CS 417 Exam 3
Fall 2007
- 7 points
What is a nonce and how can Alice authenticate Bob using a nonce? Use public key cryptography; assume that everyone has everyone's public keys. - 6 points
Alice wants to talk to Bob using Kerberos. How does Alice give Bob a session key securely? - 6 points
How does steganography differ from cryptography? - 8 points
When you set up an environment with a DMZ, identify which classes of machines belong in the following networks (put an X in the appropriate boxes):type of machine Directly on Internet DMZ network Internal network Application proxies Servers with no associated application proxies Servers with associated application proxies Generic user machines - 9 points
There is, no doubt, something that you have studied and is not on this exam. Come up with a question that you feel would be appropriate for this exam and answer it.
Question:
Answer: - Differing from simple resource locking, two-phase locking:
(a) allows two processes to negotiate for a lock.
(b) ensures reliable locking by having all members acknowledge the lock request.
(c) uses a write-ahead log.
(d) ensures that the effect of serial execution is preserved. - In contrast to two-phase locking, strict two-phase locking:
(a) has a well-defined growing phase and a shrinking phase.
(b) sends a lock request to all cohorts and does not proceed until it gets all responses.
(c) relies on a centralized lock manager.
(d) avoids cascading aborts by having a resource hold all locks until the end. - TCP/IP deals with fault tolerance through:
(a) information redundancy.
(b) physical redundancy.
(c) triple modular redundancy.
(d) time redundancy. - To handle the fail-silent failure of one component in a k component system, you need:
(a) k - 1 components.
(b) (k + 1) 2 components.
(c) k2 components.
(d) k+1 components. - SSL (Secure Sockets Layer) achieves authentication using a technique in common with:
(a) Password authentication.
(b) Skey authentication.
(c) SecurID tokens.
(d) SKID2/SKID3. - Alice wants to talk with Bob and uses Kerberos authentication. The sealed envelope she gets is:
(a) encrypted with Bob's secret key.
(b) encrypted with Alice's secret key.
(c) encrypted with the session key.
(d) encrypted with Bob's public key. - An X.509 digital certificate contains:
(a) a user's public key encrypted with the certification authority's private key.
(b) a user's unencrypted public key signed with the certification authority's private key.
(c) a user's unencrypted public key and private key encrypted with the certification authority's private key.
(d) a user's private key encrypted with the certification authority's public key. - CAPTCHA is used to:
(a) normalize a user's biometric to facilitate pattern matching.
(b) authenticate a user and establish a session key.
(c) authenticate a specific user.
(d) identify a user as a human being. - Relying on an intruder's inability to validate a digital signature is the basis of:
(a) CAPTCHA.
(b) a null cipher.
(c) chaffing and winnowing.
(d) digital certificates. - A stateful packet inspecting firewall is needed to guard against:
(a) someone trying to connect to the web server port on your mail server system.
(b) SYN flooding attacks within your network.
(c) incorrect HTTP requests that are attempts to compromise your web server.
(d) packets from the outside that are masqueraded to appear as if they're from local machines. - The main idea behind IP tunneling is:
(a) rewriting source and destination addresses in an IP header.
(b) encrypting the data of an IP packet.
(c) encapsulating IP packets within other IP packets.
(d) redirecting IP traffic to a different port number. - An application restart from a checkpointed state is known as a:
(a) cold failover.
(b) warm failover.
(c) hot failover.
(d) cascading failover. - Load balancing is not useful for:
(a) planned outage management.
(b) application failover.
(c) fault tolerance.
(d) increased performance. - A ROC plot for a biometric device helps you:
(a) assess the accuracy of using the biometric for authentication.
(b) identify the trade-off of robustness versus distinctiveness.
(c) identify the trade-off of time versus pattern matching performance.
(d) see how many iterations of signal processing are needed to achieve a good match. - A rootkit is:
(a) designed to hide files or modify the behavior of an operating system.
(b) a comprehensive set of hacker tools to allow one to try to get access to a system.
(c) a program that exploits a bug in the operating system or in an application that gives you administrative access (root) on a system.
(d) software that detects malicious software on your system. - A hypervisor does not:
(a) receive system interrupts.
(b) translate system calls from user programs to ones that make sense on the host operating system.
(c) control access to the memory management unit.
(d) intercept privileged instructions.
Part I – 36 Points
PART II – 64 points – 4 points each
For each statement, select the most appropriate answer.