Fresco Play Training 2
Fresco Play Training 2
----------------------------------
1.Burp Suite is a proxy tool. --->true
2.You can change the request body from “HTTP History Tab”. --->false
3.Sequencer helps to attack a site. --->false
4.“HTTP History Tab” helps to capture all the host URLs. --->true
5.When Intercept is on, the request will hit the ________. --->burp proxy
6.Which one attacks with a single payload? --->Battering Ram
7.“Site Map” helps to capture only the specified URL. --->false
8.Comparer helps to compare both words and bytes. --->true
9.You can check the response in Intercept tab. --->false
10.Which one of these options helps to identify the flaws automatically?
--->Scanner
11.When Intercept is on, you can __________. ---> forward a request or
both(check)
12. Which of these options will perform all the possible combination of attacks?
Cluster bomb
13.What type of attack helps to send multiple payloads to attack? --->both
pitchfork & cluster
14.You can change the session and token id with the help of Sequencer. --->false
15.Burp Suite certificate helps to access an HTTPS website. --->true
16.Which of the following option is a false statement about request manipulation
in Burp Suite? --->The Decoder tool is used
to identify the differences between the failed log in responses using invalid
and valid usernames.
17.Which of the following option is correct about cluster bomb attack? --->It
uses multiple payload sets
And The total number of requests generated by the attack is the product of
the number of payloads.
18.SSL Handshake is used in HTTP. --->true
19.Which of the following option is applicable for “Action” control for the
panel in intercepting request?
--->It is used to check the proxy history and on the intercepted responses.
(wrong)
20.What is the role of the sequencer in request manipulation in Burp Suite?
--->To check the strength of random values
AND It defines the application's status in terms of sessions
21.A Sequencer helps to attack a site. --->false
22.Which of the following application is about extending Burp proxy? --->All the
option
23.What are the tasks related to Burp Proxy for intercepting and manipulating
the request? --->All the option
24.What is the role of Burp suite proxy in handling requests in the web
application?
--->The user needs to log into the Burp Suite for the responses and requests
that pass through each of the proxies.
25.What is the task of “Forward” control in intercepting Burp Suite request?
--->It shows a menu of available actions that can be performed on the
currently displayed message.(wrong)
26.Which of the following option is true about XSS with Burp-Repeater tool?
--->This tool checks the cross site scripting vulnerability AND This tool
uses a Java script syntax like code to check the vulnerability.
27.Does “HTTP History Tab” help to capture all the host URLs? --->true
28.Which of the following Burp suite tools is used for web application mapping?
--->proxy(wrong)
________________________________________________________________________________
________________________________________________________________________________
_______
________________________________________________________________________________
________________________________________________________________________________
_______
Advanced Statistics and Probability(in Data Science)
---------------------------------------
1. Independent variables refer to those variables _________. --->Whose values
are known during the experiment(wrong)
2. Multivariate data analysis is an application of ________. --->Multivariate
Statistics(wrong), All the options(wrong)
3. Use of only one variable to describe data is known as _____________.
--->Univariate data analysis
4. Dependent variables refer to those variables __________. Whose variation is
analyzed
5. ________ is an example of Multivariate analysis in which relationship exists
between a dependent variable and independent variable/variables.
--->Partial Least Squares Regression
6.What is done when a new data in the sub Interval is added? --->One bin is
added on the top
7.The least number of coordinates required to showcase a point is _________.
--->Dimension
8.What is the drawback of using Kernel density estimation's Histogram method?
--->Plot is not smooth
9.If the area under the PDF curve is zero, then __________. --->Probability = 0
10.Stochastic variables are also known as ___________. --->Random variables
11.Principal component analysis reduces ____________. --->Both the
options(wrong)
12.What is prior probability? --->Probability distribution done with a lack of
evidence.
13.What are the characteristics of Markov process? --->Both the options
14.What is density estimation? --->It estimates probability density function.
15.Lurking variable remains _________________. --->Hidden during the analysis
16.If time space or state space is discrete, ___________. --->Markov process can
be termed as discrete-time Markov chains
17.We use __________________ in histogram for sub intervals. --->bins
18.What is posterior probability? --->The conditional probability of the event
after the evidence is taken into consideration!
19.What are the features of probability density function? --->All the options
20.What are kernels? --->All the options
21.What is Random walk? --->We cannot predict the outcome in advance.
22.What is multivariate statistics? --->All the options
________________________________________________________________________________
________________________________________________________________________________
______
________________________________________________________________________________
________________________________________________________________________________
______
Security Analytics with Apache Metron(Digital Security)(Many answers wrong)
---------------------------------------------------------------------------
1.Machine Learning models can be adopted in Metron for ________ --->all the
given options
2.Metron Provides support for multiple types of data through its __________
--->Pluggable framework
3.Metron Data Capture supports the protocols such as _______ --->all the given
options
4.Timestamp in Metron is parsed in ________ ---> UTC format
5.Apache Metron in Deployment is __________ --->centralised
6.Apache Metron is built on top of _________ --->Apache Open Source
Technologies
7.Which of the following is an Example of Threat Intel feeds in Metron?
--->Soltra
8.Stellar is a ___________ --->Domain specific language
9.Enrichment configuration can be stored on _________ --->zookeeper
10.What is the order of stages in Stream Processing Pipeline. a) Theat Intel b.)
Telemetry Parsing c.) Index and Write d.) Alert Triage e.) Enrichment
--->b,e,a,d,c
11.Metron Stream Processing is built on top of --->Apache Storm
12.Stellar Expressions can be used in telemetry parsing as part of ______
--->cannot be used in telemetry parsing
13.Threat Intel Feeds can be __________ --->all the given options
14.Client for MaaS is written in _____ --->java
15.Select the Correct order of nested data in a JSON file which is processed in
the pipeline --->enrichment -> threatIntel ->triageConfig
16.ElasticSearch uses --->Kibana Indexing
17.Hail a Taxi is _________ --->External Stix Feed
18.Risk Level is determined through --->riskLevelRules.
19.Identify Threat Intel Storages --->Hbase
20.Solr and ElasticSearch Indices are supported __________ --->as they are
random access indices
21.Profiler can be configured for entities like --->all the given options
22.Which of the following statements regarding MetaalertDao is/are TRUE --->It
denormalizes the relation between alerts and metaalerts
23.DPI(Deep Packet Inspection) Data is best to be extracted only for ___________
--->Netflow protocol
24.In Telemetry Parsing Stage ________--->data normalization takes place
25.UDFs are supported by Stellar --->true
26.bulk loaded and streamed into a threat intelligence store --->Key – Value
Pair
27.Identify the Stellar Function which is NOT VALID --->IS_SUBNET
28.Default Indexer of Metron is ____________ --->HDFS, either Solr or
Elasticsearch
29.Pick out the Stellar Keyword among the following. --->NaN
30.Who among the following is considered to be an advanced SME w.r.t Apache
Metron Platform _____________ --->SOC Investigator
31.MaaS scaling can be done through ______ --->REST
32.Soltra is a --->Threat Intel Feed aggregator
33.Data to create a profiler is collected --->all the given options
34.HDFS Index updates are supported in Metron. --->No, Only Random Access Index
updates are supported
35.Apache Metron do NOT have a dependency on _______ --->none of the options ,,,
ansible,,,python
36.How does Network Intrusion Detection System works? --->all the given options
37.Metron apart from in-built Geo Enrichment supports --->all the given options
38.Stellar is Integrated into Metron Components such as ________ --->Global
Validation and Threat Triage
39.Consider you are a store owner operating your own website for the people of
your Town.
What can be ideal for maintaining security of the shopping platform on your
site? --->Metron
40.Zeppelin Interpreter do NOT support --->Cassandra
41.When Machine Learning models are employed for threat intelligence what is
considered to be an infrastructure challenge? --->Type of adopted model
42.Threat Intel Store is based on --->Key-value pair
43.Which of the following is NOT a component of parsing topology? --->Storm
parser spout
44.Consider you are trying to parse telemetry of a application which uses a
custom API. Its telemetry is highly complex and the data is generated at a rapid
rate.
What is an ideal parsing strategy for the scenario? --->Modify a Grok Parser
while using JVM parser as stop gap ,,,, Use in-built Grok Parser,,,,Write and
use a Custom JVM parser
45.How does Network Intrusion Detection System works? --->all the given options
46.What happens when a specific no.of entries are not populated in batchTimeout
specified? --->Entries are flushed out
47.Validation of data entering Metron can be validated ___________ --->all the
given options ,,,partially at the time of ingestion
48.What are the feeds in Metron? --->Threat Intel
49.Stellar supports Regular Expressions. --->true
50.Parallel Enrichment is available on Metron by default --->false
________________________________________________________________________________
________________________________________________________________________________
______
________________________________________________________________________________
________________________________________________________________________________
______
Secure Programming Practices(in digital security)
---------------------------------------------------
1.To improve the overall quality of web applications, developers should abide by
which of the following rules? --->Clean and validate all user input}
2.Which of the following is not an authorization type? --->User Access Control
3.Temporarily files created by applications can expose confidential data if:
--->File permissions are not set appropriately}
4.Exception Handling refers to: --->All the options
5.It is a good programming practice to prevent caching of sensitive data at
client or proxies,
by implementing which of the following? --->"Cache-Control: no-cache, no
store"
6.Which of the following is not an appropriate method to make an authentication
mechanism secure? --->Providing default access.
7.When valuable information has to be transmitted as part of a client request,
which of the following mode should be used? --->POST method with a suitable
encryption mechanism
8.Which of the following statement is not true regarding Error Handling and
Logging? --->All errors generated by internal components such as system calls,
database queries, and other internal functions, should be handled by the
application’s exception handler.
9.In a multi-staged login mechanism, which of the following regarding
application security should be ensured by the developer?
--->Credentials given during the previous stage should be saved in a persistent
cookie, and the current stage supplier credentials must be validated at the
server end.
10.Which of the following is not an authentication method? --->Form-based
11.Through a successful format-string attack against a web application,an
attacker is able to execute which of the following actions? --->All the options
12.Authentication and session management are security concerns of which of the
following programming languages? --->ALL
13.Identify the correct statement in the following: --->ALL
14.Identify the correct statement in the following: --->Vulnerability is a
security weakness.
15.Which of the following is true about improper error handling? --->All }
16.Securing a database application with username/password access control should
be considered sufficient: --->Only when combined with other controls}
17.From application security perspective, why should a CAPTCHA be used in a web
application? --->To prevent scripted attacks
18.Which of the following algorithm/encryption method is the safest to use?
--->Block Ciphers using Electronic Code Book (ECB) mode
19.Which of the following statement is correct? --->Properly validated inputs
improve the security of an application.
Client and server-side validation improve web application security.
20.Setting the cookie flag to which of the following mode is a good programming
practice? --->locked
21.Proprietary protocols and data formats are: --->Unsafe, because they rely on
security by obscurity.
22.Which of the following methods can be used by the client and server to
validate user input? ---> A) and B)
23.What is the purpose of Audit Trail and Logging? --->ALL
24.A race condition in a web server can cause which of the following? --->All
25.Which of the following is a security advantage of managed code over unmanaged
code? --->Size of the attack surface
26.Identify the correct statement in the following: --->Authorization validates
user identity.
27.Which of the following is not recommended to secure web applications against
authenticated users? --->Filtering data with a default deny regular expression
28.From application security perspective, why should a CAPTCHA be used in a web
application? --->To prevent scripted attacks
29.Identify the correct statement in the following: --->None of the above
options.
30.Which of the following are secure programming guidelines? --->A), B) and C)
31.Security check can be enforced at compile time by: --->A) and C)
________________________________________________________________________________
________________________________________________________________________________
____
________________________________________________________________________________
________________________________________________________________________________
______
Typography(in User Experience)
-------------------------------------
1.Helvetica is a serif font. --->false
2.______ is the space between letters and varies per character to create
comfortable looking typography. --->kerning
3.The final one or two lines of a paragraph which break to form a new column is
called _______. --->Orphan
4.The distance between the baseline and ascender line is called __________.
--->Ascender height
5.The horizontal position of a type is called _________. --->Alignment
6.In _______ text alignment, the text takes the shape of a concrete object.
--->Concrete
7.______ is the amount of spacing between the characters of a word or a text
block. --->Tracking
8.The orientation of a curved character is called __________. --->stress
9.em of a 10 point type is equal to _______. --->100 points(wrong)
10.The small stroke extending from the bowl of a 'g' or 'r' is called
__________. --->Ear
11.The part of a letter which falls below the baseline is called __________.
--->Descender
12.The distance between the baseline and mean line is called __________. --->x-
height
13.__________ has a lighter stroke than the regular style. --->Light
14.The height of capital letters or the distance between the baseline and cap
line is called __________. --->cap height
15.Which text alignment has the text wrapped around an image? --->Runaround
16.The fonts that have a small stroke at the end of the main horizontal or
vertical stroke is called __________. --->Serif
17.__________ has a wider stroke than the regular style --->BOLD
18.Tracking varies per character to create comfortable looking typography.
--->true
19.The space inside a bowl is called __________. --->Counter
20.The characters that are aligned with the descender line are called
__________. --->Subscript
21.A stroke that joins two parts of a letter is called __________. --->Link
22.Different typefaces with the same point size can have different x-heights.
--->true
23._______ is the white space formed between the words of a justified body text.
--->rivers
24.A wider version of the regular style is called __________. --->Extended
25.__________ is a measurement used to specify the length of a line. --->Pica
26.Times New Roman is a serif font. --->true
27.______ is the amount of spacing between the characters of a word or a text
block. --->Tracking
28.A slanted version of the regular style is called __________. --->Italics
29.__________ is a unit of relative measurement derived from the uppercase
letter 'M'. --->Em
30.Measurements of fixed values are called __________. --->Absolute Measurements
31.The distance between the baseline and descender line is called __________.
--->descender height
32.Serif strokes help to lead the eye while reading a sentence. ---> true
33.The fonts without a serif are known as __________. --->Sans-serif
34.Serifs help the eye while reading a sentence. --->true
35.The curving stroke of 'S' is called __________. --->spine
36.A set of characters, numbers, and symbols with the same unique design is
called _________. ---> typeface
37.__________ is the basic style of typeface that is most commonly used for body
text. --->Regular or Roman
38.The angle formed at the bottom of a letter when strokes meet is called
__________. --->vertex
39.The orientation of a curved character is called __________. --->stress
40.In _______ text alignment, the lines not aligned with each other.
--->Asymmetric
41.The part of a letter which extends above the x-height is called __________.
--->Ascender
42.The joining of two or three separate characters to form a single unit to
avoid interference is called _______. Ligature
43.The space that encloses space in circular letterforms is called __________.
--->Bowl
________________________________________________________________________________
________________________________________________________________________________
_______
________________________________________________________________________________
________________________________________________________________________________
_____
Color Theory(in User Experience)
-------------------------------------