B.

Stealth/Tunneling virus

A.

Social Engineering

A.

A digital signature cannot be moved from one signed document to another because it is
the hash of the original document encrypted with the private key of the signing party.

B.

Androrat

B.

The attacker makes a request to the DNS resolver.

Explanation: https://ru.wikipedia.org/wiki/DNS_spoofing
DNS spoofing is a threat that copies the legitimate server destinations to divert the
domain's traffic. Ignorant these attacks, the users are redirected to malicious websites,
which results in insensitive and personal data being leaked. It is a method of attack where
your DNS server is tricked into saving a fake DNS entry. This will make the DNS server
recall a fake site for you, thereby posing a threat to vital information stored on your server
or computer.
The cache poisoning codes are often found in URLs sent through spam emails. These
emails are sent to prompt users to click on the URL, which infects their computer. When
the computer is poisoned, it will divert you to a fake IP address that looks like a real thing.
This way, the threats are injected into your systems as well.
Different Stages of Attack of DNS Cache Poisoning:
- The attacker proceeds to send DNS queries to the DNS resolver, which forwards the
Root/TLD authoritative DNS server request and awaits an answer.
- The attacker overloads the DNS with poisoned responses that contain several IP
addresses of the malicious website. To be accepted by the DNS resolver, the attacker's
response should match a port number and the query ID field before the DNS response.
Also, the attackers can force its response to increasing their chance of success.
- If you are a legitimate user who queries this DNS resolver, you will get a poisoned
response from the cache, and you will be automatically redirected to the malicious website.

C.

BetterCAP

B.

Replay attack

Explanation: Replay Attack could be a variety of security attack to the info sent over a
network.In this attack, the hacker or a person with unauthorized access, captures the traffic
and sends communication to its original destination, acting because the original sender.
The receiver feels that it’s Associate in Nursing genuine message however it’s really the
message sent by the aggressor. the most feature of the Replay Attack is that the consumer
would receive the message double, thence the name, Replay Attack.
Prevention from Replay Attack : 1. Timestamp technique –Prevention from such attackers
is feasible, if timestamp is employed at the side of the info. Supposedly, the timestamp on
an information is over a precise limit, it may be discarded, and sender may be asked to
send the info once more.2. Session key technique –Another way of hindrance, is by
victimisation session key. This key may be used one time (by sender and receiver) per
dealing, and can’t be reused.

D.

The internal operation of a system is completely known to the tester.

White-box testing (also known as clear box testing, glass box testing, transparent box
testing, and structural testing) is a method of software testing that tests internal structures
or workings of an application, as opposed to its functionality (i.e. black-box testing). In
white-box testing, an internal perspective of the system, as well as programming skills, are
used to design test cases. The tester chooses inputs to exercise paths through the code
and determine the expected outputs. This is analogous to testing nodes in a circuit, e.g. incircuit
testing (ICT). White-box testing can be applied at the unit, integration and system
levels of the software testing process. Although traditional testers tended to think of whitebox
testing as being done at the unit level, it is used for integration and system testing
more frequently today. It can test paths within a unit, paths between units during
integration, and between subsystems during a system-level test. Though this method of
test design can uncover many errors or problems, it has the potential to miss
unimplemented parts of the specification or missing requirements. Where white-box testing
is design-driven,[1] that is, driven exclusively by agreed specifications of how each
component of the software is required to behave (as in DO-178C and ISO 26262
processes) then white-box test techniques can accomplish assessment for unimplemented
or missing requirements.
White-box test design techniques include the following code coverage criteria:
· Control flow testing
· Data flow testing
· Branch testing
· Statement coverage
· Decision coverage
· Modified condition/decision coverage
· Prime path testing
· Path testing