Computer Security - CS 419 - Exam 3

Spring 2017

April 24, 2017 - Paul Krzyzanowski

100 Points - 3 Points each (1 free point)

For each statement, select the most appropriate answer.

  1. A high False Reject Rate (FRR):
    (a) Makes the authentication process less secure.
    (b) Makes the user experience more annoying.
    (c) Indicates that security has been compromised.
    (d) Indicates that the biometric is easy to forge.
  2. An advantage of biometric authentication over keys is that biometric data:
    (a) Is more secure.
    (b) Cannot be stolen.
    (c) Cannot be shared.
    (d) All of the above.
  3. Which is an example of behavioral biometrics?
    (a) Voice.
    (b) Fingerprint.
    (c) Iris.
    (d) Hand geometry.
  4. Google's NOCAPTCHA reCAPTCHA enhances normal CAPTCHA by:
    (a) Asking the user to solve a puzzle.
    (b) Asking the user to recognize specific items in an image.
    (c) Having the user recognize distorted characters.
    (d) Measuring randomness in user actions.
  5. DHCP spoofing does not allow you to:
    (a) Tell a system to use a different DNS server.
    (b) Change the Ethernet MAC address of a system.
    (c) Set the IP address of a computer.
    (d) Redirect Internet-targeted traffic from a computer onto a specific system.
  6. A CAM switch table overflow:
    (a) Forces traffic to be sent to all ports of the switch.
    (b) Causes all traffic to be dropped.
    (c) Results in all traffic to unknown addresses to be dropped.
    (d) Adds latency to frames since the output port needs to be resolved.
  7. A computer can grab network traffic from multiple VLANs by:
    (a) Setting the host's Ethernet card to promiscuous mode.
    (b) Initiating a CAM overflow attack.
    (c) Sending spoofed ARP messages.
    (d) Pretending to be a trunk-connected switch.
  8. ARP cache poisoning can be used to:
    (a) Modify the contents of IP packets.
    (b) Change the IP address associated with a domain name.
    (c) Redirect traffic that is targeted to a specific IP address.
    (d) Redirect all traffic that originates from a specific system.
  9. How are source addresses validated in IP packets?
    (a) They are protected with an encrypted checksum.
    (b) The packet contains a digital signature for the entire header.
    (c) The sender can only use the IP address assigned to it as a source address.
    (d) They aren't.
  10. SYN flooding attacks can be relieved by:
    (a) Using random initial sequence numbers in a TCP handshake.
    (b) Using an initial sequence number that can be derived a second time.
    (c) Validating the source address at the start of a TCP handshake.
    (d) Sending a cookie to the client for authentication.
  11. BGP, the Border Gateway Protocol, can be used maliciously to:
    (a) Assign incorrect IP addresses to hosts on a network.
    (b) Impersonate hosts on the Internet.
    (c) Block data traffic from entering another network.
    (d) Inform routers of better routes.
  12. IPsec's Authentication Header (AH) protocol does not provide:
    (a) Tunneling.
    (b) Packet integrity.
    (c) Payload encryption.
    (d) Authentication.
  13. Tunneling is a form of:
    (a) Source address spoofing.
    (b) Packet encapsulation.
    (c) Message authentication.
    (d) Payload encryption.
  14. TLS, Transport Layer Security, uses:
    (a) Source address authentication.
    (b) Encryption of the TCP header.
    (c) Packet encapsulation.
    (d) Hybrid cryptography.
  15. A screening router will not be able to:
    (a) Accept external TCP packets targeted to an internal SMTP server (port 25).
    (b) Drop all UDP DNS queries from internal hosts that are directed to other internal hosts.
    (c) Drop packets entering from the external network that have an internal source address.
    (d) Drop all incoming UDP packets.
  16. Which systems belong in an organization's DMZ?
    (a) General-purpose user computers.
    (b) Payroll database.
    (c) Web server.
    (d) DHCP server.
  17. A signature-based IDS (Intrusion Detection System) can block:
    (a) A sudden increase in IP traffic to a server in Qu‚bec.
    (b) An improper sequence of SMTP requests.
    (c) Zero-day attacks.
    (d) Attempted root FTP logins.
  18. Snort is primarily:
    (a) A signature-based IDS.
    (b) An anomaly-based IDS.
    (c) A protocol-based IPS.
    (d) An application proxy.
  19. Which URL has the same origin as http://www.poopybrain.com/419/exam?
    (a) http://www.poopybrain.com/news
    (b) https://www.poopybrain.com/419/exam
    (c) http://www.poopybrain.com:8080/419/exam
    (d) http://poopybrain.com/419/exam
  20. JavaScript code on a browser runs with the authority of:
    (a) The ID of the user who is running the browser.
    (b) The URL of the frame in which it was loaded.
    (c) The URL of the outermost frame.
    (d) The URL of the source of the JavaScript.
  21. Cross-Origin Resource Sharing (CORS) allows:
    (a) Browsers to send messages to servers.
    (b) Apps running in browsers on different systems to communicate.
    (c) A web page to load content from multiple places.
    (d) Multiple origins to be treated as one.
  22. A way to keep a browser script from inspecting a cookie associated with the page's URL is to:
    (a) Associate the script with a different origin.
    (b) Mark it Secure.
    (c) Mark it HttpOnly.
    (d) Run the script in a separate frame.
  23. Cross-Site Resource Forgery (XSRF) cannot be prevented by:
    (a) Adding unique state or unique per-request content to a URL.
    (b) Having the server check where the request was referred from.
    (c) Using HTTP POST requests.
    (d) Using secure cookies.
  24. Clickjacking is an attack where:
    (a) The attacker tricks the user into clicking on a link they did not intend to click.
    (b) JavaScript simulates a click operation on a link.
    (c) JavaScript intercepts and logs keystrokes.
    (d) JavaScript disables the ability of a user to click anywhere on a page.
  25. Persistent Cross-Site Scripting (XSS) attacks can be prevented by:
    (a) Using secure cookies.
    (b) Sanitizing all user-entered data.
    (c) Using HTTPS instead of HTTP.
    (d) Using HTTP PUT operations instead of HTTP GET.
  26. Extended Validation (EV) certificates improve over Domain Validated (DV) ones because they:
    (a) Work across multiple related domains.
    (b) Are more secure since they use a 2048-bit key rather than a 1024-bit key.
    (c) Use a more extensive process to validate the owner before issuing the certificate.
    (d) Use a more rigorous authentication process when establishing a TLS connection.
  27. Permission re-delegation is the vulnerability where an app:
    (a) Is granted a default set of permissions without user involvement.
    (b) Inherits a set of permissions from another app.
    (c) Asks the user for permission to access a resource after it has been installed.
    (d) Without a certain permission makes a request for the resource via another app.
  28. Apps in Android are isolated from each other by:
    (a) Using address space layout randomization (ASLR) and stack canaries.
    (b) Having the operating system run only one app at a time in most cases.
    (c) Using the sandboxing capabilities of the Dalvik virtual machine.
    (d) Running each app under a different user ID even through the system has only one user.
  29. A masque attack in iOS is:
    (a) When a malicious app is installed and replaces a legitimate one because it has the same ID.
    (b) When one app tries to access resources from another app without the user noticing.
    (c) An attack where an app covertly installs other apps.
    (d) A network attack that tries to find open ports on a remote system.
  30. ARM TrustZone enables:
    (a) Prevention of buffer overflow attacks.
    (b) The ability to tag a portion of a program as trusted while the rest of it is untrusted.
    (c) Storage of keys in a way that even the operating system kernel cannot access them.
    (d) Two trusted apps to communicate securely.
  31. Digital Video Broadcast (DVB) relies on:
    (a) Pre-configuring each player with a common secret key that can decode encrypted video.
    (b) Broadcasting a key that is encrypted separately for every single subscriber.
    (c) Having a subscriber authenticate with the provider and download a decryption key.
    (d) Encoding a set of keys within the video that is being broadcast.
  32. Chaffing and winnowing is a cryptographic technique where multiple messages are sent:
    (a) But only trusted parties can validate their signatures to determine which ones are legitimate.
    (b) But only trusted parties can decrypt the contents of those messages.
    (c) And some messages contain information about the validity of future messages.
    (d) But only trusted parties know the pattern of which sequences of messages are valid.
  33. Steganography differs from watermarking because:
    (a) Watermarking must be more robust.
    (b) Steganography usually supports one-to-many communication while watermarking is one-to-one.
    (c) Watermarks must be hidden while steganography can be visible.
    (d) Steganography encrypts embedded content while watermarking does not.