All Categories MCQs
Topic Notes: All Categories
General Description
Plato
- Biography: Ancient Greek philosopher (427–347 BCE), student of Socrates and teacher of Aristotle, founder of the Academy in Athens.
- Important Ideas:
- Theory of Forms
- Philosopher-King
- Ideal State
311
In a "session hijacking" attack, the attacker:
Answer:
Steals a user's valid session ID or cookie to gain unauthorized access to a web application.
When you log into a website, it gives your browser a temporary "session cookie" to keep you logged in. In a session hijacking attack, the attacker steals this cookie (often via XSS or a MitM attack) and uses it to impersonate the legitimate user without needing their password.
312
What is a "directory traversal" or "path traversal" attack?
Answer:
An attack that tries to access files and directories that are stored outside the web root folder by manipulating variables that reference file paths.
In a directory traversal attack, the attacker uses sequences like "../" (dot-dot-slash) to trick the web server into navigating up the directory tree and accessing sensitive system files that should not be publicly accessible, such as `/etc/passwd`.
313
A "birthday attack" is a type of cryptographic attack that:
Answer:
Exploits the mathematics behind the birthday problem in probability theory to find collisions in hash functions.
The birthday paradox shows that you only need 23 people in a room to have a 50% chance that two of them share a birthday. Similarly, a birthday attack can find two different inputs that produce the same hash output (a "collision") much faster than a brute-force approach, which can be used to forge digital signatures.
314
Which of the following is an example of a physical security attack?
Answer:
Tailgating
Tailgating is a physical attack where an unauthorized person follows an authorized individual into a secure, restricted area. The other options are all forms of logical or digital attacks.
315
What is a primary benefit of using a physical security key for MFA?
Answer:
It is completely immune to phishing attacks.
Phishing attacks often rely on tricking a user into entering their password and OTP code into a fake website. A FIDO-based security key will not work on a fake site because it authenticates directly with the legitimate website's domain, making it a "phish-proof" form of MFA.
316
An IPS that is configured to be "fail-open" will do what in the event of a system malfunction?
Answer:
Allow all network traffic to pass through without inspection.
A "fail-open" configuration prioritizes availability. If the IPS device fails, it effectively becomes a simple wire, allowing all traffic to pass through so that the network connection is not lost. The opposite is "fail-closed," which would block all traffic, prioritizing security over availability.
317
A bank's ATM requires you to have your debit card ("something you have") and enter your PIN ("something you know"). This is a real-world example of:
Answer:
Multi-factor authentication
This is one of the oldest and most common examples of MFA. It combines a possession factor (the card) with a knowledge factor (the PIN) to provide strong security for transactions.
318
What is a "key exchange" protocol, such as Diffie-Hellman, used for?
Answer:
To allow two parties to securely establish a shared secret key over an insecure public channel.
The Diffie-Hellman key exchange is a fundamental cryptographic protocol that solves the problem of sharing a secret key for symmetric encryption. It allows two parties, who have no prior knowledge of each other, to jointly establish a shared secret over a network that may be monitored by an attacker.
319
What is "quantum cryptography"?
Answer:
The use of quantum-mechanical phenomena, like quantum entanglement, to perform cryptographic tasks.
Quantum cryptography uses the principles of quantum physics to create a provably secure communication channel. For example, in quantum key distribution (QKD), any attempt to eavesdrop on the key exchange would disturb the quantum state, which would be detected by the legitimate parties.
320
The RSA algorithm's security is based on the computational difficulty of what mathematical problem?
Answer:
Factoring large prime numbers.
The security of RSA relies on the fact that it is easy to multiply two large prime numbers together, but it is extremely difficult and time-consuming for a classical computer to do the reverse—that is, to find the original prime factors of a very large number.