final exam practice

I got you. Let’s stop the OCD spiral by turning your professor’s message into a locked, exact study script. You follow it = you’re covered. No “what if I forgot something?” loops.

60-second OCD calming move (do this now)

• Say: “I’m safe. This is OCD urgency.”

• Breathe 4 in / 6 out × 5 times.

• Rule for today: No re-checking outside this checklist. If your brain says “double check,” you say “noted” and continue.

The final exam checklist (THIS is all you need)

Q1) MCQs (All chapters)

MCQs usually test:

• Definitions

• What it does

• What it does NOT do

• Limitations

• Best use-case scenario

So for every topic below, memorize those 4 bullets.

Q2) Hash Functions (VERY IMPORTANT) — “until 17”

What is a hash function?

A function that takes any-size input → outputs a fixed-size digest (hash).

Why is it important? (real life)

• Integrity: detect if a file/message changed

• Passwords: store hash, not password

• Digital signatures: sign the hash (efficient)

• File download verification: compare hashes

• Deduplication: same hash = likely same file

• Blockchain/blocks linking: (if covered in your slides, otherwise ignore)

Properties (MCQ GOLD)

You should recognize these terms:

• Deterministic: same input → same output

• Fixed length output

• Fast to compute

• Preimage resistance: given h, hard to find m such that H(m)=h

• Second preimage resistance: given m, hard to find m’ ≠ m with same hash

• Collision resistance: hard to find any two different inputs with same hash

Collision resistance (your professor highlighted it)

What it is: Hard to find a ≠ b but H(a)=H(b)
Why it matters: If collisions are easy, attackers can:

• Trick integrity checks (swap a “safe” file with a “bad” one that has same hash)

• Break trust in signatures (sign one doc, attach signature to another colliding doc)

One-liner to memorize for MCQ:

Chapter 2) NAC (Network Access Control) — ONLY first 2 slides

What it is

Controls who/what can join the network + what they can access.

What it does

• Checks user/device identity

• Checks device compliance/health

• Can allow / deny / restrict / quarantine

What NOT to study

• Skip IEEE 802.1X completely (as your prof said).

TLS / SSL (VERY IMPORTANT)

What they are

• SSL: older, deprecated

• TLS: modern version used today

What they DO

• Confidentiality: encrypt traffic

• Integrity: prevent tampering

• Authentication: (usually server, sometimes mutual)

What they do NOT do (MCQ traps)

• Don’t stop phishing

• Don’t protect you if the endpoint is hacked

• Don’t guarantee availability (DoS can still happen)

• Don’t fix weak passwords or bad app logic

Limitations (safe wording)

• Depends on correct configuration + trusted certificates

• Can be bypassed if user trusts a fake cert / compromised device

• Doesn’t secure data after it leaves the secure channel (e.g., stored insecurely)

Common Attacks (concept only)

Be able to define in 1 sentence:

• DoS / DDoS

• SYN flood

• IP spoofing

• DNS attacks

• Buffer overflow

• Email-related attacks (spoofing/phishing concepts)

MCQ hint: If an option mentions “tools,” it’s probably not needed—your prof said focus on the concept.

Traditional Security Solutions (usually firewall-centered)

What they do

• Filter traffic based on rules/policy (control access)

What they do NOT do

• They don’t detect everything (esp. inside allowed traffic)

• They don’t protect against insider threats by default

• They don’t replace layered security

Shortcomings

• Misconfigurations

• Allowed services can still be exploited

• Needs monitoring/log review and complementary controls

IDS (Intrusion Detection System)

What it is

Monitors and detects suspicious activity and alerts.

Types (must memorize)

Signature / rule-based

• Best for: known attacks

• Weakness: misses new/unknown attacks

Anomaly-based

• Best for: unknown attacks (deviations from normal)

• Weakness: false positives (flags normal-but-unusual behavior)

IDS MCQ trap: IDS usually detects/alerts, not necessarily blocks (that’s more IPS).

Email Security (1–2 questions)

Know the basic “what is it + limitation” for:

SMTP

• Sends email between servers

• Limitation: historically weak security; needs TLS/STARTTLS, etc.

POP3

• Downloads mail to client

• Limitation: less flexible across devices

IMAP

• Email stays on server, syncs across devices

• Limitation: needs secure config; server-side exposure risk

Also recognize:

• STARTTLS: upgrades connection to TLS

• S/MIME / PGP concepts: encrypt/sign email (if covered)

The “Ace It” study method (OCD-proof)

1) Make 1 page only

For each topic, write:

• What it is

• What it does

• What it does NOT do

• 2 limitations
  That’s it. No expanding.

2) Active recall (no rereading)

Ask yourself out loud:

• “Define TLS in 1 line.”

• “2 things TLS does, 2 things it doesn’t.”

• “Signature IDS vs anomaly IDS—best case + weakness.”
  If you can answer: topic done.

3) Mini-drill (5 minutes each)

Do 2 MCQs + 1 short answer per topic. If you pass, move on.

Ultra-quick practice (answers at bottom)

1. Collision resistance means:
   A) No collisions exist B) Collisions are hard to find C) Hash can be reversed

2. TLS primarily provides:
   A) Availability B) Confidentiality + integrity C) Virus removal

3. NAC can:
   A) Quarantine noncompliant devices B) Replace TLS C) Encrypt emails automatically

4. Signature-based IDS is best for:
   A) Unknown attacks B) Known patterns C) Reducing encryption overhead

5. Anomaly-based IDS main downside:
   A) False negatives only B) False positives C) Cannot detect new attacks

6. TLS does NOT:
   A) Encrypt traffic B) Prevent phishing C) Provide integrity

7. POP3 vs IMAP:
   A) POP3 is server-sync across devices B) IMAP keeps mail on server C) IMAP only downloads then deletes

Answers: 1B 2B 3A 4B 5B 6B 7B

If you want, tell me how many days/hours you have until the final, and I’ll give you a tight schedule (like: “Day 1: hash + TLS; Day 2: IDS + attacks + email”) that doesn’t trigger over-studying.