Scribd
Upload
2K views

Introduction To Information Security Answers Sheet

This document contains an answer sheet for a pretest quiz on an introduction to information security course. It lists multiple choice questions about topics like application security, secure design principles, vulnerabilities, cryptography, and authentication along with the corresponding answers. The questions cover concepts such as SQL injection, designing security in from the start, disabling unnecessary features by default, how firewalls work, buffer overflows, cookie security, HTTP methods, SSL limitations, stream ciphers, message authentication codes, access control models, open source risks, password risks, browser plugin exploits, password hashing, the same origin policy, certificate authorities, and prepared statements.

Uploaded by

yhioma
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
2K views

Introduction To Information Security Answers Sheet

This document contains an answer sheet for a pretest quiz on an introduction to information security course. It lists multiple choice questions about topics like application security, secure design principles, vulnerabilities, cryptography, and authentication along with the corresponding answers. The questions cover concepts such as SQL injection, designing security in from the start, disabling unnecessary features by default, how firewalls work, buffer overflows, cookie security, HTTP methods, SSL limitations, stream ciphers, message authentication codes, access control models, open source risks, password risks, browser plugin exploits, password hashing, the same origin policy, certificate authorities, and prepared statements.

Uploaded by

yhioma
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

***************************************************

* Olympus Great Learning Answer Sheet *


***************************************************

Course Info - Introduction To Information Security


>>>>>Pretest Quiz Answers<<<<<<
---------------------------------------------------------------

###############################################################################
# #
# Note: Please read Questions before select answers on pretest quiz #
# Symbol represent Q = Question and A = Answers #
# #
###############################################################################

Q. Which of the following falls under the scope of Application Level Security?

A. SQL Injection
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. What is "Designing In" security?

A. Including security in the initial design of a project


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. What is the "secure by default" principle?

A. Turn of unnecessary features by default


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. Why did Clickbot.A communicate over HTTP?

A. it is impossible for a firewall to block HTTP packets


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. What is the purpose of a canary in defending against buffer overflows?

A. it lets the operating system know when the stack has been overwritten
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. What is a security vulnerability that is associated with Cookies?

A. cookies may not get cleared when they should be


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. How does the HTTP POST method prevent leakage over the HTTP GET method?
A. keeping parameters out of the URL and headers of the HTTP request.
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. To what degree does SSL help defend against SQL injection attacks?

A. ssl does not help


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. Which of the following is a property of stream ciphers?

A. stream ciphers do not need a nonce


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. Why can't attackers simply recompute MAC tags?

A. the attacker does not know the secret key


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. Trapdoor permutations are inverted using what?

A. secret key
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. In the Bell-LaPadula Model, what does the "confinement property" prevent?

A. Someone with the top secret clearance from writing an unclassified document
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. what is Authentication ?

A. the process of proving one's identity


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. Why can making code open source be dangerous?

A. You are making the invalid assumption that people will audit your code from a
security perspective
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. What is a common vulnerability with passwords?

A. Many users choose from passwords found in a password dictionary.


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. What do Drive by Download attacks exploit?

A. Vulnerabilities in web browser plugins


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. How does salting help defend against password attacks?

A. Salting renders precomputed hash dictionaries useless


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. Under the same origin policy, which of the following URLs has the "same
origin�as: http://www.example.org/foo.html ?

A. http://www.example.org/bar.html
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. How does Alice obtain a signed certificate?

A. A certificate authority verifies her identity and gives her a unique certificate
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

Q. How do prepared statements help defend against SQL injection attacks?

A. Making sure to interpret the statement parameters as data, and only data.
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------

You might also like