This document contains questions and multiple choice options from a quiz about computer and network security topics. It includes questions about layers of the TCP stack, buffer overflow defenses, IIS vulnerabilities, Windows group policy for removable drives, session hijacking countermeasures, IIS vulnerabilities, IP spoofing, website defacement tools, session hijacking countermeasures, dominant attack strategies from a security report, and characteristics of computer Trojans. The document provides a quiz for students to test their knowledge of these security concepts.

1. Buy here:
http://theperfecthomework.com/cmit-321-quiz-4/
At what layer of the TCP stack does web browsing take place?
Question 1 options:
network
application
Internet
data link
Which of the following functions can used to defend against buffer overflows?
(Select all that apply.)
Question 6 options:
a) gets()

2. b) fgets()
c) strcopy()
d) strncopy()
Which of the following tools automates and takes advantage of directory traversal exploits in
IIS?
Question 3 options:
Msw3prt IPP Vulnerability
IIS_Traversal

3. ServerMask
IIS Xploit
Save
Previous PageNext Page
The Autorun feature of Removable Disks and CD Drives can be a threat to network Security.
What is the best course of action to remove Autorun for Removable Disks and CD Drives for
in Windows?
Question 5 options:
Tape the USB ports
Remove the CD-ROM Drive from the System
Use Group Policy
Provide Users without Administrative Rights
Save
Previous PageNext Page
Which of the following components help defend against session hijacking? (Select all that
apply.)
Question 6 options:

4. a) per-packet integrity checking
b) source routing
c) PPTP
d) SSL
Identify two vulnerabilities of Microsoft’s Internet Information Services (IIS) from the options
listed below. (Select two.)
Question 9 options:

5. a) mod_rewrite log escape filtering
b) ::$DATA IIS vulnerability
c) WebDAV/RPC exploits
d) mod_proxy reverse proxy exposure
Save
Previous PageNext Page

6. IP spoofing is not difficult and can be used in a variety of attacks. However, the attacker will
not see the packets that are returned to the spoofed IP address. In this case, the attacker
uses ______________ and then sniffs the traffic as it passes.
Question 11 options:
alternate data streams
source routing
session hijacking
a redirect
This is an example of a Trojan that can be utilized for Website Defacement?:
Question 14 options:
HTTrack
WGET
Restorator
CrimePack
Save
Previous PageNext Page

7. Which of the following is the best countermeasure against hijacking? (Select all that apply.)
Question 15 options:
a) Use unpredictable sequence numbers.
b) Do not use the TCP protocol.
c) Use encryption.
d) Limit the unique sessions token to each browser’s instance​.
Save

8. Previous PageNext Page
What were the two dominant attack strategies identified in Symantec's Threat Report?
Question 16 options:
Distributed Denial of Service
Focused Attack
Broader Strokes
Advanced Persistent Threats
he characteristics of these Trojans include the ability to open and close the CD-ROM tray?:
Question 19 options:
NetBus
Dark Comet
Poison Ivy
SubSeven