Home / Operating System / Linux / Final semeter IV

Final semeter IV


1) ________ malware is designed to gain administrator-level control over a computer system without getting detected.

a)     Virus

b)     Trojan

c)     Rootkit   

d)     Spam

2)     ________ is the process by which a sysytem establishes a user’s identity.

a)     Authentication

b)     Authorization

c)     Confidentiality

d)     Integrity

3)     _________ is not an example of Biometric Technique.

a)     Fingerprint

b)     Voice pattern

c)     hand measurement

d)     Person’s height

4)     _______ amongst the following services are not provided by a firewall?

a)     Packet filtering

b)     Stateful inspection

c)     User authentication      

d)     Proxy server

5)     Code Red is an example of ________

a)     Worm           

b)     Trojan

c)     Spyware

d)     Rootkit

6)     ________ would be placed at the terminal-ends of everynetwork segment in most common environments in order to implement perimeter sericuty.

a)     Proxy Servers

b)     Data Servers

c)     Host-based Firewalls

d)     Routers

7)     _______ is a powerful tool used for network administration that helps to implement network security policies.

a)     Packet Filtering

b)     Firewall    

c)     Router

d)     Data Packets

8)     Identify  the metrics followed by packet filtering to allow or deny packets through a firewall.

a)     Sourece IP address of the incoming packet

b)     Destination IP addresses

c)     Type of Internet protocols that the packet may contain               d) All of the above

9)     What is the drawback of the packet filtering mechanism?

a)     It is an expensive machanism to implement network perimeter security.

b)     It offers speed, but it is tedious to use and requires thorough knowledge.

c)     It doesn’t allow firewall to experiment with application-level data directly.

d)     It secures the application-level data, but doesn’t completely secure the perimeter.

10) which type of packet filtering firewall tracks the state of the network connections and distinguishes legitimate packets for diferent types of connections?

a)     Stateful packet filtering

b)     Stateless packet filtering

11)_________ runs on firewall system between two networks and is connected once the client program establishes the connection to the destination service.

a)     Application Server

b)     Packet Filter Monitoring

c)     Application Gateway             

d)     Firewall Hardening

12) The two types of firewalls are __________ and _________

a)     Packet Filtering            

b)     Proxy

c)     Gateway

d)     Application

13) What is the primary purpose of NAT?

a)     Convert a private IP address that is inside a trusted network to a registered IP address seen by an outside, untrusted network.

b)     Monitor incoming and outgoing packets.

c)     Apply spam protection that helps to keep the malicious emails out of your network, such as, viruses and botnets.

d)     Standardise all your wireless connections on WPA protocol

14) __________ offers a method of dividing one physical network i.e.LAN into multiple broadcast domains

a)     LAN

b)     VLAN              

c)     Gateway

d)     Firewall

15) A tool or software application used to monitor network or system activities to check malicious activitives or policy violations, and produce reports to a Management Station is known as _______.

a)     Intrustion Detection System    

b)     IP SPoofing

c)     Intrustion Detection and Prevention Systems

d)     Sensors

16) Anomaly detection is based on the normal behaviour of a subject for example, a aser or a system to check any action that differs largely from the normal behaviour. it is considered intrusive.

a)     True

b)     False



17) Which of the following IDS scans network packets at the router or host-level, audits packet information, and logs any suspicious packets into a speccial log file with extended information?

a)     DIDS

b)     NIDS

c)     HIDS

d)     IDPS

18) which of the following response is most commonly used, inexpensive, and easy to practice?

a)     Active Response

b)     Passive Response

19) _______ is more complex as it provides more complex interactions with attackers by incorporating actual operating systems and services. It can capture a large amount of information about an attacker.

a)     Low-interaction honeypot

b)     High-interaction honeypot          

c)     Mid-interaction honeypot

d)     none of the above

20) _________ cryptography technique uses the same private key for both ancrypting and decrypting the data?

a)     Diffie-Hellman key exchange

b)     RSA

c)     DES          

d)     PKC

21) A ________, also called a message digest, is a number gennerated from a string of text.

a)     A hash algorithm

b)     The Secure Hash Algorithmn (SHA)

c)     A hash value     

d)     RACE Integrity Primitives Evaluation Message Digest (RIPEMD)

22) In ________ attacking techniques does the attacker try to find loopholes in the implementation of the algorithm instead of attacking the algorithm?

a)     Man in Middle Attack

b)     Meet-in-the-Middle Attack

c)     Side Channel Attack

d)     Brute Force Attack

23) _________ DES techniques is vulnerable to meet-in-the-middle attack?

a)     DES

b)     2DES        

c)     3DES/2

d)     3DES/3

24) ________ is vulnerable to man-in-middle attacks?

a)     RSA

b)     Feistel’s Cipher Scheme

c)     Digital signature

d)     Diffie-Hellman key exchange          



25) _________ take part in securing communications with other computers using communication protocols such as SSL?

a)     Certificate Authority Cerfiticates

b)     Personal Cerfiticates

c)     Server Cerfiticates                 

d)     Software Publisher Certificates

26) ________ is a SSL protocol that initiates a client-server session?

a)     Clap

b)     Handshake        

c)     Bye

d)     Greet

27) IPsec is used to secure Intenet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.

a)     True          

b)     Fasle

28) Kerberos uses _________ port by default.

a)     88           

b)     44

c)     8080

d)     4040

29) _________ protects against replay attacks by utilizing the sliding window technique and discarding old packets.

a)     ESP

b)     AH           

c)     SSL

d)     TCP

30) By using IP protocol number _________, ESP operates directly on top of IP

a)     88

b)     23

c)     75

d)     50           

31) Which of the following correctly identifies redundant connections?

a)     Two network cards in computers, which are connected to different switches or hubs.

b)     Two different sites, which are connected through network

c)     A backup site, which is an exact replica of the actual server room

d)      Multiple ISP connections           

32) Risk mitigation involves developing a plan of action after proper analysis of the _______

a)     Computer systems

b)     Policies and Procedures of the company

c)     Security Standards

d)     Risk assessment            



33) Identification of the potential monetary impact of a risk is also known as _________

a)     Risk assessment

b)     Risk mitigation

c)     Impact assessment 

d)     Vulnerability assessment

34) What do you call an event that is considered a risk initially, but doesn’t turn out to be a risk?

a)     Vulnerability

b)     Redundant risk

c)     False positive      

d)     Low risk

35) A LAN Surveyor is used for __________.

a)     Network Mapping        

b)     Vulnerability scanning

c)     Sniffing

d)     Password analysis

36) _________ refers to prevention of data signals from being affected by external sources.

a)     HVAC

b)     Shielding     

c)     Scanning

d)     Sniffing

37) ________ consists of a vast database of server names and their corresponding IP addresses.

a)     Open SSH distribution

b)     DNS   

c)     DOS

d)     DACL

38) Entries in the server have been maliciously modified although the victimcontinues to trust the responses supplied by the server is called as Cache Poisoning.

a)     True   

b)     False

39) In _________ a LAN poisons the ARP table of another host and causes it to send packets to the wrong destination.

a)     Cache Poisoning

b)     DNS Spoofing

c)     ARP Poisoning      

d)     Network Poisoning

40) DNS cache poisoning occurs when a user tricks a DNS server and believes that a false response of DNS  query is vailid

a)     True

b)     False      

41) A _______ prevent the DNS server forwarding the requests from interacting with Internet DNS server

a)     DNS Attacker

b)     DNS Forwarder 

c)     DNS client

d)     DNS host

42) The network requests supporting DNS lookups  run over TCP and UPD, port _______ by default.

a)     53              

b)     55

c)     35

d)     65

43) Internet explorer is a ______

a)     Web server

b)     Web browser      

c)     Network protocol

d)     Temporary file

44) Which is attack in which the attacker takes over the web session?

a)     Hijacking

b)     SQL injection

c)     Account harvesting

d)     Session replay

45) ________ is a program that changes some settings in a web browser.

a)     Cookie

b)     ActiveX

c)     Browser parasite

d)     Digital signature

46) _________ is the standard security technology for establishing an encrypted link between a web server and a browser

a)     FTP

b)     HTTP

c)     SSL       

d)     SQL

47) Which one of the following plug-in is more dangerous?

a)     ActiveX     

b)     Java Applet

c)     JavaScript

d)     Flash Player

48) _________ occurs when a malicious user purposefully enters data into a database that will cause an error in its processing .

a)     Hijacking

b)     SQL injection                 

c)     Account harvesting

d)     Session replay

49) ________ is a method of providing false identify information to gain unauthorized access to a service by modifying the source address of traffic or source of information.

a)     Spoofing      

b)     Spamming

c)     Malware

d)     Phishing


50) Which is a way to stop spam emails?

a)     Reply to the spam mail

b)     Unsubscribe to the spam mail

c)     Using a spam filter

d)     Click the ‘remove’ link in the mail

51) ______ is a common tool used by spammers.

a)     Authentication

b)     Encryption

c)     Spambots           

d)     Spam blocker

52) ________ is a Microsoft-proprietary protocol used for email authentication?

a)     NTLM/SPA             

b)     Kerberos

c)     PGP

d)     GPg4Win

53) Which of the following statement about Kerberos is true?

a)     Kerberos is freely available from IIT.

b)     Kerberos uses secret-key cryptography for encrypting data to make it secure.

c)     The user’s password passes through the network in Kerberos.

d)     Kerberos is a military grade encryption program that is used to scramble (encrypt) and unscramble (decrypt) data.

54) ______ is essential for implementing distributed procedures over a network and for delivering file-system updates.

a)     Honeypost

b)     IDS

c)     Synchronized time

d)     NTP

55) _________ are stand-alone devices that can detect attacks on a network or a computer.

a)     Router

b)     IDS            

c)     Honeypots

d)     Firewall

56) _________ contains information about the network traffic?

a)     Company security policy

b)     Firewall’s logs         

c)     NDA

d)     Employee mails

57) _________ allows multiple computers to connect to the Internet using a single public IP address.

a)     Firewall

b)     Egress filtering

c)     DMZ

d)     NAT

58) _________ is the practice of reducing the vulnerabilities in your hardware.

a)     Hardening

b)     Network Address Translation

c)     Intrusion detection

d)     Vulnerability testing

59)_________ refers to the method of keeping computers upto-date with new software releases that are developed after an original software product is installed.

a)     Pop-up blocker

b)     DHCP

c)     Patch management            

d)     Baselining

60) The most vulnerable entity in any organisation is the ______.

a)     Server room

b)     End-user

c)     Reception area

d)     Installed software

61) A host-based firewall is a personal firewall or software program that is installed on .

a)     Servers

b)     Client systems             

c)     Mobile phones

d)     Memory cards and USB drives

62) ________ is a measure of normal activity.

a)     Baselining         

b)     Filtering

c)     Encryption

d)     Decryption

63) _________ is the simulation of the software/hardware.

a)     Virtualization           

b)     Firewall

c)     DLP

d)     XSS

64) A ________ is used to generate a temporary single-use password to make the authentication stronger.

a)     Smart card

b)     Biometric

c)     Token             

d)     RADIUS

65) When happens when a user attempts to log on, but repeatedly types in wrong password?

a)     The account is disabled

b)     The account is deleted

c)     The account is locked       

d)     The account is enable



66) __________ defines rules for access control in Rule Based Access Control?

a)     User

b)     System administrator            

c)     Group

d)     Chairman of the company

67) ________ is generally used by government and military environments.

a)     Mandatory Access Control             

b)     Discretionary Access Control

c)     Role based Access Control                 d) Rule Base Access Control

68) The ________ used in an authentication process makes authentication resilient and reliable.

a)     Unique factors

b)     Process time

c)     Software

d)     Operating system

69) What are the factors required in a strong password?

a)     Five characters

b)     Eight characters

c)     One number

d)     14 characters or more        

70) The act exploiting a bug or design flaw in a software or firmware application to gain access to resources that normally would be protected from an application or user is defined as ________.

a)     Backdoors

b)     Privilege escalation          

c)     Network Intrusion Prevention Systems (NPS)

d)     Crosstalk

71) The transmission of data across electromagnetic signals is known as _________.

a)     Crosstalk

b)     Network accessing

c)     Data emanation         

d)     Electro Magnetic Interference

72) The sending of unwanted messages to Bluetooth-enable devices such as mobile phones and Personal Digital Assistant (PDA) is termed  as _________.

a)     Bluesnarfing

b)     Bluejacking            

c)     Bluetooth

d)     Wardriving  

73)_________ is a popular banking scam all over the word.

a)     Phishing        

b)     Attack

c)     Threat

d)     None of the above


74) In ‘ Penetration testing’, both the ethical hacker and a malicious hacker carry out the same steps for hacking and vulnerability assessment, but their motives are different. State True or False.

a)     True        

b)     False

75) Which type of hacker hacks with malicious intentions?

a)     Greeen-hat hackers

b)     White-hat hackers

c)     Black-hat hackers          

d)     Red-hat hackers

76) A situation or an environment leading to a security breach that can have a devastating effect on a business is called

a)     Exploit

b)     Threat           

c)     Vulnerability

d)     Remote attack

77) _________ means to gain information about a target computer or network without the knownledge or prior approval of the target.

a)     Scanning

b)     Reconnaissance            

c)     Launching

d)     Steganography

78) Using the Google search engine for gathering required information is known as _______

a)     Online hacking

b)     Google hacking           

c)     Network hacking

d)     None of above

79) _________ is a competitive intelligent tools.

a)     Trellian        

b)     Whois

c)     ARIN

d)     SAM Spade

80) Banner grabbing is a graphical tool used for Advanced DNS.

a)     True

b)     False         

81) The open source utility Zenmap (Network Mapper) is used for what purposes?

a)     Network discovery           

b)     Fingerprinting

c)     Crawling

d)     Scan addresses

82) Sam Spade is a combination of many utilities like whois, _______, finger, and DNS lookup.

a)     Port Scan

b)     Traceroute

c)     EmailTrackerPro    

d)     none of the above

83) Penetration testing is also known as ________

a)     Pentest            

b)     Testpen

c)     Pencitest

d)     None of the above

84) ________ and _______ are popular pentest tools.

a)     Hermitage and Shark attack

b)     Pegasus and Metapolice

c)     Armitage and Nessus          

d)     None of the above

85) The general penetration testing methodology consists of three phases namely, Reconnaissance, ______, and Verification.

a)     Testing

b)     Scanning              

c)     Auditing

d)     None of the above

86) In the assessment phase, Audit is a necessary step.

a)     True

b)     False         

87) _________ is a password recovery tool.

a)     Brute force

b)     Cain          

c)     Cryptanalysis

d)     None of the above

88) The main goal of _________ is to get a fair idea of the target.

a)     Footprinting

b)     Enumeration          

c)     Scanning

d)     Pinging

89) A connection to the sharer that does not have a specified user name or password is known as a _______.

a)     Null Session          

b)     Blocked Session

c)     Privileged session

d)     Specific Session

90) Which protocol is used for coordinating the clocks of networked computer systems during data transfer through the internet?

a)     HTTP (Hypertext Transfer Protocol)

b)     SNMP (Simple Network Management Protocol)

c)     SNTP (Simple Network Time Protocol)            

d)     FTP (File Transfer Protocol)

91) SNMP Enumeration helps you to enumerate directories and files by using methods that return an enumerable collection of strings of their names. State true or false

a)     True

b)     False                 

92) _________ is a message that is received from a host with signature of application issuing the message that is viewable.

a)     Telnet

b)     Banner               

c)     ICMP

d)     None of the above

93) _________ allow a network manager to maintain the traffic flow efficiently.

a)     Protocols

b)     Sniffers              

c)     Session Hijacking

d)     Mac flooding

94) The Sniffer software capture packets that are not meant for the sniffer system’s MAC address but for a specific destination MAC addresswhich is known as promiscuous mode.

a)     True         

b)     False

95) The __________ in promiscuous mode reads all traffic and sends it to sniffer for processing

a)     Cable

b)     NIC            

c)     Switch

d)     Router

96) In ________, fake ARP messages are issued by the attacker onto a LAN.

a)     Sniffing

b)     Flooding

c)     Spoofing                

d)     Phishing

97) ________ include filters, colour-cording , and other features that monitors network traffic and inspects individual packets.

a)     Wireshark               

b)     Ethernet

c)     Packets

d)     Juggernaut

98) _________ are fake computer programs which are designed to trick the user to buy dangerous and unnecessary software like fake antivirus protection.

a)     Firmware

b)     Freeware

c)     Scareware           

d)     Fakeware

99) Monique and Francoise developed the _________ model.

a)     Social Engineering Attack Detection         

b)     Social Networking

c)     Technical assessment

d)     Social Security


100)         To curtail Socical Engineering attacks, companies should create a _________.

a)     Network of systems

b)     Central information collection system       

c)     Security data collection office

d)     Alert System

101)        Assets that you cannot see, or those that exist on paper or on a hard disk are called ______ assets.

a)     Tangible

b)     Intangible              

c)     Economic

d)     Fixed

102)        When an attacker manipulates people in an organization to share confidential information, so that the computers in that particular organization can be accessed, it is called _________.

a)     `Information engineering

b)     Social engineering         

c)     Computer engineering

d)     None of the above

103)        A…..monitors network traffic for suspicious activity and alerts the system or network administrator

a)     IDS    

b)     IP

c)     Honey pot

d)     Trap

104) ……is a technique used by attackers to bypass IDS

  1. Flooring
  2. b.      Flooding             
  3. Fooling
  4. Penetrating

105) IDS approach the goal of detecting suspicious traffic in only one way

  1. True
  2. b.      False         

106) Anomaly Based is atype of a server that has a firewall attached to it

  1. True
  2. b.      False 

107) Many IDPS can also respond to a detected threat by attermpting to prevent it from succeeding

  1. a.      True  
  2. False

108) LSA stands for local security ………

  1. Agency
  2. Association
  3. c.      Authozity     
  4. Agreement

109) Group policy iis a feature in the…………operating system

  1. Linux
  2. Solaris
  3. c.      Windows NT           
  4. Mac

110) The first rule for editing the registry is that the registry must be……….

  1. a.      Backed up                
  2. Deleted
  3. Restarted
  4. Copied

111) The import facility of regedit can be used to make a copy of the registry key

  1. True
  2. b.      False             

112) The Sam file in windows XP stores the user’s password in a  ……format

  1. a.      Hash              
  2. Clear text
  3. Alpha muberic
  4. Binary

113) Wireless network is a network set up by using ______ frequency.

a)     Mobile signal

b)     Antenna signal

c)     Radio signal

d)     None of the above

114) The ____ links two or more devices using a wireless distribution method.

a)     WAN

b)     WLAN          

c)     WPAN

d)     WCAN

115) _______ handles the overall authentication process of the user’s session on the wireless device.

a)     Circumference

b)     RADIUS       

c)     Circle

d)     Perimeter

116) Open System authentication allows any user to authenticate to the access point.

a)     True  

b)     False

117) One of the tools used by War Driving is ______.

a)     Tumbler

b)     Spoofing

c)     NetStumbler

d)     Driving too

118) ______ is a code injection technique that weakens the system’s information assurance in a Website’s software.

a)     RDBMS

b)     SQL injection          

c)     PHP

d)     None of the above

119) SQL injection is used to exploit Websites by changing backend SQL statements by manipulating application input.

a)     True  

b)     False


120) One of the steps to secure Website and Web applications from SQL injection is:

a)     Analyze the physical connection of Webserver

b)     Perform irregular Web security audit

c)     Ensure to sanitize Web applications     

d)     None of the above

121) Submitting a query that uses the ____ clause allows partial matcching of names or email addresses in the database

a)     Same

b)     Similar

c)     Match

d)     Like   

122) ___________ is a sophisticated SQL injection tool for easy SQL injection process

a)     SQL tool

b)     Havji 

c)     Database Mon

d)     Backend SQL

123) __________ is a type of password attack.

a)     Thesaurus attack

b)     Forceful attack

c)     Brute Force attack

d)     Password attack

124) To avoid password reuse, _______ were developed.

a)     Strong passwords

b)     Character passwords

c)     Special character passwords

d)     One time passwords          

125) This is not a type of password attack.

a)     DoS    

b)     Brute force

c)     Dictionary

d)     None of the above

126) What you can do and what you desire are some authentication methods.

a)     True

b)     False

127) __________ is a hacking tool.

a)     Nagios

b)     John the Ripper      

c)     Cacti

d)     Zabbix

128) ______ helps in delivering Web content that can be accessed through the Internet.

a)     Web Site

b)     Web Server 

c)     We Design

d)     None of the above

129) By installing server software to any computer and connecting the machine to the Internet, any computer can be turned into a Web Server.

a)     True

b)     False 

130) _________ is one of the most popular and capable vulnerability scanners for UNIX systems.

a)     CoreIntact

b)     Nexpose

c)     Nessus           

d)     Acunetix

131) Which test is not a type of patch testing?

a)     Rollback test

b)     Verification test

c)     Standart test

d)     Process test 

132) A complementary security should be provided by _____ to protect operating and file systems, user accounts, and business-critical services from attacks.

a)     Firewalls                  

b)     Trojan

c)     Keylogger

d)     Netscape

133) Bots are also known as ________ .

a)     Browsers

b)     Web Robots 

c)     Network hacking tools

d)     Commands

134) Websites with large ________ are not affected by DoS attacks.

a)     Bandwidth   

b)     Data Storage

c)     Coding

d)     None of the above

135) Smurf attack does not generate heavy computer network traffic on the network of the victim’s computer.

a)     True

b)     False

136) What is a micro block?

a)     Defensive technique

b)     Scanning method

c)     Network attack

d)     Command prompt

137) The ________ create spam, spread viruses, and perform online crimes and malpractices.

a)     Smurf attack

b)     Mailbomb

c)     Zombies                   

d)     Ping flood

138) The types of buffer attacks are ________

a)     Heap based and stack based                    

b)     Memory based

c)     Operating system based                                         d)  RAM based

139) The C programming language supplied the framework for buffer overflow attacks.

a)     True              

b)     False

140) When a return address is overwitten with the address of an opcode, it is called ______.

a)     Overwiting

b)     Trampolining                      

c)     Opcoding

d)     Buffering

141) A ______ is an area of physical memory storage which is used to prevent data from moving into another area.

a)     Buffer                       

b)     Upper

c)     Lower

d)     Middle

142) ________ helps to store data during the run time.

a)     Heap

b)     Stack             

c)     Virtual

d)     Data bus

Print Friendly

About dongpolice

Check Also


Tạo bộ cài đặt Windows từ USB dễ dàng – WinToUSB 3.4 Enterprise Full Key

Tạo bộ cài đặt Windows từ USB dễ dàng – WinToUSB 3.4 Enterprise Full Key WinToUSB …