TU Wien:Introduction to Security VU (Weippl)/Prüfung 2009-05-28

From VoWi
Jump to navigation Jump to search

Prüfungsfragen (Gruppe B) waren:

  • What is Social Engineering, give 2 concrete examples.
  • What is the most effective defence against Social Engineering.
  • Name 2 Methods of guessing passswords in an automated way.
  • Name 2 DNS Record types and describe their purpose.
  • Describe Ping Sweep and half open TCP scan. What can an attacer find out using these techniques?
  • What is a rootkit and how do you detect it.
  • How does a block cipher work, name a secure and an insecure block cipher.
  • What are the characteristics of asymetric cryptosystems.
  • What is the goal of crypthographic hash functions.
  • What is the clear text of the following Caesar cipher with key = 8? Cipher: BZIOQKWUQF
  • How does 3DES work? Is it secure?
  • What are the 4 requirements on digital signatures?
  • Name 3 pros of risk analysis.
  • What are the 3 different strategies for risk reduction? Describe them.
  • What is a buffer overrun? What can an attacker do with it?
  • Name 3 techniques that reduce the risk of a buffer overrun in your code.
  • What is a hash?
  • Name six good practices in secure coding.