Cyber Security Multiple Choice Questions & Answers on “Network Models – OSI Model Security”.
1. Which of the following is not a transport layer vulnerability?
a) Mishandling of undefined, poorly defined
b) The Vulnerability that allows “fingerprinting” & other enumeration of host information
c) Overloading of transport-layer mechanisms
d) Unauthorized network access
Answer: d
Clarification: The different vulnerabilities of the Transport layer are mishandling of undefined, poorly defined, Vulnerability that allow “fingerprinting” & other enumeration of host information, Overloading of transport-layer mechanisms etc. Unauthorized network access is an example of physical layer vulnerability.
2. Which of the following is not session layer vulnerability?
a) Mishandling of undefined, poorly defined
b) Spoofing and hijacking of data based on failed authentication attempts
c) Passing of session-credentials allowing intercept and unauthorized use
d) Weak or non-existent authentication mechanisms
Answer: a
Clarification: Vulnerabilities of session layer of the OSI model are spoofing and hijacking of data based on failed authentication attempts, weak or non-existent authentication mechanisms, and the passing of session-credentials allowing intercept and unauthorized use.
3. Failed sessions allow brute-force attacks on access credentials. This type of attacks are done in which layer of the OSI model?
a) Physical layer
b) Data-link Layer
c) Session layer
d) Presentation layer
Answer: c
Clarification: Session identification may be subject to spoofing may lead to data leakage which depends on failed authentication attempts and allow hackers to allow brute-force attacks on access credentials.
4. Transmission mechanisms can be subject to spoofing & attacks based on skilled modified packets.
a) True
b) False
Answer: a
Clarification: Transmission mechanisms can be subject to spoofing & attacks based on skilled modified packets. This type of attacks is done in the transport layer of the OSI model.
5. Which of the following is not an example of presentation layer issues?
a) Poor handling of unexpected input can lead to the execution of arbitrary instructions
b) Unintentional or ill-directed use of superficially supplied input
c) Cryptographic flaws in the system may get exploited to evade privacy
d) Weak or non-existent authentication mechanisms
Answer: d
Clarification: Cryptographic flaws may be exploited to circumvent privacy, unintentional or ill-directed use of superficially supplied input, and poor handling of unexpected input are examples of presentation layer flaws.
6. Which of the following is not a vulnerability of the application layer?
a) Application design bugs may bypass security controls
b) Inadequate security controls force “all-or-nothing” approach
c) Logical bugs in programs may be by chance or on purpose be used for crashing programs
d) Overloading of transport-layer mechanisms
Answer: d
Clarification: Application design flaws may bypass security controls, inadequate security controls as well as logical bugs in programs may be by chance or on purpose be used for crashing programs. These all are part of application layer vulnerability.
7. Which of the following is an example of Transport layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) poor handling of unexpected input
d) highly complex application security controls
Answer: b
Clarification: Overloading of transport-layer mechanisms is an example of transport layer vulnerability. Other examples of Transport layer vulnerability are mishandling of undefined, poorly defined, Vulnerability that allows “fingerprinting” & other enumeration of host information.
8. Which of the following is an example of session layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) poor handling of unexpected input
d) highly complex application security controls
Answer: a
Clarification: Weak or non-existent mechanisms for authentication is an example of session layer vulnerability. Other examples are spoofing and the hijacking of data based on failed-authentication attempts & passing of session-credentials allowing intercept and unauthorized use.
9. Which of the following is an example of presentation layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) highly complex application security controls
d) poor handling of unexpected input
Answer: d
Clarification: Poor handling of unexpected input is an example of presentation layer vulnerability. Cryptographic flaws may be exploited to circumvent privacy, unintentional use of superficially supplied input are some other examples of presentation layer vulnerability.
10. Which of the following is an example of application layer vulnerability?
a) Cryptographic flaws lead to the privacy issue
b) Very complex application security controls
c) MAC Address Spoofing
d) Weak or non-existent authentication
Answer: b
Clarification: Very complex application security controls can be an example of application layer vulnerability. Inadequate security controls, as well as logical bugs in programs, are some other examples of such type.