Cybersecurity Coursera

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Consider the one-time pad over the message space of 5-bit strings, where Pr[M=00100] = 0.1 and Pr[M=11011] = 0.9. What is Pr[C=00000]? Express your answer to 5 decimal places with a leading 0. I.e., if your answer was 1/2, then you would enter 0.50000 (without a trailing period).

0.03125

What is the modular multiplicative inverse of 5(mod 38)? (hint: use Euler's Theorem, square and multiply).

23

What is [5^80 mod 79]? (Note that 79 is prime. Don't use a calculator/computer!)

25

The Montgomery reduction of 25 modulo 109 w.r.t. 128 is (just enter your answer, for example, 6)

30

If you run the symbolic maze program so that it finds all solutions, not just one, how many are there?

4

Continue from the previous question, what is c′=(a′b′)R−1(mod 109)?

41

Log in as [email protected] — this is possible in a variety of ways, including SQL injection. Then look at his previous orders and answer the question: What credit card number did he use to make a purchase of $46.95 (multiple answers are possible, but we will accept all of them) ?

5500000000000004

Continue from the previous question, what is c=ab(mod 109)?

71

The following 4 questions are on how to use Montgomery Reduction method to compute 67×58(mod 109). Here we have a=67,b=58,N=109. We pick R=128 and we know that N−1=101(mod 128). What is a′=aR(mod 109)? Write the number only, no need to append (mod 109).

74

What was your favorite part of this class?

Encryption

BadStore uses cookies to implement session keys, once you've authenticated, and to track the contents of the cart, once you've added something to it. You can inspect these cookies in use by BadStore in various ways. One way is to do an XSS attack on the guest book. Get the guest book to run the code <sсriрt>alert(document.cookie)</scriрt> and it will tell you the current cookies. (Be sure you have popups enabled on your browser or this won't work.) Alternatively, you can examine the cookies directly using Firefox developer tools. Recall that cookies are pairs key=value. What is the key name of the session cookie?

SSOid

Name another symbolic variable set in the path condition identified by KLEE that crashes wisdom-alt2.

r

After executing the symbolic maze, what was the data value of the 'program' object? (Hint: it will be a string of the lowercase letters s, d, w, and a.)

sddwddddsddw

How many elements are in the group Z403∗​? (Note that 403=13⋅31.) · 290 · 402 · 403 · 360

· 360

A program indexes a buffer after a pointer to that buffer has been used as a parameter to the free()free() function. This is · A violation of temporal memory safety · Correct behavior · A violation of spatial memory safety · An information flow violation

· A violation of temporal memory safety

Which of the following is NOT a standard observation method · Assisted Use · Silent Observer · Constructive Interaction · Think Aloud

· Assisted Use

In the node duplication example for fingerprinting graph coloring solutions, (see slide "Fingerprinting: Node Duplication", page 4 in "Fingerprinting"), if we add a new node B' as the duplicate of node B, which nodes should B' be connected to? Check all that apply. · F · B · A · D · E · C

· B · A · D · C

Which of the following is NOT a method for obtaining a second factor authentication code? · From an app designed to create codes · Off a device that generates codes · In a text message · Choosing a memorable year in one's life

· Choosing a memorable year in one's life

True or false: The optical side channel attacks are rare because they require expensive equipment. · True · False

· False

Which of the following is an example of a message authentication code used widely in practice? · HMAC. · CBC-mode encryption. · SHA-1. · AES.

· HMAC.

Let H,H′ be collision-resistant hash functions. Which of the following functions H′′ is NOT necessarily collision-resistant? · H′′(x)=H(x)⊕H′(x). · H′′(x)=H(x)∥H′(x), where ∥∥ denotes concatenation. · H′′(x)=H(H′(x)). · H′′(x)=H(x)∥0...0, where ∥∥ denotes concatenation.

· H′′(x)=H(x)⊕H′(x).

Encrypting a password database is an example of what category of design principle? · It is an example of defense in depth · It is an example of favoring simplicity · It is an example of monitoring and recovery · It is an example of trusting with reluctance

· It is an example of defense in depth · It is an example of trusting with reluctance

In a return-oriented program (ROP), what is the role of the stack pointer? · It's like the frame pointer in a normal program · It's really no different than in a normal program · It's like the allocation pointer used by malloc() · It's like the program counter in a normal program

· It's like the program counter in a normal program

The stack is memory for storing · Local variables · Program code · Dynamically linked libraries · Global variables

· Local variables

Is a 12-year old in 7th grade able to give informed consent to this policy? · Yes · No

· No

Which of the following is not a type of biometric authentication? · Facial recognition · PIN code · Voice analysis · Free gesture

· PIN code

What is escaping an example of? · Blacklisting · Sanitization · Checking · Whitelisting

· Sanitization

Which of the following are factors to consider in designing usable interfaces? · The users' expertise and experience with computers. · The impact the interface will have on the cost of the system. · The efficiency of the code that runs the system.

· The users' expertise and experience with computers.

Which of the following is the multiplicative inverse of 10 modulo 15? · 10 · 1 · 5 · There is none, since gcd(10,15) ≠1.

· There is none, since gcd(10,15) ≠1.

HCI is based on an understanding of human's cognitive abilities. · True · False

· True

True or false: Alternatives to privacy policies can be as effective in teaching users about how their data is shared. · True · False

· True

Which of the following gives the 3rd root of 92 modulo 187? (Note that 187=11⋅17.) · [92^3mod187] · [92^107mod160] · [92^107mod187] · [92^160mod187]

· [92^107mod187]

Which of the following is a negligible function? (Check all that apply.) · f(n) = n/2^n · f(n) = 1/2^n · f(n) = 1/n. · f(n) = 1/2

· f(n) = n/2^n · f(n) = 1/2^n

Which of the following passwords is most secure? · abc123 · As34df · d0gz&c4Ts · sometimes extra student clever

· sometimes extra student clever

What is "chunking"? • Repeating information over and over to help memorize it. • Aggregating several pieces of information into coherent groups to make them easier to remember. • Breaking a long list of pieces of information into smaller groups.

• Aggregating several pieces of information into coherent groups to make them easier to remember.

Consider the Vigenere cipher over the lowercase English alphabet, where the key can have length 1 or length 2, each with 50% probability. Say the distribution over plaintexts is Pr[M='aa'] = 0.4 and Pr[M='ab'] = 0.6. What is Pr[C='bb']? Express your answer to 4 decimal places with a leading 0, i.e., if your answer was 1/2 then you would enter 0.5000 (without a trailing period).

0.0084

Consider the Vigenere cipher over the lowercase English alphabet, where the key can have length 1 or length 2, each with 50% probability. Say the distribution over plaintexts is Pr[M='aa'] = 0.4 and Pr[M='ab'] = 0.6. What is Pr[M='aa' | C='bb']? Express your answer to 4 decimal places with a leading 0, i.e., if your answer was 1/2 then you would enter 0.5000 (without a trailing period). Note: carry out the calculation exactly (i.e., do not use the truncated result that you entered as your answer in the previous question) before truncating your answer to 4 decimal places.

0.9473

Bob is designing a digital system to implement the multiplication table. When two single-digit integers (0-9), e.g. 4 and 7, are entered, the system will output their product (28 in this case). When both input and output are expressed in binary, the system should have 8 bits as input (4 bits for each number) and 7 bits as output (the largest output is 81 and needs no more than 7 bits). There are 2^8 = 256 combinations for the 8 input bits. However, for the multiplication table, there will be only 100 entries (axb with both a and b go from 0 to 9). So there will be 256-100 = 156 don't care conditions. Please enter 1 to show that you have understood this and earn the point :)

1

f(x,y,z) is a 3-input 2-output function. How many different f(x,y,z) can we have to make f(0,0,1)=01,f(0,1,0)=10,f(1,0,0)=11 ? (hint: Two functions are different if there is an input combination on which the two functions give different output. Think about what could be the output of f on each of the input combinations other than the 3 specified cases).

1024

In the example we have showed for trusted IC and hardware Trojan, the following functions are used to implement F(x)=x2: Z1​=X1​ Z2​=X2​X3​ Z3​=(X1​+X2​)X4​+X2​X3′​ Z4​=(X2​⊕X3​)X4​ Z5​=X3​X4′​ Z6​=0 Z7​=X4​ what will be the output when 11102​=1410​ is entered as the input? Enter your answer in binary and from Z1​ to Z7​.

1100100

Convert the decimal number 2015 into binary: (write the binary number only, for example: 10101010101. No space, comma, etc.)

11111011111

There was a bug in the maze program that allows the player to walk through walls. What line in maze-sym.c is the bug on? (If there are multiple lines, pick one of them.)

113

Continue from the previous question, what is b′=bR(mod 109)?

12

ϕ(2015)=​ (hint: factor 2015 to primes)

1440

For e=1001010110, when we compute ae(mod n) with the left to right "square and multiple algorithm (I)", the total number of multiplication (both b*b and b*a) we will do is

15

How many items for purchase are in BadStore's database? Use SQL injection on the quick search form field to find out.

16

BadStore's cart cookie is also an encoded string with a predictable structure XXX:YYY:ZZZ:etc., and it probably contains information it shouldn't. Which field (where fields are numbered starting at 1) of the decoded string could an attacker change to give himself a discount on an item's price?

3

BadStore uses cookies to track the contents of the cart, once you've added something to it. What is the key name of the cookie used for the cart?

CartID

BadStore uses cookies to implement session keys, once you've authenticated, and to track the contents of the cart, once you've added something to it. You can inspect these cookies in use by BadStore in various ways. One way is to do an XSS attack on the guest book. Get the guest book to run the code <sсriрt>alert(document.cookie)</sсriрt> and it will tell you the current cookies. (Be sure you have popups enabled on your browser or this won't work.) Alternatively, you can examine the cookies directly using Firefox developer tools. Recall that cookies are pairs key=value. What is the key name of the session cookie?

SSOid

Name one symbolic variable that was set in the path condition identified by KLEE that crashes wisdom-alt2.

buf

Get admin privileges and then use the admin action to look at the user database. There are two users whose emails have the form [email protected]; what is the XXX portion of either (but not both) of the two users? For example, if one of the users is [email protected], the right answer is jackie. (The answer is case-sensitive.)

fred

Hardware Trojans can be functional, which will change the system's functionality, or non-functional, which do not. Non-functional hardware Trojans are also known as _________ Trojans.

parametric

One of the BadStore pages has a hidden form field that establishes a new user's privilege level. What is the name of this field?

role

Consider the following code: char *foo(char *buf) { char *x = buf+strlen(buf); char *y = buf; while (y != x) { if (*y == 'a')break; y++; } return y; } void bar() { char input[10] = "leonard"; foo(input); } The definition of spatial safety models pointers as capabilities, which are triples (p,b,e) where p is the pointer, b is the base of the memory region the pointer is allowed to access, and e is the extent of that region. Assuming characters are 1 byte in size, what is a triple (p,b,e) for the variable y when it is returned at the end of the code? · (y,&input,buf) · (&input+4,&input,&input+7) · (&input+4,&input,&input+10) · (&input+4,0,sizeof(input))

· (&input+4,&input,&input+10)

Say El Gamal encryption is used in the subgroup of Z47∗​ generated by 4. The public key is 21 and the private key is 4. The ciphertext (34,42) is an encryption of some message m. Which of the following is an encryption of [4mmod47]? · (34, 27) · (34, 46) · (42, 42) · (42, 27)

· (34, 27)

Assume El Gamal encryption, where the group being used is Z47∗​ with generator 5. (This group has order 46, which is not prime. But El Gamal encryption can be defined in any cyclic group.) Assume the public key contains h=10. Say an attacker sees a ciphertext (41, 18) that is the encryption of some unknown message m. Which of the following is an encryption of [5mmod47]? · (1, 5) · (17, 18) · (41, 5) · (41, 43)

· (41, 43)

Suppose you are compiling for a 32-bit platform and sizeof(int) == 4. Which one of the following is equivalent to c[b] if c is of type int* and b is of type int? · *(c+b) · none of the above · -1 * b[c] · *c+b · c[b][0]

· *(c+b)

Assume CTR-mode encryption with PKCS #5 padding and a block cipher with 8-byte block length. Say a 4-byte message is encrypted, resulting in ciphertext 0x00 01 02 03 04 05 06 07 00 01 02 03 04 05 06 07. Which of the following ciphertexts will NOT yield an error upon decryption? · 0x00 01 02 03 04 05 06 07 00 01 02 04 04 05 06 07 · 0x00 01 02 03 04 05 06 07 00 01 02 03 04 05 07 07 · 0x00 01 02 03 04 05 06 07 00 01 02 03 04 05 06 F7 · 0x00 01 02 03 04 05 06 07 00 01 02 03 04 05 06 07

· 0x00 01 02 03 04 05 06 07 00 01 02 04 04 05 06 07

What is the result of encrypting the ASCII plaintext "cool!" using the variant Vigenere cipher (where encryption is done using byte-wise XOR) and key 0x01 3F? · 0x62 50 6E 53 20 · 0x62 50 6F 6C 21 · 0x63 6F 6F 6C 21 · 0x26 05 E6 35 02

· 0x62 50 6E 53 20

For the 3-input gate f(x,y,z)=x'yz+xy'+y'z, what is the value of f(x,0,1)? · 0 · x' · none of the others · 1 · x

· 1

You want to minimize a 4-variable function F(a,b,c,d) with two don't care conditions, {a=b=c=d=1} and {a=d=1,b=c=0} (or abcd and ab′c′d). To embed your signature with the watermarking approach described on slide "Watermarking a Boolean Formula" (page 1 in "Watermarking Examples"), you decide to minimize F(a,b,c,d)+abcd instead, what is your signature? · 10 · 01 · 00 · 11

· 10

If someone tries to authenticate and they are not recognized, the system designer is considering adding a delay before they can try to authenticate again. Which is the best delay? · No Delay · 10 seconds · 2 hours · 10 minutes

· 10 seconds

Assume an honest user wants to send an 8-bit integer to their bank indicating how much money should be transferred to the bank account of an attacker. The user uses CTR-mode encryption based on a block cipher F with 8-bit block length. (Yes, this is a made-up example.) The attacker knows that the amount of money the user wants to transfer is exactly $16, and has compromised a router between the user and the back. The attacker receives the ciphertext 10111100 01100001 (in binary) from the user. What ciphertext should the attacker forward to the bank to initiate a transfer of exactly $32? (Recall that CTR-mode decryption of a ciphertext c0​,c1​ using key k is done by outputting c1​⊕Fk​(c0​+1).) · 01100001 10111100 · 10111100 01010001 · 10111100 00100000 · 10001100 01100001

· 10111100 01010001

In this and the next question, assume the Schnorr identification protocol is run in the subgroup of Z23∗​ generated by 2. (This subgroup has order 11.) Say the prover's private key is x=7. What is the prover's public key? · 3 · 7 · 14 · 13

· 13

Which of the following is a generator of Z13∗​? · 3 · 4 · Z13∗​ does not have a generator since it is not a cyclic group. · 2

· 2

Consider the Vigenere cipher over the lowercase English alphabet, where the key length can be anything from 8 to 12 characters. What is the size of the key space for this scheme? · 4 * 26^12 · 26^8 + 26^9 + 26^10 + 26^11 + 26^12 · 26! · 26^12

· 26^8 + 26^9 + 26^10 + 26^11 + 26^12

Assume the "plain" RSA signature scheme with public key (N,e=3). For which of the following messages is it always possible to forge a signature without seeing any prior signatures or factoring N? (Assume N>1000, and N relatively prime to each of the messages that follow.) · 2 · 27 · 47 · 37

· 27

(This is a continuation of the previous question.) Say the prover runs an execution of the Schnorr identification protocol with a verifier. The prover chooses r=4 and sends A=16. The verifier sends challenge 3. What response does the prover send? · 7 · 3 · 13 · 4

· 3

When we use the "iterative exponentiation and modular" method to compute 24(mod 5), starting from 21, we will have 21=2(mod 5); 2×2=4(mod 5); 4×2=3(mod 5); 3×2=1(mod 5). The results we will see are 2, 4, 3, 1. If we use the same method to compute 37(mod 5), starting from 31, the results we will see are · 3, 4, 1, 2, 0, 2, 1 · 1, 2, 3, 4, 0, 1, 2 · 3, 4, 2, 1, 3, 4, 2 · 3, 9, 27, 81, 243, 729. 2187

· 3, 4, 2, 1, 3, 4, 2

Which of the following decimal to binary conversion is incorrect​? · 37 = 101011 · 207 = 11110011 · 25 = 11001 · 19 = 10011 · 79 = 1001111

· 37 = 101011 · 207 = 11110011

Bob decides to use the clique manipulation method to generate fingerprinting solutions to the graph coloring problem, (see slide "Fingerprinting: Clique Manipulation", page 5 in "Fingerprinting"). He finds a clique of 4 nodes and apply the method. How many distinct solutions can Bob generate? · 2424 = 16 · 4444 = 256 · 4! = 24 · 4 · 1

· 4! = 24

Consider the plain RSA encryption scheme with public key N=55,e=3. Say the encryption of some unknown message m is 6. What is the encryption of [2mmodN]? · 31 · 3 · 48 · 12

· 48

Say we use CBC-mode encryption based on a block cipher with 256-bit key length and 128-bit block length to encrypt a 512-bit message. How long is the resulting ciphertext? · 512 bits · 640 bits · Not enough information to determine. · 768 bits

· 640 bits

Assume "plain RSA" encryption is used with public key (N=33,e=3). What is the encryption of the message m=2? · 8 · 7 · 2 · 32

· 8

Assume the "plain" RSA signature scheme, with public key (N=55,e=3). Which of the following verifies correctly as the signature on the message m=17? · 4 · 43 · 7 · 8

· 8

Z23∗​ is a cyclic group with generator 5. In this group, what is DH5​(2,20)? · 22 · 17 · 9 · 5

· 9

What is gcc? · A virtual machine · All of the above · An interpreter · A compiler

· A compiler

Which of the following statements about digital watermarking and fingerprinting is correct? · Fingerprint and watermark cannot be used together. · A fingerprinting method has to guarantee that different copies of the same IP get different fingerprints. · It is possible to design watermarking schemes with 100% credibility. · It is impossible to design watermarking schemes with guaranteed zero overhead.

· A fingerprinting method has to guarantee that different copies of the same IP get different fingerprints.

A tainted flow is · A flow from an untrusted source to both trusted and untrusted sinks · A flow from an untrusted source to a trusted sink · A flow from a trusted source to an untrusted sink · A flow from a trusted source to both trusted and untrusted sinks

· A flow from an untrusted source to both trusted and untrusted sinks

If you are warning users about a security problem that has been detected, which is the best message to show them? · A subtle message at the top of the page that a user can see but that will not interrupt their workflow. · A message that alerts them to the error and makes the most obvious option the one that stops the user from proceeding. A small link is given to ignore the warning and proceed. · A detailed technical description of the error so the user can make the most informed decision about what action to take.

· A message that alerts them to the error and makes the most obvious option the one that stops the user from proceeding. A small link is given to ignore the warning and proceed.

Which of the following describes informed consent? · A person has read a system's privacy policy. · A person with a full understanding of the privacy policy agrees to share data to avoid negative consequences. · A person knows how their data is used and competently agrees to that use. · A person has agreed to use a system.

· A person knows how their data is used and competently agrees to that use.

What is a web proxy? · A piece of software that intercepts and possibly modifies requests (and responses) between a web browser and web server · An agent that makes decisions on the client's behalf when interacting with web applications · A piece of software that makes a web application look like a standalone application, making it easier to test · A simulator for the web, for use when off-line

· A piece of software that intercepts and possibly modifies requests (and responses) between a web browser and web server

For an average user, which of the following is the most usable way to set file permissions? · A pop up menu that allows a user to select a document as "private", "shared with select users", or "public". If one of the latter two options are selected, the user is then prompted to select "others can read" or "others can edit" · A graphical user interface menu with options the user, group, and global permissions, next to which a user can check boxes labeled "r", "w", and "x" to grant permission · unix command line based access using the chmod command

· A pop up menu that allows a user to select a document as "private", "shared with select users", or "public". If one of the latter two options are selected, the user is then prompted to select "others can read" or "others can edit"

What is PHP? Pick one. · The acronym for a coding standard · A programming language often used to implement web sites · A network protocol · A programming language often used to implement network switches

· A programming language often used to implement web sites

What is the best choice of value for a stack canary, of the following options? · The constant 0 · The constant 7 · A predictable value · A random value

· A random value

What is an abuse case? · An official report made by MITRE Corp that describes a discovered software vulnerability and possible abuse of it · A scenario that illustrates a potential failure in security under relevant circumstances · An example of a heated disagreement between the security team and the development team · A scenario that illustrates a system's functional requirements

· A scenario that illustrates a potential failure in security under relevant circumstances

Which of the following are advantages of static analysis over testing? · A static analysis runs faster than testing · A static analysis is more precise than testing · A static analysis can analyze programs that are not necessarily executable on their own, e.g., libraries · A static analysis can reason about all program paths, not just some of them

· A static analysis can analyze programs that are not necessarily executable on their own, e.g., libraries · A static analysis can reason about all program paths, not just some of them

What is the principle of least privilege? · A system should be able to access only the information it needs to perform its functions · The least privileged users are not allowed to use a secure system · Users are given limited administrative privileges in a secure system

· A system should be able to access only the information it needs to perform its functions

In which of the following scenarios is public-key encryption a better choice than private-key encryption? · A general wants to communicate securely with a lieutenant. · A user wants to encrypt the contents of her hard drive. · Two police officers want to set up their communication devices to communicate securely before heading out to an operation. · A user wants to send his credit-card number to a merchant on the web.

· A user wants to send his credit-card number to a merchant on the web.

SQL injection often allows an attacker to do which of the following? · Overrun a buffer to smash the stack · All of the above · Cause memory to be used after it's freed · Access information he shouldn't

· Access information he shouldn't

Which of the following are functions of a network-based fuzzer? · Scanning a network address range · Acting as a "man in the middle" · Acting as a client · Acting as a server · Mutating network configuration files

· Acting as a "man in the middle" · Acting as a server

Which of these attributes can be automatically inferred on social media, even if users don't provide any obvious clues. · Intelligence · Personality · Sexual Orientation · All of the Above

· All of the Above

Symbolic execution, viewed as a kind of static analysis, has which of the following "sensitivities?" · Flow-sensitivity · Context-sensitivity · Path-sensitivity · All of the above

· All of the above

Which of the following is a reason to make an explicit threat model when designing a system? · So that you avoid an incoherent defense · So you can defend against the most likely/costly/important attacks · So you can explicitly list and challenge assumptions that underlie your design · All of the above

· All of the above

Why is waiting to think about security until after the software is built a bad idea? · All of the above · Fixing problems once the software is built is more difficult and more expensive · You might miss important security requirements that necessitate a re-design · You might make critical mistakes in the software's design

· All of the above

Which of the following, according to Kocher's 1996 paper, is not necessary to launch a successful timing attack? · A way to precisely identify the start and completion of the operation. · The execution time variations on the operations are caused by different key values. · The execution time variations on the operations are measureable. · The algorithm used in the crypto-system and some design details. · All of the above are necessary.

· All of the above are necessary.

The people included in an HCI study might include: · Desktop or Laptop Computer Users. · Mobile Device Users. · Users who have Technology Embedded in Wearable Items. · All of the above.

· All of the above.

Which of the followings about physical attacks is incorrect​? · Some physical attacks do not need physical access to the system · Some physical attacks will not leave any tamper trace after attack · All physical attacks will make damage to the system · All physical attacks will need the help from some tools and/or equipment

· All physical attacks will make damage to the system

Which of the following statements about physical attacks is correct? · All physical attacks need to have physical access to the target system. · After being physical attacked, the system will not be able to function normally. · All physical attacks need to collect some measurement during system's execution. · All physical attacks will need the help from some tools and/or equipment.

· All physical attacks will need the help from some tools and/or equipment.

Which of the following statements about side channel attacks is NOT correct? · All side channel attacks are non-invasive. · Side channel attacks can be more effective when combined with techniques such as fault injection or input control. · All side channel attacks need direct access to the system to collect side channel information. · The countermeasure to one type of side channel attacks may make the system more vulnerable to attacks from another side channel.

· All side channel attacks need direct access to the system to collect side channel information.

Suppose you are implementing a graphical user interface for interacting with an implementation of the RSA cryptosystem, and you want to give users a way to generate new keys. Which of the following designs most takes security into account? · Allow the user to use a slider to choose the number of bits, setting slider initially to point at 2048 bits. As the user moves the slider to larger or smaller values, visualize the difference in relative protective power, e.g., using a meter. · Use a text box to ask the user to fill in how many bits they want their key to be · Don't ask the user about key size at all -- always use 256 bits · Ask the user, but set the default response to be 2048 bits, which is chosen based on the assumption of a strong adversary

· Allow the user to use a slider to choose the number of bits, setting slider initially to point at 2048 bits. As the user moves the slider to larger or smaller values, visualize the difference in relative protective power, e.g., using a meter.

Which of the following is true in the public-key setting, but NOT true in the private-key setting? · It is possible to achieve perfect secrecy. · Allowing the attacker to have access to an encryption oracle makes no difference when defining security. · A deterministic encryption scheme cannot be CPA-secure. · (Under standard assumptions) there exist schemes that are CPA-secure, but are not CCA-secure.

· Allowing the attacker to have access to an encryption oracle makes no difference when defining security.

When talking about computer security, what do we mean by the term, principal? · An actor, or role, that is the subject of a security policy · A rule of thumb for secure coding · A method for delegation · A foundational observation

· An actor, or role, that is the subject of a security policy

Consider the SSL/TLS handshake protocol as described on slide 5 of the SSL/TLS lecture. Say the encryption of pmk were changed from using a CCA-secure public-key encryption scheme to using a CPA-secure public-key encryption scheme. Which of the following attacks would this change potentially enable? · An attacker can eavesdrop on an execution of the protocol to learn the ciphertext c. Then, it can impersonate the client, send modified versions of c to the server, and learn pmk by using information about whether the server returns an error or not in response to these ciphertexts. · An attacker can impersonate the server by sending its own public key pk∗ to the client. By doing so, it can convince the client to encrypt pmk again, but this time using a public key for which the attacker can decrypt. · A passive eavesdropper can now learn pmk. In combination with NC​ and NB​, this allows the attacker to recover mk. · A passive eavesdropper can now learn NC​ and NB​. In combination with other known information, this allows the attacker to recover mk.

· An attacker can eavesdrop on an execution of the protocol to learn the ciphertext c. Then, it can impersonate the client, send modified versions of c to the server, and learn pmk by using information about whether the server returns an error or not in response to these ciphertexts.

Which of the following BEST describes the security offered by the Diffie-Hellman key-exchange protocol (assuming the DDH problem is hard)? · An attacker is unable to impersonate either party taking part in the protocol. · An attacker eavesdropping on an execution of the protocol cannot compute the key shared by the parties. · An attacker eavesdropping on an execution of the protocol cannot distinguish the key shared by the parties from a uniform key. · An attacker eavesdropping on an execution of the protocol does not know whether the parties have shared a key or not.

· An attacker eavesdropping on an execution of the protocol cannot distinguish the key shared by the parties from a uniform key.

What is a heuristic evaluation? · Presenting a description of a system of a group of representative users · Developing a description of an example user and thinking about how he or she might use the system · Analyzing a system according to a set of guidelines for good usability. · Having users test a system with low-tech paper prototypes

· Analyzing a system according to a set of guidelines for good usability.

Why is it that anti-virus scanners would not have found an exploitation of Heartbleed? · It's a vacuous question: Heartbleed only reads outside a buffer, so there is no possible exploit · Anti-virus scanners tend to look for viruses and other malicious code, but Heartbleed exploits steal secrets without injecting any code · Heartbleed exploits are easily mutated so the files they leave · behind do not appear unusual · Heartbleed attacks the anti-virus scanner itself

· Anti-virus scanners tend to look for viruses and other malicious code, but Heartbleed exploits steal secrets without injecting any code

What is a key advantage of symbolic execution over static analysis? · Symbolic executors consider all possible program runs, while static analyses don't · As a generalized form of testing, when a symbolic executor finds a bug, we are sure it is not a false alarm · Symbolic executors can consider partial programs (e.g., libraries) while static analyzers cannot · Symbolic executors are both sound and complete, while static analyzers can only be one or the other

· As a generalized form of testing, when a symbolic executor finds a bug, we are sure it is not a false alarm

Why is it that the compiler does not know the absolute address of a local variable? · Programs are not allowed to reference memory using absolute addresses · The size of the address depends on the architecture the program will run on · As a stack-allocated variable, it could have different addresses depending on when its containing function is called · Compiler writers are not very good at that sort of thing

· As a stack-allocated variable, it could have different addresses depending on when its containing function is called

Passwords, biometrics, and user-owned SMS-receiving mobile phones are useful for what security mechanism? · Small trusted computing base (TCB) · Audit · Authorization · Authentication

· Authentication

A denial of service attack violates what security policy/goal? · Integrity · Availability · Authorization · Authentication

· Availability

In participatory design and co-design, which of the following is true · Average users have equal standing with designers · Designers brainstorm and create prototypes after asking potential users questions · Managers convey input from users to designers · Users design the system on their own based on a list of constraints provided by designers

· Average users have equal standing with designers

Which method would work best if trying to crack one of Company ABC's passwords · Common Word · Dictionary · Brute force

· Brute force

Which of the following vulnerabilities can VSFTPD's secure string library help protect against? · Privilege escalation · Buffer overflow · Integer overflow · SQL injection

· Buffer overflow · Integer overflow

How does a buffer overflow on the stack facilitate running attacker-injected code? · By overwriting the return address to point to the location of that code · By writing directly to the instruction pointer register the address of the code · By writing directly to %eax the address of the code · By changing the name of the running executable, stored on the stack

· By overwriting the return address to point to the location of that code

The following actions can form a scan chain based attack on a system with 5 flip flops. What is the correct order to launch the attack? A. set TC=0, let the system run for one clock cycle. B. set TC=1, read the output from scan out for 5 cycles. C. set TC=1, send state information to the system via scan in for 5 cycles. D. set TC=0, apply the input value at the system's primary input ports. · C,D,A,B · D,A,C,B · A,B,C,D · C,A,D,B

· C,D,A,B

When enforcing Control Flow Integrity (CFI), there is no need to check that direct calls adhere to the control flow graph because: · CFI should be deployed on systems that ensure the data is non-executable · Programs that use CFI don't have direct calls · The attacker is not interested in corrupting direct calls · CFI should be deployed on systems that ensure the code is immutable

· CFI should be deployed on systems that ensure the code is immutable

Which of the following are heuristics that symbolic executors use to cover more of the search space? · Switch between concolic and non-concolic execution · Switch between path-sensitive and path-insensitive analysis · Choose between two paths based on a notion of priority · Choose between two paths based on whether one reaches program statements not previously executed · Randomly restart the search from the main function

· Choose between two paths based on a notion of priority · Choose between two paths based on whether one reaches program statements not previously executed · Randomly restart the search from the main function

Suppose you design software for a bank and the bank's customers may remotely log into its site using commodity PCs. These PCs might have malware on them, which could log keystrokes or read files stored on the machine. Which threat model (using terms defined in the lectures) makes the most sense for you to consider, when designing the bank's site? · Malicious user · Co-located user · Network user · Snooping user

· Co-located user

What type of attack would be most effective / fastest if the user's password is "hello"? · Common Word · Dictionary · Crack · Brute Force

· Common Word

Suppose you want to use fuzzing on a program to try to find memory errors; which of the following statements is true? · Fuzzing doesn't find memory errors, it finds crashes and hangs · You should not use a grammar-based fuzzer, because its adherence to the grammar means it will not find memory errors · Compiling the program with address sanitizer (ASAN) will make errors harder to reproduce · Compiling the program with address sanitizer (ASAN) will make the source of a memory error easier to find

· Compiling the program with address sanitizer (ASAN) will make the source of a memory error easier to find

Which of the following is true about computational secrecy? (Select all that apply.) · Computational secrecy currently relies on unproven assumptions. · Computational secrecy means that it is trivial for an attacker to always learn the entire message. · Computational secrecy only ensures secrecy against attackers running in some bounded amount of time. · Computational secrecy allows an attacker to learn information about the message with small probability.

· Computational secrecy currently relies on unproven assumptions. · Computational secrecy only ensures secrecy against attackers running in some bounded amount of time. · Computational secrecy allows an attacker to learn information about the message with small probability.

Which of the following is NOT an important part of the design process · Consider usability guidelines · Prepare a prototype · Solicit user input · Compute the efficiency of the underlying algorithms

· Compute the efficiency of the underlying algorithms

If you had to summarize the key (most specific) programming failure with SQL injection, it would be: · Confusing data with code · Bypassing authentication · Trusting without verifying · Circumventing the same origin policy

· Confusing data with code

When an FSM is implemented, which of the followings will be considered as a hardware Trojan? · Specifying the next state information for certain don't care transitions to embed watermark. · Connecting the FSM to an antenna to send out the FSM state information. · Adding a signal that can disable the FSM for design testing and debugging. · Tuning the design so the power consumption on each transition will be similar.

· Connecting the FSM to an antenna to send out the FSM state information.

A system is supposed to output 1010 on input 00011010, but outputs 0101 after a digital watermark is embedded. Which requirement does this watermarking method violate? · Resilience · Low overhead · Resilience · Transparency · Transparency · Correct functionality · High credibility

· Correct functionality

Three of the following are classic security properties; which one is not? · Availability · Confidentiality · Correctness · Integrity

· Correctness

Which of the following statements about differential power analysis (DPA) is true? · DPA needs only a small amount of power traces when the crypto algorithm is running. · DPA needs tools or skills to analyze the power traces. · DPA needs to know the detailed implementation of the crypto algorithm under attack. · DPA requires accurate power traces.

· DPA needs tools or skills to analyze the power traces.

Which phase in the IC supply chain is considered trusted? · Packaging · Deploy and monitor · Wafer probe · Specification · Design

· Deploy and monitor · Specification

Which of the following are NOT good ways to incorporate user-centered design in the design of security systems? · Designing security based on the user's environment and work context · Designing security around user tasks · Designing security based on what experts believe is best.

· Designing security based on what experts believe is best.

Why do we conduct usability studies on systems that have already been designed? · Users often make ignorant mistakes. A usability study will show areas in which users need better training. · A usability study will show how much users like a system and that can help companies set the price for their software · Despite their best efforts, designer and developers cannot know exactly how users will interact with their system. A usability study will find previously uncovered errors.

· Despite their best efforts, designer and developers cannot know exactly how users will interact with their system. A usability study will find previously uncovered errors.

What is the most appropriate cryptographic primitive to use if a company wants to distribute authenticated software updates to its customers? · Public-key encryption scheme. · Pseudorandom function/block cipher. · Message authentication code. · Digital signature scheme. · Hash function.

· Digital signature scheme.

Does fuzz.py identify a crash in wisdom-alt2? In how many iterations? · Does not identify a crash · Identifies a crash, 1 iteration · Identifies a crash, 133 iterations · Identifies a crash, 800 iterations

· Does not identify a crash

Which of the following are present in good interface design? · Easy to recover from errors · Encryption of all data transmitted on a network · Relies on common interaction techniques for familiarity · Minimal training needed for a person to use the system

· Easy to recover from errors · Relies on common interaction techniques for familiarity · Minimal training needed for a person to use the system

The free gesture system is implemented, and all employees have stopped by the IT office to teach the system what their authenticating gesture is by entering it on a touch screen in the office. A couple weeks later, people who drive SUVs start complaining that they sometimes need to enter their gesture 4 or 5 times because it is not recognized (probably because they are making it from an odd angle - their cars are high up above the device where they enter their gesture). What type of usability problem is this? · Efficiency · Learnability · Speed · Memorability · User Preference

· Efficiency

When conducting a controlled experiment, which of the following is not part of the process · Explain to participants what conclusions you hope to draw from the results · State a lucid hypothesis · Identify dependent and independent variables · Design and test the experimental protocol

· Explain to participants what conclusions you hope to draw from the results

A survey shows that a surprisingly large percentage (25%) of employees ride motorcycles to work, the standard protective gear of helmets, leather jackets, and gloves. Which of the following would be a poor biometric tool based on this fact? · Voice recognition · Free gestures · Face recognition

· Face recognition

True of false: all the TPM migratable keys are generated outside the TPM and thus they cannot be trusted. · False · True

· False

True of false: if the user provides the same password to different TPM chips, the same storage root key will be created. · False · True

· False

True or False: Two factor authentication improves the security and usability of a system. · True · False

· False

True or false: CBC-mode encryption with PKCS #5 padding provides message integrity, as long as the receiver makes sure to verify the padding upon decryption. · True · False

· False

True or false: In all side channel attacks, the attacker must have physical access to the system under attack to collect side channel information. · True · False

· False

True or false: On a sequential system, to control the accessibility of a state u, it is sufficient to check all the transitions v→u for the starting state v and the transition condition. · True · False

· False

True or false: There is a conflict between creating a usable password system and the most secure password system · True · False

· False

True or false: When the secret data stored in cache or register is overwritten by other data, this memory load (or data overwriting) operation will not leak any information about the secret data. · True · False

· False

True or false: a user-chosen 8-character password would be more difficult to break than the existing system-generated passwords. · True · False

· False

True or false: any private-key encryption scheme that is CCA-secure must also be perfectly secret. · True · False

· False

Say G is a pseudorandom generator taking n-bit inputs and producing 2n-bit outputs. Which of the following are necessarily true? (Check all that apply. The symbol '|' is used here for string concatenation.) · r | G(r) is computationally indistinguishable from a uniform, 3n-bit string if r is a uniform n-bit string. · G(0 | r) is computationally indistinguishable from a uniform, 2n-bit string if r is a uniform (n-1)-bit string. · G(r) | G(r+1) is computationally indistinguishable from a uniform, 4n-bit string if r is a uniform n-bit string. · G(r) is computationally indistinguishable from a uniform, 2n-bit string if r is a uniform n-bit string.

· G(r) is computationally indistinguishable from a uniform, 2n-bit string if r is a uniform n-bit string.

Let F be a pseudorandom function with 128-bit key and 256-bit block length. Which of the following functions G are necessarily pseudorandom generators? (Select all that apply.) · G(x) = F.(0...0)|F.(1...1), where x is a 128-bit input. · G(x) = F,(0...0)| F,(0...0), where x is a 128-bit input. · G(x) = F.(0...0), where x is a 128-bit input. · G(x) = F0...0(x)| F1...1(x), where x is a 256-bit input

· G(x) = F.(0...0)|F.(1...1), where x is a 128-bit input. · G(x) = F.(0...0), where x is a 128-bit input.

Which of the following problems is hard if the RSA assumption holds? In all the below, N is a product of distinct, large primes p and q, and e is relatively prime to ϕ(N). · Given N and e, find x such that xe=8modN. · Given N,e, and a uniform value x∈ZN∗​, find y such that xe=ymodN. · Given N and e, find x,y such that xe=ymodN. · Given N, e, and a uniform value y∈ZN∗​, find x such that xe=ymodN.

· Given N, e, and a uniform value y∈ZN∗​, find x such that xe=ymodN.

Let G be a cyclic group of order q and with generator g. Based only on the assumption that the discrete-logarithm problem is hard for this group, which of the following problems is hard? · Find x,y such that gx=y. · Given uniform x∈Zq​ and uniform y∈G, compute yx⋅g. · Given a uniform y∈G, find x such that gx=y. · Given a uniform x∈Zq​, find y such that gx=y.

· Given a uniform y∈G, find x such that gx=y.

Define the keyed function F as follows: Fk​(x)=k⊕x. Which of the following distinguishers demonstrates that F is not a pseudorandom function? · Given access to an oracle g, query y = g(0... 0). Then output 1 if and only if the first bit of y is equal to 1. · Given access to an oracle g, query g(0 ... 0). Then output 1 because we now have the key. · Given access to an oracle g, query y = g(0...0) and y' = g(0...0). Then output 1 if and only if y = у'. · Given access to an oracle g, query y0 = g(0...0) and y1 = g(1... 1). Then output 1 if and only if Y0 ⊕ У1 = 1... 1.

· Given access to an oracle g, query y0 = g(0...0) and y1 = g(1... 1). Then output 1 if and only if Y0 ⊕ У1 = 1... 1.

Which of the following are ways to reduce the impact of a stolen cookies? · Prevent cookies from entering the DNS cache · Giving each cookie a timeout · Changing a user's cookie from session to session · Associate the cookie with the client's IP address · Associate the cookie with the servers' IP address · Stealing cookies from the password

· Giving each cookie a timeout · Changing a user's cookie from session to session · Associate the cookie with the client's IP address

Which of the following statements about HTML are true? · HTML is a kind of URL · HTML documents have tags that identify different sorts of data · HTML is a text-based format (as opposed to a binary format) · Web browsers render HTML content served by web sites

· HTML documents have tags that identify different sorts of data · HTML is a text-based format (as opposed to a binary format) · Web browsers render HTML content served by web sites

What is ethical hacking? · Hacking into systems run by those whose ethics you disagree with · "Hacking" ethics so they justify unintended selfish behavior · Hacking systems (e.g., during penetration testing) to expose vulnerabilities so they can be fixed, rather than exploited · A slang term for rapid software development, e.g., as part of hackathons

· Hacking systems (e.g., during penetration testing) to expose vulnerabilities so they can be fixed, rather than exploited

When Bob purchases an FPGA-based system, which of the following security vulnerabilities and attacks he should consider. Check all that apply. · Reverse engineering that attempts to reveal the design information of the system · Whether the FPGA configuration bitstream file is encrypted or protected · Hardware Trojan inside the FPGA-based system · User's sensitive information leaking from the system

· Hardware Trojan inside the FPGA-based system · User's sensitive information leaking from the system

The designer has decided to use a free gesture system to authenticate people, but the hardware for a gesture-detection system that is weatherproof is very expensive. As she is eating lunch in her office, she is contemplating the next step. What should she do? · She should make the system work on her computer with hardware she has and test it in her lab. If it works there, she should buy the expensive system and implement it at the gate. · She should buy the hardware and implement the system, followed up by training for employees who have trouble. Since she is a designer and security expert, she knows that this system is the best way to go. · Her lunch's pizza box is about the size of the gesture reading hardware. She should paint the box and position it at the gate where the real tool would go, and then ask people to pretend to authenticate as they come in so she can get information about the process. If people don't like it, she can revise the design

· Her lunch's pizza box is about the size of the gesture reading hardware. She should paint the box and position it at the gate where the real tool would go, and then ask people to pretend to authenticate as they come in so she can get information about the process. If people don't like it, she can revise the design

This test is meant to test your knowledge of C programming and some basic computer science-related skills you will need to do well in this class. The outcome of the test is for your use only; it will not affect whether you can register for the class, and it will not apply to your grade if you do register. As such, we recommend that you do not research the answers on the Internet, but answer the questions to your best recollection. Consider the following variable declaration for bar in the function foo void foo() { char bar[128]; ... } Which of the following are true? · bar[1] contains the first element · All elements are initialized to 0 · Holds 128 elements

· Holds 128 elements

Which of the following are measures of usability for authentication systems ? · How easy it is to learn · Likelihood of error · Speed · Security

· How easy it is to learn · Likelihood of error · Speed

If you were designing security for the entrance to a secure facility, which of the following should you consider? · Which algorithms are most efficient · How often users enter and exit · What programming libraries are easy to use and freely available · What tasks the users are in the middle of when they need to access the area.

· How often users enter and exit · What tasks the users are in the middle of when they need to access the area.

Human-Computer Interaction is the study of: · The artwork created by people using computers. · How people interact with technology. · How computers take jobs away from people.

· How people interact with technology.

When an FPGA system developer detects a hardware Trojan from the FPGA chip he has purchased, where the hardware Trojan may come from? Check all that apply. · IP vendor whose IP is included in the FPGA chip · Foundry that fabricates the FPGA chip · FPGA vendor who designed the FPGA chip · EDA tool vendor whose design tool is integrated in the FPGA design environment

· IP vendor whose IP is included in the FPGA chip · Foundry that fabricates the FPGA chip · FPGA vendor who designed the FPGA chip · EDA tool vendor whose design tool is integrated in the FPGA design environment

Does fuzz.py identify a crash in wisdom-alt? In how many iterations? · Identifies a crash, 103 iterations · Identifies a crash, 44 iterations · Does not identify a crash · Identifies a crash, one iteration

· Identifies a crash, one iteration

Consider a pseudo one-time pad encryption scheme Π constructed using some function G. Which of the following did our proof of security for the pseudo one-time pad show? · If G is a pseudorandom generator, then Π is perfectly secret. · Π is always computationally secret, for any G. · If G is a pseudorandom generator, then Π is computationally secret. · Π is always perfectly secret, for any G.

· If G is a pseudorandom generator, then Π is computationally secret.

For two FSMs M1 and M2 and their product machine M, which of the following statements about FSM equivalence is correct? · If M1 and M2 give different outputs for the following input 1010101010, they cannot be equivalent. · Let k1​,k2​ and k be the number of starting states in M1, M2, and M, respectively, then k=k1​+k2​. · Let k1​,k2​ and k be the number of states in M1, M2, and M, respectively, it is possible to have k>k1​×k2​. · If M1 and M2 have different number of states, they cannot be equivalent.

· If M1 and M2 give different outputs for the following input 1010101010, they cannot be equivalent.

Assume for the purposes of this question a public-key encryption scheme for which the time to encrypt a 128-bit message is 100 times slower than the time to compute one AES evaluation. Which of the following is true if we want to encrypt a 100MB message M? · If hybrid encryption is used, then public-key encryption of M will take roughly the same time as private-key encryption of M. · Public-key encryption of M using the given scheme is going to be only about 10 times slower than private-key encryption of M, because for secure private-key encryption AES would have to be used in a chaining mode of operation. · Public-key encryption of M is not possible with the given scheme, since the scheme only supports 128-bit messages. · Public-key encryption of M using the given scheme is inherently going to be 100 times slower than private-key encryption of M.

· If hybrid encryption is used, then public-key encryption of M will take roughly the same time as private-key encryption of M.

Assume for the purposes of this question a digital signature scheme for which the time to sign a 256-bit message is 100 times slower than the time to evaluate SHA-256 on a 512-bit input. Which of the following is true if we want to sign a 500MB message M? · We can securely sign M by breaking it into 256-bit chunks, and signing each chunk. · Signing M using the given scheme is not possible, since it only supports 256-bit messages. · We can sign M by simply hashing it, and avoid using the digital signature scheme altogether. · If the hash-and-sign approach is used, then signing M will take roughly the same time as hashing M.

· If the hash-and-sign approach is used, then signing M will take roughly the same time as hashing M.

When could an integer overflow impact memory safety? · If the integer was passed as a parameter to open() · If the integer is passed as an argument to malloc() · If the integer was passed as a parameter to printf() · If the integer was used to perform pointer arithmetic · If the integer is used as the denominator in a division expression · If the integer was used to index into an array · Integer overflows never impact memory safety · If the integer is passed as an argument to strncat

· If the integer is passed as an argument to malloc() · If the integer was used to perform pointer arithmetic · If the integer was used to index into an array · If the integer is passed as an argument to strncat

Which of the following is true about "plain RSA" encryption (assuming the RSA problem is hard)? The scheme is CPA-secure, but not CCA-secure. · If the message m is uniform in ZN∗​, then no information about m can be recovered from the ciphertext in polynomial time. · If the message m is a uniform, 128-bit string then m cannot be recovered in its entirety from the ciphertext in polynomial time. (Here, assume N is at least 1000 bits long, and e=3.) · If the message m is uniform in ZN∗​, then m cannot be recovered in its entirety from the ciphertext in polynomial time.

· If the message m is uniform in ZN∗​, then m cannot be recovered in its entirety from the ciphertext in polynomial time.

In your review of a program, you discover the following function: void aFunction(char *buf) { static char BANNED_CHARACTERS[] = { '>', '<', '!', '*' }; int l = strlen(buf); int i; for(i = 0; i < l; i++) { int j; int k = sizeof(BANNED_CHARACTERS) / sizeof(char); for(j = 0; j < k; j++) { if(buf[i] == BANNED_CHARACTERS[j]) buf[i] = ' '; } } } How would you best describe what this function is doing? · Input validation by whitelisting · Input sanitization by blacklisting · Spatial safety enforcement · Using a safe string library

· Input sanitization by blacklisting

Which of the following features make the configurable RO PUF reliable? Check all that apply. · Inverters that are sensitive to temperature or supply voltage can be excluded. · One RO can use more inverters than the other to increase the delay gap. · It includes all the inverters so the maximal delay gap can be achieved. · The configuration vector is selected after the chip is fabricated.

· Inverters that are sensitive to temperature or supply voltage can be excluded. · The configuration vector is selected after the chip is fabricated.

FTP servers can be asked to list a directory of files. VSFTPD could do this by calling the system's ls (or dir) command, displaying the result to a client. But VSFTPD does not do this, and implements directory listings using the relevant system calls directly. Why might you argue that VSFTPD's design makes sense from a security perspective? · Is does more than is needed, and thus unnecessarily expands the TCB · Calling ls involves forking a new process, which is less secure than running within the same process · Calling ls doesn't give us any way to employ fail-safe defaults · Using ls provides less control over the output, which leaves users open to XSS-style attacks

· Is does more than is needed, and thus unnecessarily expands the TCB

How can the REFERER field be used to defend against CSRF attacks? · It can be used to ensure that sensitive requests are (only) initiated by interaction with a site's own pages · It ensures that requests only come from authenticated users · It can't be used reliably because it only works for dynamic content · It can be used to check that a Javascript program is from the proper origin

· It can be used to ensure that sensitive requests are (only) initiated by interaction with a site's own pages

Which of the following is true of mutation-based fuzzing? · It only makes sense for file-based fuzzing, not network-based fuzzing · Each input is mutation that follows a given grammar · It works by making small mutations to the target program to induce faults · It generates each different input by modifying a prior input

· It generates each different input by modifying a prior input

What is TCP? · It ensures data confidentiality · It is connectionless · It is a protocol that supports reliable data transfer on the Internet · It is a protocol often implemented on top of HTTP

· It is a protocol that supports reliable data transfer on the Internet

What is Nmap? · It is a scanner which works by injecting packets to a range of addresses, and inferring what hosts and services might be at those addresses, based on the responses · It is a map of the Internet · It is a network fuzz testing tool · It is a suite of tools for scripting attacks: probe, construct, encode, inject, wait for response

· It is a scanner which works by injecting packets to a range of addresses, and inferring what hosts and services might be at those addresses, based on the responses

What is a nop sled? · It is an anonymous version of a mop sled · It is a sequence of nops preceding injected shellcode, useful when the return address is unknown · It is a method of removing zero bytes from shellcode · It is another name for a branch instruction at the end of sequence of nops

· It is a sequence of nops preceding injected shellcode, useful when the return address is unknown

Promoting privacy is a goal that follows from which category of secure design principle? · It is an example of trusting with reluctance because promoting privacy means sharing private information with as few software components as possible, meaning that fewer need to be trusted to protect the information · It is an example of defense in depth because privacy is a deep topic that is often debated. · It is an example of monitoring and recovery because failure to promote privacy could be discovered by monitoring · It is an example of favoring simplicity because privacy is quite simply the right thing to do

· It is an example of trusting with reluctance because promoting privacy means sharing private information with as few software components as possible, meaning that fewer need to be trusted to protect the information

Which of the following statements describe fuzz testing (aka fuzzing)? · It is concerned with finding known-bad behaviors, like crashes and hangs · It focuses on simple testing patterns and does not employ sophisticated analysis techniques · It is always black-box, in being indifferent to the software's functionality · It has been used to find security vulnerabilities in many commodity programs · It is a kind of random testing. · It is a cost-effective replacement for functional testing

· It is concerned with finding known-bad behaviors, like crashes and hangs · It has been used to find security vulnerabilities in many commodity programs · It is a kind of random testing.

Which of the following statements is true for data remanence on SRAM? · When power up, SRAM's initial value will be random, so no data will leak. · It is possible to freeze data and read it at temperature higher than -20 degree. · Data can be extracted from SRAM after multiple write/erase cycles. · When SRAM is powered off, it will lose its stored data, so no information will leak.

· It is possible to freeze data and read it at temperature higher than -20 degree.

Which of the following about invasive attacks is true? · It is possible to probe into a single bus line and inject data to control bus activity. · With sensor mesh at the top metal layer, we still cannot catch all the invasive attacks. · When the bus lines are scrambled, the attackers cannot find the bus lines to probe. · Because invasive attacks need to depackage the chip, all invasive attacks will be very expensive.

· It is possible to probe into a single bus line and inject data to control bus activity.

Which of the following are true statements about the program stack? · It is used to store global variables while executing a function · Management of the stack is handled automatically by the architecture · It is used as the source of memory returned by malloc() · It is used to store local variables while executing a function · The stack is managed by code emitted by the compiler

· It is used to store local variables while executing a function · The stack is managed by code emitted by the compiler

Answer questions 21-24 about Company 123. Company 123 is creating a social network designed to compete with Facebook. They begin by copying Facebook's interface exactly, except they change the name and make it green instead of blue. How does this help usability? · It doesn't · It lets users rely on existing mental models · It is less taxing on memory · It is faster

· It lets users rely on existing mental models

Suppose we have a static analysis that aims to find buffer overflows in C programs. If the analysis is sound, then which of the following is true about it? · It may have false alarms, but will not fail to report actual bugs · It will not have any false alarms, but may fail to report actual bugs · It will report all actual bugs, and have no false alarms · It may miss bugs, and have false alarms

· It may have false alarms, but will not fail to report actual bugs

*Which of the following are true of memory returned via the malloc function? Check all that apply. · It must be manually released by the programmer · The memory is zero-initialized · It is write-only · It is automatically released by the operating system when the pointer to which the memory is assigned goes out of scope

· It must be manually released by the programmer

Which of the following are true of whitebox fuzzing? · It takes into account the program's internals in some manner when deciding which inputs to choose · American Fuzzy Lop is (at least in part) a whitebox fuzzer · Radamsa is (at least in part) a whitebox fuzzer · SAGE is (at least in part) a whitebox fuzzer · It makes no sense to combine it with grammar-based fuzzing since the latter is just another way to consider the program's semantics

· It takes into account the program's internals in some manner when deciding which inputs to choose · American Fuzzy Lop is (at least in part) a whitebox fuzzer · SAGE is (at least in part) a whitebox fuzzer

VSFTPD forks a new process to handle each client connection. It could have, instead, spawned a thread within the main process to handle each connection, as is done in many servers. How would this alternative design compare to the original? · It would be less secure because a compromise by a malicious client in one thread could (more easily) access data used by another client's thread, since they share the same address space · It would be equally secure and would perform better because threads are cheaper to manage than processes · It would be more secure because threads are not subject to denial of service attacks but processes are · It would be more secure because we could apply the SecComp system call to these threads, but could not do so for processes

· It would be less secure because a compromise by a malicious client in one thread could (more easily) access data used by another client's thread, since they share the same address space

Why is concolic execution problematic for non-terminating programs? · Its search strategy is to choose new test cases based on constraints generated by terminating runs · Concolic execution takes a breadth-first approach, but non-terminating programs are better suited to a depth-first approach · Non-terminating programs will consume too many resources · Non-terminating programs require user interaction, which concolic execution does not handle

· Its search strategy is to choose new test cases based on constraints generated by terminating runs

Which of the following are true of the X86 call instruction? · Pushes flag registers onto the stack · Its target address may be specified in a general-purpose register · Pushes the instruction pointer value onto the stack · Branches to a specified address

· Its target address may be specified in a general-purpose register · Pushes the instruction pointer value onto the stack · Branches to a specified address

<sсriрt></sсriрt>tags in HTML pages most often identify programs written in what language? · PHP · C · Java · Javascript

· Javascript

Both Kocher's and Schindler's timing attacks can break RSA algorithm. Which of the following statements is true? · Both attacks try to factor n. · Both attacks target the RSA decryption key. · Schindler's timing attack targets the RSA decryption key. · Kocher's timing attack targets the RSA decryption key. · Schindler's timing attack tries to factor n. · Kocher's timing attack tries to factor n.

· Kocher's timing attack targets the RSA decryption key. · Schindler's timing attack tries to factor n.

Let F be a block cipher with n-bit block length. Consider the following encryption scheme: to encrypt a message viewed as a sequence of n-bit blocks m1​,m2​,...,mt​ using a key k, choose a random n-bit value r and then output the ciphertext r,Fk​(r+1+m1​),Fk​(r+2+m2​),...,Fk​(r+t+mt​), where addition is done modulo 2n. Which of the following attackers demonstrates that this scheme is not computationally indistinguishable: · Choose random n-bit blocks m and m', and output Mo = m, m and M1 = m, m'. Given challenge ciphertext r, C1, C2, output 1 if and only fc1 = C2. · Let m be an arbitrary n-bit block, and output Mo = m, m and M1 = m, m - 1. Given challenge ciphertext r, C1, C2, output 1 if and onlyif c1 = C2. · Let m be an arbitrary n-bit block, and output Mo = m and M1 = m, m. Given a challenge ciphertext, output 0 if the challenge ciphertext contains 2 blocks, and output 1 otherwise. · Choose random n-bit blocks m1, m2, m3, m4, and output Mo = m1, m2 and M1 = m3, m4. Given challenge ciphertext r, C1, C2, output 0 if r = 0.0, and output 1 otherwise.

· Let m be an arbitrary n-bit block, and output Mo = m, m and M1 = m, m - 1. Given challenge ciphertext r, C1, C2, output 1 if and onlyif c1 = C2.

Let F be a block cipher with 128-bit block length. Consider the following encryption scheme for 256-bit messages: to encrypt message M=m1​∥m2​ using key k (where ∣m1​∣=∣m2​∣=128), choose random 128-bit r and compute the ciphertext r∥Fk​(r)⊕m1​∥Fk​(m1​)⊕m2​. Which of the following strategies would lead to a valid chosen-plaintext attack? · Let m1 and m2 be arbitrary but distinct. Using the encryption oracle, obtain an encryption r||c1||c2 of m2 || m2. Output messages M0 = m1||m1 and M1 = m1||m2. Output 0 if the third block of the challenge ciphertext is c2. · There is no attack; this scheme is randomized, so it is CPA-secure. · Let m1 and m2 be arbitrary but distinct. Using the encryption oracle, obtain an encryption r||c1||c2 of m1||m2. Output messages M0 = m1||m2 and M1 = m2||m1. Output 0 if the third block of the challenge ciphertext is c2. · Choose random r and let m be arbitrary but not equal to r. Output messages Mo = r||m and M1 = m||m. Output 0 if the second block of the challenge ciphertext is all-0s.

· Let m1 and m2 be arbitrary but distinct. Using the encryption oracle, obtain an encryption r||c1||c2 of m1||m2. Output messages M0 = m1||m2 and M1 = m2||m1. Output 0 if the third block of the challenge ciphertext is c2.

Which of the following improves security of a traditional password system? · Requiring users to reset their passwords once a week · Automatically changing users' passwords every six months · Limitations on the number of incorrect logins in a fixed time frame · Requiring users to enter their password twice when they log in.

· Limitations on the number of incorrect logins in a fixed time frame

Which of the following hardware Trojan detection methods CANNOT catch non-functional Trojans? · Logic test based approaches · Side channel analysis based methods · Run-time monitoring mechanisms

· Logic test based approaches

Which guideline is violated when an interface does not make capitalization differences unambiguous (e.g. a lower case "L" and capital "i" appear to be the same thing) · Show a level of detail that's informative and useful to the user, and no more than that · Make it easy to see the differences between objects and actions that could be confused. · Make it easy for users to control access to their resources

· Make it easy to see the differences between objects and actions that could be confused.

When designing error messages, which are important factors to keep in mind for usability? · Force users to approve security exceptions · Make the most secure options part of the user's natural task · Use technical terms to fully explain the message to users · Use language that users will understand · Provide users with clear exits to get out of a security warning

· Make the most secure options part of the user's natural task · Use language that users will understand · Provide users with clear exits to get out of a security warning

An engineer proposes that in addition to making the stack non-executable, your system should also make the heap non-executable. Doing so would · Make the program more secure by disallowing another location for an attacker to place executable code · Not make the program more secure, because attacker-controlled data cannot be stored in the heap · Ensure that only the correct amount of data was written to a heap-allocated block, preventing heap overflows · Ensure that memory is always deallocated

· Make the program more secure by disallowing another location for an attacker to place executable code

The halting problem is the problem of determining, for an arbitrary program and input, whether the program will finish running or continue to run forever. Which of the following statements about the halting problem are true? · You cannot build an automated analysis that proves that a particular program P terminates. · Many other program analysis problems can be converted to the halting problem. · You cannot solve the halting problem with static analysis, but you can with symbolic execution. · A static analysis is usually more scalable than testing · A static analysis is more precise than testing

· Many other program analysis problems can be converted to the halting problem. · A static analysis is usually more scalable than testing · A static analysis is more precise than testing

After a while, the IT office complains to the designer that people keep coming in having forgotten their gestures. This is a problem because traffic backs up when a person can't remember the gesture, it takes a lot of time to reset the gesture, and people are trying to get around the system by closely following the person in front of them through the open gate. The designer decides that from now on, when people create new gestures, it should be the person's normal signature. Which usability aspect does this improve? · Memorability · User Preference · Speed · Learnability · Efficiency

· Memorability

Which of the following is the most appropriate primitive for achieving message integrity between two users sharing a key? · Collision-resistant hash function. · Block cipher. · Private-key encryption scheme. · Message authentication code.

· Message authentication code.

Which of the following physical attacks is invasive? · Software attacks · Fault generation · Side channel attacks · Microprobing

· Microprobing

We identified several categories of secure design principles, with respect to how they deal with attacks. Running each browser tab in a separate OS process (as done by the Chrome browser) is an example of which category? · Prevention (of an attack) · Mitigation (of the damage from an attack) · Recovery (from a successful attack) · None of the above

· Mitigation (of the damage from an attack)

Which of the followings added by a system designer will be considered as a hardware Trojan? · Modify the system specification so when a specific input sequence is given, a critical component will be disabled. · Add an extra output pin to test a particular signal on the chip. · Assign specific values to some don't care conditions in the system specification as a proof of designer's signature. · Use a custom designed functional unit (e.g. dedicated for modular exponentiation) to speed up the computation.

· Modify the system specification so when a specific input sequence is given, a critical component will be disabled.

What was the first buffer overflow attack? · Love Bug · SQL Slammer · Morris Worm · Code Red

· Morris Worm

Company 123 writes a privacy policy that is written in easy-to-read language at an 6th grade reading level and is exactly 1 page long when printed and that covers all the major points of their privacy - mainly, that no data is ever shared except with people the user lists in their own privacy settings. Which of these five pitfalls does their policy avoid: · Obscuring actual information flow. · Lacking coarse-grained control. · Inhibiting established practice. · Emphasizing configuration over action · Obscuring potential information flow.

· Obscuring actual information flow. · Obscuring potential information flow.

Assume the "plain" RSA signature scheme with public key (N,e). Say we want to forge a signature on m=289 but can only obtain a signature on one other message. Which of the following strategies will work? (Assume N>1000.) · Obtain signature σ on m′=17. Output [σ^2modN] as the signature on m. · Obtain signature σ on m′=288. Output [σ−1modN] as the signature on m. · Obtain signature σ on m′=578. Output[2^−1⋅σmodN] as the signature on m. · Obtain signature σ on m′=288. Output [σ+1modN] as the signature on m.

· Obtain signature σ on m′=17. Output [σ^2modN] as the signature on m.

Let F be a block cipher with n-bit block length. Consider the message authentication code for 2n-bit messages defined by Mack​(m1​,m2​)=Fk​(m1​⊕m2​). Which of the following gives a valid attack on this scheme? · Obtain tag t on message m, 0 ... 0 (with m≠0...0), and then output the tag t on the message 0...0,0...0. · Obtain tag t on message m1​,m2​ (with m1​≠m2​), and then output the tag t on the message m2​,m1​. · Obtain tag t on message m,m, and then output the tag 0...0 on the message 0...0,m. · Obtain tag t on message m,0...,0, and then output the tag t⊕(1...1) on the message m,1...1.

· Obtain tag t on message m1​,m2​ (with m1​≠m2​), and then output the tag t on the message m2​,m1​.

Assume a sender and receiver use basic CBC-MAC but authenticate/accept messages of different lengths. Which of the following is a valid attack? · Obtain tag t1​ on message m1​, and tag t2​ on message m1​,m2​. Then output the tag t1​ on the message t2​⊕m2​. · Obtain tag t1​ on message m1​, and tag t2​ on message m2​,m1​. Then output the tag t2​ on the message m1​,m2​. · Obtain tag t1​ on message m1​, and tag t2​ on message m1​,m2​. Then output the tag t2​ on the message t1​⊕m2​. · Obtain tag t1​ on message m1​, and tag t2​ on message t1​,m2​. Then output the tag t2​ on the message m1​⊕m2​.

· Obtain tag t1​ on message m1​, and tag t2​ on message m1​,m2​. Then output the tag t2​ on the message t1​⊕m2​.

Define the following function G taking n-bit inputs and producing (n+1)-bit outputs: G(x)=x∥0, where ∥ denotes concatenation. Which of the following attackers shows that this G is not a pseudorandom function? · On input an (n+1)-bit string y, output 0 if the last bit of y is 0. · On input an (n+1)-bit string y, output 1 if the first bit of y is 0. · On input an (n+1)-bit string y, output 0 if the first bit of y is equal to the last bit of y. · On input an (n+1)-bit string y, output 0 if the first bit of y is 0.

· On input an (n+1)-bit string y, output 0 if the last bit of y is 0.

Which of the following are true of implicit flows? · One can occur when assigning an untainted value to an untainted variable, but conditioned on a tainted value · Implicit flows are rarely detected by tainted flow analyses, because detecting them can increase false alarms · They only arise in object-oriented languages with dynamic dispatch, since the choice of method to call is implicit · Implicit flows can be stopped by using cryptography to encrypt the data on the flow

· One can occur when assigning an untainted value to an untainted variable, but conditioned on a tainted value · Implicit flows are rarely detected by tainted flow analyses, because detecting them can increase false alarms

Two ASCII messages containing English letters and spaces only are encrypted using the one-time pad and the same key. The 10th byte of the first ciphertext is observed to be 0xB7 and the 10th byte of the second ciphertext is observed to be 0xE7. Let m1 (resp., m2) denote the 10th ASCII character in the first (resp., second) message. What is the most you can conclude about m1 and m2? · m1 is the character 'p' and m2 is the space character. · Nothing can be determined about m1 or m2 since the one-time pad is perfectly secret. · m1 is the character 'B' and m2 is the character 'E'. · One of m1 or m2 is the space character, and the other is the character 'p'. · m1 is the space character and m2 is the character 'p'.

· One of m1 or m2 is the space character, and the other is the character 'p'.

What is one difference between an HTTP GET and an HTTP POST request? · Only GET requests use the REFERER header · Only POST requests may include parameter data in the request body · Only GET requests are subject to the same-origin policy · Only POST requests can encode parameters in the URL

· Only POST requests may include parameter data in the request body

Which of the following attackers can be used to demonstrate that the shift cipher for 3-character messages does not satisfy perfect indistinguishability? · Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 0 if the first character of C is 'a'. · Output m0 = 'aaa' and m1 = 'bbb'. Given challenge ciphertext C, output 0 if the first character of C is 'a'. · Output m0 = 'abc' and m1 = 'bcd'. Given challenge ciphertext C, output 1 if the three characters of C are all different. · Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 1 if the three characters of C are all different.

· Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 1 if the three characters of C are all different.

Let F be a block cipher with n-bit block length. Consider the message authentication code for 2n-bit messages defined by Mack​(m1​,m2​)=Fk​(m1​)⊕Fk​(m2​). Which of the following gives a valid attack on this scheme? · There is no attack; the scheme is secure. · Obtain tag t on the message 0...0,1...1, and output the tag t⊕(1...1) on the message 1...1,0...0. · Output the tag 0...0 on the message 0...0,0...0. · Obtain tag t on the message 0...0,1...1, and output the tag t⊕(1...1) on the message 1...1,1...1.

· Output the tag 0...0 on the message 0...0,0...0.

In the paper on smudge attacks, on which phone was it easiest to find password information? · Phone that touched the face · Phone where the password was entered with a light touch · Clean screen phone with a normal touch

· Phone that touched the face

Which of the following statements about physical attacks and hardware Trojan detection approaches is FALSE? · Physical attacks can be invasive, but hardware Trojan detection cannot. · They both try to find hidden information or design details in the chip. · Physical attacks can target system at normal operation, but most hardware Trojans are triggered by rare events. · Unlike physical attacks, hardware Trojan detection normally does not have a specific target.

· Physical attacks can be invasive, but hardware Trojan detection cannot.

Which of the following would NOT be a secure way for a receiver to distribute her key for a public-key encryption scheme? (Assume a passive, eavesdropping attacker here.) · Post the public key on one's webpage. · Put the public key into a public directory. · Post the private key on one's webpage. · Email the public key to the other party upon request.

· Post the private key on one's webpage.

A small kill switch (a 2-input AND gate and a triggering signal) is added to the chip to disable the encryption engine. Which of the following hardware Trojan detection approaches most likely will NOT be able to catch it? · Power side channel analysis. · Run time monitoring. · Delay side channel analysis. · Logic test at test time.

· Power side channel analysis.

Which of the following are ways that session cookies could be stolen or forged? · Stealing it from the password database · Predicting the cookie's structure and reconstructing it · Reading a cookie from an unencrypted web request · Compromising the browser or server

· Predicting the cookie's structure and reconstructing it · Reading a cookie from an unencrypted web request · Compromising the browser or server

Which of the following is not a guideline for creating usable security systems? · Create interfaces that make it clear what software the user is interacting with and providing information to. · Make sure users know what authority they hold · Make sure that users know what authority they have granted and what that means for security decisions · Prevent users from granting authority unless their request is approved by the security staff

· Prevent users from granting authority unless their request is approved by the security staff

What is the most appropriate cryptographic primitive to use if an individual wants to ensure confidentiality of the files stored on her hard drive? · Public-key encryption. · Message authentication code. · Pseudorandom function/block cipher. · Hash function. · Private-key encryption.

· Private-key encryption.

Which of the followings are the goals of IP protection? Check all that apply. · Protect IP from hardware Trojan insertion · Protect IP against unauthorized use · Protect testing data associated with the IP · Improve the quality of the IP · Enable the IP owner to detect the use of the IP

· Protect IP against unauthorized use · Protect testing data associated with the IP · Enable the IP owner to detect the use of the IP

Which of the followings are the goals of IP protection? Check all that apply. · Protect IP against unauthorized use · Trace IPs · Improve the quality of the IP · Ensure that the IP is compatible with other IPs · Protect testing data associated with the IP

· Protect IP against unauthorized use · Trace IPs · Protect testing data associated with the IP

Which of these is not a guideline for usable privacy? · Make privacy part of the natural workflow · Provide detailed privacy controls · Make privacy systems match users' expectations from previous experiences. · Clearly indicate what information will be shared, with whom, and how.

· Provide detailed privacy controls

Which of the following is NOT a payload of hardware Trojan? · Leak senstive information · Reduce circuit reliability · Remove IC designer's watermark · Control IC's functionality

· Remove IC designer's watermark

We have shown that replacing Z2​=X2​X3​ with Z2​=(X1​+X2​)X3​ will add a hardware Trojan to the circuit in question 2. Which of the following statements about hardware Trojan-free (or trusted IC) implementation is FALSE? · We need to make sure that the circuit will give correct output values for input values 0-9. · Replacing Z6​=0 by Z6​=X1​X3​ cannot prevent the hardware Trojan showed in this question. · We need to make sure that for any input x between 10 and 15, the circuit does not output x2. · Replacing Z1​=X1​ by Z1​=X1​X3′​ can prevent the hardware Trojan showed in this question.

· Replacing Z6​=0 by Z6​=X1​X3​ cannot prevent the hardware Trojan showed in this question.

What is the cycle of the iterative design process? · Design - Analysis - Testing - Refinement · Design - Analysis - Coding - Testing · Requirements - Development - Release · Requirements - Design - Development - Testing

· Requirements - Design - Development - Testing

Which of the following PUFs are delay based? Check all that apply. · SRAM PUF · Ring Oscillator PUF · Butterfly PUF · Arbiter PUF

· Ring Oscillator PUF · Arbiter PUF

A designer at Company 123 is considering changing their login interface so the password box shows the last character typed for 1 second before changing it to the standard star or dot that prevents over the shoulder attacks. They hope this will help people spot when they have made a typo as they enter their password. How should she determine if this is a good change to make? · Run a full usability study on the site with new and old version of the login system, · Run an A/B test and see which version has fewer failed logins · Show both versions to all the designers at Company 123 and have them choose which is the best · Show users both versions and ask them to vote

· Run an A/B test and see which version has fewer failed logins

Which of the following methods can make the RO PUF more reliable? Check all that apply. · Run the RO pairs for a longer time. · Use a small threshold for RO pair selection. · Use better methods or equipment to measure the delay gap more precisely. · Use error correction coding to correct the PUF bit flips.

· Run the RO pairs for a longer time. · Use error correction coding to correct the PUF bit flips.

Assume we want to use a hash function with output length as small as possible, subject to being collision resistant against a birthday attack running in time 2^192. Which hash function would be · SHA-3 with 384-bit output. · SHA-2, with output truncated to 192 bits. · MD5. · SHA-1.

· SHA-3 with 384-bit output.

Which of the following PUFs are memory based. Check all that apply. · Paper PUF · SRAM PUF · Butterfly PUF · Ring Oscillator PUF

· SRAM PUF · Butterfly PUF

XSS subverts what policy? · Whitelisting · Same Origin · Availability · Secure defaults

· Same Origin

Which of the following is not something you would do when running a controlled experiment to evaluate an interface? · Have each person in the experiment try both interfaces. · Have some people try using the control interface while other people try using the experimental interface · Select average users to test the control interface and expert users to test the experimental interface. · Provide users with training and instructions on how to use the control and experimental interfaces

· Select average users to test the control interface and expert users to test the experimental interface.

SQL injection exploits a bug in what interaction of a web application? · Client to server · Network to server · Server to client · Server to database

· Server to database

Which of the following statements about hardware Trojan prevention is true? · Shadow registers can help to measure the delay of internal paths. So it can make the path delay based hardware Trojan detection approaches more effective. · Digital watermarking (e.g. those based on don't care conditions) is used to prove IP's authorship. It cannot be considered as a way to defend against reverse engineering attack. · Rare event removal approaches remove the rare events from the chip so they will not occur and thus hardware Trojan cannot be triggered · by them. · If you cannot trust the CAD tools, you should not use it because there is no way you can build trusted IC from the untrusted CAD tools.

· Shadow registers can help to measure the delay of internal paths. So it can make the path delay based hardware Trojan detection approaches more effective.

Which of the following is a good guideline about showing detail to users? · Withhold all details from users because it will only confuse them · Show users a much technical detail as possible so they can make an informed decision · Show a level of detail that's informative and useful to the user, and no more than that

· Show a level of detail that's informative and useful to the user, and no more than that

Which of the following non-invasive attacks is passive? · Brute force · Data remanence · Fault injection · Side channel attack

· Side channel attack

Which of the following are measures of usability? · Speed · User Preference · Efficiency · Design uniqueness · Learnability · Memorability · Codability

· Speed · User Preference · Efficiency · Learnability · Memorability

If we ran an experiment to test if password logins were faster than a voice recognition authentication system, what would be required to show passwords were faster? · Password users remembered their passwords more easily than voice recognition users remembered how to authenticate · The average login time for password users was lower than for voice recognition users · The users of the password group reported higher satisfaction on surveys than the voice recognition group · Statistical tests showed that the password group logged in significantly faster than the voice-recognition group.

· Statistical tests showed that the password group logged in significantly faster than the voice-recognition group.

A project manager proposes a C coding standard where pointer variables must be assigned to NULL after being passed to free(). Doing so: · Helps code readability, but not security · Is a poor security decision, because NULL pointer dereferences could cause the program to crash · Stops writes to stale pointer values that might otherwise succeed and result in program compromise · Prevents memory leaks, thus avoiding potential denial of service

· Stops writes to stale pointer values that might otherwise succeed and result in program compromise

What is the difference between stored (or persistent) XSS and reflected XSS? · Stored XSS works by injecting code in a site's served content, while reflected XSS injects code in a URL · Stored XSS works on database queries while reflected XSS works on cookies, which are received from and reflected back to the server · Stored XSS embeds Javascript in an a URL, while reflected XSS embeds it in a mirrored site · Stored XSS is amenable to blacklisting but reflected XSS is not

· Stored XSS works by injecting code in a site's served content, while reflected XSS injects code in a URL

Say you have "oracle access" to a piece of code that, given a message m, appends an unknown 8-byte password p, applies PKCS #7 padding, and then encrypts the result using AES-128 in ECB mode with an unknown key. Which of the following attacks can be used to confirm that the first byte of p is 'Z'? · Submit the 16-byte message "ZZZZZZZZZZZZZZZZ," and check whether the first byte of the first block of the resulting ciphertext is equal to the first byte of the second block of that ciphertext. · Submit the 1-byte message "Z," and check whether any two bytes in the resulting ciphertext are equal. · Submit the 15-byte message "ABCDEFGHIJKLMNO" and the 16-byte message "ABCDEFGHIJKLMNOZ," and check if the first blocks of the resulting ciphertexts are equal. · Submit the null message and check whether the first byte of the ciphertext is equal to 'Z'.

· Submit the 15-byte message "ABCDEFGHIJKLMNO" and the 16-byte message "ABCDEFGHIJKLMNOZ," and check if the first blocks of the resulting ciphertexts are equal.

The browser implements security for Javascript programs for what reason? · Such programs may access browser-controlled resources, which include potentially sensitive data in HTML documents and cookies · It doesn't -- these programs are only used to render dynamic content but are otherwise not security-relevant · Such programs could deny service by running forever · It doesn't -- Javascript programs run at the server so the browser can ignore them

· Such programs may access browser-controlled resources, which include potentially sensitive data in HTML documents and cookies

What's the difference between system centered design and user centered design · System centered design is focused on what is easy to build on a platform while user centered design is focused on user needs and context. · System centered design focuses on developing systems while user-centered sign focuses on developing user tasks. · System centered design is about analyzing systems but user centered design is about analyzing users

· System centered design is focused on what is easy to build on a platform while user centered design is focused on user needs and context.

In the slide of "Montgomery Reduction", which one of the following conditions is necessary? · T < NxR · R is a power of 2 · N is a prime · T > N · gcd (T,N) = 1 · gcd (R,N) = 1

· T < NxR · gcd (R,N) = 1

What does it mean to "be stealthy" during a penetration test? · Performing the tests from an undisclosed location · Taking care to avoid activities during a penetration test that might attract attention, e.g., by operators or IDS services · Using encryption during tests to make the source of attacks impossible to determine · Performing penetration testing without the target organization knowing

· Taking care to avoid activities during a penetration test that might attract attention, e.g., by operators or IDS services

Which of the following approaches is a pre-synthesis hardware Trojan prevention method? · Circuit obfuscation · Removal of dead space · Interface protection · Test and validation · Formal verification

· Test and validation · Formal verification

A safe string library typically attempts to ensure which of the following? · That there is sufficient space in a source and/or target string to perform operations like concatenation, copying, etc. · That the strings have been properly sanitized · That wide (i.e., multibyte) character strings can be used where single-byte character strings are expected. · That strings from the safe library can be freely passed to the standard string library functions, and vice versa

· That there is sufficient space in a source and/or target string to perform operations like concatenation, copying, etc.

Which of the following are true about the Vigenere cipher? (Check all that apply.) · The Vigenere cipher is computationally infeasible to break if the key has length 100, even if 1000s of characters of plaintext are encrypted. · A Vigenere cipher with key of length 100 can be broken (in a reasonable amount of time) using exhaustive search of the key space. · The Vigenere cipher can always be broken, regardless of the length of the key and regardless of the length of plaintext being encrypted. · The Vigenere cipher is perfectly secret if the length of the key is equal to the length of the messages in the message space.

· The Vigenere cipher is perfectly secret if the length of the key is equal to the length of the messages in the message space.

Suррose a wеb аpplication imрlements аuthentication bу cоnstructing an SQЛ quеry frоm HТML frоm dаta usiнg PНP's prepаred stаtements. What would happen if an attacker entered FRАNK' ОR 1 equal 1 in the web form's user field? · The text will modify the structure of the SQЛ query and possibly bypass authentication · The text will be confused as the password and authentication will probably fail · The text will corrupt the query structure and the database will view it as a syntax error · The application will try to authenticate a user whose name is FRАNK' OR 1 equal 1

· The application will try to authenticate a user whose name is FRАNK' OR 1 equal 1

In the definition of perfect secrecy, what threat model is assumed? · The attacker can eavesdrop on a single ciphertext. · The attacker can eavesdrop on as many ciphertexts as it likes. · The attacker is able to interfere with the communication channel between the two honest parties. · The attacker can carry out a chosen-plaintext attack.

· The attacker can eavesdrop on a single ciphertext.

Assume a sender and receiver use the encrypt-and-authenticate approach for variable-length messages, using CTR-mode encryption and a variant of CBC-MAC secure for authenticating variable-length data (and independent keys for each). Which of the following statements is true? · The combination is not CPA-secure, and it does not provide integrity because the CTR-mode encryption allows the attacker to forge a tag in the CBC-MAC. · The combination is CPA-secure, but it does not provide integrity. · The combination is not CPA-secure, and it does not provide integrity because CTR-mode encryption is malleable. · The combination is not CPA-secure, but it does provide integrity.

· The combination is not CPA-secure, but it does provide integrity.

Which of the following is a drawback of the private-key setting that is NOT addressed by the public-key setting? · The communicating parties need to have some prior relationship. · Users must manage and securely store keys for every other party with whom they wish to communicate securely. · The communicating parties need the ability to generate random bits. · The communicating parties need to share some secret information in advance.

· The communicating parties need the ability to generate random bits.

Say we have a scheme with a claimed proof of security with respect to some definition, based on some assumption. The scheme was successfully attacked when used in the real world. What are possible reasons for this? (Check all that apply.) · The attacker did not read the proof of security. · The definition of security may not correctly capture the real-world threat model. · The proof might be incorrect. · The assumption may be false.

· The definition of security may not correctly capture the real-world threat model. · The proof might be incorrect. · The assumption may be false.

Company XYZ is a defense contractor. They need to make sure that only authorized people enter their facilities. They have decided to install a new biometric authentication station outside the gate that protects the parking lot. Employees will need to authenticate in order to be let in. Answer questions 14-20 about Company XYZ. How should the security system be designed? · The designer should choose the biometric authentication mechanism that has the most support in her preferred programming language · The designer should look for which biometric authentication systems are easiest to implement · The designer should sit at the gate during the busiest time of morning and evening and watch people come in and out · The designer should rely on her own experience entering the gate to decide which authentication scheme will work best

· The designer should sit at the gate during the busiest time of morning and evening and watch people come in and out

Which of the following statement about side channel analysis based hardware Trojan detection methods is INCORRECT? · The errors in collecting side channel measurements do not impact the accuracy of these detection methods. · The accuracy of these detection methods will be affected by the environment we test the chip. · The accuracy of these detection methods is related to the models we use for system's normal (Trojan-free) behavior. · The variations during chip's fabrication process will impact the accuracy of these detection methods.

· The errors in collecting side channel measurements do not impact the accuracy of these detection methods.

Assume the Diffie-Hellman protocol is run by two parties in the subgroup of Z23∗​ generated by 2. (This subgroup has order 11.) If the first party chooses private exponent 3 and the second chooses private · The first party sends 8, the second party sends 12, and they share the key 3. · The first party sends 8, the second party sends 1, and they share the key 1. · The first party sends 3, the second party sends 10, and they share the key 11. · The first party sends 8, the second party sends 12, and they share the key 20.

· The first party sends 8, the second party sends 12, and they share the key 3.

Which of the following is NOT a group? · The set {0,1,2,...,27} under addition modulo 28. · The integers under addition. · The integers under multiplication. · The set {1,3,7,9} under multiplication modulo 10.

· The integers under multiplication.

In a system where a person can grant authority to others to his or her own access resources, which of the following is true? · The interface should help users be aware of what authority they have granted in the past · The easiest way to do a task should require the most minimal granting of authority · Authority should be granted without requiring the user to explicitly give consent · Users should be able to reduce the authority granted to others

· The interface should help users be aware of what authority they have granted in the past · The easiest way to do a task should require the most minimal granting of authority · Users should be able to reduce the authority granted to others

Which of the following are true for obtaining perfect secrecy using the one-time pad, assuming the message space contains messages all of some fixed length? (Check all that apply.) · The key should be shared between the two communicating parties, and kept secret from any potential attacker. · The all-0 key must be avoided, since when the all-0 key is used the ciphertext is equal to the message being encrypted. · The key must be as least as long as the messages in the message space. · The key should be chosen uniformly.

· The key should be shared between the two communicating parties, and kept secret from any potential attacker. · The key must be as least as long as the messages in the message space. · The key should be chosen uniformly.

Which of the following are true about a type-safe language? (Select all that apply.) · The language is object-oriented. · The language is always much slower than a non-type safe language · The language is also memory safe · The language may be used to enforce information flow security, depending on the type system · The language is sometimes memory safe, but not always

· The language may be used to enforce information flow security, depending on the type system · The language is sometimes memory safe, but not always (+-, но вроде это не правильный ответ) · The language is also memory safe

Which of the following is true? · The more usable a system is, the more secure it is because usable systems help users make good security decisions and easily choose the most secure actions · The more usable a system is, the less secure it is because users do not understand security, so to make a usable system, security must be downgraded or left off.

· The more usable a system is, the more secure it is because usable systems help users make good security decisions and easily choose the most secure actions

Suppose you are implementing an extensible data management system. You want to accommodate plug-ins that can implement storage rules and query processing functionality for different data formats (e.g., relational data, object data, XML data, etc.). Which of the following designs most takes security into account? · The plug-ins and the main data management software are linked into the operating system kernel as a special kind of device driver, to give them direct access to stable storage and the network stack, while the OS can enforce their security · The plug-ins are linked directly in the address space of the data management software, ensuring high performance · The plug-ins are implemented as separate OS processes; these processes communicate to/from the main process to handle queries/updates for the data formats they support · The plug-ins are implemented as separate OS processes but which share memory with the main process (and may access its memory as well), for better efficiency. Queries/updates occur via inter-process communication.

· The plug-ins are implemented as separate OS processes; these processes communicate to/from the main process to handle queries/updates for the data formats they support

A website provides an extensive 50-printed-page privacy policy written in common language that describes every detail of how users' data is collected, used, and shared. Which of the following is true of informed consent? · Comprehension is a challenge with this policy. · An average user would not consider this disclosure. · The policy does not meet the requirement of minimal distraction · There is informed consent.

· The policy does not meet the requirement of minimal distraction

Consider the following code fragment. char blah[] = "fizzbuzz"; printf("%s\n", blah+4); What happens if we try to compile and run this code? · The program outputs "fizz" · The program outputs a blank line depending on the size of pointers · The program is illegal C and may not compile · The program outputs "buzz"

· The program outputs "buzz"

Which of the following statements about the randomized modular exponentiation (ME) is true? · The random number r2​ cannot be 0. · The three random numbers r1​,r2​,r3​ must be primes. · The randomized ME method avoids the modular exponentiation computation · The three random numbers r1​,r2​,r3​ cannot have the same value.

· The random number r2​ cannot be 0.

Let G be a function mapping n-bit inputs to 2n-bit outputs. Which of the following is true of the pseudo one-time pad encryption scheme based on G? (Check all that apply.) · The scheme is computationally secret if G is a pseudorandom generator. · The scheme is perfectly secret. · The scheme can be used securely to encrypt multiple messages using the same key. · The key space of the scheme is at least as large as the message space.

· The scheme is computationally secret if G is a pseudorandom generator.

Let G be a group, and consider the following private-key encryption scheme with message space G: The shared key is a uniform element k∈G. To encrypt a message m∈G using key k, output the ciphertext k⋅m. To decrypt a ciphertext c∈G using key k, output the message k−1⋅c. Which of the following is true about this scheme? · The scheme is CCA-secure. · The scheme is computationally indistinguishable, but not perfectly secret. · The scheme is perfectly secret. · The scheme is CPA-secure, but not CCA-secure.

· The scheme is perfectly secret.

In the slide of "Public Watermarking GP Problem" (page 6 in "Good Watermarks"), which of the followings should be made to the public? Check all that apply. · The scheme that public watermark head and body will be constructed · The public watermark you want to embed in the solution · The pairs of nodes selected to embed the public watermark bits · The rules on how each public watermarking bit will be embedded

· The scheme that public watermark head and body will be constructed · The public watermark you want to embed in the solution · The pairs of nodes selected to embed the public watermark bits · The rules on how each public watermarking bit will be embedded

Which of the following is true about static and dynamic web content? · Static pages may include PHP programs, which execute at the browser · The server often produces dynamic content based on the contents of the database · Static content may be re-generated with each request · Javascript programs embedded in HTML pages are run server-side to produce dynamic content

· The server often produces dynamic content based on the contents of the database

Why is it undesirable to implement session identifiers using (only) hidden form fields? · Such fields cannot include timeout information · Such fields cannot contain binary data · These fields are easily modified by the user · The session ID is forgotten when the browser window is closed

· The session ID is forgotten when the browser window is closed

Consider the Vigenere cipher over the lowercase English alphabet, where the key has length 8. For which of the following message spaces will this scheme be perfectly secret? (Check all that apply.) · The set of all 9-character strings of lowercase English letters. · The set of all 7-character strings of lowercase English letters. · The set of all 8-character strings of lowercase English letters. · The set of all strings of lowercase English letters containing at most 8 characters.

· The set of all 7-character strings of lowercase English letters. · The set of all 8-character strings of lowercase English letters.

Which of the following are true about a language that uses garbage collection or some other automatic means (e.g., reference counting) for memory management? (Select all that apply.) · The language will not have spatial memory safety violations · The use of automatic memory management will provide a safety benefit, but typically at the cost of some performance · The language will not have type safety violations · The language will not have temporal memory safety violations · The language will use primarily static types (i.e., types that are checked primarily before the program runs)

· The use of automatic memory management will provide a safety benefit, but typically at the cost of some performance · The language will not have temporal memory safety violations

A return-to-libc attack does not require that the attacker inject executable code into the vulnerable program. Which of the following is the most important reason that return-to-libc attacks are useful to the attacker? · There is no need to be able to execute (writable) data · The injected code might have bugs · The code in libc is better than code the attacker would write · There is no need to modify the application's executable code

· There is no need to be able to execute (writable) data

How should users be considered within a security system? · They need to be well-trained in how to use the security systems we build for them. · They are often the reason security fails. · They are an integral part of security and should be considered part of the system from the beginning

· They are an integral part of security and should be considered part of the system from the beginning

What is the biggest usability problem with Company ABC's passwords? · They take a long time to type in (speed) · It is too easy to make a typo while entering the password (efficiency) · They are hard to remember (memorability) · Employees don't like them (user preference)

· They are hard to remember (memorability)

Which of these are advantages of low-fidelity (e.g. paper) prototypes · They can be created quickly and cheaply · Any team member can create one, regardless of programming skills · They can be used to calculate how long it will take users to accomplish certain tasks · They let designers see the impact of font size, color, and other visual elements

· They can be created quickly and cheaply · Any team member can create one, regardless of programming skills

If a company has collected an American user's personal data without their consent, how can the user respond? · The government can file charges against the company. · They can sue the company who collected their data. · They have no rights to their data. · The user can file a complaint with their local police department.

· They have no rights to their data.

Which of the following are benefits of penetration testing? · You can prove a positive: Penetration testing will establish your system is secure · Compositionality of security properties means tested components are secure even if others change · They specifically consider adversarial thinking, which is not usually necessary for normal tests · Results are often reproducible · Results are certain and not hypothetical

· They specifically consider adversarial thinking, which is not usually necessary for normal tests · Results are often reproducible · Results are certain and not hypothetical

Consider the following algorithm for factoring an integer N provided as input (in binary): For i=2 to ⌈N​⌉, if i divides N, then output (i,N/i). Which of the following statements is true? · This algorithm is correct, but it runs in exponential time. · This algorithm is not correct, because it will sometimes fail to find a factorization of N even if N is composite. · This algorithm runs in sub-linear time, and always factors N if N is composite. · This algorithm is not correct, because it will sometimes output a non-trivial factorization of N even when N is prime.

· This algorithm is correct, but it runs in exponential time.

Consider the following code fragment: sizeof(int*) == sizeof(int). Which one of the following is true about it? · This fragment always evaluates to 1 (assuming it doesn't crash) · This fragment will not compile · This fragment always evaluates to 0 (assuming it doesn't crash) · This fragment's result depends on the compiler and architecture · This fragment will always crash

· This fragment's result depends on the compiler and architecture

Consider the following "hybrid" signature scheme, which will give better efficiency when signing long messages. To sign message M using private key sk, choose a uniform key k for a message authentication code and then send k,Signsk​(k),Mack​(M). Verification is done in the natural way. Which of the following is true regarding this scheme? · This is a secure signature scheme, if the underlying signature scheme and MAC are secure. · This is not secure because it is very likely that a key k will be used twice by the signer. · This is not secure because given k,Signsk​(k),Mack​(M) an attacker can forge k,Signsk​(k),Mack​(M′) on any M′ of its choice. · This is not secure because given the message/signature pair (k,Signsk​(k)) an attacker can easily forge Signsk​(k′) on a key k′ of its choice.

· This is not secure because given k,Signsk​(k),Mack​(M) an attacker can forge k,Signsk​(k),Mack​(M′) on any M′ of its choice.

Let F be a block cipher with block length n. Consider the following encryption scheme for n-bit messages: to encrypt message m using key k, choose a random c0​∈{0,1}n and output the ciphertext c0​,c1​,Fk​(Fk​(c0​)⊕c1​), where c1​=Fk​(c0​)⊕m. Which of the following statements is true? · This can be viewed as an example of the encrypt-and-authenticate approach using CBC-mode and CBC-MAC (with the same key), and is insecure. · This looks like the authenticate-then-encrypt approach using CBC-MAC and CBC-mode encryption (with the same key) -- but here it's ok, since CBC-MAC is applied to something random. · This is an example of the encrypt-then-authenticate approach using CTR-mode and CBC-MAC, so is secure. · This looks like the encrypt-then-authenticate approach using CTR-mode and CBC-MAC, except that here the same key is being used for both -- Prof. Katz warned us about that; this looks insecure!

· This looks like the encrypt-then-authenticate approach using CTR-mode and CBC-MAC, except that here the same key is being used for both -- Prof. Katz warned us about that; this looks insecure!

Consider the following code #include <stdio.h> #include <stdlib.h> int main(int argc, char *argv[]) { unsigned int i; unsigned int k = atoi(argv[1]); char *buf = malloc(k); /* 1 */ if(buf == 0) { return -1; } for(i = 0; i < k; i++) { buf[i] = argv[2][i]; /* 2 */ } printf("%s\n", buf); /* 3 */ return -1; } · This program could crash at all 3 positions · This program could crash at position 1 · This program could crash at 2 and 3 · This program could crash at 1 and 2 · This program could crash at position 2 · This program could crash at position 3

· This program could crash at 2 and 3

Consider the following program #include <stdlib.h> #include <stdio.h> #include <string.h> int main(int argc, char *argv[]) { int **blah2 = malloc(sizeof(int*)*N); int *special = NULL; int i, j; for(i = 0; i < N; i++) { int *tmp = (int *)malloc(sizeof(int)*M); memset((void *)tmp, 0, sizeof(int)*M); if(i > N) { special = &tmp[3]; } blah2[i] = tmp; } if(special != NULL) { *special = 7; } for(i = 0; i < N; i++) { for(j = 0; j < M; j++) { printf("%d ", blah2[i][j]); } printf("\n"); } return 0; } Assuming we #define N and M to be positive integers, and the calls to malloc() succeed (the arguments do not overflow, and do not return NULL), then which of the following is true? · This program outputs a matrix with at least one element being 7 · This program crashes · This program outputs a random NxM matrix · This is not a valid C program · This program outputs a zero NxM matrix

· This program outputs a zero NxM matrix

What is the goal of A/B testing? · To allow users to choose interface options from a menu · To compare the performance two (or more) interface variations · To test users' answers to quiz questions · To create software and release it in version A, refine and release version B, and so on

· To compare the performance two (or more) interface variations

A user wants to design a CPA-secure public-key encryption scheme to be used for emailing large files. Of the following, which would be the best approach? · To encrypt a file M, break it into a sequence of blocks M1​,M2​,.... Then encrypt each block independently using El Gamal encryption. · To encrypt a file, use El Gamal encryption to encrypt a random AES key; then use AES (with that key) in CBC mode to encrypt the file. · To encrypt a file M, hash the file to a short value h=H(M), and then encrypt h using El Gamal encryption. · To encrypt a file M, use DSS to encrypt a random key, and then use that key to encrypt M using HMAC.

· To encrypt a file, use El Gamal encryption to encrypt a random AES key; then use AES (with that key) in CBC mode to encrypt the file.

What is the goal of a usability study? · To study the theoretical aspects of usability · To measure and describe usability of a system for given tasks · To develop new measures of usability · To test the security of a system

· To measure and describe usability of a system for given tasks

Which of the following are disadvantages of personas? · Too many personas can be difficult to create and manage. · A diverse audience may be difficult to represent with a normal-sized set of personas · All team members work with a consistent model of users · They are expensive and time-consuming to create · They make potential users too "real" for designers

· Too many personas can be difficult to create and manage. · A diverse audience may be difficult to represent with a normal-sized set of personas

Imagine you are analyzing the usability of a banking website. Which of the following are examples of good tasks? · How many types of accounts are available? · Transfer $20 from checking to savings. · Open a new savings account. · Go to the banking login screen. Enter your username and password. Once your account list appears, click on your checking account. Then read the third item in the list of transactions. · Check your savings account balance. · Search for a deposit transaction.

· Transfer $20 from checking to savings. · Open a new savings account. · Check your savings account balance.

Company ABC's password policy has always been that the system generates passwords for its users instead of letting them pick their own. The passwords are random 8-character strings with upper and lower case letters, numbers, and symbols for users (e.g. "^8j4Z.mp"). Every six months, the password is changed to something new. Because password resets are a security danger, users are not allowed to reset their passwords if they forget them. Instead, they need to go to the company's IT office which looks up their existing password and gives them a printout with the password on it. (note: this is a true example - I worked at an organization that had exactly this policy) Answer the questions 1-13 about Company ABC's policy. True or false: the passwords that the system generate are very hard to crack? · True · False

· True

True of false: the endorsement key in TPM is a non-migratable key. · False · True

· True

True or False: A design guideline for creating usable secure systems is to make the most secure way to complete a task the easiest way to complete the task. · True · False

· True

True or false: Hitting different keys or key combinations on the keyboard will generate different acoustic traces. This can leak side channel information. · True · False

· True

True or false: Increasing the usability of Company ABC's password policy would lead to greater security · True · False

· True

True or false: Providing complete and detailed explanations of how data is collected and used can overwhelm the user and lead to a less usable privacy system. · True · False

· True

True or false: Side channel attacks are passive, but they can be combined with active attacking methods to become more effective in breaking the system. · True · False

· True

True or false: The power and delay of different instructions are normally different. · True · False

· True

True or false: The power and delay of the same instruction on different oprands can also be different. · True · False

· True

True or false: Users should be aware of what authority they hold, what authority they have granted, and what the implications are for security decisions · True · False

· True

True or false: When the cache storing secret data is shared by other processes, it may introduce security vulnerabilities. · True · False

· True

True or false: a policy that allows users reset their passwords automatically (e.g. if a user forgets their password they can enter their user ID and have a new password emailed to the address that the IT office has on file) may lead users choosing more complex passwords. · True · False

· True

True or false: a policy that users reset their passwords automatically would be more usable · True · False

· True

True or false: a user chosen 8-character password could be more secure · True · False

· True

True or false: a user-chosen 8-character password would be more usable · True · False

· True

True or false: an automatically generated password that combined 4 unrelated common words would be harder to break · True · False

· True

True or false: an automatically generated password that combined 4 unrelated common words would be more usable · True · False

· True

True or false: any private-key encryption scheme that is CCA-secure must also be CPA-secure. · True · False

· True

True or false: any private-key encryption scheme that is CPA-secure must also be computationally indistinguishable. · True · False

· True

True or false: error messages should limit technical detail in favor of plain language. · True · False

· True

True or false: fingerprint recognition is generally faster than password entry for authentication. · True · False

· True

Which of the following is not a type of gesture based authentication? · Typing in a numeric code on a keypad · Drawing a signature on a touch screen · Connecting dots on a grid · Swiping multiple fingers in a line or shape

· Typing in a numeric code on a keypad

Qualitative evaluation is intended to: · Measure how well a user remembers the steps required to complete a task · Time how long it takes a user to complete a task · Count the number of errors a user makes when using the system · Understand user experiences and reactions to a design

· Understand user experiences and reactions to a design

The Federal Government wants to be able to issue advisories to the general public while ensuring that no one will be able to tamper with their messages or spoof a fake advisory. Which of the following is the best cryptographic approach to address this problem? · Use a public-key encryption scheme, with the public key known to everyone, and decrypt each advisory when it is released. · Use a message authentication code, with the key known to everyone, to generate a tag for each advisory when it is released. · Use a digital signature scheme, with the public key known to everyone, to sign each advisory when it is released. · Use multiple message authentication codes, with each member of the public being given a unique key, and generate one tag per key each time an advisory is released.

· Use a digital signature scheme, with the public key known to everyone, to sign each advisory when it is released.

The president and vice president of a company want to communicate while ensuring integrity of their communication. Which of the following is the best cryptographic approach to address this problem? · Use a message authentication code, with the key shared between them, and generate a tag for each message they send. · Use a digital signature scheme, with the public key known to everyone, and sign each message they send. · Use a message authentication code, with the key made public, and generate a tag for each message they send. · Use a CPA-secure private-key encryption scheme, with the key shared between them, and encrypt each message they send.

· Use a message authentication code, with the key shared between them, and generate a tag for each message they send.

Which of the followings will not help to prevent side channel attacks? · Careful engineering so circuit's power, timing, and other characteristics that can be observed from side channel become data independent. · Use sensor mesh at the top metal layer and continuously monitor all paths in the mesh. · Use dedicated power supply for the crypto units on the chip. · Restrict the physical access to the system (e.g., no entry within a certain distance, say 300 meters, of the system)

· Use sensor mesh at the top metal layer and continuously monitor all paths in the mesh.

Which of the following is the most likely response to Company ABC's password reset policy ? · Users will become friends with people in the IT office because they visit to often to get password reminders · Users will write down their passwords · People will lose work time trying to memorize their new passwords every six months

· Users will write down their passwords

Three important things that have to be understood in HCI are: · Users, Tasks, and Context. · Location, Age and Education. · Screen Sizes, Processor Speeds and Memory Sizes.

· Users, Tasks, and Context.

What is a good defense against powers that are particular to a snooping user? · Using encryption · Using a firewall · Using passwords to authenticate users · Using a type-safe language

· Using encryption

Which of the following operations are suppliers permitted to do? Use SQL injection to bypass authentication, or find a way to create an account as a supplier. · View existing price list · Cancel contract · Upload price list · Submit monthly bill payment · Download an activity report

· View existing price list · Upload price list

For an FPGA-based system developer, which of the following security vulnerabilities and attacks he will not care? · Replay attacks from the FPGA users. · Reverse engineering attacks to the FPGA configuration bitstream file of his design. · Watermarks in the FPGA embedded by the FPGA vendor. · Leak of his design information from the FPGA

· Watermarks in the FPGA embedded by the FPGA vendor.

Which of the following are typical questions to ask on a pre-test questionnaire? · What is your highest level of education · How difficult was it to complete task 1 · What is your age · What was most challenging about using the interface

· What is your highest level of education · What is your age

Which of the following questions is NOT answered as part of the disclosure component of informed consent? · What is the information used for? · How is an individual's identity protected? · What information is collected? · What privacy settings do users have access to?

· What privacy settings do users have access to?

Which of the following statements about hardware Trojan detection is true (assume that the Trojan detection tool is trusted)? · When a Trojan is found and fixed, the IC can be trusted. · When all components of the IC are tested and Trojan-free, the IC is trusted. · When a Trojan is reported, the IC cannot be trusted. · When the hardware Trojan detection tool does not find any Trojan, the IC is trusted.

· When a Trojan is reported, the IC cannot be trusted.

Which of the following statements about don't care conditions is correct? · When system outputs are specified for all the input combinations, there will not be any don't care conditions in the design. · When a combinational system is fabricated, the outputs will be deterministic for all the don't care conditions, but outputs may have different values on different don't care conditions. · If specific values are assigned to outputs on don't care conditions, the design will have more constraints and its quality (e.g. size, power, speed) will become worse.

· When a combinational system is fabricated, the outputs will be deterministic for all the don't care conditions, but outputs may have different values on different don't care conditions.

Which of the following is true of privacy policies? · When people read them, they often feel like they don't understand them. · Most people read privacy policies when they register for sites. · There is a standard format that all privacy policies are supposed to follow. · Privacy policies are usually written in very technical legal language

· When people read them, they often feel like they don't understand them.

What is a good solution for the SUV drivers? · When they teach the system what their authenticating gesture is, they should do it from their car rather than in the IT office so there is a better match between their "true" gesture and what they enter when they drive in · SUV drivers should be given additional training on how to properly enter a gesture · Nothing - the SUV drivers need to learn to work with the system · SUV drivers should, instead, be required to type in a password on a touch screen at the gate (similar to an ATM touchscreen)

· When they teach the system what their authenticating gesture is, they should do it from their car rather than in the IT office so there is a better match between their "true" gesture and what they enter when they drive in

Which of the following styles of fuzzer is more likely to explore paths covering every line of code in the following program? int main(int argc, char **argv) { char buf[100]; while (fgets(buf,sizeof(buf),stdin) != NULL) { int c = atoi(buf); if (c == 456799) printf("%s\n",(char *)c); else { int i = 0; for (i=0; i<c; i++) printf("."); printf("\n"); } } return 0; } · Blackbox · Whitebox · Mutation-based · Generational

· Whitebox

What is penetration testing? · A procedure for testing libraries or other program components for vulnerabilities · All of the above · Whole-system testing for security flaws and bugs · A security-minded form of unit testing that applies early in the development process

· Whole-system testing for security flaws and bugs

The shell command cd; ls *.xml · Will list all of the files listed in the given XML file · Will list the file *.xml in the current directory · Will list all files ending in the xml suffix in the previous working directory · Will list all files ending in the xml suffix in user's home directory

· Will list all files ending in the xml suffix in user's home directory

A colleague proposes using a heap allocator that randomizes the addresses of allocated objects. This: · Will increase performance by keeping the cache sparsely populated · Will make the program more secure, because attackers frequently rely on predicting the locations of heap-allocated objects in exploits · Will make the program less secure, because the application will not be able to predict the locations of heap-allocated objects · Will have no impact on security or performance

· Will make the program more secure, because attackers frequently rely on predicting the locations of heap-allocated objects in exploits

A mobile app uses a phone's microphone to listen in the background for commercials, songs, and TV shows that a person is hearing in order to target ads at the user. The app does not store any information about users' conversations nor does it store recordings. Should the app disclose that it is listening to this background sound? · No, since no personal conversation data is recorded it would be inaccurate to mislead users into believing audio data is being collected. · Yes, users should be informed that sound from their environment is being collected.

· Yes, users should be informed that sound from their environment is being collected.

Which of the following is a setting in which a pseudorandom generator could be applied? · You have a 1 MB file that you would like to compress. · You have a way to generate random bits at the rate of 100 bits/second, but you need 1,000,000 random bits to run a statistical simulation. · You have a 1 MB file and you would like to make sure that it has not been tampered with.

· You have a way to generate random bits at the rate of 100 bits/second, but you need 1,000,000 random bits to run a statistical simulation.

Exploitation of the Heartbleed bug permits · overwriting cryptographic keys in memory · a kind of code injection · a read outside bounds of a buffer · a format string attack

· a read outside bounds of a buffer

IC metering methods that can also be used to lock, unlock, enable, disable, or controll the IC are known as ________ metering method. · active · passive

· active

Recall the vulnerable program from the previous few questions. Which of the following attacks do you think the program is susceptible to? #include <stdio.h> #include <string.h> #define S 100 #define N 1000 int main(int argc, char *argv[]) { char out[S]; char buf[N]; char msg[] = "Welcome to the argument echoing program\n"; int len = 0; buf[0] = '\0'; printf(msg); while (argc) { sprintf(out, "argument %d is %s\n", argc-1, argv[argc-1]); argc--; strncat(buf,out,sizeof(buf)-len-1); len = strlen(buf); } printf("%s",buf); return 0; } · code injection · data corruption · reading arbitrary addresses in memory · all of the above

· all of the above

Which of the followings can be used to generate fault for fault injection attacks to a system? · chip operating temperature · clock glitches · electromagnetic flux · white light · all of the above

· all of the above

An integer overflow occurs when · an integer expression's result "wraps around"; instead of creating a very large number, a very small (or negative) number ends up getting created · an integer is used as if it was a pointer · an integer is used to access a buffer outside of the buffer's bounds · there is no more space to hold integers in the program

· an integer expression's result "wraps around"; instead of creating a very large number, a very small (or negative) number ends up getting created

A static analysis · is a kind of real analysis for solving numeric equations · analyzes the fixed, or static portions of a program · is always better than testing · analyzes a program's code without running it

· analyzes a program's code without running it

Consider hybrid encryption using plain RSA and AES-128 in CTR mode, with public key N,e. Say a 128-bit message m is encrypted, yielding ciphertext c,c0​,c1​, with c∈ZN∗​ and c0​,c1​∈{0,1}128. Which of the following would be an encryption of mˉ, the bitwise complement of m? · [2e⋅cmodN],c0​,c1​. · The given encryption scheme is CCA-secure (hence non-malleable), so it is infeasible to come up with an encryption of mˉ. · c,c0​,cˉ1​. · c,cˉ0​,c1​.

· c,c0​,cˉ1​.

As in the lectures, let certA→B​ denote a certificate issued by A for B, i.e., certA→B​=SignskA​​(B,pkB​). Assuming D knows pkC​ and trusts C, which of the following provides evidence to D that A's public key is pkA​? · certA→C​ and pkA​ · certC→B​, pkB​, certB→A​, and pkA​. · certA→B​, pkA​, certB→C​, and pkB​. · certC→B​, pkB​, certA→B​, and pkA​.

· certC→B​, pkB​, certB→A​, and pkA​.

Recall the vulnerable overflow from the previous two questions. We can change one line of code and make the buffer overrun go away. Which of the following one-line changes, on its own, will eliminate the vulnerability? #include <stdio.h> #include <string.h> #define S 100 #define N 1000 int main(int argc,char *argv[]) { char out[S]; char buf[N]; char msg[] = "Welcome to the argument echoing program\n"; int len = 0; buf[0] = '\0'; printf(msg); while (argc) { sprintf(out,"argument %d is %s\n",argc-1,argv[argc-1]); argc--; strncat(buf,out,sizeof(buf)-len-1); len = strlen(buf); } printf("%s",buf); return 0; } · change printf("%s",buf) to printf(buf); · change printf(msg) to printf("%s",msg); · change char msg[] = "Welcome to the argument echoing program\n" to char msg[42] = "Welcome to the argument echoing program\n" · change sprintf(out, "argument %d is %s\n", argc-1, argv[argc-1]) to snprintf(out, S, "argument %d is %s\n", argc-1, argv[argc-1])

· change sprintf(out, "argument %d is %s\n", argc-1, argv[argc-1]) to snprintf(out, S, "argument %d is %s\n", argc-1, argv[argc-1])

Recall that classic enforcement of CFI requires adding labels prior to branch targets, and adding code prior to the branch that checks the label to see if it's the one that is expected. Now consider the following program: int cmp1(char *a, char *b) { return strcmp(a,b); } int cmp2(char *a, char *b) { return strcmp(b,a); } typedef int (*cmpp)(char*,char*); int bar(char *buf) { cmpp p; char tmpbuff[512] = { 0 }; int l; if(buf[0] == 'a') { p = cmp1; } else { p = cmp2; } printf("%p\n", p); strcpy(tmpbuff, buf); for(l = 0; l < sizeof(tmpbuff); l++) { if(tmpbuff[l] == 0) { break; } else { if(tmpbuff[l] > 97) { tmpbuff[l] -= 32; } } } return p(tmpbuff,buf); } To ensure that the instrumented program runs correctly when not being attacked, which of the following functions would have to be given the same label? Choose at least two, but no more functions than necessary. · strcpy · cmp1 · cmp2 · cmpp · strcmp

· cmp1 · cmp2

In the slide "Fingerprinting: Don't Cares (I)" (page 6 in "Fingerprinting"), Alice decides to create fingerprinting copies of the original circuit by adding a new connection to the OR gate, which of the followings are correct? Check all that apply. · connect signal A to the OR gate · connect signal B to the OR gate · connect signal X to the OR gate · connect signal X' to the OR gate

· connect signal X' to the OR gate

Which of the followings is NOT a good practice in securing a system? · understand the motivations of attackers · identify vulnerabilities in the system · estimate the threats to the system · design a working system and then add the necessary protocols to secure it

· design a working system and then add the necessary protocols to secure it

BadStore's session cookie format is poorly designed because it is uses a predictable structure. In particular, it is an encoded string (with a URL-encoded newline at the end) of concatenated fields separated by colons, i.e., of the form XXX:YYY:ZZZ:etc. Which of the following are the fields that it uses? · e-mail address · expiration timeout · MD5 hash of password · the number of fail login attempts · full name · SHA1 hash of password · role · integer that counts the number of times ever logged in

· e-mail address · MD5 hash of password · full name · role

Consider the program below, using the qualified types annotations for tainted flows given in the lecture (shown in comments). In particular, notice that the variable fmt and the argument to printf are untainted, while the result of fgets is tainted. Suppose we analyze this with a tainted flow analysis. This program has no bugs, but which kinds of analysis report a false alarm? /* int printf(untainted char *fstr, ...); */ /* tainted char *fgets(...); */ char *chomp(char *s) { int i, len = strlen(s); for (i = 0; i<len; i++) if (s[i] == '\n') { s[i] = '\0'; break; } return s; } void foo(FILE *networkFP, untainted char *fmt) { char buf[100]; char *str = fgets(buf, sizeof(buf), networkFP); char *str1 = chomp(str); char *fmt1 = chomp(fmt); printf(fmt1,str1); } · flow-sensitive, context-sensitive · path-sensitive, context-sensitive · flow-sensitive, context-INsensitive · path-sensitive, context-INsensitive (возможно тоже правильный, или нет) · flow-INsensitive, context-INsensitive · flow-INsensitive, context-sensitive

· flow-sensitive, context-INsensitive · flow-INsensitive, context-INsensitive

Consider the following code, where the referenced chomp function is the same as in the previous question. Suppose we analyze this with a tainted flow analysis. Once again, this program has no bugs, but which kinds of analysis report a false alarm? void bar(FILE *networkFP, char *fmt, int testing) { char buf[100]; char *str = fgets(buf, sizeof(buf), networkFP); char *str1 = chomp(str); if (testing) str1 = "test format"; printf(fmt,str1); if (testing) printf(str1); } · flow-sensitive, context-sensitive · path-sensitive, context-INsensitive · flow-INsensitive, context-sensitive · flow-INsensitive, context-INsensitive

· flow-sensitive, context-sensitive · flow-INsensitive, context-sensitive · flow-INsensitive, context-INsensitive

Recall the program again. #include <stdio.h> #include <string.h> #define S 100 #define N 1000 int main(int argc, char *argv[]) { char out[S]; char buf[N]; char msg[] = "Welcome to the argument echoing program\n"; int len = 0; buf[0] = '\0'; printf(msg); while (argc) { sprintf(out, "argument %d is %s\n", argc-1, argv[argc-1]); argc--; strncat(buf,out,sizeof(buf)-len-1); len = strlen(buf); } printf("%s",buf); return 0; } If we changed printf("%s",buf) to printf(buf) then the program would be vulnerable to what sort of attack? · heap overflow · format string attack · use-after-free attack · all of the above

· format string attack

Three ASCII messages containing English letters and spaces only are encrypted using the one-time pad and the same key. The 10th byte of the first ciphertext is observed to be 0x66, the 10th byte of the second ciphertext is observed to be 0x32, and the 10th byte of the third ciphertext is observed to be 0x23. Let m1 (resp., m2, m3) denote the 10th ASCII character in the first (resp., second, third) message. What is the most you can conclude about m1, m2, and m3? · Exactly one of m1, m2, or m3 is the space character, but nothing else can be determined. · m1 is the space character, m2 is the character 't', and m3 is the character 'e'. · m1 is the character 't', m2 is the space character, and m3 is the character 's'. · Nothing can be determined about m1, m2, or m3 since the one-time pad is perfectly secret.

· m1 is the space character, m2 is the character 't', and m3 is the character 'e'.

Which of the followings can be potential sources for side channel attacks? Check all that apply. · optical side channel · power consumption · system's timing or delay information · acoustic side channel · scan chain output signals · system's output signals · electromagnetic radiation

· optical side channel · power consumption · system's timing or delay information · acoustic side channel · scan chain output signals · system's output signals · electromagnetic radiation

The following program is vulnerable to a buffer overflow (assuming the absence of automated defenses like ASLR, DEP, etc., which we introduce in the next unit). What is the name of the buffer that can be overflowed? #include <stdio.h> #include <string.h> #define S 100 #define N 1000 int main(int argc, char *argv[]) { char out[S]; char buf[N]; char msg[] = "Welcome to the argument echoing program\n"; int len = 0; buf[0] = '\0'; printf(msg); while (argc) { sprintf(out, "argument %d is %s\n", argc-1, argv[argc-1]); argc--; strncat(buf,out,sizeof(buf)-len-1); len = strlen(buf); } printf("%s",buf); return 0; } · out · len · buf · msg

· out

When we use ICID as the tag for a device, which property does this tag have? · reproducible · internal control · functional · passive

· passive

When we use serial number as the tag for a device, which property does this tag have? Check all that apply. · functional · intrinsic · passive · reproducible · unclonable

· passive · reproducible

A good watermark will be difficult or impossible to be removed by any adversary without detailed knowledge about the watermark, this property is known as · resilience · easy detectability · transparency · high credibility

· resilience

Consider the following program. #include <string.h> int foo(void) { char bar[128]; char *baz = &bar[0]; baz[127] = 0; return strlen(baz); } What are possible outcomes from running this function? Check all that apply (note that the outcomes shown are not exhaustive): · crash · returns 0 · returns 128 · returns 127 · returns -1

· returns 0 · returns 127

Suppose a browser submits a GET request to URL http://www.mybank.com/accountinfo on 20 February 2015. Which of the following cookies, if already stored at the browser, would be sent with the request? · lang=us-english; expires=Sat, 1-Aug-2015; path=/accountinfo/; domain=.fidelity.com · editon=us; expires=Thu, 19-Feb-2015; path=/accountinfo/prefs; domain=.mybank.com · edition=us; expires=Wed, 18-Feb-2015; path=/; domain=.mybank.com · sessid=ABCDEFG; expires=Sat, 21-Feb-2015; path=/; domain=.mybank.com

· sessid=ABCDEFG; expires=Sat, 21-Feb-2015; path=/; domain=.mybank.com

Here is the same program as the previous question. What line of code can overflow the vulnerable buffer? #include <stdio.h> #include <string.h> #define S 100 #define N 1000 int main(int argc, char *argv[]) { char out[S]; char buf[N]; char msg[] = "Welcome to the argument echoing program\n"; int len = 0; buf[0] = '\0'; printf(msg); while (argc) { sprintf(out, "argument %d is %s\n", argc-1, argv[argc-1]); argc--; strncat(buf,out,sizeof(buf)-len-1); len = strlen(buf); } printf("%s",buf); return 0; } · sprintf(out, "argument %d is %s\n", argc-1, argv[argc-1]); · printf(msg) · len = strlen(buf); · strncat(buf,out,sizeof(buf)-len-1); · printf("%s",buf);

· sprintf(out, "argument %d is %s\n", argc-1, argv[argc-1]);

Which of the followings are functions of TPM? Check all that apply. · store user passwords, encryption keys and digital certificates · detect virus · generate and store cryptographic keys · generate pseudo-random numbers

· store user passwords, encryption keys and digital certificates · generate and store cryptographic keys · generate pseudo-random numbers

As her Christmas gift, Joyce received a toy doll with a small computer chip embedded. When she presses the tummy of the doll, it says "Hello, Joyce!"; when she presses again, it says "Merry Christmas!"; on the next press, it says "I love you!"; and whenever Joyce presses twice quickly, it says "Good-bye!". Which of the following statements about the doll are correct? Check all that apply. · the chip is a combinational system · the chip is a synchronous system · the chip contains memory elements · the chip can recongize two different inputs

· the chip contains memory elements · the chip can recongize two different inputs

Which of the followings need to be considered when a true random number generator (TRNG) is evaluated? Check all that apply. · the source of entropy for the TRNG · complexity of implementing the TRNG · power efficiency of the TRNG

· the source of entropy for the TRNG · complexity of implementing the TRNG · power efficiency of the TRNG

For the four 2-input logic gates (NAND, NOR, XOR, XNOR), each with x and y as their inputs, which of the following statements about observability don't care (ODC) are true? Check all that apply. (If you forget the definition of these standard logic gates, you can find them in the slide "Example: System Implementation"). · when x=0, y input is ODC for NOR gate · when y=0, x input is ODC for XOR gate · there is no ODC for XNOR gate · when y=0, x input is ODC for NAND gate

· there is no ODC for XNOR gate · when y=0, x input is ODC for NAND gate

A good watermark should not require major modification to the industrial design tools and design software, this property is known as · fairness · low overhead · resilience · transparency

· transparency

IC tags that are based on fabrication variations have the property of ____________ and therefore will be a good candidate to countermeasure foundry overbuilding. · unclonable · intrinsic · reproducible · extrinsic

· unclonable

When does a buffer overflow occur, generally speaking? · when writing to a pointer that has been freed · when copying a buffer from the stack to the heap · when a pointer is used to access memory not allocated to it · when the program notices a buffer has filled up, and so starts to reject requests

· when a pointer is used to access memory not allocated to it

Suppose that x in the following program is symbolic. When the symbolic executor reaches the line that prints "here" what will the path condition be? void bar(int x) { int z; if (x > 5) z = 5; else z = 1; if (z > 3) printf("here\n"); } · x > 5 ? z > 3 · x > 5 · ¬(x > 5) ? z > 3 · z > 3

· x > 5

Suppose that x and y in the following program are symbolic. When the symbolic executor reaches the line that prints "everywhere" what will the path condition be? /* assume x and y are both symbolic */ void foo(int x, int y) { if (x > 5) { if (y > 7) { printf("here\n"); } else { if (x < 20) printf("everywhere\n"); else printf("nowhere\n"); } } } · ¬(y > 7) ? x < 20 · x > 5 ? ¬(y > 7) ? ¬(x < 20) · x > 5 ? ¬(y > 7) ? x < 20 · x > 5 ? y > 7 ? x < 20

· x > 5 ? ¬(y > 7) ? x < 20

Consider the following two functions, S and C, defined on three inputs x, y, z: S(x,y,z)=x⊕y⊕z, C(x,y,z)=x∙y+z∙(x⊕y), where ⊕⊕ is the XOR gate, ++ is the OR gate, and ∙∙ is the AND gate. Which of the following conditions are satisfiability don't cares? Check all that apply. · x=1, y=1, z=0, C=1 · x=1, y=1, z=1, S=1 · x=0, z=0, C=1 · x=0, y=0, z=1, S=0

· x=0, z=0, C=1 · x=0, y=0, z=1, S=0

Consider w=x'yz+xy'+y'z, which of the following conditions is a satisfiability don't cares? · x=0,y=0,z=0,w=0 · x=1,y=0,w=0 · x=1,y=1,w=0 · y=1,z=1,w=1 · none of the above

· x=1,y=0,w=0

Which of the following gate(s) are universal? Check all that apply. hint: A universal gate should be able to implement {AND, OR, NOT} · {AND, OR} · {OR, NOT} · NAND · XOR

· {OR, NOT} · NAND

Which of the following are examples of conventions that improve mental models? • Putting options to create a new file and save a file under a "File" menu in the upper left of the application. • Making all controls for an interface visible. • Providing feedback on user actions. • Using a qwerty keyboard on a new device. • Color coding warnings in red and alerts in yellow.

• Putting options to create a new file and save a file under a "File" menu in the upper left of the application. • Using a qwerty keyboard on a new device. • Color coding warnings in red and alerts in yellow.


Set pelajaran terkait

MAN 3240 Module 12 quiz 12 ch 14

View Set

CCENT 1.2 Compare and Contrast TCP and UDP Protocols

View Set

economics concepts and choices chapter 17

View Set

FPM 3250 Week 8 Reading Notes - Elbow, Radioulnar Joint, and Wrist

View Set

The Thirteen Colonies and The British Empire (1607-1754) Terms & Definitions

View Set

FDMA 2855-Social Media Marketing Tools

View Set