CS 416 Exam 3

Fall 2010

    Part I – 19 Points

  1. 6 points
    How does the functionality of a client stub differ from a server stub in RPC?
  2. 6 points
    How does a callback promise achieve cache coherence in AFS?
  3. 7 points
    What is a nonce and how would Alice use it to authenticate Bob with public key cryptography?
  4. PART II – 81 points – 3 points each

    For each statement, select the most appropriate answer. You may omit one question. Please clearly indicate the question you choose to omit.

  5. Base and limit addressing is most useful in:
    (a) an inverted page table.
    (b) a single partition monoprogramming system.
    (c) a direct mapping paging system.
    (d) a segmentation system.
  6. A virtual circuit is a:
    (a) Connection-oriented protocol.
    (b) Connectionless protocol.
    (c) Circuit-switched service.
    (d) Datagram service.
  7. Which layer manages the communication of data from one application to another?
    (a) Network Layer
    (b) Transport Layer
    (c) Presentation Layer
    (d) Data Layer
  8. Under IP, port numbers are found in this layer of the OSI reference model:
    (a) Data link layer.
    (b) Network layer.
    (c) Physical layer.
    (d) Transport layer.
  9. In the OSI Reference Model, what is the purpose of the Transport layer?
    (a) Conversion of data into a machine-independent representation.
    (b) Routing packets from one machine to another, possibly through routers.
    (c) Providing end-to-end communication services for applications.
    (d) Transferring packets from one machine to another within a physical local area network.
  10. Which is true about the Transport Control Protocol (TCP)?
    (a) It provides datagram (connectionless) service.
    (b) It sends an acknowledgment for each packet received.
    (c) It permits incoming data to arrive out of sequence.
    (d) It was designed for Ethernet networks.
  11. Why was the development of Classless Inter-Domain Routing (CIDR) necessary?
    (a) CIDR expands the size of an IP address from 32 bits to 128 bits, thus increasing the number of assignable addresses.
    (b) Network Address Translation (NAT) proved too ineffective for dealing with the limited number of assignable IP addresses.
    (c) The original method of assigning Class A, B, or C IP address blocks proved too restrictive.
    (d) Network routers needed a mechanism to efficiently manage rapidly growing routing tables.
  12. What is the purpose of the Address Resolution Protocol (ARP)?
    (a) To discover the MAC address that corresponds to a given IP address.
    (b) To discover the IP address that corresponds to a specific service.
    (c) To discover the network on which an ethernet host resides.
    (d) To discover the IP address that corresponds to a given ethernet MAC address.
  13. The IP driver is responsible for all of the following EXCEPT:
    (a) Polling network routers with network service requests.
    (b) Dropping data with bad checksums in the IP header.
    (c) Receiving data from the device driver.
    (d) Routing a packet from one physical network to another.
  14. Which socket system call is not needed for a server process:
    (a) socket
    (b) connect
    (c) accept
    (d) listen
  15. What part of the Linux networking stack contains a common set of functions for low-level network drivers to interface with the higher-level protocol stack?
    (a) Generic Network Interface (sockets layer)
    (b) Network Protocols (proto, proto_ops)
    (c) Abstract Device Interface (net_device)
    (d) Network Device Drivers (dev)
  16. Which component cannot be loaded as modules?
    (a) Network protocol
    (b) Network device driver
    (c) File system
    (d) Abstract device interface
  17. Which statement is FALSE? The socket buffer (sk_buff):
    (a) Avoids the need to copy packet data from one protocol layer to another.
    (b) Is allocated for user data sent on a socket.
    (c) Is allocated for packets received by the network interface
    (d) Is a pool of memory from which sockets are allocated
  18. Differing from previous approaches, the Linux NAPI (New API) packet processing framework:
    (a) Disables network device interrupts after receiving a packet and then relies on polling until there are no more packets to process.
    (b) Enables network device interrupts to ensure that the kernel can respond to new packets immediately.
    (c) Provides a partitioning between the network device driver and protocol processing logic.
    (d) Allows devices to be modular and added or removed dynamically.
  19. An interface definition language is:
    (a) Processed by the RPC precompiler to generate stub functions.
    (b) A machine-independent output language generated by the RPC precompiler.
    (c) Used to implement remote procedures.
    (d) Used by the operating system to provide user processes with an interface to remote procedure calls.
  20. Which file system was designed to be stateless?
    (a) NFS
    (b) CIFS
    (c) AFS
    (d) SMB
  21. Which of the following was not a remote operation in the original versions of NFS?
    (a) READ (read bytes from a remote file)
    (b) SYMLINK (create a symbolic link file)
    (c) REMOVE (remove a remote file)
    (d) CLOSE (close a remote file)
  22. The principle of least privilege means:
    (a) A system should have at least two types of accounts: administrative as well as normal user accounts.
    (b) Do not allow a process to communicate with a process running at a higher privilege level.
    (c) Do not allow a process to create files that could be accessed by anyone with a lower privilege level.
    (d) Never give a user more permissions than he or she needs.
  23. An access control list (ACL) is:
    (a) Associated with an object and identifies access permissions for various domains in the system.
    (b) Associated with a domain and identifies access permissions for various objects in the system.
    (c) A structure that allows one to look up access permissions given a domain and object.
    (d) A list of users that are allowed access onto the system.
  24. Why did earlier versions of Linux, BSD, and Unix not implement ACLs?
    (a) They don't fit in an inode.
    (b) They are redundant with protection mechanisms already in place.
    (c) They opted to use capability lists instead.
    (d) The operating system only supports discretionary access control.
  25. The Bell-LaPadula model is NOT an example of:
    (a) Mandatory access control.
    (b) Multi-level secure access control.
    (c) Discretionary access control.
    (d) Hierarchical sensitivity levels.
  26. Which mechanism cannot be provided by the operating system?
    (a) Address Space Layout Randomization
    (b) Non-executable stacks
    (c) Stack canaries
    (d) All of the above
  27. For Alice to send a secret message to Bob:
    (a) Alice encrypts the message with her private key.
    (b) Alice encrypts the message with her public key.
    (c) Alice encrypts the message with Bob's private key.
    (d) Alice encrypts the message with Bob's public key.
  28. Cryptographic hash functions take an input string S and output a hash value H. Which statement is true?
    (a) It is difficult to compute H for every S.
    (b) Given H and the original hash function, it is feasible to find S.
    (c) Two different values of H may be computed from one value of S and the same hash function.
    (d) It is not feasible to modify S to hash to the same value H.
  29. The Diffie-Hellman algorithm:
    (a) Allows two entities to negotiate a common key.
    (b) Is an example of a public key encryption algorithm.
    (c) Allows all participating entities to securely exchange public keys for direct communication.
    (d) Requires entities to register their private key with a central secure database.
  30. SSL, Secure Sockets Layer, is an example of a:
    (a) Hybrid cryptosystem.
    (b) Public key cryptosystem.
    (c) Symmetric cryptosystem.
    (d) Digital signature algorithm.
  31. A hypervisor is the:
    (a) Software agent that coordinates several separate computers all running a distributed version of a single operating system.
    (b) Layer of software between a computer's operating system and a virtual machine. There is one hypervisor per virtual machine.
    (c) Software that manages the virtual machines running on a single system and intercepts privileged instructions.
    (d) Software that monitors the current state of all operating systems on a virtual machine.
  32. A hosted virtual machine is:
    (a) A virtual machine that is currently running under a hypervisor.
    (b) A virtual machine that does not rely on an operating system for services.
    (c) One where a guest operating system relies on the native operating system for services.
    (d) A virtual machine that is available over a network through a hosting company.