CS 417 Exam 3

Fall 2006

    Part I - 40 points

  1. 8 points
    How do you validate a digital signature (for example, in signed software) against a message using an X.509 digital certificate?
  2. 8 points
    Both Kerberos and SSL use symmetric cryptography for communication. Contrast the way a recipient gets a session key when using Kerberos versus when using SSL.
  3. 6 points
    What are the three factors of authentication?
    1. _________________________________________________
    2. _________________________________________________
    3. _________________________________________________
  4. 6 points
    The Diffie-Hellman algorithm is not an encryption algorithm. What is it good for?
  5. 6 points
    What is a nonce and how is it used in authentication algorithms?
  6. 6 points
    Why is it advisable for application proxies to run on dual-homed hosts?

    PART II - 60 points - 4 points each

    For each statement, select the most appropriate answer.
  7. The two phases in two-phase locking are:
    (a) Phase 1: request lock; Phase 2: get a lock grant.
    (b) Phase 1: grab a tentative lock; Phase 2: get a lock confirmation.
    (c) Phase 1: get all locks; Phase 2: release all locks.
    (d) Phase 1: revoke all remote locks for the resource; Phase 2: get a lock for the resource.
  8. Which is not a form of concurrency control?
    (a) Two-phase locking.
    (b) Two-version locking.
    (c) Exclusive locks.
    (d) Timestamp ordering.
  9. A write-ahead log is important in a two-phase commit protocol because:
    (a) It allows auditors to examine the transactions.
    (b) It ensures all-or-nothing atomicity.
    (c) It allows a system to recover its state in the protocol if it died.
    (d) It reduces message traffic since all participants can reference the same write-ahead log file.
  10. A pair of mirrored disks is an example of:
    (a) Information redundancy
    (b) Time redundancy.
    (c) Physical redundancy.
    (d) Triple modular redundancy.
  11. TCP/IP achieves fault tolerance through:
    (a) Information redundancy.
    (b) Time redundancy.
    (c) Physical redundancy.
    (d) Triple modular redundancy.
  12. SSL (Secure Sockets Layer) is an example of a:
    (a) Hybrid cryptosystem.
    (b) Two-party system using symmetric cryptography.
    (c) Three-party system using symmetric cryptography and a third-party arbiter.
    (d) A public key system.
  13. In chaffing & winnowing, a recipient has to:
    (a) Sort out good messages from bad ones.
    (b) Identify the relevant parts of a message.
    (c) Use a null cipher to extract the message.
    (d) Employ a transform (such as a discrete cosine transform) on the data to extract the message.
  14. Which system was designed to fend off automated software for web-based registration forms?
    (a) OTP
    (b) CAPTCHA
    (c) IPSEC
    (d) Kerberos
  15. Which of the following is not a technique for penetrating computer systems?
    (a) Dictionary attacks.
    (b) Network address translation.
    (c) Social engineering.
    (d) Buffer overflow.
  16. A system or service that is set up specifically to trap intruders is a:
    (a) demilitarized zone.
    (b) honeypot.
    (c) denial of service attack.
    (d) ping of death.
  17. Stateful inspection in a packet filter will not :
    (a) Keep track of TCP/IP connections.
    (b) Detect buffer overflow attempts.
    (c) Allow port triggering.
    (d) Limit rates of SYN packets.
  18. Which failover is easiest to implement?
    (a) Cold.
    (b) Warm.
    (c) Hot.
    (d) Synchrnous.
  19. Which of the following is a protocol for VPNs?
    (a) PPP
    (b) IPSEC
    (c) IPX
    (d) NetBEUI
  20. A Virtual Machine Manager (VMM):
    (a) Intercepts privileged instructions.
    (b) Manages a collection of multiple machines to create the illusion of a single system.
    (c) Simulates a machine by emulating all opcodes of a virtual machine.
    (d) Emulates one or more operating systems.