TU Wien:Foundations of System and Application Security VU (Lindorfer)/Exam 2026-01-22

Aus VoWi

< TU Wien:Foundations of System and Application Security VU (Lindorfer)

Zur Navigation springen Zur Suche springen

Single Choice Questions[Bearbeiten | Quelltext bearbeiten]

(2P) IoT Protocols[Bearbeiten | Quelltext bearbeiten]

Pluspunkt für eine richtige Antwort:
Punkt für eine falsche Antwort:
Ignoriere die Fragen-Koeffizienten:

	True
	False

	True
	False

	True
	False

	True
	False

(2P) MQTT[Bearbeiten | Quelltext bearbeiten]

(2P) Networks[Bearbeiten | Quelltext bearbeiten]

(2P) TLS[Bearbeiten | Quelltext bearbeiten]

(2P) Malicious Software[Bearbeiten | Quelltext bearbeiten]

(2P) Threat Modelling and CVE IDs[Bearbeiten | Quelltext bearbeiten]

Free-Text Questions[Bearbeiten | Quelltext bearbeiten]

(2 Pts.) The OWASP IoT Top 10 contains I4: Lack of Secure Update Mechanism. Give an example of this vulnerability and describe which protection measures can be used to avoid it[Bearbeiten | Quelltext bearbeiten]

(2 Pts.) List and briefly explain two ways how malicioius actors can monetize infected devices[Bearbeiten | Quelltext bearbeiten]

(2 Pts.) When using the Tor Browser, it typically first fetches the current list of known Tor nodes and then builds a so-called "circuit" - a sequence of three nodes used to access web resources privately. Explain briefly what benefit an attacker would have if the entry node (guard) chooses the circuit instead of the client and how they can use it do de-anonymize a Tor user.[Bearbeiten | Quelltext bearbeiten]

(2 Pts.) In threat modeling, an identified threat can be acceptedd, eliminated, mitigated or transferred. Explain the difference between risk elimination and risk mitigation and include an example for each of the two[Bearbeiten | Quelltext bearbeiten]

Abgerufen von „https://vowi.fsinf.at/index.php?title=TU_Wien:Foundations_of_System_and_Application_Security_VU_(Lindorfer)/Exam_2026-01-22&oldid=203918“