Computer Security 101 - Lesson 3 Quiz
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Computer Security 101 - Lesson 3 Quiz

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    Computer Security 101 - Lesson 3 Quiz

    Rather than dragging up all of the old Computer Security 101 Tutorial threads I thought I would just create a new thread to let everyone know that the quiz for the lesson is now available.

    Here is a link to the tutorial thread: Computer Security 101 - Lesson 3

    Here is a link to the quiz for this lesson: Computer Security 101 - Lesson 3 Quiz

    Have fun!

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    This questionnaire is extremely naive, its answers are wrong.

    Question 4:
    How many ports are there for TCP and UDP?

    a) 1024 b) Unlimited
    c) 32348 d) 65536

    Correct answer: 65535, seeing as port 0 does not exist and cannot be used, however it isn't an option. (Update: port 0 does exist, but apparently still cannot be used as implementations do not allow it to be used. I have yet to find any document which states this officially. )

    Question 10:

    The standard port used for file transfers using the FTP protocol is?

    a) 25 b) 80
    c) 21 d) 110

    Correct answer:

    None of them, FTP never uses any of those four ports on the source or destination for transferring files (port 21 is the ftp control port, and is only used for sending commands and responses) Instead it uses its data connection, which *sometimes* originates from port 20, but can be dynamically assigned

    Slarty

  3. #3
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    None of them, FTP never uses any of those four ports on the source or destination for transferring files (port 21 is the ftp control port, and is only used for sending commands and responses) Instead it uses its data connection, which *sometimes* originates from port 20, but can be dynamically assigned
    You already updated the number of ports issue so I won't address that.

    As for this one, I see your point and maybe I will change the wording to make the answer correct. The standard FTP port is 21 which is all I was trying to get at.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    The TCP port 0 issue is a bit of a weird one.

    In operating systems that use BSD sockets or a derivative of BSD sockets (for instance all Unix and Windows), the bind() function cannot bind a TCP or UDP socket to port 0. Therefore you can neither have a TCP socket listen on, nor attach a UDP socket to, port zero.

    I assume however, that under operating systems that don't use BSD sockets (like there are any?), then binding a TCP socket to port zero works.

    In principle I don't see any reason why you can't send traffic to port zero. It's just that the BSD sockets API does not allow applications to use TCP or UDP port zero.

    On a search of the internet I found a snort rule which matches TCP port zero traffic and flags it as an intrusion; I can see why - nothing can use it hence it is malformed (in practice) - even though it may be valid in theory.

  5. #5
    Doc d00dz Attackin's Avatar
    Join Date
    Mar 2003
    Location
    Florida
    Posts
    661
    I like these little tut you give us, and you tell us when they come out, Have you ever thought about make a book? Maybe like "How To book" or what about the old logo "Hackers know the weakness in your system, Shouldn't you." Just a thought.

    Cya
    First you listen, then you do, finally you teach.
    Duck Hunting Chat
    VirtualConvenience
    RROD

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Posts
    217
    also, once you miss one, the answers to the following answers occasionally showed up light purple, signifying they were wrong.
    i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.

  7. #7
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    also, once you miss one, the answers to the following answers occasionally showed up light purple, signifying they were wrong.
    Pretty tricky. Don't give away secrets to help others cheat. :-)

  8. #8
    Junior Member
    Join Date
    Jul 2002
    Posts
    18
    No offence, but I didn't find any security related question!?! Why so often Security 101 is more like Networking 101? I don't know if it's me, but I think it's important to know networking *before* security and not learning networking *with* security.

  9. #9
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    No offence, but I didn't find any security related question!?! Why so often Security 101 is more like Networking 101?
    Have you read any of the actual tutorials?

    I would suggest you go look at the actual Computer Security 101 series to get a feel for where it is coming from.

    You are right that there is more of a general networking and computer slant than security. That is by design. The series is designed to take a novice and give them an understanding for the technology and terminology behind it all. If you don't know what TCP or DNS are and you are totally confused when people say that you should "block a port" it is difficult for you to understand how or why you should secure it. The lessons get progressively more complicated, but even by the 10th lesson I will not have gone into steganography algorithms or anything so complex.

    In the future I will post more quizzes that are more difficult and not related to this Computer Security 101 series. I think these quizzes fit well with the lessons they relate to though and are good for the intended audience.

  10. #10
    Junior Member
    Join Date
    Jul 2002
    Posts
    18
    I agreed that is *essential* to know networking before security. From my point of view, is not enough to have a crash course in networking to be proficient in security. But, I'm working in computer security for some time now and sometime I forgot that not all material are for professional or semi-professional.

    I read some of the lessons, it's great for home users!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides