Below are 40 questions and answers of a test on applying for a moderator position on forum http://hvaonline.net. I am not sure that the answers are all correct (but I believe). I think they are good for reference and reviewing our knowledge. They are not relevant to programming but networking.
1. Interrupts which are initiated by an instruction are
2. When a subroutine is called, the address of the instruction following the CALL instructions stored in/on the
a. stack pointer
c. program counter
3. Which of the following is not an advantage of the database approach
a. Elimination of data redundancy
b. Ability of associate deleted data
c. increased security
d. program/data independence
e. all of the above
4. A transparent DBMS
a. can not hide sensitive information from users
b. keeps its logical structure hidden from users
c. keeps its physical structure hidden from users
d. both b and c
5.Which of the following hardware component is the most important to the operation of database management system?
a. high resolution video display
c. high speed, large capacity disk
6. We also don’t want our undeliverable packets to hop around forever. What feature/flag limits the life of an IP packet on the network?
a. Time to Live counter
b. Subnet Mask
c. Header Checksum
d. Wackamole field
7.A disaster recovery plan should include
a.Biometrictechnology replacement plan, backup plan, recovery plan, test plan.
b.Biometric technology replacement plan, emergency plan, backup plan, recovery plan.
c.Biometric technology replacement plan, emergency plan, backup plan, test plan
d.Emergency plan, backup plan, recovery plan, test plan.
8. A set of guidelines that allow different types of devices to communicate with each other is called a:
9. TCP breaks data into small pieces called:
10. An application used to analyze network traffic and possibly intercept unencrypted passwords or other information is called:
a. Port Scanner
b. Packet Sniffer
c. Event Logs
d. Network Monitor
11. Sites that allow users to input data and don’t properly check for malicious script tags may be vulnerable to ______.
b. Cross-Site Scripting Attacks
c. Blue Screens of Death
d. P2P Networks
12. Cross-site scripting vulnerabilities are primarily a function of
a. Insufficient or Improper Code Validation
b. the Internet Explorer Web Browser
c. Apache Web Servers
d. IIS (Internet Information System) Web Servers
13. An Application-Level Gateway is a type of?
14. The well-known ports are the first _____ ports?
15.In an IDS ______ detection relies on comparison of traffic to a database of known attack methods.
16. In an IDS ______ detection compares current network traffic to a known-good baseline to look for anything out of the ordinary.
17. The value of the ______ lies in the information that is collected which help you to identify how and when the attackers entered the system.
a. Intrusion Detection System
d. Port Scanner
18. DHCP is used to automatically assign ________ to each device
a. MAC Address
b. Host Name
c. IP Address
19. On *Nix systems, ______ is used to change the owner of a file or directory
20. By default, the Administrator account has a RID (Relative ID) of _____
21. Forging the source address on an email header to make an email appear as if it came from somewhere else is called
a. IP Spoofing
b. Stealth Virus
c. Email Spoofing
22. A well designed and configured ______ is like having a single point of entry into your building with a security guard at the door allowing only authorized personnel into the building.
a. Network Adapter
b. Antivirus Software
c. Intrusion Detection System
23. Which UNIX system call creates a new process:
24. The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and
procedures needed to create, manage, store, distribute, and revoke digital certificates. The public key infrastructure is based on which encryption schemes?
D. Elliptical curve
25. Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received?
B. Data integrity
C. Asymmetric cryptography
26. A newly hired security specialist is asked to evaluate a company’s network security. The security specialist discovers that users have installed personal software; the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Which of the following would be the FIRST step to take?
A. Install software patches.
B. Disable non-essential services.
C. Enforce the security policy.
D. Password management
27. A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other’s traffic. Which of the following network devices should be used?
28. In computing, a Uniform Resource Locator (URL) is a type of Uniform Resource Identifier (URI)that specifies where an identified resource is available and the mechanism for retrieving it. When a user attempts to go to a website, he notices the URL has changed, which attack will MOST likely cause the problem?
A. ARP poisoning
B. DLL injection
C. DNS poisoning
D. DDoS attack
29. Which authentication method will prevent a replay attack from occurring?
30. Which security action should be finished before access is given to the network?
A. Identification and authorization
B. Identification and authentication
C. Authentication and authorization
D. Authentication and password
31. Secret Key encryption is also known as:
C. One way function.
32. Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. The model with no single trusted root is known as:
33. Which key can be used by a user to log into their network with a smart card?
A. Public key
B. Cipher key
C. Shared key
D. Private key
34. Which of the following would be an effective way to ensure that a compromised PKI key can not access a system?
A. Reconfigure the key
B. Revoke the key
C. Delete the key
D. Renew the key
35. Which description is true about how to accomplish steganography in graphic files?
A. Replacing the most significant bit of each byte
B. Replacing the most significant byte of each bit
C. Replacing the least significant byte of each bit
D. Replacing the least significant bit of each byte
36. Which of the following types of encryption would be BEST to use for a large amount of data?
37. Which of the following can affect heaps and stacks?
A. SQL injection
B. Cross-site scripting
C. Buffer overflows
38. Which of the following is not a step in the incident response?
39. The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and
procedures needed to create, manage, store, distribute, and revoke digital certificates. An
executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of the email, the executive wants to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which asymmetric key should be used by the executive to encrypt the signature?
40.Which statement correctly describes the difference between a secure cipher and a secure hash?
A. A hash can be reversed, a cipher cannot.
B. A hash produces a variable output for any input size, a cipher does not.
C. A cipher can be reversed, a hash cannot.
D. A cipher produces the same size output for any input size, a hash does not.