what is moon ?

[sush4ntg]

Hello

[bishalac]

kjygouhuy

[sush4ntg]

Ready

[bishalac]

___ ensure that only authorized parties can review the information. confidentiality integrity authentication avaibility

[bishalac]

which of the following digital certificates are self signed and do not depend on higher level certificate (CA) for authentication ? intermiadate digital certificate domain digital crtificate root digital certificates user digital certificates

[sush4ntg]

1. Ans- Con..

[sush4ntg]

1. Ans - Root digital certificates are self-signed and do not depend on higher level certificates (CAs) for authentication.

[bishalac]

Kile is assigned a role as a grey box presentation tster in the financial sector . he has conduct a pen testing attack on all the application servers inh the network . which of the following task should be done first while conducting a penetration testing attack on a network. taligating phising vishing foorprinting

[bishalac]

A Malicious program designed to enter a computer through the network and then take advantage of vulnerability in an application or an operating syustem on the host computer is known as which of the following ? worm trojan macro ransomware

[bishalac]

__ is the science of transforming information into an unintelligible form while it is being transmitted or stored so that unauthorized users cannnot access it . steganography cryptography plaintext ciphertext

[sush4ntg]

3. Prior to initiating a penetration testing assault on a network, one should do a footprinting operation. The goal of this first stage is to learn as much as you can about the target network in order to comprehend its systems, architecture, and any weak points.

[bishalac]

Paul and sarah are working for star alliance . paul had to send certain confidential data and message to sarah online. the use of which of the following will ensure that the message sender is in fact paul ? digital signature digital certificate public key physical signature

[sush4ntg]

4. A harmful programme called a worm is made to infiltrate a computer via a network and take advantage of holes in operating systems or applications. Worms, in contrast to other malware, reproduce themselves and propagate without the assistance of the user, harming computers severely by eating up bandwidth, flooding them with unnecessary files, and sometimes even delivering more payloads such as ransomware or viruses.

[sush4ntg]

5. Cryptography is the science of transforming information into an unintelligible form while it is being transmitted or stored so that unauthorized users cannot access it.

[sush4ntg]

6. To ensure that the message sender is in fact Paul, the use of a digital signature is necessary. A digital signature verifies the sender's identity and ensures the integrity of the message, confirming that it was indeed sent by Paul and has not been altered during transmission.

[bishalac]

Juan a cyber security expert has been hired by an organization whose network has been compromized by a malware attack. after anlayzing the network systems, juan submits a report to the company mentioning that the devices azre infected with malware that uses a split infection techniques on files. which malware attack is juan reporting ? cryptomalware virus spyware rat

[bishalac]

In an interview you are given scenario : David sent a message to tina saying "There is no school today " for some reason the message showed up on tina device as " come to school asap" . you are asked to name the type of attack that would cause this suitation . man in middle distributed denial of service macro attack dns hacking

[bishalac]

which encryption method in BIt locker prevents attackers from accessing data by another os or place the hard drive in another computer ? filesystem cryptography blockchain GNU privacy guard fulll disk encryption

[bishalac]

which of the following is a standard format for digital certificate ? jpg .cer MPEG-4 Part 14 X.509

[bishalac]

A process in which keys are managed by a third party, such as trusted CA , is known as which of following ? key expiration key storage key renewal key escrow

[bishalac]

In which type of attack does the threat actor take advantage of web application that accept user input without validation it before presenting it back to the user ? SQL injection DNS poisoning cross site scripting man in the middle

[bishalac]

what occurs when a process attempts to store data in RAM beyond the boundaries of a fixed length storage buffer ? session hijacking integer overflow attack injection attack buffer overflow attack

[bishalac]

which feature of cryptography is used to prove a userrs identity and prevent an individual from fradulently reneging into action ? confidentiality non repudiation obfuscation authentication

[bishalac]

a computer or an application program that intercepts a user from the internal secure network and then processes that request on behalf of the user is known as which of the following ? intrusion detection system proxy server mail getway fire wall

[bishalac]

A ____ is a computer typically in an area with limited security and loaded with software and data files that appear to be authentic yet they are actually imitations of real data files ? demilitarized zone access control list honeypot port number

[bishalac]

Define the following terminologies with an example of cyber security . a ) Confidentiality b) Integrity C) Availability d) Encryption

Giri 3 marks each ko ho 4 5 line answer vaye hunxa

[sush4ntg]

7. Virus

[sush4ntg]

8. The type of attack that would cause this situation is a man-in-the-middle attack. In such an attack, an attacker intercepts and potentially alters the communication between two parties without their knowledge, causing the message content to be changed during transmission.

[sush4ntg]

9. The encryption method in BitLocker that prevents attackers from accessing data by using another OS or placing the hard drive in another computer is full disk encryption. Full disk encryption ensures that all data on the disk is encrypted and can only be decrypted by the authorized operating system and user.

[sush4ntg]

10. X.509 is the standard format for digital certificates.

[sush4ntg]

11. A process in which keys are managed by a third party, such as a trusted CA, is known as key escrow.

[sush4ntg]

12. The type of attack in which the threat actor takes advantage of web applications that accept user input without validating it before presenting it back to the user is cross-site scripting (XSS).

[sush4ntg]

13. When a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer, a buffer overflow attack occurs.

[sush4ntg]

14. The feature of cryptography used to prove a user's identity and prevent an individual from fraudulently reneging on an action is non-repudiation.

[sush4ntg]

15. A computer or an application program that intercepts a user from the internal secure network and then processes that request on behalf of the user is known as a proxy server.

[sush4ntg]

16. A honeypot is a computer typically in an area with limited security and loaded with software and data files that appear to be authentic yet are actually imitations of real data files.

[sush4ntg]

17.

a) In cybersecurity, confidentiality refers to safeguarding private data against illegal access or exposure. To guarantee data secrecy, for instance, encrypting confidential files makes sure that only individuals who are authorised and have the decryption key can access the information. b) Integrity guarantees that information is accurate, consistent, and unaffected during processing, transmission, and storage. Digital signatures and checksums, for example, can confirm the authenticity of files by identifying any unwanted changes or manipulation. c) Availability guarantees that information and assets are available and functional when required. By reducing downtime brought on by hardware failures or cyberattacks, the implementation of redundant systems and backups provides availability. d) The technique of encoding data to prevent unauthorised access is known as encryption. Using AES encryption, for instance, to protect crucial

[bishalac]

Rewrite the code below in the place provided for this question to ensure and maintain confidentiality of the information that should be protected in the code .

CREATE TABLE 'students' ( 'id' INT NOT NULL AUTO_INCREMENT, 'email' VARCHAR(50) NULL, 'password' VARCHA(55) NULL, PRIMARY KEY ('id');

insert into students (email,password) values ('cihe1765@student.edu.au', 'Gre812'); insert into students (email,password) values ('cihe8765@student.edu.au', 'Sec64d'); insert into students (email,password) values('cihe4433@student.edu.au', 'Rais535"); insert into students (email,password) values('cihe2288@student.edu.au', 'Dec@124'); insert into students (email,password) values('cihe1799@student.edu.au', 'Nrewt#12');

[sush4ntg]

d) Encryption is the process of converting data into a coded form to prevent unauthorized access. For example, using AES encryption to secure sensitive communications ensures that only authorized parties can decrypt and access the information.

yeslai milayerra chatgpt ho

[sush4ntg]

To ensure and maintain the confidentiality of sensitive information, such as passwords, you should hash passwords before storing them in the database. Here is the revised code with password hashing:

CREATE TABLE 'students' (
    'id' INT NOT NULL AUTO_INCREMENT,
    'email' VARCHAR(50) NULL,
    'password_hash' VARCHAR(255) NULL,
    PRIMARY KEY ('id')
);

-- Assume we're using a secure hashing function (e.g., bcrypt)
-- The actual hashing would be done in your application code, not in the SQL script.

-- Example hashed passwords (using bcrypt):
insert into students (email, password_hash) values ('cihe1765@student.edu.au', '$2a$12$KIXbQ/VlRlH1Vj1T1RvF/OP1yefP7zCrVzgFQpbD71qPiE3czYBtu');  -- 'Gre812'
insert into students (email, password_hash) values ('cihe8765@student.edu.au', '$2a$12$e4ui9wZB9OeBsXz8iIg3n.JV2eJ/yK0QJOmfV3hsmRf5PYmks/3d6');  -- 'Sec64d'
insert into students (email, password_hash) values ('cihe4433@student.edu.au', '$2a$12$G1y/a7uoxcFShc0R77cGHu/WYIwLs0ySe/OZCefwJ7LddY/Y8uWGW');  -- 'Rais535'
insert into students (email, password_hash) values ('cihe2288@student.edu.au', '$2a$12$so6BbR45ZhzgWoTT9SRy7OkfF9T0kIvR7zBPO.6oU1pD6TtkR0j1G');  -- 'Dec@124'
insert into students (email, password_hash) values ('cihe1799@student.edu.au', '$2a$12$0F2O9DE/CS.LwJkTkXlUG.TX90xz.MDhqFzRgEYZ2D1N.R/GBg5/S');  -- 'Nrewt#12'

Note: The hashed passwords provided above are placeholders. In practice, you should hash passwords using a secure algorithm (e.g., bcrypt) in your application code before inserting them into the database. The application code would look something like this (in Python, for example):

import bcrypt

password = 'Gre812'
hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())

print(hashed_password)

[bishalac]

yo last ko pheri double check hana ta answer

[bishalac]

messanger mah pathako photo ko answer deu ta yeha malae

[sush4ntg]

K garnu parne ho figure ma

[sush4ntg]

CREATE TABLE students ( id INT NOT NULL AUTO_INCREMENT, email VARCHAR(50) NULL, password_hash VARCHAR(255) NULL, PRIMARY KEY (id) );

-- Insert hashed passwords (these are examples, replace with actual hashed values from your application) INSERT INTO students (email, password_hash) VALUES ('cihe1765@student.edu.au', '$2a$12$KIXbQ/VlRlH1Vj1T1RvF/OP1yefP7zCrVzgFQpbD71qPiE3czYBtu'), -- 'Gre812' ('cihe8765@student.edu.au', '$2a$12$e4ui9wZB9OeBsXz8iIg3n.JV2eJ/yK0QJOmfV3hsmRf5PYmks/3d6'), -- 'Sec64d' ('cihe4433@student.edu.au', '$2a$12$G1y/a7uoxcFShc0R77cGHu/WYIwLs0ySe/OZCefwJ7LddY/Y8uWGW'), -- 'Rais535' ('cihe2288@student.edu.au', '$2a$12$so6BbR45ZhzgWoTT9SRy7OkfF9T0kIvR7zBPO.6oU1pD6TtkR0j1G'), -- 'Dec@124' ('cihe1799@student.edu.au', '$2a$12$0F2O9DE/CS.LwJkTkXlUG.TX90xz.MDhqFzRgEYZ2D1N.R/GBg5/S'); -- 'Nrewt#12'

[sush4ntg]

Here's the corrected SQL script with properly escaped characters and corrected table syntax:

CREATE TABLE `students` (
    `id` INT NOT NULL AUTO_INCREMENT,
    `email` VARCHAR(50) NULL,
    `password_hash` VARCHAR(255) NULL,
    PRIMARY KEY (`id`)
);

-- Insert hashed passwords (these are examples, replace with actual hashed values from your application)
INSERT INTO `students` (email, password_hash) VALUES 
('cihe1765@student.edu.au', '$2a$12$KIXbQ/VlRlH1Vj1T1RvF/OP1yefP7zCrVzgFQpbD71qPiE3czYBtu'),  -- 'Gre812'
('cihe8765@student.edu.au', '$2a$12$e4ui9wZB9OeBsXz8iIg3n.JV2eJ/yK0QJOmfV3hsmRf5PYmks/3d6'),  -- 'Sec64d'
('cihe4433@student.edu.au', '$2a$12$G1y/a7uoxcFShc0R77cGHu/WYIwLs0ySe/OZCefwJ7LddY/Y8uWGW'),  -- 'Rais535'
('cihe2288@student.edu.au', '$2a$12$so6BbR45ZhzgWoTT9SRy7OkfF9T0kIvR7zBPO.6oU1pD6TtkR0j1G'),  -- 'Dec@124'
('cihe1799@student.edu.au', '$2a$12$0F2O9DE/CS.LwJkTkXlUG.TX90xz.MDhqFzRgEYZ2D1N.R/GBg5/S');  -- 'Nrewt#12'

Key points to ensure correctness:

• Use backticks (`) for table and column names to avoid conflicts with SQL keywords.
• Correct the password_hash column name to indicate it stores hashed passwords.
• Ensure all SQL statements end with a semicolon.
• The inserted hashed passwords are placeholders. Generate the actual hashed passwords in your application using a secure hashing function such as bcrypt. Here’s an example of hashing passwords in Python using bcrypt:

import bcrypt

passwords = ['Gre812', 'Sec64d', 'Rais535', 'Dec@124', 'Nrewt#12']
hashed_passwords = [bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()).decode('utf-8') for password in passwords]

for password, hashed in zip(passwords, hashed_passwords):
    print(f"Password: {password}, Hashed: {hashed}")

Make sure to replace the example hashed passwords with those generated by your application code.

[bishalac]

chatgpt or grmini mah paste gara na photo answer dihalxa

[bishalac]

xitoo gara na makadix time xaina dheroi

[sush4ntg]

The image shows a diagram that represents a DNS spoofing (DNS cache poisoning) attack. Here’s a breakdown of the diagram and the attack process:

1. Attacker's Computer: The attacker initiates a request to the valid DNS server asking for the address of www.evil.net.
2. Valid DNS Server: The DNS server receives the request and forwards it to the attacker's DNS server.
3. Attacker's DNS Server: Instead of returning the actual IP address for www.evil.net, the attacker's DNS server responds with a set of malicious IP addresses (all pointing to 192.168.1.1) for various domains including www.good.net, www.better.net, and www.best.net.
4. Good User: When the good user tries to access www.good.net, the poisoned DNS cache directs them to the malicious IP address 192.168.1.1, controlled by the attacker.

Mitigation Techniques

To prevent DNS spoofing attacks like this, several mitigation techniques can be employed:

1. DNSSEC (Domain Name System Security Extensions): DNSSEC adds a layer of security to the DNS lookup and response process by enabling DNS responses to be digitally signed. This allows DNS clients to verify the authenticity and integrity of the response.

2. Using Secure and Trusted DNS Servers: Ensure that your DNS servers are secure and configured properly to avoid being compromised. Use reputable DNS providers that implement robust security measures.

3. Regular DNS Cache Clearing: Regularly clear DNS caches to prevent stale or poisoned DNS records from persisting.

4. Query Rate Limiting: Implement rate limiting on DNS queries to prevent attackers from overwhelming the DNS server with malicious queries.

5. Monitoring and Logging: Continuously monitor DNS traffic for unusual patterns and log DNS requests and responses to identify potential spoofing attempts.

6. Firewalls and Intrusion Detection Systems (IDS): Use firewalls and IDS to detect and block suspicious DNS traffic.

Implementing these techniques can significantly reduce the risk of DNS spoofing attacks and improve the overall security of the DNS infrastructure.

[bishalac]

kun wala ko answer ho yo

[sush4ntg]

1st pic