Class Test 2 - e-security (CSN11102/11117) Semester 2, Session

Class Test 2 - e-Security (CSN11102/11117)

Semester 2, Session 2012-13

Outline Requirements

 The test will account for 20% of the module final grade, and is based on the academic content of the course covering Software Security and Network Security.

 It is a closed book test, and normal examination conditions apply.

 There are 30 questions in this paper.

 A correct answer scores +1, an incorrect answer scores –0.2, and a non-answer gets a score of zero.

 The score will be normalised and converted to an indicative grade.

 You can use a calculator in the exam.

 Test time: 40 minutes.

PLEASE ENTER YOUR MATRICULATION NUMBER AND DATE HERE: Matriculation Number: __________________________

Date of Test: ____/____/______

For Staff use only

No. correct

No. incorrect

No. omitted

Class Test 2 - e-Security (CSN11102/11117)

Semester 2, Session 2012-13

1.

Which of the following pairs of statements is true about software

and hardware firewalls?

A. Software: harder to reconfigure; hardware: copes better with large traffic conditions

B. Software: easier to reconfigure; hardware: gives improved failover

C. Software: faster; hardware: gives poorer failover D. Software: faster; hardware: copes better with large

traffic conditions

E. Software: slower; hardware: less expensive

2.

Which of the following pairs of statements gives an advantage

and a disadvantage of using proxies?

A. Advantage: it gives user-oriented logging; Disadvantage: it does not give user-oriented accounting

B. Advantage: it speeds up processing; Disadvantage: it gives a central point of failure

C. Advantage: it gives user-oriented authentication; Disadvantage: it slows down processing

D. Advantage: it has no central point of failure; Disadvantage: it slows down processing E. Advantage: it has no central point of failure;

Disadvantage: it does not give user-oriented accounting

3.

If a host uses a proxy for Web access, what will be the destination

IP address of the data packets that are initially sent to a remote

Web server?

A. The source address of the host B. The source address of the web server C. The source address of the proxy D. The TCP proxy port

E. The TCP local port

4.

Which of the following pairs of statements is true about proxies?

they do not allow logging of data packets B. Private addresses cannot be used for the internal

network; they allow logging of data packets C. Private addresses cannot be used for the internal

network; they allow user-level authentication

D. They allow hosts to be hidden from the outside; private addresses can be used for the internal network

E. They allow user-level authentication; internal nodes can be directly contacted from the outside

5.

Which of the following statements is true for IPSec?

is used for ESP

B. TCP Port 51 is used for AH and UDP Port 50 is the key exchange post

C. UDP Port 500 is the key exchange post and TCP Port 50 is used for ESP

D. UDP Port 500 is the key exchange post and it does not allow either ESP or AH

E. UDP Port 50 is the key exchange post and it allows both ESP or AH

6.

What does Dynamic NAT (with PAT) use to keep track of a

connection?

A. Just the source address B. Just the destination address

C. The source address and the source port

D. The destination address and the destination port

E. The source and destination addresses and the source and destination ports

7.

What advantage does SSH have over TELNET?

B. It is more compatible C. It is more secure D. It is easier to configure E. It supports more connections

8.

Which of the following IP address is not a private address?

B. 10.0.0.1 C. 172.16.1.1 D. 192.168.0.1 E. 10.10.10.1

9.

How would 10.11.12.13 with a subnet mask of 255.255.255.224 be

displayed?

A. 10.11.12.13/31 B. 10.11.12.13/27 C. 10.11.12.13/240 D. 10.11.12.13/16 E. 10.11.12.13/5

10.

Which best describes a stateful packet filter?

B. Filters packets based on layer 3 and 4 with session info C. Acts as a middle man, and examines session info D. Filters packets based on layer 1 and 2

E. Filters packets based on layer 1 and 2 with session info

11.

Which is not an advantage of NAT?

C. Increased range of address

D. Allow easy creation of subnetworks

E. Allows easy access to hosts from outside the network

12.

Which access-list allows traffic from all addresses in the range

192.169.3.0 to 192.169.3.255?

A. access-list 10 permit 192.169.3.0 0.0.0.255 B. access-list 10 deny 192.169.3.0 0.0.0.255 C. access-list 10 permit 192.169.3.0 0.0.255.255 D. access-list 10 deny 192.169.3.0 255.255.255.0 E. access-list 10 permit 192.169.3.0 255.255.255.0

13.

Which ACL will prevent, and log, all traffic from the entire

blacklisted network of 6.6.6.0/24?

A. access-list 34 deny 6.6.6.0 0.0.0.0 log B. access-list 134 deny ip 6.6.6.0 0.0.0.255 log C. access-list 19 deny 6.6.6.0 0.0.0.0 any log D. access-list 10 deny ip 6.6.6.0 0.0.0.255 log E. access-list 67 deny 6.6.6.0 0.0.0.255 log

14.

Why is source based IP Filtering, such as Standard ACLs, not

very reliable?

A. The ACLs need to be placed close to the destination B. The ACLs need to be placed close to the source

15.

Which ACL will allow http traffic to the web server at

155.144.10.5?

A. access-list 137 permit ip any 155.144.10.5 80

B. access-list 199 permit tcp any 155.144.10.5 eq www C. access-list 137 permit tcp any host 155.144.10.5 eq 80 D. access-list 177 permit ip any 155.144.10.5 eq 80

E. access-list 268 permit tcp any host 155.144.10.5 eq http

16.

Which .NET technique overcomes “DLL Hell”?

B. CardSpace

C. Role-based Security D. Global Assembly Cache E. Not using DLLs

17.

Which is not seen to be a component of a secure ASP.NET

applications?

A. Authorization B. Authentication C. Backplane security D. Secure Communications

18.

Which defines what clients are allowed to do and see within

applications?

A. Authentication B. Authorization

C. Secure Communications D. Validation

E. Delegation

19.

For external systems, what should you always assume?

B. That they are always insecure

C. That they are intermittent in their security

D. That some sections are always secure

20.

For ASP.NET layered architecture, which layer provides core

functionality of the system and encapsulation of business logic?

B. Business services C. Data services

D. Encapsulation services

21.

What does .NET use to provide different DLL versions to be

supported?

A. MSIL

B. Global Assembly Cache C. Framework Class Library

D. Common Language Specification

22.

Which file contains the security settings for an ASP.NET Web

service?

A. Web.config B. Assembly.cs C. main.aspx D. Web.xml E. Encyt.xml

23.

Which command line option would generate the encryption

keys for a strong name in a .NET assembly?

A. sn -s B. sn -k C. sn -r D. sn -o E. sn -e

24.

Which is the following is not stored in an assembly?

B. A public key

C. Relationships between assemblies D. A version number

E. The type of operating system used

25.

Which applications require the strongest security?

B. Console applications, and in .NET remoting C. Windows applications, and in .NET remoting D. Web services, and in Console applications

26.

What occurs when a remote user tries to access the Web.config

file on the Web server?

A. It is viewed within the Web browser. B. It is installed on the local machine. C. It locks the file.

D. It displays a message that it is forbidden to access the file.

27.

You are creating an XML Web service named

TimeEntryService for LawyersTK. You need to configure

myWebService to meet these requirements from users of the

law firm:

- Users cannot afford to forget passwords

- Login time is not an issue

- Client must have a trustworthy credential

Which type of authentication should you use?

B. Digest C. Anonymous D. Client Certificate

28.

What is the main advantage of the Global Assembly Cache in

.NET?

A. It stores different versions of DLLs B. It allows hardware compatibility

C. It provides common classes, methods and properties D. It supports different programming languages

E. It stores different versions of application programs

29.

Which refers to the collection of security settings that affect the

security-related behaviour of a process or thread?

A. Authentication B. Authorization

C. Secure Communications D. Validation

E. Security Context

30.

Which method is used with WindowsPrincipal (myPrin) to test

a role?

A. myPrin.IsInRole() B. myPrin.WhereRole() C. myPrin.IsRole() D. myPrin.TestRole()