics and defensive strategies.
• Web servers and applications: vulnerabilities in client-server relationships, methods to test web applications.
• SQL injection: the attack framework, vulnerabilities in databases, and effective countermeasures.

Unit VI: Wireless Networks, Mobile Security, and Cloud Technologies

• Wireless networks: threats associated with Wi-Fi and Bluetooth security.
• Mobile security: encompasses device architecture, security goals, and countermeasures against vulnerabilities.
• Cloud technologies: recognized threats to cloud security, different types of attacks, and methods for testing cloud security.

Practical Experiences

• Footprinting: hands-on experience with search engines and Google hacking techniques.
• Scanning: practical demonstrations with tools like Nmap and Nessus for network analysis.
• Enumeration: utilize open-source tools for Windows and Linux enumeration processes.
• System hacking: showcase offline and online password cracking strategies using various attack methodologies.

Description

This quiz covers key concepts from the INT244 course on Securing Computing Systems. Students will explore essential topics such as operating systems, cryptography, ethical hacking, and techniques for footprinting and scanning target systems. Test your knowledge on these critical areas to enhance your security expertise.