*************************************************** * Olympus Great Learning Answer Sheet * *************************************************** Course Info - Introduction To Information Security >>>>>Pretest Quiz Answers<<<<<< --------------------------------------------------------------- ############################################################################### # # # Note: Please read Questions before select answers on pretest quiz # # Symbol represent Q = Question and A = Answers # # # ############################################################################### Q. Which of the following falls under the scope of Application Level Security? A. SQL Injection ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. What is "Designing In" security? A. Including security in the initial design of a project ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. What is the "secure by default" principle? A. Turn of unnecessary features by default ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. Why did Clickbot.A communicate over HTTP? A. it is impossible for a firewall to block HTTP packets ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. What is the purpose of a canary in defending against buffer overflows? A. it lets the operating system know when the stack has been overwritten ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. What is a security vulnerability that is associated with Cookies? A. cookies may not get cleared when they should be ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. How does the HTTP POST method prevent leakage over the HTTP GET method? A. keeping parameters out of the URL and headers of the HTTP request. ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. To what degree does SSL help defend against SQL injection attacks? A. ssl does not help ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. Which of the following is a property of stream ciphers? A. stream ciphers do not need a nonce ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. Why can't attackers simply recompute MAC tags? A. the attacker does not know the secret key ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. Trapdoor permutations are inverted using what? A. secret key ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. In the Bell-LaPadula Model, what does the "confinement property" prevent? A. Someone with the top secret clearance from writing an unclassified document ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. what is Authentication ? A. the process of proving one's identity ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. Why can making code open source be dangerous? A. You are making the invalid assumption that people will audit your code from a security perspective ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. What is a common vulnerability with passwords? A. Many users choose from passwords found in a password dictionary. ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. What do Drive by Download attacks exploit? A. Vulnerabilities in web browser plugins ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. How does salting help defend against password attacks? A. Salting renders precomputed hash dictionaries useless ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. Under the same origin policy, which of the following URLs has the "same origin”as: http://www.example.org/foo.html ? A. http://www.example.org/bar.html ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. How does Alice obtain a signed certificate? A. A certificate authority verifies her identity and gives her a unique certificate ---------------------------------------------------------------------------------------------------------------------------------------------------------- Q. How do prepared statements help defend against SQL injection attacks? A. Making sure to interpret the statement parameters as data, and only data. ----------------------------------------------------------------------------------------------------------------------------------------------------------