SI110 Spring AY2014 6-Week Exam
Introduction to Cyber Security, Technical Foundations
Individual work. Closed book. Closed notes. No electronic devices.
Your answers must be legible to receive credit.
Name:_______________________
Alpha:_______________ Section: ______________
ASCII Table
DEC
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
HEX
20
21
22
23
24
25
26
27
28
29
2A
2B
2C
2D
2E
2F
Sym.
!
"
#
$
%
&
'
(
)
*
+
,
.
/
Hex Digit
DEC
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
0
HEX
30
31
32
33
34
35
36
37
38
39
3A
3B
3C
3D
3E
3F
Sym.
0
1
2
3
4
5
6
7
8
9
:
;
<
=
>
?
1
2
DEC
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
3
HEX
40
41
42
43
44
45
46
47
48
49
4A
4B
4C
4D
4E
4F
4
Sym.
@
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
5
DEC
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
6
HEX
50
51
52
53
54
55
56
57
58
59
5A
5B
5C
5D
5E
5F
7
8
Sym.
P
Q
R
S
T
U
V
W
X
Y
Z
[
\
]
^
_
9
DEC
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
a
HEX
60
61
62
63
64
65
66
67
68
69
6A
6B
6C
6D
6E
6F
b
Sym.
`
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
c
DEC
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
HEX
70
71
72
73
74
75
76
77
78
79
7A
7B
7C
7D
7E
7F
d
e
Sym.
p
q
r
s
t
u
v
w
x
y
z
{
|
}
~
f
4-bit Pattern 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
File Type
png
jpg
bmp
avi
mpg
wav
xls
mp3
pdf
zip
52 49
41 56
52 49
57 41
D0 CF
Header (Hex)
89 50 4E 47
FF D8 FF E0
42 4D
46 46 XX XX XX
49 20 4C 49 53
00 00 01 BX
46 46 XX XX XX
56 45 66 6D 74
11 E0 A1 B1 1A
FF FX
25 50 44 46
50 4B 03 04
XX
54
XX
20
E1
Header (ASCII)
.PNG
ÿØÿà
BM
RIFF....
AVI LIST
....
RIFF....
WAVEfmt
DÏ.ࡱ.á
ÿ.
%PDF
PK..
IA Information Assurance
************************
01. (IA1) Match each of the five pillars of Information Assurance with its description:
_____ Confidentiality
A. The ability to correlate, with high certainty, a recorded
action with its originating individual or entity.
_____ Integrity
B. Timely, reliable access to data and information services by
authorized users.
_____ Availability
C. The ability to verify the identity of an individual or entity.
_____ Non-repudiation
D. Protection of information, systems, and services from
unauthorized modification or destruction.
_____ Authentication
E. Protection of information from disclosure to unauthorized
individuals, systems, or entities.
02. (IA2) Suppose MIDN 3/c Badguy went into Nimitz Library and used a WiFi sniffing tool to
eavesdrop on MIDN 2/c Tuffguy’s private conversations on IRC chat. Which pillar of IA has been
compromised?
a.
b.
c.
d.
e.
Confidentiality
Integrity
Availability
Non-repudiation
Authentication
03. (IA2) MIDN 3/c Badguy later logs into a USNA computer using MIDN 2/c Tuffguy’s password, which
he had lifted from the earlier chat conversation. Which of the five pillar(s) of IA was violated by
this new action?
a.
b.
c.
d.
e.
Confidentiality
Integrity
Availability
Non-repudiation
Authentication
04. (IA2) Later, MIDN 3/c Badguy accesses all of MIDN 2/c Tuffguy's important data in his shared
folders. Instead of reading the data, though, he encrypts (scrambles) it, so he can later blackmail
MIDN Tuffguy for the key (the data itself is not modified, but MIDN Tuffguy can't access it). Which
additional pillar of IA does MIDN 3/c Badguy's encryption violate?
a.
b.
c.
d.
e.
Confidentiality
Integrity
Availability
Nonrepudiation
Authentication
DD Digital Data
***************
05. (DD1)
a.
b.
c.
d.
e.
Many modern CPUs use a 64-bit architecture. How many bytes are in 64 bits of data?
1
2
4
8
16
06. (DD2) What is the hex representation of the binary bit pattern 01011101?
07. (DD2) What positive integer (in decimal) does the binary bit pattern 01010011 represent?
08. (DD1,2) What is the sequence of decimal byte values that yield the ASCII string "USNA"?
09. (DD3) The program Frhed displays bytes by interpreting them how?
a.
b.
c.
d.
binary
hexadecimal
decimal
octal
The first four bytes of a file named stuff are:
bits: |10001001 01110000 01001110 01000111|
hex: |
89
50
4e
47
|
decimal: | 137
80
78
71
|
10. (DD4) What filename extension would be most appropriate for the file stuff?
a.
b.
c.
d.
.jpg
.docx
.mp3
.png
11. (DD4) How does the Windows operating system determine what application should open a file, when
you double-click the file?
a.
b.
c.
d.
e.
at random
the file browser program explorer.exe is used for everything
the four-byte file header
the file extension
the filesystem path
12. (DD4) T / F
When opening a file, you can trick the Windows operating system into using a
different program (i.e., interpreting the bytes in a different way) by simply changing (renaming)
the file's extension before opening the file.
AR Architecture
***************
13. (AR2,3) The decode and execute cycles take place inside which computer component?
a.
b.
c.
d.
CPU
RAM (memory)
HDD (disk drive)
peripherals
14. (AR2) Before an executable program is launched, it resides where?
a.
b.
c.
d.
CPU
RAM (memory)
HDD (disk drive)
peripherals
15. (AR3) Match each of the following CPU actions with its description:
_____ Fetch
A. determine what action the instruction specifies
_____ Decode
B. complete the action encoded in the instruction
_____ Execute
C. Retrieve the next instruction from memory as a block of bytes
OS Operating Systems
********************
16. (OS1) The operating system is designed to serve which of the following purposes?
a.
b.
c.
d.
e.
File system management
User account control
Process management
Access control
All of the above
Refer to the following diagram for the next two questions:
C:\
SI110Programs\
docs\
aes.bat
GPL.txt
Windows\
Users\
ssh.exe
mxxxxxx\
Downloads\
hello.txt
myyyyyy\
Desktop
selfie.jpg
Desktop\
hw.pdf
Public\
Downloads\
System32\
Drivers\
hello.txt
cat.jpg
17. (OS4) Write the FULL path name of the file hw.pdf.
18. (OS3) Suppose your current directory is C:\Users\myyyyyy\Desktop. From that directory, which of
these is the relative path to Midshipman mxxxxxx’s Downloads directory?
a.
b.
c.
d.
C:\Users\mxxxxxx\Downloads
..\Downloads
..\..\Downloads
..\..\mxxxxxx\Downloads
19. (OS6) User mxxxxxx issues the command below in a non-Administrator command shell.
should she expect to see?
> type C:\Users\myyyyyy\Downloads\hello.txt
a.
b.
c.
d.
The
The
The
The
contents of user myyyyyy’s hello.txt file
contents of user mxxxxxx’s hello.txt file
error message: “Command not found”
error message: “Access denied”
What output
20. (OS2) Which of these is NOT one of the ways that Operating System services are normally
accessed?
a.
b.
c.
d.
21.
(OS2) Which of these allows both programs and users to access Operating System services?
a.
b.
c.
d.
22.
GUI
API
Command Shell
RAM
GUI
API
Command Shell
RAM
(OS5) An instance of a Program that is executing and in memory is a
_____________________.
23. (OS4) For each of the following shell commands:
- Circle the command name
- Underline all command arguments
- Draw a Rectangle around all command options
move sample1.txt sample2.txt
ls -l /home/m179999/Desktop/si110
cp -R -v example/
/home/example1
24. (OS8) Complete the following table of Windows and Unix Shell commands by writing the
equivalent command for the other Operating System:
Windows
Unix
dir
_________
_________
cd ..
move
_________
_________
rmdir
type
_________
PG Programs
***********
25. (PG1) Suppose the following Javascript statement is executed, and the user enters '7' and then
presses the OK button:
var x = prompt("What time is it?");
Now which of the following expressions evaluates to 'true'?
a.
b.
c.
d.
e.
typeof(x)
typeof(x)
typeof(x)
x != "7"
prompt ==
== Number
== "Number"
== "string"
7
The following Javascript program eats cookies, one handful at a time.
var jar = 10;
var handful = prompt("How many cookies at a time?");
while (jar > handful)
{
jar = jar - handful;
alert("I ate " + handful + " cookies.");
}
26. (PG2) What happens if this program is executed and the user enters '4' and presses the OK
button?
a.
b.
c.
d.
e.
A single popup says
A single popup says
Two popups both say
Two popups both say
A popup says "I ate
"I ate 10 cookies"
"I ate 4 cookies"
"I ate 10 cookies"
"I ate 4 cookies"
6 cookies" and then another popup says "I ate 2 cookies".
27. (PG3) What would happen if a user entered a negative number like '-2' and pressed the OK
button?
a. The Javascript console will show an error message.
b. The popup will say "I ate NaN cookies."
c. The program will keep making popup windows forever.
d. The program will never enter the 'while' loop because the condition is false.
e. The condition of the 'while' loop will always be false because the type of 'handful' is a
string.
The following Javascript program checks for a valid password. However, it has some security issues:
var authorized = false;
var password = "sI1l0rULEz!";
var guess = eval(prompt("What is the password?"));
var mismatch = 0;
var i = 0;
while (i < 5)
{
if (guess[i] != password[i])
{
mismatch = mismatch + 1;
}
i = i + 1;
}
if (mismatch == 0)
{
alert("You're in!");
authorized = true;
}
else
{
alert("Sorry, incorrect " + password);
}
28. (PG4) Which line does NOT represent a potential vulnerability (i.e., something that could help
an attacker determine the password)?
a.
b.
c.
d.
var password = "sI1l0rULEz!";
var guess = eval(prompt("What is the password?"));
alert("You're in!");
alert("Sorry, incorrect " + password);
HW HTML/Web
***********
29. (HW3) Draw how the browser renders the following html file, quotes.html.
Note: for links, please underline:
<html>
<head>
</head>
<body>
<i>Favorite Movie Line:</i><br> "You've got to ask yourself <u>one</u> question:
'Do I feel lucky?' <br> Well, <b>do</b> ya, punk?"
<p>-Clint Eastwood, <a href = “http://www.topmovies.com”>Dirty Harry</a></p>
</body>
</html>
30. (HW4) If you are midshipman mxxxxxx, and quotes.html is on your laptop, what steps would you
follow to make quotes.html a part of your web site, so it will render in a browser with the URL
http://rona.academy.usna.edu/~mxxxxxx/quotes.html ?
a. Use WinSCP to transfer the file(s) (and any subfolders) to your www directory on
rona.academy.usna.edu
b. Do step a. (above) and then change the file and folder permissions so that the web server
can access the files
c. Email quotes.html to your friends and tell them to open the file
d. Just tell your friends to go to http://rona.academy.usna.edu/~mxxxxxx/quotes.html
e. Save quotes.html to the folder C:\Users\mxxxxxx\Desktop\SI110\www\
31. (HW4) In order to make your index.html (and other files) available to anyone inside the Academy
at the URL http://rona.academy.usna.edu/~m179999/index.html you needed to set the access
permissions to readable by "other" users on rona. Why? After all your Company Officer doesn't even
have an account on rona, so he can't login to access your index.html regardless of the permission
settings. So, who or what is it that needs permission to access the file index.html?
a.
b.
c.
d.
the 'root' user
your instructor
the web server
the web browser
32. (HW5) Consider the following page, http://www.widgets.com/products/magictool.html
<html>
<head>
</head>
<body>
This is our new tool: <img src="products/mgcwk.jpg">.
To see a live demonstration of its many uses,
<a href="http://www.youtube.com/watch?v=oHg5SJYRHA0">click here</a>.
Our customers have shared photos of the tool in use:
<img src="http://yousharephoto.net/usr/jimbo/magictool/amazing.jpg">
If you want to learn how to operate the tool, please download the
<a href=" http://support.widgets.com/support/manual.pdf">instructions</a>.
</body>
</html>
Assuming you have entered http://www.widgets.com/products/magictool.html in your browser and hit
enter, which diagram below (A, B, C, or D) represents a possible pattern of communication between
your browser and servers that could occur in getting this page rendered?
33. (HW2) For the URL:
http://csmonitor.com/storage/media/full_380.jpg
a. What is the name of the server this URL refers to?
b. What is the name of the file the server will send?
c. What is the protocol part of this URL
d. Circle the part of the URL that tells you the URL refers to world wide web content.