4.2 KiB
4.2 KiB
| 1 | What is penetration testing? | A procedure for testing libraries or other program components for vulnerabilities | Whole-system testing for security flaws and bugs | A security-minded form of unit testing that applies early in the development process | All of the above | B |
|---|---|---|---|---|---|---|
| 2 | Suppose a user has an iPhone (running iOS) and downloads an app called Innocent from the Apple App Store and installs it. The user unlocks the phone and runs Innocent. Innocent exploits a bug in the iOS kernel which allows Innocent to redirect execution inside the kernel to code that Innocent controls. Now Innocent can execute any instructions it likes inside the iOS kernel. Innocent is not able to exploit any bugs in the phone’s secure enclave. Can Innocent read the user’s private information stored in the phone’s flash (e.g. Contacts and messages), or will the security measures described in the paper keep the data private? If Innocent is only able to see encrypted data, then the phone has successfully kept the data private. Circle the security features of the phone (if any) that will prevent Innocent from reading information from the flash on the phone. | Secure boot chain | System software authorization | The secure enclave’s ephemeral key | None of the above | D |
| 3 | Why is it that anti-virus scanners would not have found an exploitation of Heartbleed? | It's a vacuous question: Heartbleed only reads outside a buffer, so there is no possible exploit | Anti-virus scanners tend to look for viruses and other malicious | Heartbleed attacks the anti-virus scanner itself | Anti-virus scanners tend to look for viruses and other malicious code, but Heartbleed exploits steal secrets without injecting any code | D |
| 4 | Suppose we define h(H, m) = E(m, H)h(H,m)=E(m,H). Then the resulting h(\cdot,\cdot)h(⋅,⋅) is not collision resistant: to build a collision (H,m)(H,m) and (H’,m’)(H’,m’) choose random (H,m,m’)(H,m,m’) and construct H’H’ as follows: | H’=D(m’, E(m,H)) | H’=E(m’,D(m,H)) | H’=E(m’,E(m,H)) | H’=D(m’,D(m,H)) | A |
| 5 | Which of the following does authentication aim to accomplish? | Restrict what operations/data the user can access | Determine if the user is an attacker | Flag the user if he/she misbehaves | Determine who the user is | D |
| 6 | Assume that a TLS connection has been established successfully between a client and a server. Establishing the session included checking the server certificate and executing a DiffieHelmann exchange, but the client did not provide a client certificate. Further, assume that the client and server are honest, that the client and server don’t leak their keys, and that the cryptography is good. Which of the following attacks does TLS protect against? 1. An attacker stealing the server’s private key and reading the plaintext of recorded past connections. 2. An attacker breaking into a certificate authority and creating a fake certificate for the server. | True, True | False, False | True, False | False, True | C |
| 7 | Can we build a secure PRP from a secure PRG? | No, it cannot be done | Yes, just plug the GGM PRF into the Luby-Rackoff theorem | It depends on the underlying PRG | Option text | B |
| 8 | A hash function guarantees the integrity of a message. It guarantees that the message has not be | Replaced | Overview | Changed | Violated | C |
| 9 | Statement 1| U2F is a stronger second factor than sending an SMS code to a user’s smartphone. Statement 2| An attacker that knows a user’s password can easily guess the U2F key to access the user’s account. | True, True | False, False | True, False | False, True | C |
| 10 | The openSSL implementation described in “Remote Timing Attacks are Practical” (by Brumley and Boneh) uses the following performance optimizations: Chinese Remainder (CR), Montgomery Representation (MR), Karatsuba Multiplication (KM), and Repeated squaring and Sliding windows (RS). Which of the following options would close the timing channel attack described in the paper if you turned the listed optimizations off? 1. CR, MR, KM, and RS. 2. RS | True, True | False, False | True, False | False, True | C |
| 11 | ___________ is a process of wireless traffic analysis that may be helpful for forensic investigations or during troubleshooting any wireless issue. | Wireless Traffic Sniffing | WiFi Traffic Sniffing | Wireless Traffic Checking | Wireless Transmission Sniffing | A |