1.
Sertifikat služi:
Correct Answer
C. Za potvrdu necijeg javnog kljuca
Explanation
The correct answer is "za potvrdu necijeg javnog kljuca" because a certificate is used to verify someone's public key. Public key certificates are used in public key cryptography, where each user has a pair of keys - a public key and a private key. The certificate includes the user's public key and is digitally signed by a trusted third party, known as a Certificate Authority (CA), to verify the authenticity of the public key. This allows users to trust that the public key belongs to the intended user and has not been tampered with.
2.
1. Na Vijata ruteru su unete sledeće komande:
set firewall name LAN_FW rule 10
set firewall name LAN_FW rule 10 action drop
set firewall name LAN_FW rule 10 protocol tcp
set firewall name LAN_FW rule 10 destination port ssh
set firewall name LAN_FW rule 10 state new enable
set firewall name LAN_FW rule 10 recent count 3
set firewall name LAN_FW rule 10 recent time 30
set firewall name LAN_FW rule 20
set firewall name LAN_FW rule 20 action permit
set firewall name LAN_FW rule 20 protocol tcp
set firewall name LAN_FW destination port 22
set interfaces ethernet eth2 firewall local LAN_FW
Correct Answer
B. Zabranjeno je učestano uspostavljanje konekcija ka portu 22 (SSH) na samom ruteru
Explanation
The given configuration sets up a firewall on the router to drop TCP connections to port 22 (SSH) from the LAN network. The rule is configured to enable the tracking of recent connections, allowing a maximum of 3 connections within a 30-second time frame. This effectively restricts frequent connections to the SSH port on the router itself.
3.
Ako se koristi WPA ili WPA2, ključevi koji se koriste za šifrovanje saobraćaja:
Correct Answer
B. Dogovore se u toku četvorostrukog dogovora između klijenta i radne stanice.
Explanation
When using WPA or WPA2, the keys used for encrypting traffic are agreed upon during a four-way handshake between the client and the access point. This handshake involves multiple steps to establish a secure connection and exchange the necessary encryption keys.
4.
1. Topologija je kao na slici:Administrator je uneo sledeći niz poruka:
set firewall name IZ_LAN rule 10
set firewall name IZ_LAN rule 10 action accept
set firewall name IZ_LAN rule 10 source address 10.10.10.0/24
set firewall name IZ_LAN rule 10 destinacion address 192.168.1.0/24
set firewall name IZ_LAN rule 10 protocol tcp
set firewall name IZ_LAN rule 10 destination port ssh,www
set firewall name IZ_LAN rule 20
set firewall name IZ_LAN rule 20 action reject
set firewall name IZ_LAN rule 20 source address 10.10.10.0/24
set firewall name IZ_LAN rule 20 destination address 192.168.1.0/24
set firewall name IZ_LAN rule 30
set firewall name IZ_LAN rule 30 action accept
set firewall name IZ_LAN rule 30 source address 10.10.10.0/24
set firewall name IZ_LAN rule 30 protocol tcp
set firewall name IZ_LAN rule 30 destination port http,ftp,ftp-data
Administrator je uneo sledeći niz poruka:
set firewall name IZ_LAN rule 10
set firewall name IZ_LAN rule 10 action accept
set firewall name IZ_LAN rule 10 source address 10.10.10.0/24
set firewall name IZ_LAN rule 10 destinacion address 192.168.1.0/24
set firewall name IZ_LAN rule 10 protocol tcp
set firewall name IZ_LAN rule 10 destination port ssh,www
set firewall name IZ_LAN rule 20
set firewall name IZ_LAN rule 20 action reject
set firewall name IZ_LAN rule 20 source address 10.10.10.0/24
set firewall name IZ_LAN rule 20 destination address 192.168.1.0/24
set firewall name IZ_LAN rule 30
set firewall name IZ_LAN rule 30 action accept
set firewall name IZ_LAN rule 30 source address 10.10.10.0/24
set firewall name IZ_LAN rule 30 protocol tcp
set firewall name IZ_LAN rule 30 destination port http,ftp,ftp-data
Correct Answer
A. A) Odbačen zbog pravila 20.
Explanation
The given configuration shows that the firewall rules are set to accept traffic from the source address 10.10.10.0/24 to the destination address 192.168.1.0/24. However, rule 20 is set to reject traffic from the same source address to the same destination address. Therefore, the message will be discarded due to rule 20.
5.
1. Slabost WPA-WPA2 zaštite su: (izabrati dva odgovora)
Correct Answer(s)
A. A) poruke o asocijaciji i disasocijaciji nisu zaštićene niti potvrđeno autntične.
B. B) ukoliko se uhvati četvorostruki dogovor moguć je rečnički napad na jednostavni PSK.
Explanation
The weakness of WPA-WPA2 protection is that the messages of association and disassociation are not protected or verified as authentic. Additionally, if a quadruple handshake is captured, a dictionary attack on a simple PSK (Pre-Shared Key) is possible.
6.
Od EAP metoda koji se koriste u bežičnim mrežama se očekuje: (više dva odgovora)
Correct Answer(s)
A. A) obostrana autentifikacija.
B. B) izvođenje glavnog ključa (Master Key).
Explanation
The expected features of the EAP method used in wireless networks include mutual authentication and derivation of the master key.
7.
Šta nije deo sertifikata? (izabrati 5 stavki)
Correct Answer(s)
A. A) Korisničko ime i lozinka.
C. C) IP adresa i ime hosta sertifikacionog autoriteta.
E. E) Potpis svih navedenih informacija (SHA1 izvod šifrovan RSA javnim ključem sertifikacionog
G. G) IP adresa i ime hosta predmeta sertifikata.
I. I) Verzija i serijski broj.
Explanation
The given answer is correct because the items listed in a), c), e), g), and i) are not part of a certificate. The certificate typically includes information such as the public key, validity period, issuer and subject, version, and serial number. The items mentioned in the correct answer, such as username and password, IP address and hostname of the certification authority, signature of the information, IP address and hostname of the subject of the certificate, and version and serial number, are not included in a certificate.
8.
Topologija je kao na slici:
Administrator želi da dozvoli da samo paketi, koji su deo uspostavljenih http konekcija, mogu da sa interneta dođu do klijenta u lokalnoj mreži. Kreira skup pravila pod nazivom SA_INTERNETA koji će biti vezan za „in“ smer interfejsa eth0. Potrebno je uneti pravila:
Correct Answer
B. B) set firewall name SA_INTERNETA rule 10
set firewall name SA_INTERNETA rule 10 action accept
set firewall name SA_INTERNETA rule 10 state established enable
set firewall name SA_INTERNETA rule 10 state related enable
Explanation
The correct answer is b) because it sets the rules to allow only packets that are part of established HTTP connections to reach the client in the local network. By enabling the "state established" and "state related" options, the firewall will only accept packets that are part of an established connection or related to an established connection. This ensures that only valid HTTP traffic is allowed through the firewall. The other options (a and c) do not specify the state of the connection and do not provide the necessary filtering for HTTP traffic.
9.
Alisa želi da potpiše poruku kako bi Bob moga da proveri njenu autentičnost pri čemu tajnost nije problem. Alisa treba da:
Correct Answer
D. D) kreira izvod poruke i šifruje ga sopstvenim privatnim ključem
Explanation
Alisa treba da kreira izvod poruke i šifruje ga sopstvenim privatnim ključem kako bi Bob mogao da proveri autentičnost poruke. Korišćenje sopstvenog privatnog ključa omogućava Alisi da potpiše poruku na način koji samo ona može da uradi, jer samo ona ima pristup svom privatnom ključu. Bob će zatim moći da dešifruje poruku koristeći Alisin javni ključ i tako proveri da je poruka zaista potpisana od strane Alise.
10.
Ukoliko Bob želi da verifikuje digitalni potpis poruke koju je primio od Alise, potrebno mu je da
Correct Answer
D. D) Alisin javni ključ.
Explanation
In order to verify a digital signature, Bob needs Alice's public key. The public key is used to verify the signature, while the private key is used to create the signature. Therefore, Bob does not need his own private key or public key, nor does he need Alice's private key. The correct answer is d) Alice's public key.
11.
Na Vijata ruteru konfigurisanom kao zaštitna barijera, pojedinačna pravila za filtriranje saobraćaja sadrže:
Correct Answer
C. C) opis saobraćaja i akciju nad njim.
Explanation
The correct answer is c) because individual traffic filtering rules in a security barrier router typically include a description of the traffic and the action to be taken on it. This allows the router to determine how to handle specific types of traffic based on their description and perform the appropriate action, such as allowing or blocking the traffic. The DNS name and address of server clients (option a) and the direction of traffic and interface name (option b) may be considered in some filtering rules, but they are not the primary factors in determining the action to be taken on the traffic.
12.
Na Vijata zaštitnoj barijeri kreiran je skup pravila za filtriranje saobraćaja. U okviru skupa postoje nekoliko ptavila koja opisuju paket koji se ispituje. Koje pravilo će odrediti kletu sudbinu paketa?
Correct Answer
C. C) Gleda se isključivo redosled pravila u skupu. Prvo pravilo koje opiše paket odredi mu i sudbinu.
Explanation
The correct answer is c) Gleda se isključivo redosled pravila u skupu. Prvo pravilo koje opiše paket odredi mu i sudbinu. This means that the fate of the packet is determined solely by the order of the rules in the set. The first rule that describes the packet will determine its fate.
13.
Kada radi kao sistem za detekciju upada (IDS):
Correct Answer
C. C) Snort se poveže na ogledni (mirrored) port sviča i prati napade na čitav segment mreže.
Explanation
When Snort is used as an Intrusion Detection System (IDS), it is connected to a mirrored port on a switch. This allows Snort to monitor and analyze network traffic on the entire network segment. By connecting to the mirrored port, Snort can detect and alert on any suspicious or malicious activity occurring within the network, providing a comprehensive view of potential attacks on the network. This setup ensures that Snort functions effectively as an IDS by monitoring all network traffic and detecting any intrusion attempts.
14.
Osnovne informacije koje digitalni sertifikat u sebi sadrži su:
Correct Answer
D. D) javni ključ, informacije o identitetu vlasnika ključa, digitalni potpisa navedenih informacija kreiran privatnim ključem autoriteta kome se veruje.
Explanation
A digital certificate contains the public key, information about the owner's identity, and a digital signature of the mentioned information created by the trusted authority's private key.
15.
Da li je i kako moguće da na istom Apache serveru postoje i sajtovi koji koriste TLS sajtovi koji ne koriste TLS?
Correct Answer
B. B) Moguće je jer ne koriste isti port.
Explanation
It is possible for different websites to coexist on the same Apache server and use different TLS configurations because they can be accessed through different ports. Each website can be configured to listen on a specific port, and the TLS settings can be configured individually for each port. Therefore, websites can use TLS or not use TLS independently of each other based on the port they are accessed through.
16.
Da li se i na koji način u toku uspostave TLS sesije može prevariti i autentičnost klijneta?
Correct Answer
A. A) U poruci “CertificateVerify” klijent digitalno potpiše sve razmenjene poruke i time pokaže da poseduje privatni ključ.
Explanation
The correct answer is a) In the "CertificateVerify" message, the client digitally signs all exchanged messages, demonstrating that it possesses the private key. This ensures the authenticity of the client during the establishment of the TLS session.
17.
Koliko je imenovanih skupova pravila moguće imati za Vijata zaštitnoj barijeri?
Correct Answer
C. C) Po tri na svakom interfejsu (in, out, local).
Explanation
The correct answer is c) Po tri na svakom interfejsu (in, out, local). This means that for each interface, there can be three named rule sets: one for incoming traffic (in), one for outgoing traffic (out), and one for locally-generated traffic (local). This allows for more granular control and customization of the firewall rules based on the direction and source of the traffic.
18.
U okviru konfiguracije virtuelnog host veb servera se nalazi:
<Directory “/var/www/poverljivo2”>
SSLVerifyClient require
SSLVerifyDepth 1
</Directory>
Šta je efekat ovih direktiva?
Correct Answer
B. B) Zahteva se verifikacija klijentovog sertifikata, odnosno autentifikacija klijenta. Taj sertifikat mora biti direktno potpisan od strane korenog sertifikacionog autoriteta.
Explanation
The given configuration specifies that the virtual host web server requires client certificate verification, which means that the client's certificate needs to be authenticated. Additionally, the certificate must be directly signed by the root certificate authority. This ensures that only clients with a valid and trusted certificate are allowed access to the specified directory ("/var/www/poverljivo2").
19.
Snort je:
Correct Answer
B. B) sistem za detekciju i sprečavanje upada.
Explanation
Snort je sistem za detekciju i sprečavanje upada. Ova vrsta sistema se koristi za praćenje mrežnog saobraćaja i otkrivanje sumnjivih aktivnosti ili pokušaja neovlašćenog pristupa. Snort analizira mrežni saobraćaj i upoređuje ga sa unapred definisanim pravilima kako bi identifikovao potencijalne napade ili nepravilnosti. Kada se detektuje sumnjiva aktivnost, Snort može preduzeti odgovarajuće mere za sprečavanje upada, kao što je blokiranje IP adrese ili slanje upozorenja administratoru sistema.
20.
U podrazumevanom stanju na Vindouz OS:
Correct Answer
B. B) nadziranje nije uključeno.
Explanation
In the default state on Windows OS, monitoring is not enabled.
21.
Kada se digitalni sertifikat izda korisniku, može se upotrebljavati:
Correct Answer
B. B) do isteka roka validnosti, i za namene koje su navedene kao „baseConstrains", „Extended Key Usage".
Explanation
When a digital certificate is issued to a user, it can be used until its expiration date and for the purposes specified in the "baseConstrains" and "Extended Key Usage" fields. This means that the certificate can be used for the specified purposes, such as encryption, authentication, or signing, until it expires. The expiration date ensures that the certificate remains valid for a certain period of time, after which it needs to be renewed or replaced. The "baseConstrains" and "Extended Key Usage" fields define the specific purposes for which the certificate can be used, ensuring that it is only used for authorized activities.
22.
Ako je mrežna barijera sa uspostavom stanja veze (statefull firewall):
Correct Answer
A. A) paket se može tretirati drugačije ako je deo već uspostavljene veze.
Explanation
In a stateful firewall, packets can be treated differently if they are part of an already established connection. This means that the firewall keeps track of the state of the connection and can make decisions based on the previous packets exchanged between the client and the server. This allows for more granular control and better security as the firewall can analyze the context of the packets and apply specific rules or policies based on the established connection.
23.
Kako bi Apache server moga da autentifikuje klijente u toku uspostave TLS sesije, potrebno je:
Correct Answer
C. C) u konfiguraciju servera uključiti lokaciju fajla sa korisničkim imenima (UserNameFile).
Explanation
To authenticate clients during the establishment of a TLS session, it is necessary to include the location of a file with usernames (UserNameFile) in the server configuration. This file contains the usernames that the server will use to verify the identity of the clients. By including this file location in the configuration, the Apache server will be able to authenticate clients during the TLS session.
24.
Na Vijata ruteru, koraci u kreiranju zaštitne barijere su: (izabrati tri odgovora)
Correct Answer(s)
A. A) kreirani skup poavila poimeniti na odrećeni smer intrfejsa.
E. E) unutar skupa pravila kreirati pojedninačna pravila za filtriranje saobraćaja.
F. F) određivanje interfejsa koji propuštaju sav saobraćaj i niterfejsa koji ga blokira.
Explanation
The correct answer choices for creating a protective barrier on a router are:
a) Naming the created rule set after a specific interface direction. This helps in organizing and identifying the rules based on the interface they are associated with.
e) Creating individual rules within the rule set to filter traffic. This allows for specific filtering of traffic based on different criteria.
f) Determining the interfaces that allow all traffic and the interfaces that block it. This helps in controlling the flow of traffic through the router.
25.
Kompromitovani sertifikat se može povući iz upotrebe:
Correct Answer
A. A) javnim objavljivanjem liste opozvanih sertifikata potpisane od strane sertifikacionog autoriteta.
Explanation
The correct answer is a) public disclosure of the list of revoked certificates signed by the certification authority. This means that when a certificate is compromised or no longer valid, the certification authority will publicly announce and publish a list of revoked certificates. This allows users and systems to check the list and ensure that any compromised or revoked certificates are no longer trusted. The other options listed do not involve the public disclosure of a revoked certificate list.
26.
Kada se na Vijata zaštitnoj barijeri skup pravila vezuje za interfejs potrebno je:
Correct Answer
B. B) izabrati odgovarajući smer interfejsa.
Explanation
When attaching a set of rules to the interface on the Protective Barrier, it is necessary to choose the appropriate direction of the interface. This means selecting the direction that aligns with the desired flow of traffic or communication. Choosing the correct direction ensures that the rules are applied effectively and the interface functions efficiently in managing network traffic.
27.
Koraci u podešavanju TLS virtuelnog hosta na Apache serveru: (izabrati 3 odgovora)
Correct Answer(s)
A. A) omogućiti apache serveru da sluša i na portu 443.
E. E) kreirati virtuelni host koji sluša na portu 443 i koji ima direktivu SSLEngine on.
F. F) osposobiti modul mod_ssl.
Explanation
To set up a TLS virtual host on an Apache server, the correct steps are as follows:
a) Enable the Apache server to listen on port 443.
e) Create a virtual host that listens on port 443 and has the directive SSLEngine on.
f) Enable the mod_ssl module.
In order to establish a TLS (Transport Layer Security) virtual host, the Apache server needs to listen on port 443, which is the default port for HTTPS connections. Additionally, a virtual host needs to be created specifically for port 443 and configured with the SSLEngine directive to enable SSL/TLS encryption. Lastly, the mod_ssl module must be enabled to provide the necessary SSL functionality.
28.
1. Topologija je kao na slici:
Administrator želi da dozvoli samo http i ssh saobraćaja iz lokalne mreže u DMZ mrežu. Unešene su komande:
set firewall name IZ_LAN rule 10
set firewall name IZ_LAN rule 10 action accept
set firewall name IZ_LAN rule 10 source address 192.168.1.0/24
set firewall name IZ_LAN rule 10 destinacion address 10.10.10.0/24
set firewall name IZ_LAN rule 10 protocol tcp
set firewall name IZ_LAN rule 10 destination port ssh,www
set interfaces ethernet eth2 firewall in mane IZ_LAN
Nakon toga klijenti ne mogu da pristupaju serverima. Šta je izazvalo problem?
Correct Answer
A. A) Pogrešno unešena izvorišna adresa.
Explanation
The problem is caused by a) incorrectly entered source address. The firewall rule is set to allow traffic from the source address 192.168.1.0/24, which represents the local network, to the destination address 10.10.10.0/24 in the DMZ network. However, if the source address is entered incorrectly, the firewall will not match any incoming traffic from the local network, resulting in the clients being unable to access the servers.
29.
Izbacite uljeza:
Correct Answer
C. C) RSA.
Explanation
RSA is a commonly used encryption algorithm in computer security. It is a public-key encryption system that uses two keys, a public key for encryption and a private key for decryption. The RSA algorithm is based on the difficulty of factoring large numbers, making it secure against attacks. The other options, RC4, DES, IDEA, and AES, are also encryption algorithms, but they are not specifically designed for public-key encryption like RSA. Therefore, RSA is the correct answer in this case.
30.
U bežičnim mrežama, prema novoj verziji standarda iz 2007. godine, 802.1x se koristi kao: (izabrati dva odgovora)
Correct Answer(s)
A. A) okvir za dogovor oko mehanizma za autentifikaciju.
B. B) mehanizam za kontrolu pristupa portovima.
Explanation
In wireless networks, according to the new version of the standard from 2007, 802.1x is used as a framework for negotiating the authentication mechanism and as a mechanism for controlling access to ports. It is not used as an encryption algorithm or for calculating authenticity check values.
31.
WPA2 koristi: (izabrati dva odgovora)
Correct Answer(s)
A. A) CCMP.
D. D) AES.
Explanation
WPA2 uses CCMP and AES. CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is an encryption protocol that provides confidentiality, integrity, and authentication. AES (Advanced Encryption Standard) is a symmetric encryption algorithm that is widely used for securing sensitive data. Both CCMP and AES are strong encryption mechanisms that enhance the security of wireless networks.
32.
Da bi dobio digitalni sertifikat krajnji korisnik mora da
Correct Answer
A. A) kreira par RSA ključeva (privatni i javni) kao i zahtev, podnese zahtev za potpisivanje sertifikacionom autoritetu.
Explanation
To obtain a digital certificate, the end-user needs to create a pair of RSA keys (private and public) and a request, and then submit the request for signing to the certification authority. This process ensures that the end-user has a unique pair of keys and requests the certification authority to sign their certificate, providing authentication and ensuring the integrity of the certificate.
33.
Kada podešavamo nadziranje nad direktorijumom iz sigurnosnih razloga na Vindouz operativnom sistemu
Correct Answer
A. A) pratimo ako bilo ko (Everyone), pokuša bilo šta (Full Controll), i to ne uspe (Fall).
Explanation
The correct answer is a) because it states that we are monitoring if anyone (Everyone) tries to do anything (Full Control) and fails (Fall). This aligns with the goal of monitoring directory access for security reasons, as we want to track any unsuccessful attempts made by anyone.
34.
U mrezi u kojoj se koristi interna infrastruktura javnih kljuceva sa internim korenim sertifikacionim autoritetom, novi racunari imaju problema da verifikuju sertifikate dva veb servera i uspostave TLS sesiju?
Sta je potrebno uraditi kako bi se resio problem?
Correct Answer
B. Uvesti sertifikate internog sertifikacionog autoriteta na problematicnim radnim stanicama?
Explanation
To solve the problem, it is necessary to introduce the certificates of the internal certification authority on the problematic workstations. This will allow the workstations to verify the certificates of the two web servers and establish a TLS session.
35.
Podredjeni (subordinate) sertifikacioni autoritet je:
Izaberite jedan odgovor:
Correct Answer
A. Deo lanca poverenja; on potpisuje sertifikate krajnjim korisnicima pri cemu je njegov sertifikat potpisao koreni sertifikacioni autoritet
Explanation
A subordinate certification authority is part of the trust chain and signs certificates for end users, with its certificate being signed by the root certification authority.
36.
Kada na vindouz operativnom sistemu nadziremo pristup direktorijumu potrebno je:
Correct Answer
B. Podesiti pracjenje na samom objektu
Explanation
The explanation for the given correct answer is that when monitoring access to a directory on the Windows operating system, it is necessary to set the auditing on the object itself. This means enabling the appropriate category of auditing and configuring it specifically for the object in question. By doing so, any access to the directory will be tracked and recorded for monitoring and security purposes.
37.
Kako klijent moze biti siguran da komunicira sa autenticnim serverom u toku uspostave TLS sesije?
Correct Answer
C. Na osonovu digitalnog sertifikata servera sa kojim se vrsi dogovor
Explanation
The client can be sure that they are communicating with an authentic server during the establishment of a TLS session based on the server's digital certificate with which the negotiation is being done. The digital certificate serves as a form of identification for the server, verifying its authenticity and ensuring secure communication between the client and the server.
38.
Sta je od sledecih recenica tacno?
Correct Answer
C. Asimtericna kriptografija je sporija od simetricne
Explanation
The correct answer is "Asimtericna kriptografija je sporija od simetricne." This statement is true because asymmetric cryptography, which uses public and private keys, is generally slower than symmetric cryptography, which uses the same key for both encryption and decryption. This is because asymmetric encryption involves more complex mathematical operations and larger key sizes, which require more computational resources and time.
39.
Kako bezicna stanica zna da pristupna tacka koristi WPA/WPA2?
Correct Answer
A. Na osnovu deljenog kljuca koji je postavio administrator(PSK)
Explanation
The wireless station knows that the access point uses WPA/WPA2 based on the shared key (PSK) that was set by the administrator.
40.
Snort pravila sadrze
Izaberite jedan odgovor
Correct Answer
D. Spisak dozvoljenih brojeva portova
Explanation
The correct answer is "Spisak dozvoljenih brojeva portova" because Snort rules contain a list of allowed port numbers. Snort is an intrusion detection system that monitors network traffic and compares it against a set of rules to detect and prevent malicious activity. By having a list of allowed port numbers, Snort can filter out any traffic that does not match the specified ports, ensuring that only legitimate network traffic is allowed through.