COMP 424 Test

Ace your homework & exams now with Quizwiz!

Select one which is NOT a security goal or property?

Efficiency

What access control principle does the following sentences describe? "Every access to every object must be checked for authority" It forces a system-wide view of access control, which in addition to normal operation includes initialization, recovery, shutdown, and maintenance. It implies that a foolproof method of identifying the source of every request must be devised. It also requires that proposals to gain performance by remembering the result of an authority check be examined skeptically. If a change in authority occurs, such remembered results must be systematically updated."

Complete Mediation

Select correct statement about Steganography and Cryptography

Cryptography depends on secrecy of a short key but not method

When the system uses 1024 bits of hash output for collision resistance, how long AES key for block cipher do you require to satisfy the Weakest Link Principle?

512 Bits

What access control principle does the following sentences describe? "The access decisions of this principle are based on permission rather than exclusion. Default situation is lack of access. Protection scheme identifies conditions under which access is permitted. A conservative design must be based on arguments why objects should be accessible, rather than why they should not. Examples of this principle is 'whitelisting' instead of blacklisting for anti-virus products and 'Firewall policies' that use default deny"

Fail-Safe Defaults

Diffie Hellman Key exchange protocol is based on the hardness of factoring large numbers

False

Digital Signatures does NOT provide 'non-repudiation'

False

In Linux, when you change the file permissions with chmod 755 a.txt, it modifies the file to -rwxr--r--.

False

In access control model in Linux, usually subjects are passive such as file, directory, and memory set while objects are programs executing on behalf of some principal(s).

False

SQL injection can occur when the attacker transmits unauthorized commands from a user who has logged in to a website, to that website with valid cookie

False

Given a function h: X -> Y, then we say that h is _____ if given y E Y, it is computationally infeasible to find a value x EX such that h(x) = y

Hash Function: Preimage Resistant

What access control principle does the following sentences describe? "Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Primarily, this principle limits the damage that can result from an accident or error. It also reduces the number or potential interactions among privileged programs to the minimum to the minimum for correct operation, so that unintentional, unwanted, or improper uses of privilege are less likely to occur.

Least Privilege

What is the following scheme describing about? This is to authenticate the message (M) using hashing (H). The sender and the receiver share a secret key (k). After sending a pair, { M, Hk ( M ) }, the receiver receives { X, Y } and verifies that Hk ( X ) = Y to accept the message from the sender. To be secure, an adversary should not be able to come up with ( X', Y' ) such that Hk ( X' ) = Y'.

Message Authentication Code (MAC)

Select one that correctly describes about Electronic Code Book (ECB) encryption mode?

Reveals patterns of data when a data block repeats

Select one that correctly describes about the Stream ciphers

Stream cipher is symmetric key cipher

What do the following sentences describe? "Guarded gates from user mode (space land) into kernel mode (space, land). They change processor state from user mode to kernel mode so that CPU can access protected kernel memory"

System Calls

Select one which is NOT required to make the One-Time Pad ubbreakable

The key is chosen from very long texts such as book

Select one that does NOT correctly describe about the Mono-Alphabetic Substitution Cipher

The key space is 26 which is the number of alphabets

Choose the wrong description about UNIX access control

There should be a one-to-many mapping from principals to users

Cross Site Scripting (XSS) would occur when the web applications often take user inputs and use them as part of webpage

True

If the vim.basic program is set as a `setuid program` by a root administrator, the malicious user can ass his/her user id on the sudoers list with NOPASSWD option. As a result, the attacker can be a root by executing sudo su command.

True

The Kasisky test for finding key length in Vigenère cipher is based on the observation that two identical segments of plaintext, will be encrypted to the same ciphertext, if they occur in the text at a distance (delta) such that (delta) is a multiple of m, the key length

True

The basic idea of perfect secrecy is 'Ciphertext should reveal no information about plaintext' represented as "( for all message m, for all ciphertext c, P[PT=m ^ CT=c] = P{PT=m] P[CT=c] where PT is Plain Text, CT is Cipher Text, and P is the Probability".

True

Select one that does NOT correctly describe about the possible prevention methods against SQL injection attacks

Use both cookie and hidden fields to authenticate a web form by checking whether they match in server side


Related study sets

Chapter 21 Globalization and Protectionism

View Set

Texas Life Insurance - Uses/Retirement

View Set

psych 160 final exam/claire lyons

View Set

Life Missouri statutes, rules, and regulations

View Set

How to use the GAP (Grade Adjustment Policy)

View Set

Accident and Health Insurance Basics Test Questions

View Set

Cambridge Academic English Advanced Vocabulary - Unit 1

View Set

organizational behavior chapter 1

View Set

Chapter 15 network pro Practice exam

View Set