Take Quiz

Your name and email are stored only in your browser local storage for convenience. They are not retained server-side.

NameEmail

Question 1

What was the primary security rationale given by the CA/Browser Forum for reducing the maximum lifetime of code signing certificates from 39 months to 15 months starting March 1, 2026?

D. To eliminate the ability of malicious actors to use stolen certificates for long periods by enforcing quick revocation. A. To prevent theft of code signing certificates by requiring more frequent key rotation. C. No apparent security reason; the reduction was made despite hardware protections and primarily benefits certificate authorities financially. B. To align code signing certificate lifetimes with web server TLS certificate lifetimes for better security compatibility.

Question 2

In the context of MongoBleed (CVE-2025-14847), what specific programming mistake in MongoDB's handling of compressed messages led to the vulnerability?

B. Use of a deprecated cryptographic library causing buffer overflows during TLS communication. D. Incorrect permission settings on MongoDB configuration files exposing private keys to unauthorized users. A. Failure to check the actual decompressed size against the claimed decompressed size leading to returning uninitialized heap memory. C. Insufficient authentication checks before allowing write access to the database files.

Question 3

Why does Smart App Control (SAC) in Windows 11 represent a significant change in user control over application trust?

D. SAC only applies to apps downloaded from the Microsoft Store and ignores others. C. SAC enforces mandatory two-factor authentication for all new software installations. B. SAC cannot be disabled once enabled, and users cannot add exceptions for apps they trust. A. SAC allows users to whitelist any unsigned app and bypass code signing requirements easily.

Question 4

What security enhancement did the Python Package Index (PyPI) implement in 2025 to combat phishing attacks exploiting two-factor authentication (2FA)?

A. Mandatory hardware security keys (FIDO2) for all user logins. C. Complete removal of TOTP-based 2FA in favor of SMS-based codes only. D. Switching all users to single sign-on (SSO) authentication with third-party providers. B. Adding an email verification step for TOTP-based two-factor authentication to verify logins from trusted devices.

Question 5

According to the episode, what is the most significant policy failure that allowed MongoBleed to affect over 87,000 publicly reachable MongoDB instances?

D. Lack of effective intrusion detection systems on MongoDB servers to alert admins of in-memory data exfiltration attempts. C. Using an outdated version of MongoDB that lacks the latest TLS encryption support for its wire protocol. A. Default MongoDB configuration requires exposing TCP port 27017 publicly without firewall restrictions. B. Relying solely on database authentication mechanisms while unnecessarily exposing MongoDB instances publicly to the internet.

Cancel

Episode #1059 Quiz

Question 1

Question 2

Question 3

Question 4

Question 5