This is an example of the sort of questions I will ask. The actual final will be longer, of course, and may well have questions about the readings as well as the lectures.
Please define the following terms in one or two sentences.
public key cryptosystem
privacy
overvote
originator-controlled access control
Please circle the best answer, and justify it.
In computer security, a Trojan horse is:
A program that has components distributed over many systems,
and is used to launch denial of service attacks
A program that absorbs all available resources of a particular type
A program with an overt, known purpose and a covert, unknown
(and probably undesirable) purpose
A program that blocks any incoming spam emails
Which of the following access control models would be most useful
to a company selling DVDs containing music and movies, if the goal is to
prevent the purchaser from making copies of the DVD’s content and distributing
it further?
discretionary access control
mandatory access control
originator-controlled access control
role-based access control
Which of the following is not an approach to intrusion detection?
Signature-based
Cookie-based
Anomaly-based
Specification-based
Which of these is the best definition of the principle of least privilege?
Processes should share as few privileges as possible
A process should have no more than the minimum privileges needed to perform its tasks
A process should have as few privileges as possible
Users should not be able to change their level of privilege to that of a system administrator
A company has offices in San Francisco and London. It needs to send sensitive information between those two offices. It plans to use encryption to protect the information while in transit.
Should it use link encryption or end-to-end encryption? Justify your answer.
What is the difference between the anti-malware (anti-virus) detection methods of signature scanning and behavioral analysis?
What is a sandbox? Why does the Android run apps in it?