CS419 Exam 1
Spring 2019
Paul Krzyzanowski
February 25, 2019
100 Points - 25 Questions - 4 Points each
For each statement, select the most appropriate answer.
- Data integrity in a secure system means that:
(a) The source of the data is properly authenticated.
(b) The data is not modified in an unauthorized manner.
(c) The underlying computer system functions correctly, free from interference.
(d) The data is accessible when needed. - Asymmetric force in cyber warfare refers to the fact that:
(a) Well-funded organizations will always have the advantage of having more computing resources.
(b) Vulnerabilities are just as likely to be found in large organizations as well as small ones.
(c) Small organizations can potentially overwhelm huge ones.
(d) Attackers must be prepared for large-scale retaliation from their targets. - A trusted computing base (TCB) is:
(a) A system that is accessible only to authorized users.
(b) The hardware, firmware, and software that are needed for an application to have a secure environment.
(c) Specially-built computer hardware that is designed to be secure and tamperproof.
(d) A set of trusted libraries integrated with a trusted operating system that enable secure applications. - A capability list is:
(a) A set of access rights associated with an object.
(b) A set of access rights associated with a user.
(c) The set of operations that a program is permitted to invoke.
(d) The set of files that a program is allowed to access. - The Principle of Least Privilege states that:
(a) Programs should be permitted to access only the resources they need to perform a task.
(b) Access control rules should be kept as concise as possible to avoid comprehension errors.
(c) All access requests should go to the operating system.
(d) Users should not be able to give away files unless they own them. - A Discretionary Access Control (DAC) model:
(a) Requires administrators to define access rules.
(b) Enables processes to avoid access permission checks.
(c) Enforces privilege separation by having a separate administrator in charge of access permissions.
(d) Allows users to define access rights for objects they own. - The focus of the Bell-LaPadula model is to ensure that a user:
(a) Cannot create content at a higher security level.
(b) Cannot read content from a higher security level.
(c) Cannot read or write content at a different security level.
(d) Can create content at any classification level but can read only from lower levels. - Which security model was designed specifically to keep users from modifying important data?
(a) Biba.
(b) Bell-LaPadula.
(c) Role-based Access Control.
(d) Type Enforcement. - A lattice model for access control:
(a) Provides a MAC model that combines controls for both integrity and confidentiality.
(b) Allows an administrator to define arbitrary access privileges based on categories of users.
(c) Enhances an access control matrix to support objects, subjects, applications, and time of use.
(d) Enhances the Bell-LaPadula model to allow data access only if a level has matching security labels. - Which access control model requires tracking the state of past data accesses?
(a) Bell-LaPadula.
(b) Biba.
(c) Chinese wall.
(d) Lattice. - Buffer overflow attacks are unlikely in Java because:
(a) Java is an interpreted language.
(b) The Java Virtual Machine is register-based rather than stack-based.
(c) Java performs bounds checking on all array operations.
(d) Java's stack grows up rather than down in memory. - Heap overflow cannot:
(a) Write outside the current stack frame.
(b) Modify dynamically allocated structures (e.g., those created via malloc or new).
(c) Occur if address space layout randomization is used.
(d) Overwrite a return address. - Which statement about stack canaries is FALSE?
(a) They cannot detect data modification before a function returns.
(b) They cannot detect changes within a stack frame.
(c) They are useless for detecting heap overflows.
(d) They cannot prevent return-to-libc attacks. - Which statement is FALSE?
(a) ASLR is ineffective on libraries compiled without position independent code.
(b) ASLR can sometimes be circumvented with a NOP slide.
(c) ASLR makes heap overflow attacks ineffective.
(d) ASLR makes return oriented programming extremely difficult. - Data Execute Protection (DEP):
(a) Ensures that buffer overflows cannot modify data on the stack.
(b) Guards against return-oriented programming.
(c) Makes code injection ineffective.
(d) Allows the system to detect modifications to the stack. - Parameterized queries in SQL:
(a) Ensure that the parameters match the required data types.
(b) Keep user input from being part of the query statement.
(c) Avoid buffer overflow attacks.
(d) Minimize security risks by allowing one query to handle multiple parameters. - The %n format directive of the printf function:
(a) Outputs the corresponding parameter as a base ten number, allowing an attacker to examine the stack.
(b) Prints a newline, which can make a single log entry look like multiple log entries.
(c) Stores a value in a memory address identified by a parameter.
(d) Reads user input for the corresponding parameter. - A program is at risk of a TOCTTOU attack if it:
(a) Accepts a user-supplied filename and then opens the file.
(b) Opens a file and then sets its permissions to disallow other users from reading or writing it.
(c) Fails to check the amount of data it reads into an array.
(d) Does not check to make sure that special characters in user-supplied data are properly escaped. - Linux capabilities:
(a) Provide custom name spaces to processes.
(b) Can take away some access permissions that a root user has.
(c) Define resources to which a process has access.
(d) Limit the ability for a process to communicate with other processes. - Which of these enables creating a communication barrier between containers?
(a) Control Groups.
(b) Capabilities.
(c) Chroot jails.
(d) Namespaces. - Containers are said to provide operating system level virtualization. This means that:
(a) Multiple instances of the same operating system can run on one computer.
(b) Groups of processes are segmented from one another but share the same operating system.
(c) An adaptation layer of software allows an application to run on a different operating system.
(d) Multiple different operating systems can be installed and run concurrently on one computer. - The biggest security risk with containers is that:
(a) They can be deployed on arbitrary systems, some of which may not have sufficient protections.
(b) Applications in different containers share the same operating system.
(c) Containers may conflict with Linux's use of namespaces, control groups, and capabilities.
(d) They do not create a reproducible environment, making it difficult to recreate problems. - Container orchestration refers to:
(a) Selecting the appropriate container technology for each application.
(b) Being able to mix containers from different vendors and use them together.
(c) Running multiple containers across multiple computers.
(d) Packaging a set of related services into a single container. - A Type 1 hypervisor:
(a) Supports the installation of an arbitrary number of operating systems as long as they are of the same type.
(b) Uses a single operating system to provide the illusion of multiple operating systems.
(c) Does not need to send requests to a host operating system to handle interactions with the underlying hardware.
(d) Allows applications to run directly on the hypervisor without a need for an operating system. - A side-channel attack:
(a) Compromises an intermediate process, which then attacks the target, hiding the intruder.
(b) Uses information from the behavior of a computer system rather than weaknesses in the algorithm.
(c) Breaks through a container to establish a communication link with a process.
(d) Attacks the underlying operating system, from which it can obtain information about the target process.