Class Test 2 - e-security (CSN11102/11117) Semester 2, Session

Transcription

1 Class Test 2 - e-security (CSN11102/11117) Semester 2, Session Outline Requirements The test will account for 20% of the module final grade, and is based on the academic content of the course covering Software Security and Network Security. It is a closed book test, and normal examination conditions apply. There are 30 questions in this paper. A correct answer scores +1, an incorrect answer scores 0.2, and a non-answer gets a score of zero. The score will be normalised and converted to an indicative grade. You can use a calculator in the exam. Test time: 40 minutes. PLEASE ENTER YOUR MATRICULATION NUMBER AND DATE HERE: Matriculation Number: Date of Test: / / For Staff use only No. correct No. incorrect No. omitted Final Mark ( /30) Final %age %

2 Class Test 2 - e-security (CSN11102/11117) Semester 2, Session Which of the following pairs of statements is true about software and hardware firewalls? A. Software: harder to reconfigure; hardware: copes better with large traffic conditions B. Software: easier to reconfigure; hardware: gives improved failover C. Software: faster; hardware: gives poorer failover D. Software: faster; hardware: copes better with large traffic conditions E. Software: slower; hardware: less expensive 2. Which of the following pairs of statements gives an advantage and a disadvantage of using proxies? A. Advantage: it gives user-oriented logging; Disadvantage: it does not give user-oriented accounting B. Advantage: it speeds up processing; Disadvantage: it gives a central point of failure C. Advantage: it gives user-oriented authentication; Disadvantage: it slows down processing D. Advantage: it has no central point of failure; Disadvantage: it slows down processing E. Advantage: it has no central point of failure; Disadvantage: it does not give user-oriented accounting 3. If a host uses a proxy for Web access, what will be the destination IP address of the data packets that are initially sent to a remote Web server? A. The source address of the host B. The source address of the web server C. The source address of the proxy D. The TCP proxy port E. The TCP local port

3 4. Which of the following pairs of statements is true about proxies? A. Private addresses can be used for the internal network; they do not allow logging of data packets B. Private addresses cannot be used for the internal network; they allow logging of data packets C. Private addresses cannot be used for the internal network; they allow user-level authentication D. They allow hosts to be hidden from the outside; private addresses can be used for the internal network E. They allow user-level authentication; internal nodes can be directly contacted from the outside 5. Which of the following statements is true for IPSec? A. UDP Port 50 is the key exchange post and TCP Port 500 is used for ESP B. TCP Port 51 is used for AH and UDP Port 50 is the key exchange post C. UDP Port 500 is the key exchange post and TCP Port 50 is used for ESP D. UDP Port 500 is the key exchange post and it does not allow either ESP or AH E. UDP Port 50 is the key exchange post and it allows both ESP or AH 6. What does Dynamic NAT (with PAT) use to keep track of a connection? A. Just the source address B. Just the destination address C. The source address and the source port D. The destination address and the destination port E. The source and destination addresses and the source and destination ports

4 7. What advantage does SSH have over TELNET? A. It is faster B. It is more compatible C. It is more secure D. It is easier to configure E. It supports more connections 8. Which of the following IP address is not a private address? A B C D E How would with a subnet mask of be displayed? A /31 B /27 C /240 D /16 E /5 10. Which best describes a stateful packet filter? A. Filters packets based on layer 3 and 4 B. Filters packets based on layer 3 and 4 with session info C. Acts as a middle man, and examines session info D. Filters packets based on layer 1 and 2 E. Filters packets based on layer 1 and 2 with session info

5 11. Which is not an advantage of NAT? A. Hides the network addresses of the network B. Bars direct contact with a host C. Increased range of address D. Allow easy creation of subnetworks E. Allows easy access to hosts from outside the network 12. Which access-list allows traffic from all addresses in the range to ? A. access-list 10 permit B. access-list 10 deny C. access-list 10 permit D. access-list 10 deny E. access-list 10 permit Which ACL will prevent, and log, all traffic from the entire blacklisted network of /24? A. access-list 34 deny log B. access-list 134 deny ip log C. access-list 19 deny any log D. access-list 10 deny ip log E. access-list 67 deny log 14. Why is source based IP Filtering, such as Standard ACLs, not very reliable? A. The ACLs need to be placed close to the destination B. The ACLs need to be placed close to the source C. Source IP Addresses are not easily spoofed D. Source IP Addresses are easily spoofed E. They filter only at Layer 4

6 15. Which ACL will allow http traffic to the web server at ? A. access-list 137 permit ip any B. access-list 199 permit tcp any eq www C. access-list 137 permit tcp any host eq 80 D. access-list 177 permit ip any eq 80 E. access-list 268 permit tcp any host eq http 16. Which.NET technique overcomes DLL Hell? A. Web.config B. CardSpace C. Role-based Security D. Global Assembly Cache E. Not using DLLs 17. Which is not seen to be a component of a secure ASP.NET applications? A. Authorization B. Authentication C. Backplane security D. Secure Communications 18. Which defines what clients are allowed to do and see within applications? A. Authentication B. Authorization C. Secure Communications D. Validation E. Delegation

7 19. For external systems, what should you always assume? A. That they are always secure B. That they are always insecure C. That they are intermittent in their security D. That some sections are always secure 20. For ASP.NET layered architecture, which layer provides core functionality of the system and encapsulation of business logic? A. User services B. Business services C. Data services D. Encapsulation services 21. What does.net use to provide different DLL versions to be supported? A. MSIL B. Global Assembly Cache C. Framework Class Library D. Common Language Specification 22. Which file contains the security settings for an ASP.NET Web service? A. Web.config B. Assembly.cs C. main.aspx D. Web.xml E. Encyt.xml

8 23. Which command line option would generate the encryption keys for a strong name in a.net assembly? A. sn -s B. sn -k C. sn -r D. sn -o E. sn -e 24. Which is the following is not stored in an assembly? A. Assembly name B. A public key C. Relationships between assemblies D. A version number E. The type of operating system used 25. Which applications require the strongest security? A. Web services, and in.net remoting B. Console applications, and in.net remoting C. Windows applications, and in.net remoting D. Web services, and in Console applications 26. What occurs when a remote user tries to access the Web.config file on the Web server? A. It is viewed within the Web browser. B. It is installed on the local machine. C. It locks the file. D. It displays a message that it is forbidden to access the file.

9 27. You are creating an XML Web service named TimeEntryService for LawyersTK. You need to configure mywebservice to meet these requirements from users of the law firm: - Users cannot afford to forget passwords - Login time is not an issue - Client must have a trustworthy credential Which type of authentication should you use? A. Basic B. Digest C. Anonymous D. Client Certificate 28. What is the main advantage of the Global Assembly Cache in.net? A. It stores different versions of DLLs B. It allows hardware compatibility C. It provides common classes, methods and properties D. It supports different programming languages E. It stores different versions of application programs 29. Which refers to the collection of security settings that affect the security-related behaviour of a process or thread? A. Authentication B. Authorization C. Secure Communications D. Validation E. Security Context

10 30. Which method is used with WindowsPrincipal (myprin) to test a role? A. myprin.isinrole() B. myprin.whererole() C. myprin.isrole() D. myprin.testrole()