CYSE 101 Final Exam Jones | 60 Questions with
100% Correct Answers
How does the principle of least privilege apply to operating system hardening? Correct Answer:
prevents attack actions that require administrator or root privilege
What is the difference between a port scanner and a vulnerability assessment tool? Correct
Answer: port scanners discover listening ports; vulnerability assessment tools report known
vulnerabilities on listening ports
What does applying a vendor OS update (patch) usually do? Correct Answer:
What does executable space protection do for us and how? Correct Answer: prevents buffer
overflow attacks from working by blocking code execution on the memory stack
If an antivirus tool is looking for specific bytes in a file (e.g., hex 50 72 6F etc.) to label it
malicious, what type of AV detection is this? Correct Answer: signature
Which of the following is not part of operating system hardening? Correct Answer: Changing
the main network firewall ruleset
Why might we want a (software) firewall (FW) on our host if one already exists on the network?
Correct Answer: host FWs know more about the local system
Are nmap results always accurate, or is it sometimes necessary to verify nmap output with
another tool? Correct Answer: you should verify nmap results with another tool or data source
Exploit frameworks make it... Correct Answer: easier for amateurs to launch cyber attacks
What is a cyber attack surface? Correct Answer: the total of the number of available avenues
through which our system might be attacked
What does a fuzzing tool do? Correct Answer: Provide multiple data and inputs to discover
vulnerabilities
What does the tool Nikto do? Correct Answer: Scans a web server for common vulnerabilities
Why is input validation important from a security perspective? Correct Answer: to prevent
certain types of attacks
How can we prevent buffer overflows in our applications? Correct Answer: implement proper
bounds checking
Does an SQL injection attack compromise content in the database or content in the Web
application? Correct Answer: database
100% Correct Answers
How does the principle of least privilege apply to operating system hardening? Correct Answer:
prevents attack actions that require administrator or root privilege
What is the difference between a port scanner and a vulnerability assessment tool? Correct
Answer: port scanners discover listening ports; vulnerability assessment tools report known
vulnerabilities on listening ports
What does applying a vendor OS update (patch) usually do? Correct Answer:
What does executable space protection do for us and how? Correct Answer: prevents buffer
overflow attacks from working by blocking code execution on the memory stack
If an antivirus tool is looking for specific bytes in a file (e.g., hex 50 72 6F etc.) to label it
malicious, what type of AV detection is this? Correct Answer: signature
Which of the following is not part of operating system hardening? Correct Answer: Changing
the main network firewall ruleset
Why might we want a (software) firewall (FW) on our host if one already exists on the network?
Correct Answer: host FWs know more about the local system
Are nmap results always accurate, or is it sometimes necessary to verify nmap output with
another tool? Correct Answer: you should verify nmap results with another tool or data source
Exploit frameworks make it... Correct Answer: easier for amateurs to launch cyber attacks
What is a cyber attack surface? Correct Answer: the total of the number of available avenues
through which our system might be attacked
What does a fuzzing tool do? Correct Answer: Provide multiple data and inputs to discover
vulnerabilities
What does the tool Nikto do? Correct Answer: Scans a web server for common vulnerabilities
Why is input validation important from a security perspective? Correct Answer: to prevent
certain types of attacks
How can we prevent buffer overflows in our applications? Correct Answer: implement proper
bounds checking
Does an SQL injection attack compromise content in the database or content in the Web
application? Correct Answer: database
