| Question 1 | Multiple Choice | (1 points) | |
| Question: |
If an unauthorized user modifies a file, this is an attack on |
||
|
Confidentiality Integrity Availability Authenticity Civil liberty |
| Question 2 | Fill in the Blank | (1 points) | |
| Question: |
A piece of code that reproduces and spreads by attaching itself to other programs is called a _________________. |
||
| Question 3 | Fill in the Blank | (1 points) | |
| Question: |
A program that offers some attractive value but contains a hidden
malicious side effect, such as changing a user's file permissions, is called
a _________. (use all lowercase letters) |
||
| Question 4 | Fill in the Blank | (1 points) | |
| Question: |
A program that uses network connections to reproduce is called a _________. (use all lowercase letters) |
||
| Question 5 | Fill in the Blank | (1 points) | |
| Question: |
A secret mechanism for bypassing system security, like a way of logging
into a system without providing a valid password, is called a __________________. |
||
| Question 6 | Fill in the Blank | (1 points) | |
| Question: |
A piece of code hidden in an otherwise legitimate program, that is
set to perform a malicious act when certain conditions are met, such as deleting
files if a given employee has been fired, is called a _____________. |
||
| Question 7 | Multiple Choice | (1 points) | |
| Question: |
In a multilevel security system, the phrase "no read up" means |
||
|
a subject cannot read an object that it does not own a subject cannot read an object of less or equal security level a subject can only read an object of less or equal security level a subject can only read an object that it has not read before a subject must read objects in order |
| Question 8 | Multiple Choice | (1 points) | |
| Question: |
In a multilevel security system, the "no write down" policy means that |
||
|
a subject cannot write down any information that it is not authorized to a subject can only write to objects of security level greater than or equal to that of the subject a subject can only write to each object once all write operations must follow a given order a subject can only write to objects of less or equal security level |
| Question 9 | Multiple Choice | (1 points) | |
| Question: |
The Unix file permission bits are most accurately classified as which of the following protection mechanisms? |
||
|
access matrix access control list capability ticket one-way encryption password protection |
| Question 10 | Multiple Choice | (1 points) | |
| Question: |
A Unix open file descriptor (with the corresponding open file description,
to which it refers) would be most accurately classified as which of the following
protection mechanisms? |
||
|
access matrix access control list capability ticket one-way encryption password protection |
| Question 11 | Multiple Choice | (1 points) | |
| Question: |
The mechanism used by Unix to protect user passwords is most accurately classified as which of the following? |
||
|
access matrix access control list capability ticket one-way encryption password protection |
| Question 12 | Multiple Choice | (1 points) | |
| Question: |
The "stack crashing" technique penetrates system security by |
||
|
decrypting the content of the user's stack causing the system to crash, by corrupting the runtime stack guessing a user's password modifying a saved subprogram return address penetrating the network protocol stack |
| Question 13 | Multiple Choice | (1 points) | |
| Question: |
Dynamically linked shared libraries provide an avenue for a _________ attack. |
||
|
trojan horse man-in-the-middle denial of service replay macro virus |