ISEC 322: Design & Analysis of Sec Protocols - Quiz

Questions and Answers

What is a common vulnerability associated with ARP?

• SQL injection
• Eavesdropping (correct)
• Cookie theft
• Cross-site scripting

Which type of attack is associated with the TCP protocol?

• Cross-site request forgery
• Brute force attack
• SYN flood attack (correct)
• Clickjacking

What type of security issue is commonly associated with SMTP?

• SQL injection
• Eavesdropping
• Man-in-the-middle attack (correct)
• Cross-site scripting

What is a known vulnerability associated with DNS?

DNS spoofing (C)

Which security problem is often related to Web forms, cookies, and CGI scripts?

Cross-site scripting (D)

What type of misuse is associated with mobile code like Java scripts and ActiveX controls?

Denial of Service (DoS) (A)

What is a potential risk associated with using helper applications in browsers?

Downloading dangerous content that may contain macro viruses (C)

How can DNS spoofing impact web security?

Downgrading browser security by reducing the key length in SSL connections (A)

What is the primary concern with mobile code like ActiveX controls in terms of security?

They run directly on the machine without a sandbox (A)

Which statement accurately describes Java applets in terms of running environment?

Java applets run within a controlled environment called a sandbox (B)

What is a known danger associated with signed ActiveX controls?

Writing arbitrary files on the hard disk leading to potential exploitation (B)

How do JavaScript applet scripts differ from Java applets in terms of processing within browsers?

JavaScript applet scripts are interpreted by the browser itself, not as powerful as Java applets (D)

What is a potential risk associated with sending cookies in clear?

Eavesdropping and potential session hijacking (D)

How can third-party advertisements pose a privacy risk to users?

By setting a cookie that can track user visits (D)

What is a common consequence of unexpected user input in web forms?

Security vulnerabilities (C)

In the context of password-based user authentication, what issue can arise from inadequate input validation?

SQL injection attacks (B)

What type of attack exploits the program's failure to verify data sizes, potentially leading to memory corruption?

Buffer overflow attacks (C)

How can cross-site scripting (XSS) be characterized?

Sending malicious scripts to trusted servers (B)

Which type of attack involves the attacker arranging for the victim to receive a malicious script from a trusted server?

^ARP poisoning (A)

What could be a consequence of buffer overflow attacks if left unmitigated?

Potential memory corruption and control by attackers (D)

What is the main risk associated with inadequate input validation in server-side scripts?

Potential SQL injection vulnerabilities (B)

How can setting cookies by web servers pose security risks?

Exposing sensitive session information to potential attackers (A)