CS419 Exam 3

100 Points - 25 Questions - 4 Points each

For each statement, select the most appropriate answer.

1. The main challenge with application sandboxing by interposing system calls, as Janus does, is:
   (a) Applications bypassing the filter and invoking system calls directly.
   (b) Accurately mirroring the current state of the operating system.
   (c) An inability to define per-app restrictions for specific system calls.
   (a) The sandbox does not know how other mechanisms, like capabilities, are configured.
2. Seccomp-BPF (SECure COMPuting - Berkeley Packet Filter) adds to control groups, capabilities, and namespaces by:
   (a) Allowing certain processes to have access to privileged system calls.
   (b) Enabling specific non-privileged system calls to be disallowed on a per-process basis.
   (c) Giving a group of processes a private set of process IDs and user IDs.
   (d) Filtering all network traffic going into and out of the computer.
3. Malicious firmware in a USB flash drive is most likely to:
   (a) Copy files to the computer without the user being aware.
   (b) Reconfigure the bootloader or system UEFI (or BIOS).
   (c) Inject malware into files copied to the drive.
   (d) Cause the device to masquerade as a keyboard.
4. Which best describes the danger posed by a malicious hypervisor?
   (a) It allows an attacker to bypass authentication and run shell commands directly.
   (b) It can reinstall itself into the operating system whenever the system reboots.
   (c) It modifies critical libraries and commands to escape detection.
   (d) The operating system and all files and applications can remain unmodified, making it hard to detect.
5. One aspect of Trojan Horses that makes it different from other malware is that this malware:
   (a) Searches for vulnerabilities in other systems and propagates without human intervention.
   (b) Deletes files on the computer it infects.
   (c) Is usually installed willingly by the user.
   (d) Exploits vulnerabilities to get elevated privileges.
6. What key lesson can be derived from Ken Thompson's paper, Reflections on Trusting Trust?
   (a) The integrity of a system's compilers can be compromised, leading to a compromised software supply chain.
   (b) Software source code should be audited for it to be considered trustworthy.
   (c) Antivirus software should be used to defend against possible vulnerabilities in applications.
   (d) Regular updates and patches are necessary for maintaining system security.
7. Which statement best differentiates phishing from spear phishing?
   (a) Phishing is a type of malware, whereas spear phishing is a social engineering technique.
   (b) Phishing is typically conducted through email, while spear phishing uses social media.
   (c) Phishing attacks are generic and aim at a wide audience, while spear phishing is highly targeted and customized.
   (d) Spear phishing attacks are less sophisticated and easier to identify than phishing attacks.
8. What is the primary purpose of a malware packer?
   (a) To encrypt the payload to avoid detection by security software.
   (b) To distribute malware to unsuspecting users.
   (c) To integrate multiple types of malware into a single payload for easier distribution.
   (d) To give attackers an interface for configuring malware functions before deploying it.
9. A bootkit differs from a rootkit because a bootkit:
   (a) Is a tool used for the secure loading of operating systems, while a rootkit is malware.
   (b) Exploits vulnerabilities in a program and obtains elevated privileges.
   (c) Hides in the operating system and gives an attacker access to the system.
   (d) Gets control before the operating system loads.
10. What is the purpose of a bot in a botnet?
    (a) To serve ads to track user activity.
    (b) To perform tasks assigned by a command-and-control server.
    (c) To monitor incoming traffic to protect systems from malware.
    (d) To upload virus signatures to a server whenever malware is detected on a system.
11. A CAM overflow attack works by:
    (a) Forcing a switch to direct all traffic to a specific port on the switch.
    (b) Using an unauthorized port to fill up the switch table.
    (c) Getting a switch to forget the stored association between MAC addresses and switch ports.
    (d) Overflowing the switch table, causing the switch firmware to crash and reset.
12. Which of the following is a common security issue associated with both ARP (Address Resolution Protocol) and DHCP (Dynamic Host Configuration Protocol)?
    (a) They rely on mutual authentication between the client and server.
    (b) A malicious client can contact either service without authentication or authorization.
    (c) A DNS rebinding attack can cause clients to identify themselves incorrectly.
    (d) A client has no way of knowing who the authoritative server is for either service.
13. What is the main purpose of using SYN cookies in TCP communication?
    (a) To validate user credentials.
    (b) To speed up the connection establishment.
    (c) To not have to store information from the first connection message.
    (d) To send information about existing authenticated sessions.
14. Which malware mechanism involves altering the DNS settings on a victim's device?
    (a) Email spoofing.
    (b) Adware.
    (c) Credential stuffing.
    (d) Pharming.
15. Which of the following best describes a common attack on the Border Gateway Protocol (BGP)?
    (a) False DNS information is injected into the network.
    (b) Internet traffic is redirected by advertising false route information.
    (c) The network is flooded with excessive traffic to overwhelm it.
    (d) Buffer overflow attacks that cause BGP routers to crash.
16. How does a DNS rebinding exploit affect the same-origin policy?
    (a) It strengthens the same-origin policy by frequently updating DNS records.
    (b) It bypasses the same-origin policy by allowing scripts to access data from different domains without restriction.
    (c) It circumvents the same-origin policy by changing the DNS resolution after the initial page load.
    (d) It disables the same-origin policy entirely, allowing unrestricted cross-site scripting.
17. Transport Layer Security (TLS) differs from Virtual Private Networks (VPNs) because TLS:
    (a) Provides end-to-end encryption only between communicating applications.
    (b) Secures all data flowing between two networks.
    (c) Secures all data flowing between two machines.
    (d) Is designed exclusively for the web and secures HTTP communications.
18. An assumption in a zero-trust architecture is:
    (a) Computers within a local area network can be trusted, but those outside cannot.
    (b) We cannot rely on firewalls to block malicious network traffic.
    (c) Computers offering internet-facing services should be placed in a different subnet than other systems.
    (d) Remote users should use a VPN to connect to a corporate network.
19. Which technology is best suited for deep content inspection, such as examining the contents of an email attachment?
    (a) Screening router.
    (b) Stateful packet inspection firewall.
    (c) Application proxy.
    (d) Transport Layer Security.
20. A key feature of a Distributed Denial of Service (DDoS) reflection attack is:
    (a) Sending messages that result in large responses from the victim.
    (b) Sending requests with a single spoofed source address to a third-party service.
    (c) Overwhelming a system with high volumes of data from multiple sources.
    (d) Exploiting malware to cause a network service to crash on the victim's machine.
21. Which URL shares the same origin as https://www.cs.rutgers.edu/index.html?
    (a) https://www.cs.rutgers.edu/error-page
    (b) http://www.cs.rutgers.edu/index.html
    (c) https://cs.rutgers.edu/index.html
    (d) https://www.cs.rutgers.edu:8080/index.html
22. The web's same-origin policy:
    (a) Does not allow a website to load content from other sites.
    (b) Prevents a web page from running scripts loaded from other websites.
    (c) Prevents scripts on a web page from reading or writing content loaded from other websites.
    (d) Treats all frames within a web page as having the same origin as the main URL of the page.
23. Which of the following best describes a cross-site scripting (XSS) attack?
    (a) An attacker exploits vulnerabilities in web applications to inject malicious scripts into pages viewed by other users.
    (b) An attacker directly infects a website's database with malicious SQL queries.
    (c) An attacker uses email phishing to steal users' login credentials.
    (d) An attacker floods a web server with excessive requests to make it unavailable to users.
24. What is clickjacking in the context of web security?
    (a) A technique where an attacker uses rapid clicks to overload a web server, similar to a DDoS attack.
    (b) A method where users are redirected to malicious websites through hyperlinks that appear legitimate.
    (c) JavaScript that generates lots of fake clicks from a browser for social media likes or increasing website traffic.
    (d) An attack where the victim is tricked into clicking on something different from what the user perceives?.
25. A defense against reflected cross-site scripting is:
    (a) Sanitizing inputs.
    (b) Enforcing the same-origin policy.
    (c) Disabling Cross-Origin Resource Sharing (CORS).
    (d) Using TLS to create encrypted sessions.