5/6/24, 10:33 PM Quiz: Final Exam

Final Exam
Started: May 6 at 10:32pm

Quiz Instructions
This exam is open-note, open-internet, open-book, but closed-neighbor. "Closed-neighbor" means no
collaboration with anyone.

By submitting your exam, you certify on your honor that you were not helped by any other person and
that you have not and will not help any person to take the exam.


Question 1 1 pts

Which of the following is true about vulnerability exploitation? Select all that apply.

Exploits can attack services that listen on ports

Exploits are payloads

Exploits only work against zero-day vulnerabilities

Exploits can only be written in low-level computer languages such as assembly


Question 2 1 pts

Which password would take longer to bruteforce if you didn't know the pattern used to create the
password?

Fr0g...........
kjsf8924rj@!lS

kjsf8924rj@!lS

They would take the same amount of time.

Fr0g...........


Question 3 1 pts

Which password is stronger in terms of entropy and Kerckhoffs's principle?


Fr0g...........
kjsf8924rj@!lS

https://canvas.vt.edu/courses/184312/quizzes/511581/take 1/8
5/6/24, 10:33 PM Quiz: Final Exam

kjsf8924rj@!slS

They are equal in terms of entropy and Kerchoff's principle.

Fr0g............


Question 4 1 pts
The password ZS:n9Q[6 was randomly drawn from a set of 95 characters. Given this password
complexity, approximately how long would it take to guess this password on average? Assume your
password cracking system can guess 500,000 passwords a second.

44 years

420 years

88 years

210 years


Question 5 1 pts
The password xNnWo6272k7x is drawn from a set of 62 characters and appears in the Rockyou
dictionary at position 14,344,112. Given this password complexity, how long will it take to guess this
password? Assume your password cracking system uses the Rockyou dictionary and can guess
500,000 passwords a second.

28.6 seconds

14.3 seconds

137,439 years

68,719.4 years


Question 6 1 pts

Assume that you generate a Diceware passphrase using a wordlist with 7776 words, and that the
words are all lowercase a-z (26 letters). Assume that you used 3 words -- cat, dog, fish. Joined with
spaces -- “cat dog fish”. Assume that an attacker knows how you constructed your password, how
many words, what word separator was used, and wordlist used, but does not know which words you
 How many guesses on average would the attacker have to make to guess your
used.
passphrase?

Note:
https://canvas.vt.edu/courses/184312/quizzes/511581/take 2/8
5/6/24, 10:33 PM Quiz: Final Exam

^ denotes “raised to the power of”

* denotes multiplication
/ denotes division

(7776+3)/2

(7776+3)

(7776*3)

(7776^3)

(3^7776)/2

(7776*3)/2

(7776^3)/2


Question 7 1 pts

A PRNG is used to create a 128-bit key for an encryption algorithm. The PRNG outputs only one of
the following two 128-bit keys:

A849D1E199DD3

B19BA64373816

How many bits of entropy does a key coming from a system that uses this PRNG have?


Question 8 1 pts
Which of the following statements about password storage are correct? Select all that apply.

Passwords should be encrypted before being stored in a database

Passwords should not be stored in a database

Passwords should be stored in a database as plaintext, so that users can be reminded what their password is.

Password hashes should be salted


Passwords should be hashed before being stored in a database


https://canvas.vt.edu/courses/184312/quizzes/511581/take 3/8
5/6/24, 10:33 PM Quiz: Final Exam

Question 9 1 pts
Single-user mode in Linux/Unix computers enables someone physically present at the computer can
log in as root with a password. Which of the following statements are true? Select all that apply.

This demonstrates that the system designers chose to accept the risk of physical access.

This is only preventable on Apple devices, due to a government mandate on non-US computer manufacturers.

This is preventable via 2FA—full-disk encryption is not necessary.

Risk of physical access can be reduced with full disk encryption.


Question 10 1 pts
When is a zero-day exploit no longer considered to be a "zero-day”?

Once an attacker has a proof-of-concept exploit for a vulnerability

Once a defender learns that a vulnerability exists

Once a patch is available for the vulnerability

None of the above—the label “zero-day” refers to the magnitude or severity of an exploit


Question 11 1 pts
What is the tension wrench used for in lock picking? Select all that apply.

Lift pins above the shear line.

Bind the pins so they will stay above the shear line.

Turn the cylinder inside the lock.


Question 12 1 pts
Social engineering tactics may includes which of the following?

Using Metasploit to launch an exploit and payload against an unpatched webserver

Impersonating a courier by wearing an official uniform.

Joining smokers outside for a work break and then following them back inside the building.

Bruteforcing a username and password for an ssh login

https://canvas.vt.edu/courses/184312/quizzes/511581/take 4/8
5/6/24, 10:33 PM Quiz: Final Exam

Spoofing one of a company's internal telephone numbers and calling someone inside the company to ask for
information.

Cracking password hashes using a tool such as hashcat

Sending targeted phishing emails to company personnel.


Question 13 1 pts

How is a penetration test different from a vulnerability assessment?

A vulnerability assessment demonstrates how vulnerabilities can be exploited, whereas a penetration test checks
that security mitigations are in place.

A penetration test necessarily includes a vulnerability assessment as the first phase of the engagement.

A vulnerability assessment identifies vulnerabilities, but a penetration test demonstrates how security controls can
be bypassed.

They are the same thing.


Question 14 1 pts

How is a penetration test different from unauthorized hacking? Select all that apply.

Penetration tests use a controlled methodology.

Penetration tests are conducted within a specified scope.

Penetration tests result in a report to the client.

Penetration tests circumvent or defeat security features of a system.

Penetration tests identify vulnerabilities that can be exploited.

Penetration tests are authorized by the client.


Question 15 1 pts

Examine
 the attached documents for the 2019 Coalfire engagement for Iowa State Court
Administration.

Get-out-of-jail letter (https://canvas.vt.edu/courses/184312/files/32067089?wrap=1)

https://canvas.vt.edu/courses/184312/quizzes/511581/take 5/8
5/6/24, 10:33 PM Quiz: Final Exam

Rules of engagement (https://canvas.vt.edu/courses/184312/files/32067090?wrap=1)

Was the engagement “black box” (penetration testers had no information about the targets
beforehand) or “white box” (full information about targets was provided)?

Black box

Some information was provided to the penetration testers.

White box


Question 16 1 pts

Examine the attached documents for the 2019 Coalfire engagement for Iowa State Court
Administration.

Get-out-of-jail letter (https://canvas.vt.edu/courses/184312/files/32067089?wrap=1)

Rules of engagement (https://canvas.vt.edu/courses/184312/files/32067090?wrap=1)

Was social engineering in scope?

No

Yes

Unclear. There is contradictory information in the engagement documents.


Question 17 1 pts

Examine the attached documents for the 2019 Coalfire engagement for Iowa State Court
Administration.

Get-out-of-jail letter (https://canvas.vt.edu/courses/184312/files/32067089?wrap=1)

Rules of engagement (https://canvas.vt.edu/courses/184312/files/32067090?wrap=1)

Was physical security in scope?

Unclear. There is contradictory information in the engagement documents.

Yes

https://canvas.vt.edu/courses/184312/quizzes/511581/take 6/8
5/6/24, 10:33 PM Quiz: Final Exam

No


Question 18 1 pts

Examining the DNS records for a target is an example of:

Passive reconnaissance

DNS poisoning

Active reconnaissance

Network reconnaissance

DNS hacking


Question 19 1 pts

The XZ Utils attack of 2024 is an example of what sub-technique in the Mitre Att&ck framework?

Compromise Software Supply Chain

Search Engines

Exfiltration Over Symmetric or Asymmetric Encrypted or Unencrypted Non-C2 Protocol

Compromise Software Dependencies and Development Tools

Scan Databases

Code Repositories

Upload Malware

Deobfuscate/Decode Files or Information

Executable Installer File Permissions Weakness

Content Injection

Masquerade Task or Service

https://canvas.vt.edu/courses/184312/quizzes/511581/take 7/8
5/6/24, 10:33 PM Quiz: Final Exam

Search Victim-Owned Websites

Security Software Discovery

Drive-by Target

SEO Poisoning

Exfiltration to Code Repository


Question 20 1 pts

In the 2024 Volt Typhoon case, the attackers executing the following Powershell command is an
example of what technique (check all that apply)?

Get-EventLog security -instanceid 4624 -after [year-month-date] | fl * | Out-File 'C:\users\public\docume

nts\user.dat'

Event Log erasure

Defense evasion

Snooping

Living off the land

PowerShell hacking


Question 21 1 pts

According to Deviant Ollam, lock picking should be performed before attempting to slide objects
between gaps in the door or under-the-door attacks.

True

False

 Quiz saved at 10:33pm Submit Quiz

https://canvas.vt.edu/courses/184312/quizzes/511581/take 8/8