BCA 6th Sem Internal Exam Network Security

2.

There are ______ subtypes of reconnaissance.

2
3
4
5

Correct Answer

A. 2

Explanation

There are two subtypes of reconnaissance.

Rate this question:

3.

Which of the following is not a valid input to the PRF in SSLv3?

Secret value
Identifying label
Initialization vector
Secret value

Correct Answer

A. Secret value

Explanation

The secret value is not a valid input to the PRF in SSLv3 because the PRF (Pseudo-Random Function) in SSLv3 does not take a secret value as an input. The PRF in SSLv3 is used to derive key material from the pre-master secret, which is a combination of the client and server random values. The secret value is not part of this process and therefore cannot be a valid input to the PRF in SSLv3.

Rate this question:

4.

Which of the following alert codes is not supported by SSLv3?

Record_overflow
No_certificate
Internal_error
Decode_error

Correct Answer

A. Record_overflow

Explanation

The alert code "record_overflow" is not supported by SSLv3. This means that when a record overflow occurs, SSLv3 does not have a specific alert code to handle this situation.

Rate this question:

5.

We encounter the record_overflow error when the payload length exceeds –

214 + 1024
216 + 1024
214 + 2048
216 + 2048

Correct Answer

A. 214 + 1024

6.

From the options below, which of them is not a threat to information security?

Disaster
Eavesdropping
Information leakage
Unchanged default password

Correct Answer

A. Disaster

Explanation

A disaster, such as a natural calamity or a physical damage to infrastructure, is not a threat to information security. While it may cause temporary disruption or loss of access to information, it does not directly compromise the confidentiality, integrity, or availability of data. On the other hand, eavesdropping, information leakage, and unchanged default passwords are all potential threats that can lead to unauthorized access, data breaches, or information disclosure.

Rate this question:

7.

The First Phase Of Hacking An IT System Is Compromise Of Which Foundation Of Security?

Availability
Confidentiality
Integrity
Authentication

Correct Answer

A. Availability

Explanation

The first phase of hacking an IT system is compromising the foundation of security, which is availability. Availability refers to the accessibility and functionality of the system, ensuring that authorized users can access the system and its resources whenever needed. By compromising availability, hackers can disrupt or deny access to the system, causing service interruptions or downtime. This can be achieved through various means such as Distributed Denial of Service (DDoS) attacks, network congestion, or exploiting vulnerabilities in the system's infrastructure.

Rate this question:

8.

What Port Does Telnet Use?

22
80
20
23

Correct Answer

A. 22

Explanation

Telnet is a network protocol used to establish remote command-line sessions with other computers. It operates on port 23 by default. However, the given correct answer is incorrect. Port 22 is actually used by the SSH (Secure Shell) protocol, which is a secure alternative to Telnet. Port 80 is used by the HTTP (Hypertext Transfer Protocol) for web traffic, and port 20 is used by the FTP (File Transfer Protocol) for data transfer.

Rate this question:

9.

In the SSLv3 the padding bits are ____________ with the secret key.

Padded
XORed
Concatenated
ANDed

Correct Answer

A. Padded

Explanation

In SSLv3, the padding bits are added to the secret key. Padding is a technique used to ensure that the length of the data being encrypted is a multiple of the block size. By padding the data with additional bits, the secret key is combined with these extra bits to ensure that the length requirement is met. This helps to maintain the security and integrity of the encryption process.

Rate this question:

10.

How many basic processes or steps are there in ethical hacking?

4
5
6
7

Correct Answer

A. 4

Explanation

There are four basic processes or steps in ethical hacking. These steps include reconnaissance, scanning, gaining access, and maintaining access. During reconnaissance, the hacker gathers information about the target system. Scanning involves identifying vulnerabilities and weaknesses in the system. Gaining access refers to the process of exploiting these vulnerabilities to gain unauthorized access. Finally, maintaining access involves ensuring continued access to the system for further exploitation or data gathering.

Rate this question:

11.

What Is The Sequence Of A TCP Connection?

SYN-ACK-FIN
SYN-SYN ACK-ACK
SYN-ACK
SYN-SYN-ACK

Correct Answer

A. SYN-ACK-FIN

Explanation

The correct answer is SYN-ACK-FIN. In a TCP connection, the sequence starts with the SYN (synchronize) packet sent by the client to initiate the connection. The server responds with the SYN-ACK (synchronize-acknowledge) packet to acknowledge the request. Finally, the client sends the FIN (finish) packet to terminate the connection. Therefore, the correct sequence is SYN-ACK-FIN.

Rate this question:

12.

The full form of EDR is _______

Endpoint Detection and recovery
Early detection and response
Endpoint Detection and response
Endless Detection and Recovery

Correct Answer

A. Endpoint Detection and recovery

Explanation

EDR stands for Endpoint Detection and Response. This term refers to a cybersecurity solution that focuses on detecting and responding to advanced threats and attacks on endpoints, such as computers, servers, and mobile devices, within a network. EDR systems continuously monitor and analyze endpoint activities, collect data, and use advanced techniques to detect and respond to suspicious behavior, malware, and other security incidents. By providing real-time visibility and response capabilities, EDR helps organizations improve their security posture and mitigate potential risks.

Rate this question:

1

13.

URL stands for –

Universal Remote Locator
Universal Resource Language
Uniform Resource Locator
Uniform Resource Language

Correct Answer

A. Universal Remote Locator

14.

Possible threat to any information cannot be ________________

Reduced
Transferred
Protected
Ignored

Correct Answer

A. Reduced

Explanation

The correct answer is "reduced" because reducing the threat to any information means taking measures to minimize the likelihood or impact of potential risks or dangers. This can involve implementing security measures, such as encryption or firewalls, conducting regular backups, or implementing access controls, to decrease the vulnerability and potential harm to the information.

Rate this question:

15.

To Hide Information Inside A Picture, What Technology Is Used?

Rootkits
Bitmapping
Steganography
Image Rendering

Correct Answer

A. Rootkits

Bca 6th Sem Internal Exam Network Security

_______ is the practice and precautions taken to protect valuable information from unauthorised access, recording, disclosure or destruction.

Quiz Preview

There are ______ subtypes of reconnaissance.

Which of the following is not a valid input to the PRF in SSLv3?

Which of the following alert codes is not supported by SSLv3?

We encounter the record_overflow error when the payload length exceeds –

From the options below, which of them is not a threat to information security?

The First Phase Of Hacking An IT System Is Compromise Of Which Foundation Of Security?

What Port Does Telnet Use?

In the SSLv3 the padding bits are ____________ with the secret key.

How many basic processes or steps are there in ethical hacking?

What Is The Sequence Of A TCP Connection?

The full form of EDR is _______

URL stands for –

Possible threat to any information cannot be ________________

To Hide Information Inside A Picture, What Technology Is Used?