TU Wien:Privacy-Enhancing Technologies VU (Weippl)/2023W TUWEL-Quizzes

Aus VoWi
Zur Navigation springen Zur Suche springen

Test yourself[Bearbeiten | Quelltext bearbeiten]

Here you can test yourself: click here.


Mehrfachauswahl möglich!

1. Introduction - OSINT[Bearbeiten | Quelltext bearbeiten]

Which of the following statements about OSINT are correct?[Bearbeiten | Quelltext bearbeiten]

  1. OSINT is used to de-anonymize individuals in criminal investigations.
  2. OSINT is the collection and analysis of data gathered from open sources.
  3. OSINT is an exclusive military strategy that relies on closed source data.
  4. OSINT relies primarily on data from "Freedom of Information" requests.

correct: 1,2

Public data from the Strava Fitness App enabled OSINT to ...[Bearbeiten | Quelltext bearbeiten]

  1. Identify hidden military bases.
  2. Access heart rate information of well-known celebrities.
  3. Discover individuals with bad health habits.
  4. Map walking paths of guards protecting critical infrastructure.

correct: 1,4

What are "Google Dorks" and how are they used in OSINT?

  1. Google Dorks are employees of Google with special access to closed Google search data.
  2. Google Dorks rely on Google Search features to gather OSINT information.
  3. Google Dorks are a paid feature of Google Search.
  4. Google Dorks rely on public information of Google Search.

correct: 2,4

2. Anonymity - Nym[Bearbeiten | Quelltext bearbeiten]

Which of the following technologies are building blocks of the Nym Privacy Infrastructure? [Welche der folgenden Technologien sind Bausteine der Nym Privacy Infrastructure?][Bearbeiten | Quelltext bearbeiten]

  • Tor hidden services.
  • Cryptocurrencies.
  • Anonymous credentials.
  • I2P services.

correct: 2, 3

The Nym Network ... [Das Nym-Netzwerk ...][Bearbeiten | Quelltext bearbeiten]

  • hinders timing analysis by employing cover traffic. [erschwert Zeitanalysen durch den Einsatz von Cover Traffic.]
  • builds upon mix nodes exclusively operated by Nym Technologies S.A. [baut auf Mix-Knoten auf, die ausschließlich von Nym Technologies S.A. betrieben werden.]
  • enables one-way communication without the possibility of replying to messages. [ermöglicht Einwegkommunikation ohne die Möglichkeit, auf Nachrichten zu antworten.]
  • is a high-latency mix network for sending anonymous messages. [ist ein Mix Netzwerk mit hoher Latenz für den Versand anonymer Nachrichten. ]

correct: 1

3. Censorship[Bearbeiten | Quelltext bearbeiten]

Which of the following statements about Domain Fronting are correct? [Welche folgenden Aussagen über Domain-Fronting sind korrekt?][Bearbeiten | Quelltext bearbeiten]

  • Domain Fronting hides the censored endpoint in legitimate traffic. [Domain-Fronting versteckt den zensierten Endpunkt in legitimen Traffic]
  • Domain Fronting does not work anymore because it is possible for censors to detect the hidden content. [Domain-Fronting funktioniert nicht mehr weil Zensoren den versteckten Inhalt entdecken können.]
  • Domain Fronting works because it creates collateral damage if blocked. [Domain-Fronting funktioniert weil es Kollateralschaden verursacht wenn es blockiert wird.]
  • Domain Fronting can be used in Tor. [Domain-Fronting kann in Tor verwendet werden.]

correct: 1, 3, 4

The Firewall of China works with the following methods ... [Die Firewall von China arbeitet mit den folgenden Methoden ...][Bearbeiten | Quelltext bearbeiten]

  • Active probing to detect and block Tor bridges. [Aktives testen, detektieren und blockieren von Tor-Bridges.]
  • DNS modification [DNS-Modifikationen]
  • Manual verification using checklists. [Manueller Abgleich mit Checklisten]
  • Breaking the symmetric AES encryption in TLS1.3. [Brechen von symmetrischer AES Verschlüsselung innerhalb von TLS1.3.]

correct: 1, 2

4. Secure Messaging[Bearbeiten | Quelltext bearbeiten]

According to the talk: What are properties that many people think of when they argue for decentralized messaging systems? [Gemäß des Vortrags: Was sind Eigenschaften an die Personen denken, wenn sie für dezentralisierte Messaging Systeme argumentieren?[Bearbeiten | Quelltext bearbeiten]

  • Less complex systems
  • Censorship resistance
  • Privacy
  • Easy of use

correct: 2, 3

5. TLS[Bearbeiten | Quelltext bearbeiten]

Which statements regarding DoH and DoT are true?[Bearbeiten | Quelltext bearbeiten]

  • DoH is a more complex protocol, so it is harder to implement.
  • DoT can be easily blocked.
  • DoH allows DNS resolution on application level
  • DoH uses the TCP port 853.

correct: 2, 3

6. Tor[Bearbeiten | Quelltext bearbeiten]

What is Arti?[Bearbeiten | Quelltext bearbeiten]

  • Arti is already available and used en-large.
  • The name of the Tor implementation in C.
  • The name of one the developers of Tor.
  • A complete reimplementation of the Tor codebase in Rust.

correct: 4

Which statement about "Snowflakes" in the context of Tor is/are true?[Bearbeiten | Quelltext bearbeiten]

  • There are currently about 150.000 available.
  • Snowflakes are browser extensions that are used to facilitate access to the Tor network in case of Internet censorship.
  • Snowflakes are the exit relays of the Tor browser.
  • There are currently about 15 million Snowflakes.

correct: 1, 2

7. Web Privacy - AdGraph[Bearbeiten | Quelltext bearbeiten]

Which primary challenge does AdGraph research address?[Bearbeiten | Quelltext bearbeiten]

  • The lack of public ad- & tracker filter lists.
  • The scalability of manually curated ad- & tracker filter lists.
  • The accuracy of tailored online advertisement and user interests.
  • The accuracy of crowdsourced ad- & tracker filter lists.

correct: 2, 4

The researcher's choice to benchmark AdGraph against Adblock Plus ...[Bearbeiten | Quelltext bearbeiten]

  • is potentially skewed because Adblock Plus is not considered a state-of-the-art ad filtering browser extension.
  • is representative because Adblock Plus is currently considered the most effective ad filtering browser extension.
  • showed that AdGraph improved loading times as compared with Adblock Plus's default filter lists.
  • showed that Adblock Plus outperformed filter lists generated by AdGraph.

correct: 1, 3

8. VPN[Bearbeiten | Quelltext bearbeiten]

What is the gist of the “bypassing tunnels” paper which was published at USENIX Security 2023?[Bearbeiten | Quelltext bearbeiten]

  • An attacker can trick a client device into thinking the target server is on the same local network, thus bypassing the VPN connection to that server.
  • Only macOS and iOS devices were found to be immune against the described attacks.
  • They broke the used cryptography in VPN implementations.
  • The described attack requires the attacker to have root permissions on the victim device to change the routing table.

correct: 1

What information is used in fingerprinting TLS connections using JA3?[Bearbeiten | Quelltext bearbeiten]

  • the browser user agent string.
  • The ip address of the server.
  • The offered elliptic curves & their points in the client handshake.
  • The accepted CipherSuites from the client device.

correct: 3, 4

Which statement regarding the differences between JA3 and JA4 is/are true?[Bearbeiten | Quelltext bearbeiten]

  • JA4 can work with QUIC and encrypted client handshakes (ECH).
  • JA3 is MD5, JA4 is 3 part modular encoding.
  • JA3 could already handle QUIC and encrypted client handshakes.
  • JA3 is 3 part modular encoding, JA4 is MD5.

correct: 1, 2

Abgerufen von „https://vowi.fsinf.at/index.php?title=TU_Wien:Privacy-Enhancing_Technologies_VU_(Weippl)/2023W_TUWEL-Quizzes&oldid=169920