exam

Question 1

What is the definition of computer security and what does it involve?

Answer 1

The protection of a computer system against theft and damage. Involves controlling physical access to hardware, malpractice by users and network access, bad data or code injection.

Question 2

What is confidentiality?

Answer 2

Data is kept private or restricted by ensuring only authorised users can access it. More important when value of data depends on limiting access to it e.g. personal/financial info

Question 3

What is integrity?

Answer 3

Data is kept accurate, authentic and reliable by ensuring only authorised users may modify it. More important when data must be accurate and consistent e.g. financial records

Question 4

What is availability?

Answer 4

Data is available to authorised users when it is needed. More important when data must be seen or sent e.g. medical records

Question 5

What is authentication?

Answer 5

Determining whether someone/something is what it declares itself to be.

Question 6

What is non-repudiation?

Answer 6

Ensuring someone/something cannot deny or contest something (inability to refuse responsibility).

Question 7

What is a: threat, vulnerability, risk?

Answer 7

Threat -> a potential negative action or event that could harm a computer system.
Vulnerability -> a weakness in a computer system that can be exploited by a threat to deliver a successful attack.
Risk -> potential for loss/damage when a threat exploits a vulnerability.
risk = threat x vulnerability

Question 8

Why does computer security matter?

Answer 8

Computer systems are valuable targets.
Computer systems have many security threats.
Cyber crime is growing.
Cyber crime comes with a cost (economic, reputational and regulatory).

Question 9

What are the two key programming paradigms?

Answer 9

Imperative -> describes how. Explicitly specifying step-by-step instructions which change the program’s state. Usually has more lines of code. Provides flexibility but brings in complexity. Structural, procedural, object-oriented.
Declarative -> describes what. Overall control flow; doesn’t specify. Allows more readable code to be written that reflects exactly what we want to see. Less lines, hides complexity and provides simplicity. Functional and logic.
Other paradigms include scripting, event-driven and DB querying.

Question 10

What is an injection (input validation) attack?

Answer 10

An attacker submits malicious input which then gets injected into a genuine query or command that is subsequently processed. Can cause data loss, alterations, denial of service or even full system compromise.

Question 11

What is an SQL injection attack?

Answer 11

Consists of inputting malicious SQL code which is inserted into genuine SQL commands to: read sensitive data from DB, modify DB data, execute admin operations (e.g. shut down DBMS), access sensitive file or issue commands to OS.

Question 12

What is a Cross-Site Scripting (XSS) attack?

Answer 12

Involves injecting malicious scripts into vulnerable web applications which are delivered to user’s systems. Included with dynamic content delivered as markup text to a victim’s browser, taking advantage that browsers can’t distinguish and will execute whatever markup they receive. Can spread malware, deface websites, disrupt social networks, phish for credentials and cause more damaging attacks with the addition of social engineering techniques.

Question 13

What is bounds checking?

Answer 13

a method of detecting whether a variable is within some bounds before it is used. Used for index checks. A failed check usually produces some kind of exception signal.

Question 14

What is a buffer overflow attack?

Answer 14

forces a program to put more data in an array/buffer than it can hold, putting extra data in a memory area past a buffer. This can corrupt/overwrite existing data, crash program or cause execution of malicious code (forcing an out of bounds write can force an out of bounds read).

Question 15

What is a format string attack?

Answer 15

a submitted input string is evaluated as a command by the application to cause some malicious action. Takes advantage of format specifiers referring to the stack and reading the next variable. Variable values, return addresses, parameters user input data or pointer memory addresses can be revealed.

Question 16

What is an integer overflow attack?

Answer 16

integer value forcibly incremented to a value to large to store in the associated representation. Wraps to a very small or negative number. Security critical when result is used to control looping, make a security decision or determine the offset size in behaviours such as memory allocation, copying, concatenation etc.

Question 17

What is input validation?

Answer 17

proper checking or testing of any input supplied by the user or application to ensure it meets permitted input criteria (validation characteristics). Should occur when data is received from an external party, especially if untrusted.

Question 18

What are the two types of input validation?

Answer 18

Whitelisting -> defines allowed input data while any other input data is denied by default.
Blacklisting -> defines unallowed input data while any other input data is allowed by default.

Question 19

What are data fields used for?

Answer 19

validating input data is of the type wanted when implementing web forms. They help prevent users from submitting the wrong type of data in particular input fields.

Question 20

What is a Cross-Site Request Forgery (CSRF) attack? What is a CSRF token?

Answer 20

tricking an authenticated user into sending a malicious request not generated via the user interface. A CSRF token is a random, unguessable string used to validate the origin of the request.

Question 21

What is a session?

Answer 21

a group of user interactions with a web application within a given time frame. Session data is stored as a session cookie in the user’s browser.

Question 22

What is a secret key used for?

Answer 22

used for encryption tasks such as cryptographically signing session cookies and generating a CSRF token.

Question 23

What are validator class instances used for?

Answer 23

checking or validating input data values in a Form class. Can be in-built or custom. Must all return True for form’s input data to be submitted to the web application.

Question 24

What is pattern matching?

Answer 24

a technique to check a requirement of characters in an inputted string needing to follow some specific pattern or sequence.

Question 25

What is a regular expression?

Answer 25

a string of text defining a pattern or sequence ( a search pattern). Regex is used for pattern matching. May include metacharacters, sets or special sequences. When matching, the regex engine pointer steps along a given string and checks each character (order is important).

Question 26

Why might a lookahead be used?

Answer 26

to check for the existence of characters within an inputted string. Can be chained to look for multiple somethings.

Question 27

What is error handling used for?

Answer 27

gracefully handling software errors and helping execution to resume when interrupted.

Question 28

Why is it better to have self-generated error messages than externally-generated (automatic) ones?

Answer 28

Automatically generated error messages can contain sensitive info: private/personal info; system status and environment; network status and configuration; app’s own code or internal state. Having the source code explicitly construct messages prevents information leakage.

Question 29

What are the disadvantages of hardcoding data?

Answer 29

Considered anti-pattern - requires source code to be changed.
Hard to adapt - hardcoding file paths makes adapting to another location difficult.
Hard to internationalise - harcoding of messages make it difficult.
Raises security vulnerabilities.

Question 30

What security concern does source code disclosure raise?

Answer 30

attackers can check for logical flaws or harcoded data to better understand how the application behaves.

Question 31

What are hidden form fields for?

Answer 31

used in web pages to pass information to be sent to the server, along with form data, without the user having to be involved in the process. Can also pass info to scripts e.g. security tokens. Being able to view a hidden field when inspecting source can reveal sensitive values.

Question 32

What is reverse engineering and why is it usually used?

Answer 32

reversal of a program’s machine code back into source code it was written in. Used:
because source code was lost
to study how program performs certain operations
to improve performance of a program
to fix a bug
to identify malicious content
to adapt program for a different microprocessor

Question 33

Why is a .env file used?

Answer 33

used to remove and store sensitive environmental variables separately from the source code e.g. secret keys

Question 34

What are best practices to secure DBs?

Answer 34

have separate web and DB servers
use firewalls
secure DB user access
regularly update OS and patches
audit and continuously monitor DB activity
test DB security
avoid using default network ports
encrypt data and backups

Question 35

What is authentication and an authentication factor?

Answer 35

the process of validating the identity of a registered user before allowing authorised access to protected resources. An authentication factor is a category of evidence that a person has to present to prove their identity: knowledge, possession or inherence. Always comes before authorisation.

Question 36

What is authorisation?

Answer 36

the process of validating the authenticated user has been granted permission to access the requested resources.

Question 37

What is access control?

Answer 37

the general term for restricting access to resources to a certain number of authenticated and authorised users.

Question 38

What is a user not yet logged in referred to as?

Answer 38

An anonymous user. Has no identity.

Question 39

What does logging a user in involve?

Answer 39

turning an anonymous user into an authenticated one. Creates a uniquely identifiable web session so requests can be distinguished from other users. Any requests made will also pass this session ID.

Question 40

What is FlaskLogin for?

Answer 40

a package that handles the common tasks involved with logging in/out and remembering user sessions over extended periods of time. It will:
store identities in respective web sessions
restrict operation users are authorised to do
handle ‘remember me’ functionality
help protect web session data from being stolen

Question 41

What is a LoginManager and its functions?

Answer 41

a program element needed to login and manage authenticated users. Lets application and FlaskLogin package work together. functions:
storing user’s ID in a new web session
getting user instance from DB using their ID
managing multiple web sessions
logging users out - anonymous again
redirecting anon. users to login page

Question 42

What is the name of the function that loads a user instance from a DB?

Answer 42

user_loader
Used by the current_user function.

Question 43

What is UserMixin and the properties it provides?

Answer 43

a class providing the implementation of functions used to give the User model class the properties:
is_authenticated
is_active
is_anonymous
get_id

Question 44

What web application features can support and strengthen use authentication?

Answer 44

Automatically generate secure passwords
Secure password recovery
Change password
Password expiration
Re-authenticate in sensitive areas

Question 45

What is a brute force attack?

Answer 45

an attacker configures predetermined values (username/password combinations), making requests to a server and analysing the response for success or failure.
Dictionary attack - having a subset of all login credentials.

Question 46

What are security mechanisms to prevent against a brute force attack?

Answer 46

Strong password policy
Biometrics
Notification of unrecognised login
Comprehensive login process - CAPTCHA or 2FA
Limiting login attempts

Question 47

What are some secondary authentication factors?

Answer 47

One Time Password (OTP)
Time-based pin
Digital (PKI) certificate

Question 48

What does CAPTCHA stand for and why is image-based more difficult for bots to interpret?

Answer 48

Completely Automated Public Turing test to tell Computers and Humans Apart. Image-base requires image recognition and semantic classification.

Question 49

What is a drawback of locking out accounts after numerous incorrect authentication attempts?

Answer 49

Can be exploited to lock users out of their accounts.

Question 50

What phases are in the authorisation process?

Answer 50

Policy definition -> where accesses are authorised.
Policy enforcement -> where access requests are permitted/denied depending on policy.

Question 51

What is a reference monitor?

Answer 51

takes access requests and current security policy as input. Should be NEAT:
Non-bypassable
Evaluable
Always-invoked
Tamperproof

Question 52

What is the directory user access is restricted to called and what does it contain?

Answer 52

Web document root (or CGI root) directory. Contains files intended for user access and executables necessary to drive functionality.

Question 53

What is a path traversal attack?

Answer 53

changing URL in a HTTP -based interface to allow unauthorised access to files, directories and commands that potentially reside outside the web document root directory. Utilise the abilities of special character sequence.

Question 54

What can be added to a view function to prevent it being accessed by actions of anonymous user?

Answer 54

@login_required decorator

Question 55

What is role-based access control?Advantages/disadvantages?

Answer 55

assigns authorisations to roles given to groups of users. Advantages: improved operational efficiency, enhanced compliance, gives administrators enhanced visibility, reduces costs in terms of resources used, decreased risk of breaches and data leakage.
Disadvantages: role explosion, somewhat rigid, scalability and dynamism, expensive and difficult implementation.

Question 56

What principle does RBAC follow?

Answer 56

Principle of least privilege

Question 57

What is an ACL?

Answer 57

Access Control List. A table listing permissions attached to computing resources. tells OS which users can access an object and which actions they can carry out.

Question 58

What is ABAC?

Answer 58

Attribute Based Access Control. Evaluates a set of rules and policies to manage access rights according to specific attributes such as environmental, system, object or user info. Applies Boolean logic to grant/deny access to users.

Question 59

What is event logging?

Answer 59

every activity is considered a security event and logged to monitor behaviour. data can be moved to central DB fo additional investigations and necessary action.

Question 59

What are the benefits of event logging?

Answer 59

detection of security breaches
event reconstruction to understand how event happened
faster recovery

Question 60

What events might be stored in DB storage?

Answer 60

Date/ time of new user registration/ current login/ previous login.

Question 61

What events might be stored in a log file?

Answer 61

User registrations, successful user logins, invalid user login attempts, user logouts, unauthorised access attempts.

Question 62

What is cryptography?

Answer 62

an essential security technique that scrambles/encodes data. Provides confidentiality, integrity, authentication and non-repudiation.

Question 63

What is an encryption key?

Answer 63

A random string of bits created specifically for encrypting/decrypting data. usually generated with RNGs.

Question 64

Which key(s) should be kept secret in symmetric and asymmetric encryption?

Answer 64

Symmetric key and the asymmetric decryption key should be kept secret.

Question 65

How can you view and decrypt data from a DB without changes being reflected?

Answer 65

Use a transient state instead of persistent state.

Question 66

What is a cryptographic one-way function?

Answer 66

hashing. Same string outputs same hash.

Question 67

How can you protect against a hash being cracked?

Answer 67

use a salt - hashing function will extract salt from stored password hash and use it to hash the submitted plaintext password for comparisons.

Question 68

What is a pseudorandom number?

Answer 68

A number produced using the arithmetic properties of a computer. Not truly random as generation is dependent on its predecessors.

Question 69

Computers are deterministic - what does this mean and why is it prohibitive in security?

Answer 69

given the same input, there is always the same output, making it difficult to get a computer to do something by chance. can predetermine exact behaviour.

Question 70

What is a PRNG?

Answer 70

PseudoRandom Number Generators use mathematical formulae or precalculated tables to produce sequences. Must be given a seed (base value). Efficient but deterministic and periodic.
Used for repeated testing and simulations.

Question 71

What is a TRNG?

Answer 71

True Random Number Generator. extract randomness from physical phenomena and introduce it into the computing platform. Process involves identifying little, unpredictable changes in data. inefficient but non-deterministic and aperiodic. Used for data encryption key generation.

Question 72

What is a CSPRNG and its properties?

Answer 72

Cryptographically Secure PRNG. introduces randomness from high quality sources. Used to generate keys. properties:
Generated number appear random, are unpredictable in advance and cannot be reliably reproduced after generation.

Question 73

What tasks is sniffing usually used for?

Answer 73

Analyse network usage
trouble-shooting network issues
monitoring web session for development and testing purposes.

Question 74

What is a sniffing attack?

Answer 74

tapping into network traffic or routing traffic to a target where it can be captured, analysed and monitored.

Question 75

What are defences against a sniffing attack?

Answer 75

Connect to trusted networks
encrypt data being sent
network scanning and monitoring

Question 76

What is a MITM attack?

Answer 76

Man In The Middle attacks involve an attacker getting in the middle of data transmission in order to eavesdrop or impersonate. Has an interception phase and a decryption phase.

Question 77

What are defences against a MITM attack?

Answer 77

Ensure HTTPS in URL bar
Beware of potential phishing emails
Avoid direct connections to public routers
Install comprehensive internet security solutions
Be sure home WiFi network is secure

Question 78

What is a spoofing attack?

Answer 78

an attacker impersonates another device or user on a network in order to launch an attack against network hosts, steal data, spread malware or bypass access controls.

Question 79

What are defences against a spoofing attack?

Answer 79

packet filtering
Avoid Trust relationships which give users in one domain access to resources in another
use spoofing detection software
use cryptographic network protocols

Question 80

What is a replay attack?

Answer 80

an attacker intercepts and then delays or resends a secure data transmissionto misdirect the receiver into doing what the attacker wants.

Question 81

What are the defences against a replay attack?

Answer 81

random session keys - valid for one transaction only
timestamps - reduces window of opportunity by preventing resending
One Time Password (OTP) - used once and discarded, for each transaction. Ensures even if message is duplicated and resent, encryption key has expired.

Question 82

What is HTTPS for?

Answer 82

Encrypts requests and responses before sending and decrypts them once arrived. Protects against sniffing and MITM attacks. Uses TLS on top of HTTP, providing confidentiality, integrity and authentication.

Question 83

What does a TLS cetificate contain?

Answer 83

Owner of web application’s domain name and the server’s public encryption key.

Question 84

What is a HTTP security header for?

Answer 84

subset of HTTP headers that restrict behaviours permitted by browsers and servers once a web application is running. Can improve resilience against common attacks e.g. XSS

Question 85

What is a CSP security header?

Answer 85

Content Security Policy headers must be defined to allow web applications to embed content from external sources such as:
CSS styling libraries
JavaScript functions
CAPTCHA

Question 86

What are digital signatures for?

Answer 86

guarantee contents of a message haven’t been changed in transit (provides integrity). A hash of the message content is calculated and encrypted using the sender’s private (signing) key before being added to the message. Only the sender’s public key can decrypt it. Digitally signing a document requires a Digital Certificate.

Question 87

What are the different types of digital signatures?

Answer 87

Adobe: certified and approval
Word: visible and invisible