40 questions and answers for moderators of HVA

Below are 40 questions and answers of a test on applying for a moderator position on forum http://hvaonline.net. I am not sure that the answers are all correct (but I believe). I think they are good for reference and reviewing our knowledge. They are not relevant to programming but networking.

1. Interrupts which are initiated by an instruction are

a. internal

b. external

c. hardware

d. software

2. When a subroutine is called, the address of the instruction following the CALL instructions stored in/on the

a. stack pointer

b. accumulator

c. program counter

d. stack

3. Which of the following is not an advantage of the database approach

a. Elimination of data redundancy

b. Ability of associate deleted data

c. increased security

d. program/data independence

e. all of the above

4. A transparent DBMS

a. can not hide sensitive information from users

b. keeps its logical structure hidden from users

c. keeps its physical structure hidden from users

d. both b and c

5.Which of the following hardware component is the most important to the operation of database management system?

a. high resolution video display

b. printer

c. high speed, large capacity disk

d. plotter

e. mouse

6. We also don’t want our undeliverable packets to hop around forever. What feature/flag limits the life of an IP packet on the network?

a. Time to Live counter
b. Subnet Mask
c. Header Checksum
d. Wackamole field

7.A disaster recovery plan should include

a.Biometrictechnology replacement plan, backup plan, recovery plan, test plan.

b.Biometric technology replacement plan, emergency plan, backup plan, recovery plan.

c.Biometric technology replacement plan, emergency plan, backup plan, test plan

d.Emergency plan, backup plan, recovery plan, test plan.

8. A set of guidelines that allow different types of devices to communicate with each other is called a:

a. Modem

b. Protocol

c. Language

d. Process

9. TCP breaks data into small pieces called:

a. Files

b. Packets

c. Envelopes

d. Bytes

10. An application used to analyze network traffic and possibly intercept unencrypted passwords or other information is called:

a. Port Scanner

b. Packet Sniffer

c. Event Logs

d. Network Monitor

11. Sites that allow users to input data and don’t properly check for malicious script tags may be vulnerable to ______.

a. Viruses

b. Cross-Site Scripting Attacks

c. Blue Screens of Death

d. P2P Networks

12. Cross-site scripting vulnerabilities are primarily a function of

a. Insufficient or Improper Code Validation

b. the Internet Explorer Web Browser

c. Apache Web Servers

d. IIS (Internet Information System) Web Servers

13. An Application-Level Gateway is a type of?

a. Program

b. Protocol

c. Connection

d. Firewall

14. The well-known ports are the first _____ ports?

a. 65536

b. 1024

c. 1023

d. 49151

15.In an IDS ______ detection relies on comparison of traffic to a database of known attack methods.

a. Hacker

b. Signature-Based

c. Anomaly-Based

d. Intrusion

16. In an IDS ______ detection compares current network traffic to a known-good baseline to look for anything out of the ordinary.

a. Hacker

b. Signature-Based

c. Anomaly-Based

d. Intrusion

17. The value of the ______ lies in the information that is collected which help you to identify how and when the attackers entered the system.

a. Intrusion Detection System

b. Firewall

c. Honeypot

d. Port Scanner

18. DHCP is used to automatically assign ________ to each device

a. MAC Address

b. Host Name

c. IP Address

d. URL

19. On *Nix systems, ______ is used to change the owner of a file or directory

a. Owner

b. chown

c. Modify

d. chmod

20. By default, the Administrator account has a RID (Relative ID) of _____

a. 501

b. 100

c. 500

d. 105

21. Forging the source address on an email header to make an email appear as if it came from somewhere else is called

a. IP Spoofing

b. Stealth Virus

c. Email Spoofing

d. Spam

22. A well designed and configured ______ is like having a single point of entry into your building with a security guard at the door allowing only authorized personnel into the building.

a. Network Adapter

b. Antivirus Software

c. Intrusion Detection System

d. Firewall

23. Which UNIX system call creates a new process:

a. Fork

b. Exec

c. nproc

d. system

24. The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and

procedures needed to create, manage, store, distribute, and revoke digital certificates. The public key infrastructure is based on which encryption schemes?

A. Symmetric

B. Quantum

C. Asymmetric

D. Elliptical curve

25. Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received?

A. Anti-aliasing

B. Data integrity

C. Asymmetric cryptography

D. Non-repudiation

26. A newly hired security specialist is asked to evaluate a company’s network security. The security specialist discovers that users have installed personal software; the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Which of the following would be the FIRST step to take?

A. Install software patches.

B. Disable non-essential services.

C. Enforce the security policy.

D. Password management

27. A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other’s traffic. Which of the following network devices should be used?

A. Router

B. Hub

C. Switch

D. Firewall

28. In computing, a Uniform Resource Locator (URL) is a type of Uniform Resource Identifier (URI)that specifies where an identified resource is available and the mechanism for retrieving it. When a user attempts to go to a website, he notices the URL has changed, which attack will MOST likely cause the problem?

A. ARP poisoning

B. DLL injection

C. DNS poisoning

D. DDoS attack

29. Which authentication method will prevent a replay attack from occurring?



C. Kerberos


30. Which security action should be finished before access is given to the network?

A. Identification and authorization

B. Identification and authentication

C. Authentication and authorization

D. Authentication and password

31. Secret Key encryption is also known as:

A. Symmetrical

B. Replay

C. One way function.

D. Asymmetrical

32. Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. The model with no single trusted root is known as:

A. Peer-to-peer

B. Downlevel

C. Hierarchical

D. Hybrid

33. Which key can be used by a user to log into their network with a smart card?

A. Public key

B. Cipher key

C. Shared key

D. Private key

34. Which of the following would be an effective way to ensure that a compromised PKI key can not access a system?

A. Reconfigure the key

B. Revoke the key

C. Delete the key

D. Renew the key

35. Which description is true about how to accomplish steganography in graphic files?

A. Replacing the most significant bit of each byte

B. Replacing the most significant byte of each bit

C. Replacing the least significant byte of each bit

D. Replacing the least significant bit of each byte

36. Which of the following types of encryption would be BEST to use for a large amount of data?

A. Asymmetric

B. Symmetric

C. ROT13

D. Hash

37. Which of the following can affect heaps and stacks?

A. SQL injection

B. Cross-site scripting

C. Buffer overflows

D. Rootkits

38. Which of the following is not a step in the incident response?

A. Recovery.

B. Repudiation

C. Containment

D. Eradication

39. The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and

procedures needed to create, manage, store, distribute, and revoke digital certificates. An

executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of the email, the executive wants to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which asymmetric key should be used by the executive to encrypt the signature?

A. Shared

B. Private

C. Hash

D. Public

40.Which statement correctly describes the difference between a secure cipher and a secure hash?

A. A hash can be reversed, a cipher cannot.

B. A hash produces a variable output for any input size, a cipher does not.

C. A cipher can be reversed, a hash cannot.

D. A cipher produces the same size output for any input size, a hash does not.

1 comment

Leave a comment

Your email address will not be published. Required fields are marked *