Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

M362 Developing concurrent distributed systems > Unit 10 > Flashcards

Unit 10 Flashcards

1
Q

SAQ 1 - A

Alice alters Bob’s file without permission.

Which type of interference is taking place?

A

Modification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SAQ 1 - A

A hacker deploys software to observe packets travelling on a network.

Which type of interference is taking place?

A

Interception

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SAQ 1 - A

A website receives a flood of requests for a web page, preventing callers from
viewing the site.

Which type of interference is taking place?

A

Interruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SAQ 1 - A

A user receives an email appearing to be from his supervisor, who did not send
the email.

Which type of interference is taking place?

A

Fabrication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Exercise 1

Describe how each of the classes of security threat shown in Figure 1 may apply to
a file on a hard disk.

A

(a) Normal operation – no interference to file access. (Information/operation not
threatened. )

(b) Interruption – an attacker has prevented authorised access to the file.
(c) Interception – an unauthorised party has obtained access to the file.
(d) Modification – an unauthorised party has altered the file.
(c) Fabrication – a fake file has been constructed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Exercise 2 - A

What security services might be at fault in a click-fraud case in which fake clicks
are generated on an online advertisement?

A

Non-repudiation may be at fault if the clicks cannot be associated with particular
parties. It is likely that the clicks cannot be easily traced, because the most
likely form of identification in this case is an IP address, and IP addresses can be
fabricated by a program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Exercise 2 - B

What class of threat is this an example of?

A

The class of threat is fabrication. (Fabrication prevention is a reason for some
websites setting ‘puzzles’ that need to be solved before a certain action can be
carried out – completion of such tasks requires human involvement.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Exercise 3

The Music Store sells instruments and accessories (reeds, strings, sheet music etc.).
Customers have unique account numbers. Some customers pay with cash and some
on credit. Goods that are ordered on credit are sent with an invoice to the customer
and payment is required later. Not all customers have credit accounts, and those that
do have a spending limit. What security issues are involved for The Music Store’s
online purchasing system?

A

The main issues are the following.
- Authentication is needed to establish customer identity.
- Authorisation is needed for credit purchases and for their amount, also to ensure
that callers can only perform functions that they are authorised to execute and
access resources that they are allowed to access.
- There must be a way of proving that a customer made an order (non-repudiation for
buyer and seller).
- Confidentiality of customer information must be maintained.
- The integrity of the order must be maintained; for example, the values on the invoice
data must not change.
- Availability of The Music Store system is important for business!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SAQ 4

Why is public key cryptography called asymmetric and private key cryptography called
symmetric?

A

In public key cryptography there are two different keys, the public key and private key,
one used for encryption and the other for decryption. In private key cryptography there
is one key, the secret key suitable for both encryption and decryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Exercise 9

Give an example of a middle-person attack on public key cryptography.

A

Alice wants to send a message to Bob, using Bob’s public key. Alice is tricked into using
Eve’s (the middle person’s) public key instead. Now Eve is able to impersonate Bob and
read messages intended for Bob. (Bob will not be able to decipher these messages,
even if he receives them.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SAQ 5 - A

What class of cipher might you be likely to use in the following circumstance?

Storing passwords in a local file

A

Hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SAQ 5 - B

What class of cipher might you be likely to use in the following circumstance?

Proving you sent an email

A

Public key and hash (for signing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SAQ 5 - C

What class of cipher might you be likely to use in the following circumstance?

Using a wireless connection on your laptop

A

Stream

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

SAQ 5 - D

What class of cipher might you be likely to use in the following circumstance?

Encrypting files on a file system

A

Block cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SAQ 6

What is a secure channel?

A

A secure channel is a communication channel between a pair of processes that can
authenticate each other and provides confidentiality and integrity services, including
time stamping.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SAQ 7

Give an example of a handshake in SSL.

A

Cipher negotiation and certificate exchange are examples.

M362 Developing concurrent distributed systems (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions