TU Wien:Introduction to Security VU (Weippl)/Prüfung 2012-11-12 (Midterm Exam)
Jump to navigation Jump to search
- Define at least three goals of computer security. (3 points)
- List and briefly define two uses of a public-key cryptosystem. (2 points)
- What properties must a hash function have? (4 points)
- What is the difference between a block cipher and a stream cipher? (1 point)
- Briefly explain Diffie-Hellman key exchange. (1 point)
- Why is it useful to have host-based firewalls? (1 point)
- What is a honeypot? (1 point)
- Define a denial-of-service attack. (1 point)
- Define a distributed denial-of-service attack. How ist it possible to prevent this kind of attack? (2 points)
- What are the types of buffer overflows? What are the possible consequences of a buffer overflow occurring? (3 points)
- Countermeasures against buffer overflow. (1 point)
- Define a cross-site scripting attack. List an example of such an attack. (2 points)
- Define race condition. State how it can occur when multiple processes access shared memory. (3 points)
- What is the difference between AES and DES? Which one is more secure?
- Define the difference between software quality and reliability and software security.
- Define an injection attack. List some types of injection attacks. What are the general circumstances in which injection attacks are found?
- Define shellcode.
- What is an application-level gateway?
- Define a denial-of-service attack. Why does to source address get spoofed often?
- What types of programming languages are vulnerable to buffer overflows?
- How many keys are required for three people to communicate via a symmetric cipher?
- What are the general approaches to attacking a cryptosystem? (something along those lines)
The rest of the questions in group B were the same.