1. For a network with N nodes, how many master keys are present?

a) N(N-1)/2
b) N
c) N(N+1)/2
d) N/2
2. Larger networks would prefer a full decentralization?
a) True
b) False
3. SSL Alert Protocol has different types of levels:
a) Safe, warning, and fatal
b) Warning and fatal
c) Warning and safe
d) Critical and safe
4. In security hash function requirements, for any given hash value h, It is computationally feasible to
find y such that H(y)= h.
a) True
b) False
5. A firewall connects network of differing trust and filters all traffic from inside to outside therefore
firewalls protect the network from external and internal attacks?
a) True
b) False
6. A protocol for secure network communications designed to be relatively simple and inexpensive
to implement, It provides secure remote logon facility:
a) Transport layer security (TLS)
b) Secure Shell (SSH)
c) Secure socket layer (SSL)
d) Secure HTTP (HTTPS)
7. The security of RSA public key cryptography depends mathematically on three factors. Which of
the following is not one of them:
a) Brute force the private key d
b) Factoring the number n
c) Factoring the number φ(n)
d) Brute force to find the φ(n)
8. Communication between end systems is encrypted using a key, often known as:
a) temporary key
b) by section key
c) line key
d) session key
9. Public Available directory is vulnerable to tampering or forgery?
a) True
b) False
10. CRL stands for:
a) Cipher Reusable List
b) by Certificate Revocation Language
 c) Certificate Revocation List
d) Certificate Resolution Language
11. An alternative approach to contacting public authority is certificate. The certificate can be
verified only:
a) By anyone having the certificate authority's public key
b) By anyone having the certificate authority's private key
c) By anyone associated with a signature trust field
d) By the certificate authority that can read and update certificates
12. Which of the following is NOT an SSL protocol:
a) SSL Handshake protocol.
b) SSL Change cipher spec protocol.
c) SSL record protocol.
d) SSL session protocol.
13. HTTPS refers to:
a) The HTTP and SSL handshake that allows the server and client to authenticate each
other and negotiate encryption
b) The HTTP and SSL establishment of security capabilities by the client to initiate and
establish capabilities
c) The combination of HTTP and SSL to implement secure communication between a web
browser and a web server
d) The HTTP- specific protocol to change of pending state to be copied into current state
14. All the following are true about MAC except:
a) Generate a fixed-sized code regardless of the size of the message.
b) Is a many-to-one function.
c) Replaces the hash functions.
d) Uses a secret key.
15. used to encrypt temporary keys and shared by user & key distribution center
a) Session key
b) Public key
c) Master Key
d) Distribution Key
16. HMAC stands for:
a) A Hyper secure MAC
b) Keyed hash functions as MAC
c) Keyless MAC code.
d) 128 bits MAC code which is equivalent to SHA-1size.
17. In replay attack, an attacker records a communication session between a client and server and
later reconnects to the server, and plays back the previously recorded client messages. Assuming
messages are encrypted, how to defeat this attack?
a) Use MAC
b) Use digital signature.
c) Use Nonce.
d) Use radix-64
18. Shares secret master key with each user:
 a) Symmetric key distribution
b) Hybrid key distribution
c) Public key distribution
d) Public available directory
19. Message authentication does not deal with which of the following attacks
a) Masquerade
b) Timing modification
c) Content modification
d) Destination repudiation
e) Disclosure of message contents
20. Which of the following is not a requirement for MAC function?
a) A knowing a message and MAC, is infeasible to find another message with same MAC
b) MACS should be uniformly distributed
c) MAC should depend equally on all bits of the message
d) MAC should be computed before encryption
21. The basic RSA algorithm is vulnerable to a
a) chosen ciphertext attack
b) Chosen plaintext attack
c) Known ciphertext
d) Known plaintext
22. X<<Y>
a) X signs the certificate for user Y with X's public key.
b) X signs the certificate for user Y with X's private key
c) Y signs the certificate for user X with Y's public key
d) Y signs the certificate for user X with Y's private key.
23. SHA3 is based on the following algorithm:
a) SHA1
b) Keccak
c) Lucifer
d) MD3
24. A type cryptographic attack where it is based on the probability of two different message using
the same hash function to produce the same message digest is?
a) Birthday attack
b) Statistic attack
c) Differential cryptanalysis attack
d) Known ciphertext attack
25. In public key cryptography if X wants to send a signed authentic message to Y
a) X encrypts the hash of the message using his private key
b) X encrypts the hash of the message using Y's private kex
c) X encrypts the hash of the message using Y's public key
d) X encrypts the hash of the message using his public key
26. Which of the following feature does a digital signature provide?
a) It provides the ability to encrypt an individual's confidential data.
b) It ensures an individual's privacy.
 c) It identifies the source and verifies the integrity of data.
d) It provides a framework for law and procedures.
27. Which of the following is not a valid X.509 V.3 certificate field?
a) Subject's public key information
b) Subject's X.500 name
c) Issuer's unique identifier
d) Subject's digital signature
28. The MD5 algorithms perform what function?
a) Hashing
b) Key distribution
c) Digital signature
d) Encryption
29. Message authentication codes (MAC) and digital signatures both serve to authenticate the
content of a message. Which of the following best describes how they differ?
a) A MAC can be verified based only on the message, but a digital signature can only be
verified with the secret key used to sign the message.
b) A MAC can be verified based only on the message, but a digital signature can only be
verified with the public key of the party that signed the message.
c) A MAC can only be verified with the secret key used to generate it, but a digital signature
can be verified based only on the message.
d) A MAC can only be verified with the secret key used to generate it, but a digital
signature can be verified with the public key of the party that signed the message.
30. The responsibility of a certification authority, (CA) for digital signature is to authenticate the a
a) hash function used
b) key used in MAC
c) private keys of subscribers
d) public keys of subscribers
31. Message Authentication Code (MAC) is concerned with:
a) Preventing message modification or alteration.
b) Provide tracking of corrupted messages
c) Prevent authentic messages from verification
d) Provide confidentiality to authentic messages
32. Of the followings, which is the best description of a digital signature?
a) The sender encrypts a message digest with his/her public key
b) The sender encrypts a message digest with his/her private key
c) The recipient encrypts a message digest with his/her public key
d) The recipient encrypts a message digest with his/her private key
33. In RSA, select e such that e is relatively prime to φ(n). what does relatively prime means,
a) e and φ(n) are multiplicative inverses modulo φ(n)
b) e is a prime number modulo φ(n)
c) e mod o(n)-d
d) GCD( e, φ(n))-1, i.e. the greatest common divisor between them is one
34. When downloading software from the Internet, why do vendors publish MD5 hash values when
they provide software to customers?
 a) Recipients can verify the software's integrity after downloading.
b) Recipients can confirm the authenticity of the site from which they are downloading the
patch.
c) Recipients can request future updates to the software by using the assigned hash value.
d) Recipients need the hash value to successfully activate the new software.
35. Which of the following is not requirement for a hash function H?
a) H produces a variable length output fixed-sized block
b) It is computationally infeasible to find any pair (x,y) such that H(x) = H(v).
c) For any x it is computationally infeasible to find y≠x such that H(y)=H(x).
d) For any h it is computationally infeasible to find x such that H(x)=h.
36. Which of the following techniques is not proposed for the distribution of public keys?
a) hybrid private-key distribution
b) publicly available directory
c) public-key authority
d) public-key certificates
37. What is the main disadvantage of public-key authority for public key distribution?
a) A user must appeal the authority for a public key for every other user it wishes to
contact.
b) Anyone can forge the public key request message
c) The user can pretend to be another user and send a public key to another participant
d) The timestamp may expire.
38. Which of the following is not true on a Certificate scheme?
a) Only the CA can create and update certificates.
b) Only the participant can sign certificates
c) Any participant can read a certificate
d) Any participant can verify that the certificate originated from the certificate authority
(CA).
39. Which of the following is not correct about a hash function?
a) A hash function maps from a domain to a smaller range, typically many-to-one.
b) Applications for hash function are error detection e Provides strong message
confidentiality
c) Applications for hash function to store users' passwords in a file
d) If input to hash function is finite (pre-determined) is also called a compression
function.
40. In replay attack, an attacker records a communication session between a client and server and
later reconnects to the server, and plays back the previously recorded client messages. Assuming
messages are encrypted, how to defeat this attack?
a) Use MAC.
b) Use digital signature.
c) Use Nonce.
d) Use radix-64
41. For a 64-bit hash code, if birthday attack works, then how many trials on average needed to find
another message with similar hash,
a) 234 trials
 b) 264 trials
c) 263 trials
d) sqrt(264) trials
42. In public key cryptography if X wants to send an encrypted confidential message to Y
a) X encrypts message using his private key
b) X encrypts message using Y's private key
c) X encrypts message using Y's public key
d) X encrypts message using his public key
43. coworker reports that she ahs lost her public key ring. What does this mean?
a) This is a security violation. You need to revoke her digital certificate
b) She can regenerate it from private key ring
c) She will be unable to decrypt her stored files
d) The public key infrastructure is gone
44. Massage Authentication Code (MAC) is a cryptographic checksum and is a function
a) One-to-one
b) One-to-many
c) Many-to-one
d) Many-to-many
45. Bob need to understand how digital signature are generated and verified; therefore, place the
following four items in the proper order:
1-Encrypt the digest with your private key
2-Compare the message digest to one you created
3-Generate a message digest
4-Decrypt the signature with the sender's public key
5-Attach the signature and senders public key to message then send
a) 4,2,1,3,5
b) 3,2,1,4,5
c) 3,1,5,4,2
d) 3,5,4,1,2
46. Anyone who can verify message authentication code can also create one
a) True
b) False
47. Certificates allow key exchange without real-time access to public authority
a) True
b) False
48. A major reason that SSL/TLS is not used everywhere is because of the high computation cost of
symmetric-key cryptography
a) True
b) False
49. Nimda is a: worm, virus , mobile code
a) Worm
b) Virus
c) Mobile code
d) All the mentioned
50. In socket programming, the client's port number is:
a) Pre-defined in the code
b) Fixed and cannot change
c) Random number
d) A static number
51. Which of the following is responsible for issuing certificates?
a) Registration authority (RA)
b) Certificate authority (CA)
c) Document authority (DA)
d) Local registration authority (LRA)
52. Suppose that A has obtained a certificate from certification authority X1 and B has obtained
certificate authority from CA X2. A can use a chain of certificates to obtain B's public key. In
notation of X.509, this chain represented in correct order as-
a) X2<<X1>>X1<<B>>
b) X1<<X1>>X2<<A>>
c) X1<<X2>>X2<<B>>
d) X1<<X2>>X2<<A>>
53. "Meet in the middle attack" and "man in the middle attack" are the same
a) True
b) False
54. it is a virus that infects word documents
a) Office virus
b) Macro virus
c) Polymorphic virus
d) Boot infector
55. Cryptographic hash functions are required to be one-way and collision resistant
a) True
b) False
56. The ______ takes 128-bit (16-byte) key and expands into array of 44/52/60 32-bit words
a) AES key expansion
b) AES add round key
c) Double DES expansion
d) Double DES S-box ciphering
57. An attack where the attacker takes control of multiple hosts over the internet. Instructing them
to contact the target web server.
a) Zombie attack
b) Net-bot
c) DOS
d) DDOS
58. which of the following needs a host:
a) Trapdoors
b) Worm
c) Zombie
d) Stealth worms
59. Secure Sockets Layer is implemented above the Transport level protocol (TCP)and could be
provided as part of the underlying protocol suite and therefore be transparent to applications or
can be embedded in specific packages like Chrome and Firefox.
a) True
b) False
60. A firewall maybe designed to operate as a fitter at the level of Ip packets or may operate at a
higher protocol layer.
a) True
b) False
61. The issuer unique identifier of the X.509 certificates was added in which version?
a) 1
b) 2
c) 3
d) 4
62. A hierarchical trust model is also known as:
a) Bush
b) Branch
c) Tree
d) Limb
63. A Trojan horse is:
a) Program that propagates copies of itself to other computers
b) Program that contains unexpected additional functionality
c) Program that installs other items on victim machine
d) Program categorized to be dependent
e) All of the mentioned
64. Can be used to detect encrypted viruses:
a) Signature scanner antivirus
b) Generic Decryption scanner
c) Emulator CPU antivirus
d) DES anti-virus scanner
65. One of the following capabilities is not within the scope of a firewall:
a) Defines a single point that keeps unauthorized users and services out of the protected
network.
b) A location for monitoring security related events
c) A platform for other functions like network address translators, network management
and logs usage.
d) Protect against wireless threats and virus infected programs
66. Extensions were added in which version?
a) 1
b) 2
c) 3
d) 4
67. It is desirable to revoke a certificate before it expires because
a) the user is no longer certified by this CA
 b) the CA's certificate is assumed to be compromised
c) the user's private key is assumed to be compromised
d) all of the mentioned
68. One the following is not true about the Mix Columns stage.
a) Each column is processed separately
b) Each byte is replaced by a value dependent on all 4 bytes in the column
c) Provides a good avalanche effect.
d) It performs a circular rotate on each row.
69. Suppose that Alice chooses for an RSA system the primes p = 31, and q = 43, and the public key e
= 31.
a) Write the equation to encrypt the plaintext M = 245.
n = 31 x 43 = 1333 | M< n so can encrypt
Me mod n = 24531 mod 1333
Using calculator = 28
b) Write the equation to determine the private key d.
φ(n) = (31-1)(43-1) = 1260
ed = 1 mod φ(n)
31 x d = 1 mod 1260
70. In RSA, what restriction that determine selecting the random number e in key generation?
must the GCD(e, φ(n)) = 1 and 1<e< φ(n)
71. What is wrong with the following: Alice chooses for an RSA system the primes p=7, and q 11, and
the public key e = 5 to encrypt message M=88.
n = 7 x 11 = 77
so M > n this is the wrong
72. What is wrong with the following: Alice chooses for an RSA system the primes p= 11, and q= 17,
and the public key e = 8 to encrypt message M=90.
n = 11 x 17 = 187
φ(n) = 10 x 16 = 160
GCD(e, φ(n)) is not equal to one -> GCD(8, φ(n)) ≠ 1
73. If Bob want to sign a message he encrypts the message using his private key
a) Prove that his approach is not correct. Assume Bob signed message m1, and message m2 then
the signature for message m1m2; can be easily forged. Prove.
M1d mod n x M2d mod n = M1d M2d mod n
b) Find a solution to countermeasure previous attack
To counter the forgery attack in signing messages, Bob can use a hash function to generate a
fixed-length message digest of the message he wants to sign. He can then sign the message
digest instead of the original message. This way, the signature will be unique to the message
digest and cannot be used to sign any other message.
74. If we have a hash function, how do we construct a MAC from it?
To construct a MAC from a hash function, we use a message authentication algorithm such as
HMAC. HMAC takes the hash function, a secret key, and the message as inputs, and outputs a
fixed-length MAC. HMAC modifies the input message with the secret key, and then applies the
hash function to the modified message. This creates a unique MAC for the message and the
secret key, and any changes to the message will result in a different MAC.
75. Assume Alice and Bob shared their public keys. Now, Alice wants to send a secret message m to
Bob and Bob can authenticate its from Alice. No hash functions used, only public keys
E(PKBob , E(PRAlice , Message))
76. List four ways of distributing public keys.
public announcement
publicly available directory
public-key authority
public-key certificates
77. What is a certificate authority? Explain a scenario in which they are useful.
A certificate authority (CA) is a trusted third-party organization that issues digital certificates
to entities, verifying their identity. Digital certificates contain the public key of the entity and
are signed by the CA using its private key.
An example scenario where a CA is useful is in secure online communication, such as e-
commerce. When a user visits a website that uses SSL/TLS for secure communication, the
website's server sends its digital certificate to the user's browser. The browser then checks the
certificate's validity by verifying its signature using the CA's public key, which is pre-installed in
the browser. If the certificate is valid, the browser establishes a secure communication channel
with the website's server using the public key in the certificate to encrypt data. This ensures
that the user is communicating securely with the intended website and not an imposter trying
to steal sensitive information.
78. List two drawbacks for public key authorities
Centralized control | Lack of trust
79. In which layer of the TCP/IP protocol stack the SSL protocol is placed? and why it is not placed in
the IP laver?
The SSL (Secure Socket Layer) protocol is placed between the Transport layer (TCP) and
Application layer (HTTP) of the TCP/IP protocol stack.
SSL is not placed in the IP layer because it operates at a higher level of the protocol stack and
is designed to provide end-to-end security for applications, rather than network-level security
provided by IP. SSL provides features like confidentiality, authentication, and integrity, which
are necessary for secure communication between two endpoints.
80. What does server_hello message in phase 1 of SSL handshake protocol contain?
The server_hello message in phase 1 of SSL handshake protocol contains the following
information: the SSL version being used, a randomly generated session ID, the cipher suite
selected by the server for the session, and the server's certificate (if required).
81. What is the purpose of the dual signature in SET protocol?
The dual signature in SET (Secure Electronic Transaction) protocol serves the purpose of
providing assurance to both the customer and the merchant that the transaction is authentic.
The first signature is generated by the customer using their private key, indicating that they
authorize the transaction. The second signature is generated by the merchant using their
private key, indicating that they acknowledge the transaction and will fulfill the customer's
order. This dual signature provides a higher level of security and trust in the transaction
process.
82. How can you prevent the following:
Replay attacks: Use nonces
 Man-in-the-Middle attack in public key exchange: Use a trusted third party| Use digital
signatures | Use a secure channel
83. Explain how certificates get revoked.
Certificates can get revoked by the certificate authority (CA) that issued them or by the owner
of the certificate. The revocation process involves adding the certificate to a revocation list or
revocation database, which is then made available to users or relying parties. Revocation can
occur due to a variety of reasons, such as the certificate holder's private key being
compromised, the certificate being issued in error, or the certificate holder no longer being
trusted. Revoked certificates should no longer be trusted and should not be used for
authentication or encryption purposes.
84. What is the difference between weak and strong collision resistance?
In the context of hash functions, weak collision resistance means that given a message M1, it
is hard to find a second message M2 such that H(M1) = H(M2). Strong collision resistance
means that it is hard to find any two distinct messages M1 and M2 such that H(M1) = H(M2).
In other words, weak collision resistance only requires finding a single collision, while strong
collision resistance requires finding any collision.
85. List three uses of secure hash functions:
Password Storing
Intrusion Detection
Virus Detection
Integrity Checking
86. What protocols comprise SSL?
Handshake Protocol
Record Protocol
Change Cipher Spec Protocol
Alert Protocol.
87. What is SSL Session.
An SSL session is a secure communication channel established between a client and server
using the SSL/TLS protocol.
88. What is the purpose of the dual signature in SET protocol?
The dual signature in the SET protocol is used to authenticate both the cardholder and the
merchant, ensuring that both parties can be trusted in a payment transaction.
89. Certificates solved the problem existed in the public-key authority. Explain?
90. In SET protocol, the merchant forwards to the payment Gateway (bank) encrypted blocks of
related payment information sent by the cardholder. What do the encrypted blocks contain? and
what type of verification the payment gateway performs from it?
The encrypted blocks contain the payment information, the has value of order information,
and the dual signature. The Verification is to check if the payment information is linked to the
order information or not.
91. In the figure below, the order in which hash and encryption functions are performed is critical.
What may go wrong with the below scheme? (F is a hash function)
 The problem in this scheme is the encryption happen before the hash, So the message hash
depend on the encrypted message not in message it self. So if something goes wrong in the
encryption it will get problems.
92. The above diagram shows public key encryption is used. Answer the following questions:

a) Why the encryption provides no confidence of sender?

Because the sender use his private key
b) Can you detect corrupted messages?
No
c) What is the main disadvantage of the above approach?
It take long time to processed.
93. Firewalls have their limitations. List and explain two.
1. Inability to protect against attacks that bypass the firewall: Firewalls are designed to
monitor and control incoming and outgoing network traffic.
2. Inability to protect against internal threats: Firewalls primarily focus on securing the
network perimeter and protecting against external threats.
94. What mathematical concept RSA security is based on?
Two prime very large number
n=p.q φ(n)= (p-1) (q-1) gcd(e, φ(n))=1 PU={e,n} PR={d,n}
95. Explain how public key cryptography may be used for authentication.
1. Sender signs the message using their private key
2. Sender sends the message along with the digital signature
3. Recipient verifies the digital signature
4. Recipient computes the hash of the received message
5. Recipient compares the two hash values
96. Mobile code is a program/script/macro that run unchanged on heterogeneous and
homogeneous collection of platforms. Explain the difference between heterogeneous and
homogeneous platforms?
 Heterogeneous platforms (ex. Smart Phone, Windows) have diverse hardware architectures
and software environments (Different devices with different software and specifications),
while homogeneous (ex. Cluster, Linux Server) platforms have similar or identical hardware
architectures and software environments (Same software and specification).
97. Why is it hard to prevent DDoS attacks?
DDoS attacks are hard to prevent due to their large-scale and distributed nature, IP spoofing,
reflection and amplification techniques, variability in attack methods, difficulty in
differentiating legitimate traffic, and cost/resource constraints.
98. Explain the Zero-day exploit.
A zero-day exploit refers to the exploitation of a software vulnerability that is unknown to the
software vendor and, therefore, has no official patch or fix available. This term "zero-day"
implies that the software vendor has zero days to prepare and address the vulnerability since
it is exploited by attackers before they have a chance to fix it.
99. Which one is harder to detect is it the polymorphic or the metamorphic virus? Why?
Metamorphic viruses are generally harder to detect compared to polymorphic viruses because
they not only change their appearance but also alter their entire code structure and behavior
with each infection.
100. Explain the square-and-multiply algorithm for modular exponentiation.
Square and multiply is a fast, efficient algorithm for doing exponentiation. The idea is to
repeatedly square the base, and multiply in the ones that are needed to compute the result, as
found by examining the binary.
101. Some virus scanners use heuristic rule to search for virus infection. Explain how they work?
A second-generation scanner searches for possible viral infection using heuristic principles,
such as looking for code fragments that are frequently connected with infections. Integrity
checking, which uses a hash function rather than a simpler checksum, is another second-
generation solution.
102. Briefly explain the proactive worm containment (PWC)
The Proactive Worm Containment (PWC) scheme is host-based software that looks for surges
in the rate of frequency of outgoing connection attempts and the diversity of connections to
remote hosts. When such a surge is detected, the software immediately blocks its host from
further connection attempts.
103. In python socket programming. Write a statement to create a socket to establish an IP-v4 TCP
connection:
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
104. Given virus program below, the virus is using one of the hiding techniques. Explain this
technique and how this technique will make it harder for anti-virus to detect it ?
 Compression Virus
Technique:
1. For each uninfected file P2 that is found, the virus first compresses that file to produce,
which is shorter than the original program by the size of the virus.
2. A copy of the virus is prepended to the compressed program.
3. The compressed version of the original infected program, is uncompressed.
4. The uncompressed original program is executed.
5. In this example, the virus does nothing other than propagate, but the virus may include a
logic bomb.
105. In the below SSL protocol stack. What are the three higher-layer protocols in 1,2 and 3?

1. SSL handshake protocol

2. SSL Change cipher spec protocol
3. SSL alert protocol
106. Explain what a nonce is and the reason for using a nonce?
A nonce is a unique value used only once in cryptography. It adds randomness and uniqueness
to cryptographic operations and helps prevent repetition and various attacks.
107. Explain a multipartite virus?
A multipartite virus infects multiple parts of a system, such as the boot sector and executable
files, combining different virus techniques.
108. What type of viruses spread when the operating system is loading from the disk? Explain how it
works.
Boot Sector infector: infect a master boot record or boot record and spreads when a system is
booted from the disk containing the virus.
109. Explain how a one-way hash function can be used for message authentication.
It can be used to create a one-way password file, where the password itself is not stored, and
when a user enter a password the hash of the password is compared to the stored hash value
for verification.
110. What is the difference between packet-filters and stateful packet-filters?
 Packet filters: Simplest and fastest firewall components, examine each IP Packet and permit or
deny according to rules, restricted access to services(port).
Stateful Packet Filters: do not examine higher layer context, they examine each IP packet in
context where they keep track of client-server sessions and check each packet validly belong
to one, so they are better able to detect bogus packets out of context.
111. Which one is more damaging direct DDos attack or Reflector DDos attack? And Why?
Reflector DDoS attacks can be more damaging because they exploit vulnerable third-party
systems to amplify the attack traffic, resulting in a larger volume of traffic overwhelming the
target.

Final 2022 2023 Sem1

112. difference between DoS and DDoS?
DoS: Overwhelming a target with traffic or requests from a single source.
DDoS: Overwhelming a target with traffic or requests from multiple coordinated sources
(botnet).
113. What is mathematical concept of Diffie–Hellman?
Diffie-Hellman is a mathematical concept in cryptography that allows two parties to establish a
shared secret key over an insecure channel. It is used for secure communication and
encryption.
114. What is virus signature and who defined it?
A virus signature is a unique pattern or characteristic of a known virus or malware. It is defined
by antivirus companies and security researchers.
115. What port of HTTPS? 443
116. What virus that spread with Microsoft word?
The virus that spreads through Microsoft Word is commonly known as a "Word macro virus."
117. What is the EIP (Extended Instruction Pointer) and how can it be used by hackers?
EIP (Extended Instruction Pointer) is a register in the x86 architecture that stores the memory
address of the next instruction to be executed. It plays a crucial role in the execution flow of a
program.
In the context of hacking, an attacker can manipulate the EIP to perform a technique called
"buffer overflow" where they intentionally overwrite the EIP value with a malicious address.
By doing so, they can redirect the program's execution to a payload of their choice, potentially
allowing them to execute arbitrary code, gain unauthorized access, or exploit vulnerabilities in
a system or application.
118. How can we detect buffer overflow attacks? Explain how this detection-technique works?
Detecting overflows with Canaries. Where Canary Values:
1. Random canaries: Write a new random value @ each process start | Save the real value
somewhere in memory | Must write-protect the stored value.
2. Random XOR canaries: Same as random canaries |But store canary XOR some control info,
instead
119. What is a virus signature and who defines it? Is it small or large, and why?
A virus signature is a unique identifier or pattern that helps antivirus software identify and
detect specific viruses or malware. It is defined by antivirus companies or security experts. The
 size of a virus signature can vary, but it is typically small enough to be efficiently scanned and
compared against files for detection purposes.
120. List and explain two reasons why viruses have compression capability?‫قراءة وفهم بس مو حفظ‬
By compressing the infected file, the virus can ensure that its presence goes undetected.
Compression allows the virus to maintain the same file size after infecting it, making it less
suspicious to antivirus scanners. When the file size remains unchanged, it reduces the likelihood
of detection by security software that relies on file size as an indicator of potential infection.
Compression can help the virus evade detection by altering its signature or code structure.
When a file is compressed, its internal structure is rearranged, and the code is transformed. This
transformation can make it more difficult for antivirus programs to identify the virus based on
known signatures or patterns. By compressing the code, the virus attempts to render itself
unrecognizable, increasing the chances of successfully bypassing antivirus scans.
121. Suppose that Alice chooses for an RSA system the primes p = 31 and q = 43, and the public key
e = 31. Determine the value of the private key exponent (d).
To find the value of the private key exponent (d) in the RSA system, we need to calculate the
modular multiplicative inverse of the public exponent (e) modulo the totient (ø) of the
modulus (n).
First, calculate the modulus (n) using the given prime numbers:
n = p * q = 31 * 43 = 1333
Next, calculate the totient (ø) of n:
ø = (p - 1) * (q - 1) = 30 * 42 = 1260
Now, we need to find the modular multiplicative inverse of e (31) modulo ø (1260). In other
words, we need to find d such that:
(31 * d) mod 1260 = 1
To find d, we can use the extended Euclidean algorithm or any method that can calculate
modular inverses. In this case, we can observe that 37 satisfies the condition:
(31 * 37) mod 1260 = 1
Therefore, we can conclude that d = 37 is the private key exponent for the given values of p, q,
and e in the RSA system.
122. Same previous question but goal to find n what is equal
123. Draw memory stack and write all things