Title | A7006E 2014-03-19 - TENTAMEN |
---|---|
Course | Server säkerhetsarkitektur |
Institution | Luleå tekniska Universitet |
Pages | 6 |
File Size | 188.1 KB |
File Type | |
Total Downloads | 5 |
Total Views | 134 |
TENTAMEN...
EXAMINATION Luleå University of Technology
Course: A7006E Course name: Server Security Architecture Date: 2014-03-19 (Wednesday) Time: 09:00 – 14:00 (5 hours) Aid: None
Teacher on duty (complete telephone number): Ali Ismail Awad, +46 (0)920 493414
Teacher on duty (complete telephone number): Bilal Charif, +46 (0)73-705 8501
Teacher on duty (complete telephone number):
Teacher on duty (complete telephone number):
Grade scale:
U/G/VG
Total number of questions and score:
35 questions, total of 100 points
Other information:
General instructions Check that you have received all the tasks/questions. All new answers begin on a separate page. Print, write clearly.
After examination The result of your examination are posted on “ My pages” on the Student web Examination results are posted within 15 workdays after the examination. For the courses with more than 60 students taking the examination the results are posted within 20 workdays after the examination. Uppgifter till tryckeriet för tentor campus Luleå Project number SRT: 341980 Hur många sidor: 5
Hur många ex: 0 Dubbel eller enkelsidigt: Enkelsidigt
Start of the Exam
Part One (Short Answer Questions) 14 questions total, 2.5 points each, total 35 points. 1. In a relational database columns are referred to as _________. 2. _______ is the process of making copies of data at regular intervals allowing the recovery of lost or corrupted data over relatively short time periods of a few hours to some weeks. 3. Security of HMAC depends on the cryptographic strength of the underlying _________. 4. In a discretionary access control environment database users are classified into three broad categories:
administrator, end user other than application owner, and
__________. 5. Guest OSs are managed by a ______, or VMM, that coordinates access between each of the guests and the actual physical hardware resources. 6. Cryptanalysis is a process of _________. 7. The __________ is a human entity that presents requests (queries) to the system. 8. _____ attacks flood the network link to the server with a torrent of malicious packets competing with valid traffic flowing to the server. 9. Trusted computing provides three basic services:
authenticated boot, certification,
and _________. 10. A _______ flood refers to an attack that bombards Web servers with HTTP requests. 11. The best defense against broadcast amplification attacks is to block the use of _______ broadcasts. 12. The three operating system security layers are: physical hardware, operating system kernel, and _________. 13. The final step in the process of initially securing the base operating system is ________. 14. “No read up” is also referred to as the _________ property.
Part Two (Multiple Choice Questions) 18 questions total, 2.5 points each, total 45 points.
15. __________ is when the data in the SDB can be modified so as to produce statistics that cannot be used to infer values for individual records. A. Data perturbation
B. Inference channeling
C. Database access control
D. Output perturbation
16. Which of the following need to be taken into consideration during the system security planning process? A. How users are authenticated B. The categories of users of the system C. What access the system has to information stored on other hosts D. All of the above 17. ______ are resources that should be used as part of the system security planning process. A. Texts B. Online resources C. Specific system hardening guides D. All of the above 18. You need to install a network adapter to a computer so that it can be connected to a network that uses Ethernet cabling. What type of port does the network adapter need to use? A. RJ11
B. RJ45
C. RG-58
D. Fiber optic
19. “An individual (or role) may grant to another individual (or role) access to a document based on the owner’s discretion, constrained by the MAC rules” describes the _________. A. ss-property
B. ds-property
C. *-property
D. cc-property
20. You need to connect to a switch that has a management IP address 192.168.1.1 on a standard, default Class C network using the subnet mask 255.255.255.0. Which of the following is a valid IP address for your network adapter? A. 192.168.0.1
B. 192.168.1.1
C. 192.168.100.1
D. 192.168.1.100
21. For Linux server that will be accessed remotely, ___________ should be removed for enhancing the server security level. A. SMTP Daemons
B. the Internet Daemon (inetd)
C. logging service
D. X window system
22. A(n) __________ is a user who has administrative responsibility for part or all of the database. A. administrator
B. database relations manager
C. application owner
D. end user other than application owner
23. Encryption is computationally secure if: A. Cost of breaking cipher exceeds value of information B. Time required to break cipher exceeds the useful lifetime of the information C. A and B D. Unlimited processing power is needed 24. The design parameters of any block cipher algorithm include: A. Block size B. Key size C. Number of rounds D. All of the above 25. __________provides security level equals to 192 bits with block size equals to 1024 bits. A. SHA-1
B. SHA-256
C. SHA-384
D. SHA-512
26. _________ is assurance that a system deserves to be trusted such that the trust can be guaranteed in some convincing way such as through formal analysis or code review. A. TCB
B. Trustworthiness
C. Trusted computing
D. TPM
27. Using forged source addresses is known as _________. A. source address spoofing
B. a three-way address
C. random dropping
D. directed broadcast
28. In both direct flooding attacks and ______ the use of spoofed source addresses results in response packets being scattered across the Internet and thus detectable. A. SYN spoofing attacks
B. indirect flooding attacks
C. ICMP attacks
D. system address spoofing
29. Cryptography can be classified as block cipher or stream cipher according to_______. A. the type of operation
B. the way to process the plaintext
C. the length of the key
D. the sender and the receiver
30. __________is a practical method for secure key exchange. A. Diffie-Hellman algorithm
B. RSA algorithm
C. Digital Signature Standard
D. Elliptic-Curve Cryptography
31. ___________ use loadable kernel module, and work in the kernel space to intercept any system call . A. Denial-of-Service attacks
B. Buffer overflow attacks
C. Rootkit attack s
D. Abuse of programs run “setuid root”
32. The Windows_______ aims to reduce the number of vulnerabilities in all Microsoft products. A. Mandatory Security Education
B. Final Security Review
C. Security Push
D. Security Development Lifecycle
Part Three (Long Questions) 3 questions total, 20 points (5, 10, 5 points respectively)
33. Explain and draw the AES Substitute Byte operation. (3 pts explanation, 2 pts drawing) 34. Explain in details the RSA Public-Key Encryption, and give a numeric example. (5 pts explanation, 5 pts example) 35. Describe a simple hash function using bitwise XOR. (5 pts)
Best wishes ----------------------------------------------------------------------------------------------------------------End of the Exam...