Tag: security

Questions Related to security

Which of the following is essential information to a hacker performing a session-hijacking attack?

technology security

  1. Session ID

  2. Session number

  3. Sequence number

  4. Source IP address

Show answer
Correct Option: C

AI Explanation

To answer this question, we need to understand what a session-hijacking attack is and what information is essential for a hacker to perform such an attack.

Session hijacking, also known as session sidejacking, is a type of attack where an attacker gains unauthorized access to a user's session by stealing or impersonating their session identifier. This allows the attacker to take control of the user's session and perform actions on their behalf.

Let's go through each option to understand why it is correct or incorrect:

Option A) Session ID - This option is incorrect. The session ID is indeed an important piece of information for a session-hijacking attack, as it helps the attacker impersonate the user's session. However, it is not the essential information required for this attack.

Option B) Session number - This option is incorrect. While a session number might be used in some systems to identify a user's session, it is not a widely recognized or essential piece of information for session hijacking.

Option C) Sequence number - This option is correct. The sequence number is a crucial piece of information for a hacker performing a session-hijacking attack. The sequence number is used to maintain the order of packets exchanged between the client and the server during a session. By obtaining and manipulating the sequence number, an attacker can inject malicious packets into the session and disrupt the communication between the client and the server.

Option D) Source IP address - This option is incorrect. While the source IP address can provide some information about the origin of the session, it is not an essential piece of information for a session-hijacking attack. The focus of session hijacking is on stealing or impersonating the session identifier, rather than the source IP address.

Therefore, the correct answer is option C) Sequence number. This option is correct because the sequence number is essential for a hacker to perform a session-hijacking attack by injecting malicious packets into the session.

Which of the following is a countermeasure for a buffer overflow attack?

technology security

  1. Input field length validation

  2. Encryption

  3. Firewall

  4. Use of web forms

Show answer
Correct Option: A

Which of the following is the best countermeasure to session hijacking?
technology security

  1. Port filtering firewall

  2. Encryption

  3. Session monitoring

  4. Strong passwords

Show answer
Correct Option: B

What algorithm outputs a 128-bit message digest regardless of the length of the input?
technology security

  1. SHA

  2. MD5

  3. RC4

  4. RC6

Show answer
Correct Option: B

What is the process of replacing some characters with others in an encryption key?

technology security

  1. Transposition

  2. Subtraction

  3. Substitution

  4. Transrelation

Show answer
Correct Option: C

AI Explanation

To answer this question, you need to understand the different processes involved in encryption.

Option A) Transposition - This option is incorrect because transposition is the process of rearranging the order of characters in a message or text, without changing the characters themselves.

Option B) Subtraction - This option is incorrect because subtraction is a mathematical operation and is not typically used in the process of replacing characters in an encryption key.

Option C) Substitution - This option is correct. Substitution is the process of replacing some characters with others in an encryption key. In encryption, each character in the plaintext is replaced with another character according to a predefined set of rules or mappings.

Option D) Transrelation - This option is incorrect because transrelation is not a recognized process in the field of encryption.

The correct answer is C) Substitution. This option is correct because substitution is the process of replacing some characters with others in an encryption key.

What Vulnerablity does JilWIN_32 exploit ?

technology security

  1. Blank Password

  2. IP Printing buffer overflow

  3. SQL Injection

  4. None of the choices

Show answer
Correct Option: B

An attack technique where a programming flaw allows an attacker to execute script in the victims's browser which can hijack user sessions, deface websites, possibly introduce worms, etc
technology security

  1. Broken authentication and Sesion Management

  2. Cross Site Request Forgery (CSRF)

  3. SQL Injection

  4. Cross Site Scripting (XSS)

Show answer
Correct Option: D

Security of application itself ensures absolute security of databases
technology security

  1. Yes

  2. No. Additional System Hardening is needed

  3. No.Additional Database hardening is needed.

  4. No. Additional Application hardening is needed.

Show answer
Correct Option: C

Which of the following API's associates a Subject with the thread of execution?
technology security

  1. Subject.doAs ()

  2. AccessController.checkPermission()

  3. SecurityManager.checkAccess()

  4. None of the above

Show answer
Correct Option: A

In this code, x is freed twice. What is the risk of this code? 

x = malloc(200); 
/* do something with x */ 
free(x);  
/* do something else */ 
free(x);
technology security

  1. This is a double free vulnerability and must be fixed.

  2. The second call to free() will return an error.

  3. There might be compiler warnings, but the program will run fine.

  4. This is not a security issue.

Show answer
Correct Option: A