CS419 Exam 1

100 Points - 25 Questions - 4 Points each

For each statement, select the most appropriate answer.

Part 1: Introduction

1. The CIA Triad is:
   (a) A set of security guidelines established by the U.S. Central Intelligence Agency.
   (b) A collection of techniques hackers use to break into systems.
   (c) Three sets of leaked documents and published on WikiLeaks detailing the CIA's hacking tools.
   (d) A model for classifying topics that need to be addressed in computer security.
2. Data confidentiality means that the data:
   (a) Is encrypted.
   (b) Has personally identifiable information removed.
   (c) Cannot be shared without the permission of the owner if it contains personally identifiable information.
   (d) Cannot be accessed by unauthorized parties.
3. A system with a large attack surface:
   (a) Offers many ways in which an attacker could try to enter the environment.
   (b) Has a large number of vulnerabilities.
   (c) Is just as likely to be attacked by trusted insiders as well as external attackers.
   (d) Uses multiple forms of defenses to detect and prevent attacks.
4. Advanced Persistent Threats (APT) are most likely to be:
   (a) Small groups of individuals working alone to avoid detection.
   (b) Malicious insiders.
   (c) Intelligence agencies.
   (d) White hat hackers.
5. An opportunistic attack targets your systems because:
   (a) You are a high-value target.
   (b) Your organization has a malicious insider.
   (c) Attacks from a distance are difficult to trace.
   (d) Your systems may have a vulnerability they are prepared to exploit.
6. A trusted computing base (TCB) refers to:
   (a) All the components of a system that are critical to its security.
   (b) A computer system that is only available to trusted users.
   (c) Carefully-audited application software that does not interact with non-trusted applications.
   (d) Tamper-resistant computing hardware that the software can trust to run correctly.

   Part 2: Access control

7. A capability list defines:
   (a) The operations that various subjects are allowed to perform on an object.
   (b) The system calls that a process can call when it is running with root privileges.
   (c) The operations that a subject is allowed to perform on various objects.
   (d) The full set of system calls that a process is allowed to invoke.
8. Unlike access control lists, POSIX (e.g., UNIX, Linux, FreeBSD) permissions:
   (a) Enumerate a list of users who can access an object.
   (b) Identify a list of objects along with access permissions for those objects.
   (c) Use a fixed amount of space per file to store access permissions.
   (d) Allow an administrator to manage group access to objects.
9. Unlike discretionary access control (DAC), mandatory access control (MAC):
   (a) Requires the kernel to check access rights for an object before opening it.
   (b) Is configured by administrators, not users.
   (c) Organizes users into roles.
   (d) Assigns a confidentiality level to each object.
10. Which access model is most directly implemented with an access matrix to manage read/write access rights?
    (a) Bell LaPadula.
    (b) Lattice.
    (c) Biba.
    (d) Type Enforcement.
11. To which access model would the description, "because you accessed file A, you now cannot access file B" apply?
    (a) Lattice.
    (b) Bell LaPadula.
    (c) Chinese wall model.
    (d) Role-based access control (RBAC).
12. The lattice model:
    (a) Creates permissions that may change dynamically based on what objects you previously accessed.
    (b) Protects data integrity with a no write up rule.
    (c) Is a form of discretionary access control (DAC).
    (d) Enhances multilevel security.

    Part 3: Injection/hijacking

13. A NOP slide is useful if you:
    (a) Are trying to get stack data to overflow onto the heap.
    (b) Are using return-to-libc techniques instead of code injection.
    (c) Want to pad a region of data to prevent the possibility of off-by-one overflows.
    (d) Don't know the precise address of your injected code.
14. Fuzzing enables:
    (a) Discovery of which input caused a buffer overflow.
    (b) Encryption of pointers to protect them from overflows in the heap.
    (c) Relocation of the starting addresses of the stack, heap, and text (code).
    (d) Run-time buffer overflow checks.
15. Return Oriented Programming (ROP):
    (a) Redirects execution to existing code in the program.
    (b) Forces functions to return prematurely.
    (c) Disables buffer overflow checks.
    (d) Injects executable code onto the stack.
16. Stack canaries:
    (a) Detect if a program tries to execute code on the stack.
    (b) Ensure that stack data cannot be written outside the stack frame.
    (c) Prevent a function from returning if data on the stack has been corrupted.
    (d) Prevent buffer overflow in stack-allocated variables.
17. What technique is ineffective in preventing Return Oriented Programming (ROP) attacks?
    (a) Stack canaries.
    (b) Data execution prevention.
    (c) Address space layout randomization.
    (d) All of the above.
18. Format string vulnerabilities arise primarily because:
    (a) User input is used as the format specifier.
    (b) Invalid parameter values are specified.
    (c) More parameters are supplied than the format expects.
    (d) Assumptions are made on the size of the output buffer.
19. SQL injection attacks cannot be avoided by:
    (a) Not using user input as part of a query or command.
    (b) Escaping all special characters in the input.
    (c) Ensuring the input buffer is sufficiently large to hold the entire query.
    (d) Validating the syntax of the input.

    Part 4: Containment

20. FreeBSD Jails enhance chroot by:
    (a) Allowing multiple applications to share the same jail.
    (b) Limiting a jailed application's visible file system to a subtree.
    (c) Restricting the operations allowable to root (admin) within the jail.
    (d) Controlling the system resources (memory, disk) that a jailed process can use.
21. Linux namespaces do not provide the ability to:
    (a) Isolate user IDs.
    (b) Restrict access to system calls.
    (c) Create per-process network stacks.
    (d) Use per-process file system mount points.
22. Linux Seccomp-BPF relies on:
    (a) Using containers to isolate processes.
    (b) Restricting a process' access to only a subtree of the file system space.
    (c) Restrictions on what a process can do when it runs as root.
    (d) Kernel-based restrictions on system calls and file access.
23. The Janus sandbox:
    (a) Uses Linux namespaces for process isolation.
    (b) Provides two levels of sandboxing for greater security: user-level and kernel-level.
    (c) Uses a user-level process to determine if specific system calls should be allowed.
    (d) Validates the operations of a program before it is run to eliminate run-time checks.
24. Linux capabilities:
    (a) Restrict what a program can do even if it runs with root privileges.
    (b) Restrict the system calls a program can call even if it is not running with root privileges.
    (c) Allow parts of the file system to be hidden from an application.
    (d) Place limits on the amount of system resources (disk space, network) that a process can consume.
25. Unlike containers, virtual machines (VMs) can offer applications:
    (a) Separate operating systems.
    (b) Isolated namespaces.
    (c) Simplified packaging of an application and all its dependencies.
    (d) Shared network interfaces.