Question: The KRACK attack on WPA2 was an attack on which of the following: The key The encryption primatives used Implementation of the encryption The protocol
- The KRACK attack on WPA2 was an attack on which of the following:
| The key | ||
| The encryption primatives used | ||
| Implementation of the encryption | ||
| The protocol |
- Which of these causes vulnerabilities in Bluetooth?
| It is expected to be short range, but with the right antenna, the traffic can be picked up from much farther away | ||
| Many devices do not have a user interface and therefore must pair using a static key | ||
| Many Bluetooth devices are battery operated and cannot expend the energy to implement more advanced security | ||
| Purchasing the devices themselves is cheap, and this has led many attackers to get some and play | ||
| All of the above |
Which of these is a wireless protocol used in many industrial applications?
| Zigbee | ||
| UDP/ANT | ||
| WIPS | ||
| Randt | ||
| IEEE 802.5 |
A _____ cipher is used to perform bit-by-bit encryption of the plaintext, using a (hopefully) non-repeating pseudorandom key to XOR each bit of the plaintext with one bit of the key
| block | ||
| stream | ||
| caesar | ||
| Playfair | ||
| All of the above |
QUESTION 5
Which of these is a security issue with home wireless routers
| An ISP or service provider often places a remote administrative password on the public interface of routers provided by the ISP or service provider | ||
| Manufacturers often include hardcoded credentials in wireless routers | ||
| Many people still use WEP because their old WEP WiFi router hasn't broken yet | ||
| Many home WiFi routers don't auto-update, and users almost never update them, so as vulnerabilities are discovered, they remain unfixed until the router gets replaced | ||
| All of the above |
What was Microsoft trying to protect users from, when it accidentally made all system memory (including kernel memory) readable and writable to all processes on the system
| Krack | ||
| WEP cracking | ||
| Spectre/Meltdown | ||
| Wannacry | ||
| Evil Maid attacks |
Which of these might be a good place to look for plaintext passwords that could be usable for privilege escalation
| Adminsitration scripts | ||
| Login scripts | ||
| text files and spreadsheets in the user's directory | ||
| Source code | ||
| All of the above |
Which of these Linux text editors was pointed to in class as providing an option to launch a command shell, which, if the editor was setuid root, would be a root shell?
| texteditor++ | ||
| wasabi | ||
| vi | ||
| green edit | ||
| All of the above |
Which of the attacks below can occur when the user can control some object or value before the program can use it
| TOC/TOU (Time of Check/Time of Use) attacks | ||
| Friending attacks | ||
| Object squatting | ||
| Blind SQL Injection | ||
| Both A and C |
In patching vulnerability MS14-025 what did many system admnistrators fail to do which led to ongoing vulnerability
| Apply the patch a second time as specified in the KB article | ||
| Remove weakly protected credentials which had already been placed in the SYSVOL share | ||
| re-encrypt the SAM from the command line | ||
| Uninstall the previous version prior to applying the patch | ||
| All of the above |
CHOOSE THE ANSWER
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help