CS419 Exam 2
Spring 2019
Paul Krzyzanowski
April 1, 2019
100 Points - 25 Questions - 4 Points each
For each statement, select the most appropriate answer.
- What is an example of a restriction that application sandboxes can provide but namespaces cannot?
(a) Disallow access to the network.
(b) Access only a specific subtree of the file system.
(c) Open only files with a .docx suffix.
(d) Isolate the process so it does not see other process IDs. - Application sandboxing provides this advantage over DAC and MAC mechanisms:
(a) It allows specific applications to override the restrictions of MAC/DAC permissions.
(b) It enables access permissions to be set on a per-user basis: different users can have different permissions.
(c) It allows the user, rather than an administrator, to manage access permissions.
(d) It enables per-application access restrictions in addition to the existing MAC/DAC mechanisms. - Seccomp-BPF has this functional advantage over system call interposition (as used in Janus, for example):
(a) It allows validation to take place by a separate user process that can be customized as needed.
(b) It can filter network operations in addition to file operations.
(c) It can examine the content of files.
(d) It is not vulnerable to TOCTTOU attacks. - Which sandbox analyzes the code prior to execution?
(a) Chromium Native Client (NaCl).
(b) Janus.
(c) Linux seccomp-BPF.
(d) Apple Sandbox. - What component of the Java sandbox keeps a malicious class from replacing methods in standard classes?
(a) Class loader.
(b) Bytecode verifier.
(c) Security manager.
(d) Java virtual machine. - A spear phishing attack differs from a phishing attack because it:
(a) Tricks victims into sharing sensitive information.
(b) Is personalized to the victim.
(c) Appears to come from a trusted source.
(d) Contains a malicious attachment. - In his seminal paper, Reflections on Trusting Trust, Ken Thompson suggests that:
(a) You should trust a program only after examining its source code to ensure it contains no malware.
(b) Source code examination is not sufficient; you should check the source of the compiler as well.
(c) Compiler source examination is insufficient since malware can be introduced during compilation.
(d) No source code examination is sufficient since malware can always be injected at runtime. - Trojans differ from backdoors because:
(a) They are willingly installed by users.
(b) They don't need to bypass authentication mechanisms.
(c) They are designed to propagate to other systems.
(d) They reside at the kernel level instead of in a user program. - Rootkits are:
(a) Software that enables malware to stay hidden.
(b) Malware that runs with administrative (root) privileges.
(c) Malware that runs within the kernel.
(d) Libraries that enable malware to elevate its privilege level. - An advantage of behavior-based malware detection over signature-based techniques is:
(a) It does not bother alerting the user if malware is installed but not doing anything.
(b) It can detect never-before-seen viruses.
(c) It is more reliable at identifying malicious software.
(d) It is faster at locating malware. - The goal of a malware packer is to:
(a) Encrypt user files for ransom.
(b) Enable malware to be installed within another application already on the system.
(c) Modify the malware each time it propagates.
(d) Avoid having anti-virus software detect the malware. - Perfect secrecy is rarely attained in practice because:
(a) All cryptographic algorithms have inherent weaknesses.
(b) Computer systems have vulnerabilities that can be exploited.
(c) Effective key management and distribution is difficult.
(d) Humans are likely to leak keys. - A stream cipher:
(a) Does not use a keystream generator.
(b) Is not a symmetric cipher.
(c) Does not implement an SP network.
(d) Does not approximate the one-time pad. - In cryptography, confusion refers to:
(a) The inability of an attacker to identify what encryption algorithm was used.
(b) The percentage of bits of ciphertext that will change when a bit of plaintext is changed.
(c) The lack of a relationship between bits of the key and bits of the ciphertext.
(d) Ciphertext that can decode to multiple valid plaintext messages. - Which cipher does NOT have an iterative structure (i.e., multiple rounds)?
(a) RSA.
(b) AES.
(c) Twofish.
(d) DES. - Unlike Cipher Block Chaining (CBC) and Counter (CTR) modes, the Electronic Code Book (ECB) mode:
(a) Makes each encrypted block a function of the previous encrypted block.
(b) Adds a message authentication code to ensure integrity.
(c) Uses a lookup table for high-speed encryption.
(d) Encrypts each block independently of its position in the message. - Trapdoor functions are useful for:
(a) Message authentication codes.
(b) Hash functions.
(c) Keystream generators.
(d) Digital signatures. - Forward secrecy requires:
(a) A unique key per session that is encrypted with a long-term key.
(b) All keys used during the session never to be reused.
(c) A key that is as long as the message being encrypted.
(d) The encrypted message to be dependent on the previous message. - For Bob to send a session key to Alice, he would encrypt it with:
(a) Bob's public key.
(b) Bob's private key.
(c) Alice's public key.
(d) Alice's private key. - The Needham-Schroeder key exchange algorithm avoids replay attacks by:
(a) Using timestamps.
(b) Using nonces.
(c) Using sequence numbers.
(d) Encrypting all data. - Which key exchange technique does NOT rely on a trusted third party?
(a) Needham-Schroeder.
(b) Denning-Sacco.
(c) Diffie-Hellman.
(d) Kerberos. - When Alice receives a ticket from Kerberos, it is encrypted with: (Alice is trying to talk to Bobß)
(a) Bob's secret key.
(b) Alice's secret key.
(c) A shared secret session key.
(d) Kerberos' secret key. - Unlike collision resistance, pre-image resistance means:
(a) You cannot find a new message M' where H(M)=H(M?) for some given M.
(b) You cannot find two messages M1, M2, where H(M1) = H(M2).
(c) You cannot derive M when given its hash, H(M).
(d) M is encrypted before it is hashed: H(E(M)). - A message authentication code (MAC) differs from a hash because:
(a) It is data that is distinct from the message.
(b) It is reversible.
(c) It is a fixed size value.
(d) It requires a key. - If you manage to get Alice's digital certificate, you cannot:
(a) Validate messages that are digitally signed by Alice.
(b) Impersonate Alice.
(c) Create a message that only Alice can read.
(d) Extract Alice's public key.