Computer-system-security Important Notes 2020

 

Computer-system-security Important Notes 2020

Important Notes:- 

Hello Dosto Please Subscribe Our Youtube channel  Because Copyright Problem In this post ( python / css / Al / nptel ) So please i humble Request Subscribe Our channel or social Networks ( than we are all are connect To each and every person ) These are Our youtube channel My Youtube Channel .. only 321 subscribe in my youtube  channel .(  channel ko subscribe kar lo kyuki kabhi bhi website band ho sakti hai sar post 2019 se ho rhe hai or answer sare senior ke dwara batye hue hai ) . youtube channel ko jaldi se share karo tak jada subscribe ho jaye to copyright ka koi problem na ho .. thanks 

Computer-system-security Important Notes 2020

Q:1. What was the percentage increase in Zero Day Vulnerabilities in the year 2015?

1.4%

2.50%

3.100%

4.125%

Answer:- 

Q:2. Identify the software whose vulnerability is exploited the most?

1.Android

2.Browser 

3.Adobe Flash Player

4.Microsoft Office

Q:3. The computer vulnerabilities and exploits databases are maintained by _________.

1.Kaspersky Lab

2.Symantec Corporation

3.MITRE Corporation

4.None of the above

Q:4. Which of the following is/are correct with respect to Ransomware?

1.It is a form of Malware

2. It encrypts the whole hard drive of the computer, essentially locking the user out of the entire system.

3.It locks the system's screen or locks the users' files unless a ransom is paid.

4.All of the above.

Q:5. What hacking attacks were mentioned in the lesson?

1.Hacking in French Election

2.ATM Hacking in India

3.Denial of Service attack in Turkish Bank

4.All of the above

Q:6. Which of the following is not an advantage of studying Cyber Security?

1.It gives you the ability to hack a computer system

2.It allows you to know the ways through which cyberspace can be breached

3.Both A and B

4.None of the above

Q:7. Which of the following is considered legal?

1.Hacking a social media account and sending a private message

2.Hacking a bank account and siphoning funds

3.Hacking a company’s security system with permission from the management

4.All of the above

Q:8. What is the cost of launching Denial of Service attack on a website?

1.$20/hr

2.$100/day

3.$300/mont

4.Both A and B

Q:9. Which of the following is correct for silent banker?

1.It is a trojan horse

2.It records keystrokes, captures screens and steals confidential banking credentials and sends them to a remote attacker

3.Both A and B

4.None of the above

Q:10. Which of the following is not a part of Security System Centric Design?

1.Policy

2.Agreement

3.Mechanisms

4.Threat Models

Q:11. Which of the following is not a goal in the security system design?

1.Vulnerability.

2.Confidentiality

3.Integrity

4.Availability

Q:12. Which of the following is most important in design of secure system?

1.Assessing vulnerability

2.Changing or Updating System according to vulnerability

3.Both A and B.

4.None of the above

Q:13. Which of the following is correct with respect to Penetration testing?

1.It is an internal inspection of Applications and Operating systems for security flaws.

2.It is an authorized simulated cyber-attack on a computer system, performed to evaluate the security of the system.

3.It is hacking a security system of an organization.

4.All of the above

Q:14. Which of the following is to be done to avoid limitations in threat models?

1.Making more explicit and formalized threat models to understand possible weaknesses

2.Making simpler and more general threat models

3.Making less assumptions to design a better threat model

4.All of the above.

Q:1. The storm botnet was mainly used for _____________.

a.Phishing

b.DDos Attack

c.Hacking

d.None of the above

(b). Ddos Attack

The storm botnet was mainly used for Spamming.

my youtube channel  :- More Answers from my channel

Q:2. Which statement is incorrect for silent banker?

a.It is a trojan horse

b.It records keystrokes, captures screens and steals confidential banking credentials and sends them to a remote attacker

c.Both A and B

d.None of the above

(c)Both A and B

The statement is incorrect for silent banker is Option ( c ) Both A and B

Q:3. Which of the following is true for Stuxnet?

a.It is a virus

b.It is A botnet

c.It is a computer worm

d.A ransomware

(c) .It is a computer worm

Its Is a computer worm

Q:4. Which of the following is incorrect for the attack on Target Corporation?

a.It is an example of server-side attack

b.More than 140 million credit card information was stolen in the attack

c.The attack happened in 2011

d.None of the above

(c).The attack happened in 2011

Mentioned In Lecture

Q:5. Identify the correct name of the bug bounty program .

a.Google Vulnerability Program

b.Microsoft Bug Bounty Program

c.Mozilla Bounty Program

d.Pwn2Own competition

(d).Pwn2Own competition

Mentioned In the Lecture

Q:6. _________ are attempts by individuals to obtain confidential information from you by falsifying their identity.

a.Computer viruses

b.Phishing scams

c.Phishing trips

d.Spyware scams

Making Duplicate Of original

Q:7. Which of the following is correct for MITM?

a.It stands for Man-In-The-Middle attack

b.It happens when a communication between the two systems is intercepted by an outside entity

c.It can happen in any form of online communication, such as email, social media, web surfing, etc

d.All of the above

(d).All of the above

It All Lie Under This 

Q:8. Which of the following describes a monitoring software, installed without your consent?

a.Malware

b.Adware

c.Spyware

d.Ransomware

(c)..Spyware

Takes Access Without Owner

Q:9. Which type of cyber-attack is commonly performed through emails?

a.Trojans

b.Worms

c.Ransomware

d.Phishing

(d). Phishing

Looks Like Same As Original Email

Q:10. If you share too much information on social media, you might be at risk of?

a.Identity Theft

b.Ransomware

c.Malware

d.Adware

(a).Identity Theft

identity Theft can be stolen

Q:1. Which of the following programming languages have common buffer overflow problem in the development of applications?

1.C, Ruby

2.C, C++

3.Python, Ruby

4.C, Python

 Ans :- C, C++ is the programming languages have common buffer overflow problem in the development of applications.

Q:2. Which type of buffer overflows are common among attackers?

1.Memory-based

2.Queue-based

3.Stack-based

4.Heap-based

 Ans :-  Stack-based of buffer overflows are common among attackers.

Q:3. In ___________ attack, malicious code is pushed into _______.

1.buffer-overflow, stack

2.buffer-overflow, queue

3.buffer-overflow,memory-card

4.buffer-overflow,external drive

Ans :- In Buffer overflow attack , malicious code is pushed into stack.

Q:4. In case of integer overflow, Which of the following option/s is/are true?

1.It is a result of an attempt to store a value greater than the maximum value an integer can store

2.Integer overflow can compromise a program's reliability and security

3.Both A and B

4.None of the above

Ans :- In case of integer overflow, so It is a result of an attempt to store a value greater than the maximum value an integer can store and Integer overflow can compromise a program's reliability and security is are true .

Q:5. A string which contains ___________ parameter/s, is called ______ string.

1.Format, text

2.Text, format

3.text and format, format

4.None of the above

 Ans :- A string Which contains Text parameter/s is called Format string.

Q:1. If we talk about control hijacking, which of the following is true ? 

 (a).In Buffer overflow attacks, stack based attacks are more common than heap based attack.

 (b).Integer overflow attacks is not a type of control hijacking.

 (c).Format string vulnerabilities are used to prevent control hijacking.

 (d).All of the above

Answer :- (b) .Integer overflow attacks is not a type of control hijacking.

Reason :-  .Integer overflow attacks is not a type of control hijacking. so  it right answer of control hijacking . 

Q:2. If we mark the stack and heap segement as non executable,

 (a).No code will execute.

 (b).return-oriented programming will also not be able to exploit it.

 (c).we can prevent overflow code execution.

 (d).All of the above.

Answer :- (c).we can prevent overflow code execution.

Reason :-If we mark the stack and heap segement as non executable, we can prevent overflow code execution. because Overflow code execution can be prevented by marking the stack and heap segments as non-executable .

Q:3. If we talk about Return Oriented Programming, which of the following statement is true ?

 (a).It is a computer security exploit technique that allows an attacker to execute code in the presence of security defences such as DEP and code signing

 (b).These types of attacks arise when an adversary manipulates the call stack by taking advantage of a bug in the program, often a buffer overflow.

 (c).Return-oriented programming is an advanced version of a stack smashing attack.

 (d).All of the above

Answer :- (d).All of the above

Reason :-If we talk about Return Oriented Programming the right answer is All of the above because this statement is true .

Q:4. An hardware device's interrupt request invokes ____ , which handles this interrupt.

 (a).Instruction Set Randomization

 (b).Information Storage and Retrieval

 (c).Interrupt Service Routine

 (d).Intermediate Session Routing

Answer :- (c).Interrupt Service Routine

Reason :- An ISR (also called an interrupt handler) is a software process invoked by an interrupt request from a hardware device. It handles the request and sends it to the CPU, interrupting the active process. When the ISR is complete, the process is resumed .

Q:5. Which of the following is a method of randomization?

(a).ASLR

(b).Sys-call randomization

(c).Memory randomization

(d).All of the above.

Answer :- (d).All of the above.

Reason :- ASLR , Sys-call randomization , Memory randomization   is a method of randomization and ISR is not a randomization .

Q:1. Chroot jail is used to _______ process and its children by ________ to the supplied directory name.

(a).isolate, changing the root directory

(b).change, the name

(c).execute, renaming it

(d).All of the above

Answer:- (b).change, the name

Reason :- A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. The programs that run in this modified environment cannot access the files outside the designated directory tree. This essentially limits their access to a directory tree and thus they get the name “chroot jail”.

Q:2. Taliking about FreeBSD jail, which of the following is true ?

(a).It can only bind to sockets with specified IP address and authorized ports

(b).It can communicate with processes inside and outside of jail

(c).Root is limited (example: cannot load kernel modules)

(d).None of the above

Answer :-(b).It can communicate with processes inside and outside of jail

Reason :- The jail mechanism is an implementation of FreeBSD's OS-level virtualisation that allows system administrators to partition a FreeBSD-derived computer system into several independent mini-systems called jails, all sharing the same kernel, with very little overhead.

Q:3. Which of the following is incorrect for System call interposition?

(a).It tracks all the system service requests of processes.

(b).Each system request can be modified or denied.

(c).It is impossible to implement tools to trace, monitor, or virtualize processes.

(d).None of the above.

Answer:-(c).It is impossible to implement tools to trace, monitor, or virtualize processes.

Reason:- Abstract: System call interposition is a powerful method for regulating and monitoring program behavior. ... A system call correlating method is proposed to identify the coherent system calls belonging to the same process from the system call sequence. 

Q:4. Which of the following is a computer security utility which limits an application's access to the system by enforcing access policies for system calls?

(a).systrace

(b).NetBSD

(c).ptrace

(d).None of the above

Answer:- (a).systrace

Reason:- Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities.

Q:5. Which of the following uses a call back mechanism in the kernel module to redirect system calls?

(a).systrace

(b).ptrace

(c).ostia

(d).NetBSD

Answer :- (b).ptrace

Reason:- ptrace is a system call found in Unix and several Unix-like operating systems. By using ptrace (the name is an abbreviation of "process trace") one process can control another, enabling the controller to inspect and manipulate the internal state of its target.