TU Wien:Internet Security VU (Weippl)/Prüfung 2016-06-23

Aus VoWi
Zur Navigation springen Zur Suche springen

Prüfung 2016-06-23


18 questions, 75 points, 70min

1. Name and shortly describe 3"methods of attacking"

2. TCP SYN Flooding attack

3. File System Maze

4. "Windows vulnerabilities" (EDIT: ich denke hier ist vermutlich "Window of vulnerability" gemeint, da sonst dementsprechend nichts in den Folien vorkommt)

5. Same-origin policy, how it's protecting user.

6. Is it good idea to use for logged in users HTTP instead of HTTPs when downloading pictures, in some web app. Describe why!

7. DNS and root-servers

8. SMTP Address spoofing



Fuzz testing

9*. Explain Fuzz and how it is working.

9. Fuzz for model protocol

10. Header, Length, Data, Crc, Footer with Byte size was given, on which part will you use fuzz and on which additional part we should pay attention.

11. Regression tests


12. Something with Buffer Overflow and DEP

13. Shell Code – Addressing

14. CBC Bit Flipping Attack with illustration

15. Postel's Law

16. Something about IMSI Catchers, i think..

17. PC vs. Embedded System. Why are Embedded System more challenging?

18. Code snippet was given, boolean method that checks pass char by char (or something like that), describe how would you exploit Side Channel Attack.


Questions are not 1:1, and order may vary.

Abgerufen von „https://vowi.fsinf.at/index.php?title=TU_Wien:Internet_Security_VU_(Weippl)/Prüfung_2016-06-23&oldid=93021