Question 1

Logging is a proactive mechanism to prevent
attacks.
True
False

Question 2

Address Space Randomization is yet another compile time technique to thwart buffer overflow attacks.
True
False

Question 3

The access control model of Linux is primarily a
Mandatory Access Control model.
True
False

Question 4

In Linux, the purpose of the sticky bit is to allow only owner of a file or owner of the directory in which the file is located and super user from deleting or renaming the file.
True
False

Question 5

The GC C compiler StackGuard and Microsoft Visual C++ compiler switch /GS mechanisms are defense against a buffer overflow attack.
Question 5 options:
True
False

Question 6

An insufficiently validated environment variable is a source for untrusted data to enter a program and can be exploited by an attacker.
Question 6 options:
True
False

Question 7

One reason for increased security risk in hosted virtualization systems is due to an additional layer in hypervisor in these systems.
True
False

Question 8

Windows (since 2000) have earned Common Criteria EAL4.
True
False

Question 9

(Input) Fuzzing is a technique used both by hackers and testers to discover vulnerabilities in a system.
True
False

Question 10

From a security perspective, not installing a
service or application is preferable to installing it and then disabling it.
True
False

Question 11

Routine backup does not thwart an attack but
facilitates recovering from it.
True
False

Question 12

The principle of least privilege is a good
security concept in that it minimizes privilege escalation by attackers.
True
False

Question 13

Rootkit attacks are annoyance and not
particularly dangerous because they are stealthy.
True
False

Question 14

The JAVA programming language is extremely vulnerable to buffer overflows.
True
False

Question 15

Paige Howard's token look like this on her Windows system:

User: SomeCorporationPaigeHoward

Groups: Everyone; Authenticated Users; Developers

That is, she belongs to three groups: Everyone, Authenticated Users and Developers.

Her program attempts to open a file that is not owned by for RWX (Read, Write, Execute) access, and the file has the following ACL:
Administrators: Full Control; Authenticated Users: RW; Developers: RWD
Paige (Paige's program) be allowed to access the file. T F

True
False

Question 16

A __________ is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met.
Logic Bomb
Trojan horse
Worm
Trapdoor

Question 17

A ______ is a structure where data are usually saved on the stack.
guard page
stack frame
heap
NOP sled

Question 18

An essential component of many buffer overflow attacks is the transfer of execution to code, known as _______, supplied by the attacker and often saved in the buffer being overflowed.
Question 18 options:
NOP code
stack code
heap code
shellcode

Question 19

What is the most effective defense against cross-site scripting attack?
Limiting account privileges
Input validation
Encryption
User authentication

Question 20

__________ applications is a control that limits the programs that can execute on the system to just those in an explicit list.
Virtualizing
White listing
Logging
Patching

Question 21

The range of logging data acquired should be determined _______.
during security testing
as a final step
after monitoring average data flow volume
during the system planning stage

Question 22
1. Describe the similarities and differences between a virus, a Trojan horse, and a worm.
2. Explain controls or steps one can take to mitigate their threat.
(Note: This question will be graded by the professor.)