CBSE - Certified Blockchain Security Expert Node and Network Security Questions and Answers

Question 1

A blockchain network administrator is hardening a new full node to minimize its attack surface. Which of the following is the MOST critical first step to protect the node from known software vulnerabilities?

Accepted Answer

Ensuring the blockchain client software and operating system are fully patched and up to date.

Answer

The most critical initial step in hardening any server, including a blockchain node, is to patch and update all software. Attackers frequently exploit known vulnerabilities in outdated software to gain access. While HIDS, RBAC, and encryption are all important security controls, they are secondary to ensuring the fundamental software components are not exposed to well-known exploits.

Question 2

In a Sybil attack against a proof-of-stake blockchain, what is the primary resource an attacker leverages to gain disproportionate influence over the network?

Accepted Answer

Control over a large amount of the network's staked cryptocurrency.

Answer

In a proof-of-stake (PoS) system, influence (such as the ability to validate transactions and create new blocks) is proportional to the amount of cryptocurrency a user is staking. A Sybil attack in a PoS context involves an attacker using a large stake, possibly distributed across many addresses they control, to gain undue influence. While having many IP addresses can help create the illusion of many participants, the core of the attack's power in PoS comes from the staked capital, not computational power (as in PoW) or just the number of node identities.

Question 3

A security analyst observes that a specific mining node has been isolated from the main network. The node's peer connections are all being routed to a set of malicious nodes controlled by an attacker. The victim node is being fed an alternate, fabricated version of the blockchain, causing it to waste its computational resources on an orphaned chain. What type of attack is being described?

Accepted Answer

An Eclipse Attack

Answer

This scenario perfectly describes an Eclipse attack. The key characteristic is the isolation of a target node by monopolizing all its incoming and outgoing connections. The attacker then controls the information flow to the victim, effectively 'eclipsing' its view of the legitimate network and feeding it a false reality, which can lead to double-spending or splitting the network's mining power.

Question 4

Which of the following is a primary defense mechanism at the network layer to mitigate the risk of an Eclipse attack on a blockchain node?

Accepted Answer

Increasing peer diversity by connecting to nodes across various IP addresses and autonomous systems (ASNs).

Answer

An Eclipse attack works by an attacker monopolizing a node's connection slots. A primary defense is to make this monopolization difficult. By ensuring the node connects to a diverse set of peers across different IP ranges, subnets, and Autonomous Systems (ASNs), the likelihood of an attacker controlling all possible connection points is significantly reduced.

Question 5

A public blockchain network is experiencing a volumetric Distributed Denial-of-Service (DDoS) attack where nodes are being flooded with an overwhelming amount of transaction and peer discovery requests, exhausting their bandwidth. Which technique would be most effective in mitigating this type of attack?

Accepted Answer

Implementing rate limiting on API endpoints and filtering traffic with a Web Application Firewall (WAF) or similar service.

Answer

Volumetric DDoS attacks aim to consume all available bandwidth. The most direct and effective mitigation is to filter the malicious traffic before it reaches the node. Implementing rate limiting restricts the number of requests a single IP can make in a period, and using a WAF or a DDoS scrubbing service can help distinguish and block malicious traffic from legitimate traffic.

(CBSE) Certified Blockchain Security Expert Practice Test

(CBSE) Certified Blockchain Security Expert Practice Test

CBSE - Certified Blockchain Security Expert Node and Network Security Questions and Answers