2018_2

pdf

School

The University of Hong Kong *

*We aren’t endorsed by this school

Course

IERG4130

Subject

Information Systems

Date

Nov 24, 2024

Type

pdf

Pages

4

Uploaded by MasterFieldZebra17

Report
EARE Not to be taken away #1EH(XO6H) Pagelofb R TREO Copyright Reserved EB P X KE The Chinese University of Hong Kong Z 00— /\BE—JUFE 2R B4 Course Examination 2™ Term, 2018-19 BERERER IERG4130 Introduction to Cyber Security Course Code & THIE : ..oevvviiiiiiiiii e et et et e e i) 2 N 0 o Time allowed : ..... oovviinriniins hours e minutes By R Student LD NO. & i e Seat NO. © oo Notes to All Students: 1. You need to complete all questions (Total Marks = 120). 2. Please write down your answers to the answer book. 3. Please write down your name and student ID on both question paper and answer book. Part I -- Multiple Choices Please select out all answers for each question in order to get full four marks. Any wrong answer will lead to zero mark. Any missing answer will lead to two marks. Multiple-Choice questions not to be provided. P.1-P3
Course Code L E#RSE: [ERG4130 BAH(HKO6H) Paged of 6 Part II True or False For each statement, please first answer whether it is true or false. For False statement, please also explain why it is wrong (For True statement, explanation is not required). Missing explanations will lead to one mark only. Each question carries four marks. True-False questions not to be provided. Part III Short Question and Answers Please answer each question accurately and concisely. 1. Here is a variant of one-time pad encryption algorithm. Let ¢ be cipher text, m be plaintext, k be the encryption key, and co= mo®ko, ¢1= mi®ki, .... cy= my®ka, where ® is XOR operation, ko=ki®ko, ka=ka®ki... kn=ka.1®kn.2, and ko, k1 are generated by a secure random number generator. Is this encryption algorithm secure or insecure? Please explain why if you think it is insecure. [10°]
Course Code Bl B3 IERG4130 WS HE(HAOGHE) PageS of 6 2. Why attackers usually choose the SUID programs as the target to launch attacks like buffer overflow? [57] 3. Why is TCP protocol vulnerable to hijacking attack? Please list your reasons and give one mitigation solution. {3’+3’] 4. Please explain the strengths and weaknesses of the following firewall deployment scenarios in defending servers, desktop machines against network threats. [4’+4’] A) Only a firewall at the network perimeter. B) One firewall on every end-host machine. 5. Suppose Alice had developed a program called Agent that canrun as a privileged system service and provide some interfaces to other external client processes (e.g., another user-space application). With such interfaces, a client processes can request the Agent program to take photos or record audios, even though that client process does not have the permission to access those camera and microphone resources. Will Agent cause any potential security risk? What risk? And how to modify the Agent program to mitigate the potential risk? [5’+5°] 6. Answer following questions about authentication and passwords A) Password is a common but imperfect authentication method. Could you give two examples on how vendors/websites enhance the password authentication process? 4] B) Besides password, fingerprint is another popular authentication method. What are the possible strength and weakness of using fingerprints to authenticate users? (2437
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Course Code R B #R%E: TERG4130 EOHE(HO6EH) Page O of 6 C) Users® passwords should be kept securely in a server database. One common practice is to add a “salt” to the origin password and then do the hash. What is ““salt”? How can it improve authentication security? (2°+3”) 7. ‘What is difference between authentication and authorization? [4”] 8. Please answer following questions related to Cross-Site Scripting (XS8) and cross-site request forgery (CSRF) attacks. A) Bxplain the differences between XSS and CSRF. [4°] B) What is the fundamental reason for a web site being vulnerable to XSS attack? How to defense against it effectively? [2°+4°] 9. Could you give a real world example of applying security principle “Isolation”? Please also explain how the “isolation” principle can improve the system security. [2°+3’] - End -

Related Documents

_wgu_c838_ (22).pdf
C838 (5).pdf
Week 11_Exploration Activity 4 - Network Design_1.docx
CPCCCM2007B theory.docx
11ES2023_11012689.edited.docx
YourFirstName_Assignment_1__2_RIICWD601E.docx_2.pdf
3 - IPMP - Working in Teams _ Project Mandate.pptx
7-1 Discussion Example of a Grant in Criminal Justice.docx
Task 2.6.docx
WGU Course C838 -35.pdf
_wgu_c838_ (25).pdf
_wgu_course_c838___managing_cloud_security_exam-232.pdf