TU Wien:Introduction to Security VU (Weippl)/Prüfung 2012-11-12 (Midterm Exam)

From VoWi
Jump to navigation Jump to search

Group A

  • Define at least three goals of computer security. (3 points)
  • List and briefly define two uses of a public-key cryptosystem. (2 points)
  • What properties must a hash function have? (4 points)
  • What is the difference between a block cipher and a stream cipher? (1 point)
  • Briefly explain Diffie-Hellman key exchange. (1 point)
  • Why is it useful to have host-based firewalls? (1 point)
  • What is a honeypot? (1 point)
  • Define a denial-of-service attack. (1 point)
  • Define a distributed denial-of-service attack. How ist it possible to prevent this kind of attack? (2 points)
  • What are the types of buffer overflows? What are the possible consequences of a buffer overflow occurring? (3 points)
  • Countermeasures against buffer overflow. (1 point)
  • Define a cross-site scripting attack. List an example of such an attack. (2 points)
  • Define race condition. State how it can occur when multiple processes access shared memory. (3 points)

Group B

  • What is the difference between AES and DES? Which one is more secure?
  • Define the difference between software quality and reliability and software security.
  • Define an injection attack. List some types of injection attacks. What are the general circumstances in which injection attacks are found?
  • Define shellcode.
  • What is an application-level gateway?
  • Define a denial-of-service attack. Why does to source address get spoofed often?
  • What types of programming languages are vulnerable to buffer overflows?
  • How many keys are required for three people to communicate via a symmetric cipher?
  • What are the general approaches to attacking a cryptosystem? (something along those lines)

The rest of the questions in group B were the same.