Untitled Quiz

Questions and Answers

Which command is used to print all process information in Linux?

ls -d

su

ps -ef (correct)

ls -l

What does the number '4' signify in the command 'chmod 741'?

Read-only permission

Write permission

Execute permission (correct)

All permissions

Which command is used to view the last 100 lines of a file log in Linux?

grep -100 log

tail -100 log (correct)

cat -100 log

mv -100 log

In Oracle, which user has the highest default privileges?

sys

What does HTTP status code 403 indicate?

Access to the requested resource is forbidden

Which SQL command is used to add a column to an existing table?

update

Which header allows a response to redirect to a new location?

Location

How can a file be uploaded to a server with no internet access due to a command execution vulnerability?

FTP

What attack method involves inputting an excessively long string into a limited space?

Buffer Overflow

Which command shows the Linux kernel version?

uname -a

What is the approximate time required to brute force a 56-bit key using an exhaustive method at a speed of $10^6$ attempts per second?

5.4x10^24 years

Which group was established in February 2014, with Xi Jinping as its leader?

Central Network Security and Informatization Leading Group

What date did the Cybersecurity Law come into effect?

June 1, 2017

What kind of attack can be performed using XXE vulnerabilities?

Read server files

Which of the following is considered an active defense technology?

Honeypot Technology

Which status code is returned when a user does not have permission to access a given page?

403

In a Linux system, where are the operational logs stored?

/var/log

Which tool is typically used for SQL injection attacks?

sqlmap

What information can be directly obtained by conducting a port scan on a target host?

Services running on open ports of the target host

What cannot effectively defend against XSS attacks?

Data encryption

Which of the following statements about phishing is incorrect?

Phishing is unrelated to web services

Which of the following statements about server-side request forgery (SSRF) vulnerabilities is correct?

SSRF vulnerabilities are server-based attacks

What is the primary purpose of APT attacks?

Persistent intrusion for strategic control

Which command can be used to retrieve DNS records?

dig

Which command in SQL is used to completely remove a table?

drop

Which of the following configurations is NOT included in Apache's default parsed suffixes?

.pht

Which is not a characteristic of APT attacks?

Rare occurrence

In a network, what happens if a switch receives a packet with a destination MAC address not in its MAC address table?

The packet is broadcasted to all interfaces

What is the default port for Redis databases?

6379

Which command would NOT reveal the hostname of a Windows system?

set

Which version of MySQL is necessary to use the base64() function?

5.5 version

Which type of algorithm is RSA classified as?

Asymmetric algorithm

What does data integrity ensure?

Users receive exactly what was sent

Which command is used to view the /var/log/wtmp log?

last

What is the incorrect statement regarding SUID permissions?

SUID permissions are universally applicable to all files

Which policy can potentially impact normal production business if enabled?

Limit security audit recording

Which of these tools is commonly used for web vulnerability scanning?

IBM APPSCAN

What is the purpose of setting IP-MAC binding?

Prevent unauthorized access

Which command enables a user to view currently logged-in users on a Windows server?

query user

What data structure is formed when high-level protocols pass data to the network layer?

Data packet

Which method can be used to prevent replay attacks effectively?

Implement one-time encryption methods

What action cannot be performed by a CSRF attack?

Steal user credentials

Which of the following describes the characteristics of an SQL killer worm virus?

Consumes large amounts of network bandwidth

The strongest credential authentication method among the following is?

MS-CHAP

Which attack is characterized by impersonating someone by using their information in messages?

Social engineering attack

What is NOT included in the purpose of digital signatures?

Receiver identity confirmation

What is the essence of ARP spoofing?

Provide a virtual combination of MAC and IP addresses

What is not a typical security monitoring mechanism for upload functionalities?

Client-side JavaScript validation

Which technology can provide real-time protection against internal, external attacks, and misoperations?

Intrusion detection

Which network attack is characterized by the TCP three-way handshake process?

SYN Flood attack

Which SQL command requires the least permissions for reading operating system files?

LoadFile

Which statement about CC attacks is incorrect?

CC attacks can easily gain control of target machines

Which OSI security architecture layer provides data integrity services?

Data Link Layer

What describes the trend in network attack methods?

Increasing sophistication of attack tools

What command can be used with nmap to skip host discovery for the known active host 192.168.20.20?

nmap -Pn 192.168.20.20

Which PHP function is used to prevent SQL injection?

mysql_real_escape_string

Which command is used in sqlmap to retrieve all database names?

dbs

What is incorrect about the description of IIS short file name vulnerabilities?

Short-named files do not have corresponding short file names.

Which command can be used to check Linux password expiration?

passwd

What command is used for a SYN scan with nmap?

-sS

Which method allows IP address to domain name resolution?

Reverse

What incorrect pairing of Linux file permissions is displayed?

rwx-r--r-- 622

In HTTP status codes, which one indicates redirection?

302

Which of the following tools is commonly used for web vulnerability scanning?

Acunetix WVS (AWVS)

Study Notes

Question Selection

• Questions cover various security topics, including vulnerabilities, network protocols, and web applications.
• Questions are multiple choice format, testing knowledge of specific commands, attack types, and system configurations.
• Question sets include different levels of difficulty, assessing different areas of security expertise.
• Topics include: XXE (XML External Entity Injection), WebLogic vulnerabilities, Apache configuration, SQL injection, SSRF (Server-Side Request Forgery), security protocols, and more.
• Question sets evaluate knowledge base of security concepts and their practical application.

Question Details

• Question 1: Vulnerability types, focusing on various attack vectors and their consequences.
• Question 2: Network security, identifying correct commands for network analysis and potential attacks.
• Question 3: Web application security, determining appropriate actions to protect against vulnerabilities.
• Question 4: Understanding of specific tools and their intended use in security testing.
• Question 5: Various security topics, covering general security concepts and best practices to avoid breaches.
• Question 6: Multiple-choice questions testing the knowledge of different aspects of security.

Database Security

• Question 10: SQLSERVER database authentication modes, specifically focusing on which modes are incorrect.
• Question 11: Exploiting vulnerabilities in SQLSERVER database authentication.
• Question 12: Understanding SQL Server authentication mechanisms.
• Question 13: Discussing common issues with web script programming.

Network security vulnerabilities

• Question 13: Exploiting various network vulnerabilities, focusing on specific types of attacks and their effects.
• Question 14: Identifying specific attacks based on malicious activities and the characteristics of those activities.
• Question 15-16: General overview and characteristics of server-side attacks and their effects on web applications.

General Network Attacks

• Question 18: Different attack vectors and their characteristics.
• Question 19: Different aspects of attack methods to exploit system vulnerabilities.

WEB Application Security

• Question 20: Identifying security threats by examining web application behavior.
• Question 24: Examines specific vulnerabilities in different attack types.
• Question 25: Exploring techniques and strategies used to mitigate vulnerabilities.
• Question 26: Reviewing types of attacks and methods/protocols used.

General Security Concepts

• Question 27: Reviewing types of attacks (e.g., SQL injection).
• Question 28-29: Covering different attacks and vulnerabilities.