TU Wien:Introduction to Security VU (Weippl)/Prüfung 2009-05-28

Prüfungsfragen (Gruppe B) waren:

• What is Social Engineering, give 2 concrete examples.
• What is the most effective defence against Social Engineering.
• Name 2 Methods of guessing passswords in an automated way.
• Name 2 DNS Record types and describe their purpose.
• Describe Ping Sweep and half open TCP scan. What can an attacer find out using these techniques?
• What is a rootkit and how do you detect it.
• How does a block cipher work, name a secure and an insecure block cipher.
• What are the characteristics of asymetric cryptosystems.
• What is the goal of crypthographic hash functions.
• What is the clear text of the following Caesar cipher with key = 8? Cipher: BZIOQKWUQF
• How does 3DES work? Is it secure?
• What are the 4 requirements on digital signatures?
• Name 3 pros of risk analysis.
• What are the 3 different strategies for risk reduction? Describe them.
• What is a buffer overrun? What can an attacker do with it?
• Name 3 techniques that reduce the risk of a buffer overrun in your code.
• What is a hash?
• Name six good practices in secure coding.