Computer System Security MCQ with answers -09

Posted by

The "Answers" given with the Question is "not verified". To view Verified answers click on the button below.

COMPUTER SYSTEM SECURITY MCQ with all answers (100% free pdf download)

Secure architecture principles isolation and leas: Access Control Concepts , Unix and
windows access control summary ,Other issues in access control ,Introduction to browser
isolation .
Web security landscape : Web security definitions goals and threat models , HTTP content
rendering .Browser isolation .Security interface , Cookies frames and frame busting, Major web
server threats ,Cross site request forgery ,Cross site scripting ,Defenses and protections against
XSS, Finding vulnerabilities ,Secure development.

1. A ______ may at any time be idle, or have one or more _______ executing on its behalf.
a. subject, principals
b. principal, subjects
c. subject, objects
d. principal, objects
Answer(b)

2. Which of the following is correct with respect to objects?
a. An object is anything on which a subject can perform operations (mediated by rights)
b. Objects are usually passive
c. Both A and B
d. Only A
Answer(c)

3. Subjects can also be objects with ______ operation(s)
a. Kill
b. Suspend and Resume
c. Resume and Kill
d. Kill, Suspend and Resume
Answer(d)

4. The read bit allows one to show file names in the directory.
a. True
b. False
Answer(a)

5. When a process is created by fork:
a. It inherits three user IDs from its parent process
b. It keeps its three user IDs unless the set-user-ID bit of the file is set, in which case the effective uid and the saved uid are assigned to the user ID of the owner of the file
c. Both A and B
d. None of the above
Answer(d)

6. Which of the following is a way to escape jail as root?
a. Reboot system
b. Send signals to chrooted process
c. Create devices that lets you access raw disk
d. A and C
Answer(d)

7. Chroot jail is ______ partitioning and FreeBSD jail is _______ partitioning
a. Weak, Strong
b. Strong, Weak
c. Weak, Weak
d. Strong,Strong
Answer(a)

8. Which of the following is incorrect with respect to FreeBSD jail?
a. It can only bind to sockets with specified IP address and authorized ports
b. It can communicate with processes inside and outside of jail
c. Root is limited (example: cannot load kernel modules)
d. None of the above
Answer(b)

9. Identify the correct statement for paravirtualization.
a. Paravirtualization is where software is used to simulate hardware for guest operating system to run in.
b. Paravirtualization is where a type-2 hypervisor is used to partially allow access to the hardware and partially to simulate hardware in order to allow you to load full operating system
c. Both A and B
d. Paravirtualization is where the guest operating system runs on the hypervisor, allowing for higher performance and efficiency.
Answer(d)

10. Which of the following is incorrect for System call interposition?
a. It tracks all the system service requests of processes.
b. Each system request can be modified or denied.
c. It is impossible to implement tools to trace, monitor, or virtualize processes.
d. None of the above.
Answer(c)

11. ptrace is a system call found in _____ and several ______like operating systems.
a. Mac
b. Unix
c. Windows
d. None of the above
Answer(b)

12. Which of the following is a computer security utility which limits an application’s access to the system by enforcing access policies for system calls?
a. systrace
b. NetBSD
c. ptrace
d. None of the above
Answer(a)

13. Which of the following uses a call back mechanism in the kernel module to redirect system calls?
a. systrace
b. ptrace
c. ostia
d. NetBSD
Answer(b) ptrace

14. NaCl stands for –
a. Narrow Cluster
b. Native Cluster
c. Narrow Client
d. Native Client
Answer(d) Native Client

15. Which of the following is the best possible name for backdoor virus?
a. stealth
b. Hidden key
c. Rootkit
d. Worm
Answer(c)

16. Binary rootkits and library rootkits are the examples of –
a. Kernel mode rootkits
b. User mode rootkits
c. Firmware rootkits
d. None of the above
Answer:- b

17. Which of the following is not an attack tool?
a. Password cracker
b. Network sniffer
c. Autorooter
d. Rootkit Revealer
Answer:- d

18. Which of the following is incorrect for knark?
a. It hides/unhides files or directories
b. It hides TCP or UDP connections
c. It is a user-mode rootkit
d. None of the above
Answer:- c

19. Which of the following is the best characteristic of anomaly-based IDS?
a. It models the normal usage of network as a noise characterization
b. It doesn’t detect novel attacks
c. Anything distinct from the noise is not assumed to be intrusion activity
d. It detects based on signature
Answer:- a

20. What are drawbacks of signature-based IDS?
a. They are unable to detect novel attacks
b. They suffer from false alarms
c. They have to be programmed again for every new pattern to be detected
d. All of the mentioned
Answer:- d

21. What of the following is a characteristic of Host based IDS?
a. The host operating system logs in the audit information
b. Logs includes logins, file opens and program executions
c. Logs are analysed to detect trails of intrusion
d. All of the mentioned
Answer:- d

22. What are strengths of the host-based IDS?
a. Attack verification
b. System specific activity
c. No additional hardware required
d. All of the mentioned
Answer:-d

23. What of the following best characteristics stack based IDS ?
a. They are integrated closely with the TCP/IP stack and watch packets
b. The host operating system logs in the audit information
c. It is programmed to interpret a certain series of packets
d. It models the normal usage of network as a noise characterization
Answer:- a

24. Which of the following is correct for compartmentalization?
a. Break large monolithic overprivileged software into smaller components.
b. Develop “fault compartments”, that each fail individually
c. The goal is that when one compartment fails, the others can still function
d. All of the above
Answer:- d

25. Which of the following is correct for principle of least privilege?
a. Enforce minimal privileges for intended purpose.
b. Drop privileges when you no longer need them.
c. Both A and B
d. None of the above
Answer:- c