CSUS
College of Engineering and Computer Science
Department of Computer Science
C Sc 196N Computer System Attacks and Countermeasures
SEMESTER: Fall 2005
Ghansah & Smith
EXAM #1
Multiple Choice (3 pts each, 15 pts total)
1. Which of the following is not a password-cracking
program?
a.
b.
c.
d.
e.
John the Ripper
Crack
Nmap
L0phtCrack
Both a and c
2. To encrypt a message to ensure secrecy using public key
cryptography, you need
a.
b.
c.
d.
the recipient’s private key
the recipient’s public key
your own pubic key
both a and b
3. To digitally sign a message you don’t intend to keep
secret using public key cryptography, you need
a.
b.
c.
d.
your own private key
your own public key
the recipient’s public key
both a and b
4. Which of the following ports is used in File and Printer
sharing in Microsoft networks?
a.
b.
c.
d.
e.
TCP Port 445
TCP port 139
UDP Port 53
TCP port 80
Both a and b
1
5. A message is said to be digitally signed if sent with
which of the following?
a.
b.
c.
d.
message
message
message
message
digest
digest encrypted with sender’s public key
digest encrypted with sender’s private key
and sender’s certificate
Short Answer/ Explain (10 pts each, 60 total)
6. What is scanning? What are the steps involved in
scanning?
7. nmap is a popular tool for scanning. It exploits the
fact that different TCP/IP Stack implementations (eg.
Windows, Linux, etc) do not behave exactly the same way
under certain circumstances. As a result nmap probes can be
used to predict operating systems. This is sometimes called
Stack Fingerprinting.
Give three examples of probes nmap can send to a machine
for stack finger printing purposes and explain why it
works.
2
8.a) What is buffer overflow?
b) Name three techniques to defend against buffer overflow
exploits.
9. Name four techniques to defend against password attacks.
10. a) What is a Denial of Service (DoS) attack?
b) What security policy is typically violated with a DoS
attack?
3
11. a) What is ARP Spoofing?
b) Explain how attacker’s exploit ARP Spoofing for their
purposes.
c) Explain how DNS Spoofing can be used to cause a Man In
The Middle (MITM) attack.
4
12. TRUE/FALSE (Circle T (True) or F (False)) (2 each, 10
total)
T F a. The first thing to do before you perform a scan for
the first time for your company is to ask permission.
T F b. The attacker’s process usually involves the
following sequence: Footprinting, covering tracks,
Scanning, Enumeration, compromise & privilege escalation
T F c. Law and Ethics are essentially the same.
T F d. In general, hacking is bad. There is no good reason
for doing any kind of hacking, including ‘ethical hacking’.
13. MATCHING. Match the following with the appropriate
numbers of data below. (3 each, 30 total)
a. __A program that appears to have a benign or useful
purpose but can hide a malicious capability.
b. __A tool for checking to see if Trojans/backdoors exist
on a system.
c. __California State law that deals with Unauthorized
access to computers, computer systems, and computer data.
d. __communication channel that can be exploited by a
process to transfer information in a manner that violates
the systems security policy.
e. __ A popular Trojan horse but which also has good uses.
f. __ A popular backdoor program but which also has good
uses.
g. __ A tool for listening to the network for data, then
gathering it for analysis.
h. __ A tool for injecting false information on the network
to support future listening and gathering of data for
analysis.
5
i. __ A buffer overflow attack can cause this to happen.
j. __ This is a sniffing countermeasure.
MATCHING DATA
1. backorifice 2000
2. encryption
3. Trojan horse
4. covert channel
5. tripwire
6. 520
7. dsniff
8. netcat
9. ethereal
10.runas
11.mkstrm
12.TCP
13.Unix
14.Denial of Service
6