Zast 2.Kol

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Catherine Halcomb
C
Catherine Halcomb
Community Contributor
Quizzes Created: 1452 | Total Attempts: 5,815,393
Questions: 59 | Attempts: 548

SettingsSettingsSettings
Zast 2.Kol - Quiz

.


Questions and Answers
  • 1. 

    Bezbednosna funkcija na komutatorima, poznata pod nazivom Port Security omogucava odbranu od sledecih tipova napada:

    • A.

      DHCP starvation attack

    • B.

      DoS

    • C.

      ARP spoofing

    • D.

      Laziranje IEEE 802.1X sertifikata

    • E.

      Prepunjavanje memorije komutatora

    Correct Answer(s)
    A. DHCP starvation attack
    E. Prepunjavanje memorije komutatora
    Explanation
    Port Security is a security feature on switches that allows defense against unauthorized access and various types of attacks. DHCP starvation attack is a type of attack where an attacker exhausts the available IP addresses on a DHCP server, preventing legitimate devices from obtaining an IP address. Memory overflow on a switch occurs when the switch's memory is overwhelmed with excessive traffic or data, causing it to become unresponsive or crash. By implementing Port Security, switches can protect against both DHCP starvation attacks and memory overflow attacks by limiting the number of MAC addresses allowed on a specific port.

    Rate this question:

  • 2. 

    Identifikator sesije je u sustini sesijski kljuc koji je:

    • A.

      Kombinacija korisnickog imena i lozinke

    • B.

      Slucajno generisan na strani servera

    • C.

      Sacinjen od IP adrese klijenta

    Correct Answer
    B. Slucajno generisan na strani servera
    Explanation
    The correct answer is "Slucajno generisan na strani servera" which means "randomly generated on the server side". This means that the session identifier is created by the server in a random manner. It is not a combination of the username and password, nor is it composed of the client's IP address. The random generation of the session identifier helps to ensure its uniqueness and security.

    Rate this question:

  • 3. 

    Za odbranu od snimanja korisnickog unosa putem tastature bolje je koristiti:

    • A.

      Bezicne tastature

    • B.

      Zicne tastature

    Correct Answer
    A. Bezicne tastature
    Explanation
    Wireless keyboards are better for protecting against keystroke logging because they do not require a physical connection to the computer. This means that it is more difficult for someone to intercept and record the keystrokes being entered. Wired keyboards, on the other hand, can be more vulnerable to keystroke logging as the connection between the keyboard and the computer can potentially be intercepted. Therefore, using wireless keyboards can provide an added layer of security for protecting user input from being recorded.

    Rate this question:

  • 4. 

    Virtualne privatne mreze (VPN) omogucavaju:

    • A.

      Verodostojnost

    • B.

      Poverljivost

    • C.

      Dostupnost

    Correct Answer(s)
    A. Verodostojnost
    B. Poverljivost
    Explanation
    Virtual private networks (VPNs) provide both authenticity and confidentiality. Authenticity ensures that the data being transmitted is from a trusted source and has not been tampered with. Confidentiality ensures that the data remains private and cannot be accessed by unauthorized parties. VPNs achieve this by encrypting the data and establishing a secure connection between the user's device and the network. This allows users to securely access and transmit sensitive information over public networks, such as the internet. VPNs do not directly provide availability, which refers to the accessibility and reliability of the network itself.

    Rate this question:

  • 5. 

    Infrastrukturni servir kojim administratori mogu automatizovano da dodeljuju mrezne parametre (adresu, masku, podrazumevani mrezni prolaz, DNS servere i slicno) je:

    • A.

      DNS

    • B.

      DHCP

    • C.

      SNMP

    Correct Answer
    B. DHCP
    Explanation
    DHCP stands for Dynamic Host Configuration Protocol. It is an infrastructure service that allows administrators to automatically assign network parameters such as IP address, subnet mask, default gateway, DNS servers, etc. to devices on a network. DHCP simplifies network administration by eliminating the need for manual configuration of network settings on each individual device. Instead, devices can obtain their network parameters dynamically from a DHCP server, which reduces the administrative overhead and ensures efficient network management.

    Rate this question:

  • 6. 

    U praksi, napadaci cesto nisu u mogucnosti da samostalno iscrpe odredjeni resurs, vec im je za to potrebna pomoc veceg broja racunara. Napadi u kojima ucestvuje veci broj racunara nazivaju se:

    • A.

      Multiplikovani napadi

    • B.

      Distribuirani napadi

    • C.

      Amplifikovani napadi

    Correct Answer
    B. Distribuirani napadi
    Explanation
    Distribuirani napadi su napadi u kojima učestvuje veći broj računara. U praksi, napadači često nemaju dovoljno resursa da samostalno iscrpe određeni resurs, pa im je potrebna pomoć većeg broja računara. Kada se koristi više računara za izvršavanje napada, povećava se i snaga napada, što čini distribuirane napade veoma efikasnim i opasnim.

    Rate this question:

  • 7. 

    Ping poplava (eng. ping flood) je tip napada za cije se izvrsavanje koristi:

    • A.

      TCP protokol

    • B.

      HTTP protokol

    • C.

      ICMP protokol

    Correct Answer
    C. ICMP protokol
    Explanation
    Ping flood (or ping poplava in Serbian) is a type of attack that utilizes the ICMP (Internet Control Message Protocol) protocol. ICMP is primarily used for diagnostic purposes and error reporting in IP networks. In a ping flood attack, the attacker overwhelms the target system with a large number of ICMP echo request packets (ping) in a short period of time. This flood of requests can cause the target system to become unresponsive or crash, leading to a denial of service (DoS) situation. Therefore, the correct answer is ICMP protocol.

    Rate this question:

  • 8. 

    Napadac koji se u privatnoj mrezi lazno predstavi kao DHCP server time direktno dobija mogucnost da:  

    • A.

      Obustavlja rad komutatora prepunjavanjem memorije

    • B.

      Preusmerava korisnike na lazni DNS server

    • C.

      Posreduje u komunikaciji izmedju clanova privatne i spoljne mreze

    • D.

      Posreduje u komunikaciji izmedju clanova privatne mreze medjusobno

    • E.

      Cita podatke sa hard-diskova obmanutih racunara

    Correct Answer(s)
    B. Preusmerava korisnike na lazni DNS server
    C. Posreduje u komunikaciji izmedju clanova privatne i spoljne mreze
    Explanation
    The attacker, by falsely impersonating a DHCP server in a private network, gains the ability to redirect users to a fake DNS server and also mediate communication between members of the private network and the external network.

    Rate this question:

  • 9. 

    Koncept cupa sa medom (engl. Honeypot) podrazumeva:

    • A.

      Konzerviranje bezbednosno osetljivih resursa

    • B.

      Namamljivanje napadaca u virtualno okruzenje

    • C.

      Postavljanje vrhunske zastite oko najznacajnijih resursa

    Correct Answer
    B. Namamljivanje napadaca u virtualno okruzenje
    Explanation
    The concept of a honeypot involves luring attackers into a virtual environment. This technique is used as a cybersecurity strategy to gather information about potential threats, study attacker behavior, and protect valuable resources. By creating a tempting target that appears vulnerable, organizations can divert attackers' attention from their actual critical systems and gain insights into their tactics, techniques, and motives. This allows for better understanding and mitigation of potential risks.

    Rate this question:

  • 10. 

    Kod otkrivanja skrivenih sekcija na serveru, napadacu moze posluziti:

    • A.

      Verzija Veb aplikacije koja se koristi

    • B.

      Fajl robots.txt

    • C.

      Identifikator sesije (session id)

    Correct Answer
    B. Fajl robots.txt
    Explanation
    The correct answer is "Fajl robots.txt". The robots.txt file is a text file that is placed on a website's server to provide instructions to web crawlers and search engine bots about which areas of the site should not be crawled or indexed. By accessing the robots.txt file, an attacker can gain information about the server's directory structure and potentially identify hidden sections or sensitive areas of the website. This information can then be used to plan and execute further attacks.

    Rate this question:

  • 11. 

    Za uspesno koriscenje Port Security bezbednosne funkcije neophodno je: 

    • A.

      Da se koristi L3 komutator

    • B.

      Da su na komutatoru ispravno podeljene uloge portovima

    • C.

      Da se definisu bezbedni portovi iz opsega 0-65535

    Correct Answer
    B. Da su na komutatoru ispravno podeljene uloge portovima
    Explanation
    To successfully use the Port Security security feature, it is necessary to correctly assign roles to the ports on the switch.

    Rate this question:

  • 12. 

    Ogranicenje kod Internet domena je:

    • A.

      63 segmenata, 127 znakova po segmentu, 255 znakova ukupno

    • B.

      255 segmenata, 127 znakova po segmentu, 63 znakova ukupno

    • C.

      127 segmenata, 63 znakova po segmentu, 255 znakova ukupno

    Correct Answer
    C. 127 segmenata, 63 znakova po segmentu, 255 znakova ukupno
    Explanation
    The correct answer is 127 segmenata, 63 znakova po segmentu, 255 znakova ukupno. This is because the maximum length for an Internet domain name is 255 characters, which includes the periods between segments. Each segment can have a maximum of 63 characters. Therefore, there can be up to 127 segments in a domain name.

    Rate this question:

  • 13. 

    Napad pod nazivom 'zabadanje nosa u kes DNS servera' (engl. DNS Cache Snooping) ima za cilj da:

    • A.

      Krajnjem korisniku DNS servisa poturi lazne podatke

    • B.

      Utvrdi kojim domenima su korisnici pristupali

    • C.

      Izmeni sadrzaj hosts fajla na racunarima korisnika

    Correct Answer
    B. Utvrdi kojim domenima su korisnici pristupali
    Explanation
    The correct answer is "Utvrdi kojim domenima su korisnici pristupali" which means "Determine which domains users have accessed". This suggests that the purpose of the attack called "DNS Cache Snooping" is to gather information about the domains that users have accessed.

    Rate this question:

  • 14. 

    U odbranu od SQL injection napada kod Veb aplikacija potrebno je:

    • A.

      Normalizovati ulazne podatke

    • B.

      Instalirati zastitni zid izmedju servera i korisnika

    • C.

      Koristiti HTTPS umesto HTTP protokola

    Correct Answer
    A. Normalizovati ulazne podatke
    Explanation
    Normalizacija ulaznih podataka je važan korak u odbrani od SQL injection napada kod Veb aplikacija. Ovaj proces podrazumeva proveru, filtriranje i validaciju svih unetih podataka kako bi se osiguralo da su ispravni i bezbedni za dalju obradu. Normalizacija može uključivati uklanjanje specijalnih karaktera, enkodiranje podataka ili korišćenje parametrizovanih upita kako bi se sprečilo ubacivanje zlonamernog SQL koda. Ova mera pomaže u sprečavanju napadača da iskoriste ranjivosti u unosu podataka i izvrše neovlaštene SQL upite na bazi podataka.

    Rate this question:

  • 15. 

    Za izvrsavanje sledece  naredbe: ping -f 192.168.60.60 na Linuks sistemima je potreban: 

    • A.

      Iskljucen IP protokol u jezgru

    • B.

      Administratorski nalog

    • C.

      Mrezni interfejs u promiskuitetnom rezimu rada

    Correct Answer
    B. Administratorski nalog
    Explanation
    The correct answer is "Administratorski nalog" because executing the ping command with the -f flag (force option) on Linux systems requires administrative privileges. This is because the -f flag sends ping packets at a very high rate, which can potentially overwhelm the network and cause disruption. Therefore, only users with administrative access are allowed to use this option to prevent misuse or unauthorized network disruptions.

    Rate this question:

  • 16. 

    Administrator Veb servera je primetio zahtev za autentifikaciju korisnika kod koga je kao vrednost lozinke postavljen sledeci tekst: ' or true; --   Najverovatnije je da je u pitanju:

    • A.

      Neispravan kod HTML formulara

    • B.

      Slaba lozinka koju je lako razbiti putem recnika

    • C.

      Pokusaj SQL injection napada

    Correct Answer
    C. Pokusaj SQL injection napada
    Explanation
    The given answer suggests that the most likely explanation for the situation is an attempted SQL injection attack. The presence of the text "' or true;--" in the password field indicates an attempt to manipulate the SQL query to bypass authentication. This technique is commonly used by attackers to gain unauthorized access to a system by exploiting vulnerabilities in the application's database layer.

    Rate this question:

  • 17. 

    Primena 802.1X protokola u bezicnim privatnim racunarskim mrezama zasniva se na:

    • A.

      Virtualnim privatnim mrezama

    • B.

      Koriscenju digitalnih sertifikata

    • C.

      Lozinkama duzine od 8 do 64 bajta

    Correct Answer
    B. Koriscenju digitalnih sertifikata
    Explanation
    The use of digital certificates is the basis for implementing the 802.1X protocol in wireless private computer networks. Digital certificates are used to authenticate and verify the identity of network devices and users. They provide a secure and reliable way to establish trust and ensure that only authorized devices and users can access the network. By using digital certificates, the 802.1X protocol enhances the security of wireless networks by preventing unauthorized access and protecting against potential threats.

    Rate this question:

  • 18. 

    Virtualne privatne mreze koje prihvataju podatke iz privatnih mreza koje povezuju na nivou okvira, odnosno paketa protkola na sloju veze podataka:

    • A.

      Funkcionisu kao IPsec sistem zastite

    • B.

      Funkcionisu kao ruteri

    • C.

      Funkcionisu kao mrezni mostovi

    Correct Answer
    C. Funkcionisu kao mrezni mostovi
    Explanation
    Virtualne privatne mreže koje prihvataju podatke iz privatnih mreža koje povezuju na nivou okvira, odnosno paketa protokola na sloju veze podataka, funkcionišu kao mrežni mostovi. Mrežni mostovi su uređaji koji povezuju mreže na istom sloju i omogućavaju prenos podataka između njih. U ovom slučaju, virtualne privatne mreže deluju kao mostovi koji omogućavaju komunikaciju između privatnih mreža na sloju veze podataka.

    Rate this question:

  • 19. 

    Termin 'hranjenje na kasicicu' (engl. spoon feeding) kod Veb aplikacija podrazumeva koriscenje:

    • A.

      Proksi servera

    • B.

      Zastitnog zida

    • C.

      HTTP protokola

    Correct Answer
    A. Proksi servera
    Explanation
    The term "hranjenje na kasicicu" refers to spoon feeding in the context of web applications. Spoon feeding involves the use of a proxy server. A proxy server acts as an intermediary between the client and the web server, allowing the client to make requests to the server indirectly through the proxy. This can be beneficial in scenarios where the client wants to access restricted or blocked content, or when the client wants to improve performance by caching frequently accessed data. Therefore, the correct answer is "Proksi servera."

    Rate this question:

  • 20. 

    Postavljanje sledeceg koda u formular HTML stranice: <input type="file" value="C:\Users\AJ\zrm.pdf" style="display: none" /> imace sledeci efekat:

    • A.

      Prilikom slanja formulara bice ukraden i fajl od klijenta

    • B.

      Kradja fajla ce biti sprecena jer nisu dozvoljene podrazumevane vrednosti za kontrole za slanje fajlova

    • C.

      Kradja fajla ce biti sprecena jer nije dozvoljeno skrivanje kontrole za slanje fajlova

    Correct Answer
    A. Prilikom slanja formulara bice ukraden i fajl od klijenta
    Explanation
    The given code snippet includes an input element of type "file" with a specified value attribute. This value attribute is set to a specific file path on the client's computer ("C:\Users\AJ\zrm.pdf"). However, the "value" attribute of a file input element is read-only and cannot be set programmatically due to security reasons. Therefore, when the form is submitted, the actual file that will be uploaded is determined by the user's selection and not by the value attribute. Thus, the statement "Prilikom slanja formulara bice ukraden i fajl od klijenta" is incorrect.

    Rate this question:

  • 21. 

    Kod razresavanja imena domena prednost ima:

    • A.

      DNS server

    • B.

      Korisnik sam odredjuje za pojedinacne upite

    • C.

      Hosts fajl

    Correct Answer
    A. DNS server
    Explanation
    When resolving domain names, the DNS server has the advantage. It is responsible for translating domain names into IP addresses, allowing users to access websites and other online services. The DNS server maintains a database of domain names and their corresponding IP addresses, allowing it to quickly and efficiently resolve queries. On the other hand, the user determining individual queries or the hosts file are not as efficient or comprehensive as the DNS server in resolving domain names.

    Rate this question:

  • 22. 

    Primena Wired Equivalent Privacy protkola u bezicnim privatnim racunarskim mrezama je: 

    • A.

      Jos uvek nerasprostranjena zbog slozenosti upotrebe

    • B.

      Prevazidjena i ne preporucuje se

    • C.

      Preporucena i najcesce koriscena bezbednosna opcija

    Correct Answer
    B. Prevazidjena i ne preporucuje se
    Explanation
    The given answer states that the use of the Wired Equivalent Privacy protocol in wireless private computer networks is outdated and not recommended. This implies that the protocol is no longer considered secure or effective in protecting the network from unauthorized access. Therefore, it is not recommended to use this protocol anymore.

    Rate this question:

  • 23. 

    Najcesca svrha unosenja sledeceg zapisa 203.0.113.123 accounts.google.com u hosts fajl zrtve je:

    • A.

      Onemogucavanje pristupa zrtve Internetu

    • B.

      Preusmeravanje zrtve na komunikaciju sa lazim serverom

    • C.

      Izvrsavanje napada na adresu 203.0.113.123

    Correct Answer
    B. Preusmeravanje zrtve na komunikaciju sa lazim serverom
    Explanation
    The most common purpose of entering the given record in the victim's hosts file is to redirect the victim to communicate with a fake server.

    Rate this question:

  • 24. 

    Napad ilustrovan sledecim psudo-kodom: dok god DHCP server vraca IP adresu: { preuzmi adresu od DHCP servera povecaj MAC adresu mreznog interfejsa za 1 } poznat je pod nazivom:

    • A.

      Multi-mac-attack, mma

    • B.

      Starvation atack

    • C.

      Napad laznim DHCP serverom

    Correct Answer
    B. Starvation atack
    Explanation
    The given pseudocode suggests that the attacker continuously requests IP addresses from the DHCP server, causing it to run out of available addresses for legitimate clients. This type of attack is known as a "Starvation attack." The attacker is essentially starving the DHCP server by continuously requesting IP addresses, making it unable to allocate addresses to other devices on the network.

    Rate this question:

  • 25. 

    Preotimanje sesije (engl. session hijacking) kod Veb aplikacija je postupak  kod koga:

    • A.

      Napadac onemogucava autentifikaciju regularnog korisnika

    • B.

      Napadac preuzima ulogu korisnika koji se regularno autentifikovao

    • C.

      Napadac onemogucava regularno autentifikovanom korisniku da pristupi serveru

    Correct Answer
    B. Napadac preuzima ulogu korisnika koji se regularno autentifikovao
    Explanation
    Session hijacking is a process where an attacker takes over the role of a legitimately authenticated user. This means that the attacker gains unauthorized access to the user's session and can perform actions on behalf of the user without their knowledge or consent. This can lead to various malicious activities such as stealing sensitive information, manipulating data, or performing unauthorized transactions. The attacker essentially impersonates the authenticated user, allowing them to exploit their privileges and potentially cause harm.

    Rate this question:

  • 26. 

    Podaci iz baze podataka sa kojom radi DNS server uglavnom:

    • A.

      Jesu strogo poverljivi

    • B.

      Nisu kategorisani po pitanju poverljivosti

    • C.

      Nisu strogo poverljivi

    Correct Answer
    C. Nisu strogo poverljivi
    Explanation
    The given correct answer states that the data from the database that the DNS server works with is not strictly confidential. This means that the data is not highly sensitive or classified, and there may be some level of accessibility or transparency in its handling.

    Rate this question:

  • 27. 

    Da bi se sprecio napada trovanja kesa DNS servera potrebno je:

    • A.

      Digitalno potpisati odgovore servera

    • B.

      Iskljuciti upotrebu hosts fajlova

    • C.

      Koristiti DNS softver renomiranih proizvodjaca

    Correct Answer
    A. Digitalno potpisati odgovore servera
    Explanation
    To prevent poisoning attacks on DNS servers, it is necessary to digitally sign the server's responses. This ensures the authenticity and integrity of the responses, making it difficult for attackers to manipulate the DNS data and redirect users to malicious websites. By digitally signing the responses, the server can provide a cryptographic proof that the data has not been tampered with, increasing the security of the DNS system.

    Rate this question:

  • 28. 

    Pod zastitom medjumreznih komunikacija podrazumeva se bezbedno povezivanje:

    • A.

      Dve nesusedne mreze preko bezbednih komunikacionih kanala

    • B.

      Dve susedne racunarske mreze

    • C.

      Dve nesusedne mreze preko nebezbednih komunikacionih kanala

    Correct Answer
    C. Dve nesusedne mreze preko nebezbednih komunikacionih kanala
    Explanation
    Under the protection of inter-network communication, it is assumed that there is a secure connection between two non-adjacent networks through insecure communication channels.

    Rate this question:

  • 29. 

    Bezbednosna prosirenja sistema domenskih imena (engl. Domain Name System Security Extensions, DNSSEC) krajnjim korisnicima prvenstveno omogucavaju:

    • A.

      Verodostojnost

    • B.

      Dostupnost

    • C.

      Poverljivost

    Correct Answer
    A. Verodostojnost
    Explanation
    DNSSEC (Domain Name System Security Extensions) primarily provide end users with authenticity. This means that DNSSEC ensures that the information received from DNS servers has not been tampered with and comes from a trusted source. It uses digital signatures to verify the authenticity of DNS data, preventing DNS spoofing and other malicious activities. By ensuring authenticity, DNSSEC helps users trust the information they receive from the DNS system, enhancing the security and reliability of their online activities.

    Rate this question:

  • 30. 

    Iscrpljivanje centralnog procesora i memorije servera uglavnom se vrsi:

    • A.

      Slanjem velikog broja ICMP zahteva

    • B.

      Slanjem zahteva sa naloga za koji su ukradeni pristupni parametri

    • C.

      Slanjem zahteva koji su tako formirani da iziskuju veliko vreme za obradu

    • D.

      Slanjem zahteva sa naloga kod koga je oteta sesija

    • E.

      Slanjem velikog broja zahteva

    Correct Answer(s)
    C. Slanjem zahteva koji su tako formirani da iziskuju veliko vreme za obradu
    E. Slanjem velikog broja zahteva
    Explanation
    The correct answer is sending requests that are designed to require a long processing time and sending a large number of requests. This is because overwhelming the central processor and memory of a server can lead to slowdowns or crashes, and this can be achieved by either sending requests that take a long time to process or by sending a large volume of requests.

    Rate this question:

  • 31. 

    Bezicna pristupna tacka za IEEE 802.11 tehnologiju se po nacinu logici prosledjivanja okvira moze uporediti sa:

    • A.

      Ruterom

    • B.

      Eternet habom

    • C.

      Eternet komutatorom

    Correct Answer
    B. Eternet habom
    Explanation
    A wireless access point for IEEE 802.11 technology can be compared to an Ethernet hub in terms of the way it forwards frame logic. Both the wireless access point and the Ethernet hub operate at the physical layer of the network and simply broadcast incoming frames to all connected devices without any intelligence to determine the destination. This is in contrast to an Ethernet switch, which operates at the data link layer and uses MAC addresses to selectively forward frames to the appropriate destination device.

    Rate this question:

  • 32. 

    Za identifikovanje  strana koje komuniciraju putem virtualne privatne mreze koriste se:

    • A.

      Javne IP adrese

    • B.

      Parovi korisnickih imena i lozinki

    • C.

      Digitalni sertifikati

    • D.

      Kljucevi

    • E.

      Fizicke adrese

    • F.

      Biometrijski parametri korisnika

    Correct Answer(s)
    B. Parovi korisnickih imena i lozinki
    C. Digitalni sertifikati
    D. Kljucevi
    Explanation
    To identify the parties communicating through a virtual private network (VPN), pairs of usernames and passwords, digital certificates, and keys are used. These authentication methods ensure that only authorized users can access the VPN and communicate securely. Public IP addresses, physical addresses, and biometric parameters are not typically used for identification in VPN communication.

    Rate this question:

  • 33. 

    Napad u Eternet mrezama kod koga napadac drugim clanovima prijavljuje fizicke adrese clanova kao svoje naziva se:

    • A.

      ARP Cache Poisoning

    • B.

      ARP Spoofing

    • C.

      Napad na STP protkol

    • D.

      Prepunjavanje adresne memorije komutatora

    • E.

      VLAN hopping

    Correct Answer(s)
    A. ARP Cache Poisoning
    B. ARP Spoofing
    Explanation
    ARP Cache Poisoning, also known as ARP Spoofing, is a type of attack in Ethernet networks where an attacker falsely associates their own MAC address with the IP address of another network device. By doing this, the attacker can intercept and modify network traffic, leading to potential security breaches and unauthorized access to sensitive information. This attack takes advantage of the Address Resolution Protocol (ARP) to manipulate the ARP cache of the network devices, causing them to send data to the attacker instead of the intended recipient.

    Rate this question:

  • 34. 

    Napad na Veb aplikacije kod koga napadac posebnim zahtevima umece sopstveni sadrzaj u rezultat koji ce server vratiti je:

    • A.

      Napad umetanja sadrzaja (engl. Content Insertion Attack, CIA)

    • B.

      Umetanje SQL koda (engl. SQL injection)

    • C.

      Unakrsno skriptovanje (engl. Cross Site Scripting, XSS)

    Correct Answer
    C. Unakrsno skriptovanje (engl. Cross Site Scripting, XSS)
    Explanation
    The correct answer is "Cross Site Scripting (XSS)". This is a type of attack where the attacker is able to inject malicious scripts into a website, which are then executed by the users' browsers. This allows the attacker to steal sensitive information, manipulate website content, or redirect users to malicious websites. In this case, the attacker is able to insert their own content into the server's response by exploiting vulnerabilities in the web application.

    Rate this question:

  • 35. 

    Privatne racunarske mreze uglavnom smatraju bezbednim, na osnovu:

    • A.

      Vlasnistva nad svim kanalima i opremom

    • B.

      Upotrebe sifarskih mehanizama

    • C.

      Koriscenja iskljucivo zicnih tehnlogija

    Correct Answer
    A. Vlasnistva nad svim kanalima i opremom
    Explanation
    Private computer networks are generally considered secure based on ownership of all channels and equipment. This means that the organization or individual who owns the network has control over all the communication channels and the equipment used in the network. This control allows them to implement security measures and protocols to protect the network from unauthorized access and ensure the confidentiality, integrity, and availability of the data transmitted through the network. By having ownership over all the channels and equipment, they can also monitor and manage the network more effectively, further enhancing its security.

    Rate this question:

  • 36. 

    Veb servis je postao najkorisceniji servis Internet mreze, pre svega zahvaljujuci:

    • A.

      Omogucavanju koriscenja drugih servisa kao svojih podservisa

    • B.

      Visokom nivou bezbednosti koji nudi

    • C.

      Podrazumevano ukljucenom sifrovanju podataka koji se prenose

    Correct Answer
    A. Omogucavanju koriscenja drugih servisa kao svojih podservisa
    Explanation
    Veb servis je postao najkorisceniji servis Internet mreze zahvaljujući omogućavanju korišćenja drugih servisa kao svojih podservisa. Ova funkcionalnost omogućava Veb servisu da integriše druge servise i koristi njihove funkcionalnosti kako bi pružio bogatije i više personalizovano iskustvo korisnicima. Otvorenost i fleksibilnost Veb servisa omogućavaju razvoj različitih aplikacija i usluga koje koriste različite servise i omogućavaju korisnicima da prilagode svoje iskustvo prema svojim potrebama.

    Rate this question:

  • 37. 

    Napad ilustrovan sledecim pseudo-kodom: while(true) { ifconfig eth0 $MAC ping -c 1 132.168.1.1 $MAC++ } naziva se: 

    • A.

      Napad na STP protokol

    • B.

      ARP Cache Poisoning

    • C.

      ARP Spoofing

    • D.

      Prepunjavanje adresne memorije komutatora

    • E.

      VLAN hopping

    Correct Answer
    D. Prepunjavanje adresne memorije komutatora
    Explanation
    The given pseudo-code suggests that the attacker is continuously changing the MAC address of eth0 interface and pinging a specific IP address. This action can lead to the flooding or overwhelming of the address memory of a switch, causing it to become unresponsive or slow down. This type of attack is known as address table flooding or address memory flooding, which is the correct answer option given.

    Rate this question:

  • 38. 

    U tri osnovna metoda za procenu bezbednosti odredjnog racunarskog sistema ili racunarske mreze spadaju:

    • A.

      Ispitivanje

    • B.

      Zamena zaposlenih

    • C.

      Spijuniranje sistema

    • D.

      Bezbednosna provera

    • E.

      Intervjuisanje

    • F.

      Socijalni inzenjering

    Correct Answer(s)
    A. Ispitivanje
    D. Bezbednosna provera
    E. Intervjuisanje
    Explanation
    The three basic methods for assessing the security of a computer system or network are testing, security auditing, and interviewing. Testing involves actively probing the system to identify vulnerabilities and weaknesses. Security auditing involves conducting a thorough examination of the system's security measures and controls. Interviewing involves speaking with individuals who have knowledge of the system to gather information about its security practices. These methods collectively provide a comprehensive evaluation of the system's security posture.

    Rate this question:

  • 39. 

    Izolovanih privatnih racunarskih mreza (koje nemaju vezu sa Internetom) danas je:

    • A.

      Oko 80%, konstantno

    • B.

      Sve vise

    • C.

      Sve manje

    Correct Answer
    C. Sve manje
    Explanation
    The correct answer is "Sve manje" which translates to "Decreasing". This suggests that the number of isolated private computer networks that do not have internet connection is decreasing. This could be due to the increasing need for internet connectivity in today's digital age, where most businesses and individuals rely heavily on the internet for communication, information, and various online services.

    Rate this question:

  • 40. 

    U situaciji kada clanovi dve udaljene mreze, koje koriste 192.168.1.0/24 i 192.168.2.0/24 opsege adresa, a povezane su Internetom, zele da komuniciraju direktno, moguca resenja su:  

    • A.

      VPN tunelovanje

    • B.

      VLAN

    • C.

      Rutiranje

    • D.

      Koriscenje  SNAT i Port Forwarding mehanizama

    Correct Answer
    A. VPN tunelovanje
    Explanation
    In this situation, where members of two distant networks, using 192.168.1.0/24 and 192.168.2.0/24 address ranges, want to communicate directly, VPN tunneling is a possible solution. VPN (Virtual Private Network) tunneling creates a secure and encrypted connection over the internet, allowing the two networks to communicate as if they were directly connected. This ensures the confidentiality and integrity of the communication between the two networks.

    Rate this question:

  • 41. 

    Metod pod nazivom Blueprinting koristi se za 'uzimanje otisaka prsta' uredjaja sa podrskom za Bluetooth umrezavanje, odnosno za:                                

    • A.

      Identifikaciju korisnika putem biometrijskih parametara

    • B.

      Identifikaciju uredjaja na osnovu fizicke adrese

    • C.

      Preuzimanje bezbednosnih parametara sa uredjaja

    Correct Answer
    B. Identifikaciju uredjaja na osnovu fizicke adrese
    Explanation
    Blueprinting is a method used to obtain the fingerprint of a device with Bluetooth support. This method is used to identify devices based on their physical address, not for user identification or downloading security parameters.

    Rate this question:

  • 42. 

    Primer alata za otkrivanje propusta je:

    • A.

      Metasploit

    • B.

      Kissmet

    • C.

      Honeypot

    Correct Answer
    A. Metasploit
    Explanation
    Metasploit is the correct answer as it is a popular and widely used tool for detecting vulnerabilities in computer systems. It provides a comprehensive framework for penetration testing and vulnerability assessment. With a vast collection of exploits and payloads, Metasploit enables security professionals to identify and exploit weaknesses in a system's defenses. It also offers features like post-exploitation modules and social engineering tools, making it an essential tool in the arsenal of ethical hackers and security researchers.

    Rate this question:

  • 43. 

    U osnovne podatke koji se mogu dobiti snimanjem aktivnosti misa na nekom racunaru spadaju: 

    • A.

      Vrednosti polja nad kojima se mis nalazi

    • B.

      Aktivirani tasteri

    • C.

      X i y koordinate

    • D.

      Spisak aktivnih aplikacija na racunaru

    Correct Answer(s)
    A. Vrednosti polja nad kojima se mis nalazi
    B. Aktivirani tasteri
    C. X i y koordinate
    Explanation
    The basic data that can be obtained by recording mouse activity on a computer includes the values of the fields over which the mouse is located, the activated buttons, and the x and y coordinates. It does not include the list of active applications on the computer.

    Rate this question:

  • 44. 

    Napad u Eternet mrezama kod koga napadac salje okvire sa tzv. dvostrukim oznakama (double tagging) naziva se:

    • A.

      Napad na STP protkol

    • B.

      ARP Cache Poisoning

    • C.

      Prepunjavanje adresne memorije komutatora

    • D.

      VLAN hopping

    • E.

      ARP Spoofing

    Correct Answer
    D. VLAN hopping
    Explanation
    VLAN hopping is a type of attack in Ethernet networks where an attacker sends frames with double tagging, also known as double encapsulation. This allows the attacker to bypass the security measures in place and gain unauthorized access to different VLANs. By sending frames with multiple VLAN tags, the attacker tricks the switch into forwarding the frames to a different VLAN than intended, giving them access to sensitive information and resources. This attack takes advantage of vulnerabilities in the VLAN configuration and can be used to gain unauthorized access or perform other malicious activities within the network.

    Rate this question:

  • 45. 

    Virtualne privatne mreze (VPN) koriste se za:

    • A.

      Povezivanje virtualnih masina

    • B.

      Pravljenje virtualnih privatnih mreza na jedinstvenoj fizickoj infrastrukturi

    • C.

      Bezbedno povezivanje udaljenih privatnih mreza

    Correct Answer
    C. Bezbedno povezivanje udaljenih privatnih mreza
    Explanation
    VPN koriste se za bezbedno povezivanje udaljenih privatnih mreža. VPN omogućava enkripciju podataka koji se prenose preko javne mreže, što osigurava privatnost i sigurnost komunikacije između udaljenih mreža. Ovo je posebno korisno za organizacije koje imaju više poslovnih lokacija ili za pojedince koji žele sigurno pristupiti svojoj privatnoj mreži dok su van nje.

    Rate this question:

  • 46. 

    Da bi uspesno izvrsio preootimanje sesije (engl. session hijacking) kod Veb aplikacija napadac mora da zna vrednost:

    • A.

      Identifikatora sesije (engl. session id)

    • B.

      Korisnickog imena i lozinke regularnog korisnika

    • C.

      Porta koji se koristi na strani klijenta

    Correct Answer
    A. Identifikatora sesije (engl. session id)
    Explanation
    To successfully perform session hijacking in web applications, an attacker needs to know the value of the session identifier (session id). The session id is a unique identifier assigned to each user's session, allowing the server to differentiate between different users. By obtaining the session id, an attacker can impersonate the user and gain unauthorized access to their session, potentially compromising sensitive information and performing malicious actions on their behalf.

    Rate this question:

  • 47. 

    Napad koji se zasniva na mogucnosti napadaca da 'pinguje' (salje ICMP zahteve) emisionu adresu mreze, odnosno sve racunare u lokalnoj mrezi, kao i da u tim zahtevima lazira izvrsnu adresu, tj. da kao izvor zahteva navede racunar na koji vrsi napad, naziva se:

    • A.

      Denial of Service (DoS)

    • B.

      Smurf napad

    • C.

      Session hijacking

    Correct Answer
    B. Smurf napad
    Explanation
    A smurf attack is a type of attack where the attacker sends ICMP requests (ping) to the broadcast address of a network, causing all the computers in the local network to respond to the victim's IP address. The attacker also spoofs the source address in the requests, making it appear as if the requests are coming from the victim's computer. This flood of responses overwhelms the victim's network, causing a denial of service.

    Rate this question:

  • 48. 

    Za otkrivanje verzije aplikacije koja se koristi na serveru, a ciji je izvorni kod javno dostupan, uglavnom se koriste:  

    • A.

      Propusti na Veb serveru

    • B.

      Razlike izmedju fajlova u razlicitim verzijama

    • C.

      SQL injection napadi

    Correct Answer
    A. Propusti na Veb serveru
    Explanation
    To detect the version of an application used on a server, vulnerabilities in the web server are commonly used. These vulnerabilities can provide information about the version of the application being used. By exploiting these vulnerabilities, an attacker can gather information about the server and the application running on it. This information can be used for further attacks or exploitation.

    Rate this question:

  • 49. 

    Prikazana sema stanja odnosi se na: 

    • A.

      Intervjuisanje

    • B.

      Socijalni inzenjering

    • C.

      Proveru probojnosti

    Correct Answer
    C. Proveru probojnosti
    Explanation
    The given state diagram represents "Proveru probojnosti" which translates to "Penetration testing" in English. Penetration testing is a method of assessing the security of a system by simulating an attack to identify vulnerabilities. The state diagram likely illustrates the different stages or steps involved in conducting a penetration test.

    Rate this question:

  • 50. 

    Napad prikazan na sldecoj slici koji koristi ICMP protkol naziva se:

    • A.

      Smurf napad

    • B.

      ICMP broadcast napad

    • C.

      Ethernet Comutator Amplification napad

    Correct Answer
    A. Smurf napad
    Explanation
    The correct answer is Smurf napad. A Smurf attack is a type of DDoS attack that uses ICMP (Internet Control Message Protocol) packets to flood a target network with a large volume of traffic. The attacker sends ICMP echo requests (ping) to a broadcast IP address, spoofing the source IP address to be the victim's IP address. This causes all the devices on the network to respond to the victim's IP address, overwhelming it with traffic and potentially causing it to become unavailable.

    Rate this question:

Back to Top Back to top
Advertisement