Test II, CSCI 277, Spring 2022
- The weight for each question is given.
- Use as much paper as you wish, but make your answers are legible.
- Please label your answers with the question number.
- Please answer each question thoughtfully and carefully. Your answers should reflect participation in this class.
- Public Key Private Key Encryption
- [3 points] What is a private key and who should know this key?
- [3 points] What is a public key and who should know this key?
- [3 points] What is a Certification Authority and what role does such an entity fill?
- [3 points] In a public key/private key system, describe how Bob can send a private message to Alice that no one else can read, yet Alice is confident that the message came from Bob?
- [3 points] Why is it not reasonable to employ public key/private key encryption for all secure communications?
- Buffer Overflow
- [3 points] What programming error does a buffer overflow exploit?
- [3 points] What are the basic steps in exploiting this vulnerability?
- [4 points] Name four different approaches to mitigating buffer overflow vulnerabilities.
- Other Programming Errors
- [points 3] Describe the Time-of-Check vs Time-Of-Use problem.
- [points 2] Why would a programmer insert an undocumented access point (back door) into a program?
- Malware Terms
- [9 points] List and describe each of the three major classes of malware. Your descriptions should provide sufficient detail to distinguish between the three.
- [2 points] What is a zero-day exploit?
- Malware Impact
- [3 points] Name three different economics impacts from malware.
- [3 points] Name three different methods used to spread malware.
- [3 points] What is a virus detector and how does it work?