Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CS6350 - Information Security > Quiz 1 Material > Flashcards

Quiz 1 Material Flashcards

1
Q

Security mechanisms typically do not involve more than one particular algorithm or protocol? T/F

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The first step in devising security services and mechanisms is to develop a security policy. T/F

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

To exploit any type of buffer overflow the attacker needs to identify a buffer overflow vulnerability in some program that can be triggered using externally sourced data under the attacker’s control. T/F

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Shellcode is not specific to a particular processor architecture T/F

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An attacker can generally determine in advance exactly where the target buffer will be located in the stack frame of the function in which it is defined. T/F

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

It is possible to write a compiler tool to check any C program and identify all possible buffer overflow bugs. T/F

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The OpenSSL heartbleed vulnerability would have been prevented if OpenSSL had been implemented in Java (and the Java runtime env works properly). T/F

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

ASLR (if implemented correctly) can prevent return-to-libc attacks. T/F

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

____ Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

_____ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

A

System Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A loss of _____ is the unauthorized disclosure of information.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy is a(n) _____.

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An assault on system security that derives from an intelligent act that is a deliberate attack to evade security services and violate the security policy of a system is a(n) ____.

A

attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A(n) ____ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause , or by discovering and reporting it so that correct action can be taken.

A

Countermeasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An example of ___ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.

A

Masquerade

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The assurance that data received are exactly as sent by an authorized entity is ____.

A

Data Integrity

17
Q

A consequence of buffer overflow error is ____.

A
  1. Corruption of data used by the program
  2. Unexpected transfer of control in the program.
  3. Possible memory access violation
18
Q

The function of _____ was to transfer control to a user command-line interpreter, which gave access to any program available on the system with the privileges of the attacked program

A

Shell code

19
Q

Forms of buffer overflow attacks

A
  1. Heap overflows
  2. Return to system call
  3. Replacement stack frame
20
Q

A buffer can be located where?

A
  1. In the heap
  2. On the stack
  3. In the data section of the process.
21
Q

Data breaches violate which of the following security requirements?
a. Integrity
b. Availability
C. Confidentiality

A

C. Confidentiality

22
Q

Any attempt to pass data of incompatible type is caught at compile time or generates an error at runtime. Weak or strongly typed?

A

Strongly

23
Q

An array index operation b[k] may be allowed even though k is outside the range of the array. strongly or weakly typed?

A

weakly

24
Q

It is impossible to do “pointer arithmetic” to access arbitrary area of memory. Strongly or weakly?

A

strongly.

25
Q

ASLR

A

Address Space Layout Randomization randomizes stack, heap, libc, etc. This makes it harder for an attacker to locate important addresses

26
Q

Do stack canaries prevent return-to-libc buffer overflow attacks?

A

Yes

27
Q

Does ASLR protect against read-only buffer overflow attacks?

A

No

28
Q

Can the Open SSL heartbleed vulnerability be avoided with a non-executable ttack?

A

No

CS6350 - Information Security (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions