Professional Documents
Culture Documents
Quiz - Final Exam
Quiz - Final Exam
Final Exam
Started: May 6 at 10:32pm
Quiz Instructions
This exam is open-note, open-internet, open-book, but closed-neighbor. "Closed-neighbor" means no
collaboration with anyone.
By submitting your exam, you certify on your honor that you were not helped by any other person and
that you have not and will not help any person to take the exam.
Question 1 1 pts
Which of the following is true about vulnerability exploitation? Select all that apply.
Question 2 1 pts
Which password would take longer to bruteforce if you didn't know the pattern used to create the
password?
Fr0g...........
kjsf8924rj@!lS
kjsf8924rj@!lS
Fr0g...........
Question 3 1 pts
https://canvas.vt.edu/courses/184312/quizzes/511581/take 1/8
5/6/24, 10:33 PM Quiz: Final Exam
kjsf8924rj@!slS
Fr0g............
Question 4 1 pts
The password ZS:n9Q[6 was randomly drawn from a set of 95 characters. Given this password
complexity, approximately how long would it take to guess this password on average? Assume your
password cracking system can guess 500,000 passwords a second.
44 years
420 years
88 years
210 years
Question 5 1 pts
The password xNnWo6272k7x is drawn from a set of 62 characters and appears in the Rockyou
dictionary at position 14,344,112. Given this password complexity, how long will it take to guess this
password? Assume your password cracking system uses the Rockyou dictionary and can guess
500,000 passwords a second.
28.6 seconds
14.3 seconds
137,439 years
68,719.4 years
Question 6 1 pts
Assume that you generate a Diceware passphrase using a wordlist with 7776 words, and that the
words are all lowercase a-z (26 letters). Assume that you used 3 words -- cat, dog, fish. Joined with
spaces -- “cat dog fish”. Assume that an attacker knows how you constructed your password, how
many words, what word separator was used, and wordlist used, but does not know which words you
How many guesses on average would the attacker have to make to guess your
used.
passphrase?
Note:
https://canvas.vt.edu/courses/184312/quizzes/511581/take 2/8
5/6/24, 10:33 PM Quiz: Final Exam
(7776+3)/2
(7776+3)
(7776*3)
(7776^3)
(3^7776)/2
(7776*3)/2
(7776^3)/2
Question 7 1 pts
A PRNG is used to create a 128-bit key for an encryption algorithm. The PRNG outputs only one of
the following two 128-bit keys:
A849D1E199DD3
B19BA64373816
How many bits of entropy does a key coming from a system that uses this PRNG have?
Question 8 1 pts
Which of the following statements about password storage are correct? Select all that apply.
Passwords should be stored in a database as plaintext, so that users can be reminded what their password is.
https://canvas.vt.edu/courses/184312/quizzes/511581/take 3/8
5/6/24, 10:33 PM Quiz: Final Exam
Question 9 1 pts
Single-user mode in Linux/Unix computers enables someone physically present at the computer can
log in as root with a password. Which of the following statements are true? Select all that apply.
This demonstrates that the system designers chose to accept the risk of physical access.
This is only preventable on Apple devices, due to a government mandate on non-US computer manufacturers.
Question 10 1 pts
When is a zero-day exploit no longer considered to be a "zero-day”?
None of the above—the label “zero-day” refers to the magnitude or severity of an exploit
Question 11 1 pts
What is the tension wrench used for in lock picking? Select all that apply.
Bind the pins so they will stay above the shear line.
Question 12 1 pts
Social engineering tactics may includes which of the following?
Joining smokers outside for a work break and then following them back inside the building.
Bruteforcing a username and password for an ssh login
https://canvas.vt.edu/courses/184312/quizzes/511581/take 4/8
5/6/24, 10:33 PM Quiz: Final Exam
Spoofing one of a company's internal telephone numbers and calling someone inside the company to ask for
information.
Question 13 1 pts
A vulnerability assessment demonstrates how vulnerabilities can be exploited, whereas a penetration test checks
that security mitigations are in place.
A penetration test necessarily includes a vulnerability assessment as the first phase of the engagement.
A vulnerability assessment identifies vulnerabilities, but a penetration test demonstrates how security controls can
be bypassed.
Question 14 1 pts
How is a penetration test different from unauthorized hacking? Select all that apply.
Question 15 1 pts
Examine
the attached documents for the 2019 Coalfire engagement for Iowa State Court
Administration.
Was the engagement “black box” (penetration testers had no information about the targets
beforehand) or “white box” (full information about targets was provided)?
Black box
White box
Question 16 1 pts
Examine the attached documents for the 2019 Coalfire engagement for Iowa State Court
Administration.
No
Yes
Question 17 1 pts
Examine the attached documents for the 2019 Coalfire engagement for Iowa State Court
Administration.
Yes
https://canvas.vt.edu/courses/184312/quizzes/511581/take 6/8
5/6/24, 10:33 PM Quiz: Final Exam
No
Question 18 1 pts
Passive reconnaissance
DNS poisoning
Active reconnaissance
Network reconnaissance
DNS hacking
Question 19 1 pts
The XZ Utils attack of 2024 is an example of what sub-technique in the Mitre Att&ck framework?
Search Engines
Scan Databases
Code Repositories
Upload Malware
Content Injection
Masquerade Task or Service
https://canvas.vt.edu/courses/184312/quizzes/511581/take 7/8
5/6/24, 10:33 PM Quiz: Final Exam
Drive-by Target
SEO Poisoning
Question 20 1 pts
In the 2024 Volt Typhoon case, the attackers executing the following Powershell command is an
example of what technique (check all that apply)?
Defense evasion
Snooping
PowerShell hacking
Question 21 1 pts
According to Deviant Ollam, lock picking should be performed before attempting to slide objects
between gaps in the door or under-the-door attacks.
True
False
https://canvas.vt.edu/courses/184312/quizzes/511581/take 8/8