1.
Bezbednosna funkcija na komutatorima, poznata pod nazivom Port Security omogucava odbranu od sledecih tipova napada:
Correct Answer(s)
A. DHCP starvation attack
E. Prepunjavanje memorije komutatora
Explanation
Port Security is a security feature on switches that allows defense against unauthorized access and various types of attacks. DHCP starvation attack is a type of attack where an attacker exhausts the available IP addresses on a DHCP server, preventing legitimate devices from obtaining an IP address. Memory overflow on a switch occurs when the switch's memory is overwhelmed with excessive traffic or data, causing it to become unresponsive or crash. By implementing Port Security, switches can protect against both DHCP starvation attacks and memory overflow attacks by limiting the number of MAC addresses allowed on a specific port.
2.
Identifikator sesije je u sustini sesijski kljuc koji je:
Correct Answer
B. Slucajno generisan na strani servera
Explanation
The correct answer is "Slucajno generisan na strani servera" which means "randomly generated on the server side". This means that the session identifier is created by the server in a random manner. It is not a combination of the username and password, nor is it composed of the client's IP address. The random generation of the session identifier helps to ensure its uniqueness and security.
3.
Za odbranu od snimanja korisnickog unosa putem tastature bolje je koristiti:
Correct Answer
A. Bezicne tastature
Explanation
Wireless keyboards are better for protecting against keystroke logging because they do not require a physical connection to the computer. This means that it is more difficult for someone to intercept and record the keystrokes being entered. Wired keyboards, on the other hand, can be more vulnerable to keystroke logging as the connection between the keyboard and the computer can potentially be intercepted. Therefore, using wireless keyboards can provide an added layer of security for protecting user input from being recorded.
4.
Virtualne privatne mreze (VPN) omogucavaju:
Correct Answer(s)
A. Verodostojnost
B. Poverljivost
Explanation
Virtual private networks (VPNs) provide both authenticity and confidentiality. Authenticity ensures that the data being transmitted is from a trusted source and has not been tampered with. Confidentiality ensures that the data remains private and cannot be accessed by unauthorized parties. VPNs achieve this by encrypting the data and establishing a secure connection between the user's device and the network. This allows users to securely access and transmit sensitive information over public networks, such as the internet. VPNs do not directly provide availability, which refers to the accessibility and reliability of the network itself.
5.
Infrastrukturni servir kojim administratori mogu automatizovano da dodeljuju mrezne parametre (adresu, masku, podrazumevani mrezni prolaz, DNS servere i slicno) je:
Correct Answer
B. DHCP
Explanation
DHCP stands for Dynamic Host Configuration Protocol. It is an infrastructure service that allows administrators to automatically assign network parameters such as IP address, subnet mask, default gateway, DNS servers, etc. to devices on a network. DHCP simplifies network administration by eliminating the need for manual configuration of network settings on each individual device. Instead, devices can obtain their network parameters dynamically from a DHCP server, which reduces the administrative overhead and ensures efficient network management.
6.
U praksi, napadaci cesto nisu u mogucnosti da samostalno iscrpe odredjeni resurs, vec im je za to potrebna pomoc veceg broja racunara. Napadi u kojima ucestvuje veci broj racunara nazivaju se:
Correct Answer
B. Distribuirani napadi
Explanation
Distribuirani napadi su napadi u kojima učestvuje veći broj računara. U praksi, napadači često nemaju dovoljno resursa da samostalno iscrpe određeni resurs, pa im je potrebna pomoć većeg broja računara. Kada se koristi više računara za izvršavanje napada, povećava se i snaga napada, što čini distribuirane napade veoma efikasnim i opasnim.
7.
Ping poplava (eng. ping flood) je tip napada za cije se izvrsavanje koristi:
Correct Answer
C. ICMP protokol
Explanation
Ping flood (or ping poplava in Serbian) is a type of attack that utilizes the ICMP (Internet Control Message Protocol) protocol. ICMP is primarily used for diagnostic purposes and error reporting in IP networks. In a ping flood attack, the attacker overwhelms the target system with a large number of ICMP echo request packets (ping) in a short period of time. This flood of requests can cause the target system to become unresponsive or crash, leading to a denial of service (DoS) situation. Therefore, the correct answer is ICMP protocol.
8.
Napadac koji se u privatnoj mrezi lazno predstavi kao DHCP server time direktno dobija mogucnost da:
Correct Answer(s)
B. Preusmerava korisnike na lazni DNS server
C. Posreduje u komunikaciji izmedju clanova privatne i spoljne mreze
Explanation
The attacker, by falsely impersonating a DHCP server in a private network, gains the ability to redirect users to a fake DNS server and also mediate communication between members of the private network and the external network.
9.
Koncept cupa sa medom (engl. Honeypot) podrazumeva:
Correct Answer
B. Namamljivanje napadaca u virtualno okruzenje
Explanation
The concept of a honeypot involves luring attackers into a virtual environment. This technique is used as a cybersecurity strategy to gather information about potential threats, study attacker behavior, and protect valuable resources. By creating a tempting target that appears vulnerable, organizations can divert attackers' attention from their actual critical systems and gain insights into their tactics, techniques, and motives. This allows for better understanding and mitigation of potential risks.
10.
Kod otkrivanja skrivenih sekcija na serveru, napadacu moze posluziti:
Correct Answer
B. Fajl robots.txt
Explanation
The correct answer is "Fajl robots.txt". The robots.txt file is a text file that is placed on a website's server to provide instructions to web crawlers and search engine bots about which areas of the site should not be crawled or indexed. By accessing the robots.txt file, an attacker can gain information about the server's directory structure and potentially identify hidden sections or sensitive areas of the website. This information can then be used to plan and execute further attacks.
11.
Za uspesno koriscenje Port Security bezbednosne funkcije neophodno je:
Correct Answer
B. Da su na komutatoru ispravno podeljene uloge portovima
Explanation
To successfully use the Port Security security feature, it is necessary to correctly assign roles to the ports on the switch.
12.
Ogranicenje kod Internet domena je:
Correct Answer
C. 127 segmenata, 63 znakova po segmentu, 255 znakova ukupno
Explanation
The correct answer is 127 segmenata, 63 znakova po segmentu, 255 znakova ukupno. This is because the maximum length for an Internet domain name is 255 characters, which includes the periods between segments. Each segment can have a maximum of 63 characters. Therefore, there can be up to 127 segments in a domain name.
13.
Napad pod nazivom 'zabadanje nosa u kes DNS servera' (engl. DNS Cache Snooping) ima za cilj da:
Correct Answer
B. Utvrdi kojim domenima su korisnici pristupali
Explanation
The correct answer is "Utvrdi kojim domenima su korisnici pristupali" which means "Determine which domains users have accessed". This suggests that the purpose of the attack called "DNS Cache Snooping" is to gather information about the domains that users have accessed.
14.
U odbranu od SQL injection napada kod Veb aplikacija potrebno je:
Correct Answer
A. Normalizovati ulazne podatke
Explanation
Normalizacija ulaznih podataka je važan korak u odbrani od SQL injection napada kod Veb aplikacija. Ovaj proces podrazumeva proveru, filtriranje i validaciju svih unetih podataka kako bi se osiguralo da su ispravni i bezbedni za dalju obradu. Normalizacija može uključivati uklanjanje specijalnih karaktera, enkodiranje podataka ili korišćenje parametrizovanih upita kako bi se sprečilo ubacivanje zlonamernog SQL koda. Ova mera pomaže u sprečavanju napadača da iskoriste ranjivosti u unosu podataka i izvrše neovlaštene SQL upite na bazi podataka.
15.
Za izvrsavanje sledece naredbe:
ping -f 192.168.60.60
na Linuks sistemima je potreban:
Correct Answer
B. Administratorski nalog
Explanation
The correct answer is "Administratorski nalog" because executing the ping command with the -f flag (force option) on Linux systems requires administrative privileges. This is because the -f flag sends ping packets at a very high rate, which can potentially overwhelm the network and cause disruption. Therefore, only users with administrative access are allowed to use this option to prevent misuse or unauthorized network disruptions.
16.
Administrator Veb servera je primetio zahtev za autentifikaciju korisnika kod koga je kao vrednost lozinke postavljen sledeci tekst:
' or true; --
Najverovatnije je da je u pitanju:
Correct Answer
C. Pokusaj SQL injection napada
Explanation
The given answer suggests that the most likely explanation for the situation is an attempted SQL injection attack. The presence of the text "' or true;--" in the password field indicates an attempt to manipulate the SQL query to bypass authentication. This technique is commonly used by attackers to gain unauthorized access to a system by exploiting vulnerabilities in the application's database layer.
17.
Primena 802.1X protokola u bezicnim privatnim racunarskim mrezama zasniva se na:
Correct Answer
B. Koriscenju digitalnih sertifikata
Explanation
The use of digital certificates is the basis for implementing the 802.1X protocol in wireless private computer networks. Digital certificates are used to authenticate and verify the identity of network devices and users. They provide a secure and reliable way to establish trust and ensure that only authorized devices and users can access the network. By using digital certificates, the 802.1X protocol enhances the security of wireless networks by preventing unauthorized access and protecting against potential threats.
18.
Virtualne privatne mreze koje prihvataju podatke iz privatnih mreza koje povezuju na nivou okvira, odnosno paketa protkola na sloju veze podataka:
Correct Answer
C. Funkcionisu kao mrezni mostovi
Explanation
Virtualne privatne mreže koje prihvataju podatke iz privatnih mreža koje povezuju na nivou okvira, odnosno paketa protokola na sloju veze podataka, funkcionišu kao mrežni mostovi. Mrežni mostovi su uređaji koji povezuju mreže na istom sloju i omogućavaju prenos podataka između njih. U ovom slučaju, virtualne privatne mreže deluju kao mostovi koji omogućavaju komunikaciju između privatnih mreža na sloju veze podataka.
19.
Termin 'hranjenje na kasicicu' (engl. spoon feeding) kod Veb aplikacija podrazumeva koriscenje:
Correct Answer
A. Proksi servera
Explanation
The term "hranjenje na kasicicu" refers to spoon feeding in the context of web applications. Spoon feeding involves the use of a proxy server. A proxy server acts as an intermediary between the client and the web server, allowing the client to make requests to the server indirectly through the proxy. This can be beneficial in scenarios where the client wants to access restricted or blocked content, or when the client wants to improve performance by caching frequently accessed data. Therefore, the correct answer is "Proksi servera."
20.
Postavljanje sledeceg koda u formular HTML stranice: <input type="file" value="C:\Users\AJ\zrm.pdf" style="display: none" />
imace sledeci efekat:
Correct Answer
A. Prilikom slanja formulara bice ukraden i fajl od klijenta
Explanation
The given code snippet includes an input element of type "file" with a specified value attribute. This value attribute is set to a specific file path on the client's computer ("C:\Users\AJ\zrm.pdf"). However, the "value" attribute of a file input element is read-only and cannot be set programmatically due to security reasons. Therefore, when the form is submitted, the actual file that will be uploaded is determined by the user's selection and not by the value attribute. Thus, the statement "Prilikom slanja formulara bice ukraden i fajl od klijenta" is incorrect.
21.
Kod razresavanja imena domena prednost ima:
Correct Answer
A. DNS server
Explanation
When resolving domain names, the DNS server has the advantage. It is responsible for translating domain names into IP addresses, allowing users to access websites and other online services. The DNS server maintains a database of domain names and their corresponding IP addresses, allowing it to quickly and efficiently resolve queries. On the other hand, the user determining individual queries or the hosts file are not as efficient or comprehensive as the DNS server in resolving domain names.
22.
Primena Wired Equivalent Privacy protkola u bezicnim privatnim racunarskim mrezama je:
Correct Answer
B. Prevazidjena i ne preporucuje se
Explanation
The given answer states that the use of the Wired Equivalent Privacy protocol in wireless private computer networks is outdated and not recommended. This implies that the protocol is no longer considered secure or effective in protecting the network from unauthorized access. Therefore, it is not recommended to use this protocol anymore.
23.
Najcesca svrha unosenja sledeceg zapisa
203.0.113.123 accounts.google.com
u hosts fajl zrtve je:
Correct Answer
B. Preusmeravanje zrtve na komunikaciju sa lazim serverom
Explanation
The most common purpose of entering the given record in the victim's hosts file is to redirect the victim to communicate with a fake server.
24.
Napad ilustrovan sledecim psudo-kodom:
dok god DHCP server vraca IP adresu:
{
preuzmi adresu od DHCP servera
povecaj MAC adresu mreznog interfejsa za 1
}
poznat je pod nazivom:
Correct Answer
B. Starvation atack
Explanation
The given pseudocode suggests that the attacker continuously requests IP addresses from the DHCP server, causing it to run out of available addresses for legitimate clients. This type of attack is known as a "Starvation attack." The attacker is essentially starving the DHCP server by continuously requesting IP addresses, making it unable to allocate addresses to other devices on the network.
25.
Preotimanje sesije (engl. session hijacking) kod Veb aplikacija je postupak kod koga:
Correct Answer
B. Napadac preuzima ulogu korisnika koji se regularno autentifikovao
Explanation
Session hijacking is a process where an attacker takes over the role of a legitimately authenticated user. This means that the attacker gains unauthorized access to the user's session and can perform actions on behalf of the user without their knowledge or consent. This can lead to various malicious activities such as stealing sensitive information, manipulating data, or performing unauthorized transactions. The attacker essentially impersonates the authenticated user, allowing them to exploit their privileges and potentially cause harm.
26.
Podaci iz baze podataka sa kojom radi DNS server uglavnom:
Correct Answer
C. Nisu strogo poverljivi
Explanation
The given correct answer states that the data from the database that the DNS server works with is not strictly confidential. This means that the data is not highly sensitive or classified, and there may be some level of accessibility or transparency in its handling.
27.
Da bi se sprecio napada trovanja kesa DNS servera potrebno je:
Correct Answer
A. Digitalno potpisati odgovore servera
Explanation
To prevent poisoning attacks on DNS servers, it is necessary to digitally sign the server's responses. This ensures the authenticity and integrity of the responses, making it difficult for attackers to manipulate the DNS data and redirect users to malicious websites. By digitally signing the responses, the server can provide a cryptographic proof that the data has not been tampered with, increasing the security of the DNS system.
28.
Pod zastitom medjumreznih komunikacija podrazumeva se bezbedno povezivanje:
Correct Answer
C. Dve nesusedne mreze preko nebezbednih komunikacionih kanala
Explanation
Under the protection of inter-network communication, it is assumed that there is a secure connection between two non-adjacent networks through insecure communication channels.
29.
Bezbednosna prosirenja sistema domenskih imena (engl. Domain Name System Security Extensions, DNSSEC) krajnjim korisnicima prvenstveno omogucavaju:
Correct Answer
A. Verodostojnost
Explanation
DNSSEC (Domain Name System Security Extensions) primarily provide end users with authenticity. This means that DNSSEC ensures that the information received from DNS servers has not been tampered with and comes from a trusted source. It uses digital signatures to verify the authenticity of DNS data, preventing DNS spoofing and other malicious activities. By ensuring authenticity, DNSSEC helps users trust the information they receive from the DNS system, enhancing the security and reliability of their online activities.
30.
Iscrpljivanje centralnog procesora i memorije servera uglavnom se vrsi:
Correct Answer(s)
C. Slanjem zahteva koji su tako formirani da iziskuju veliko vreme za obradu
E. Slanjem velikog broja zahteva
Explanation
The correct answer is sending requests that are designed to require a long processing time and sending a large number of requests. This is because overwhelming the central processor and memory of a server can lead to slowdowns or crashes, and this can be achieved by either sending requests that take a long time to process or by sending a large volume of requests.
31.
Bezicna pristupna tacka za IEEE 802.11 tehnologiju se po nacinu logici prosledjivanja okvira moze uporediti sa:
Correct Answer
B. Eternet habom
Explanation
A wireless access point for IEEE 802.11 technology can be compared to an Ethernet hub in terms of the way it forwards frame logic. Both the wireless access point and the Ethernet hub operate at the physical layer of the network and simply broadcast incoming frames to all connected devices without any intelligence to determine the destination. This is in contrast to an Ethernet switch, which operates at the data link layer and uses MAC addresses to selectively forward frames to the appropriate destination device.
32.
Za identifikovanje strana koje komuniciraju putem virtualne privatne mreze koriste se:
Correct Answer(s)
B. Parovi korisnickih imena i lozinki
C. Digitalni sertifikati
D. Kljucevi
Explanation
To identify the parties communicating through a virtual private network (VPN), pairs of usernames and passwords, digital certificates, and keys are used. These authentication methods ensure that only authorized users can access the VPN and communicate securely. Public IP addresses, physical addresses, and biometric parameters are not typically used for identification in VPN communication.
33.
Napad u Eternet mrezama kod koga napadac drugim clanovima prijavljuje fizicke adrese clanova kao svoje naziva se:
Correct Answer(s)
A. ARP Cache Poisoning
B. ARP Spoofing
Explanation
ARP Cache Poisoning, also known as ARP Spoofing, is a type of attack in Ethernet networks where an attacker falsely associates their own MAC address with the IP address of another network device. By doing this, the attacker can intercept and modify network traffic, leading to potential security breaches and unauthorized access to sensitive information. This attack takes advantage of the Address Resolution Protocol (ARP) to manipulate the ARP cache of the network devices, causing them to send data to the attacker instead of the intended recipient.
34.
Napad na Veb aplikacije kod koga napadac posebnim zahtevima umece sopstveni sadrzaj u rezultat koji ce server vratiti je:
Correct Answer
C. Unakrsno skriptovanje (engl. Cross Site Scripting, XSS)
Explanation
The correct answer is "Cross Site Scripting (XSS)". This is a type of attack where the attacker is able to inject malicious scripts into a website, which are then executed by the users' browsers. This allows the attacker to steal sensitive information, manipulate website content, or redirect users to malicious websites. In this case, the attacker is able to insert their own content into the server's response by exploiting vulnerabilities in the web application.
35.
Privatne racunarske mreze uglavnom smatraju bezbednim, na osnovu:
Correct Answer
A. Vlasnistva nad svim kanalima i opremom
Explanation
Private computer networks are generally considered secure based on ownership of all channels and equipment. This means that the organization or individual who owns the network has control over all the communication channels and the equipment used in the network. This control allows them to implement security measures and protocols to protect the network from unauthorized access and ensure the confidentiality, integrity, and availability of the data transmitted through the network. By having ownership over all the channels and equipment, they can also monitor and manage the network more effectively, further enhancing its security.
36.
Veb servis je postao najkorisceniji servis Internet mreze, pre svega zahvaljujuci:
Correct Answer
A. Omogucavanju koriscenja drugih servisa kao svojih podservisa
Explanation
Veb servis je postao najkorisceniji servis Internet mreze zahvaljujući omogućavanju korišćenja drugih servisa kao svojih podservisa. Ova funkcionalnost omogućava Veb servisu da integriše druge servise i koristi njihove funkcionalnosti kako bi pružio bogatije i više personalizovano iskustvo korisnicima. Otvorenost i fleksibilnost Veb servisa omogućavaju razvoj različitih aplikacija i usluga koje koriste različite servise i omogućavaju korisnicima da prilagode svoje iskustvo prema svojim potrebama.
37.
Napad ilustrovan sledecim pseudo-kodom:
while(true) {
ifconfig eth0 $MAC
ping -c 1 132.168.1.1
$MAC++
}
naziva se:
Correct Answer
D. Prepunjavanje adresne memorije komutatora
Explanation
The given pseudo-code suggests that the attacker is continuously changing the MAC address of eth0 interface and pinging a specific IP address. This action can lead to the flooding or overwhelming of the address memory of a switch, causing it to become unresponsive or slow down. This type of attack is known as address table flooding or address memory flooding, which is the correct answer option given.
38.
U tri osnovna metoda za procenu bezbednosti odredjnog racunarskog sistema ili racunarske mreze spadaju:
Correct Answer(s)
A. Ispitivanje
D. Bezbednosna provera
E. Intervjuisanje
Explanation
The three basic methods for assessing the security of a computer system or network are testing, security auditing, and interviewing. Testing involves actively probing the system to identify vulnerabilities and weaknesses. Security auditing involves conducting a thorough examination of the system's security measures and controls. Interviewing involves speaking with individuals who have knowledge of the system to gather information about its security practices. These methods collectively provide a comprehensive evaluation of the system's security posture.
39.
Izolovanih privatnih racunarskih mreza (koje nemaju vezu sa Internetom) danas je:
Correct Answer
C. Sve manje
Explanation
The correct answer is "Sve manje" which translates to "Decreasing". This suggests that the number of isolated private computer networks that do not have internet connection is decreasing. This could be due to the increasing need for internet connectivity in today's digital age, where most businesses and individuals rely heavily on the internet for communication, information, and various online services.
40.
U situaciji kada clanovi dve udaljene mreze, koje koriste 192.168.1.0/24 i 192.168.2.0/24 opsege adresa, a povezane su Internetom, zele da komuniciraju direktno, moguca resenja su:
Correct Answer
A. VPN tunelovanje
Explanation
In this situation, where members of two distant networks, using 192.168.1.0/24 and 192.168.2.0/24 address ranges, want to communicate directly, VPN tunneling is a possible solution. VPN (Virtual Private Network) tunneling creates a secure and encrypted connection over the internet, allowing the two networks to communicate as if they were directly connected. This ensures the confidentiality and integrity of the communication between the two networks.
41.
Metod pod nazivom Blueprinting koristi se za 'uzimanje otisaka prsta' uredjaja sa podrskom za Bluetooth umrezavanje, odnosno za:
Correct Answer
B. Identifikaciju uredjaja na osnovu fizicke adrese
Explanation
Blueprinting is a method used to obtain the fingerprint of a device with Bluetooth support. This method is used to identify devices based on their physical address, not for user identification or downloading security parameters.
42.
Primer alata za otkrivanje propusta je:
Correct Answer
A. Metasploit
Explanation
Metasploit is the correct answer as it is a popular and widely used tool for detecting vulnerabilities in computer systems. It provides a comprehensive framework for penetration testing and vulnerability assessment. With a vast collection of exploits and payloads, Metasploit enables security professionals to identify and exploit weaknesses in a system's defenses. It also offers features like post-exploitation modules and social engineering tools, making it an essential tool in the arsenal of ethical hackers and security researchers.
43.
U osnovne podatke koji se mogu dobiti snimanjem aktivnosti misa na nekom racunaru spadaju:
Correct Answer(s)
A. Vrednosti polja nad kojima se mis nalazi
B. Aktivirani tasteri
C. X i y koordinate
Explanation
The basic data that can be obtained by recording mouse activity on a computer includes the values of the fields over which the mouse is located, the activated buttons, and the x and y coordinates. It does not include the list of active applications on the computer.
44.
Napad u Eternet mrezama kod koga napadac salje okvire sa tzv. dvostrukim oznakama (double tagging) naziva se:
Correct Answer
D. VLAN hopping
Explanation
VLAN hopping is a type of attack in Ethernet networks where an attacker sends frames with double tagging, also known as double encapsulation. This allows the attacker to bypass the security measures in place and gain unauthorized access to different VLANs. By sending frames with multiple VLAN tags, the attacker tricks the switch into forwarding the frames to a different VLAN than intended, giving them access to sensitive information and resources. This attack takes advantage of vulnerabilities in the VLAN configuration and can be used to gain unauthorized access or perform other malicious activities within the network.
45.
Virtualne privatne mreze (VPN) koriste se za:
Correct Answer
C. Bezbedno povezivanje udaljenih privatnih mreza
Explanation
VPN koriste se za bezbedno povezivanje udaljenih privatnih mreža. VPN omogućava enkripciju podataka koji se prenose preko javne mreže, što osigurava privatnost i sigurnost komunikacije između udaljenih mreža. Ovo je posebno korisno za organizacije koje imaju više poslovnih lokacija ili za pojedince koji žele sigurno pristupiti svojoj privatnoj mreži dok su van nje.
46.
Da bi uspesno izvrsio preootimanje sesije (engl. session hijacking) kod Veb aplikacija napadac mora da zna vrednost:
Correct Answer
A. Identifikatora sesije (engl. session id)
Explanation
To successfully perform session hijacking in web applications, an attacker needs to know the value of the session identifier (session id). The session id is a unique identifier assigned to each user's session, allowing the server to differentiate between different users. By obtaining the session id, an attacker can impersonate the user and gain unauthorized access to their session, potentially compromising sensitive information and performing malicious actions on their behalf.
47.
Napad koji se zasniva na mogucnosti napadaca da 'pinguje' (salje ICMP zahteve) emisionu adresu mreze, odnosno sve racunare u lokalnoj mrezi, kao i da u tim zahtevima lazira izvrsnu adresu, tj. da kao izvor zahteva navede racunar na koji vrsi napad, naziva se:
Correct Answer
B. Smurf napad
Explanation
A smurf attack is a type of attack where the attacker sends ICMP requests (ping) to the broadcast address of a network, causing all the computers in the local network to respond to the victim's IP address. The attacker also spoofs the source address in the requests, making it appear as if the requests are coming from the victim's computer. This flood of responses overwhelms the victim's network, causing a denial of service.
48.
Za otkrivanje verzije aplikacije koja se koristi na serveru, a ciji je izvorni kod javno dostupan, uglavnom se koriste:
Correct Answer
A. Propusti na Veb serveru
Explanation
To detect the version of an application used on a server, vulnerabilities in the web server are commonly used. These vulnerabilities can provide information about the version of the application being used. By exploiting these vulnerabilities, an attacker can gather information about the server and the application running on it. This information can be used for further attacks or exploitation.
49.
Prikazana sema stanja odnosi se na:
Correct Answer
C. Proveru probojnosti
Explanation
The given state diagram represents "Proveru probojnosti" which translates to "Penetration testing" in English. Penetration testing is a method of assessing the security of a system by simulating an attack to identify vulnerabilities. The state diagram likely illustrates the different stages or steps involved in conducting a penetration test.
50.
Napad prikazan na sldecoj slici koji koristi ICMP protkol naziva se:
Correct Answer
A. Smurf napad
Explanation
The correct answer is Smurf napad. A Smurf attack is a type of DDoS attack that uses ICMP (Internet Control Message Protocol) packets to flood a target network with a large volume of traffic. The attacker sends ICMP echo requests (ping) to a broadcast IP address, spoofing the source IP address to be the victim's IP address. This causes all the devices on the network to respond to the victim's IP address, overwhelming it with traffic and potentially causing it to become unavailable.