Quiz 15 | In.security | Page 1

honest robin May 8, 2023, 5:16 PM

#

1. If you found TCP port 3268 open on a host, what is the target operating system likely to be?
a) CentOS
b) Windows 10 Enterprise
c) Windows 2019
d) Ubuntu 20.04

2. Which cookie flag prevents the cookie from being sent over unencrypted connections?
a) Domain
b) Secure
c) HttpOnly
d) Path

3. Which cookie flag prevents the cookie from being read by client side JavaScript?
a) Domain
b) Secure
c) HttpOnly
d) Path

haughty island May 8, 2023, 5:18 PM

#

||C,B,C||

dark plume May 8, 2023, 5:25 PM

#

|| c, b, c||

hasty zinc May 8, 2023, 6:31 PM

#

|| 1) a - this is a wild guess because I have no idea
2) b - believe It should be security option, because httponly by the name sounds unencrypted as HTTP is unencrypted which we want to prevent, path doesn’t make much sense as an encryption route and domain I think should be answer to 3rd question
3) a - because excluding security and httponly, we are left with only path and domain, i don’t know which either do but domain sounds like something that would be related to preventing cookies from being read by client-side JS. ||

tired nest May 9, 2023, 10:24 AM

#

||

c - LDAP Queries to a GC in a forest get sent here
b
c
||

dark plume May 10, 2023, 2:49 PM

#

|| C, B, C ||

short ledge May 11, 2023, 6:23 PM

#

|| 1) C
2) B
3) C ||

rose flume May 15, 2023, 12:01 PM

#

||

B
B
C
||

honest robin May 15, 2023, 1:07 PM

#

honest robin **1. If you found TCP port 3268 open on a host, what is the target operating sys...

#

The answers are 1C, 2B, 3C!

1C
TCP 3268 is the Global Catalog, used for LDAP queries on Domain Controllers (and is therefore Windows 2019). Found on DCs that have info on everything in a forest.

2B
The Secure flag prevents a cookie from being sent over HTTP, ensuring it's sent over encrypted channels only (i.e. HTTPS). The Domain flag, if set, states which hosts are allowed to receive the cookie (defaults to host that set the cookie if not set and excludes subdomains). The HttpOnly flag prevents the cookie from being read by client side scripts, e.g. JavaScript (assisting in preventing XSS attacks for example), and the Path flag, if set, means that the cookie will only be sent if the requested URI includes the path, which must exist, e.g. a cookie set with Path=/support will only be sent if the request is GET /support or /support/ticket or /support/ticket/112/details etc.

3C
Answer above! 60fpsparrot