100 Points - 25 Questions - 4 Points each

For each statement, select the most appropriate answer.

1. In a _Merkle tree_, what is the value stored in a non-leaf node?
   (a) The raw data of a transaction.
   (b) A pointer to the data block.
   (c) A digital signature of the data.
   (d) The hash of the concatenation of its children's hashes.
2. Which of the following best explains why blockchains are considered immutable?
   (a) Each block contains a digital signature.
   (b) All blocks are stored in encrypted form.
   (c) Altering a past block requires recomputing all subsequent block hashes.
   (d) They are synchronized across many computers worldwide.
3. What is typically used to sign a Bitcoin transaction?
   (a) The sender's Bitcoin address.
   (b) A shared secret between sender and receiver.
   (c) The sender's private key.
   (d) A digital certificate issued by a trusted authority.
4. Why is Bitcoin's mining process considered a proof-of-work system?
   (a) A hash with certain properties must be found to propose a valid block.
   (b) Miners must prove that all transactions in a block are valid before adding it to the blockchain.
   (c) Each miner must vote on transactions to reach a consensus.
   (d) A miner must demonstrate that they used a certain amount of computing cycles.
5. Which trend has reduced the effectiveness of traditional CAPTCHAs in recent years?
   (a) Increased use of phones and tablets.
   (b) More efficient hash computation algorithms.
   (c) Wider use of encrypted sessions.
   (d) Advancements in automated machine learning and computer vision.
6. Which usability advantage is provided by noCAPTCHA compared to traditional CAPTCHA systems?
   (a) Many users can pass verification with a single click.
   (b) CAPTCHA responses from the server are encrypted end-to-end.
   (c) Users are presented with two questions instead of one.
   (d) It uses text-based challenges instead of images.
7. How does a capability list differ from an ACL?
   (a) It grants access rights to users based on group membership.
   (b) It is typically used to control access to system-level operations.
   (c) It associates permissions with subjects instead of with objects.
   (d) It allows fine-grained control over object methods.
8. Which of the following scenarios illustrates a weakness of ACL-based access control in large, dynamic systems?
   (a) Users may accidentally create capabilities that cannot be revoked.
   (b) The system must search all ACLs to determine a user's full access rights.
   (c) The kernel must validate all file system operations.
   (d) ACLs can only support three classes of users.
9. Which of the following best describes the concept of privilege separation in software design?
   (a) Denying user processes access to privileged kernel functions.
   (b) Dividing a program into components that run with different access permissions or authority levels.
   (c) Preventing untrusted users from installing or modifying software.
   (d) Managing access control policies in a separate configuration file.
10. Which of the following actions is not permitted under the Bell-LaPadula model?
    (a) A top-secret process writing to a secret-level file.
    (b) A public-level user writing to a secret-level file
    (c) A top-secret user reading a public-level file.
    (d) A confidential-level user writing a confidential-level file.
11. What is the primary security goal of the Biba model, as opposed to the Bell-LaPadula model?
    (a) Ensuring availability of data even under high system load.
    (b) Protecting the confidentiality of classified information.
    (c) Preserving data integrity by preventing modification of high-integrity data by low-integrity sources.
    (d) Limiting users from exceeding resource quotas.
12. Which of the following best describes the goal of multilateral security?
    (a) To enforce hierarchical access controls based on clearance levels.
    (b) To allow data sharing among users within the same classification level.
    (c) To ensure that discretionary controls are applied after mandatory ones.
    (d) To protect data owned by mutually distrustful parties by isolating it through compartments.
13. What is a key challenge in implementing the Chinese Wall security model in practice?
    (a) It requires tracking each user's access history to enforce dynamic access control.
    (b) It lacks a defined mechanism for enforcing access control decisions.
    (c) It requires encrypting all sensitive data with per-client keys.
    (d) It prevents users from accessing any public data once they've viewed confidential information.
14. Which of the following best describes how a heap overflow can lead to exploitable behavior in a vulnerable program?
    (a) Overwriting the return address of the current function.
    (b) Modifying nearby data structures that influence the program's control flow or behavior.
    (c) Causing a segmentation fault by accessing memory beyond the heap allocation.
    (d) Overwriting user data in a different process running on the same system.
15. How does a stack canary help defend against stack-based buffer overflow attacks?
    (a) It randomizes the stack memory layout to make exploits harder.
    (b) It encrypts the return address by XOR-ing it with the canary to prevent it from being overwritten.
    (c) It places a known value before the return address; the program aborts if this value is modified.
    (d) It forces all local variables to be allocated on the heap to avoid stack overflow risks.
16. Which of the following techniques can bypass Data Execution Prevention (DEP)?
    (a) Overwriting a buffer with a NOP slide.
    (b) Exploiting a format string vulnerability.
    (c) Using Return-Oriented Programming (ROP) gadgets.
    (d) Injecting code into the stack.
17. Which of the following attacks is most likely to fail if ASLR is properly enabled?
    (a) A return-to-libc attack that jumps to a function in libc.
    (b) An integer overflow in image parsing code.
    (c) A format string bug that prints out memory addresses.
    (d) A buffer overflow attack that crashes the program with a segmentation fault.
18. In Return-Oriented Programming (ROP), how is a ROP chain typically constructed in a buffer overflow exploit?
    (a) By chaining pointers to unused heap memory blocks.
    (b) By overwriting the stack with addresses of short instruction sequences ending in ret.
    (c) By modifying system registers to gain kernel-level privileges.
    (d) By injecting encrypted code into the .text segment of the binary.
19. An integer overflow in a memory allocation request in C++ can result in:
    (a) A request that allocates much less memory than intended, leading to potential buffer overflow.
    (b) An overly large allocation that causes the program to run out of memory.
    (c) A processor exception that terminates the process immediately.
    (d) The memory allocator switching from heap memory to virtual memory pages.
20. What is the core idea behind an SQL injection attack?
    (a) Trick the system into using cached database results.
    (b) Insert malicious input that changes the structure or logic of a database query.
    (c) Overload the database server with too many requests to make it unresponsive.
    (d) Inject data that causes a buffer overflow and overwrites the return address.
21. What is the main idea behind a path equivalence vulnerability?
    (a) Two files having the same size but different contents.
    (b) Two different-looking file paths that actually resolve to the same file or directory.
    (c) Multiple users having write access to the same file.
    (d) Two different files that have the exact same contents.
22. Which of the following most clearly introduces a TOCTTOU vulnerability in a multi-user environment?
    (a) A backup script opens a file for writing without checking if it already exists.
    (b) A program uses the stat system call to check that a file is smaller than 1 MB, then reopens it for uploading.
    (c) A cron job deletes temporary files that haven't been accessed in over an hour.
    (d) A configuration tool asks the user to confirm settings before writing them to a local config file.
23. Which of the following is true about Linux capabilities?
    (a) They prevent race conditions in setuid programs.
    (b) They require containers to run in kernel mode.
    (c) They let unprivileged users assign elevated privileges to a process.
    (d) They can be used to reduce a process's privileges at runtime.
24. What advantage does a syscall-based sandbox provide beyond Linux's capabilities, control groups, and namespaces?
    (a) It allows a process to safely elevate its privileges during execution.
    (b) It controls access to hardware devices like GPUs and USB controllers.
    (c) It enforces access control using security labels and mandatory access rules.
    (d) It can block specific specific system calls, reducing the attack surface even for unprivileged processes.
25. Which of the following best describes the difference between AppArmor and seccomp-BPF?
    (a) AppArmor enforces access control at the application layer, while seccomp-BPF operates at the kernel layer.
    (b) seccomp-BPF restricts memory allocation, while AppArmor blocks system calls.
    (c) seccomp-BPF operates only on root processes, while AppArmor is for unprivileged ones.
    (d) AppArmor restricts file access based on path names, while seccomp-BPF restricts system calls.