CSEC 701 exam questions

What does IPsec transport mode reveal to an interceptor, A) The entire original packet is fully encrypted B) Only a new outer header is visible C) The payload is visible but not the header D) The original IP header remains visible

Correct answer: D

In IPsec tunnel mode, what becomes hidden from an attacker, A) Only the payload B) Only the outer IP header C) The original IP packet including header and payload D) Nothing is hidden

Correct answer: C

Which statement best describes the purpose of IKE Phase 1, A) Performs tunneling operations B) Exchanges session keys for IPsec data only C) Establishes an authenticated secure channel for Phase 2 D) Encrypts application data directly

Correct answer: C

Which property is provided by Authentication Header AH, A) Compression of headers B) Integrity and origin authentication but no encryption C) Encryption only D) Encryption and integrity but no authentication

Correct answer: B

Which IPsec component provides confidentiality, A) Encapsulating Security Payload ESP B) NAT traversal C) Authentication Header AH D) IKE Phase 1

Correct answer: A

What mechanism prevents IPsec replay attacks, A) Digital certificates B) Time to live adjustment C) Sequence number with sliding window D) Random padding

Correct answer: C

Why can AH not pass through NAT, A) It only works on IPv6 B) It authenticates parts of the IP header which NAT modifies C) It encrypts the IP header D) It requires UDP encapsulation

Correct answer: B

Which key is shared between the client and AS in Kerberos, A) A long term key derived from the user password B) A short term session key between client and server C) The TGS server key D) A session key between client and TGS

Correct answer: A

What is stored inside a Kerberos TGT, A) A session key encrypted with the AS to TGS shared key B) A plaintext password C) A private key for signing D) The finished ticket for the application server

Correct answer: A

What is the core purpose of the TGS, A) Provides file system access B) Distributes symmetric keys using DH only C) Stores all user passwords D) Issues service tickets after validating TGT

Correct answer: D

Kerberos prevents replay attacks primarily using what, A) NAT traversal B) Timestamps C) SSL certificates D) Nonces only

Correct answer: B

Which is a weakness of Kerberos, A) Passwords are sent in plaintext B) Tickets never expire C) No mutual authentication D) KDC availability is critical

Correct answer: D

What problem does MIME solve, A) Encrypting end to end email B) Preventing spam C) Sending binary data over a 7 bit ASCII only system D) Server authentication issues

Correct answer: C

Which encoding method does MIME use for binary transport, A) Base64 B) UTF16 C) ASCII no transformation D) Hexadecimal

Correct answer: A

In SMTP, what is transmitted without encryption by default, A) Only attachments B) Everything including headers and body C) Only authentication credentials D) Only MIME boundaries

Correct answer: B

Which protocol provides PKI based signing and encryption for email, A) IMAP B) SMTP C) POP3 D) S MIME

Correct answer: D

How does S MIME deliver the symmetric key, A) Derived from DH key exchange B) Sent in plaintext C) Retrieved through DNS D) Encrypted with the recipient public key

Correct answer: D

Which is a problem with PGP key servers, A) They require certificate authorities B) They only support symmetric encryption C) They require passwords sent in plaintext D) They do not guarantee a real identity behind a key

Correct answer: D

What describes the PGP web of trust, A) Trust is based on MAC addresses B) A centralized CA signs all certificates C) Users sign each other keys forming trust chains D) Only government entities validate keys

Correct answer: C

Why might a PGP key be revoked, A) Expired password B) Change of IP address C) Loss of email access temporarily D) Suspected compromise of private key

Correct answer: D

Which protocol replaces Telnet and rlogin securely, A) SSH B) SMTP C) TLS D) IMAP

Correct answer: A

Which port does SSH use by default, A) 995 B) 22 C) 23 D) 143

Correct answer: B

What does SSH server authentication protect against, A) DNS load balancing B) SSL downgrade C) MAC flooding D) MITM attacks

Correct answer: D

Which SSH feature provides multiple logical channels on one connection, A) SSH Connection Protocol B) SSH User Authentication C) SCP subsystem D) SSH Transport Layer

Correct answer: A

SFTP provides what function, A) Remote shell only B) Secure file system access and transfer C) Key exchange for SSH D) Only file transfer without directory access

Correct answer: B

SCP differs from SFTP by, A) SCP uses UDP B) SCP only transfers files but is faster C) SCP provides directory browsing D) SCP requires no authentication

Correct answer: B

What is the purpose of SSLstrip, A) Performs encryption acceleration B) Creates TLS tunnels C) Downgrades HTTPS to HTTP during MITM D) Performs DNS load balancing

Correct answer: C

What prevents SSLstrip attacks, A) HSTS B) DAI C) AH D) DHCP snooping

Correct answer: A

TLS 1.3 improves handshake speed using, A) Zero RTT data for resumed sessions B) No random values C) Plaintext negotiation D) No certificates needed

Correct answer: A

Which component verifies server identity in TLS, A) UDP encapsulation B) X509 certificates C) Cookie exchange D) RADIUS tokens

Correct answer: B

Which transport protocol does QUIC run over, A) TCP B) ICMP C) UDP D) AH

Correct answer: C

Why does HTTP 3 avoid TCP head of line blocking, A) QUIC streams are independent B) It uses larger MSS C) It disables encryption D) It includes built in NAT traversal

Correct answer: A

Which is a key property of Slowloris, A) Sends partial HTTP requests to keep server sockets open B) Requires thousands of hosts C) Uses massive bandwidth D) Targets DNS only

Correct answer: A

Which attack exhausts DHCP IP pools, A) DNS poisoning B) DHCP starvation C) DAI poisoning D) ARP spoofing

Correct answer: B

Which attack uses unsolicited ARP replies, A) Gratuitous ARP poisoning B) DHCPACK flooding C) DNS ID prediction D) ICMP redirect

Correct answer: A

MAC flooding targets which device component, A) CAM table B) Firewall routing table C) ARP cache D) NAT bindings

Correct answer: A

Which tool performs MAC flooding, A) Macof B) LOIC C) Xarp D) Netcat

Correct answer: A

Dynamic ARP Inspection protects against ARP spoofing by, A) Using DHCP snooping binding table B) Using SSL certificates C) Static routing D) Using DNSSEC

Correct answer: A

Which attack redirects packets by racing ARP replies, A) Switch port stealing B) DNS amplification C) SYN flooding D) LOIC

Correct answer: A

What must an attacker predict to poison DNS cache, A) Server certificate B) Query ID C) DHCP lease D) ARP target

Correct answer: B

Source port randomization defends against, A) DNS poisoning B) ARP flooding C) SMTP relay D) TCP spoofing

Correct answer: A

Which DNS transport is used for small responses, A) UDP port 53 B) TCP port 80 C) TCP port 53 D) UDP port 443

Correct answer: A

Which record maps hostname to IPv4 address, A) MX record B) AAAA record C) A record D) PTR record

Correct answer: C

Which DNS record identifies mail servers, A) MX record B) SOA record C) AAAA record D) CNAME

Correct answer: A

Which protocol retrieves messages while leaving them on server, A) IMAP B) POP3 C) SMTP D) SMTPS

Correct answer: A

Which field in email headers shows routing path, A) Received header B) MIME boundary C) Content Type D) DKIM Signature

Correct answer: A

Which phishing technique alters visible sender field, A) Email spoofing B) Key revocation C) UTF8 injection D) Header stripping

Correct answer: A

Which protocol transports email between mail servers, A) POP3 B) SMTP C) IMAP D) TCP

Correct answer: B

SPF helps prevent which attack, A) DNS poisoning B) Email sender forgery C) ARP spoofing D) DHCP flooding

Correct answer: B

What does DKIM provide, A) Encryption of message body B) Message integrity and authentication using signatures C) File transfer channels D) Port forwarding

Correct answer: B

How does DKIM validate a signature, A) Decrypts the message B) Uses the sender’s DNS published public key C) Extracts password D) Uses DHCP entries

Correct answer: B

What does DMARC enforce, A) BGP routing B) SPF and DKIM alignment policies C) SMTP rate limits D) MIME typing

Correct answer: B

Which SMTP command identifies the sender, A) RCPT TO B) MAIL FROM C) DATA D) EHLO

Correct answer: B

Which SMTP command identifies the recipient, A) EHLO B) MAIL FROM C) RCPT TO D) QUIT

Correct answer: C

Which SMTP command starts message content transmission, A) DATA B) STARTTLS C) HELLO D) AUTH LOGIN

Correct answer: A

Which email security mechanism uses hierarchical certificate authorities, A) S MIME B) PGP C) SPF D) DKIM

Correct answer: A

PGP encryption uses which key to encrypt the session key, A) DNSSEC key B) Sender public key C) Recipient public key D) Shared password

Correct answer: C

Which type of trust model does PGP use, A) Web of trust B) Centralized CA C) Enclave lock D) Kerberos realm hierarchy

Correct answer: A

Which key is kept private in PGP, A) Public key B) Session key C) Private key D) Group key

Correct answer: C

What is a disadvantage of PGP, A) Users must manage trust manually B) Does not encrypt attachments C) Uses only DES D) Cannot sign messages

Correct answer: A

Which step protects SSH’s initial connection from MITM, A) Storing host key fingerprint B) Skipping authentication C) Using plaintext SFTP D) Sending no keys

Correct answer: A

Which SSH authentication method is strongest, A) Anonymous login B) Password only C) Public key authentication D) Host header checking

Correct answer: C

What does SSH Transport Layer provide, A) Multiplexing channels B) File system operations C) Encryption integrity and key exchange D) Public key rotation

Correct answer: C

Which SSH subsystem is for copying files only, A) SCP B) POP3 C) DNSSEC D) SMTP

Correct answer: A

What TLS handshake message proves server identity, A) ClientHello B) Certificate C) ChangeCipherSpec D) FINISHED

Correct answer: B

What does the TLS Finished message verify, A) SMTP path B) Both sides computed same session keys C) DNS chain D) MIME boundary

Correct answer: B

Which TLS attack forces a downgrade to weaker versions, A) Version rollback B) DHCP spoof C) QUIC fragmentation D) ARP poisoning

Correct answer: A

Which handshake algorithm was removed in TLS 1.3, A) RSA static key exchange B) Diffie Hellman C) AES GCM D) SHA256

Correct answer: A

Which QUIC feature removes TCP’s HOL blocking, A) Independent streams over UDP B) Larger windows C) Packet fragmentation D) TLS bypass

Correct answer: A

What is the purpose of TCP sequence numbers, A) Ensure in order reassembly B) Encrypt payload C) Identify DNS zone D) Track DHCP leases

Correct answer: A

What does TCP ACK number represent, A) TTL value B) MSS C) Next expected byte D) Random nonce

Correct answer: C

Which TCP mechanism prevents overwhelming receiver, A) Flow control window B) DHCP snooping C) TTL check D) RIP route

Correct answer: A

What triggers TCP congestion control reduction, A) Packet loss B) Full duplex switch C) MIME detect D) POP3 flag

Correct answer: A

What occurs in TCP slow start, A) Exponential increase of congestion window B) No packets sent C) Steady linear decrease D) Headers only transfer

Correct answer: A

Which scanning type sends no packets, A) Passive fingerprinting B) SYN scan C) NULL scan D) UDP trace

Correct answer: A

Which scan uses FIN PSH URG flags, A) XMAS scan B) ACK probe C) DNS sweep D) IPID scan

Correct answer: A

Which firewall rule philosophy blocks all traffic except what’s allowed, A) Default allow B) Default deny C) Elastic pass D) Trust inherit

Correct answer: B

Which IDS detection uses known attack signatures, A) Anomaly based B) Signature based C) Heuristic D) Stateful

Correct answer: B

Which IDS detection identifies abnormal behavior, A) Anomaly based B) Signature based C) Rule only D) SMTP based

Correct answer: A

Why do anomaly based IDS produce false positives, A) Normal behavior can vary B) They lack signatures C) They block DNSSEC D) TTL scaling

Correct answer: A

Which attack exploits host and IDS reassembly differences, A) Insertion and evasion attacks B) SYN idle C) TCP close injection D) DHCP bounce

Correct answer: A

Which IDS evasion technique manipulates TTL, A) Packets expire before host B) Packets never expire C) TTL encrypted D) TTL uses MIME

Correct answer: A

Which buffer overflow component is overwritten to hijack flow, A) Return address B) Checksum C) HTTP header D) DKIM key

Correct answer: A

Which mitigation randomizes memory layout, A) ASLR B) VLAN C) PPPoE D) DKIM

Correct answer: A

Which mitigation prevents execution of code in data regions, A) DEP NX bit B) QoS shaping C) RIP v2 D) ARP relay

Correct answer: A

Which Metasploit component is the code executed after exploitation, A) Payload B) Auxiliary module C) VXLAN D) Router

Correct answer: A

Meterpreter is best described as, A) Advanced interactive post exploitation payload B) Plain reverse shell C) Email parser D) POP3 module

Correct answer: A

What describes a forward proxy, A) Client uses proxy to reach external sites B) Proxy protects servers C) DNS recursor D) SSH guard

Correct answer: A

What describes a reverse proxy, A) Sits in front of servers to handle incoming traffic B) Routes internal mail C) Performs NAT64 D) DNS load

Correct answer: A

Which TOR node is the final hop, A) Exit node B) Entry guard C) Middle relay D) HSDir

Correct answer: A

Which TOR node can see plaintext traffic, A) Exit node B) Entry guard C) Middle relay D) Bridge node

Correct answer: A

Which ICMP packet tests reachability, A) Echo request and reply B) Router advertisement C) Timestamp only D) Redirect only

Correct answer: A

Which ICMP message can be abused for scanning, A) Echo request B) DHCPACK C) TLS alert D) IMAP IDLE

Correct answer: A

Which ICMP attack redirects traffic to attacker, A) ICMP redirect B) QUIC spoof C) SMTP bounce D) Triple ACK

Correct answer: A

Which attack overflows switch CAM table, A) MAC flooding B) DNS poisoning C) ARP starvation D) TCP FIN abuse

Correct answer: A

Which tool helps detect ARP spoofing, A) Macof B) Hydra C) Xarp D) LOIC

Correct answer: C

Which DHCP message is sent by a client to ask for configuration, A) DHCPREPLY B) DHCPREQUEST C) DHCPSHARE D) DHCPREDIRECT

Correct answer: B

Which DHCP message is spammed by attackers during starvation attacks, A) ICMPREQUEST B) DHCPDISCOVER C) SMTPDATA D) ARPCHECK

Correct answer: B

A rogue DHCP server can provide what malicious information, A) Correct DNS only B) Attacker gateway and attacker DNS C) IPsec SA keys D) TLS cipher lists

Correct answer: B

Which DNS record maps IPv6 addresses, A) TXT record B) AAAA record C) SOA record D) MX record

Correct answer: B