Sample Final

This is an example of the sort of questions I will ask. The actual final will be longer, of course, and may well have questions about the readings as well as the lectures.
  1. Please define the following terms in one or two sentences.

    1. public key cryptosystem
    2. privacy
    3. overvote
    4. originator-controlled access control

  2. Please circle the best answer, and justify it.

    1. In computer security, a Trojan horse is:

      1. A program that has components distributed over many systems, and is used to launch denial of service attacks
      2. A program that absorbs all available resources of a particular type
      3. A program with an overt, known purpose and a covert, unknown (and probably undesirable) purpose
      4. A program that blocks any incoming spam emails

    2. Which of the following access control models would be most useful to a company selling DVDs containing music and movies, if the goal is to prevent the purchaser from making copies of the DVD’s content and distributing it further?

      1. discretionary access control
      2. mandatory access control
      3. originator-controlled access control
      4. role-based access control

    3. Which of the following is not an approach to intrusion detection?

      1. Signature-based
      2. Cookie-based
      3. Anomaly-based
      4. Specification-based

    4. Which of these is the best definition of the principle of least privilege?

      1. Processes should share as few privileges as possible
      2. A process should have no more than the minimum privileges needed to perform its tasks
      3. A process should have as few privileges as possible
      4. Users should not be able to change their level of privilege to that of a system administrator

  3. A company has offices in San Francisco and London. It needs to send sensitive information between those two offices. It plans to use encryption to protect the information while in transit. Should it use link encryption or end-to-end encryption? Justify your answer.

  4. What is the difference between the anti-malware (anti-virus) detection methods of signature scanning and behavioral analysis?

  5. What is a sandbox? Why does the Android run apps in it?

You can also obtain a PDF version of this. Version of December 5, 2013 at 9:46PM