# Course: CS 585 03f :TYPE:P :TITLE:Instructions :QUESTION:H:60:1 :CAT:instructions ####################################### :TYPE:MC:1:0:C :TITLE:Obscurity :QUESTION:H Security through obscurity can be described as relying on: :ANSWER1:100:T confidentiality :ANSWER2:0:T integrity :ANSWER3:0:T availability :ANSWER4:0:T authentication :CAT:test1_mc ####################################### :TYPE:MC:1:0:C :TITLE:Warning Sign :QUESTION:H A homeowner who puts up a 'Beware of Dog' sign is using which of the following: :ANSWER1:0:T detection :ANSWER2:100:T prevention :ANSWER3:0:T reaction :ANSWER4:0:T all of the above :CAT:test1_mc ####################################### :TYPE:MC:1:0:C :TITLE:Types of Models :QUESTION:H Given that R is the set of all allowed states and Q is the set of all secure states, a secure model is one in which: :ANSWER1:100:T R is a subset of Q :ANSWER2:0:T Q is a subset of R :ANSWER3:0:T R is equal to Q :ANSWER4:0:T none of the above :CAT:test1_mc ####################################### :TYPE:MC:1:0:C :TITLE:Authentication :QUESTION:H Authentication can be viewed as a form of :ANSWER1:0:T availability :ANSWER2:0:T confidentiality :ANSWER3:0:T integrity :ANSWER4:0:T none of the above :CAT:test1_mc ####################################### :TYPE:MC:1:0:C :TITLE:Access Control :QUESTION:H Theoretically, which of the following best represents the relative expressive power of access control matrices, access control lists, and capabilities. :ANSWER1:0:T access control lists are more expressive than capabilities and equivalent to an access control matrix :ANSWER2:0:T access control lists are more expressive than both capabilities and an access control matrix :ANSWER3:0:T capabilities are more expressive than access control lists and equivalent to an access control matrix :ANSWER4:0:T capabilities are more expressive than both access control lists and an access control matrix :ANSWER5:100:T all three are equally expressive :ANSWER6:0:T the three representations are not directly comparable :CAT:test1_mc ####################################### :TYPE:P :TITLE:Assumptions :QUESTION:H:60:30 State any assumptions made in answering the multiple choice questions. Reference the question(s) along with the assumption(s). :CAT:test1_p ####################################### :TYPE:P :TITLE:Formality :QUESTION:H:60:30 What are the trade-offs associated with having security policies described formally versus informally? :CAT:test1_p ####################################### :TYPE:P :TITLE:Trust :QUESTION:H:60:30 What is the role of trust in computer security? Can it be minimized and/or eliminated? :CAT:test1_p ####################################### :TYPE:P :TITLE:Layers :QUESTION:H:60:30 Computing systems have many different layers of functionality associated with them. What implication does this have on computer security? :CAT:test1_p ####################################### :TYPE:P :TITLE:Harrison Ruzzo Ullman :QUESTION:H:60:30 Suppose that the rights in a HRU model were read, write and execute. Could command(s) be written to provide file locking such that only one subject can write to the file at a time. Describe the commands or why it is not possible. :CAT:test1_p ####################################### :TYPE:P :TITLE:Capabilities :QUESTION:H:60:30 Give an example where capabilities would be more appropriate than access control lists. Explain the advantages/disadvantages for the example. :CAT:test1_p