Question 1

What two conditions must a digital signature meet?

Options :

A : Has to be the same number of characters as a physical signature and must be unique.

B : Has to be unforgeable, and has to be authentic.

C : Must be unique and have special characters.

D : Has to be legible and neat.

Answer: B

Question 2

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario?

Options :

A : Cross-site scripting

B : Denial of service

C : SQL injection

D : Directory traversal

Answer: D

Question 3

You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. Thetime complexity of generating an RSA key pair is O(n*2), and AES encryption has a time complexity of O(n).

An attacker has developed a quantum algorithm with time complexity O((log n)*2) to crack RSA encryption.

Given *n=4000' and variable ‘AES key size’, which scenario is likely to provide the best balance of security

and

performance? which scenario would provide the best balance of security and performance?

Options :

A :

Data encryption with 3DES using a 168-bit key: Offers high security but slower performance due to 3DES-s inherent inefficiencies.

B :

Data encryption with Blowfish using a 448-bit key: Offers high security but potential compatibility issues due to Blowfish-s less widespread use.

C :

Data encryption with AES-128: Provides moderate security and fast encryption, offering a balance between the two.

D :

Data encryption with AES-256: Provides high security with better performance than 3DES, but not as fast as other AES key sizes.

Answer: C

Question 4

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Options :

A : Black-box

B : Announced

C : White-box

D : Grey-box

Answer: D

Question 5

An ethical hacker is testing the security of a website's database system against SQL Injection attacks. They discover that the IDS has a strong signature detection mechanism to detect typical SQL injection patterns. Which evasion technique can be most effectively used to bypass the IDS signature detection while performing a SQL Injection attack?

Options :

A : Implement case variation by altering the case of SQL statements

B : Employ IP fragmentation to obscure the attack payload

C : Use Hex encoding to represent the SQL query string

D : Leverage string concatenation to break identifiable keywords

Answer: D